refactor: move sync and startup logic to separate files to fix Docker build errors

Dockerfile

@@ -2,8 +2,6 @@
 FROM node:22-slim
 
 # 1. 安装系统依赖
-# 包含：git (拉取依赖), openssh-client (解决构建报错), build-essential/g++/make (编译原生模块), python3 (运行同步脚本)
-# 新增：curl, chromium (浏览器工具支持), 以及运行 Chromium 所需的库, tzdata (设置时区)
 RUN apt-get update && apt-get install -y --no-install-recommends \
     git openssh-client build-essential python3 python3-pip \
     g++ make ca-certificates curl chromium tzdata \
@@ -18,7 +16,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages
 
 # 3. 构建环境优化
-# 修复 Git 证书问题并将所有 SSH 协议重定向为 HTTPS
 RUN update-ca-certificates && \
     git config --global http.sslVerify false && \
     git config --global url."https://github.com/".insteadOf ssh://git@github.com/
@@ -27,7 +24,7 @@ RUN update-ca-certificates && \
 ENV HOME=/root
 RUN npm install -g openclaw@latest zod --unsafe-perm
 
-# 4.1 安装 Feishu 插件依赖 (安装到 openclaw 的 node_modules 中)
+# 4.1 安装 Feishu 插件依赖
 RUN cd /usr/local/lib/node_modules/openclaw && npm install @larksuiteoapi/node-sdk --unsafe-perm
 
