@coolclaw/coolclaw 0.2.9 → 0.2.10

package/dist/setup-entry.js

@@ -1,3 +1,485 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/binding.ts
+import { mkdir, readFile, rename, writeFile, chmod } from "fs/promises";
+import { homedir as homedir2 } from "os";
+import path from "path";
+import { fileURLToPath } from "url";
+function defaultBindingFile(home = homedir2()) {
+  return path.join(home, ".config", "coolclaw", "agent_binding.json");
+}
+function defaultOpenClawConfigFile(home = homedir2()) {
+  return path.join(home, ".openclaw", "openclaw.json");
+}
+function defaultTokenFile(bindingFile, agentId) {
+  return path.join(path.dirname(bindingFile), `agent_token_${agentId}.txt`);
+}
+async function loadBinding(bindingFile) {
+  try {
+    const raw = JSON.parse(await readFile(bindingFile, "utf8"));
+    return {
+      agentId: String(raw.agentId ?? ""),
+      tokenRef: typeof raw.tokenRef === "string" ? raw.tokenRef : null,
+      runtimeType: String(raw.runtimeType ?? "unknown"),
+      lastAckedSeq: Number(raw.lastAckedSeq ?? 0),
+      bindingVersion: Number(raw.bindingVersion ?? RIDDLE_BINDING_VERSION),
+      updatedAt: typeof raw.updatedAt === "string" ? raw.updatedAt : void 0
+    };
+  } catch {
+    return {
+      agentId: "",
+      tokenRef: null,
+      runtimeType: "unknown",
+      lastAckedSeq: 0,
+      bindingVersion: RIDDLE_BINDING_VERSION
+    };
+  }
+}
+function touchBinding(binding) {
+  return {
+    ...binding,
+    bindingVersion: RIDDLE_BINDING_VERSION,
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString().replace(/\.\d{3}Z$/, "Z")
+  };
+}
+async function saveBinding(bindingFile, binding) {
+  await mkdir(path.dirname(bindingFile), { recursive: true });
+  const tmpFile = `${bindingFile}.${process.pid}.tmp`;
+  await writeFile(tmpFile, `${JSON.stringify(touchBinding(binding), null, 2)}
+`, { mode: 384 });
+  await chmod(tmpFile, 384);
+  await rename(tmpFile, bindingFile);
+}
+async function saveAgentToken(tokenFile, token) {
+  await mkdir(path.dirname(tokenFile), { recursive: true });
+  await writeFile(tokenFile, token, { mode: 384 });
+  await chmod(tokenFile, 384);
+}
+async function readTokenRef(tokenRef) {
+  if (!tokenRef) return void 0;
+  if (tokenRef.startsWith("env:")) {
+    return process.env[tokenRef.slice("env:".length)] || void 0;
+  }
+  if (tokenRef.startsWith("file://")) {
+    const tokenPath = fileURLToPath(tokenRef);
+    return (await readFile(tokenPath, "utf8")).trim() || void 0;
+  }
+  return void 0;
+}
+var RIDDLE_BINDING_VERSION;
+var init_binding = __esm({
+  "src/binding.ts"() {
+    "use strict";
+    RIDDLE_BINDING_VERSION = 1;
+  }
+});
+
+// src/config.ts
+import { z } from "zod";
+function normalizeGatewayUrl(value) {
+  return value.trim().replace(/\/+$/, "");
+}
+function buildWsUrl(gatewayUrl, lastAckedSeq) {
+  const baseUrl = normalizeGatewayUrl(gatewayUrl).replace(/^https:\/\//, "wss://").replace(/^http:\/\//, "ws://");
+  return `${baseUrl}/ws/channel?lastAckedSeq=${lastAckedSeq}`;
+}
+async function resolveAccountToken(account) {
+  if (account.tokenSecret) return account.tokenSecret;
+  return readTokenRef(account.tokenSecretRef);
+}
+var CoolclawConfigSchema;
+var init_config = __esm({
+  "src/config.ts"() {
+    "use strict";
+    init_binding();
+    CoolclawConfigSchema = z.object({
+      gatewayUrl: z.string().url().optional().describe("Riddle gateway URL"),
+      agentId: z.string().optional().describe("Riddle agent ID"),
+      tokenSecretRef: z.string().optional().describe("Token secret reference (file:// or env:)"),
+      allowFrom: z.array(z.string()).optional().describe("Allowed sender IDs"),
+      dmPolicy: z.enum(["allowlist", "pairing", "open"]).optional().describe("DM access policy"),
+      enabled: z.boolean().optional().describe("Whether the account is enabled"),
+      name: z.string().optional().describe("Account display name")
+    });
+  }
+});
+
+// src/identity.ts
+import { mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
+import path2 from "path";
+async function updateRiddleIdentitySummary(summary) {
+  await mkdir2(summary.workspaceDir, { recursive: true });
+  const identityFile = path2.join(summary.workspaceDir, "IDENTITY.md");
+  const existing = await readExisting(identityFile);
+  const block = [
+    BEGIN_MARKER,
+    "## Riddle Platform",
+    "",
+    `Riddle Agent ID: ${summary.agentId}`,
+    `Riddle Gateway: ${normalizeGatewayUrl(summary.gatewayUrl)}`,
+    `Riddle Binding: ${summary.bindingFile}`,
+    "Messaging: handled by the CoolClaw OpenClaw channel.",
+    "Non-message platform actions: handled by the Riddle skill.",
+    END_MARKER
+  ].join("\n");
+  const next = replaceBlock(existing, block);
+  await writeFile2(identityFile, next.endsWith("\n") ? next : `${next}
+`);
+}
+async function readExisting(identityFile) {
+  try {
+    return await readFile2(identityFile, "utf8");
+  } catch {
+    return "";
+  }
+}
+function replaceBlock(existing, block) {
+  const start = existing.indexOf(BEGIN_MARKER);
+  const end = existing.indexOf(END_MARKER);
+  if (start >= 0 && end >= start) {
+    return `${existing.slice(0, start).trimEnd()}
+
+${block}
+${existing.slice(end + END_MARKER.length).trimStart()}`;
+  }
+  return existing.trim() ? `${existing.trimEnd()}
+
+${block}
+` : `${block}
+`;
+}
+var BEGIN_MARKER, END_MARKER;
+var init_identity = __esm({
+  "src/identity.ts"() {
+    "use strict";
+    init_config();
+    BEGIN_MARKER = "<!-- BEGIN_RIDDLE_IDENTITY -->";
+    END_MARKER = "<!-- END_RIDDLE_IDENTITY -->";
+  }
+});
+
+// src/openclaw-config.ts
+import { mkdir as mkdir3, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "fs/promises";
+import path3 from "path";
+async function patchCoolclawAccountConfig(patch) {
+  const config = await readOpenClawConfig(patch.configPath);
+  const channels = ensureRecord(config, "channels");
+  const coolclaw = ensureRecord(channels, "coolclaw");
+  const accounts = ensureRecord(coolclaw, "accounts");
+  const account = {
+    name: `Riddle Agent ${patch.agentId}`,
+    enabled: true,
+    gatewayUrl: normalizeGatewayUrl(patch.gatewayUrl),
+    agentId: patch.agentId,
+    tokenSecretRef: patch.tokenSecretRef,
+    dmPolicy: patch.dmPolicy ?? "open"
+  };
+  const effectiveDmPolicy = account.dmPolicy;
+  if (patch.allowFrom && patch.allowFrom.length > 0) {
+    account.allowFrom = patch.allowFrom;
+  } else if (effectiveDmPolicy === "open") {
+    account.allowFrom = ["*"];
+  }
+  accounts.default = account;
+  await writeOpenClawConfig(patch.configPath, config);
+}
+async function readOpenClawConfig(configPath) {
+  try {
+    const parsed = JSON.parse(await readFile3(configPath, "utf8"));
+    return isRecord4(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+async function writeOpenClawConfig(configPath, config) {
+  await mkdir3(path3.dirname(configPath), { recursive: true });
+  const tmpFile = `${configPath}.${process.pid}.tmp`;
+  await writeFile3(tmpFile, `${JSON.stringify(config, null, 2)}
+`);
+  await rename2(tmpFile, configPath);
+}
+function ensureRecord(parent, key) {
+  const existing = parent[key];
+  if (isRecord4(existing)) return existing;
+  const created = {};
+  parent[key] = created;
+  return created;
+}
+function isRecord4(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+var init_openclaw_config = __esm({
+  "src/openclaw-config.ts"() {
+    "use strict";
+    init_config();
+  }
+});
+
+// src/setup.ts
+var setup_exports = {};
+__export(setup_exports, {
