@imweapp/openclaw-imwe 2026.4.12-alpha.1

package/src/setup-core.ts

@@ -0,0 +1,62 @@
+/**
+ * setup-core.ts — setup 适配器
+ *
+ * 处理 `openclaw setup imwe` 命令的配置写入逻辑。
+ * 用户需要提供：
+ *   --http-url  <apiBaseUrl>   imwe API 地址
+ *   --token     <appKey>       AppKey（复用 --token 参数）
+ *   --private-key <appSecret>  AppSecret（复用 --private-key 参数）
+ *
+ * 或通过环境变量（仅 default 账号）：
+ *   IMWE_API_BASE_URL
+ *   IMWE_APP_KEY
+ *   IMWE_APP_SECRET
+ */
+
+import {
+  createPatchedAccountSetupAdapter,
+  createSetupInputPresenceValidator,
+} from 'openclaw/plugin-sdk/setup';
+
+export const imweSetupAdapter = createPatchedAccountSetupAdapter({
+  channelKey: 'imwe',
+
+  validateInput: createSetupInputPresenceValidator({
+    defaultAccountOnlyEnvError: 'IMWE_APP_KEY / IMWE_APP_SECRET 只能用于 default 账号。',
+    whenNotUseEnv: [
+      {
+        someOf: ['httpUrl'],
+        message: 'imwe 需要提供 API 地址（--http-url）。',
+      },
+      {
+        someOf: ['token'],
+        message: 'imwe 需要提供 AppKey（--token）。',
+      },
+      {
+        someOf: ['privateKey'],
+        message: 'imwe 需要提供 AppSecret（--private-key）。',
+      },
+    ],
+  }),
+
+  buildPatch: (input) => {
+    // useEnv=true 时只写入 apiBaseUrl，凭证依赖环境变量
+    if (input.useEnv) {
+      return input.httpUrl ? { apiBaseUrl: input.httpUrl } : {};
+    }
+
+    const patch: Record<string, unknown> = {};
+    if (input.httpUrl) {
+      patch.apiBaseUrl = input.httpUrl;
+    }
+    // --token 复用为 appKey
+    if (input.token) {
+      patch.appKey = input.token;
+    }
+    // --private-key 复用为 appSecret
+    if (input.privateKey) {
+      patch.appSecret = input.privateKey;
+    }
+    return patch;
+  },
+});

package/src/types.ts

@@ -0,0 +1,153 @@
+/**
+ * types.ts — imwe 插件的所有类型定义
+ *
+ * 分三层：
+ *   1. ImweAccountConfig   — 原始 JSON 配置（字段全部可选，对应用户写的 openclaw.json）
+ *   2. ImweConfig          — 渠道级配置（含顶层默认值 + 多账号 map）
+ *   3. ResolvedImweAccount — 运行时已解析对象（字段全部确定，core 直接使用）
+ *
+ * 认证方式：AppKey + AppSecret HMAC-SHA256 签名
+ *   每次 HTTP 请求时，api-client.ts 用 AppSecret 对请求内容签名，
+ *   签名放入请求头，平台验证签名合法性。
+ *   无需 token、无需登录流程、无需持久化任何凭证。
+ */
+
+// ─────────────────────────────────────────────────────────────────────────────
+// 第一层：原始配置（对应 openclaw.json 里用户写的内容）
+// ─────────────────────────────────────────────────────────────────────────────
+
+export type ImweAccountConfig = {
+  /** 账号显示名称，用于 CLI/UI 列表 */
+  name?: string;
+  /** 是否启用该账号，默认 true */
+  enabled?: boolean;
+  /** imwe API 基础地址，例如 https://api.imwe.example.com */
+  apiBaseUrl?: string;
+  /**
+   * 应用 Key，由 imwe 开放平台颁发，用于标识调用方身份。
+   * 也可通过环境变量 IMWE_APP_KEY 提供。
+   */
+  appKey?: string;
+  /**
+   * 应用 Secret，与 AppKey 配对，用于 HMAC-SHA256 签名。
+   * 请勿明文提交到版本控制，建议通过环境变量 IMWE_APP_SECRET 提供。
+   */
+  appSecret?: string;
