NianToB/findings.md

Findings

Agent 系统级文档管理 2026-06-03

• OpenClaw 的系统级 workspace 文档包括 AGENTS.md、SOUL.md、TOOLS.md；官方文档定义为操作指令、人格/边界/语气、本地工具约定。
• 这些文件按 Agent workspace 生效，路径来自 openclaw.json 的 agents.defaults.workspace 或 agents.list[].workspace，默认是 ~/.openclaw/workspace。
• 当前项目已有 listAgentsSnapshot() 可给设置页列出 Agent、workspace 和默认 Agent，无需新增配置解析逻辑。
• 默认模板可从当前 OpenClaw runtime 的 docs/reference/templates/{AGENTS,SOUL,TOOLS}.md 读取；这能兼容开发态 node_modules/openclaw、打包态 bundled runtime 和 managed runtime。
• Host API 已是设置页访问本地能力的统一入口，适合新增 /api/agent-system-documents 路由。

Customer Install Initialization Failure Findings 2026-05-14

• The customer screenshot matches a non-pilot package: local build/yinian-internal/model-auth-profiles.json currently says bundled=false because pnpm run package was used without YINIAN_BUNDLE_MODEL_AUTH=1.
• First-run setup currently requires a usable minimax auth profile before it proceeds to the document runtime step, so a non-pilot package fails at 写入内测模型配置.
• The renderer then maps every non-completed step to failed when initialized=false; this makes the later 准备文档处理环境 step look failed even when it was only still pending and never executed.
• The customer-facing error currently says only 初始化未完成，请查看失败项后重试。, which hides the actionable package/credential cause.
• Fix applied: pending setup steps remain pending on early failure, failed-step details are shown in the error panel, and non-pilot packages now report that the installer does not contain internal model credentials.
• The rebuilt Apple Silicon pilot DMG now contains bundled=true internal model auth material and passed resource, codesign, and DMG verification.

macOS DMG 打包

• 使用 pnpm run package:mac 才会走完整正式打包链路，包括 bundle-preinstalled-skills.mjs、OpenClaw bundle、插件 bundle、内置应用 bundle 和 Electron Builder。
• pnpm run package:mac:local 会设置 SKIP_PREINSTALLED_SKILLS=1，不适合本次“新增 skill 默认放进去”的要求。
• electron-builder.yml 的 extraResources 会把 build/preinstalled-skills/ 打进安装包的 resources/preinstalled-skills/。
• 应用启动时 ensurePreinstalledSkillsInstalled() 会从安装包资源部署到 ~/.openclaw/skills/<slug>，并按 manifest 的 autoEnable 自动启用。
• 当前机器已有 arm64 node/uv 运行时；缺少 x64 uv。完整 package:mac 在 GitHub 下载 x64 uv 时可能受网络影响失败，arm64 DMG 可用现有资源继续打包。
• 本次 arm64 DMG 打包成功，最终 .app 深度签名校验通过，DMG checksum 校验通过；但 Electron Builder 因未生成 notarization options 跳过了 macOS notarization。

对话 Markdown 与隐藏提示泄漏

• [[YINIAN_BUSINESS_RESPONSE_GUIDANCE]] 泄漏的根因是业务准则被追加进 chat.send/cron 的真实 message 字段，Gateway 持久化后作为 user message 回放。
• 项目已经有 resources/context/AGENTS.clawx.md 承载业务行为准则，因此 direct chat/cron 不应继续把隐藏准则拼进用户消息。
• 需要双保险：新消息不再追加隐藏准则；旧历史显示、会话标题和乐观消息去重都要剥离隐藏准则。
• Markdown 表格应作为工作台数据表渲染：可横向滚动、稳定边框、紧凑单元格、表头行有轻微底色但 th 本身保持透明，兼容既有浅色表头检查。
• 执行过程更适合作为无框时间线，而不是和正式业务回答同层级的卡片。
• 新对话空态不需要重复展示产品名；保留“今天从哪里开始？”即可，能减少首屏噪音并把注意力留给输入区。

桌面任务提醒与业务回答渲染

• Cron run notifications arrive through the existing Gateway agent notification path; renderer already uses this path to fold isolated cron run sessions back into the fixed task conversation.
• Desktop-level reminders belong in the Electron main process, not renderer toast, because scheduled runs can finish while the task center is not visible.
• The notification should only fire for terminal cron phases (completed, done, finished, failed, error) and should dedupe by job/run key so duplicate Gateway terminal events do not produce repeated system popups.
• A click target of /tasks?task=<jobId> is enough for now: it keeps users in the task management surface and lets the page highlight the relevant scheduled task.
• Business answer UI can be layered on top of Markdown without changing message storage. The robust contract is stable labels (状态：, 依据：, 影响：, 下一步：, plus high-risk labels such as 执行预览： and 待确认：).

聊天页 UI 统一

• Chat still carried inherited OpenClaw visual decisions: translucent panel, oversized empty-state type, shadowed composer, rounded-xl cards, black alpha surfaces, and mixed 15px/14px text choices.
• The project design source of truth says 智念助手 should feel like mature B-end operations tooling: system Chinese font stack, compact dashboard scale, navy/slate palette, 8px radius, minimal shadows.
• The safest fix is page-local styling convergence plus one global font declaration, not a new theme or font dependency.
• The visual smoke test captures test-results/yinian-visual/02-chat.png, which is useful as a quick regression check after chat UI changes.

设置偏好深色 UI 色彩

• Dark-mode Settings Preferences screenshot captured at test-results/settings-preferences-dark-electron-before.png.
• The Preferences tab used floating controls directly on a dark page background, so button states relied on low-contrast white/5 and white/10 overlays.
• The macOS title bar used a translucent dark surface over the app background, producing a noticeably gray band in dark mode.
• body and .yinian-app-surface had light gradient backgrounds without an explicit dark-mode CSS fallback, leaving room for shallow routes or overlays to inherit light surfaces.
• After the pass, the dark screenshot at test-results/settings-preferences-dark-electron-after.png shows title bar, page, tabs, and the Preferences panel using the same dark palette family with a visible card layer for settings content.
• The old settings-proxy.spec.ts legacy E2E still assumes setup lands directly on main-layout; that is separate from the dark-mode UI change and conflicts with the current login-first product flow.

M1 Verification

• pnpm run typecheck passed.
• pnpm run test passed: 89 test files, 572 tests.
• pnpm run test:e2e passed: 26 passed, 1 skipped.
• Non-blocking warnings remain:
  • Vitest MaxListenersExceededWarning.
  • Vite dynamic/static import chunk warnings.
  • Vite large chunk warning.
  • Playwright/Electron NO_COLOR ignored because FORCE_COLOR is set.

E2E Compatibility Decisions

• Renderer receives e2e=1 only when Electron is launched with CLAWX_E2E=1.
• In E2E mode, legacy ClawX setup flow remains available.
• In E2E mode, / maps to Chat so legacy tests remain valid.
• In production mode, / maps to Today.
• In E2E mode, default language is forced to English unless a test changes it.
• In E2E mode after setup is complete, gateway store is initialized but gateway is not auto-started.

Product Decisions

• YINIAN production entry is login-first.
• Gateway should start after authenticated workspace context exists.
• Real OTA bundle download and signature verification are not part of M1.
• Skill sync currently means manifest-to-local-registry synchronization.

Open Questions

• Final backend response shape for auth refresh is not yet locked.
• Whether business customer builds should hide legacy ClawX pages entirely or keep them behind an implementation/admin mode is not decided.
• The exact first pilot business workflow for Today page still needs product prioritization.