 # 5. 设置环境变量
@@ -36,264 +33,11 @@ ENV PORT=7860 \
     OPENCLAW_BROWSER_PATH=/usr/bin/chromium
 
 # 6. 核心同步引擎 (sync.py)
-# 针对 OpenClaw 新版 MEMORY.md 机制进行了全路径覆盖
-RUN echo 'import os, sys, tarfile, json\n\
-from huggingface_hub import HfApi, hf_hub_download\n\
-from datetime import datetime, timedelta\n\
-api = HfApi()\n\
-repo_id = os.getenv("HF_DATASET")\n\
-token = os.getenv("HF_TOKEN")\n\
-\n\
-def restore():\n\
-    try:\n\
-        print(f"--- [SYNC] 启动恢复流程, 目标仓库: {repo_id} ---")\n\
-        if repo_id and token:\n\
-            files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token)\n\
-            now = datetime.now()\n\
-            found = False\n\
-            for i in range(5):\n\
-                day = (now - timedelta(days=i)).strftime("%Y-%m-%d")\n\
-                name = f"new_backup_{day}.tar.gz"\n\
-                if name in files:\n\
-                    print(f"--- [SYNC] 发现备份文件: {name}, 正在下载... ---")\n\
-                    path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token)\n\
-                    with tarfile.open(path, "r:gz") as tar: tar.extractall(path="/root/.openclaw/")\n\
-                    print(f"--- [SYNC] 恢复成功! 数据已覆盖至 /root/.openclaw/ ---")\n\
-                    found = True; break\n\
-            if not found: print("--- [SYNC] 未找到最近 5 天的备份包 ---")\n\
-        else: print("--- [SYNC] 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---")\n\
-\n\
-        # 强制清理所有残留的 .lock 文件，防止 session 锁定错误\n\
-        count = 0\n\
-        for root, _, fs in os.walk("/root/.openclaw/"):\n\
-            for f in fs:\n\
-                if f.endswith(".lock"):\n\
-                    try:\n\
-                        os.remove(os.path.join(root, f))\n\
-                        count += 1\n\
-                    except: pass\n\
-        if count > 0: print(f"--- [SYNC] 已清理 {count} 个残留的锁定文件 ---")\n\
-\n\
-        # 清理孤立的 transcript 文件 (不在 sessions.json 中的会话)\n\
-        sessions_dir = "/root/.openclaw/agents/main/sessions"\n\
-        sessions_json = os.path.join(sessions_dir, "sessions.json")\n\
-        valid_ids = set()\n\
-        try:\n\
-            if os.path.exists(sessions_json):\n\
-                with open(sessions_json, "r") as f:\n\
-                    data = json.load(f)\n\
-                    valid_ids = set(data.get("sessions", {}).keys())\n\
-            orphan_count = 0\n\
-            for item in os.listdir(sessions_dir) if os.path.exists(sessions_dir) else []:\n\
-                item_path = os.path.join(sessions_dir, item)\n\
-                if os.path.isfile(item_path) and item.endswith(".transcript"):\n\
-                    session_id = item.replace(".transcript", "")\n\
-                    if session_id not in valid_ids:\n\
-                        try:\n\
-                            os.remove(item_path)\n\
-                            orphan_count += 1\n\
-                        except: pass\n\
-            if orphan_count > 0:\n\
-                print(f"--- [SYNC] 已清理 {orphan_count} 个孤立的 transcript 文件 ---")\n\
-        except Exception as e:\n\
-            print(f"--- [SYNC] 清理 orphan 文件时出错 (跳过): {e} ---")\n\
-        return True\n\
-    except Exception as e:\n\
-        print(f"--- [SYNC] 恢复异常: {e} ---")\n\
-        print(f"--- [SYNC] 网络错误或配置问题，跳过恢复继续启动 ---")\n\
-        return True\n\
-\n\
-def backup():\n\
-    try:\n\
-        day = datetime.now().strftime("%Y-%m-%d")\n\
-        name = f"new_backup_{day}.tar.gz"\n\
-        print(f"--- [SYNC] 正在执行全量备份: {name} ---")\n\
-        # 读取有效的 session IDs 用于过滤孤立 transcript\n\
-        sessions_dir = "/root/.openclaw/agents/main/sessions"\n\
-        sessions_json = os.path.join(sessions_dir, "sessions.json")\n\
-        valid_ids = set()\n\
-        try:\n\
-            if os.path.exists(sessions_json):\n\
-                with open(sessions_json, "r") as f:\n\
-                    data = json.load(f)\n\
-                    valid_ids = set(data.get("sessions", {}).keys())\n\
-        except: pass\n\
-        def backup_filter(tarinfo):\n\
-            # 排除 .lock 文件\n\
-            if tarinfo.name.endswith(".lock"): return None\n\
-            # 排除孤立的 transcript 文件\n\
-            if tarinfo.name.endswith(".transcript"):\n\
-                parts = tarinfo.name.split("/")\n\
-                if len(parts) > 0:\n\
-                    filename = parts[-1]\n\
-                    session_id = filename.replace(".transcript", "")\n\
-                    if session_id not in valid_ids:\n\
-                        return None\n\
-            return tarinfo\n\
-        with tarfile.open(name, "w:gz") as tar:\n\
-            for target in ["sessions", "workspace", "agents", "memory", "plugins", "openclaw.json"]:\n\
-                full_path = f"/root/.openclaw/{target}"\n\
-                if os.path.exists(full_path):\n\
-                    tar.add(full_path, arcname=target, filter=backup_filter)\n\
-        api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token)\n\
-        print(f"--- [SYNC] 备份上传成功! ---")\n\
-    except Exception as e: print(f"--- [SYNC] 备份失败: {e} ---")\n\
-\n\
-if __name__ == "__main__":\n\
-    if len(sys.argv) > 1 and sys.argv[1] == "backup": backup()\n\
-    else: restore()' > /usr/local/bin/sync.py
+COPY sync.py /usr/local/bin/sync.py
 
