@insta-dev01/intclaw 1.0.11 → 1.1.1

package/src/onboarding.ts

@@ -0,0 +1,387 @@
+import type {
+  ChannelOnboardingAdapter,
+  ChannelOnboardingDmPolicy,
+  ClawdbotConfig,
+  DmPolicy,
+  SecretInput,
+  WizardPrompter,
+} from "openclaw/plugin-sdk";
+import {
+  addWildcardAllowFrom,
+  DEFAULT_ACCOUNT_ID,
+  formatDocsLink,
+  hasConfiguredSecretInput,
+} from "./sdk/helpers.ts";
+import { promptSingleChannelSecretInput } from "openclaw/plugin-sdk";
+import { resolveIntclawCredentials } from "./config/accounts.ts";
+import { probeIntclaw } from "./probe.ts";
+import type { IntclawConfig } from "./types/index.ts";
+
+const channel = "intclaw-connector" as const;
+
+function normalizeString(value: unknown): string | undefined {
+  if (typeof value === "number") {
+    return String(value);
+  }
+  if (typeof value !== "string") {
+    return undefined;
+  }
+  const trimmed = value.trim();
+  return trimmed || undefined;
+}
+
+function setIntclawDmPolicy(cfg: ClawdbotConfig, dmPolicy: DmPolicy): ClawdbotConfig {
+  const allowFrom =
+    dmPolicy === "open"
+      ? addWildcardAllowFrom(cfg.channels?.["intclaw-connector"]?.allowFrom)?.map((entry) => String(entry))
+      : undefined;
+  return {
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      "intclaw-connector": {
+        ...cfg.channels?.["intclaw-connector"],
+        dmPolicy,
+        ...(allowFrom ? { allowFrom } : {}),
+      },
+    },
+  };
+}
+
+function setIntclawAllowFrom(cfg: ClawdbotConfig, allowFrom: string[]): ClawdbotConfig {
+  return {
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      "intclaw-connector": {
+        ...cfg.channels?.["intclaw-connector"],
+        allowFrom,
+      },
+    },
+  };
+}
+
+function parseAllowFromInput(raw: string): string[] {
+  return raw
+    .split(/[\n,;]+/g)
+    .map((entry) => entry.trim())
+    .filter(Boolean);
+}
+
+async function promptIntclawAllowFrom(params: {
+  cfg: ClawdbotConfig;
+  prompter: WizardPrompter;
+}): Promise<ClawdbotConfig> {
+  const existing = params.cfg.channels?.["intclaw-connector"]?.allowFrom ?? [];
+  await params.prompter.note(
+    [
+      "Allowlist IntClaw DMs by user ID.",
+      "You can find user ID in IntClaw admin console or via API.",
+      "Examples:",
+      "- user123456",
+      "- user789012",
+    ].join("\n"),
+    "IntClaw allowlist",
+  );
+
+  while (true) {
+    const entry = await params.prompter.text({
+      message: "IntClaw allowFrom (user IDs)",
+      placeholder: "user123456, user789012",
+      initialValue: existing[0] ? String(existing[0]) : undefined,
+      validate: (value) => (String(value ?? "").trim() ? undefined : "Required"),
+    });
+    const parts = parseAllowFromInput(String(entry));
+    if (parts.length === 0) {
+      await params.prompter.note("Enter at least one user.", "IntClaw allowlist");
+      continue;
+    }
+
+    const unique = [
+      ...new Set([
+        ...existing.map((v: string | number) => String(v).trim()).filter(Boolean),
+        ...parts,
+      ]),
+    ];
+    return setIntclawAllowFrom(params.cfg, unique);
+  }
+}
+
+async function noteIntclawCredentialHelp(prompter: WizardPrompter): Promise<void> {
+  await prompter.note(
+    [
+      "1) Go to IntClaw Open Platform (open-dev.intclaw.com)",
+      "2) Create an enterprise internal app",
+      "3) Get App Key (Client ID) and App Secret (Client Secret) from Credentials page",
+      "4) Enable required permissions: im:message, im:chat",
+      "5) Publish the app or add it to a test group",
+      "Tip: you can also set INTCLAW_CLIENT_ID / INTCLAW_CLIENT_SECRET env vars.",
+      `Docs: ${formatDocsLink("/channels/intclaw-connector", "intclaw-connector")}`,
+    ].join("\n"),
+    "IntClaw credentials",
+  );
+}
+
+async function promptIntclawClientId(params: {
+  prompter: WizardPrompter;
+  initialValue?: string;
+}): Promise<string> {
+  const clientId = String(
+    await params.prompter.text({
+      message: "Enter IntClaw App Key (Client ID)",
+      initialValue: params.initialValue,
+      validate: (value) => (value?.trim() ? undefined : "Required"),
+    }),
+  ).trim();
+  return clientId;
+}
+
+function setIntclawGroupPolicy(
+  cfg: ClawdbotConfig,
+  groupPolicy: "open" | "allowlist" | "disabled",
