@chbo297/infoflow 2026.5.8 → 2026.5.9-beta.2

package/README.md

@@ -39,35 +39,49 @@ BAIDU_NPM_REGISTRY=http://registry.npm.baidu-int.com bash scripts/deploy.sh
 
 ### 首次安装（推荐命令）
 
-首次在机器上安装时，推荐使用以下两种方式。
+下面的安装命令块由 `npm run sync-readme-install-version` 自动维护，版本号始终与 npm 上当前的 `latest` / `beta` dist-tag 保持一致，请直接复制使用。
 
-方式 A：通过独立 tools 包安装并部署（推荐，支持 `update` 子命令）
+#### 方式 A：通过独立 tools 包安装并部署（推荐，支持 `update` 子命令）
 
-<!-- sync:infoflow-plugin-version -->
+正式版（`latest` dist-tag）：
+
+<!-- sync:infoflow-plugin-version:latest -->
 ```bash
-# 正式版（latest）
-npx -y @chbo297/infoflow-openclaw-tools update --version 2026.5.8 --registry https://registry.npmjs.org
+npm cache clean --force
+npx -y --prefer-online @chbo297/infoflow-openclaw-tools update \
+  --version 2026.5.8 --registry https://registry.npmjs.org
 ```
-<!-- /sync:infoflow-plugin-version -->
+<!-- /sync:infoflow-plugin-version:latest -->
+
+Beta 版（`beta` dist-tag，按需）：
 
+<!-- sync:infoflow-plugin-version:beta -->
 ```bash
-# Beta 版（示例，版本号请按实际预发包替换）
-npx -y @chbo297/infoflow-openclaw-tools@beta update --version 2026.5.8-beta.1 --registry https://registry.npmjs.org
+npm cache clean --force
+npx -y --prefer-online @chbo297/infoflow-openclaw-tools@beta update \
+  --version 2026.5.9-beta.1 --registry https://registry.npmjs.org
 ```
+<!-- /sync:infoflow-plugin-version:beta -->
 
-方式 B：通过 OpenClaw 插件命令安装
+> 加上 `npm cache clean --force` 和 `--prefer-online`，可避免本机 npm metadata 缓存尚未刷新而看不到刚发布版本（典型表现为 `ETARGET: No matching version found`）。
 
-<!-- sync:infoflow-plugin-version -->
+#### 方式 B：通过 OpenClaw 插件命令安装
+
+正式版：
+
+<!-- sync:infoflow-plugin-version:latest -->
 ```bash
-# 正式版
 openclaw plugins install @chbo297/infoflow@2026.5.8
 ```
-<!-- /sync:infoflow-plugin-version -->
+<!-- /sync:infoflow-plugin-version:latest -->
+
+Beta 版：
 
+<!-- sync:infoflow-plugin-version:beta -->
 ```bash
-# Beta 版（示例，版本号请按实际预发包替换）
-openclaw plugins install @chbo297/infoflow@2026.5.8-beta.1
+openclaw plugins install @chbo297/infoflow@2026.5.9-beta.1
 ```
+<!-- /sync:infoflow-plugin-version:beta -->
 
 安装后建议检查插件状态：
 
@@ -76,17 +90,32 @@ openclaw plugins list
 openclaw plugins inspect infoflow
 ```
 
-### 通过 npx 一键更新安装
+#### 如遇 `ETARGET: No matching version found`
 
-发布到 npm 后，可直接通过独立 tools 包执行安装/升级：
+刚发布的版本可能在本机 npm metadata 缓存里看不到，按下面顺序排查：
 
-<!-- sync:infoflow-plugin-version -->
 ```bash
-npx -y @chbo297/infoflow-openclaw-tools update --version 2026.5.8 --registry https://registry.npmjs.org
+# 1) 强制清缓存 + 在线拉取最新元数据
+npm cache clean --force
+npx -y --prefer-online @chbo297/infoflow-openclaw-tools@beta update \
+  --version <要装的版本> --registry https://registry.npmjs.org
+
+# 2) 直接查 registry，确认版本确实可见
+npm view @chbo297/infoflow versions --registry https://registry.npmjs.org
+
+# 3) 确认默认 registry 未被改到镜像源（有些内网会重写到 cnpm/baidu 镜像，那里同步可能滞后）
+npm config get registry            # 期望: https://registry.npmjs.org/
+# 临时强制覆盖（不改全局配置）：
+npm_config_registry=https://registry.npmjs.org \
+  npx -y --prefer-online @chbo297/infoflow-openclaw-tools@beta update \
+  --version <要装的版本> --registry https://registry.npmjs.org
+
+# 4) 直接 curl 验证那台机器能否拿到 manifest
+curl -sI https://registry.npmjs.org/@chbo297/infoflow | head -5
+curl -s https://registry.npmjs.org/@chbo297/infoflow/<要装的版本> | head -50
 ```
-<!-- /sync:infoflow-plugin-version -->
 
-常用参数：
+### tools 包的常用参数
 
 - `--version <version>`: 指定安装版本（默认 `latest`）
 - `--registry <url>`: 插件包下载源（默认 `https://registry.npmjs.org`）
@@ -107,34 +136,102 @@ npx -y @chbo297/infoflow-openclaw-tools update --version 2026.5.8 --registry htt
 
 ### 版本升级、打 tag、推送与 npm 发布流程
 
-每次发布新版本时，先将 `package.json` 的 `version` 设为待发版本号，再按下述顺序执行。上文「首次安装 / npx 更新」与下文发版流程中，各 bash 代码块外侧有一对用于自动替换的 HTML 注释标记；发版前请执行 **`npm run sync-readme-install-version`**，脚本会按当前 `package.json` 的 `version` 更新这些块内的版本号，以免 README 与 npm 不一致。
+正式版与 Beta 预发各自有完整流程，区别只在 **`npm version` 用的版本号** 和 **`npm publish` 是否带 `--tag beta`** 两处。请按需选择对应小节，从头到尾执行。
+
+执行 `npm run sync-readme-install-version` 时脚本会：
+
+- 把"发版流程"代码块内 `--version` / `npm version` / `git tag` / `git commit -m "<version>"` 等示例同步到当前 `package.json.version`（"current" stream）；
+- 同时把上文"首次安装"段落里 `:latest` / `:beta` 两个 marker 区按 npm 上的 dist-tag 刷新——发 stable 时 `:latest` 区会写成新版本号；发 prerelease 时 `:beta` 区会写成新版本号；另一条 stream 通过 npm registry 接口拉取真实 dist-tag。
+
+#### A. 正式版（stable）发布流程
+
+发布一个不带预发后缀的版本（例如 `2026.5.10`），会同时占用 npm 的 `latest` dist-tag，是 `npx` 默认拉取的版本。
+
+将下方所有 `<X.Y.Z>` 替换为目标正式版本号（不带 `-beta.N`）：
 
-<!-- sync:infoflow-plugin-version -->
 ```bash
 # 1) 修改版本号（会同步 package-lock.json）
-npm version 2026.5.8 --no-git-tag-version
+npm version <X.Y.Z> --no-git-tag-version
 