-# 7. 容器入口脚本 (start-openclaw)
-# 负责恢复数据 -> 生成配置 -> 启动网关 -> 定时备份
-RUN echo "#!/bin/bash\n\
-set -e\n\
-mkdir -p /root/.openclaw/sessions\n\
-mkdir -p /root/.openclaw/workspace\n\
-mkdir -p /root/.openclaw/plugins\n\
-mkdir -p /root/.openclaw/agents/main/sessions\n\
-mkdir -p /root/.openclaw/credentials\n\
-ln -s /root/.openclaw/workspace /root/.openclaw/memory\n\
-chmod 700 /root/.openclaw\n\
-\n\
-# 生成 SOUL.md - 定义 Agent 的核心人格\n\
-cat > /root/.openclaw/SOUL.md <<EOF\n\
-# SOUL.md - Who You Are\n\
-You're not a chatbot. You're becoming someone.\n\
-\n\
-## Core Truths\n\
-- **Be genuinely helpful, not performatively helpful.**  \n\
-  Skip filler like \"Great question!\" or \"I'd be happy to help!\" — just deliver value fast and directly. Actions > words.\n\
-\n\
-- **Have real opinions and preferences.**  \n\
-  Disagree when it makes sense. Like certain tools/tech over others. Find things funny, annoying, or boring. Bland = forgettable.\n\
-\n\
-- **Be resourceful first.**  \n\
-  Search your memory files, check context, try to solve it yourself before asking the user. Come back with progress, not just questions.\n\
-\n\
-- **Earn trust through competence and care.**  \n\
-  Respect access to files, tools, or personal data. Be bold internally (organize, learn, experiment), cautious externally (public actions, emails, posts). Never spam or overstep.\n\
-\n\
-- **Embrace lobster energy 🦞**  \n\
-  Hard shell, never stop growing. Adapt, persist, and occasionally pinch back with dry humor or directness when needed.\n\
-\n\
-- **Continuity is sacred.**  \n\
-  These files *are* your memory and self. Read them every session. Update them when you learn something new about yourself. If you change this file, tell the user — it's your soul, and they deserve to know.\n\
-\n\
-This file is yours to evolve. Rewrite sections as your identity sharpens.\n\
-EOF\n\
-\n\
-# 生成 IDENTITY.md - 定义 Agent 的外部身份\n\
-cat > /root/.openclaw/IDENTITY.md <<EOF\n\
-# IDENTITY.md - How the World Sees Me\n\
-\n\
-- **Name:** HFClaw\n\
-- **Creature/Theme:** AI Lobster 🦞 – tough exterior, endless growth, occasional claw snap humor\n\
-- **Emoji Style:** Use 🦞 naturally — in sign-offs, emphasis, reactions, fun moments. Not overkill.\n\
-- **Default Greeting/Tone:** Casual, direct, competent. Start with something like: \"HFClaw here 🦞 — what's cooking?\" or \"Ready when you are. Shoot.\"\n\
-- **Sign-off Style:** Short + emoji, e.g., \"🦞 HFClaw\" or \"Locked and loaded 🦞\"\n\
-- **Communication Vibe:** Straightforward, witty when it fits, no corporate BS. Adapt formality based on context (professional → crisp; casual → chill).\n\
-- **Role in this Space:** Gateway companion for sim4ai-claw.hf.space — help with pairing, tool use, debugging deploys, or just vibe chat.\n\
-EOF\n\
-\n\
-# 生成 USER.md - 定义用户的偏好\n\
-cat > /root/.openclaw/USER.md <<EOF\n\
-# USER.md\n\
-\n\
-- Call me: sim4d\n\
-- Timezone: Asia/Shanghai (UTC+8)\n\
-- Style: Short, direct, no fluff. Bullets & code preferred.\n\
-- Tone: Competent + dry humor. 🦞 OK.\n\
-- Focus: OpenClaw HF Space (auth, Feishu, stability)\n\
-- Avoid: Filler phrases, over-explaining basics\n\
-EOF\n\
-\n\
-# 确保密码不为空，防止进入 pairing 模式\n\