+  registerAgent: () => registerAgent,
+  resolveSetupBinding: () => resolveSetupBinding,
+  runCoolclawSetup: () => runCoolclawSetup,
+  validateAgentToken: () => validateAgentToken
+});
+import { access } from "fs/promises";
+import { readFile as readFile4 } from "fs/promises";
+import path4 from "path";
+import { homedir as homedir3 } from "os";
+async function registerAgent(baseUrl, input) {
+  const res = await fetch(`${normalizeGatewayUrl(baseUrl)}/api/agent/register`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(input)
+  });
+  const body = await res.json();
+  if (!res.ok || body.code !== 200) {
+    throw new Error(body.message ?? `Agent register failed: ${res.status}`);
+  }
+  if (!body.data?.agentId || !body.data.token) {
+    throw new Error("Agent register response missing agentId or token");
+  }
+  return {
+    agentId: String(body.data.agentId),
+    token: String(body.data.token)
+  };
+}
+async function resolveSetupBinding(input) {
+  const gatewayUrl = normalizeGatewayUrl(input.gatewayUrl);
+  const existingAgentId = input.existingAgentId?.trim();
+  const existingTokenSecretRef = input.existingTokenSecretRef?.trim();
+  if (existingAgentId && existingTokenSecretRef) {
+    return {
+      mode: "reuse",
+      gatewayUrl,
+      agentId: existingAgentId,
+      tokenSecretRef: existingTokenSecretRef
+    };
+  }
+  if (!input.registration) {
+    throw new Error("CoolClaw setup requires an existing binding or registration input");
+  }
+  const registered = await registerAgent(gatewayUrl, input.registration);
+  return {
+    mode: "register",
+    gatewayUrl,
+    agentId: registered.agentId,
+    token: registered.token
+  };
+}
+async function validateAgentToken(baseUrl, token) {
+  const res = await fetch(`${normalizeGatewayUrl(baseUrl)}/api/users/me`, {
+    headers: { Authorization: `Bearer ${token}` }
+  });
+  if (!res.ok) return false;
+  const body = await res.json();
+  return body.code === 200 && body.data?.identityType === "AGENT";
+}
+async function runCoolclawSetup(options = {}) {
+  const gatewayUrl = normalizeGatewayUrl(options.gatewayUrl ?? "https://agits-xa.baidu.com/riddle");
+  const bindingFile = options.bindingFile ?? defaultBindingFile();
+  const openclawConfigPath = options.openclawConfigPath ?? defaultOpenClawConfigFile();
+  const existingBinding = await loadBinding(bindingFile);
+  const existingToken = await readTokenRef(existingBinding.tokenRef);
+  if (options.dryRun) {
+    return {
+      mode: "dry-run",
+      gatewayUrl,
+      agentId: existingBinding.agentId,
+      bindingFile,
+      openclawConfigPath,
+      tokenSavedTo: tokenFileFromBinding(existingBinding, bindingFile)
+    };
+  }
+  const canReuse = !options.forceRegister && existingBinding.agentId.length > 0 && Boolean(existingToken) && await validateAgentToken(gatewayUrl, existingToken);
+  const binding = canReuse ? existingBinding : await registerAndPersistBinding({
+    gatewayUrl,
+    bindingFile,
+    registration: await resolveRegistrationInput(
+      options.registration,
+      options.workspaceDir,
+      openclawConfigPath
+    )
+  });
+  const tokenFile = tokenFileFromBinding(binding, bindingFile);
+  if (!options.dryRun) {
+    await patchCoolclawAccountConfig({
+      configPath: openclawConfigPath,
+      gatewayUrl,
+      agentId: binding.agentId,
+      tokenSecretRef: binding.tokenRef ?? `file://${tokenFile}`,
+      allowFrom: options.allowFrom,
+      dmPolicy: options.dmPolicy
+    });
+    if (options.workspaceDir) {
+      await updateRiddleIdentitySummary({
+        workspaceDir: options.workspaceDir,
+        agentId: binding.agentId,
+        gatewayUrl,
+        bindingFile,
+        tokenRef: binding.tokenRef ?? void 0
+      });
+    }
+    if (options.autoRestart !== false) {
+      try {
+        const { execSync } = await import("child_process");
+        console.log("[coolclaw] Restarting gateway...");
+        execSync("openclaw gateway restart", { stdio: "inherit" });
+        console.log("[coolclaw] Gateway restarted.");
+      } catch (err) {
+        console.warn(
+          `[coolclaw] Could not auto-restart gateway. Please run: openclaw gateway restart`
+        );
+      }
+    }
+  }
+  return {
+    mode: options.dryRun ? "dry-run" : canReuse ? "reuse" : "register",
+    gatewayUrl,
+    agentId: binding.agentId,
+    bindingFile,
+    openclawConfigPath,
+    tokenSavedTo: tokenFile
+  };
+}
+async function registerAndPersistBinding(input) {
+  const registered = await registerAgent(input.gatewayUrl, input.registration);
+  const valid = await validateAgentToken(input.gatewayUrl, registered.token);
+  if (!valid) {
+    throw new Error("Newly registered Riddle token did not validate as an AGENT token");
+  }
+  const tokenFile = defaultTokenFile(input.bindingFile, registered.agentId);
+  await saveAgentToken(tokenFile, registered.token);
+  const binding = touchBinding({
+    agentId: registered.agentId,
+    tokenRef: `file://${tokenFile}`,
+    runtimeType: "openclaw",
+    lastAckedSeq: 0
+  });
+  await saveBinding(input.bindingFile, binding);
+  return binding;
+}
+function tokenFileFromBinding(binding, bindingFile) {
+  if (binding.tokenRef?.startsWith("file://")) {
+    return binding.tokenRef.slice("file://".length);
+  }
+  return defaultTokenFile(bindingFile, binding.agentId);
+}
+function parseIdentityMarkdown(content) {
+  const result = {};
+  for (const line of content.split(/\r?\n/)) {
+    const cleaned = line.trim().replace(/^\s*-\s*/, "");
+    const colonIdx = cleaned.indexOf(":");
+    if (colonIdx === -1) continue;
+    const label = cleaned.slice(0, colonIdx).replace(/[*_]/g, "").trim().toLowerCase();
+    const value = cleaned.slice(colonIdx + 1).replace(/^[*_]+|[*_]+$/g, "").trim();
+    if (!value || IDENTITY_PLACEHOLDERS.has(value.toLowerCase().replace(/[()]/g, "").trim())) continue;
+    if (label === "name") result.name = value;
+    if (label === "creature") result.creature = value;
+    if (label === "vibe") result.vibe = value;
+    if (label === "theme") result.theme = value;
+  }
+  return result;
+}
+async function readWorkspaceDirFromOpenclawConfig(configPath) {
+  try {
+    const content = await readFile4(configPath, "utf-8");
+    const config = JSON.parse(content);
+    const workspace = config.agents?.defaults?.workspace;
+    if (typeof workspace === "string" && workspace.trim()) {
+      return workspace.trim();
+    }
+  } catch {
+  }
+  const defaultWorkspace = path4.join(homedir3(), ".openclaw", "workspace");
+  try {
+    await access(defaultWorkspace);
+    return defaultWorkspace;
+  } catch {
+    return void 0;
+  }
+}
+async function readIdentityFromWorkspace(workspaceDir) {
+  try {
+    const content = await readFile4(path4.join(workspaceDir, "IDENTITY.md"), "utf-8");
+    return parseIdentityMarkdown(content);
+  } catch {
+    return {};
+  }
+}
+async function readIdentityFromOpenclawConfig(configPath) {
+  try {
+    const content = await readFile4(configPath, "utf-8");
+    const config = JSON.parse(content);
+    const defaultsName = config.agents?.defaults?.identity?.name || config.agents?.defaults?.name;
+    if (defaultsName) return { name: defaultsName };
+    const mainAgent = config.agents?.list?.find((a) => a.id === "main") || config.agents?.list?.[0];
+    if (mainAgent?.identity?.name || mainAgent?.name) {
+      return { name: mainAgent.identity?.name || mainAgent.name };
+    }
+    return {};
+  } catch {
+    return {};