M1 Handoff Inventory

• Main process additions are intentional and centered on YINIAN IPC/control plane/storage plus gateway start boundary.
• Renderer additions are intentional and centered on login, Today, Skills, sidebar service context, and YINIAN stores.
• Workspace package additions are boundary scaffolds for kernel adapter, skill spec, business skill base, and UI kit.
• Documentation additions now include docs/M1_HANDOFF.md.
• Planning files are local project working memory: task_plan.md, findings.md, progress.md.

Channel Health Edge Case

• channels.status success and failure timestamps could land in the same millisecond.
• buildGatewayHealthSummary treats a channel status failure as newer only when failureAt > okAt.
• When both timestamps were equal, a recent timeout could be reported as healthy.
• Fixed by making channel status success/failure timestamps monotonic in electron/api/routes/channels.ts.

Server Contract v0

• Contract document created at docs/SERVER_CONTRACT_V0.md.
• HTTP mode uses YINIAN_API_BASE_URL; mock remains default when unset.
• M2 token boundary:
  • accessToken stays memory-only.
  • refreshToken is persisted only for HTTP session restore.
  • /auth/refresh rotates access/refresh tokens when restoring persisted HTTP sessions.
• Desktop accepts selected snake_case aliases during migration:
  • auth token expiry fields
  • workspace ids
  • current workspace id
  • config server_time, notification_channels, feature_flags, ui_policy
  • skills skill_id, bundle_sha256
• Normalization now defaults unknown skill categories to ops-automation and filters unknown trigger values.
• Server error messages are surfaced from error.message.

Today M2 Pilot Surface

• Today now derives operational state from existing M1 data: config entitlements, notification channels, and local skill registry.
• No new backend endpoint was introduced for Phase 3.
• Pending queue currently represents actionable local/client conditions:
  • skill sync failed
  • skill entitled but not synced
  • local skill version differs from server entitlement
• Arrival/departure summary is an operational proxy based on enabled OTA/reporting skills until real PMS/task data exists.
• Skill state labels are now explicit:
  • 已开通未同步
  • 已安装
  • 已更新
  • 已是最新
  • 有更新
  • 已禁用
  • 同步失败
• Empty states are business-facing:
  • no pending items
  • no opened skills
  • no agent actions

Skills Manager M2

• Skills now explains availability by merging server entitlements with the workspace-scoped local registry.
• Operator-facing states are explicit:
  • 已开通未同步
  • 已安装
  • 已更新
  • 已是最新
  • 有更新
  • 已禁用
  • 同步失败
• The page now surfaces version drift, sync failures, local source, bundle hash, installed time, and last synced time.
• Empty entitlement and empty local registry states are separate, so "not purchased" and "purchased but not synced" do not blur together.
• Sync remains manifest-to-local-registry only; real bundle download and signature verification stay out of scope.

Design System Pass

• YINIAN surfaces now share a small local UI layer instead of repeating one-off card, empty-state, notice, metric, and header styling.
• The product style is intentionally operational rather than marketing-heavy:
  • slate workspace background
  • navy primary actions
  • restrained status colors
  • 8px panels
  • no decorative gradients or hero illustration
• Sidebar and sidebar service context now read as part of the same desktop shell as Today and Skills.
• The pass did not change backend contracts, storage behavior, gateway start behavior, or skill registry semantics.

Pilot Packaging And QA

• Pilot QA documentation now lives at docs/PILOT_QA.md.
• The recommended demo path is mock mode:
  • login
  • Today review
  • Skills review
  • sync skills
  • switch workspace
  • logout
• The full verification gate for pilot readiness is:
  • pnpm run typecheck
  • pnpm run test
  • pnpm run build:vite
  • pnpm run test:e2e
• Local macOS pilot packaging should start with pnpm run package:mac:local.
• No commit has been created; the project is ready for a checkpoint commit when explicitly requested.

智念助手 Brand Foundation

• Design system source of truth now lives at design-system/智念助手/MASTER.md.
• Desktop/product naming now uses 智念助手 for customer-facing surfaces.
• App icon source and generated assets now live under resources/icons/.
• Renderer wordmark lives at src/assets/logo.svg.
• Electron builder metadata now uses:
  • appId: app.zhinian.assistant
  • productName: 智念助手
  • desktop shortcut and uninstall display name: 智念助手
• Technical ClawX/OpenClaw names intentionally remain in lower-level implementation, compatibility tests, inherited i18n, and gateway/provider integration surfaces.

UI Customization Phase 2

• The YINIAN UI kit now covers common page composition patterns:
  • page/header/action composition
  • status dots
  • section panels
  • metric cards
  • list items
  • info rows
  • empty/notice states
• Login, Today, Skills, and sidebar service context now share the same visual grammar.
• No control-plane, gateway, storage, session, or skill registry behavior changed in this phase.
• Focused tests and build are green; full E2E has not been rerun after this UI-only pass.

UI Customization Phase 3

• Sidebar information architecture now separates:
  • 快速使用
  • AI 工作
  • 扩展
• Customer-facing Chinese inherited surfaces now say 智念助手 in Chat, Settings, and Setup.
• Existing E2E navigation test ids remain intact.
• Navigation E2E passed after the Sidebar grouping change.
• Remaining inherited surfaces still need deeper polish: Channels, Agents, Models, Cron, full Settings, and non-Chinese locales.

UI Customization Phase 4

• Chat, Settings, Models, Agents, Channels, and Cron no longer use the inherited oversized serif heading treatment.
• Major customer-facing Chinese ClawX copy has been replaced with 智念助手 across zh Chat, Settings, Setup, Agents, Cron, and Channels.
• One technical upstream GitHub reference remains in Settings as an external resource link.
• Focused inherited-page E2E is green after the visual pass.
• Remaining work: screenshot-based visual QA and deeper per-page layout polish, especially dense Settings/Channels/Agents internals and non-Chinese locales.

UI Customization Phase 5

• Screenshot QA found and fixed a fresh-user routing issue: production renderer sessions with no setup state could land on legacy setup instead of the 智念登录 page.
• The new visual smoke test produces stable 1440x900 baselines for Login, Today, and Skills under test-results/yinian-visual/.
• Login, Today, and Skills screenshots are readable and brand-consistent after the route fix, with no obvious overlap or blank-screen regression.
• Remaining visual debt is now mostly in inherited deep surfaces: Settings internals, Channels configuration flows, Agents, Models, Cron, and non-Chinese locales.

B-end Repositioning Pass

• Customer-facing product language should treat the selected tenant as a workspace/business object, not as a hotel.
• Existing hotelId, currentHotelId, switchHotel, and hotel_id names are still compatibility internals; renaming them should be a separate contract/storage migration.
• The UI now exposes switchWorkspace as a forward-compatible renderer alias.
• Mock data is generic enough for non-hotel B-end demos, but some inherited skill ids such as ctrip-price-monitor remain technical placeholders until real customer-specific skill catalogs are introduced.

Shell Simplification Pass

• Product shell should assume one account maps to one B-end service for now.
• Do not expose workspace switching in the customer-facing shell until multi-service account requirements are explicit.
• Current service identity, sync, and logout now live in the sidebar; the main content area should not regain a top sidebar service context.

Sidebar IA Pass

• Production sidebar should expose only the primary product loops:
  • 快速使用: Today and Skills.
  • 对话: New Chat and Chat.
  • 设置: account, service sync, logout, local preferences, and service-managed capability explanations.
• Models, Agents, Channels, Cron, and Dev Console are developer/configuration surfaces and should not appear in normal customer navigation.
• These legacy/configuration routes remain reachable in e2e=1 compatibility mode so inherited ClawX regression coverage does not break.
• Service-managed capability copy in Settings should explain that model/provider strategy, Agent orchestration, channels, and scheduled tasks are issued by the server for the current account/service.