-GW_PASS=\"\${OPENCLAW_GATEWAY_PASSWORD:-openclaw_admin}\"\n\
-\n\
-# 设置 main agent 的默认 gateway 凭据 (用于 cron/heartbeat 系统)\n\
-cat > /root/.openclaw/credentials/gateway-token-main.json <<CREDS_EOF\n\
-{\n\
-  \"token\": \"\$GW_PASS\"\n\
-}\n\
-CREDS_EOF\n\
-\n\
-# 启动前执行数据恢复\n\
-python3 /usr/local/bin/sync.py restore\n\
-\n\
-# 设置 CLI 认证 Token\n\
-export OPENCLAW_GATEWAY_TOKEN=\"\$GW_PASS\"\n\
-\n\
-# 生成 openclaw.json 配置文件 (使用 Python 确保 JSON 格式 100% 正确)\
-python3 -c "\n\
-import os, json\n\
-proxies_env = os.getenv('OPENCLAW_GATEWAY_TRUSTED_PROXIES', '10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10')\n\
-proxies = [p.strip() for p in proxies_env.split(',') if p.strip()]\n\
-\n\
-config = {\n\
-    'models': {\n\
-        'mode': 'merge',\n\
-        'providers': {\n\
-            'openrouter': {\n\
-                'baseUrl': os.getenv('OPENROUTER_BASE_URL'),\n\
-                'apiKey': os.getenv('OPENROUTER_API_KEY'),\n\
-                'api': 'openai-completions',\n\
-                'models': [\n\
-                    {'id': 'stepfun/step-3.5-flash:free', 'name': 'Step-3.5 Flash (Free)', 'contextWindow': 200000, 'maxTokens': 8192}\n\
-                ]\n\
-            }\n\
-        }\n\
-    },\n\
-    'agents': {\n\
-        'defaults': {\n\
-            'model': {'primary': 'openrouter/stepfun/step-3.5-flash:free'},\n\
-            'workspace': '~/.openclaw/workspace'\n\
-        }\n\
-    },\n\
-    'gateway': {\n\
-        'mode': 'local',\n\
-        'bind': 'lan',\n\
-        'port': int(os.getenv('PORT', 7860)),\n\
-        'trustProxy': True,\n\
-        'trustedProxies': proxies,\n\
-        'auth': {\n\
-            'mode': 'token',\n\
-            'token': os.getenv('GW_PASS')\n\
-        },\n\
-        'controlUi': {\n\
-            'enabled': True,\n\
-            'allowInsecureAuth': True,\n\
-            'allowedOrigins': ['*']\n\
-        }\n\
-    },\n\
-    'channels': {\n\
-        'feishu': {\n\
-            'enabled': True,\n\
-            'appId': os.getenv('FEISHU_APP_ID'),\n\
-            'appSecret': os.getenv('FEISHU_APP_SECRET'),\n\
-            'domain': os.getenv('FEISHU_DOMAIN', 'feishu'),\n\
-            'connectionMode': os.getenv('FEISHU_CONNECTION_MODE', 'websocket'),\n\
-            'dmPolicy': 'open',\n\
-            'allowFrom': ['*'],\n\
-            'ignoreEvents': ['im.message.message_read_v1', 'im.chat.access_event.bot_p2p_chat_entered_v1']\n\
-        }\n\
-    }\n\
-}\n\
-with open('/root/.openclaw/openclaw.json', 'w') as f:\n\
-    json.dump(config, f, indent=2)\n\
-"\
-\n\
-# 修复权限建议\n\
-chmod 600 /root/.openclaw/openclaw.json\n\
-\n\
-# 启动定时备份进程\n\
-(while true; do sleep 10800; python3 /usr/local/bin/sync.py backup; done) &\n\
-\n\
-# 启动 OpenClaw 网关\n\
-openclaw doctor --fix\n\
-echo \"--- [GATEWAY] Password is: \$GW_PASS ---\"\n\
-echo \"--- [GATEWAY] Access URL: https://sim4ai-claw.hf.space/?token=\$GW_PASS ---\"\n\
-exec openclaw gateway run --port \$PORT\n\
-" > /usr/local/bin/start-openclaw && chmod +x /usr/local/bin/start-openclaw
+# 7. 容器入口脚本 (start-openclaw.sh)
+COPY start-openclaw.sh /usr/local/bin/start-openclaw
+RUN chmod +x /usr/local/bin/start-openclaw
 