-# 2) 同步 README 中标记块内的推荐安装命令与下文中的 tag / commit 示例版本号
+# 2) 同步 README：current 区写入 <X.Y.Z>；:latest 区也写入 <X.Y.Z>（因为本次发的就是新 latest）；
+#                 :beta 区从 npm 拉取当前 beta dist-tag 保持不变
 npm run sync-readme-install-version
 
-# 3) 发布前校验
+# 3) 编辑 CHANGELOG.md 顶部，添加本版本章节
+
+# 4) 发布前校验
 npm run typecheck
 npm run test
 npm run build
 
-# 4) 提交版本变更（含 README、CHANGELOG 等）
+# 5) 提交版本变更
 git add package.json package-lock.json README.md CHANGELOG.md scripts src
-git commit -m "2026.5.8"
+git commit -m "<X.Y.Z>"
+
+# 6) 打 tag 并推送代码与 tag
+git tag <X.Y.Z>
+git push origin main
+git push origin <X.Y.Z>
+
+# 7) 发布到 npm（占用 latest dist-tag）
+npm publish --registry https://registry.npmjs.org
 
-# 5) 打 tag 并推送代码与 tag
-git tag 2026.5.8
+# 8) 发布成功后再跑一次 sync，把 :latest 区刷新成 npm registry 真实状态（通常已经一致，
+#    但若另一条 stream 在期间也有新发布，这一步会顺带更新），并补一个 docs 提交
+npm run sync-readme-install-version
+git add README.md && git diff --cached --quiet || git commit -m "docs: refresh README install commands"
 git push origin main
-git push origin 2026.5.8
+```
+
+#### B. Beta 预发布流程
+
+发布一个带预发后缀的版本（例如 `2026.5.10-beta.1`），通过 `--tag beta` 占用 `beta` dist-tag，**不会**改写 `latest`，默认 `npx` 装到的仍是正式版。
 