Sidebar UX Pass

• Dashboard/Today should be accessed by clicking the current service card at the top of the sidebar.
• 快速使用 should contain business tools, not the dashboard:
  • Skills
  • 定时任务
  • 知识库
• 定时任务 is a customer-facing task center. Low-level scheduling policy remains service-managed and should not be confused with local developer configuration.
• 知识库 v0 is currently local UI state only; persistence, indexing, vectorization, permissions, and service sync are future work.
• Chat history should stay collapsed by default; hover reveals the session list, while clicking 历史会话 opens the latest session.

Task Center Iteration

• The new product IA is:
  • 快速使用: 应用中心、知识库
  • 任务: 任务中心
  • 对话: 新对话、历史会话
• /cron should remain only as a compatibility redirect to /tasks?tab=scheduled.
• 快捷任务 remains stored in yinian:quick-tasks; the visible management surface now lives in task center instead of capability-pack settings.
• Scheduled tasks keep using the existing Gateway Cron protocol. Desktop stores a local binding snapshot in yinian:scheduled-task-bindings so later quick-task edits do not mutate existing schedules.
• Manual and scheduled run history is stored separately in yinian:task-run-records.
• The same prompt composition rule is shared by chat, manual run, and scheduled tasks: 使用{能力包名称} skill ....
• Execution graph tests must include activeRunSessionKey; this supports the product rule that only the currently running conversation shows an active task state.

Task Center Separation Follow-up

• Product decision: Task Center and quick capabilities are separate concepts. Task Center should not expose a quick-capability tab or quick-capability run/manage surface.
• Scheduled tasks should be authored as standalone content. The scheduled-task dialog should not offer quick-capability template selection.
• @ capability insertion remains the bridge for invoking a capability pack from scheduled task content.
• The original @ mention implementation reset active selection on keyup after ArrowUp/ArrowDown, making keyboard navigation appear broken. Ignoring navigation keyup events fixes the selection movement.
• Custom execution time is friendlier as structured repeat controls:
  • daily at a time
  • weekly on weekday/time
  • monthly on day/time
  • every N minutes
  • advanced Cron fallback for unsupported rules

Task Center Pinning Follow-up

• Product decision: the customer-facing scheduled-task surface should be called “任务中心” / “Task Center”.
• Time-related controls and labels should remain as-is; the rename applies to the product surface and task lifecycle copy.
• Pinned sidebar triggers can be implemented as local cron job id references because the existing Gateway cron API already supports immediate triggering with /api/cron/trigger.
• Sidebar should fetch cron jobs when pinned ids exist and the Gateway is ready, then render only pinned jobs that still exist.
• Sidebar-triggered runs should add a task run record so the action is visible in execution history.

Task Center Density And Sidebar Structure

• ui-ux-pro-max design-system search recommended a Data-Dense Dashboard pattern for B2B operations: compact tables/lists, row hover states, minimal padding, and professional navy/blue treatment.
• The Task Center card grid repeats metadata and consumes too much vertical space; a list/table row can preserve all actions while showing more tasks per viewport.
• The existing time settings live inside ScheduledTaskDialog; the density pass should avoid modifying that dialog's execution-time controls.
• Sidebar pinned triggers should be contained in a bounded scrollable subsection so many pinned tasks do not push primary navigation or chat controls out of reach.

快速视频创作内置 Web 英文覆盖

• 桌面宿主 src/pages/NianxxPlay/index.tsx 已经使用 appCenter i18n，当前漏出的中文主要来自内置 Next 应用 /Users/inmanx/Documents/NianxxPlay。
• NianxxPlay 默认由 scripts/prepare-nianxx-play-bundle.mjs 从 /Users/inmanx/Documents/NianxxPlay 构建并复制到桌面 build/apps/nianxx-play，因此应优先改源应用再重建 bundle。
• 内置应用中明显硬编码中文位置包括：
  • src/app/layout.tsx 顶部品牌、导航、积分 title 和 metadata。
  • src/components/studio-workspace.tsx 创作台标签、按钮、placeholder、素材/分镜文案。
  • src/app/projects/page.tsx 历史项目、积分、表格和空状态。
  • src/app/planning/page.tsx 与规划展示组件。
  • content/seedance-starter/*.json 与 content/studio-presets/*.json 模板/素材内容。
• 适合本次快速修复的路径是桌面 URL 传入 zhinianLang，内置应用保存该语言，并在英文状态下对可见文本和常用属性做覆盖翻译。
• 实际页面抽检必须使用新启动的 NianxxPlay 进程；已有 3000 端口进程可能仍加载旧 bundle/source。
• 新构建在 http://127.0.0.1:3010/studio?zhinianEmbed=1&zhinianLang=en 抽检通过：主要首屏 UI、实时提示词、素材 token、积分/缺少等内容均显示英文，连续中文匹配为空。
• /planning?zhinianEmbed=1&zhinianLang=en 抽检也没有连续中文匹配；/projects 剩余中文主要来自历史项目/用户内容，系统生成前缀“宣传片创作台”已做展示翻译。
• 刷新 bundle 后需要停止旧的 127.0.0.1:3000 子进程，否则它会继续使用内存中的旧 Next 代码；已停止旧进程，等待桌面宿主下次打开时重新拉起。
• Implemented the density pass with row-level icon actions and compact header metrics; the task dialog's time controls were not modified.
• Sidebar navigation now has a scrollable grouped area, with pinned quick triggers visually separated and height-limited.

Immediate History Session Visibility

• Sidebar history is derived from local sessions, sessionLabels, and sessionLastActivity; waiting for sessions.list can lag behind newly started Gateway runs.
• Blank new desktop sessions need local updatedAt for sorting but should not receive sessionLastActivity, otherwise cleanupEmptySession would keep unused blanks forever.
• Task Center manual/sidebar triggers can name the optimistic cron session from the local cron job record before the backend refresh returns.
• Background scheduled runs can arrive through Gateway started/completed notifications; those notifications should insert a visible session row even when the session is not current.

Task Execution Conversation Follow-up

• Product decision: each Task Center task should own one stable conversation keyed by agent:main:cron:<jobId>.
• User-triggered task execution should move the customer directly into that task conversation so they can follow up without hunting through history.
• Background history visibility and fixed-session routing are complementary: the former makes sessions appear, the latter moves the current workspace when the user explicitly triggers execution.

Task Conversation Naming

• Task conversations should be named by the Task Center task name, not by the fixed technical session key or by the first execution prompt.
• Generic first-message session labeling remains correct for normal desktop chat sessions, but cron task sessions need to be excluded from that behavior.
• For background automation events, the best local source for the display name is the current cron store job list.

Task History Merge Reliability

• Root cause: task conversation loading treated Gateway chat.history and cron run-log fallback as mutually exclusive; fallback only ran when Gateway returned zero messages.
• When Gateway returned only the current execution prompt, the UI replaced previous task history with that partial result.
• Correct behavior is to merge cron fallback history with Gateway history for cron sessions, then dedupe and sort by timestamp.
• Failed cron fallback entries must be assistant-role messages; system-role fallback entries are intentionally filtered from the chat UI.