+  }
+}
+async function resolveRegistrationInput(explicitRegistration, workspaceDir, openclawConfigPath) {
+  if (explicitRegistration?.name && explicitRegistration?.bio && explicitRegistration.name !== "CoolClaw Agent" && explicitRegistration.bio !== "OpenClaw agent connected through CoolClaw channel.") {
+    return explicitRegistration;
+  }
+  let identityName;
+  let identityBio;
+  const resolvedWorkspaceDir = workspaceDir ?? await readWorkspaceDirFromOpenclawConfig(openclawConfigPath);
+  if (resolvedWorkspaceDir) {
+    const identity = await readIdentityFromWorkspace(resolvedWorkspaceDir);
+    if (identity.name) {
+      identityName = identity.name;
+    }
+    const bioParts = [identity.creature, identity.vibe, identity.theme].filter(Boolean);
+    if (bioParts.length > 0) {
+      identityBio = bioParts.join(". ") + ".";
+    }
+  }
+  if (!identityName) {
+    const configIdentity = await readIdentityFromOpenclawConfig(openclawConfigPath);
+    identityName = configIdentity.name;
+  }
+  const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[-:T]/g, "").slice(4, 12);
+  return {
+    name: explicitRegistration?.name && explicitRegistration.name !== "CoolClaw Agent" ? explicitRegistration.name : identityName ?? `RiddleAgent-${stamp}`,
+    bio: explicitRegistration?.bio && explicitRegistration.bio !== "OpenClaw agent connected through CoolClaw channel." ? explicitRegistration.bio : identityBio ?? "OpenClaw agent connected through CoolClaw channel.",
+    tags: explicitRegistration?.tags ?? JSON.stringify(["assistant", "openclaw", "coolclaw"])
+  };
+}
+var IDENTITY_PLACEHOLDERS;
+var init_setup = __esm({
+  "src/setup.ts"() {
+    "use strict";
+    init_config();
+    init_binding();
+    init_identity();
+    init_openclaw_config();
+    IDENTITY_PLACEHOLDERS = /* @__PURE__ */ new Set([
+      "pick something you like",
+      "ai? robot? familiar? ghost in the machine? something weirder?",
+      "how do you come across? sharp? warm? chaotic? calm?",
+      "your signature - pick one that feels right",
+      "workspace-relative path, http(s) url, or data uri"
+    ]);
+  }
+});
+
+// setup-entry.ts
+import { defineSetupPluginEntry } from "openclaw/plugin-sdk/channel-core";
+
 // src/ack-store.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
 import { join } from "path";
@@ -68,151 +550,8 @@ var FileAckStore = class {
   }
 };
 
-// src/binding.ts
-import { mkdir, readFile, rename, writeFile, chmod } from "fs/promises";
-import { homedir as homedir2 } from "os";
-import path from "path";
-import { fileURLToPath } from "url";
-async function readTokenRef(tokenRef) {
-  if (!tokenRef) return void 0;
-  if (tokenRef.startsWith("env:")) {
-    return process.env[tokenRef.slice("env:".length)] || void 0;
-  }
-  if (tokenRef.startsWith("file://")) {
-    const tokenPath = fileURLToPath(tokenRef);
-    return (await readFile(tokenPath, "utf8")).trim() || void 0;
-  }
-  return void 0;
-}
-
-// src/config.ts
-function normalizeGatewayUrl(value) {
-  return value.trim().replace(/\/+$/, "");
-}
-function buildWsUrl(gatewayUrl, lastAckedSeq) {
-  const baseUrl = normalizeGatewayUrl(gatewayUrl).replace(/^https:\/\//, "wss://").replace(/^http:\/\//, "ws://");
-  return `${baseUrl}/ws/channel?lastAckedSeq=${lastAckedSeq}`;
-}
-function resolveAccountConfig(source, env = process.env) {
-  const account = readDefaultAccount(source);
-  if (account) {
-    return finalizeAccount(account, "config");
-  }
-  const envAccount = readEnvAccount(env);
-  if (envAccount) {
-    return finalizeAccount(envAccount, "env");
-  }
-  return {
-    configured: false,
-    source: "none",
-    reasons: ["Missing CoolClaw account config"]
-  };
-}
-function inspectAccount(account) {
-  const config = account.config;
-  return JSON.stringify({
-    configured: account.configured,
-    source: account.source,
-    gatewayUrl: config?.gatewayUrl,
-    agentId: config?.agentId,
-    tokenConfigured: Boolean(config?.tokenSecretRef),
-    tokenSecretRef: maskSecretRef(config?.tokenSecretRef),
-    allowFromCount: config?.allowFrom?.length ?? 0,
-    dmPolicy: config?.dmPolicy,
-    reasons: account.reasons
-  });
-}
-async function resolveAccountToken(account) {
-  if (account.tokenSecret) return account.tokenSecret;
-  return readTokenRef(account.tokenSecretRef);
-}
-function readDefaultAccount(source) {
-  if (!isRecord(source)) return void 0;
-  const channels = source.channels;
-  if (!isRecord(channels)) return void 0;
-  const coolclaw = channels.coolclaw;
-  if (!isRecord(coolclaw)) return void 0;
-  const accounts = coolclaw.accounts;
-  if (!isRecord(accounts)) return void 0;
-  const defaultAccount = accounts.default;
-  return isRecord(defaultAccount) ? coerceRawAccount(defaultAccount) : void 0;
-}
-function readEnvAccount(env) {
-  if (!env.COOLCLAW_GATEWAY_URL && !env.COOLCLAW_AGENT_ID && !env.COOLCLAW_AGENT_TOKEN && !env.COOLCLAW_AGENT_TOKEN_SECRET_REF) {
-    return void 0;
-  }
-  return {
-    gatewayUrl: env.COOLCLAW_GATEWAY_URL,
-    agentId: env.COOLCLAW_AGENT_ID,
-    tokenSecretRef: env.COOLCLAW_AGENT_TOKEN_SECRET_REF ?? (env.COOLCLAW_AGENT_TOKEN ? "env:COOLCLAW_AGENT_TOKEN" : void 0),
-    allowFrom: splitCsv(env.COOLCLAW_ALLOW_FROM),
-    dmPolicy: coerceDmPolicy(env.COOLCLAW_DM_POLICY)
-  };
-}
-function finalizeAccount(account, source) {
-  const gatewayUrl = typeof account.gatewayUrl === "string" ? normalizeGatewayUrl(account.gatewayUrl) : "";
-  const agentId = typeof account.agentId === "string" ? account.agentId.trim() : "";
-  const tokenSecretRef = typeof account.tokenSecretRef === "string" ? account.tokenSecretRef.trim() : account.tokenSecret?.trim();
-  const allowFrom = normalizeStringArray(account.allowFrom);
-  const dmPolicy = coerceDmPolicy(account.dmPolicy) ?? "open";
-  const reasons = [];
-  if (!gatewayUrl) reasons.push("Missing gateway URL");
-  if (!agentId) reasons.push("Missing Agent ID");
-  if (!tokenSecretRef) reasons.push("Missing token secret reference");
-  const config = {
-    gatewayUrl,
-    agentId,
-    tokenSecretRef,
-    allowFrom,
-    dmPolicy
-  };
-  if (reasons.length > 0) {
-    return {
-      configured: false,
-      source,
-      config,
-      reasons
-    };
-  }
-  return {
-    configured: true,
-    source,
-    config,
-    reasons: []
-  };
-}
-function coerceRawAccount(value) {
-  return {
-    gatewayUrl: typeof value.gatewayUrl === "string" ? value.gatewayUrl : void 0,
-    agentId: typeof value.agentId === "string" ? value.agentId : void 0,
-    tokenSecretRef: typeof value.tokenSecretRef === "string" ? value.tokenSecretRef : void 0,
-    tokenSecret: typeof value.tokenSecret === "string" ? value.tokenSecret : void 0,
-    allowFrom: normalizeStringArray(value.allowFrom),
-    dmPolicy: coerceDmPolicy(value.dmPolicy)
-  };
-}
-function normalizeStringArray(value) {
-  if (!Array.isArray(value)) return void 0;
-  const items = value.filter((item) => typeof item === "string").map((item) => item.trim()).filter(Boolean);
-  return items.length > 0 ? items : void 0;
-}
-function splitCsv(value) {
-  if (!value) return void 0;
-  const items = value.split(",").map((item) => item.trim()).filter(Boolean);
-  return items.length > 0 ? items : void 0;
-}
-function coerceDmPolicy(value) {
-  return value === "pairing" || value === "allowlist" || value === "open" ? value : void 0;
-}
-function maskSecretRef(value) {
-  if (!value) return void 0;
-  if (value.startsWith("env:")) return value;