+  /** DM 安全策略：pairing（配对审批）| allowlist | open | disabled */
+  dmPolicy?: 'pairing' | 'allowlist' | 'open' | 'disabled';
+  /** DM 发送者白名单（imwe userId 列表） */
+  allowFrom?: Array<string | number>;
+  /**
+   * 短轮询间隔（毫秒），默认 3000。
+   * 每次请求完成后等待此时间再发起下一次，控制请求频率。
+   * 建议不低于 1000，避免对平台造成过大压力。
+   */
+  pollIntervalMs?: number;
+};
+
+// ─────────────────────────────────────────────────────────────────────────────
+// 第二层：渠道级配置（包含顶层默认值 + 多账号 map）
+// ─────────────────────────────────────────────────────────────────────────────
+
+export type ImweConfig = ImweAccountConfig & {
+  /** 多账号时使用，key 为 accountId */
+  accounts?: Record<string, ImweAccountConfig>;
+  /** 多账号时的默认 accountId */
+  defaultAccount?: string;
+};
+
+// ─────────────────────────────────────────────────────────────────────────────
+// 第三层：运行时已解析账号（所有字段已确定，不再有 undefined）
+// ─────────────────────────────────────────────────────────────────────────────
+
+export type ResolvedImweAccount = {
+  /** 账号 id（单账号时为 "default"） */
+  accountId: string;
+  /** 显示名称 */
+  name?: string;
+  /** 是否启用 */
+  enabled: boolean;
+  /** API 基础地址（已解析） */
+  apiBaseUrl: string;
+  /** API Key（ak_ 前缀，由 imwe 开放平台颁发） */
+  appKey: string;
+  /** API Secret（与 appKey 配对，用于 HMAC-SHA256 签名） */
+  appSecret: string;
+  /** 凭证来源，用于 status 展示 */
+  credentialSource: 'config' | 'env' | 'none';
+  /** 合并后的完整配置 */
+  config: ImweAccountConfig;
+};
+
+// ─────────────────────────────────────────────────────────────────────────────
+// HTTP API 相关类型（imwe 平台接口的数据结构）
+// 注意：HTTP 传输使用 Protobuf 二进制，encode/decode 由 src/proto/codec.ts 负责。
+//       这里只定义 TypeScript 侧的数据结构，与 proto/ 目录中的 .proto 定义对应。
+// ─────────────────────────────────────────────────────────────────────────────
+
+/** 入站消息附件 */
+export type ImweAttachment = {
+  /** 附件类型 */
+  type: 'image' | 'video' | 'audio' | 'file';
+  /** 文件下载 URL（来自 PbChatFileMeta.url） */
+  url: string;
+  /** 文件 MIME 类型（从 fileType 推断） */
+  mimeType?: string;
+  /** 文件名 */
+  fileName?: string;
+  /** 文件大小（字节） */
+  fileSize?: number;
+  /** 图片/视频宽度（像素） */
+  width?: number;
+  /** 图片/视频高度（像素） */
+  height?: number;
+  /** 音频/视频时长（秒） */
+  duration?: number;
+  /** 图片/视频文字描述 */
+  caption?: string;
+  /** AES-256 文件加密密钥（32 字节，E2EE 文件传输时存在） */
+  fileKey?: Uint8Array;
+  /** AES-CTR 初始向量（16 字节，E2EE 文件传输时存在） */
+  fileIv?: Uint8Array;
+  /** SHA256(plaintext) 小写十六进制摘要 */
+  fileDigest?: string;
+  /** 明文长度（字节） */
+  plaintextLength?: number;
+  /** 操作凭证（下载回调用） */
+  opCreds?: string;
+};
+
+/**
+ * 平台推送的入站消息结构（解包后的 TypeScript 表示）
+ * 对应 proto/envelope.proto: PbChatTextContent
+ */
+export type ImweInboundMessage = {
+  /** 消息唯一 id（来自 PbChatMsgDeliverBody.clientMsgId） */
+  msgId: string;
+  /** 发送者 userId（来自 PbChatMsgDeliverBody.fromId） */
+  senderId: string;