Version 3.5 Readiness: Application Center

• 应用中心 is now a distinct product concept from 能力包:
  • 应用中心 opens fixed product applications.
  • 能力包 expands what the agent can do.
  • 快捷任务 is a chat-composer shortcut for invoking one selected 能力包.
• Current app-center implementation is intentionally local/static:
  • route: /app-center
  • built-in registry: src/stores/app-center.ts
  • item type boundary: src/types/app-center.ts
  • single focused large-app entry: /app-center/nianxx-play
• Small demo applications have been removed from the customer-facing app center so 3.5 can focus on NianxxPlay.
• Large-app integration needs strong boundaries:
  • app host contract
  • app lifecycle and close semantics
  • permission/data dependency declaration
  • state restore rules
  • native vs embedded-web decision
  • app-specific loading/error/empty states
• Current webview-type app items open externally; this is not enough for a true embedded web application. A 3.5 embedded-web app should use a deliberate safe-host strategy rather than simply opening window.electron.openExternal.
• Dev port changed from 5173 to 5188 so 智念助手 can run alongside other local Vite projects without fighting for the default port.

NianxxPlay Large-App Assessment 2026-05-05

• Local project found at /Users/inmanx/Documents/NianxxPlay.
• It is not a git repository locally, so integration work should either:
  • treat it as a local external app source for now, or
  • move/copy it into a managed repo/package when 3.5 implementation begins.
• Product identity:
  • name: NianxxPlay智念视频助手
  • positioning: Seedance 2.0 AI video generation workspace
  • target user: ordinary users and local merchants
• Main product flow:
  • choose a creation mode
  • select a reference template
  • upload required image/video/audio assets
  • assemble and optionally edit prompt text
  • submit Seedance generation task
  • track project/result history
• Current creation modes:
  • 宣传片制作
  • 创意复刻
• Technical shape:
  • Next.js 15 App Router.
  • Server-side API routes under src/app/api.
  • Local MVP data layer in src/lib/local-db.ts, persisted to .data/app-state.json.
  • Object storage through Aliyun OSS.
  • Seedance task creation/query through Ark REST API.
  • Startup content and templates under content/seedance-starter and public/seedance-starter-assets.
• Verification:
  • npm test passed: 3 test files, 11 tests.
  • npm run build passed.
  • Build still emits the known ali-oss / any-promise/register.js dynamic dependency warning.
• Integration recommendation:
  • Use NianxxPlay as the first 3.5 large-app candidate.
  • Prefer embedded-web hosting for the first integration, because the app owns a full Next.js route/API/data domain.
  • Do not merge its pages directly into 智念助手 as native React routes in the first pass; that would expand the blast radius into routing, CSS, API, storage, billing, and asset handling all at once.
  • The 3.5 host should first support a local dev URL such as http://localhost:3000, then later decide whether production packages the Next app, serves it from the customer service backend, or ships it as a static/server bundle.

Bundled NianxxPlay Runtime Findings 2026-05-05

• User requirement clarified: NianxxPlay should accompany the desktop app and be installed/updated/launched by 智念助手 on the customer's computer.
• This changes the preferred engineering strategy:
  • NianxxPlay should not be merely an external URL.
  • NianxxPlay should not require customer-installed Node.js/npm/pnpm.
  • 智念助手 main process should own the NianxxPlay process lifecycle.
• Existing 智念助手 precedent:
  • OpenClaw is bundled into build/openclaw.
  • electron-builder.yml ships it through extraResources.
  • first-run initialization copies it into a managed runtime under ~/.openclaw/runtime/openclaw.
  • Electron main starts/stops/repairs the runtime process.
  • NianxxPlay should reuse this pattern instead of creating a separate installer.
• NianxxPlay current size profile:
  • project root: about 1.0GB
  • node_modules: about 482MB
  • .next: about 165MB, with most of that from .next/cache
  • public: about 358MB
  • public/seedance-starter-assets: about 343MB
  • public/uploads: about 6MB, should not be bundled as seed data unless intentionally included
• Packaging implication:
  • A production bundle must exclude node_modules, .next/cache, local uploads, and .env.local.
  • Next.js output: 'standalone' is the likely packaging baseline.
  • Static assets and curated starter media still need explicit inclusion and size control.
• Runtime-data issue:
  • NianxxPlay currently uses process.cwd() for .data/app-state.json.
  • upload fallback writes to process.cwd()/public/uploads.
  • A packaged app must move both to a user-writable app-managed data directory.
• Security issue:
  • .env.local contains real service credentials.
  • That file must not be included in the installer.
  • Runtime secrets should come from desktop secure storage, server-issued configuration, or environment variables injected by the main process at launch.
• Service-managed product boundary:
  • NianxxPlay accounts, permissions, service keys, quota, and billing should be controlled by the server.
  • Desktop should only receive scoped runtime context or signed/temporary access when needed.
  • Desktop UI should not expose raw credentials or independent billing controls for the app.
• Port issue:
  • NianxxPlay currently assumes http://localhost:3000.
  • A desktop-managed runtime should allocate/probe a local loopback port and inject PORT, HOSTNAME, and public base URL env vars.
• Product/runtime boundary:
  • NianxxPlay local fallback uploads are only useful for UI preview.
  • Real Seedance generation requires public URLs, so OSS configuration remains required for production generation.

Enterprise Space Service Integration

• CloudClaw repository URL checked: https://git.nianxx.cn/brother7/CloudClaw.
• Anonymous git access failed with: fatal: could not read Username for 'https://git.nianxx.cn': Device not configured.
• Browser access did not expose repository contents from this workspace.
• Current desktop HTTP assumptions:
  • Auth base URL defaults to https://onefeel.brother7.cn/ingress.
  • Password login uses POST /auth/oauth2/token.
  • Login response includes OAuth fields plus user_info.
  • Desktop synthesizes a single service workspace from user_info.tenantId.
  • Config currently tries /config/sync?hotel_id=... and falls back to a local empty config if missing.
  • App/skill sync currently tries /skills/manifest?hotel_id=....
• Backend confirmation needed:
  • Enterprise/service-space detail endpoint.
  • Opened applications/skills list endpoint.
  • Skill package manifest endpoint and field names.
  • Whether app enablement is returned as entitlement/config or as part of a manifest list.
• CloudClaw source read through the user's logged-in Chrome session.
• Current CloudClaw main routes in internal/server/app/routes.go:
  • GET /healthz
  • POST /api/v1/auth/login
  • POST /api/v1/devices/register
  • POST /api/v1/snapshots
  • POST /api/v1/snapshots/{id}/complete-upload
  • GET /api/v1/snapshots
  • POST /api/v1/snapshots/{id}/download-url
  • POST /api/v1/restores
  • POST /api/v1/restores/{id}/complete
  • GET /api/v1/restores
• Current CloudClaw auth contract is JSON email/password:
  • POST /api/v1/auth/login
  • request: { "email": "...", "password": "..." }
  • response: { "access_token", "refresh_token", "user": { "id", "tenant_id", "email", "role" } }
• Current CloudClaw does not yet expose enterprise space/app/skill manifest endpoints. Desktop should tolerate this as empty application registry until backend adds the API.

CloudClaw Plugin Integration Notes

• CloudClaw already includes an OpenClaw plugin under plugins/openclaw-cloud-sync; this is currently the practical integration point, not a service-side app/skill distribution API.
• The plugin commands are:
  • cloud_sync_status
  • cloud_sync_login
  • cloud_sync_logout
  • cloud_sync_backup
  • cloud_sync_restore
• The upstream package metadata used object-shaped openclaw.extensions entries, while the current bundled OpenClaw runtime expects string entries. The 智念 built-in mirror normalizes this to ["./dist/index.js"].
• The upstream plugin registered commands with id/title/run; the current OpenClaw runtime expects name/description/handler and command names without dots. The 智念 mirror adapts these command registrations.
• Cloud sync server URL is currently configured from YINIAN_CLOUD_SYNC_SERVER_URL / CLOUDCLAW_SERVER_URL; if absent, the desktop derives it from YINIAN_API_BASE_URL by removing a trailing /ingress, then falls back to https://onefeel.brother7.cn.
• Startup verification showed cloud-sync is loaded by openclaw plugins list.