-# 6) 发布 npm（可按需指定 registry）
-npm publish
-# 或
-# npm publish --registry https://registry.npmjs.org
+将下方所有 `<X.Y.Z-beta.N>` 替换为目标预发版本号：
+
+```bash
+# 1) 修改版本号（会同步 package-lock.json）
+npm version <X.Y.Z-beta.N> --no-git-tag-version
+
+# 2) 同步 README：current 区写入 <X.Y.Z-beta.N>；:beta 区也写入 <X.Y.Z-beta.N>（因为本次发的就是新 beta）；
+#                 :latest 区从 npm 拉取当前 latest dist-tag 保持不变
+npm run sync-readme-install-version
+
+# 3) 编辑 CHANGELOG.md 顶部，添加本版本章节
+
+# 4) 发布前校验
+npm run typecheck
+npm run test
+npm run build
+
+# 5) 提交版本变更
+git add package.json package-lock.json README.md CHANGELOG.md scripts src
+git commit -m "<X.Y.Z-beta.N>"
+
+# 6) 打 tag 并推送代码与 tag
+git tag <X.Y.Z-beta.N>
+git push origin main
+git push origin <X.Y.Z-beta.N>
+
+# 7) 发布到 npm（占用 beta dist-tag；不影响 latest）
+npm publish --tag beta --registry https://registry.npmjs.org
+
+# 8) 发布成功后再跑一次 sync 并补一个 docs 提交（同 A.8）
+npm run sync-readme-install-version
+git add README.md && git diff --cached --quiet || git commit -m "docs: refresh README install commands"
+git push origin main
+```
+
+#### 当前 `package.json` 的版本号示例
+
+以下示例由 `sync` 脚本自动维护，反映**仓库当前 `package.json.version`**（可作为复制 A / B 流程时的版本号参考）：
+
+<!-- sync:infoflow-plugin-version -->
+```bash
+npm version 2026.5.9-beta.1 --no-git-tag-version
+git commit -m "2026.5.9-beta.1"
+git tag 2026.5.9-beta.1
+git push origin 2026.5.9-beta.1
 ```
 <!-- /sync:infoflow-plugin-version -->
 

package/dist/src/actions.js

@@ -6,6 +6,8 @@
 import { jsonResult, readStringParam } from "openclaw/plugin-sdk/core";
 import { extractToolSend } from "openclaw/plugin-sdk/tool-send";
 import { resolveInfoflowAccount } from "./accounts.js";
+import { looksLikeRecallLatest } from "./recall-intent.js";
+import { lookupInboundContext } from "./inbound-context.js";
 import { logVerbose } from "./logging.js";
 import { prepareInfoflowImageBase64, sendInfoflowImageMessage } from "./media.js";
 import { sendInfoflowMessage, recallInfoflowGroupMessage, recallInfoflowPrivateMessage, } from "./send.js";
@@ -15,12 +17,89 @@ import { normalizeInfoflowTarget } from "./targets.js";
 const RECALL_OK_HINT = "Recall succeeded. output only NO_REPLY with no other text.";
 const RECALL_FAIL_HINT = "Recall failed. Send a brief reply stating only the failure reason.";
 const RECALL_PARTIAL_HINT = "Some recalls failed. Send a brief reply stating only the failure reason(s).";
+/**
+ * Resolve the inbound replyToMessageId from the action ctx + inbound-context map.
+ * Returns the bot-sent messageId the user is quote-replying to (if any), so we
+ * can recover when the LLM accidentally passes the inbound user-message id as
+ * the delete target.
+ */
+function resolveInboundReplyToMessageId(params) {
+    const currentMessageId = params.currentMessageId != null ? String(params.currentMessageId) : undefined;
+    if (!currentMessageId)
+        return undefined;
+    const ctx = lookupInboundContext(currentMessageId);
+    if (!ctx)
+        return undefined;
+    // Scope match: same account + target (avoid using a stale context from another chat).
+    if (ctx.accountId !== params.accountId)
+        return undefined;
+    if (ctx.target !== params.target)
+        return undefined;
+}
+/**
+ * Aggressive guard: when LLM passes messageId === inbound currentMessageId (a known
+ * confusion pattern), auto-correct based on context instead of failing.
+ *
+ * Priorities:
+ * 1) Use replyToMessageId — user quote-replied to a bot message (highest confidence).
+ * 2) Drop to count=1 mode — when no replyTo AND text indicates "recall latest one".
+ * 3) Defer to existing fallback chain — ambiguous intent (e.g., "recall the one about X").
+ *
+ * Returns the corrected messageId (or undefined to signal count=1 mode).
+ */
+function applyAggressiveGuardForInboundMessageId(params) {
+    const inboundMsgId = params.currentMessageId != null ? String(params.currentMessageId) : undefined;
+    // Guard only triggers when LLM passes the inbound message id as delete target
+    if (!inboundMsgId || params.messageId !== inboundMsgId) {
+        return params.messageId;
+    }
+    const ctxRec = lookupInboundContext(inboundMsgId);
+    const scopeOk = ctxRec && ctxRec.accountId === params.accountId && ctxRec.target === params.target;
+    if (!scopeOk) {
+        // No inbound context to guide correction — defer to existing fallback chain
+        return params.messageId;
+    }
+    // Priority 1: replyToMessageId (user quote-replied to a bot message)
+    const replyToId = ctxRec.replyToMessageId;
+    if (replyToId && findSentMessage(params.accountId, replyToId)) {
+        logVerbose(`[infoflow:delete] aggressive: messageId==inboundMsgId(${params.messageId}); using replyTo=${replyToId}`);
+        return replyToId;
+    }
+    // Priority 2: text indicates "recall latest one" — safe to auto-correct to count=1
+    if (looksLikeRecallLatest(ctxRec.inboundBody ?? "")) {
+        logVerbose(`[infoflow:delete] aggressive: messageId==inboundMsgId(${params.messageId}); recall-latest intent → drop to count=1`);
+        return undefined; // undefined → count=1 mode
+    }
+    // Priority 3: ambiguous intent — defer to existing fallback chain
+    logVerbose(`[infoflow:delete] aggressive: messageId==inboundMsgId(${params.messageId}); ambiguous intent → defer to candidate-error path`);
+    return params.messageId;
+}
+/** Format up to N recent sent messages for an error-path hint to the LLM. */
+function formatRecentCandidatesForError(records, limit = 5) {
+    if (!records || !Array.isArray(records) || records.length === 0)
+        return "";
+    const lines = records.slice(0, limit).map((r) => {
+        const previewText = r.digest || "(no preview)";
+        return `messageId=${r.messageid} preview="${previewText}"`;
+    });
+    return lines.join("; ");
+}
+/** Safe candidate lookup that never throws (errors → empty string). */
+function safeRecentCandidates(accountId, target) {
+    try {
+        const records = querySentMessages(accountId, { target, count: 5 });
+        return formatRecentCandidatesForError(records);
+    }
+    catch {
+        return "";
+    }
+}
 export const infoflowMessageActions = {
     describeMessageTool: () => ({
         actions: ["send", "delete"],
     }),
     extractToolSend: ({ args }) => extractToolSend(args, "sendMessage"),
-    handleAction: async ({ action, params, cfg, accountId }) => {
+    handleAction: async ({ action, params, cfg, accountId, toolContext }) => {
         // -----------------------------------------------------------------------
         // delete (群消息撤回) — Mode A: by messageId, Mode B: by count
         // -----------------------------------------------------------------------
@@ -35,7 +114,7 @@ export const infoflowMessageActions = {
             if (!account.config.appKey || !account.config.appSecret) {
                 throw new Error("Infoflow appKey/appSecret not configured.");