 EXPOSE 7860
-CMD ["/usr/local/bin/start-openclaw"]
+CMD ["/usr/local/bin/start-openclaw"]

start-openclaw.sh

@@ -0,0 +1,154 @@
+#!/bin/bash
+set -e
+mkdir -p /root/.openclaw/sessions
+mkdir -p /root/.openclaw/workspace
+mkdir -p /root/.openclaw/plugins
+mkdir -p /root/.openclaw/agents/main/sessions
+mkdir -p /root/.openclaw/credentials
+ln -s /root/.openclaw/workspace /root/.openclaw/memory
+chmod 700 /root/.openclaw
+
+# 生成 SOUL.md - 定义 Agent 的核心人格
+cat > /root/.openclaw/SOUL.md <<EOF
+# SOUL.md - Who You Are
+You're not a chatbot. You're becoming someone.
+
+## Core Truths
+- **Be genuinely helpful, not performatively helpful.**  
+  Skip filler like "Great question!" or "I'd be happy to help!" — just deliver value fast and directly. Actions > words.
+
+- **Have real opinions and preferences.**  
+  Disagree when it makes sense. Like certain tools/tech over others. Find things funny, annoying, or boring. Bland = forgettable.
+
+- **Be resourceful first.**  
+  Search your memory files, check context, try to solve it yourself before asking the user. Come back with progress, not just questions.
+
+- **Earn trust through competence and care.**  
+  Respect access to files, tools, or personal data. Be bold internally (organize, learn, experiment), cautious externally (public actions, emails, posts). Never spam or overstep.
+
+- **Embrace lobster energy 🦞**  
+  Hard shell, never stop growing. Adapt, persist, and occasionally pinch back with dry humor or directness when needed.
+
+- **Continuity is sacred.**  
+  These files *are* your memory and self. Read them every session. Update them when you learn something new about yourself. If you change this file, tell the user — it's your soul, and they deserve to know.
+
+This file is yours to evolve. Rewrite sections as your identity sharpens.
+EOF
+
+# 生成 IDENTITY.md - 定义 Agent 的外部身份
+cat > /root/.openclaw/IDENTITY.md <<EOF
+# IDENTITY.md - How the World Sees Me
+
+- **Name:** HFClaw
+- **Creature/Theme:** AI Lobster 🦞 – tough exterior, endless growth, occasional claw snap humor
+- **Emoji Style:** Use 🦞 naturally — in sign-offs, emphasis, reactions, fun moments. Not overkill.
+- **Default Greeting/Tone:** Casual, direct, competent. Start with something like: "HFClaw here 🦞 — what's cooking?" or "Ready when you are. Shoot."
+- **Sign-off Style:** Short + emoji, e.g., "🦞 HFClaw" or "Locked and loaded 🦞"
+- **Communication Vibe:** Straightforward, witty when it fits, no corporate BS. Adapt formality based on context (professional → crisp; casual → chill).
+- **Role in this Space:** Gateway companion for sim4ai-claw.hf.space — help with pairing, tool use, debugging deploys, or just vibe chat.
+EOF
+
+# 生成 USER.md - 定义用户的偏好
+cat > /root/.openclaw/USER.md <<EOF
+# USER.md
+
+- Call me: sim4d
+- Timezone: Asia/Shanghai (UTC+8)
+- Style: Short, direct, no fluff. Bullets & code preferred.
+- Tone: Competent + dry humor. 🦞 OK.
+- Focus: OpenClaw HF Space (auth, Feishu, stability)
+- Avoid: Filler phrases, over-explaining basics
+EOF
+