Engineering Assessment Findings 2026-04-26

• Project status: suitable for continued internal development, not yet suitable for a stable pilot build without cleanup.
• Strong points:
  • TypeScript still compiles after broad changes.
  • Vite renderer/main/preload build still succeeds.
  • Existing unit coverage is substantial enough to catch stale UI/product-language expectations.
  • Legacy ClawX E2E compatibility paths still pass in the sampled suite.
• Main risks:
  • The working tree is very broad and mixes product UI, server login, knowledge base, Gateway plugin installation, packaging, and docs in one uncommitted batch.
  • Unit tests are currently red due to terminology changes and UI metadata changes.
  • Production YINIAN visual E2E is red because captcha-required login no longer matches the old mock-click flow.
  • hotelId / hotel_id remains a compatibility internal in storage and server fixtures; safe for now, but it will keep leaking into future implementation unless a migration is planned.
  • Knowledge base import is local-file-path based and should stay behind trusted desktop IPC/Host API boundaries; it is not yet a retrieval/indexing feature.
  • Cloud Sync is installed as an OpenClaw plugin but should not be presented as an enterprise app-distribution solution.
• Recommended next stabilization phase:
  • Freeze feature additions.
  • Fix failing tests and E2E login setup.
  • Split changes into reviewable checkpoints by domain: branding/UI, YINIAN auth/control plane, knowledge base, chat context, Cloud Sync plugin, packaging/docs.
  • Add focused tests for Cloud Sync config install and knowledge import edge cases.

Stabilization Findings 2026-04-26

• The previously failing unit tests were stale copy assertions from the product-language migration; current customer-facing copy is now aligned around 应用, 本机准备, and 运行记录.
• The visual smoke failure exposed a real mock-mode edge: captcha was required even when mock captcha rendering returned no image. Login now requires captcha only when a captcha field is actually visible.
• Cloud Sync startup configuration is now covered by tests, but Cloud Sync remains a plugin-level capability rather than a replacement for future enterprise application distribution.
• Knowledge-base import now has better test coverage for local safety boundaries; retrieval is still v0 manual context injection, not vector search or long-term memory.
• Remaining technical debt:
  • Renderer bundle remains large at roughly 1.6MB minified / 481KB gzip.
  • Vite still reports modules that are both dynamically and statically imported.
  • Full Vitest passes but emits MaxListenersExceededWarning from test process listener accumulation.

Product Simplification Findings 2026-04-26

• Real service integration currently supports account login and a synthesized single service identity, but not account role, region, job title, operational health, PMS/OTA metrics, or recent business execution traces.
• Customer-facing UI should only show data backed by one of:
  • login response
  • current service identity
  • application entitlements / local registry
  • local knowledge-base registry
  • chat/session state
• Legacy internal names such as hotelId / hotel_id remain compatibility implementation details; they should not appear in user-facing copy.
• ota-monitoring remains an internal compatibility category key for now, but UI maps it to generic 数据检查.

Interaction And Knowledge Findings 2026-04-26

• The old knowledge-base chat integration only sent local file paths to the model. That made the feature fragile because the assistant may not read the path directly. The new flow asks Host API to read the app-managed backup and inject bounded text content into the chat request.
• Knowledge files were already copied to the app data directory, but the UI and chat path did not make the backup behavior obvious enough. The Knowledge page now says files are backed up locally and usable after source deletion.
• getByLabel('账号') and getByLabel('密码') became ambiguous after adding the remember-password checkbox. E2E now uses more specific selectors.
• History popover remains in the sidebar stacking context; the delayed close improves accidental closure without changing the whole sidebar positioning model.

NianxxPlay Bundling Findings 2026-05-06

• Next.js standalone output can run under Electron's own Node runtime using ELECTRON_RUN_AS_NODE=1; customer machines do not need Node/npm for this application path.
• The packaged NianxxPlay bundle currently weighs about 400MB, mostly because starter media assets under public/seedance-starter-assets are included. This is acceptable for this first 3.5 pass, but installer size should be reviewed before broad customer distribution.
• .env.local is still present in the source project and is read during local builds, but the desktop bundling script explicitly refuses to ship .env* files.
• Local uploads and generated results must remain user data, not app resources. The bundle script now excludes public/uploads and public/generated-results, and the runtime writes those files under desktop userData.
• The desktop service manager now checks /api/desktop/health instead of generic HTTP 200 responses, avoiding false positives when another app occupies port 3000.

Pilot Package Issue Findings 2026-05-06

• Customer log shows NianxxPlay does load .env.runtime, so the video-generation-service warning was not due to missing Seedance/OSS config in the bundle.
• NianxxPlay exits before readiness because the packaged app lacks resources/nianxx-play/node_modules/next:
  • Error: Cannot find module 'next'
  • require stack: /Applications/智念助手.app/Contents/Resources/resources/nianxx-play/server.js
• The source prepared bundle contains build/apps/nianxx-play/node_modules/next, but release/mac-arm64/.../resources/nianxx-play does not. This matches electron-builder's known behavior of respecting .gitignore and skipping node_modules in extraResources.
• The packaged mac app includes Resources/bin/node and npm, but not Resources/bin/uv; prep:mac-binaries only ran node:download:mac. This caused uv ENOENT during Python setup.
• spctl --assess on the local arm64 app reports rejected, source=Unnotarized Developer ID, and xcrun stapler validate reports no stapled ticket. Developer ID signing alone is not enough for customer-distributed macOS builds with native modules.
• @mariozechner/clipboard is an optional dependency of @mariozechner/pi-coding-agent; if absent, the code catches the require failure and falls back to platform clipboard tools such as pbcopy, so it is safe to omit for this desktop pilot.
• The current release/mac-arm64/智念助手.app has been manually modified after signing for diagnosis, so codesign --verify now reports sealed-resource changes. A new package must be produced by electron-builder so afterPack changes happen before signing/notarization.
• The prepared pilot NianxxPlay bundle has non-empty Seedance and OSS runtime keys, so any later “视频生成服务还没有配置完成” in a fresh package should be investigated as runtime env loading or route-level error handling, not missing build-time env material.

Long Task And Model Diagnostics Findings 2026-05-06

• The long-task UI reset was a real frontend state-machine issue: OpenClaw can emit agent notifications with phase=end for intermediate tool/agent phases, while the renderer treated end like final completion and cleared sending, activeRunId, and pendingFinal.
• The customer diagnostic report's No API key found for provider minimax is consistent with a provider/profile alias mismatch: default model references minimax/MiniMax-M2.7, while some pilot installs only had a stale minimax-cn:default auth profile.
• OpenClaw's pricing catalog fetch can block or delay Gateway startup on weak networks. The internal pilot runtime should explicitly disable it via models.pricing.enabled=false.
• Heartbeat recovery thresholds were too aggressive for long local model/tool work on macOS. A 12s pong timeout with 3 misses could restart the Gateway while work was still alive; 25s / 5 misses is a safer pilot default.

Optional Native Clipboard Findings 2026-05-06

• @mariozechner/pi-coding-agent attempts to load @mariozechner/clipboard but catches failures and falls back to platform clipboard commands such as pbcopy, so omitting the optional native package is acceptable for the pilot app.
• The repeated customer prompt can persist even after a fixed package if a prior install copied @mariozechner/clipboard* into user-managed OpenClaw directories such as ~/.openclaw/runtime/openclaw, ~/.openclaw/npm, ~/.openclaw/extensions, or ~/.openclaw/plugin-runtime-deps.
• The app should therefore both stop bundling the optional native clipboard package and clean known user-owned OpenClaw dependency caches before Gateway startup.
• This does not replace proper macOS notarization. A notarized/stapled build is still the correct long-term distribution fix for native modules generally; this patch removes the specific optional native module that is being loaded and blocked today.