+  /** 接收者 userId（来自 PbChatMsgDeliverBody.toId） */
+  toId: string;
+  /** 消息文本内容（来自 PbChatTextContent.text） */
+  content: string;
+  /** 消息时间戳（Unix 毫秒，来自 PbChatMsgDeliverBody.serverStamp） */
+  timestampMs: number;
+  /** 正文范围（@、超链接等，来自 PbChatTextContent.bodyRanges） */
+  bodyRanges?: Array<{ key: 0 | 1 | 2; payload: string; start?: number; length?: number }>;
+  /** 引用消息的 clientMsgId（来自 PbChatTextContent.referenceClientMsgId） */
+  referenceClientMsgId?: string;
+  /** 多媒体附件列表（文本消息时为 undefined） */
+  attachments?: ImweAttachment[];
+};
+
+/**
+ * 发送消息响应
+ * 对应 proto/send.proto: SendResponse
+ */
+export type ImweSendResponse = {
+  ok: boolean;
+  msgId?: string;
+  /** 本次出站请求使用的 clientMsgId（插件本地生成） */
+  clientMsgId?: string;
+  error?: string;
+};

package/src/vodozemackit/index.ts

@@ -0,0 +1,297 @@
+import * as wasm from './pkg/vodozemackit_wasm';
+
+export type KeyMap = Record<string, string>;
+
+function toKeyMap(value: unknown): KeyMap {
+  if (value instanceof Map) {
+    return Object.fromEntries(value.entries()) as KeyMap;
+  }
+
+  return value as KeyMap;
+}
+
+export class EncryptedMessage {
+  private readonly inner: wasm.EncryptedMessage;
+
+  constructor(bodyOrInner: Uint8Array | wasm.EncryptedMessage) {
+    this.inner =
+      bodyOrInner instanceof Uint8Array ? new wasm.EncryptedMessage(bodyOrInner) : bodyOrInner;
+  }
+
+  static fromRaw(inner: wasm.EncryptedMessage): EncryptedMessage {
+    return new EncryptedMessage(inner);
+  }
+
+  get body(): Uint8Array {
+    return this.inner.body;
+  }
+
+  raw(): wasm.EncryptedMessage {
+    return this.inner;
+  }
+}
+
+export class Session {
+  private readonly inner: wasm.Session;
+
+  constructor(inner: wasm.Session) {
+    this.inner = inner;
+  }
+
+  sessionId(): string {
+    return this.inner.sessionId();
+  }
+
+  pickle(pickleKey: Uint8Array): string {
+    return this.inner.pickle(pickleKey);
+  }
+
+  encrypt(payload: Uint8Array): EncryptedMessage {
+    return EncryptedMessage.fromRaw(this.inner.encrypt(payload));
+  }
+
+  decrypt(message: EncryptedMessage): Uint8Array {
+    return this.inner.decrypt(message.raw());
+  }
+
+  sessionMatches(message: EncryptedMessage): boolean {
+    return this.inner.sessionMatches(message.raw());
+  }
+
+  raw(): wasm.Session {
+    return this.inner;
+  }
+}
+
+/**
+ * Detailed info for a single unpublished one-time key.
+ */
+export interface OneTimeKeyInfo {
+  /** Key ID (base64 encoded). */
+  keyId: string;
+  /** Public key (base64 encoded). */
+  publicKey: string;
+}
+
+/**
+ * The result of generating one-time keys.
+ *
+ * - `created` contains the newly created keys with their ids.
+ * - `removed` contains the base64 public keys that were evicted to make room
+ *   for the new keys (may be empty).