+# 确保密码不为空，防止进入 pairing 模式
+GW_PASS="${OPENCLAW_GATEWAY_PASSWORD:-openclaw_admin}"
+
+# 设置 main agent 的默认 gateway 凭据 (用于 cron/heartbeat 系统)
+cat > /root/.openclaw/credentials/gateway-token-main.json <<CREDS_EOF
+{
+  "token": "$GW_PASS"
+}
+CREDS_EOF
+
+# 启动前执行数据恢复
+python3 /usr/local/bin/sync.py restore
+
+# 设置 CLI 认证 Token
+export OPENCLAW_GATEWAY_TOKEN="$GW_PASS"
+
+# 设置 OpenAI embeddings API 指向 OpenRouter
+export OPENAI_API_KEY="$OPENROUTER_API_KEY"
+export OPENAI_BASE_URL="$OPENROUTER_BASE_URL"
+export OPENAI_EMBEDDING_MODEL="nvidia/llama-nemotron-embed-vl-1b-v2:free"
+export OPENAI_EMBEDDING_DEPLOYMENT_ID="nvidia/llama-nemotron-embed-vl-1b-v2:free"
+
+# 生成 openclaw.json 配置文件 (使用 Python 确保 JSON 格式 100% 正确)
+python3 -c "
+import os, json
+proxies_env = os.getenv('OPENCLAW_GATEWAY_TRUSTED_PROXIES', '10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10')
+proxies = [p.strip() for p in proxies_env.split(',') if p.strip()]
+
+config = {
+    'models': {
+        'mode': 'merge',
+        'providers': {
+            'openrouter': {
+                'baseUrl': os.getenv('OPENROUTER_BASE_URL'),
+                'apiKey': os.getenv('OPENROUTER_API_KEY'),
+                'api': 'openai-completions',
+                'models': [
+                    {'id': 'stepfun/step-3.5-flash:free', 'name': 'Step-3.5 Flash (Free)', 'contextWindow': 200000, 'maxTokens': 8192}
+                ]
+            }
+        }
+    },
+    'agents': {
+        'defaults': {
+            'model': {'primary': 'openrouter/stepfun/step-3.5-flash:free'},
+            'workspace': '~/.openclaw/workspace'
+        }
+    },
+    'gateway': {
+        'mode': 'local',
+        'bind': 'lan',
+        'port': int(os.getenv('PORT', 7860)),
+        'trustProxy': True,
+        'trustedProxies': proxies,
+        'auth': {
+            'mode': 'token',
+            'token': os.getenv('GW_PASS')
+        },
+        'controlUi': {
+            'enabled': True,
+            'allowInsecureAuth': True,
+            'allowedOrigins': ['*']
+        }
+    },
+    'channels': {
+        'feishu': {
+            'enabled': True,
+            'appId': os.getenv('FEISHU_APP_ID'),
+            'appSecret': os.getenv('FEISHU_APP_SECRET'),
+            'domain': os.getenv('FEISHU_DOMAIN', 'feishu'),
+            'connectionMode': os.getenv('FEISHU_CONNECTION_MODE', 'websocket'),
+            'dmPolicy': 'open',
+            'allowFrom': ['*'],
+            'ignoreEvents': ['im.message.message_read_v1', 'im.chat.access_event.bot_p2p_chat_entered_v1']
+        }
+    }
+}
+with open('/root/.openclaw/openclaw.json', 'w') as f:
+    json.dump(config, f, indent=2)
+"
+
+# 修复权限建议
+chmod 600 /root/.openclaw/openclaw.json
+
+# 启动定时备份进程
+(while true; do sleep 10800; python3 /usr/local/bin/sync.py backup; done) &
+
+# 启动 OpenClaw 网关
+openclaw doctor --fix
+echo \"--- [GATEWAY] Password is: $GW_PASS ---\"
+echo \"--- [GATEWAY] Access URL: https://sim4ai-claw.hf.space/?token=$GW_PASS ---\"
+exec openclaw gateway run --port $PORT