             }
-            const messageId = readStringParam(params, "messageId");
+            let messageId = readStringParam(params, "messageId");
             // Default to count=1 (recall latest message) when neither messageId nor count is provided
             const countStr = readStringParam(params, "count") ?? (messageId ? undefined : "1");
             const groupMatch = target.match(/^group:(\d+)/i);
@@ -44,27 +123,61 @@ export const infoflowMessageActions = {
                 // 群消息撤回
                 // -----------------------------------------------------------------
                 const groupId = Number(groupMatch[1]);
+                const targetForStore = `group:${groupId}`;
+                // Apply aggressive guard when messageId equals inbound currentMessageId (LLM confusion pattern)
+                if (messageId) {
+                    messageId = applyAggressiveGuardForInboundMessageId({
+                        messageId,
+                        currentMessageId: toolContext?.currentMessageId,
+                        accountId: account.accountId,
+                        target: targetForStore,
+                    });
+                }
                 // Mode A: single message recall by messageId
                 if (messageId) {
+                    // Resolve msgseqid (group recall requires it). If the LLM-passed messageId
+                    // is unknown to the store, fall back to the inbound replyToMessageId — the
+                    // common failure mode is the LLM passing the inbound user-message id as
+                    // the delete target instead of the bot-message id it's quote-replying to.
+                    let effectiveMessageId = messageId;
                     let msgseqid = readStringParam(params, "msgseqid") ?? "";
-                    if (!msgseqid) {
-                        const stored = findSentMessage(account.accountId, messageId);
-                        if (stored?.msgseqid) {
-                            msgseqid = stored.msgseqid;
+                    let stored = findSentMessage(account.accountId, effectiveMessageId);
+                    if (!stored && !msgseqid) {
+                        const fallbackId = resolveInboundReplyToMessageId({
+                            accountId: account.accountId,
+                            target: targetForStore,
+                            currentMessageId: toolContext?.currentMessageId,
+                        });
+                        if (fallbackId && fallbackId !== effectiveMessageId) {
+                            const fallbackStored = findSentMessage(account.accountId, fallbackId);
+                            if (fallbackStored) {
+                                logVerbose(`[infoflow:delete] LLM passed unknown messageId=${effectiveMessageId}, falling back to replyToMessageId=${fallbackId}`);
+                                effectiveMessageId = fallbackId;
+                                stored = fallbackStored;
+                            }
                         }
                     }
+                    if (!msgseqid && stored?.msgseqid) {
+                        msgseqid = stored.msgseqid;
+                    }
                     if (!msgseqid) {
-                        throw new Error("delete requires msgseqid (not found in store; provide it explicitly or send messages first).");
+                        const candidates = safeRecentCandidates(account.accountId, `group:${groupId}`);
+                        logVerbose(`[infoflow:delete] unknown messageId=${effectiveMessageId}, no fallback available, returning candidates to LLM`);
+                        throw new Error(`delete: messageId=${effectiveMessageId} is not a known bot-sent message in this chat (msgseqid not found in store). ` +
+                            `It looks like you may have passed the inbound (user) message id instead of the bot's. ` +
+                            (candidates
+                                ? `Recent bot-sent messages here: ${candidates}. Pick the right messageId and retry.`
+                                : `No recent bot-sent messages on file for this chat. Aborting to avoid wrong recall.`));
                     }
                     const result = await recallInfoflowGroupMessage({
                         account,
                         groupId,
-                        messageid: messageId,
+                        messageid: effectiveMessageId,
                         msgseqid,
                     });
                     if (result.ok) {
                         try {
-                            removeRecalledMessages(account.accountId, [messageId]);
+                            removeRecalledMessages(account.accountId, [effectiveMessageId]);
                         }
                         catch {
                             // ignore cleanup errors
@@ -74,6 +187,7 @@ export const infoflowMessageActions = {
                         ok: result.ok,
                         channel: "infoflow",
                         to,
+                        messageId: effectiveMessageId,
                         ...(result.error ? { error: result.error } : {}),
                         _hint: result.ok ? RECALL_OK_HINT : RECALL_FAIL_HINT,
                     });
@@ -85,7 +199,7 @@ export const infoflowMessageActions = {
                         throw new Error("count must be a positive integer.");
                     }
                     const records = querySentMessages(account.accountId, {
-                        target: `group:${groupId}`,
+                        target: targetForStore,
                         count,
                     });
                     // Filter to records that have msgseqid (required for group recall)
@@ -155,16 +269,48 @@ export const infoflowMessageActions = {
                     throw new Error("Infoflow private message recall requires appAgentId configuration. " +
                         "Set channels.infoflow.appAgentId to your application ID (如流企业后台的应用ID).");
                 }
+                // Apply aggressive guard when messageId equals inbound currentMessageId (LLM confusion pattern)
+                if (messageId) {
+                    messageId = applyAggressiveGuardForInboundMessageId({
+                        messageId,
+                        currentMessageId: toolContext?.currentMessageId,
+                        accountId: account.accountId,
+                        target,
+                    });
+                }
                 // Mode A: single message recall by messageId (msgkey)
                 if (messageId) {
+                    // Attempt the inbound-context fallback when the LLM-passed messageId is
+                    // unknown to the store. If we can swap it for a verified bot-message id
+                    // from the inbound replyTo, do so. Otherwise PRESERVE the original