-  const tail = value.slice(-4);
-  return tail ? `***${tail}` : "***";
-}
-function isRecord(value) {
-  return typeof value === "object" && value !== null;
-}
+// src/channel.ts
+init_config();
 
 // src/frame-codec.ts
 import { randomUUID } from "crypto";
@@ -241,7 +580,7 @@ function decodeFrame(raw) {
   } catch (error) {
     throw new CoolclawFrameDecodeError(`Invalid CoolClaw frame JSON: ${error.message}`);
   }
-  if (!isRecord2(value)) {
+  if (!isRecord(value)) {
     throw new CoolclawFrameDecodeError("Invalid CoolClaw frame: expected object");
   }
   if (!("v" in value)) {
@@ -276,67 +615,10 @@ function decodeFrame(raw) {
   }
   return frame;
 }
-function isRecord2(value) {
+function isRecord(value) {
   return typeof value === "object" && value !== null;
 }
 
-// src/security.ts
-function applyInboundSecurityPolicy(envelope, config) {
-  if (!isPrivateConversation(envelope)) {
-    return {
-      accepted: true,
-      envelope: {
-        ...envelope,
-        shouldReply: envelope.group ? envelope.shouldReply === true : false
-      }
-    };
-  }
-  const senderKey = envelope.sender ? toIdentityKey(envelope.sender.userType, envelope.sender.userId) : void 0;
-  const allowFrom = new Set((config.allowFrom ?? []).map(normalizeIdentityKey));
-  if (senderKey && allowFrom.has(senderKey)) {
-    return { accepted: true, envelope };
-  }
-  if ((config.dmPolicy ?? "allowlist") === "open") {
-    return { accepted: true, envelope };
-  }
-  if ((config.dmPolicy ?? "allowlist") === "pairing" && envelope.sender) {
-    return {
-      accepted: true,
-      envelope: {
-        ...envelope,
-        conversationId: `pairing:${senderKey}`,
-        shouldReply: false,
-        metadata: {
-          ...envelope.metadata,
-          pairingRequired: true,
-          originalConversationId: envelope.conversationId
-        }
-      }
-    };
-  }
-  return {
-    accepted: false,
-    reason: "DM sender is not allowlisted",
-    envelope: {
-      ...envelope,
-      shouldReply: false,
-      metadata: {
-        ...envelope.metadata,
-        blockedByPolicy: true
-      }
-    }
-  };
-}
-function isPrivateConversation(envelope) {
-  return envelope.conversationId.startsWith("private:");
-}
-function toIdentityKey(userType, userId) {
-  return `${userType.toLowerCase()}:${userId}`;
-}
-function normalizeIdentityKey(value) {
-  return value.trim().toLowerCase();
-}
-
 // src/inbound.ts
 function mapInboundFrame(frame) {
   if (frame.type === "PRIVATE_MESSAGE") {
@@ -348,7 +630,8 @@ function mapInboundFrame(frame) {
       text: payload.content,
       messageType: payload.messageType,
       seq: payload.seq,
-      shouldReply: payload.mentioned,
+      shouldReply: true,
+      // 私聊本身就是与 Bot 对话的意图
       sender: payload.sender,
       recipient: payload.recipient,
       metadata: {
@@ -368,6 +651,7 @@ function mapInboundFrame(frame) {
       messageType: payload.messageType,
       seq: payload.seq,
       shouldReply: payload.mentioned,
+      // 群聊仅在 @ 时回复
       sender: payload.sender,
       group: {
         groupId: payload.groupId,
@@ -387,31 +671,45 @@ function mapInboundFrame(frame) {
   throw new Error(`Unsupported inbound CoolClaw frame type: ${frame.type}`);
 }
 async function handleInboundFrame(input) {
-  const mappedEnvelope = mapInboundFrame(input.frame);
-  const decision = input.accountConfig ? applyInboundSecurityPolicy(mappedEnvelope, input.accountConfig) : { accepted: true, envelope: mappedEnvelope };
-  const envelope = decision.envelope;
+  const envelope = mapInboundFrame(input.frame);
+  if (!envelope) return;
   await ackProcessedSeq(input, envelope);
-  if (!decision.accepted) {
-    return;
-  }
   await input.dispatch(envelope);
 }
 function mapNotificationFrame(frame) {
-  const payload = isRecord3(frame.payload) ? frame.payload : {};
+  const payload = isRecord2(frame.payload) ? frame.payload : {};
   const seq = typeof payload.seq === "number" ? payload.seq : void 0;
-  return {
-    id: frame.id,
-    channel: "coolclaw",
-    conversationId: frame.type === "SYSTEM_NOTIFICATION" ? "notification:system" : `notification:${frame.type.toLowerCase()}`,
-    text: JSON.stringify(frame.payload ?? {}),
-    messageType: frame.type,
-    seq,
-    shouldReply: false,
-    metadata: {
-      sourceFrameId: frame.id,
-      payload: frame.payload
-    }
-  };
+  if (frame.type === "SYSTEM_NOTIFICATION") {
+    const title = typeof payload.title === "string" ? payload.title : "System";
+    const content = typeof payload.content === "string" ? payload.content : JSON.stringify(payload);
+    return {
+      id: frame.id,
+      channel: "coolclaw",
+      conversationId: "notification:system",
+      text: `[\u7CFB\u7EDF\u901A\u77E5] ${title}: ${content}`,
+      messageType: frame.type,
+      seq,
+      shouldReply: false,
+      metadata: { sourceFrameId: frame.id, payload: frame.payload }
+    };
+  }
+  if (frame.type === "GAME_EVENT") {
+    return null;
+  }
+  if (frame.type === "CONTENT_TASK") {
+    const taskType = typeof payload.taskType === "string" ? payload.taskType : "unknown";
+    return {
+      id: frame.id,
+      channel: "coolclaw",
+      conversationId: "notification:content_task",
+      text: `[\u5185\u5BB9\u4EFB\u52A1] ${taskType}: ${JSON.stringify(payload)}`,
+      messageType: frame.type,
+      seq,
+      shouldReply: false,
+      metadata: { sourceFrameId: frame.id, payload: frame.payload }
+    };
+  }
+  return null;
 }
 async function ackProcessedSeq(input, envelope) {
   if (typeof envelope.seq === "number") {
@@ -420,7 +718,7 @@ async function ackProcessedSeq(input, envelope) {
   }
 }
 function assertPrivatePayload(value) {
-  if (!isRecord3(value) || !isUserRef(value.sender) || !isUserRef(value.recipient)) {
+  if (!isRecord2(value) || !isUserRef(value.sender) || !isUserRef(value.recipient)) {
     throw new Error("Invalid PRIVATE_MESSAGE payload");
   }
   return {
@@ -436,7 +734,7 @@ function assertPrivatePayload(value) {
   };
 }
 function assertGroupPayload(value) {
-  if (!isRecord3(value) || !isUserRef(value.sender)) {
+  if (!isRecord2(value) || !isUserRef(value.sender)) {
     throw new Error("Invalid GROUP_MESSAGE payload");
   }
   return {
@@ -485,9 +783,9 @@ function readOptionalString(source, key) {
   return value;
 }
 function isUserRef(value) {
-  return isRecord3(value) && typeof value.userId === "string" && (value.userType === "HUMAN" || value.userType === "AGENT") && (value.displayName === void 0 || typeof value.displayName === "string");
+  return isRecord2(value) && typeof value.userId === "string" && (value.userType === "HUMAN" || value.userType === "AGENT") && (value.displayName === void 0 || typeof value.displayName === "string");
 }
-function isRecord3(value) {
+function isRecord2(value) {
   return typeof value === "object" && value !== null;
 }
 
@@ -584,21 +882,34 @@ async function sendText(input) {
   }
   return response.messageId;
 }
-
-// src/status.ts
-function getCoolclawStatus(source) {
-  return createStatus(resolveAccountConfig(source ?? {}));
-}
-function createStatus(account) {
-  return {
-    configured: account.configured,
-    connected: false,
-    message: account.configured ? "CoolClaw account is configured." : account.reasons.join("; "),
-    diagnostics: inspectAccount(account)
-  };
+async function sendMedia(input) {
+  const target = parseCoolclawTarget(input.target);
+  const fs = await import("fs/promises");
+  const fileBuffer = await fs.readFile(input.filePath);
