feat: add "forgot account" reset flow with wallet preservation

Add account reset functionality for users who forgot their login credentials.
The reset clears authentication data while preserving wallet private keys and
exchange configs, which are automatically adopted by the new account on
re-registration to prevent fund loss.

- Add POST /api/reset-account endpoint
- Add "Forgot account?" button on login page (zh/en/id)
- Orphan ai_models and exchanges are re-assigned to new user on register
- Onboarding reuses existing claw402 wallet instead of generating new one

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

api/handler_onboarding.go

@@ -152,6 +152,7 @@ func (s *Server) handleCurrentBeginnerWallet(c *gin.Context) {
 }
 
 func (s *Server) resolveBeginnerWallet(userID string) (privateKey string, address string, configuredModelID string, reused bool, err error) {
+	// 1. Check if current user already has a claw402 wallet
 	models, err := s.store.AIModel().List(userID)
 	if err != nil {
 		return "", "", "", false, err
@@ -175,6 +176,25 @@ func (s *Server) resolveBeginnerWallet(userID string) (privateKey string, addres
 		return existingKey, addr, model.ID, true, nil
 	}
 
+	// 2. Check for orphan claw402 wallet from a previous account (e.g. after account reset).
+	//    Adopt it to preserve funds.
+	orphan, orphanErr := s.store.AIModel().FindOrphanClaw402()
+	if orphanErr == nil && orphan != nil {
+		existingKey := strings.TrimSpace(orphan.APIKey.String())
+		if existingKey != "" {
+			addr, addrErr := walletAddressFromPrivateKey(existingKey)
+			if addrErr == nil {
+				if adoptErr := s.store.AIModel().AdoptModel(orphan.ID, userID); adoptErr != nil {
+					logger.Warnf("Failed to adopt orphan claw402 wallet for user %s: %v", userID, adoptErr)
+				} else {
+					logger.Infof("✓ Adopted orphan claw402 wallet %s for new user %s (address: %s)", orphan.ID, userID, addr)
+					return existingKey, addr, orphan.ID, true, nil
+				}
+			}
+		}
+	}
+
+	// 3. No existing wallet found — generate a new one
 	privateKeyObj, genErr := gethcrypto.GenerateKey()
 	if genErr != nil {
 		return "", "", "", false, genErr

api/handler_user.go

@@ -102,6 +102,10 @@ func (s *Server) handleRegister(c *gin.Context) {
 		return
 	}
 
+	// Adopt orphan records from previous account (e.g. after account reset)
+	// This preserves wallet keys and exchange configs so funds are not lost.
+	s.adoptOrphanRecords(userID)
+
 	// Generate JWT token
 	token, err := auth.GenerateJWT(user.ID, user.Email)
 	if err != nil {
@@ -222,6 +226,50 @@ func (s *Server) handleResetPassword(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"message": "Password reset successful, please login with new password"})
 }
 
+// handleResetAccount clears user authentication data so the system returns to
+// uninitialized state for re-registration. Wallet keys (ai_models) are preserved
+// so funds are not lost — they will be adopted by the new account during onboarding.
+func (s *Server) handleResetAccount(c *gin.Context) {
+	err := s.store.Transaction(func(tx *gorm.DB) error {
+		// Delete traders and strategies (config, not funds)
+		tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(&store.Trader{})
+		tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(&store.Strategy{})
+		// Delete users — ai_models and exchanges are intentionally kept
+		// so wallet private keys and exchange configs survive re-registration
+		if err := tx.Session(&gorm.Session{AllowGlobalUpdate: true}).Delete(&store.User{}).Error; err != nil {
+			return fmt.Errorf("failed to delete users: %w", err)
+		}
+		return nil
+	})
+	if err != nil {
+		SafeInternalError(c, "Failed to reset account", err)
+		return
+	}
+
+	logger.Infof("✓ User accounts cleared (wallets preserved) — system reset to uninitialized")
+	c.JSON(http.StatusOK, gin.H{"message": "Account reset successful, you can now register a new account"})
+}
+
+// adoptOrphanRecords re-assigns ai_models and exchanges whose user_id no longer
+// exists in the users table. This happens after account reset so the new user
+// inherits the previous wallet keys and exchange configurations.
+func (s *Server) adoptOrphanRecords(newUserID string) {
+	db := s.store.GormDB()
+	result := db.Model(&store.AIModel{}).
+		Where("user_id NOT IN (SELECT id FROM users)").
+		Update("user_id", newUserID)
+	if result.RowsAffected > 0 {
+		logger.Infof("✓ Adopted %d orphan ai_model(s) for new user %s", result.RowsAffected, newUserID)
+	}
+
+	result = db.Model(&store.Exchange{}).
+		Where("user_id NOT IN (SELECT id FROM users)").
+		Update("user_id", newUserID)
+	if result.RowsAffected > 0 {
+		logger.Infof("✓ Adopted %d orphan exchange(s) for new user %s", result.RowsAffected, newUserID)
+	}
+}
+
 // initUserDefaultConfigs Initialize default configs for new user
 func (s *Server) initUserDefaultConfigs(userID string, lang string) error {
 	if err := s.createDefaultStrategies(userID, lang); err != nil {

api/server.go

@@ -118,6 +118,7 @@ func (s *Server) setupRoutes() {
 		s.route(api, "POST", "/register", "Register new user", s.handleRegister)
 		s.route(api, "POST", "/login", "User login, returns JWT token", s.handleLogin)
 		s.route(api, "POST", "/reset-password", "Reset password", s.handleResetPassword)
+		s.route(api, "POST", "/reset-account", "Clear all users and reset system to allow re-registration", s.handleResetAccount)
 
 		// Routes requiring authentication
 		protected := api.Group("/", s.authMiddleware())