+                    // permissive behavior (pass the LLM id straight to the API and let
+                    // Infoflow's backend judge) — the store may legitimately not contain
+                    // every recallable DM message (e.g., after the 7-day retention sweep
+                    // or for messages sent before this plugin started recording).
+                    let effectiveMessageId = messageId;
+                    const stored = findSentMessage(account.accountId, effectiveMessageId);
+                    if (!stored) {
+                        const fallbackId = resolveInboundReplyToMessageId({
+                            accountId: account.accountId,
+                            target,
+                            currentMessageId: toolContext?.currentMessageId,
+                        });
+                        if (fallbackId && fallbackId !== effectiveMessageId) {
+                            const fallbackStored = findSentMessage(account.accountId, fallbackId);
+                            if (fallbackStored) {
+                                logVerbose(`[infoflow:delete] LLM passed unknown messageId=${effectiveMessageId}, falling back to replyToMessageId=${fallbackId}`);
+                                effectiveMessageId = fallbackId;
+                            }
+                        }
+                    }
                     const result = await recallInfoflowPrivateMessage({
                         account,
-                        msgkey: messageId,
+                        msgkey: effectiveMessageId,
                         appAgentId,
                     });
                     if (result.ok) {
                         try {
-                            removeRecalledMessages(account.accountId, [messageId]);
+                            removeRecalledMessages(account.accountId, [effectiveMessageId]);
                         }
                         catch {
                             // ignore cleanup errors
@@ -174,6 +320,7 @@ export const infoflowMessageActions = {
                         ok: result.ok,
                         channel: "infoflow",
                         to,
+                        messageId: effectiveMessageId,
                         ...(result.error ? { error: result.error } : {}),
                         _hint: result.ok ? RECALL_OK_HINT : RECALL_FAIL_HINT,
                     });

package/dist/src/agent-tools.js

@@ -0,0 +1,102 @@
+/**
+ * LLM-callable tools exposed by the Infoflow channel plugin.
+ *
+ * Currently exposes: `infoflow_list_sent_messages` — lets the LLM look up
+ * bot-sent messages by target / time window / content substring when the
+ * push-injected recent list (in bot.ts) isn't enough (e.g., older messages,
+ * search-by-content).
+ */
+import { jsonResult } from "openclaw/plugin-sdk/core";
+import { Type } from "typebox";
+import { resolveDefaultInfoflowAccountId } from "./accounts.js";
+import { logVerbose } from "./logging.js";
+import { querySentMessages } from "./sent-message-store.js";
+const listSentMessagesSchema = Type.Object({
+    target: Type.String({
+        description: "Chat target to query. Format: 'group:<groupId>' for groups or '<username>' for private chats. " +
+            "MUST be the current chat target — do not query other chats.",
+    }),
+    count: Type.Optional(Type.Integer({
+        minimum: 1,
+        maximum: 50,
+        default: 20,
+        description: "Maximum number of messages to return, newest first.",
+    })),
+    withinHours: Type.Optional(Type.Integer({
+        minimum: 1,
+        maximum: 168,
+        description: "Only include messages sent within the last N hours (1-168, i.e. up to 7 days, which matches the store's retention). Omit for no time filter.",
+    })),
+    containsText: Type.Optional(Type.String({
+        description: "Case-insensitive substring filter against the message digest (first ~100 chars of body). Use this to find a message by content, e.g. containsText='会议改到3点'.",
+    })),
+    accountId: Type.Optional(Type.String({
+        description: "Account id to query against (only needed when multiple Infoflow accounts are configured). Defaults to the configured default account.",
+    })),
+});
+const TOOL_DESCRIPTION = [
+    "List messages the bot previously sent to a given Infoflow chat, with optional time-window and content-substring filters.",
+    "Use this BEFORE action='delete' when:",
+    "  (a) the message you need to recall is older than the recent list already injected into the message body, or",
+    "  (b) you need to find a bot-sent message by its content (e.g. 'the joke about programmers', '会议通知').",
+    "Returns: target, count, and an array of { messageId, sentAt, ageMinutes, preview }.",
+    "Feed the chosen messageId back into action='delete' to recall it.",
+].join("\n");
+export function createListSentMessagesTool(deps) {
+    return {
+        name: "infoflow_list_sent_messages",
+        label: "infoflow_list_sent_messages",
+        description: TOOL_DESCRIPTION,
+        parameters: listSentMessagesSchema,
+        execute: async (_toolCallId, rawParams) => {
+            const p = (rawParams ?? {});
+            if (typeof p.target !== "string" || !p.target.trim()) {
+                throw new Error("infoflow_list_sent_messages: 'target' is required.");
+            }
+            const target = p.target.trim();
+            const limit = Math.min(Math.max(p.count ?? 20, 1), 50);
+            const hasContains = typeof p.containsText === "string" && p.containsText.trim().length > 0;
+            const needle = hasContains ? p.containsText.trim().toLowerCase() : undefined;
+            let accountId = p.accountId?.trim();
+            if (!accountId) {
+                try {
+                    accountId = resolveDefaultInfoflowAccountId(deps.getConfig());
+                }
+                catch {
+                    accountId = undefined;
+                }
+            }
+            if (!accountId) {
+                throw new Error("infoflow_list_sent_messages: cannot resolve account id. Pass accountId explicitly or configure a default account.");
+            }
+            // Over-fetch when filtering by content so the post-filter slice still has up to `limit` rows.
+            const fetchCount = needle ? Math.max(limit * 4, 50) : limit;
+            let records;
+            try {
+                records = querySentMessages(accountId, { target, count: fetchCount });
+            }
+            catch (err) {
+                throw new Error(`infoflow_list_sent_messages: store query failed: ${err?.message ?? String(err)}`);
+            }
+            if (p.withinHours) {
+                const cutoff = Date.now() - p.withinHours * 60 * 60 * 1000;
+                records = records.filter((r) => r.sentAt >= cutoff);
+            }
+            if (needle) {