+): ClawdbotConfig {
+  return {
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      "intclaw-connector": {
+        ...cfg.channels?.["intclaw-connector"],
+        enabled: true,
+        groupPolicy,
+      },
+    },
+  };
+}
+
+function setIntclawGroupAllowFrom(cfg: ClawdbotConfig, groupAllowFrom: string[]): ClawdbotConfig {
+  return {
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      "intclaw-connector": {
+        ...cfg.channels?.["intclaw-connector"],
+        groupAllowFrom,
+      },
+    },
+  };
+}
+
+const dmPolicy: ChannelOnboardingDmPolicy = {
+  label: "IntClaw",
+  channel,
+  policyKey: "channels.intclaw-connector.dmPolicy",
+  allowFromKey: "channels.intclaw-connector.allowFrom",
+  getCurrent: (cfg) => (cfg.channels?.["intclaw-connector"] as IntclawConfig | undefined)?.dmPolicy ?? "open",
+  setPolicy: (cfg, policy) => setIntclawDmPolicy(cfg, policy),
+  promptAllowFrom: promptIntclawAllowFrom,
+};
+
+export const intclawOnboardingAdapter: ChannelOnboardingAdapter = {
+  channel,
+  getStatus: async ({ cfg }) => {
+    const intclawCfg = cfg.channels?.["intclaw-connector"] as IntclawConfig | undefined;
+
+    const isClientIdConfigured = (value: unknown): boolean => {
+      const asString = normalizeString(value);
+      if (asString) {
+        return true;
+      }
+      if (!value || typeof value !== "object") {
+        return false;
+      }
+      const rec = value as Record<string, unknown>;
+      const source = normalizeString(rec.source)?.toLowerCase();
+      const id = normalizeString(rec.id);
+      if (source === "env" && id) {
+        return Boolean(normalizeString(process.env[id]));
+      }
+      return hasConfiguredSecretInput(value);
+    };
+
+    const topLevelConfigured = Boolean(
+      isClientIdConfigured(intclawCfg?.clientId) && hasConfiguredSecretInput(intclawCfg?.clientSecret),
+    );
+
+    const accountConfigured = Object.values(intclawCfg?.accounts ?? {}).some((account) => {
+      if (!account || typeof account !== "object") {
+        return false;
+      }
+      const hasOwnClientId = Object.prototype.hasOwnProperty.call(account, "clientId");
+      const hasOwnClientSecret = Object.prototype.hasOwnProperty.call(account, "clientSecret");
+      const accountClientIdConfigured = hasOwnClientId
+        ? isClientIdConfigured((account as Record<string, unknown>).clientId)
+        : isClientIdConfigured(intclawCfg?.clientId);
+      const accountSecretConfigured = hasOwnClientSecret
+        ? hasConfiguredSecretInput((account as Record<string, unknown>).clientSecret)
+        : hasConfiguredSecretInput(intclawCfg?.clientSecret);
+      return Boolean(accountClientIdConfigured && accountSecretConfigured);
+    });
+
+    const configured = topLevelConfigured || accountConfigured;
+    const resolvedCredentials = resolveIntclawCredentials(intclawCfg, {
+      allowUnresolvedSecretRef: true,
+    });
+
+    // Try to probe if configured
+    let probeResult = null;
+    if (configured && resolvedCredentials) {
+      try {
+        probeResult = await probeIntclaw(resolvedCredentials);
+      } catch {
+        // Ignore probe errors
+      }
+    }
+
+    const statusLines: string[] = [];
+    if (!configured) {
+      statusLines.push("IntClaw: needs app credentials");
+    } else if (probeResult?.ok) {
+      statusLines.push(
+        `IntClaw: connected as ${probeResult.botName ?? "bot"}`,
+      );
+    } else {
+      statusLines.push("IntClaw: configured (connection not verified)");
+    }
+
+    return {
+      channel,
+      configured,
+      statusLines,
+      selectionHint: configured ? "configured" : "needs app creds",
+      quickstartScore: configured ? 2 : 0,
+    };
+  },
+
+  configure: async ({ cfg, prompter }) => {
+    const intclawCfg = cfg.channels?.["intclaw-connector"] as IntclawConfig | undefined;
+    const resolved = resolveIntclawCredentials(intclawCfg, {
+      allowUnresolvedSecretRef: true,
+    });
+    const hasConfigSecret = hasConfiguredSecretInput(intclawCfg?.clientSecret);
+    const hasConfigCreds = Boolean(
+      typeof intclawCfg?.clientId === "string" && intclawCfg.clientId.trim() && hasConfigSecret,
+    );
+    const canUseEnv = Boolean(
