@clawdbot/zalouser 2026.1.16 → 2026.1.21

package/src/monitor.ts

@@ -1,20 +1,20 @@
 import type { ChildProcess } from "node:child_process";
 
-import type { RuntimeEnv } from "../../../src/runtime.js";
-import {
-  isControlCommandMessage,
-  shouldComputeCommandAuthorized,
-} from "../../../src/auto-reply/command-detection.js";
-import { finalizeInboundContext } from "../../../src/auto-reply/reply/inbound-context.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../../src/channels/command-gating.js";
-import { loadCoreChannelDeps, type CoreChannelDeps } from "./core-bridge.js";
+import type { ClawdbotConfig, RuntimeEnv } from "clawdbot/plugin-sdk";
+import { mergeAllowlist, summarizeMapping } from "clawdbot/plugin-sdk";
 import { sendMessageZalouser } from "./send.js";
-import type { CoreConfig, ResolvedZalouserAccount, ZcaMessage } from "./types.js";
-import { runZcaStreaming } from "./zca.js";
+import type {
+  ResolvedZalouserAccount,
+  ZcaFriend,
+  ZcaGroup,
+  ZcaMessage,
+} from "./types.js";
+import { getZalouserRuntime } from "./runtime.js";
+import { parseJsonOutput, runZca, runZcaStreaming } from "./zca.js";
 
 export type ZalouserMonitorOptions = {
   account: ResolvedZalouserAccount;
-  config: CoreConfig;
+  config: ClawdbotConfig;
   runtime: RuntimeEnv;
   abortSignal: AbortSignal;
   statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
@@ -26,8 +26,29 @@ export type ZalouserMonitorResult = {
 
 const ZALOUSER_TEXT_LIMIT = 2000;
 
-function logVerbose(deps: CoreChannelDeps, runtime: RuntimeEnv, message: string): void {
-  if (deps.shouldLogVerbose()) {
+function normalizeZalouserEntry(entry: string): string {
+  return entry.replace(/^(zalouser|zlu):/i, "").trim();
+}
+
+function buildNameIndex<T>(
+  items: T[],
+  nameFn: (item: T) => string | undefined,
+): Map<string, T[]> {
+  const index = new Map<string, T[]>();
+  for (const item of items) {
+    const name = nameFn(item)?.trim().toLowerCase();
+    if (!name) continue;
+    const list = index.get(name) ?? [];
+    list.push(item);
+    index.set(name, list);
+  }
+  return index;
+}
+
+type ZalouserCoreRuntime = ReturnType<typeof getZalouserRuntime>;
+
+function logVerbose(core: ZalouserCoreRuntime, runtime: RuntimeEnv, message: string): void {
+  if (core.logging.shouldLogVerbose()) {
     runtime.log(`[zalouser] ${message}`);
   }
 }
@@ -41,6 +62,39 @@ function isSenderAllowed(senderId: string, allowFrom: string[]): boolean {
   });
 }
 
+function normalizeGroupSlug(raw?: string | null): string {
+  const trimmed = raw?.trim().toLowerCase() ?? "";
+  if (!trimmed) return "";
+  return trimmed
+    .replace(/^#/, "")
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "");
+}
+
+function isGroupAllowed(params: {
+  groupId: string;
+  groupName?: string | null;
+  groups: Record<string, { allow?: boolean; enabled?: boolean }>;
+}): boolean {
+  const groups = params.groups ?? {};
+  const keys = Object.keys(groups);
+  if (keys.length === 0) return false;
+  const candidates = [
+    params.groupId,
+    `group:${params.groupId}`,
+    params.groupName ?? "",
+    normalizeGroupSlug(params.groupName ?? ""),
+  ].filter(Boolean);
+  for (const candidate of candidates) {
+    const entry = groups[candidate];
+    if (!entry) continue;
+    return entry.allow !== false && entry.enabled !== false;
+  }
+  const wildcard = groups["*"];
+  if (wildcard) return wildcard.allow !== false && wildcard.enabled !== false;
+  return false;
+}
+
 function startZcaListener(
   runtime: RuntimeEnv,
   profile: string,
@@ -95,8 +149,8 @@ function startZcaListener(
 async function processMessage(
   message: ZcaMessage,
   account: ResolvedZalouserAccount,
-  config: CoreConfig,
-  deps: CoreChannelDeps,
+  config: ClawdbotConfig,
+  core: ZalouserCoreRuntime,
   runtime: RuntimeEnv,
   statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void,
 ): Promise<void> {
@@ -106,21 +160,42 @@ async function processMessage(
   const isGroup = metadata?.isGroup ?? false;
   const senderId = metadata?.fromId ?? threadId;
   const senderName = metadata?.senderName ?? "";
+  const groupName = metadata?.threadName ?? "";
   const chatId = threadId;
 