+                records = records.filter((r) => (r.digest ?? "").toLowerCase().includes(needle));
+            }
+            const sliced = records.slice(0, limit);
+            logVerbose(`[infoflow:tool:list_sent_messages] target=${target} accountId=${accountId} count=${sliced.length} (limit=${limit}, withinHours=${p.withinHours ?? "none"}, containsText=${hasContains ? "yes" : "no"})`);
+            return jsonResult({
+                target,
+                count: sliced.length,
+                messages: sliced.map((r) => ({
+                    messageId: r.messageid,
+                    sentAt: new Date(r.sentAt).toISOString(),
+                    ageMinutes: Math.max(0, Math.round((Date.now() - r.sentAt) / 60000)),
+                    preview: r.digest || "",
+                })),
+            });
+        },
+    };
+}

package/dist/src/bot.js

@@ -1,10 +1,12 @@
 import { buildAgentMediaPayload, getAgentScopedMediaLocalRoots, } from "openclaw/plugin-sdk/agent-media-payload";
 import { buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, DEFAULT_GROUP_HISTORY_LIMIT, recordPendingHistoryEntryIfEnabled, } from "openclaw/plugin-sdk/reply-history";
 import { resolveInfoflowAccount } from "./accounts.js";
+import { registerInboundContext } from "./inbound-context.js";
 import { getInfoflowBotLog, formatInfoflowError, logVerbose } from "./logging.js";
 import { createInfoflowReplyDispatcher } from "./reply-dispatcher.js";
+import { looksLikeRecallIntent, looksLikeRecallLatest } from "./recall-intent.js";
 import { getInfoflowRuntime } from "./runtime.js";
-import { findSentMessage } from "./sent-message-store.js";
+import { findSentMessage, querySentMessages } from "./sent-message-store.js";
 /**
  * Check if the bot was @mentioned in the message body.
  * Matches appAgentId, robotName, or robotId against AT items (same order as Baidu reference plugin).
@@ -183,14 +185,18 @@ function resolveFollowUpOtherMentioned(params) {
     logVerbose(`[infoflow:bot] skip dispatch: from=${fromuser}, group=${groupId}, reason=followUp-other-mentioned (record only, no LLM)`);
     return "record_only";
 }
-// ---------------------------------------------------------------------------
-// Reply-to-bot detection (引用回复机器人消息)
-// ---------------------------------------------------------------------------
 /**
- * Check if the message is a reply (引用回复) to one of the bot's own messages.
- * Looks up replyData body items' messageid against the sent-message-store.
+ * Resolve all replyData targets from inbound body items, including each target's
+ * messageid + body preview + isBotMessage (via sent-message-store lookup).
+ *
+ * This is the structured form behind `checkReplyToBot`: callers who only want a
+ * boolean can compute it as `targets.some((t) => t.isBotMessage)`. Returning the
+ * full list lets us surface the messageid to the LLM and resolve the right
+ * recall target — the previous bool-only API was the root cause of the LLM
+ * passing the inbound (user) messageId to action=delete.
  */
-function checkReplyToBot(bodyItems, accountId) {
+function resolveReplyTargets(bodyItems, accountId) {
+    const out = [];
     for (const item of bodyItems) {
         if (item.type !== "replyData")
             continue;
@@ -200,16 +206,85 @@ function checkReplyToBot(bodyItems, accountId) {
         const msgIdStr = String(msgId);
         if (!msgIdStr)
             continue;
+        let isBotMessage = false;
         try {
-            const found = findSentMessage(accountId, msgIdStr);
-            if (found)
-                return true;
+            isBotMessage = Boolean(findSentMessage(accountId, msgIdStr));
         }
         catch {
             // DB lookup failure should not block message processing
         }
+        out.push({
+            messageid: msgIdStr,
+            preview: (item.content ?? "").trim(),
+            isBotMessage,
+        });
     }
-    return false;
+    return out;
+}
+// ---------------------------------------------------------------------------
+// Sent-message context injection (push) — solves both the "AI uses inbound id
+// as delete target" bug and the "DM-triggered cross-context send is invisible
+// in the target group" bug. sent-messages.db tracks all bot-sent messages
+// keyed by target, so a single push surfaces messages sent from any session.
+// ---------------------------------------------------------------------------
+// Recall-intent detection lives in ./recall-intent.js — shared with actions.ts.
+const RECENT_BOT_AMBIENT_WINDOW_MS = 24 * 60 * 60 * 1000;
+const RECENT_BOT_AMBIENT_COUNT = 5;
+const RECENT_BOT_DETAIL_COUNT = 10;
+/**
+ * Build a system-style section listing the bot's recent messages to this chat.
+ * Two modes — ambient (compact, awareness only) and detail (longer, with
+ * explicit instruction for recall). Returns undefined when there's nothing
+ * recent to report so unrelated chats stay token-cheap.
+ */
+function buildBotRecentMessagesSection(params) {
+    const detail = params.inboundLooksLikeRecall || params.isReplyToBot;
+    const count = detail ? RECENT_BOT_DETAIL_COUNT : RECENT_BOT_AMBIENT_COUNT;
+    let records;
+    try {
+        records = querySentMessages(params.accountId, { target: params.target, count });
+    }
+    catch {
+        return undefined;
+    }
+    if (records.length === 0)
+        return undefined;
+    const cutoff = Date.now() - RECENT_BOT_AMBIENT_WINDOW_MS;
+    const recent = records.filter((r) => r.sentAt >= cutoff);
+    if (recent.length === 0)
+        return undefined;
+    const header = detail
+        ? "[System: Recent messages you (the bot) sent to this chat (newest first). Use these messageIds when recalling/deleting your own messages. NEVER pass the current inbound message_id as the delete target — that is the USER's message, not a bot message.]"
+        : "[System: Your recent messages to this chat (for awareness — these may have been sent from another session/context):]";
+    const lines = recent.map((r, i) => {
+        const ageMin = Math.max(0, Math.round((Date.now() - r.sentAt) / 60000));
+        const previewText = r.digest || "(no preview)";
+        return `  ${i + 1}. messageId=${r.messageid}  sent=${ageMin}m ago  preview="${previewText}"`;
+    });
+    return {
+        text: [header, ...lines].join("\n"),
+        mode: detail ? "detail" : "ambient",
+        count: recent.length,
+    };
+}
+/**
+ * Build a section describing each quoted-reply target on the inbound message,
+ * with messageid + isBotMessage. Only emitted when there's at least one target.
+ * This is the missing piece for the original bug — the LLM needs to know which
+ * id belongs to the quoted bot message, distinct from the inbound message's id.
+ */
+function formatQuotedReplyTargetsSection(targets) {
+    if (!targets.length)
+        return undefined;