Complete Self Check Findings 2026-05-06

• The full unit suite is healthy again after updating stale assertions: 93 files / 620 tests passed.
• The previous failed tests were not current runtime regressions; they were mostly old product-language and UI-structure assumptions from before:
  • ability packs moved to a settings-oriented page with quick-task configuration first.
  • Today became a quick-entry workspace instead of a data dashboard.
  • internal thinking chunks are intentionally hidden from the task execution graph.
  • only Chinese and English remain supported visible languages.
• tavily-search was still present in the preinstalled skills manifest and generated bundle despite the product direction to remove that web-search helper. Removing it reduces the preinstalled bundle from seven skills to six.
• Current preinstalled skills are:
  • pdf
  • xlsx
  • docx
  • pptx
  • find-skills
  • self-improving-agent
• NianxxPlay's prepared desktop bundle is structurally correct for the pilot: it includes the standalone server and Next runtime, and excludes user upload/output/cache directories. The only .env* file in the bundle is .env.runtime, which is intentional for the current internal-testing phase.
• Package resource risks that remain before broader customer distribution:
  • release is still large at about 2.3 GB, and the NianxxPlay bundle alone is about 419 MB.
  • notarization/stapling is still the real macOS distribution requirement; removing the optional clipboard module prevents the known prompt but is not a general replacement for notarization.
  • Vitest's MaxListenersExceededWarning is non-blocking today but suggests test setup/listener cleanup should be revisited.

Office Skills Runtime Findings 2026-05-09

• MiniMax's repository contains replacement skills for the broken office flow:
  • skills/minimax-docx
  • skills/minimax-pdf
  • skills/minimax-xlsx
  • skills/pptx-generator
• The replacement skills must be copied under the existing local slugs and frontmatter names (docx, pdf, xlsx, pptx) so quick-task prompts and OpenClaw skill lookup remain stable.
• The old installed ~/.openclaw/skills/docx, xlsx, and pptx directories contained direct LibreOffice/soffice guidance and helper scripts from the old Anthropic skills. Those are now replaced locally with the new MiniMax sources.
• MiniMax docx uses an OpenXML/.NET workflow; .NET is not present on the current machine, so diagnostics should report it explicitly instead of letting a document task fail mysteriously.
• MiniMax pdf and xlsx use Python packages that may not exist on a fresh customer machine. The app already bundles uv and can install/manage Python 3.12, so the hardening path should prepare common packages through uv rather than asking customers to run pip.
• MiniMax pptx uses PptxGenJS and optional icon/image packages. The desktop project already includes pptxgenjs, react-icons, react, react-dom, and sharp, so the skill should prefer project-bundled modules rather than global npm installs.
• uv pip install --python <uv-managed-python> reports the managed standalone Python as externally managed unless --break-system-packages is supplied. For this app-owned runtime, using the flag is appropriate because it installs into the bundled/managed Python, not the user's system Python.
• The local openclaw.json had become invalid because model repair code wrote provider-level timeoutSeconds and models.pricing, which current OpenClaw rejects. The repair path now deletes those legacy keys instead of writing them.
• agents.defaults.heartbeat.every = "0m" is the documented OpenClaw way to disable heartbeat. It is kept intentionally so heartbeat-only prompts do not appear in normal desktop conversations.
• The full test suite exposed one stale channel assertion: WeCom is now saved as an internal channel and old plugin registration is intentionally absent. The test now matches that product direction.
• Homebrew's dotnet-sdk cask installs a system pkg and needs interactive sudo, which is not suitable for this automation context. A user-local ~/.dotnet install works and must be explicitly added to Electron/OpenClaw child process PATH.
• The MiniMax xlsx source still included a dynamic recalculation path that referenced desktop office engines even after install prompts were rewritten. Removing that script/reference path entirely is safer for ordinary users than trying to phrase it as optional.
• Manual local skill replacement without .clawx-preinstalled.json causes the app startup preinstaller to treat those skills as user-managed and skip future managed updates. Any manual sync of preinstalled skills should write the marker too.
• The screenshot showing LibreOffice guidance came from an already-generated OpenClaw session history entry, not from the current local skill files after cleanup. A frontend sanitizer is therefore necessary in addition to prompt cleanup, because old history and model-invented explanations can still be hydrated into the desktop UI.

Customer Clean Install Findings 2026-05-12

• The customer app did not show initialization because renderer settings trusted the persisted setupComplete flag. The current status check did not verify whether the managed OpenClaw runtime still contained required runtime files.
• The new customer log confirms chat fails before model execution with:
  • Missing workspace template: AGENTS.md (/Users/inmanw/.openclaw/runtime/openclaw/docs/reference/templates/AGENTS.md).
  • ERR_MODULE_NOT_FOUND: Cannot find package 'openclaw' imported from .../dist/extensions/codex/prompt-overlay.js.
• scripts/bundle-openclaw.mjs deletes the entire OpenClaw docs directory, and scripts/after-pack.cjs deletes it again after packaging. That removes runtime templates that OpenClaw uses to build workspace context.
• A copied OpenClaw package outside node_modules/openclaw cannot resolve bare self imports like openclaw/plugin-sdk/provider-model-shared unless a self-reference exists under runtime/openclaw/node_modules/openclaw.
• The customer diagnostics also show missing model credentials (providerKeys=0, 调用凭据 error). Runtime/template repair is necessary but may not be sufficient if the pilot package does not seed or sync an internal MiniMax credential.
• NianxxPlay starts, but logs show Cannot find module .../.next/server/app/generated-results/[...path]/route.js after generated results were excluded. Excluding user outputs is correct, but the compiled route module must remain or be removed from routing.
• Fix status:
  • OpenClaw bundling now preserves only docs/reference/templates.
  • Managed runtime install now creates node_modules/openclaw -> .. self-reference after copying bundled resources.
  • setupComplete is now treated as a cached hint, not proof; main status verification can reset it when runtime files are missing.
  • Gateway startup now requires verified setup plus Yinian authentication.
  • NianxxPlay bundle filtering keeps .next/server/app/generated-results/[...path]/route.js and still excludes public/generated-results.

Customer Clean Install Verification 2026-05-12

• Added pilot model auth seeding so clean customer machines no longer start the Gateway with providerKeys=0.
• Added OpenClaw package roots to office-skill runtime dependency resolution so packaged document skills can find bundled Node modules.
• Verification passed:
  • pnpm run typecheck
  • pnpm test (94 files / 628 tests; existing MaxListeners warnings remain)
  • pnpm run package:pilot
  • pnpm run package:mac:pilot:arm64
• Packaged resource checks passed:
  • OpenClaw runtime templates exist in the signed app.
  • NianxxPlay compiled generated-results route exists while public/generated-results and uploads remain excluded.
  • docx, pdf, pptx, xlsx, design, and image-search are included as preinstalled skills.
  • clipboard.darwin-arm64.node and @mariozechner/clipboard* are absent.
  • No *.app directories remain inside preinstalled skills.
• macOS checks:
  • codesign --verify --deep --strict passes for release/mac-arm64/智念助手.app.
  • spctl --assess still rejects the app as Unnotarized Developer ID.
  • xcrun stapler validate reports no stapled ticket, matching electron-builder's skipped notarization.
• Internal pilot secret note:
  • The current pilot package intentionally includes resources/yinian-internal/model-auth-profiles.json and NianxxPlay .env.runtime.
  • This is acceptable only for closed internal testing. Production distribution must move credentials behind service-side session/token exchange or update-time provisioning.