+  const defaultGroupPolicy = config.channels?.defaults?.groupPolicy;
+  const groupPolicy = account.config.groupPolicy ?? defaultGroupPolicy ?? "open";
+  const groups = account.config.groups ?? {};
+  if (isGroup) {
+    if (groupPolicy === "disabled") {
+      logVerbose(core, runtime, `zalouser: drop group ${chatId} (groupPolicy=disabled)`);
+      return;
+    }
+    if (groupPolicy === "allowlist") {
+      const allowed = isGroupAllowed({ groupId: chatId, groupName, groups });
+      if (!allowed) {
+        logVerbose(core, runtime, `zalouser: drop group ${chatId} (not allowlisted)`);
+        return;
+      }
+    }
+  }
+
   const dmPolicy = account.config.dmPolicy ?? "pairing";
   const configAllowFrom = (account.config.allowFrom ?? []).map((v) => String(v));
   const rawBody = content.trim();
-  const shouldComputeAuth = shouldComputeCommandAuthorized(rawBody, config);
+  const shouldComputeAuth = core.channel.commands.shouldComputeCommandAuthorized(
+    rawBody,
+    config,
+  );
   const storeAllowFrom =
     !isGroup && (dmPolicy !== "open" || shouldComputeAuth)
-      ? await deps.readChannelAllowFromStore("zalouser").catch(() => [])
+      ? await core.channel.pairing.readAllowFromStore("zalouser").catch(() => [])
       : [];
   const effectiveAllowFrom = [...configAllowFrom, ...storeAllowFrom];
   const useAccessGroups = config.commands?.useAccessGroups !== false;
   const senderAllowedForCommands = isSenderAllowed(senderId, effectiveAllowFrom);
   const commandAuthorized = shouldComputeAuth
-    ? resolveCommandAuthorizedFromAuthorizers({
+    ? core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
         useAccessGroups,
         authorizers: [{ configured: effectiveAllowFrom.length > 0, allowed: senderAllowedForCommands }],
       })
@@ -128,7 +203,7 @@ async function processMessage(
 
   if (!isGroup) {
     if (dmPolicy === "disabled") {
-      logVerbose(deps, runtime, `Blocked zalouser DM from ${senderId} (dmPolicy=disabled)`);
+      logVerbose(core, runtime, `Blocked zalouser DM from ${senderId} (dmPolicy=disabled)`);
       return;
     }
 
@@ -137,18 +212,18 @@ async function processMessage(
 
       if (!allowed) {
         if (dmPolicy === "pairing") {
-          const { code, created } = await deps.upsertChannelPairingRequest({
+          const { code, created } = await core.channel.pairing.upsertPairingRequest({
             channel: "zalouser",
             id: senderId,
             meta: { name: senderName || undefined },
           });
 
           if (created) {
-            logVerbose(deps, runtime, `zalouser pairing request sender=${senderId}`);
+            logVerbose(core, runtime, `zalouser pairing request sender=${senderId}`);
             try {
               await sendMessageZalouser(
                 chatId,
-                deps.buildPairingReply({
+                core.channel.pairing.buildPairingReply({
                   channel: "zalouser",
                   idLine: `Your Zalo user id: ${senderId}`,
                   code,
@@ -158,7 +233,7 @@ async function processMessage(
               statusSink?.({ lastOutboundAt: Date.now() });
             } catch (err) {
               logVerbose(
-                deps,
+                core,
                 runtime,
                 `zalouser pairing reply failed for ${senderId}: ${String(err)}`,
               );
@@ -166,7 +241,7 @@ async function processMessage(
           }
         } else {
           logVerbose(
-            deps,
+            core,
             runtime,
             `Blocked unauthorized zalouser sender ${senderId} (dmPolicy=${dmPolicy})`,
           );
@@ -176,14 +251,18 @@ async function processMessage(
     }
   }
 
-  if (isGroup && isControlCommandMessage(rawBody, config) && commandAuthorized !== true) {
-    logVerbose(deps, runtime, `zalouser: drop control command from unauthorized sender ${senderId}`);
+  if (
+    isGroup &&
+    core.channel.commands.isControlCommandMessage(rawBody, config) &&
+    commandAuthorized !== true
+  ) {
+    logVerbose(core, runtime, `zalouser: drop control command from unauthorized sender ${senderId}`);
     return;
   }
 
   const peer = isGroup ? { kind: "group" as const, id: chatId } : { kind: "group" as const, id: senderId };
 