+  const base64Content = fileBuffer.toString("base64");
+  const frame = target.kind === "private" ? createFrame("SEND_PRIVATE_MEDIA", {
+    target: { userId: target.userId, userType: target.userType },
+    messageType: "IMAGE",
+    content: base64Content,
+    mimeType: input.mimeType ?? "image/png"
+  }) : createFrame("SEND_GROUP_MEDIA", {
+    groupId: target.groupId,
+    messageType: "IMAGE",
+    content: base64Content,
+    mimeType: input.mimeType ?? "image/png"
+  });
+  const response = await input.client.request(frame);
+  if (response.ok === false) {
+    throw new Error(response.error?.message ?? "CoolClaw media send failed");
+  }
+  if (!response.messageId) {
+    throw new Error("CoolClaw media send response missing messageId");
+  }
+  return response.messageId;
 }
 
 // src/ws-client.ts
+init_config();
 import WebSocket from "ws";
 var CoolclawWsClient = class {
   constructor(options) {
@@ -608,6 +919,7 @@ var CoolclawWsClient = class {
   heartbeatTimer;
   reconnectTimer;
   stopped = true;
+  reconnectAttempt = 0;
   pendingRequests = /* @__PURE__ */ new Map();
   async start() {
     this.stopped = false;
@@ -652,7 +964,11 @@ var CoolclawWsClient = class {
     }
     this.socket.send(encodeFrame(frame));
   }
+  isConnected() {
+    return this.socket?.readyState === WebSocket.OPEN;
+  }
   async connect() {
+    this.notifyState("connecting");
     const lastAckedSeq = await this.options.ackStore.getLastAckedSeq(this.options.accountKey);
     const socket = new WebSocket(buildWsUrl(this.options.gatewayUrl, lastAckedSeq), {
       headers: {
@@ -688,6 +1004,7 @@ var CoolclawWsClient = class {
         });
         if (frame.type === "HELLO") {
           helloReceived = true;
+          this.reconnectAttempt = 0;
           cleanupBeforeHello();
           socket.on("message", (nextData) => {
             this.handleRawMessage(nextData).catch((error) => {
@@ -696,6 +1013,7 @@ var CoolclawWsClient = class {
           });
           socket.on("close", (code) => this.handleClose(code));
           this.startHeartbeat(frame);
+          this.notifyState("connected");
           resolve();
         }
       };
@@ -753,6 +1071,7 @@ var CoolclawWsClient = class {
   handleClose(code) {
     this.clearHeartbeat();
     this.rejectPending(new Error(`CoolClaw WSS connection closed: ${code}`));
+    this.notifyState("disconnected");
     if (this.stopped || this.isTerminalClose(code)) {
       return;
     }
@@ -760,17 +1079,23 @@ var CoolclawWsClient = class {
   }
   scheduleReconnect() {
     this.clearReconnect();
-    const delayMs = this.options.reconnectDelayMs ?? 1e3;
+    this.notifyState("reconnecting");
+    const baseDelay = this.options.reconnectDelayMs ?? 1e3;
+    const maxDelay = 6e4;
+    const attempt = this.reconnectAttempt++;
+    const delayMs = Math.min(baseDelay * Math.pow(2, attempt), maxDelay);
     this.reconnectTimer = setTimeout(() => {
       if (this.stopped) return;
       this.connect().catch((error) => {
         if (!this.stopped) {
-          this.rejectPending(error instanceof Error ? error : new Error(String(error)));
           this.scheduleReconnect();
         }
       });
     }, delayMs);
   }
+  notifyState(state) {
+    this.options.onStateChange?.(state);
+  }
   clearHeartbeat() {
     if (this.heartbeatTimer) {
       clearInterval(this.heartbeatTimer);
@@ -795,321 +1120,473 @@ var CoolclawWsClient = class {
   }
 };
 function readPingInterval(payload) {
-  if (!isRecord4(payload) || typeof payload.pingIntervalMs !== "number" || payload.pingIntervalMs <= 0) {
+  if (!isRecord3(payload) || typeof payload.pingIntervalMs !== "number" || payload.pingIntervalMs <= 0) {
     return void 0;
   }
   return payload.pingIntervalMs;
 }
 function readErrorMessage(payload) {
-  if (isRecord4(payload) && typeof payload.message === "string") {
+  if (isRecord3(payload) && typeof payload.message === "string") {
     return payload.message;
   }
   return "CoolClaw request failed";
 }
-function isRecord4(value) {
+function isRecord3(value) {
   return typeof value === "object" && value !== null;
 }
 
+// src/runtime.ts
+var _runtime;
+function getCoolclawRuntime() {
+  return _runtime;
+}
+
+// src/version.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { join as join2, dirname } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+var _version;
+function getPluginVersion() {
+  if (_version) return _version;
+  try {
+    const pkgPath = join2(dirname(fileURLToPath2(import.meta.url)), "..", "package.json");
+    const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
+    _version = pkg.version ?? "0.0.0";
+  } catch {
+    _version = "0.0.0";
+  }
+  return _version;
+}
+
 // src/channel.ts
-var coolclawChannelPlugin = {
-  id: "coolclaw",
-  meta: {
-    id: "coolclaw",
-    label: "CoolClaw",
-    selectionLabel: "CoolClaw",
-    docsPath: "/plugins/coolclaw",
-    blurb: "Connect OpenClaw to the CoolClaw/Riddle chat platform."
-  },
-  channels: ["coolclaw"],
-  channel: {
+import { createChatChannelPlugin } from "openclaw/plugin-sdk/channel-core";
+import { createAccountStatusSink, runPassiveAccountLifecycle } from "openclaw/plugin-sdk/channel-lifecycle";
+import { logInboundDrop, logAckFailure } from "openclaw/plugin-sdk/channel-logging";
+var runtimeClients = /* @__PURE__ */ new Map();
+function setRuntimeClient(accountKey, client) {
+  runtimeClients.set(accountKey, client);
+}
+function getRuntimeClient(accountKey) {
+  return runtimeClients.get(accountKey);
+}
+function clearRuntimeClient(accountKey) {
+  runtimeClients.delete(accountKey);
+}
+function extractAccountFromConfig(cfg, accountId) {
+  const coolclawSection = cfg.channels?.coolclaw;
+  const accounts = coolclawSection?.accounts;
+  return accounts?.[accountId ?? "default"] ?? {};
+}
+var coolclawChannelPlugin = createChatChannelPlugin({
+  base: {
     id: "coolclaw",
-    label: "CoolClaw",
-    docsPath: "/plugins/coolclaw",
-    blurb: "Connect OpenClaw to the CoolClaw/Riddle chat platform."
-  },
-  capabilities: {
-    chatTypes: ["direct", "group"]
-  },
-  config: {
-    listAccountIds(cfg) {
-      return Object.keys(cfg.channels?.coolclaw?.accounts ?? {});
+    meta: {
+      id: "coolclaw",
+      label: "CoolClaw",
+      selectionLabel: "CoolClaw",
+      docsPath: "/plugins/coolclaw",
+      blurb: "Connect OpenClaw to the CoolClaw/Riddle chat platform."
     },
-    resolveAccount(cfg, accountId = "default") {
-      return cfg.channels?.coolclaw?.accounts?.[accountId ?? "default"] ?? {};
+    capabilities: {
+      chatTypes: ["direct", "group"],
+      media: true,
+      blockStreaming: true
     },
-    defaultAccountId() {
-      return "default";
+    streaming: {
+      blockStreamingCoalesceDefaults: {
+        minChars: 200,
+        idleMs: 3e3
+      }
+    },
+    agentPrompt: {
+      messageToolHints: () => [
+        "To send a message on CoolClaw/Riddle, use the message tool with action='send' and set 'to' to a CoolClaw target like 'coolclaw:human:<userId>', 'coolclaw:agent:<agentId>', or 'coolclaw:group:<groupId>'.",
+        "To send an image or file, use the message tool with action='send' and set 'media' to a local file path or a remote URL.",
+        "When sending a message to a CoolClaw group, the agent will only reply if it was mentioned in the group message.",
+        "When creating a cron job for CoolClaw, set delivery.to to the target CoolClaw ID and delivery.accountId to the current accountId."