+ */
+export interface OneTimeKeyGenerationInfo {
+  created: OneTimeKeyInfo[];
+  removed: string[];
+}
+
+function toOneTimeKeyInfo(raw: wasm.OneTimeKeyInfo): OneTimeKeyInfo {
+  return { keyId: raw.keyId, publicKey: raw.publicKey };
+}
+
+export interface InboundCreationResult {
+  session: Session;
+  plaintext: Uint8Array;
+  /**
+   * The base64 encoded one-time key that was carried in the incoming pre-key
+   * message. Useful for correlating an inbound session with a previously
+   * uploaded OTK batch.
+   */
+  oneTimeKey: string;
+}
+
+export class Account {
+  private readonly inner: wasm.Account;
+
+  constructor(inner?: wasm.Account) {
+    this.inner = inner ?? new wasm.Account();
+  }
+
+  static fromPickle(pickle: string, pickleKey: Uint8Array): Account {
+    return new Account(wasm.accountFromPickle(pickle, pickleKey));
+  }
+
+  pickle(pickleKey: Uint8Array): string {
+    return this.inner.pickle(pickleKey);
+  }
+
+  ed25519Key(): string {
+    return this.inner.ed25519Key();
+  }
+
+  curve25519Key(): string {
+    return this.inner.curve25519Key();
+  }
+
+  sign(message: string): string {
+    return this.inner.sign(message);
+  }
+
+  generateOneTimeKeys(numberOfKeys: number): void {
+    this.inner.generateOneTimeKeys(numberOfKeys);
+  }
+
+  /**
+   * Generate one-time keys and return detailed info about the newly created
+   * keys, along with any keys that were evicted to make room for them.
+   */
+  generateOneTimeKeysWithInfo(numberOfKeys: number): OneTimeKeyGenerationInfo {
+    const result = this.inner.generateOneTimeKeysWithInfo(numberOfKeys);
+    const created = result.created.map(toOneTimeKeyInfo);
+    const removed = [...result.removed];
+    return { created, removed };
+  }
+
+  oneTimeKeys(): KeyMap {
+    return toKeyMap(this.inner.oneTimeKeys());
+  }
+
+  /**
+   * Returns the list of currently unpublished one-time keys along with their
+   * key ids. Mirrors `Account.oneTimeKeys` but preserves the key id.
+   */
+  oneTimeKeysWithInfo(): OneTimeKeyInfo[] {
+    return this.inner.oneTimeKeysWithInfo().map(toOneTimeKeyInfo);
+  }
+
+  /**
+   * Returns the number of one-time keys that are generated but not yet marked
+   * as published.
+   */
+  unpublishedOneTimeKeyCount(): number {
+    return this.inner.unpublishedOneTimeKeyCount();
+  }
+
+  maxNumberOfOneTimeKeys(): number {
+    return this.inner.maxNumberOfOneTimeKeys();
+  }
+
+  markKeysAsPublished(): void {
+    this.inner.markKeysAsPublished();
+  }
+
+  fallbackKey(): KeyMap {
+    return toKeyMap(this.inner.fallbackKey());
+  }
+
+  generateFallbackKey(): void {
+    this.inner.generateFallbackKey();
+  }
+
+  createOutboundSession(identityKey: string, oneTimeKey: string): Session {
+    return new Session(this.inner.createOutboundSession(identityKey, oneTimeKey));
+  }
+
+  createInboundSession(message: EncryptedMessage): InboundCreationResult {
+    const result = this.inner.createInboundSession(message.raw());
+    return {
+      session: new Session(result.takeSession()),
+      plaintext: result.plaintext(),
+      oneTimeKey: result.oneTimeKey(),
+    };
+  }
+
+  raw(): wasm.Account {
+    return this.inner;
+  }
+}
+
+export function accountFromPickle(pickle: string, pickleKey: Uint8Array): Account {
+  return Account.fromPickle(pickle, pickleKey);
+}
+
+export function sessionFromPickle(pickle: string, pickleKey: Uint8Array): Session {