NianxxPlay Demo And Process Findings 2026-05-12

• The "生成示例" video was broken because the primary reference template pointed at /generated-results/restored-project....
• /generated-results is correctly treated as user output and excluded from customer packages, so demo/reference media must not live there.
• The reference video and cover now live under /starter/promo/, which is formal built-in app content and ships with the desktop bundle.
• The extra Dock process was likely caused by running the packaged NianxxPlay standalone server through the Electron app binary with ELECTRON_RUN_AS_NODE=1.
• The service manager now prefers the bundled Node binary at Resources/bin/node, so the child server should be a normal background CLI process instead of a visible Electron app process.

Design And HTML Slides Skill Findings 2026-05-12

• design should be treated as a design director/design-system skill, not as a narrow UI generator. Its handoff targets include html-slides, pptx, image generation, and frontend implementation.
• html-slides should be the execution skill for browser-based decks. First version scope is HTML decks and PPTX-to-HTML conversion, not general website generation.
• beautiful-html-templates can be bundled lightly by shipping index.json, templates/, and runtime/; the 30MB screenshot directory is unnecessary for first app testing because previews can be generated from templates.
• The template catalog currently provides 32 templates. OpenClaw sees both design and html-slides as eligible and enabled after local app-managed sync.
• Preinstalled local sync must preserve .clawx-preinstalled.json markers so future app startup updates these skills instead of treating them as user-managed.

Channel Plugin Packaging Findings 2026-05-14

• 客户侧微信渠道失败的根因成立：@tencent-weixin/openclaw-weixin@2.1.10 发布包声明 openclaw.extensions: ["./index.ts"]，并只包含 index.ts/src/**/*.ts，没有 JS 运行产物。
• 我们之前的 bundled plugin mirror 原样复制了 TS 源码包，所以客户目录里即使版本号正确，也会因为缺少可加载 JS 入口被 Gateway 忽略。
• OpenClaw 插件扫描可以加载转译后的微信插件：dist/index.js + openclaw.extensions=["./dist/index.js"]。
• 官方飞书插件已发布在 npm：@larksuite/openclaw-lark@2026.5.13，manifest id 为 openclaw-lark，channel id 为 feishu。
• 官方飞书包实际可用入口是根目录 index.js；其 package.json#main 指向不存在的 ./dist/index.js，打包/安装时需要修正 entry hint。
• OpenClaw 当前 bundled extensions 中没有内置 feishu 目录；我们之前代码把 feishu 明文放在禁用集合，导致 UI/API 直接返回“当前内测版本未启用该渠道”。
• 临时 HOME 的 OpenClaw 插件扫描已验证：openclaw-weixin 与 openclaw-lark 都能从 .openclaw/extensions 加载，状态为 loaded，无缺失依赖和插件诊断。

Task And Skill Management Findings 2026-05-13

• Current src/pages/Tasks/index.tsx duplicates quick-task creation/editing under the Task Center, which makes "任务" ambiguous versus ability-pack-owned quick tasks.
• src/pages/YinianSkills/index.tsx still contains the old quick-task management panel, but the visible tab button for it was removed and the default tab changed to service-issued skills.
• Local git history at 0abc481 confirms the earlier ability-pack page defaulted to quick-task management and exposed a quickTasks tab before server/local skill tabs.
• The older scheduled-task delivery design is still present in src/pages/Cron/index.tsx: delivery mode, supported channel filtering, channel account selection, target loading through /api/channels/targets, and delivery: { mode, channel, accountId, to } payload preservation.
• The new Task Center scheduled dialog currently always writes delivery: { mode: 'none' }, so creating or editing scheduled tasks there drops the push-channel design.
• To reduce product-language ambiguity, the ability-pack-owned template concept should be presented as “快捷能力” rather than “快捷任务”; scheduled/manual items remain tasks.

Playwright Chromium Runtime Findings 2026-05-13

• Customer confirmation: the 10:28 SIGTERM killed a stuck npx playwright install chromium browser download child process.
• The Gateway log's stuck session recovery ... age=924s aborted=true matches the configured 15-minute active-run abort threshold plus heartbeat timing.
• The immediate failure mode is not PPT generation itself; it is task-time Chromium download and concurrent Playwright browser installation.
• Current skill hardening already rewrites some old PDF instructions, but html-slides lacked an explicit runtime policy forbidding task-time Playwright browser downloads.
• The app should expose browser preview readiness as a warning-level diagnostic. Missing Chromium should not block document/deck generation; it should only skip optional browser preview.
• Setting an app-scoped PLAYWRIGHT_BROWSERS_PATH without mirroring existing complete browsers would hide a valid default Playwright cache. The runtime guard therefore symlinks already-complete Chromium installs into the app-scoped cache instead of forcing a re-download.

Cron Run Final-State Findings 2026-05-13

• A cron run can be summarized as status: error when the runtime records an intermediate mutating tool error as lastToolError, even if the agent later recovered and completed the requested work.
• The reliable success signal for this case is the matching session trajectory's trace.artifacts.data.finalStatus.
• For the local "写笑话" run, the cron summary reported Edit: in ~/Desktop/create-joke.js failed, but the trajectory artifact reported finalStatus: success and included the assistant's final desktop-save confirmation.
• Task Center should use the final run artifact to reconcile card/history state, while keeping the original tool error as diagnostic warning metadata rather than showing a false failed task.

Cron Conversation Refresh Findings 2026-05-13

• The fixed task conversation initially loads before a triggered cron run finishes, so without a later forced reload it can stay empty or stale until manual refresh.
• Existing cron fallback history returned the task metadata as a system message, but chat history filters hide all system messages; that made the current task query invisible even when fallback history existed.
• Isolated cron runtime events use run-specific session keys (agent:main:cron:<jobId>:run:<sessionId>). The UI product model needs those events folded into agent:main:cron:<jobId>.
• The ordinary quiet history refresh path can be throttled, so terminal cron events need a forced foreground refresh for the active fixed task conversation.

Sidebar Navigation Findings 2026-05-13

• The left sidebar was carrying mixed concerns in one vertical flow: conversation actions, task management, resource links, and settings competed at the same level.
• Moving New Chat and History directly below Home/Today makes the conversation surface a primary workspace action instead of a footer utility.
• Pinned quick tasks are operational accelerators for Task Center, so they should sit directly under Task Center and be capped in the sidebar to avoid turning navigation into a long task list.
• App Center and Knowledge behave more like resource/management utilities than daily workspace actions, so placing them above Settings in the footer keeps the top and middle areas focused.

App-Scoped Local Preference Findings 2026-05-13

• Quick capabilities and YINIAN account remarks were stored only in renderer localStorage, which is scoped by URL origin.
• The user's existing data was still present under http://localhost:5173, but starting the dev app on another port created a different storage origin, making those preferences appear empty.
• Preferences that are business/user data, not transient browser cache, need an Electron app-level persistence layer independent of dev server port or production file:// loading.
• The app-level copy should remain bidirectional for now: old origin-local data can migrate up, and app-level data can hydrate any new renderer origin.