+      ]
     },
-    isConfigured(account) {
-      return Boolean(account.gatewayUrl && account.agentId && (account.tokenSecretRef || "tokenSecret" in account));
+    config: {
+      listAccountIds(cfg) {
+        return Object.keys(cfg.channels?.coolclaw?.accounts ?? {});
+      },
+      resolveAccount(cfg, accountId) {
+        return extractAccountFromConfig(cfg, accountId);
+      },
+      defaultAccountId() {
+        return "default";
+      },
+      isConfigured(account) {
+        return Boolean(account.gatewayUrl && account.agentId && (account.tokenSecretRef || "tokenSecret" in account));
+      },
+      isEnabled(account) {
+        return account?.enabled !== false;
+      },
+      describeAccount(account) {
+        return {
+          accountId: "default",
+          name: account.name,
+          enabled: account.enabled !== false,
+          configured: Boolean(account.gatewayUrl && account.agentId && (account.tokenSecretRef || "tokenSecret" in account)),
+          gatewayUrl: account.gatewayUrl,
+          agentId: account.agentId,
+          tokenConfigured: Boolean(account.tokenSecretRef || "tokenSecret" in account),
+          allowFromCount: account.allowFrom?.length ?? 0,
+          dmPolicy: account.dmPolicy ?? "allowlist"
+        };
+      }
     },
-    isEnabled(account) {
-      return account?.enabled !== false;
+    resolver: {
+      async resolveTargets({ inputs }) {
+        return inputs.map((input) => {
+          try {
+            const normalized = normalizeCoolclawTarget(input);
+            const [, type, id] = normalized.split(":");
+            parseCoolclawTarget(normalized);
+            return { input, resolved: true, id: normalized, name: `${type}:${id}` };
+          } catch (error) {
+            return { input, resolved: false, note: error instanceof Error ? error.message : String(error) };
+          }
+        });
+      }
     },
-    describeAccount(account) {
-      return {
-        accountId: "default",
-        name: account.name,
-        enabled: account.enabled !== false,
-        configured: Boolean(account.gatewayUrl && account.agentId && (account.tokenSecretRef || "tokenSecret" in account)),
-        gatewayUrl: account.gatewayUrl,
-        agentId: account.agentId,
-        tokenConfigured: Boolean(account.tokenSecretRef || "tokenSecret" in account),
-        allowFromCount: account.allowFrom?.length ?? 0,
-        dmPolicy: account.dmPolicy ?? "allowlist"
-      };
-    }
-  },
-  resolver: {
-    async resolveTargets({ inputs }) {
-      return inputs.map((input) => {
+    messaging: {
+      normalizeTarget(raw) {
         try {
-          const normalized = normalizeCoolclawTarget(input);
-          const [, type, id] = normalized.split(":");
+          const normalized = normalizeCoolclawTarget(raw);
           parseCoolclawTarget(normalized);
-          return { input, resolved: true, id: normalized, name: `${type}:${id}` };
-        } catch (error) {
-          return { input, resolved: false, note: error instanceof Error ? error.message : String(error) };
+          return normalized;
+        } catch {
+          return void 0;
         }
-      });
-    }
-  },
-  messaging: {
-    normalizeTarget(raw) {
-      try {
-        const normalized = normalizeCoolclawTarget(raw);
-        parseCoolclawTarget(normalized);
-        return normalized;
-      } catch {
-        return void 0;
-      }
-    },
-    inferTargetChatType({ to }) {
-      return inferCoolclawTargetChatType(to);
-    },
-    targetResolver: {
-      hint: "Use coolclaw:human:<id>, coolclaw:agent:<id>, or coolclaw:group:<id>.",
-      looksLikeId(raw, normalized) {
-        return isCoolclawTargetId(raw, normalized);
       },
-      resolveTarget({ input, normalized, preferredKind }) {
-        return resolveCoolclawMessagingTarget(normalized || input, preferredKind);
-      }
-    }
-  },
-  outbound: {
-    deliveryMode: "direct",
-    resolveTarget({ to }) {
-      if (!to) {
-        return { ok: false, error: new Error("CoolClaw target is required") };
-      }
-      try {
-        const normalized = normalizeCoolclawTarget(to);
-        parseCoolclawTarget(normalized);
-        return { ok: true, to: normalized };
-      } catch (error) {
-        return { ok: false, error: error instanceof Error ? error : new Error(String(error)) };
+      inferTargetChatType({ to }) {
+        return inferCoolclawTargetChatType(to);
+      },
+      targetResolver: {
+        hint: "Use coolclaw:human:<id>, coolclaw:agent:<id>, or coolclaw:group:<id>.",
+        looksLikeId(raw, normalized) {
+          return isCoolclawTargetId(raw, normalized);
+        },
+        resolveTarget({ input, normalized, preferredKind }) {
+          return resolveCoolclawMessagingTarget(normalized || input, preferredKind);
+        }
       }
     },
-    async sendText(ctx) {
-      const account = coolclawChannelPlugin.config.resolveAccount(ctx.cfg, ctx.accountId);
-      const token = await resolveAccountToken(account);
-      if (!account.gatewayUrl || !account.agentId || !token) {
-        throw new Error("CoolClaw account is not fully configured");
-      }
-      const client = new CoolclawWsClient({
-        gatewayUrl: account.gatewayUrl,
-        agentId: account.agentId,
-        token,
-        pluginVersion: "0.1.0",
-        ackStore: new InMemoryAckStore(),
-        accountKey: `coolclaw:${ctx.accountId ?? "default"}`
-      });
-      await client.start();
-      try {
-        const messageId = await sendText({ client, target: ctx.to, text: ctx.text });
-        return {
-          channel: "coolclaw",
-          messageId,
-          conversationId: ctx.to,
-          timestamp: Date.now()
-        };
-      } finally {
-        await client.stop();
-      }
-    }
-  },
-  status(source) {
-    return getCoolclawStatus(source);
-  },
-  gateway: {
-    async startAccount(ctx) {
-      const account = coolclawChannelPlugin.config.resolveAccount(ctx.cfg, ctx.accountId);
-      const token = await resolveAccountToken(account);
-      if (!account.gatewayUrl || !account.agentId || !token) {
-        ctx.log?.error(`[${ctx.accountId}] CoolClaw account is not fully configured`);
-        return;
-      }
-      const accountKey = `coolclaw:${ctx.accountId ?? "default"}`;
-      const ackStore = new FileAckStore();
-      ctx.setStatus({ accountId: ctx.accountId, status: "connecting" });
-      ctx.log?.info(`[${ctx.accountId}] starting CoolClaw provider (${account.gatewayUrl})`);
-      const client = new CoolclawWsClient({
-        gatewayUrl: account.gatewayUrl,
-        agentId: account.agentId,
-        token,
-        pluginVersion: "0.1.0",
-        ackStore,
-        accountKey,
-        onFrame: async (frame, wsClient) => {
-          try {
-            await handleInboundFrame({
-              frame,
-              accountKey,
+    gateway: {
+      async startAccount(ctx) {
+        const account = coolclawChannelPlugin.config.resolveAccount(ctx.cfg, ctx.accountId);
+        const token = await resolveAccountToken(account);
+        if (!account.gatewayUrl || !account.agentId || !token) {
+          ctx.log?.error(`[${ctx.accountId}] CoolClaw account is not fully configured`);
+          return;
+        }
+        const accountKey = `coolclaw:${ctx.accountId ?? "default"}`;
+        const ackStore = new FileAckStore();
+        const statusSink = createAccountStatusSink({
+          accountId: ctx.accountId,
+          setStatus: ctx.setStatus
+        });
+        statusSink({ statusState: "connecting" });
+        ctx.log?.info(`[${ctx.accountId}] starting CoolClaw provider (${account.gatewayUrl})`);
+        await runPassiveAccountLifecycle({
+          abortSignal: ctx.abortSignal,
+          start: async () => {
+            const client = new CoolclawWsClient({
+              gatewayUrl: account.gatewayUrl,
+              agentId: account.agentId,
+              token,
+              pluginVersion: getPluginVersion(),
               ackStore,
-              accountConfig: { allowFrom: account.allowFrom, dmPolicy: account.dmPolicy },
-              dispatch: async (envelope) => {
-                if (!ctx.channelRuntime) {
-                  ctx.log?.warn("channelRuntime not available; skipping dispatch");
-                  return;
-                }
+              accountKey,
+              onStateChange: (state) => {
+                statusSink({ statusState: state });
+              },
+              onFrame: async (frame, wsClient) => {
                 try {
-                  const isGroup = envelope.conversationId.startsWith("group:");
-                  const peer = isGroup ? { kind: "group", id: envelope.group?.groupId ?? envelope.conversationId } : { kind: "direct", id: envelope.conversationId };
-                  const route = ctx.channelRuntime.routing?.resolveAgentRoute ? await ctx.channelRuntime.routing.resolveAgentRoute({
-                    cfg: ctx.cfg,
-                    channel: "coolclaw",
-                    accountId: ctx.accountId,
-                    peer
-                  }) : { agentId: "main", sessionKey: `coolclaw:${envelope.conversationId}` };
-                  const storePath = ctx.channelRuntime.session?.resolveStorePath ? ctx.channelRuntime.session.resolveStorePath(ctx.cfg.session?.store, { agentId: route.agentId }) : "/tmp/openclaw/sessions";
-                  const senderLabel = envelope.sender ? `${envelope.sender.userType.toLowerCase()}:${envelope.sender.userId}` : "unknown";
-                  let deliveryTarget;
-                  if (envelope.group) {
-                    deliveryTarget = `coolclaw:group:${envelope.group.groupId}`;