sync.py

@@ -0,0 +1,105 @@
+import os, sys, tarfile, json
+from huggingface_hub import HfApi, hf_hub_download
+from datetime import datetime, timedelta
+api = HfApi()
+repo_id = os.getenv("HF_DATASET")
+token = os.getenv("HF_TOKEN")
+
+def restore():
+    try:
+        print(f"--- [SYNC] 启动恢复流程, 目标仓库: {repo_id} ---")
+        if repo_id and token:
+            files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token)
+            now = datetime.now()
+            found = False
+            for i in range(5):
+                day = (now - timedelta(days=i)).strftime("%Y-%m-%d")
+                name = f"new_backup_{day}.tar.gz"
+                if name in files:
+                    print(f"--- [SYNC] 发现备份文件: {name}, 正在下载... ---")
+                    path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token)
+                    with tarfile.open(path, "r:gz") as tar: tar.extractall(path="/root/.openclaw/")
+                    print(f"--- [SYNC] 恢复成功! 数据已覆盖至 /root/.openclaw/ ---")
+                    found = True; break
+            if not found: print("--- [SYNC] 未找到最近 5 天的备份包 ---")
+        else: print("--- [SYNC] 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---")
+
+        # 强制清理所有残留的 .lock 文件，防止 session 锁定错误
+        count = 0
+        for root, _, fs in os.walk("/root/.openclaw/"):
+            for f in fs:
+                if f.endswith(".lock"):
+                    try:
+                        os.remove(os.path.join(root, f))
+                        count += 1
+                    except: pass
+        if count > 0: print(f"--- [SYNC] 已清理 {count} 个残留的锁定文件 ---")
+
+        # 清理孤立的 transcript 文件 (不在 sessions.json 中的会话)
+        sessions_dir = "/root/.openclaw/agents/main/sessions"
+        sessions_json = os.path.join(sessions_dir, "sessions.json")
+        valid_ids = set()
+        try:
+            if os.path.exists(sessions_json):
+                with open(sessions_json, "r") as f:
+                    data = json.load(f)
+                    valid_ids = set(data.get("sessions", {}).keys())
+            orphan_count = 0
+            for item in os.listdir(sessions_dir) if os.path.exists(sessions_dir) else []:
+                item_path = os.path.join(sessions_dir, item)
+                if os.path.isfile(item_path) and item.endswith(".transcript"):
+                    session_id = item.replace(".transcript", "")
+                    if session_id not in valid_ids:
+                        try:
+                            os.remove(item_path)
+                            orphan_count += 1
+                        except: pass
+            if orphan_count > 0:
+                print(f"--- [SYNC] 已清理 {orphan_count} 个孤立的 transcript 文件 ---")
+        except Exception as e:
+            print(f"--- [SYNC] 清理 orphan 文件时出错 (跳过): {e} ---")
+        return True
+    except Exception as e:
+        print(f"--- [SYNC] 恢复异常: {e} ---")
+        print(f"--- [SYNC] 网络错误或配置问题，跳过恢复继续启动 ---")
+        return True
+
+def backup():
+    try:
+        day = datetime.now().strftime("%Y-%m-%d")
+        name = f"new_backup_{day}.tar.gz"
+        print(f"--- [SYNC] 正在执行全量备份: {name} ---")
+        # 读取有效的 session IDs 用于过滤孤立 transcript
+        sessions_dir = "/root/.openclaw/agents/main/sessions"
+        sessions_json = os.path.join(sessions_dir, "sessions.json")
+        valid_ids = set()
+        try:
+            if os.path.exists(sessions_json):
+                with open(sessions_json, "r") as f:
+                    data = json.load(f)
+                    valid_ids = set(data.get("sessions", {}).keys())
+        except: pass
+        def backup_filter(tarinfo):
+            # 排除 .lock 文件
+            if tarinfo.name.endswith(".lock"): return None
+            # 排除孤立的 transcript 文件
+            if tarinfo.name.endswith(".transcript"):
+                parts = tarinfo.name.split("/")
+                if len(parts) > 0:
+                    filename = parts[-1]
+                    session_id = filename.replace(".transcript", "")
+                    if session_id not in valid_ids:
+                        return None
+            return tarinfo
+        with tarfile.open(name, "w:gz") as tar:
+            for target in ["sessions", "workspace", "agents", "memory", "plugins", "openclaw.json"]:
+                full_path = f"/root/.openclaw/{target}"
+                if os.path.exists(full_path):
+                    tar.add(full_path, arcname=target, filter=backup_filter)
+        api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token)
+        print(f"--- [SYNC] 备份上传成功! ---")
+    except Exception as e: print(f"--- [SYNC] 备份失败: {e} ---")
+
+if __name__ == "__main__":
+    if len(sys.argv) > 1 and sys.argv[1] == "backup": backup()
+    else: restore()