+  return new Session(wasm.sessionFromPickle(pickle, pickleKey));
+}
+
+export interface DecryptedMessage {
+  plaintext: Uint8Array;
+  messageIndex: number;
+}
+
+export class GroupSession {
+  private readonly inner: wasm.GroupSession;
+
+  constructor(inner?: wasm.GroupSession) {
+    this.inner = inner ?? new wasm.GroupSession();
+  }
+
+  sessionId(): string {
+    return this.inner.sessionId();
+  }
+
+  sessionKey(): string {
+    return this.inner.sessionKey();
+  }
+
+  messageIndex(): number {
+    return this.inner.messageIndex();
+  }
+
+  encrypt(payload: Uint8Array): EncryptedMessage {
+    return EncryptedMessage.fromRaw(this.inner.encrypt(payload));
+  }
+
+  pickle(pickleKey: Uint8Array): string {
+    return this.inner.pickle(pickleKey);
+  }
+
+  raw(): wasm.GroupSession {
+    return this.inner;
+  }
+}
+
+export class InboundGroupSession {
+  private readonly inner: wasm.InboundGroupSession;
+
+  constructor(inner: wasm.InboundGroupSession) {
+    this.inner = inner;
+  }
+
+  sessionId(): string {
+    return this.inner.sessionId();
+  }
+
+  firstKnownIndex(): number {
+    return this.inner.firstKnownIndex();
+  }
+
+  exportAt(index: number): string | undefined {
+    return this.inner.exportAt(index);
+  }
+
+  decrypt(payload: Uint8Array): DecryptedMessage {
+    const decrypted = this.inner.decrypt(payload);
+    return {
+      plaintext: decrypted.plaintext,
+      messageIndex: decrypted.messageIndex,
+    };
+  }
+
+  pickle(pickleKey: Uint8Array): string {
+    return this.inner.pickle(pickleKey);
+  }
+
+  raw(): wasm.InboundGroupSession {
+    return this.inner;
+  }
+}
+
+export function groupSessionFromPickle(pickle: string, pickleKey: Uint8Array): GroupSession {
+  return new GroupSession(wasm.groupSessionFromPickle(pickle, pickleKey));
+}
+
+export function newInboundGroupSession(sessionKey: string): InboundGroupSession {
+  return new InboundGroupSession(wasm.newInboundGroupSession(sessionKey));
+}
+
+export function importInboundGroupSession(sessionKey: string): InboundGroupSession {
+  return new InboundGroupSession(wasm.importInboundGroupSession(sessionKey));
+}
+
+export function inboundGroupSessionFromPickle(
+  pickle: string,
+  pickleKey: Uint8Array,
+): InboundGroupSession {
+  return new InboundGroupSession(wasm.inboundGroupSessionFromPickle(pickle, pickleKey));
+}

package/src/vodozemackit/pkg/vodozemackit_wasm.d.ts

@@ -0,0 +1,138 @@
+/* tslint:disable */
+/* eslint-disable */
+
+export class Account {
+  free(): void;
+  [Symbol.dispose](): void;
+  createInboundSession(message: EncryptedMessage): InboundCreationResult;
+  createOutboundSession(identity_key: string, one_time_key: string): Session;
+  curve25519Key(): string;
+  ed25519Key(): string;
+  fallbackKey(): any;
+  generateFallbackKey(): void;
+  generateOneTimeKeys(number_of_keys: number): void;
+  /**
+   * Generates one-time keys and returns metadata about the keys that were
+   * created along with any keys evicted to make room. Mirrors
+   * `Account.generate_one_time_keys_with_info` on the UniFFI side.
+   */
+  generateOneTimeKeysWithInfo(number_of_keys: number): OneTimeKeyGenerationInfo;
+  markKeysAsPublished(): void;
+  maxNumberOfOneTimeKeys(): number;
+  constructor();
+  oneTimeKeys(): any;
+  /**
+   * Returns the full list of currently unpublished one-time keys as
+   * `OneTimeKeyInfo` entries. Mirrors `Account.one_time_keys_with_info` on
+   * the UniFFI side.