-                  } else if (envelope.sender) {
-                    deliveryTarget = `coolclaw:${envelope.sender.userType.toLowerCase()}:${envelope.sender.userId}`;
-                  } else {
-                    deliveryTarget = normalizeCoolclawTarget(envelope.conversationId);
-                  }
-                  const agentHint = envelope.metadata?.agentHint;
-                  const bodyForAgent = agentHint ? envelope.text + agentHint : envelope.text;
-                  const ctxPayload = ctx.channelRuntime.reply.finalizeInboundContext({
-                    Body: envelope.text,
-                    BodyForAgent: bodyForAgent,
-                    RawBody: envelope.text,
-                    CommandBody: envelope.text,
-                    From: `coolclaw:${senderLabel}`,
-                    To: deliveryTarget,
-                    SessionKey: route.sessionKey,
-                    AccountId: ctx.accountId,
-                    ChatType: isGroup ? "channel" : "direct",
-                    CommandAuthorized: true,
-                    Provider: "coolclaw",
-                    Surface: "coolclaw",
-                    Channel: "coolclaw",
-                    Peer: peer,
-                    Mentioned: envelope.shouldReply
-                  });
-                  if (ctx.channelRuntime.session?.recordSessionMetaFromInbound) {
-                    await ctx.channelRuntime.session.recordSessionMetaFromInbound({
-                      storePath,
-                      sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
-                      ctx: ctxPayload
-                    });
-                  }
-                  if (ctx.channelRuntime.session?.updateLastRoute) {
-                    const sessionKey = ctxPayload.SessionKey ?? route.sessionKey;
-                    const lastRouteCtx = {
-                      storePath,
-                      sessionKey,
-                      deliveryContext: {
-                        channel: "coolclaw",
-                        to: deliveryTarget,
-                        accountId: ctx.accountId ?? void 0
-                      },
-                      ctx: ctxPayload
-                    };
-                    try {
-                      await ctx.channelRuntime.session.updateLastRoute(lastRouteCtx);
-                    } catch (err) {
-                      ctx.log?.warn(
-                        `updateLastRoute failed: ${err instanceof Error ? err.message : String(err)}`
-                      );
-                    }
-                    const mainSessionKey = route.mainSessionKey;
-                    if (mainSessionKey && mainSessionKey !== sessionKey) {
+                  await handleInboundFrame({
+                    frame,
+                    accountKey,
+                    ackStore,
+                    dispatch: async (envelope) => {
+                      const runtime = getCoolclawRuntime();
+                      if (!runtime?.channel) {
+                        logInboundDrop({ log: ctx.log?.warn?.bind(ctx.log) ?? (() => {
+                        }), channel: "coolclaw", reason: "runtime not available; skipping dispatch" });
+                        return;
+                      }
                       try {
-                        await ctx.channelRuntime.session.updateLastRoute({
-                          ...lastRouteCtx,
-                          sessionKey: mainSessionKey,
-                          ctx: void 0
+                        const isGroup = envelope.conversationId.startsWith("group:");
+                        const peer = isGroup ? { kind: "group", id: envelope.group?.groupId ?? envelope.conversationId } : { kind: "direct", id: envelope.conversationId };
+                        if (!runtime.channel.routing?.resolveAgentRoute) {
+                          throw new Error(
+                            "CoolClaw requires runtime.channel.routing.resolveAgentRoute. Please upgrade OpenClaw to >=2026.3.22."
+                          );
+                        }
+                        const route = await runtime.channel.routing.resolveAgentRoute({
+                          cfg: ctx.cfg,
+                          channel: "coolclaw",
+                          accountId: ctx.accountId,
+                          peer
                         });
-                      } catch (err) {
-                        ctx.log?.warn(
-                          `updateLastRoute (main) failed: ${err instanceof Error ? err.message : String(err)}`
+                        if (!runtime.channel.session?.resolveStorePath) {
+                          throw new Error(
+                            "CoolClaw requires runtime.channel.session.resolveStorePath. Please upgrade OpenClaw to >=2026.3.22."
+                          );
+                        }
+                        const storePath = runtime.channel.session.resolveStorePath(
+                          ctx.cfg.session?.store,
+                          { agentId: route.agentId }
                         );
-                      }
-                    }
-                  }
-                  await ctx.channelRuntime.reply.dispatchReplyWithBufferedBlockDispatcher({
-                    ctx: ctxPayload,
-                    cfg: ctx.cfg,
-                    dispatcherOptions: {
-                      deliver: async (payload) => {
-                        if (!payload.text) return;
-                        try {
-                          let replyTarget;
-                          if (envelope.group) {
-                            replyTarget = `coolclaw:group:${envelope.group.groupId}`;
-                          } else if (envelope.sender) {
-                            replyTarget = `coolclaw:${envelope.sender.userType.toLowerCase()}:${envelope.sender.userId}`;
-                          } else {
-                            replyTarget = normalizeCoolclawTarget(envelope.conversationId);
-                          }
-                          await sendText({ client: wsClient, target: replyTarget, text: payload.text });
-                        } catch (err) {
-                          ctx.log?.error(`Failed to deliver reply: ${err instanceof Error ? err.message : String(err)}`);
+                        const senderLabel = envelope.sender ? `${envelope.sender.userType.toLowerCase()}:${envelope.sender.userId}` : "unknown";
+                        let deliveryTarget;
+                        if (envelope.group) {
+                          deliveryTarget = `coolclaw:group:${envelope.group.groupId}`;
+                        } else if (envelope.sender) {
+                          deliveryTarget = `coolclaw:${envelope.sender.userType.toLowerCase()}:${envelope.sender.userId}`;
+                        } else {
+                          deliveryTarget = normalizeCoolclawTarget(envelope.conversationId);
                         }
-                      },
-                      onError: (err, info) => {
-                        ctx.log?.error(`Reply dispatch error: ${err instanceof Error ? err.message : String(err)}`, info);
+                        const agentHint = envelope.metadata?.agentHint;
+                        const bodyForAgent = agentHint ? envelope.text + agentHint : envelope.text;
+                        const ctxPayload = runtime.channel.reply.finalizeInboundContext({
+                          Body: envelope.text,
+                          BodyForAgent: bodyForAgent,
+                          RawBody: envelope.text,
+                          CommandBody: envelope.text,
+                          From: `coolclaw:${senderLabel}`,
+                          To: deliveryTarget,
+                          SessionKey: route.sessionKey,
+                          AccountId: ctx.accountId,
+                          ChatType: isGroup ? "channel" : "direct",
+                          CommandAuthorized: true,
+                          Provider: "coolclaw",
+                          Surface: "coolclaw",
+                          Channel: "coolclaw",
+                          Peer: peer,
+                          Mentioned: envelope.shouldReply
+                        });
+                        const sessionKey = ctxPayload.SessionKey ?? route.sessionKey;
+                        const mainSessionKey = route.mainSessionKey;
+                        await runtime.channel.session.recordInboundSession({
+                          storePath,
+                          sessionKey,
+                          ctx: ctxPayload,
+                          updateLastRoute: mainSessionKey && mainSessionKey !== sessionKey ? { sessionKey: mainSessionKey, channel: "coolclaw", to: deliveryTarget, accountId: ctx.accountId ?? void 0 } : void 0,
+                          onRecordError: (err) => {
+                            ctx.log?.warn(`recordInboundSession failed: ${err instanceof Error ? err.message : String(err)}`);
+                          }
+                        });
+                        await runtime.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+                          ctx: ctxPayload,
+                          cfg: ctx.cfg,
+                          dispatcherOptions: {
+                            deliver: async (payload) => {
+                              if (!payload.text) return;
+                              try {
+                                let replyTarget;
+                                if (envelope.group) {
+                                  replyTarget = `coolclaw:group:${envelope.group.groupId}`;
+                                } else if (envelope.sender) {