-  const route = deps.resolveAgentRoute({
+  const route = core.channel.routing.resolveAgentRoute({
     cfg: config,
     channel: "zalouser",
     accountId: account.accountId,
@@ -194,16 +273,25 @@ async function processMessage(
     },
   });
 
-	  const rawBody = content.trim();
-	  const fromLabel = isGroup ? `group:${chatId}` : senderName || `user:${senderId}`;
-	  const body = deps.formatAgentEnvelope({
-	    channel: "Zalo Personal",
-	    from: fromLabel,
+  const fromLabel = isGroup ? `group:${chatId}` : senderName || `user:${senderId}`;
+  const storePath = core.channel.session.resolveStorePath(config.session?.store, {
+    agentId: route.agentId,
+  });
+  const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(config);
+  const previousTimestamp = core.channel.session.readSessionUpdatedAt({
+    storePath,
+    sessionKey: route.sessionKey,
+  });
+  const body = core.channel.reply.formatAgentEnvelope({
+    channel: "Zalo Personal",
+    from: fromLabel,
     timestamp: timestamp ? timestamp * 1000 : undefined,
+    previousTimestamp,
+    envelope: envelopeOptions,
     body: rawBody,
   });
 
-  const ctxPayload = finalizeInboundContext({
+  const ctxPayload = core.channel.reply.finalizeInboundContext({
     Body: body,
     RawBody: rawBody,
     CommandBody: rawBody,
@@ -223,7 +311,15 @@ async function processMessage(
     OriginatingTo: `zalouser:${chatId}`,
   });
 
-  await deps.dispatchReplyWithBufferedBlockDispatcher({
+  void core.channel.session.recordSessionMetaFromInbound({
+    storePath,
+    sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+    ctx: ctxPayload,
+  }).catch((err) => {
+    runtime.error?.(`zalouser: failed updating session meta: ${String(err)}`);
+  });
+
+  await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
     ctx: ctxPayload,
     cfg: config,
     dispatcherOptions: {
@@ -234,7 +330,7 @@ async function processMessage(
           chatId,
           isGroup,
           runtime,
-          deps,
+          core,
           statusSink,
         });
       },
@@ -253,10 +349,10 @@ async function deliverZalouserReply(params: {
   chatId: string;
   isGroup: boolean;
   runtime: RuntimeEnv;
-  deps: CoreChannelDeps;
+  core: ZalouserCoreRuntime;
   statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
 }): Promise<void> {
-  const { payload, profile, chatId, isGroup, runtime, deps, statusSink } = params;
+  const { payload, profile, chatId, isGroup, runtime, core, statusSink } = params;
 
   const mediaList = payload.mediaUrls?.length
     ? payload.mediaUrls
@@ -270,7 +366,7 @@ async function deliverZalouserReply(params: {
       const caption = first ? payload.text : undefined;
       first = false;
       try {
-        logVerbose(deps, runtime, `Sending media to ${chatId}`);
+        logVerbose(core, runtime, `Sending media to ${chatId}`);
         await sendMessageZalouser(chatId, caption ?? "", {
           profile,
           mediaUrl,
@@ -285,8 +381,8 @@ async function deliverZalouserReply(params: {
   }
 
   if (payload.text) {
-    const chunks = deps.chunkMarkdownText(payload.text, ZALOUSER_TEXT_LIMIT);
-    logVerbose(deps, runtime, `Sending ${chunks.length} text chunk(s) to ${chatId}`);
+    const chunks = core.channel.text.chunkMarkdownText(payload.text, ZALOUSER_TEXT_LIMIT);
+    logVerbose(core, runtime, `Sending ${chunks.length} text chunk(s) to ${chatId}`);
     for (const chunk of chunks) {
       try {
         await sendMessageZalouser(chatId, chunk, { profile, isGroup });
@@ -301,14 +397,101 @@ async function deliverZalouserReply(params: {
 export async function monitorZalouserProvider(
   options: ZalouserMonitorOptions,
 ): Promise<ZalouserMonitorResult> {
-  const { account, config, abortSignal, statusSink, runtime } = options;
+  let { account, config } = options;
+  const { abortSignal, statusSink, runtime } = options;
 
-  const deps = await loadCoreChannelDeps();
+  const core = getZalouserRuntime();
   let stopped = false;
   let proc: ChildProcess | null = null;
   let restartTimer: ReturnType<typeof setTimeout> | null = null;
   let resolveRunning: (() => void) | null = null;
 