+   */
+  oneTimeKeysWithInfo(): OneTimeKeyInfo[];
+  pickle(pickle_key: Uint8Array): string;
+  sign(message: string): string;
+  /**
+   * Returns the number of one-time keys that are generated but not yet
+   * marked as published.
+   */
+  unpublishedOneTimeKeyCount(): number;
+}
+
+export class DecryptedMessage {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  readonly messageIndex: number;
+  readonly plaintext: Uint8Array;
+}
+
+export class EncryptedMessage {
+  free(): void;
+  [Symbol.dispose](): void;
+  constructor(body: Uint8Array);
+  readonly body: Uint8Array;
+}
+
+export class GroupSession {
+  free(): void;
+  [Symbol.dispose](): void;
+  encrypt(payload: Uint8Array): EncryptedMessage;
+  messageIndex(): number;
+  constructor();
+  pickle(pickle_key: Uint8Array): string;
+  sessionId(): string;
+  sessionKey(): string;
+}
+
+export class InboundCreationResult {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * The base64 encoded one-time key that was used in the pre-key message
+   * to establish the inbound session.
+   */
+  oneTimeKey(): string;
+  plaintext(): Uint8Array;
+  takeSession(): Session;
+}
+
+export class InboundGroupSession {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  decrypt(payload: Uint8Array): DecryptedMessage;
+  exportAt(index: number): string | undefined;
+  firstKnownIndex(): number;
+  pickle(pickle_key: Uint8Array): string;
+  sessionId(): string;
+}
+
+/**
+ * Result of generating one-time keys, containing detailed info about newly
+ * created keys and the base64 public keys that were evicted.
+ */
+export class OneTimeKeyGenerationInfo {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  readonly created: OneTimeKeyInfo[];
+  readonly removed: string[];
+}
+
+/**
+ * Detailed info about a single one-time key.
+ */
+export class OneTimeKeyInfo {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  readonly keyId: string;
+  readonly publicKey: string;
+}
+
+export class Session {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  decrypt(message: EncryptedMessage): Uint8Array;
+  encrypt(payload: Uint8Array): EncryptedMessage;
+  pickle(pickle_key: Uint8Array): string;
+  sessionId(): string;
+  sessionMatches(message: EncryptedMessage): boolean;
+}
+
+export function accountFromPickle(pickle: string, pickle_key: Uint8Array): Account;
+
+export function groupSessionFromPickle(pickle: string, pickle_key: Uint8Array): GroupSession;
+
+export function importInboundGroupSession(session_key: string): InboundGroupSession;
+
+export function inboundGroupSessionFromPickle(
+  pickle: string,
+  pickle_key: Uint8Array,
+): InboundGroupSession;
+
+export function newInboundGroupSession(session_key: string): InboundGroupSession;
+
+export function sessionFromPickle(pickle: string, pickle_key: Uint8Array): Session;
+
+export function start(): void;

package/src/vodozemackit/pkg/vodozemackit_wasm.js

@@ -0,0 +1,24 @@
+/* @ts-self-types="./vodozemackit_wasm.d.ts" */
+import * as wasm from './vodozemackit_wasm_bg.wasm';
+import { __wbg_set_wasm } from './vodozemackit_wasm_bg.js';
+
+__wbg_set_wasm(wasm);
+wasm.__wbindgen_start();
+export {
+  Account,
+  DecryptedMessage,
+  EncryptedMessage,
+  GroupSession,
+  InboundCreationResult,
+  InboundGroupSession,
+  OneTimeKeyGenerationInfo,
+  OneTimeKeyInfo,
+  Session,
+  accountFromPickle,
+  groupSessionFromPickle,
+  importInboundGroupSession,
+  inboundGroupSessionFromPickle,
+  newInboundGroupSession,
+  sessionFromPickle,
+  start,
+} from './vodozemackit_wasm_bg.js';