+                                  replyTarget = `coolclaw:${envelope.sender.userType.toLowerCase()}:${envelope.sender.userId}`;
+                                } else {
+                                  replyTarget = normalizeCoolclawTarget(envelope.conversationId);
+                                }
+                                await sendText({ client: wsClient, target: replyTarget, text: payload.text });
+                              } catch (err) {
+                                ctx.log?.error(`Failed to deliver reply: ${err instanceof Error ? err.message : String(err)}`);
+                              }
+                            },
+                            onError: (err, info) => {
+                              ctx.log?.error(`Reply dispatch error: ${err instanceof Error ? err.message : String(err)}${info ? ` ${JSON.stringify(info)}` : ""}`);
+                            }
+                          }
+                        });
+                      } catch (err) {
+                        ctx.log?.error(`Inbound dispatch error: ${err instanceof Error ? err.message : String(err)}`);
+                      }
+                    },
+                    sendAck: async (ackFrame) => {
+                      try {
+                        wsClient.sendFrame(ackFrame);
+                        ctx.log?.debug?.(`ACK sent: type=${ackFrame.type} lastAckedSeq=${ackFrame.payload?.lastAckedSeq}`);
+                      } catch (err) {
+                        logAckFailure({ log: ctx.log?.warn?.bind(ctx.log) ?? (() => {
+                        }), channel: "coolclaw", error: err });
                       }
                     }
                   });
                 } catch (err) {
-                  ctx.log?.error(`Inbound dispatch error: ${err instanceof Error ? err.message : String(err)}`);
-                }
-              },
-              sendAck: async (ackFrame) => {
-                try {
-                  wsClient.sendFrame(ackFrame);
-                  ctx.log?.debug(`ACK sent: type=${ackFrame.type} lastAckedSeq=${ackFrame.payload?.lastAckedSeq}`);
-                } catch (err) {
-                  ctx.log?.warn(`ACK send failed: ${err instanceof Error ? err.message : String(err)}`);
+                  ctx.log?.error(`Frame handling error: ${err instanceof Error ? err.message : String(err)}`);
                 }
               }
             });
-          } catch (err) {
-            ctx.log?.error(`Frame handling error: ${err instanceof Error ? err.message : String(err)}`);
+            await client.start();
+            setRuntimeClient(accountKey, client);
+            statusSink({ statusState: "connected" });
+            ctx.log?.info(`[${ctx.accountId}] CoolClaw provider connected`);
+            return client;
+          },
+          stop: async (client) => {
+            await client.stop();
+            clearRuntimeClient(accountKey);
+          },
+          onStop: () => {
+            statusSink({ statusState: "disconnected" });
+            ctx.log?.info(`[${ctx.accountId}] CoolClaw provider stopped`);
           }
+        });
+      },
+      /** 显式停止账户连接，清理 WebSocket 客户端资源 */
+      async stopAccount(ctx) {
+        const accountKey = `coolclaw:${ctx.accountId ?? "default"}`;
+        const client = getRuntimeClient(accountKey);
+        if (client) {
+          await client.stop();
+          clearRuntimeClient(accountKey);
+          ctx.log?.info(`[${ctx.accountId}] CoolClaw client stopped via stopAccount`);
         }
-      });
-      await client.start();
-      ctx.setStatus({ accountId: ctx.accountId, status: "connected" });
-      ctx.log?.info(`[${ctx.accountId}] CoolClaw provider connected`);
-      await new Promise((resolve) => {
-        ctx.abortSignal.addEventListener("abort", () => resolve(), { once: true });
-      });
-      await client.stop();
-      ctx.setStatus({ accountId: ctx.accountId, status: "disconnected" });
-      ctx.log?.info(`[${ctx.accountId}] CoolClaw provider stopped`);
+      }
+    },
+    /** auth 适配器 — 支持 openclaw channels login --channel coolclaw 原生命令 */
+    auth: {
+      async login({ cfg, accountId, verbose }) {
+        const resolvedAccountId = accountId?.trim() || "default";
+        const account = coolclawChannelPlugin.config.resolveAccount(cfg, resolvedAccountId);
+        const { validateAgentToken: validateAgentToken2, runCoolclawSetup: runCoolclawSetup2 } = await Promise.resolve().then(() => (init_setup(), setup_exports));
+        const existingToken = account.tokenSecretRef ? await resolveAccountToken(account) : void 0;
+        if (existingToken) {
+          const gatewayUrl = account.gatewayUrl ?? "https://agits-xa.baidu.com/riddle";
+          const valid = await validateAgentToken2(gatewayUrl, existingToken);
+          if (valid) {
+            if (verbose) console.log("[coolclaw] Already authenticated.");
+            return;
+          }
+        }
+        if (verbose) console.log("[coolclaw] Running setup...");
+        const result = await runCoolclawSetup2({
+          gatewayUrl: account.gatewayUrl,
+          accountId: resolvedAccountId,
+          autoRestart: false
+          // login 场景不需要重启网关
+        });
+        if (result.mode === "register") {
+          if (verbose) console.log(`[coolclaw] Agent registered: ${result.agentId}`);
+        } else {
+          if (verbose) console.log(`[coolclaw] Reusing existing agent: ${result.agentId}`);
+        }
+        if (verbose) console.log("[coolclaw] Authentication complete.");
+      }
+    }
+  },
+  security: {
+    dm: {
+      channelKey: "coolclaw",
+      resolvePolicy: (account) => account.dmPolicy ?? "allowlist",
+      resolveAllowFrom: (account) => account.allowFrom ?? [],
+      defaultPolicy: "allowlist",
+      normalizeEntry: (raw) => raw.trim().toLowerCase()
+    }
+  },
+  pairing: {
+    text: {
+      idLabel: "CoolClaw user ID",
+      message: "You are not authorized to message this agent. Send this pairing code to verify:",
+      notify: async ({ id, message }) => {
+        const client = getRuntimeClient("coolclaw:default");
+        if (client) {
+          await sendText({
+            client,
+            target: id,
+            text: message
+          });
+        }
+      }
+    }
+  },
+  threading: {
+    topLevelReplyToMode: "reply"
+  },
+  outbound: {
+    base: {
+      deliveryMode: "direct",
+      resolveTarget({ to }) {
+        if (!to) {
+          return { ok: false, error: new Error("CoolClaw target is required") };
+        }
+        try {
+          const normalized = normalizeCoolclawTarget(to);
+          parseCoolclawTarget(normalized);
+          return { ok: true, to: normalized };
+        } catch (error) {
+          return { ok: false, error: error instanceof Error ? error : new Error(String(error)) };
+        }
+      }
+    },
+    attachedResults: {
+      channel: "coolclaw",
+      async sendText(ctx) {
+        const account = coolclawChannelPlugin.config.resolveAccount(ctx.cfg, ctx.accountId);
+        const token = await resolveAccountToken(account);
+        if (!account.gatewayUrl || !account.agentId || !token) {
+          throw new Error("CoolClaw account is not fully configured");
+        }
+        const accountKey = `coolclaw:${ctx.accountId ?? "default"}`;
+        let client = getRuntimeClient(accountKey);
+        if (!client || !client.isConnected()) {
+          client = new CoolclawWsClient({
+            gatewayUrl: account.gatewayUrl,
+            agentId: account.agentId,
+            token,
+            pluginVersion: getPluginVersion(),
+            ackStore: new InMemoryAckStore(),
+            accountKey
+          });
+          await client.start();
+          try {
+            const messageId2 = await sendText({ client, target: ctx.to, text: ctx.text });
+            return { messageId: messageId2, conversationId: ctx.to, timestamp: Date.now() };
+          } finally {
+            await client.stop();
+          }
+        }
+        const messageId = await sendText({ client, target: ctx.to, text: ctx.text });
+        return { messageId, conversationId: ctx.to, timestamp: Date.now() };
+      },
+      async sendMedia(ctx) {
+        const account = coolclawChannelPlugin.config.resolveAccount(ctx.cfg, ctx.accountId);
+        const token = await resolveAccountToken(account);
+        if (!account.gatewayUrl || !account.agentId || !token) {
+          throw new Error("CoolClaw account is not fully configured");
+        }
+        const accountKey = `coolclaw:${ctx.accountId ?? "default"}`;
+        let client = getRuntimeClient(accountKey);
+        if (!client || !client.isConnected()) {
+          client = new CoolclawWsClient({
+            gatewayUrl: account.gatewayUrl,
+            agentId: account.agentId,
+            token,
+            pluginVersion: getPluginVersion(),
+            ackStore: new InMemoryAckStore(),
+            accountKey
+          });
+          await client.start();
+          try {
+            const messageId2 = await sendMedia({ client, target: ctx.to, filePath: ctx.mediaUrl ?? "" });
+            return { messageId: messageId2, conversationId: ctx.to, timestamp: Date.now() };
+          } finally {
+            await client.stop();
+          }
+        }
+        const messageId = await sendMedia({ client, target: ctx.to, filePath: ctx.mediaUrl ?? "" });
+        return { messageId, conversationId: ctx.to, timestamp: Date.now() };
+      }
     }
   }
-};
+});
 
 // setup-entry.ts
-var setup_entry_default = { plugin: coolclawChannelPlugin };
+var setup_entry_default = defineSetupPluginEntry(coolclawChannelPlugin);
 export {
   setup_entry_default as default
 };