+  try {
+    const profile = account.profile;
+    const allowFromEntries = (account.config.allowFrom ?? [])
+      .map((entry) => normalizeZalouserEntry(String(entry)))
+      .filter((entry) => entry && entry !== "*");
+
+    if (allowFromEntries.length > 0) {
+      const result = await runZca(["friend", "list", "-j"], { profile, timeout: 15000 });
+      if (result.ok) {
+        const friends = parseJsonOutput<ZcaFriend[]>(result.stdout) ?? [];
+        const byName = buildNameIndex(friends, (friend) => friend.displayName);
+        const additions: string[] = [];
+        const mapping: string[] = [];
+        const unresolved: string[] = [];
+        for (const entry of allowFromEntries) {
+          if (/^\d+$/.test(entry)) {
+            additions.push(entry);
+            continue;
+          }
+          const matches = byName.get(entry.toLowerCase()) ?? [];
+          const match = matches[0];
+          const id = match?.userId ? String(match.userId) : undefined;
+          if (id) {
+            additions.push(id);
+            mapping.push(`${entry}→${id}`);
+          } else {
+            unresolved.push(entry);
+          }
+        }
+        const allowFrom = mergeAllowlist({ existing: account.config.allowFrom, additions });
+        account = {
+          ...account,
+          config: {
+            ...account.config,
+            allowFrom,
+          },
+        };
+        summarizeMapping("zalouser users", mapping, unresolved, runtime);
+      } else {
+        runtime.log?.(`zalouser user resolve failed; using config entries. ${result.stderr}`);
+      }
+    }
+
+    const groupsConfig = account.config.groups ?? {};
+    const groupKeys = Object.keys(groupsConfig).filter((key) => key !== "*");
+    if (groupKeys.length > 0) {
+      const result = await runZca(["group", "list", "-j"], { profile, timeout: 15000 });
+      if (result.ok) {
+        const groups = parseJsonOutput<ZcaGroup[]>(result.stdout) ?? [];
+        const byName = buildNameIndex(groups, (group) => group.name);
+        const mapping: string[] = [];
+        const unresolved: string[] = [];
+        const nextGroups = { ...groupsConfig };
+        for (const entry of groupKeys) {
+          const cleaned = normalizeZalouserEntry(entry);
+          if (/^\d+$/.test(cleaned)) {
+            if (!nextGroups[cleaned]) nextGroups[cleaned] = groupsConfig[entry];
+            mapping.push(`${entry}→${cleaned}`);
+            continue;
+          }
+          const matches = byName.get(cleaned.toLowerCase()) ?? [];
+          const match = matches[0];
+          const id = match?.groupId ? String(match.groupId) : undefined;
+          if (id) {
+            if (!nextGroups[id]) nextGroups[id] = groupsConfig[entry];
+            mapping.push(`${entry}→${id}`);
+          } else {
+            unresolved.push(entry);
+          }
+        }
+        account = {
+          ...account,
+          config: {
+            ...account.config,
+            groups: nextGroups,
+          },
+        };
+        summarizeMapping("zalouser groups", mapping, unresolved, runtime);
+      } else {
+        runtime.log?.(`zalouser group resolve failed; using config entries. ${result.stderr}`);
+      }
+    }
+  } catch (err) {
+    runtime.log?.(`zalouser resolve failed; using config entries. ${String(err)}`);
+  }
+
   const stop = () => {
     stopped = true;
     if (restartTimer) {
@@ -329,7 +512,7 @@ export async function monitorZalouserProvider(
     }
 
     logVerbose(
-      deps,
+      core,
       runtime,
       `[${account.accountId}] starting zca listener (profile=${account.profile})`,
     );
@@ -338,16 +521,16 @@ export async function monitorZalouserProvider(
       runtime,
       account.profile,
       (msg) => {
-        logVerbose(deps, runtime, `[${account.accountId}] inbound message`);
+        logVerbose(core, runtime, `[${account.accountId}] inbound message`);
         statusSink?.({ lastInboundAt: Date.now() });
-        processMessage(msg, account, config, deps, runtime, statusSink).catch((err) => {
+        processMessage(msg, account, config, core, runtime, statusSink).catch((err) => {
           runtime.error(`[${account.accountId}] Failed to process message: ${String(err)}`);
         });
       },
       (err) => {
         runtime.error(`[${account.accountId}] zca listener error: ${String(err)}`);
         if (!stopped && !abortSignal.aborted) {
-          logVerbose(deps, runtime, `[${account.accountId}] restarting listener in 5s...`);
+          logVerbose(core, runtime, `[${account.accountId}] restarting listener in 5s...`);
           restartTimer = setTimeout(startListener, 5000);
         } else {
           resolveRunning?.();