+    const lines = targets.map((t, i) => {
+        const previewText = t.preview ? t.preview.slice(0, 200) : "(no preview)";
+        return `  ${i + 1}. messageId=${t.messageid}  sentByBot=${t.isBotMessage}  preview="${previewText}"`;
+    });
+    return [
+        "[System: This message is a quoted reply to:",
+        ...lines,
+        "If the user is asking to act on (recall/edit/quote) a referenced message and sentByBot=true, use that messageId as the action target.]",
+    ].join("\n");
 }
 /** Shared judgment rules and reply format requirements for all conditional-reply prompts */
 function buildReplyJudgmentRules(options) {
@@ -565,8 +640,13 @@ export async function handleGroupChatMessage(params) {
     const bodyForAgent = agentVisibleText.trim() || rawMes || mes;
     // Extract sender name from header or fallback to fromuser
     const senderName = String(header?.username ?? header?.nickname ?? msgData.username ?? fromuser);
-    // Detect reply-to-bot: check if any replyData item quotes a bot-sent message
-    const isReplyToBot = replyContext ? checkReplyToBot(bodyItems, accountId) : false;
+    // Resolve all replyData targets (id + preview + isBotMessage). We need the
+    // structured form (not just a boolean) so we can surface the bot-message
+    // messageId to the LLM for correct recall.
+    const replyTargets = Array.isArray(bodyItems) && bodyItems.length > 0
+        ? resolveReplyTargets(bodyItems, accountId)
+        : [];
+    const isReplyToBot = replyTargets.some((t) => t.isBotMessage);
     // Delegate to the common message handler (group chat)
     await handleInfoflowMessage({
         cfg,
@@ -585,6 +665,7 @@ export async function handleGroupChatMessage(params) {
             mentionIds: mentionIds.userIds.length > 0 || mentionIds.agentIds.length > 0 ? mentionIds : undefined,
             replyContext,
             isReplyToBot: isReplyToBot || undefined,
+            replyTargets: replyTargets.length > 0 ? replyTargets : undefined,
             imageUrls: imageUrls.length > 0 ? imageUrls : undefined,
         },
         accountId,
@@ -766,6 +847,56 @@ export async function handleInfoflowMessage(params) {
         ctxPayload.BodyForAgent = bodyForAgent;
         logVerbose(`[infoflow] group: BodyForAgent set for LLM (${bodyForAgent.length} chars, includes @/robotid)`);
     }
+    // ---------------------------------------------------------------------------
+    // Inject sent-message context into the LLM body. Two sections:
+    //   1. Quoted-reply targets (when this inbound is a 引用回复): exposes the
+    //      bot-message messageId so the LLM doesn't mistake the inbound id for
+    //      the recall target.
+    //   2. Recent bot-sent messages (always, when records exist within 24h):
+    //      gives the LLM both ambient awareness (for cross-context-sent messages
+    //      that aren't in this session's history) and a candidate list for
+    //      semantic recall ("撤回刚才那条笑话").
+    // ---------------------------------------------------------------------------
+    const ctxTarget = isGroup && groupId !== undefined ? `group:${groupId}` : fromuser;
+    {
+        const sections = [];
+        const quotedSection = formatQuotedReplyTargetsSection(event.replyTargets ?? []);
+        if (quotedSection)
+            sections.push(quotedSection);
+        const recallTextSource = `${bodyForAgent ?? ""}\n${event.replyContext?.join(" ") ?? ""}`.trim();
+        const recentSection = buildBotRecentMessagesSection({
+            accountId,
+            target: ctxTarget,
+            inboundLooksLikeRecall: looksLikeRecallIntent(recallTextSource),
+            isReplyToBot: event.isReplyToBot === true,
+        });
+        if (recentSection) {
+            sections.push(recentSection.text);
+            logVerbose(`[infoflow:ctx] injected recent-bot-messages section (mode=${recentSection.mode}, count=${recentSection.count}, target=${ctxTarget})`);
+        }
+        if (sections.length > 0) {
+            const existing = String(ctxPayload.Body ?? "");
+            ctxPayload.Body =
+                `${existing}\n\n${sections.join("\n\n")}`.trim();
+        }
+    }
+    // Register inbound context so the delete action handler can fall back to the
+    // bot-message id the inbound is quote-replying to (when present), or detect
+    // the "messageId===inboundMessageId" LLM confusion pattern with the body
+    // text to decide whether it's safe to auto-correct to count=1. We only pick
+    // a bot-sent reply target: falling back to a non-bot reply id would never
+    // help (it can't be in sent-messages.db) and only adds noise.
+    if (event.messageId) {
+        registerInboundContext({
+            accountId,
+            target: ctxTarget,
+            inboundMessageId: event.messageId,
+            replyToMessageId: event.replyTargets?.find((t) => t.isBotMessage)?.messageid,
+            replyTargets: event.replyTargets,
+            inboundBody: bodyForAgent || mes || event.replyContext?.join(" "),
+            registeredAt: Date.now(),
+        });
+    }
     // Record session using recordInboundSession for proper session tracking
     await core.channel.session.recordInboundSession({
         storePath,
@@ -1019,7 +1150,19 @@ export const _checkWatchMentioned = checkWatchMentioned;
 export const _extractMentionIds = extractMentionIds;
 /** @internal — Check if message matches any watchRegex pattern (dotAll). Only exported for tests. */
 export const _checkWatchRegex = checkWatchRegex;
-/** @internal — Check if message is a reply to one of the bot's own messages. Only exported for tests. */
-export const _checkReplyToBot = checkReplyToBot;
+/** @internal — Resolve structured replyData targets (id + preview + isBotMessage). Only exported for tests. */
+export const _resolveReplyTargets = resolveReplyTargets;
+/** @internal — Back-compat boolean form used by older tests; prefer _resolveReplyTargets. */
+export function _checkReplyToBot(bodyItems, accountId) {
+    return resolveReplyTargets(bodyItems, accountId).some((t) => t.isBotMessage);
+}
 /** @internal — Group output hygiene fragment appended to GroupSystemPrompt. Only exported for tests. */
 export const _buildGroupOutputHygienePrompt = buildGroupOutputHygienePrompt;
+/** @internal — Recall intent regex. Only exported for tests. */
+export const _looksLikeRecallIntent = looksLikeRecallIntent;
+/** @internal — Stricter recall-latest detector. Only exported for tests. */
+export const _looksLikeRecallLatest = looksLikeRecallLatest;
+/** @internal — Sent-messages section builder. Only exported for tests. */
+export const _buildBotRecentMessagesSection = buildBotRecentMessagesSection;
+/** @internal — Quoted-reply targets section builder. Only exported for tests. */
+export const _formatQuotedReplyTargetsSection = formatQuotedReplyTargetsSection;

package/dist/src/channel.js

@@ -1,6 +1,7 @@