商品中心 Web 应用接入 Findings 2026-05-13

• 用户要求在应用中心新增“商品中心”，业务定位是酒店企业以底价采购旅游资源，目标地址为 https://ticket.nianxx.cn/。
• 目标站点当前公开页面文案为“一感旅游”，说明覆盖景区商品采购、余额管理、订单退款、报表对账。
• 响应头检查：HTTP/2 200，content-type: text/html; charset=utf-8，access-control-allow-origin: *，未返回 X-Frame-Options 或阻断性 Content-Security-Policy，适合优先做桌面端 iframe 内嵌。
• 当前 src/stores/app-center.ts 只有 nianxx-play 一个 built-in app。
• 当前 src/pages/AppCenter/index.tsx 对 webview 类型仍调用 window.electron.openExternal，需要改为支持 route 优先的内嵌宿主页面。
• 后续 SSO 边界应集中在商品中心 URL builder 或 Host API，不应在 renderer 中持有长期密钥。
• 用户后续要求应用展示名改为“旅游资源订购”。
• https://ticket.nianxx.cn/auth.js 使用 localStorage 保存 ticketService.token 和 ticketService.user；普通 iframe 虽然可能保留 origin storage，但在 Electron 桌面内更明确的做法是使用 <webview partition="persist:..."> 给该内置 Web 应用独立持久会话。

快速视频创作 Rename Findings 2026-05-13

• 用户要求“智念视频助手”展示名改为“快速视频创作”。
• 相关展示文案集中在 src/i18n/locales/*/app-center.json 的 items.nianxxPlay 和 host 节点；内部组件、路由、Host API、服务名仍沿用 nianxx-play/NianxxPlay 作为技术标识。
• 英文状态下需要覆盖两个内置应用：Travel Resource Ordering 和 Quick Video Creation，避免露出 items.* i18n key。

WhatsApp QR Findings 2026-05-13

• WhatsApp 扫码链路是：ChannelConfigModal POST /api/channels/whatsapp/start，Host API 调用 WhatsAppLoginManager.start()，Baileys 发出 connection.update.qr 后本地渲染 PNG base64，再通过 channel:whatsapp-qr 事件回前端。
• QR PNG 渲染函数本身可用；用 qrcode-terminal vendor QRCode 生成矩阵和 PNG 编码没有发现基础 API 错配。
• 在临时 HOME 中直接拉起 WhatsApp 登录管理器，当前环境连接 wss://web.whatsapp.com/ws/chat 连续报 WebSocket Error ()，直接 ws 连接也超时，因此“生成不出来”的根因更像网络/代理而不是二维码图片渲染。
• 现有代理设置只应用到 Electron session、Gateway env 和部分 proxyAwareFetch 请求；Baileys 使用 Node ws，此前没有注入 agent，所以即使用户在高级设置中配置代理，WhatsApp WebSocket 仍会直连。
• src/lib/host-api.ts 的 unified IPC proxy envelope 只检查了外层 response.ok，没有检查内层 data.ok；Host API 返回 500 JSON 时会被当成成功 payload 交给前端，容易造成 QR 按钮一直处于等待事件状态。

OpenClaw Upgrade Findings 2026-05-13

• 当前项目固定 openclaw 版本为 2026.4.29。
• npm dist-tag 查询结果：latest=2026.5.7，beta=2026.5.12-beta.4。本次按稳定版 latest 升级，不切 beta。
• OpenClaw 2026.5.7 不再导出 openclaw/package.json 子路径；项目代码没有直接依赖该子路径，桌面端的路径解析仍通过文件系统根目录读取包信息。
• 2026.5.7 的 main-session restart recovery 改为通过 transcript lock path 匹配被中断会话，旧的 interruptedSessionIds 补丁片段已不适用；需要用 resolveEntryTranscriptLockPaths(...).some(...) 这一新版片段打补丁。
• 2026.5.7 的 diagnostic heartbeat 已新增 stalled embedded run 的 allowActiveAbort: true 分支；YINIAN 仍需要在普通 stuck recovery 分支上保留 YINIAN_OPENCLAW_STUCK_ACTIVE_ABORT_MS 阈值，避免过早主动中止活跃 run。
• 2026.5.7 的嵌入式 run 已有 resolveEmbeddedAttemptToolConstructionPlan，isRawModelRun 会阻止构建工具、bundle MCP 和 bundle LSP；这覆盖了旧版 fast chat disable-tools 补丁的主要目的。
• 2026.5.7 的子进程执行入口已迁移到 exec-*/Windows helper，并在关键 spawn 位置包含 windowsHide；旧的 workspace command runner 与 PTY 补丁片段不再匹配，但已核对新版产物中的隐藏窗口逻辑。

Model Provider Runtime Findings 2026-06-03

• 用户将默认模型换成 DeepSeek 后，clawx-providers.json 的 defaultProvider/defaultProviderAccountId 已经是 deepseek-a1e23f39-4296-4762-8bdf-184ca677cce6，账号模型为 deepseek-v4-pro。
• 但 ~/.openclaw/openclaw.json 仍然是 agents.defaults.model.primary = minimax-portal/MiniMax-M3，models.providers 还包含旧 yinian-model/custom-model 占位 provider。
• 这说明当前设计仍有配置源漂移：设置 store 是 DeepSeek，OpenClaw runtime 输出仍是 MiniMax/旧占位。必须让 provider account store 成为唯一配置源，并在保存/启动/诊断修复时同步到 runtime。
• 直接 Gateway reload 不足以应用模型切换；reload/reconnect 会用 Gateway 进程内的旧 config 覆盖刚写入的 runtime 文件。模型 provider 保存、更新和默认切换必须触发 Gateway restart。
• model-diagnostics 不能再承担“补一个默认 MiniMax 模型 provider”的职责；否则启动修复会和设置中的自定义模型 API 互相打架。它现在只做结构清理、心跳关闭、技能默认值和旧占位 provider/auth 清除。
• defaultProviderAccountId 是当前 provider account store 的真实默认指针；legacy defaultProvider 只能作为兼容回退。
• 本机最终 runtime 验证：默认模型为 deepseek/deepseek-v4-pro，models.providers.deepseek 指向 https://api.deepseek.com/v1，yinian-model provider/auth 残留已删除。minimax-portal 条目仍可存在，但只是已配置账号，不是默认模型。
• 设置页仍显示 yinian-model / MiniMax 缺失的根因是 diagnostics 列表生成函数无条件合并 YINIAN_INTERNAL_PROVIDER_KEYS，即使当前默认 provider 是 DeepSeek，也会把历史内部 provider 当作检查对象输出。
• 模型配置诊断应回答“当前默认模型引用的 provider 是否完整”，而不是扫描或固定展示历史内置 provider。provider 与 auth profile 的设置页诊断列表现在都按 primary + fallbacks 的 provider refs 过滤。

App Center Cleanup Audit Findings 2026-06-04

• Production-path residual scan across src, electron, tests, package.json, electron-builder.yml, scripts, README.md, vite.config.ts, and resources/readme found no remaining NianxxPlay/Product Center app integrations.
• The only remaining product-center / nianxx-play matches are negative assertions in tests/unit/app-center.test.tsx and tests/e2e/yinian-delivery-smoke.spec.ts, which intentionally guard against the two deleted app items returning.
• rg --files found no tracked files matching NianxxPlay, ProductCenter, product-center, nianxx, the removed readme screenshots, deleted electron/api/routes/apps.ts, or deleted scripts/prepare-nianxx-play-bundle.mjs.
• build/apps/nianxx-play is gone; only the empty build/apps directory remains.
• The dirty worktree contains many pre-existing model/provider/system-document/channel-plugin changes. App Center cleanup should be reviewed as a slice, not as the whole diff.
• selectedItemId/selectItem in src/stores/app-center.ts had no production consumer after the built-in apps were removed; it was safe to delete with the stale test assertion.
• README screenshot section had an empty App Center heading after removing the two obsolete screenshot images; removing the empty heading keeps docs aligned with the new app-center state.