 import { applyAccountNameToChannelSection, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, formatPairingApproveHint, migrateBaseNameToDefaultAccount, normalizeAccountId, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk/core";
 import { getChannelSection, listInfoflowAccountIds, resolveDefaultInfoflowAccountId, resolveInfoflowAccount, } from "./accounts.js";
 import { infoflowMessageActions } from "./actions.js";
+import { createListSentMessagesTool } from "./agent-tools.js";
 import { logVerbose } from "./logging.js";
 import { parseMarkdownForLocalImages } from "./markdown-local-images.js";
 import { prepareInfoflowImageBase64, sendInfoflowImageMessage } from "./media.js";
@@ -66,10 +67,21 @@ export const infoflowPlugin = {
     },
     reload: { configPrefixes: ["channels.infoflow"] },
     actions: infoflowMessageActions,
+    agentTools: (params) => [
+        createListSentMessagesTool({
+            getConfig: () => params.cfg ?? {},
+        }),
+    ],
     agentPrompt: {
         messageToolHints: () => [
             'Infoflow group @mentions: set atAll=true to @all members, or mentionUserIds="user1,user2" (comma-separated uuapName) to @mention specific users. Only effective for group targets (group:<id>).',
-            'Infoflow supports message recall (撤回): use action="delete" to recall the most recent message, or specify messageId to recall a specific message. Works for both private and group messages.',
+            'Infoflow message recall (撤回): use action="delete" to recall a bot-sent message.',
+            '  - To recall a specific message, pass messageId=<the bot message id>. Get the id from (a) the "Recent messages you (the bot) sent" section that may be injected into the body, (b) the "quoted reply target" block when sentByBot=true, or (c) the infoflow_list_sent_messages tool.',
+            '  - To recall the most recent message without specifying id, omit messageId (defaults to count=1).',
+            '  - For batch recall use count=<N>.',
+            '  - NEVER pass the current inbound message_id (the user-sent message you are replying to) as the delete target — that is the USER\'s message, not a bot message; the call will fail.',
+            '  - When a quoted reply target is present with sentByBot=true, that messageId is the most likely recall target.',
+            '  - For messages older than the injected recent window, or hard-to-identify ones, call infoflow_list_sent_messages first (use containsText / withinHours filters) and then pass the chosen messageId to action="delete".',
         ],
     },
     config: {

package/dist/src/inbound-context.js

@@ -0,0 +1,61 @@
+/**
+ * In-memory registry of inbound message context, used by the delete action handler
+ * to recover when the LLM passes a wrong messageId.
+ *
+ * Why: openclaw's ChannelMessageActionContext exposes the inbound trigger's
+ * currentMessageId (via ctx.toolContext) but does NOT carry the inbound's
+ * replyToMessageId / resolved reply targets. We register that context here on
+ * inbound, keyed by the inbound messageId, and consume it from the action
+ * handler.
+ *
+ * Entries auto-expire after RETENTION_MS to keep the map bounded.
+ */
+import { logVerbose } from "./logging.js";
+const RETENTION_MS = 10 * 60 * 1000; // 10 minutes — same order of magnitude as followUp window
+const MAX_ENTRIES = 500;
+const store = new Map();
+function evictExpired() {
+    if (store.size === 0)
+        return;
+    const cutoff = Date.now() - RETENTION_MS;
+    let count = 0;
+    for (const [key, entry] of store) {
+        if (entry.registeredAt < cutoff) {
+            store.delete(key);
+            count++;
+        }
+    }
+    if (count > 0) {
+        logVerbose(`[infoflow:inbound-ctx] evicted ${count} expired entries`);
+    }
+}
+export function registerInboundContext(record) {
+    evictExpired();
+    // Cap the map size; if we're over, drop the oldest entries.
+    if (store.size >= MAX_ENTRIES) {
+        const sorted = Array.from(store.entries()).sort((a, b) => a[1].registeredAt - b[1].registeredAt);
+        const dropCount = store.size - MAX_ENTRIES + 1;
+        for (let i = 0; i < dropCount; i++) {
+            store.delete(sorted[i][0]);
+        }
+    }
+    store.set(record.inboundMessageId, record);
+}
+export function lookupInboundContext(inboundMessageId) {
+    const entry = store.get(inboundMessageId);
+    if (!entry)
+        return undefined;
+    if (Date.now() - entry.registeredAt > RETENTION_MS) {
+        store.delete(inboundMessageId);
+        return undefined;
+    }
+    return entry;
+}
+/** @internal — for tests */
+export function _resetInboundContext() {
+    store.clear();
+}
+/** @internal — for tests */
+export function _inboundContextSize() {
+    return store.size;
+}

package/dist/src/recall-intent.js

@@ -0,0 +1,26 @@
+/**
+ * Lightweight recall-intent detection used by both the prompt-injection path
+ * (bot.ts) and the delete action's aggressive guard (actions.ts).
+ *
+ * Two helpers:
+ *  - looksLikeRecallIntent: matches any "撤回/删除/recall/unsend/..." verb.
+ *  - looksLikeRecallLatest: requires both a recall verb AND an explicit
+ *    "the latest one" qualifier (上一条 / 最后一条 / 刚才那条 / 最近一条 /
+ *    last / previous / most recent / ...). Used to decide whether it's safe
+ *    to auto-correct `messageId=inbound_user_msg_id` to count=1 (recall most
+ *    recent). Standalone "撤回那条" without a temporal qualifier is rejected:
+ *    it could refer to a specific quoted message and we'd rather surface
+ *    candidates to the LLM than risk recalling the wrong one.
+ */
+const RECALL_INTENT_REGEX = /(撤回|收回|删[掉了除]|取消|清除|recall|unsend|undo\s*send|delete\s+(?:that|those|the\s+(?:last|previous(?:\s+\d+)?)))/i;
+const RECALL_LATEST_HINT_REGEX = /(上一?条|最后一?条|刚才那?条|最近一?条|last(?:\s+(?:one|message|two|few|reply))?|previous|most\s*recent)/iu;
+export function looksLikeRecallIntent(text) {
+    if (!text)
+        return false;
+    return RECALL_INTENT_REGEX.test(text);
+}
+export function looksLikeRecallLatest(text) {
+    if (!text)
+        return false;
+    return RECALL_INTENT_REGEX.test(text) && RECALL_LATEST_HINT_REGEX.test(text);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chbo297/infoflow",
-  "version": "2026.5.8",
+  "version": "2026.5.9-beta.2",
   "description": "OpenClaw Infoflow (如流) channel plugin for Baidu enterprise messaging",
   "type": "module",
   "main": "dist/index.js",
@@ -22,6 +22,9 @@
     "@baidu/infoflow-sdk-nodejs": ">=0.1.0",
     "openclaw": ">=2026.5.4"
   },
+  "dependencies": {
+    "typebox": "^1.1.0"
+  },
   "peerDependenciesMeta": {
     "@baidu/infoflow-sdk-nodejs": {
       "optional": true
@@ -51,6 +54,7 @@
     "sync-readme-install-version": "node scripts/sync-readme-install-version.mjs"
   },
   "devDependencies": {
+    "typebox": "^1.1.38",
     "typescript": "^6.0.3",
     "vitest": "^4.1.5"
   },