+      !hasConfigCreds && process.env.INTCLAW_CLIENT_ID?.trim() && process.env.INTCLAW_CLIENT_SECRET?.trim(),
+    );
+
+    let next = cfg;
+    let clientId: string | null = null;
+    let clientSecret: SecretInput | null = null;
+    let clientSecretProbeValue: string | null = null;
+
+    if (!resolved) {
+      await noteIntclawCredentialHelp(prompter);
+    }
+
+    const clientSecretResult = await promptSingleChannelSecretInput({
+      cfg: next,
+      prompter,
+      providerHint: "intclaw",
+      credentialLabel: "App Secret (Client Secret)",
+      accountConfigured: Boolean(resolved),
+      canUseEnv,
+      hasConfigToken: hasConfigSecret,
+      envPrompt: "INTCLAW_CLIENT_ID + INTCLAW_CLIENT_SECRET detected. Use env vars?",
+      keepPrompt: "IntClaw App Secret already configured. Keep it?",
+      inputPrompt: "Enter IntClaw App Secret (Client Secret)",
+      preferredEnvVar: "INTCLAW_CLIENT_SECRET",
+    });
+
+    if (clientSecretResult.action === "use-env") {
+      next = {
+        ...next,
+        channels: {
+          ...next.channels,
+          "intclaw-connector": { ...next.channels?.["intclaw-connector"], enabled: true },
+        },
+      };
+    } else if (clientSecretResult.action === "set") {
+      clientSecret = clientSecretResult.value;
+      clientSecretProbeValue = clientSecretResult.resolvedValue;
+      clientId = await promptIntclawClientId({
+        prompter,
+        initialValue:
+          normalizeString(intclawCfg?.clientId) ?? normalizeString(process.env.INTCLAW_CLIENT_ID),
+      });
+    }
+
+    if (clientId && clientSecret) {
+      next = {
+        ...next,
+        channels: {
+          ...next.channels,
+          "intclaw-connector": {
+            ...next.channels?.["intclaw-connector"],
+            enabled: true,
+            clientId,
+            clientSecret,
+          },
+        },
+      };
+
+      // Test connection
+      try {
+        const probe = await probeIntclaw({
+          clientId,
+          clientSecret: clientSecretProbeValue ?? undefined,
+        });
+        if (probe.ok) {
+          await prompter.note(
+            `Connected as ${probe.botName ?? "bot"}`,
+            "IntClaw connection test",
+          );
+        } else {
+          await prompter.note(
+            `Connection failed: ${probe.error ?? "unknown error"}`,
+            "IntClaw connection test",
+          );
+        }
+      } catch (err) {
+        await prompter.note(`Connection test failed: ${String(err)}`, "IntClaw connection test");
+      }
+    }
+
+    // Group policy
+    const groupPolicy = await prompter.select({
+      message: "Group chat policy",
+      options: [
+        { value: "allowlist", label: "Allowlist - only respond in specific groups" },
+        { value: "open", label: "Open - respond in all groups (requires mention)" },
+        { value: "disabled", label: "Disabled - don't respond in groups" },
+      ],
+      initialValue: (next.channels?.["intclaw-connector"] as IntclawConfig | undefined)?.groupPolicy ?? "open",
+    });
+    if (groupPolicy) {
+      next = setIntclawGroupPolicy(next, groupPolicy as "open" | "allowlist" | "disabled");
+    }
+
+    // Group allowlist if needed
+    if (groupPolicy === "allowlist") {
+      const existing = (next.channels?.["intclaw-connector"] as IntclawConfig | undefined)?.groupAllowFrom ?? [];
+      const entry = await prompter.text({
+        message: "Group chat allowlist (conversation IDs)",
+        placeholder: "cidxxxx, cidyyyy",
+        initialValue: existing.length > 0 ? existing.map(String).join(", ") : undefined,
+      });
+      if (entry) {
+        const parts = parseAllowFromInput(String(entry));
+        if (parts.length > 0) {
+          next = setIntclawGroupAllowFrom(next, parts);
+        }
+      }
+    }
+
+    return { cfg: next, accountId: DEFAULT_ACCOUNT_ID };
+  },
+
+  dmPolicy,
+
+  disable: (cfg) => ({
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      "intclaw-connector": { ...cfg.channels?.["intclaw-connector"], enabled: false },
+    },
+  }),
+};

package/src/policy.ts

@@ -0,0 +1,19 @@
+import type { ToolPolicy } from "openclaw/plugin-sdk";
+import type { ResolvedIntclawAccount } from "./types/index.ts";
+
+export function resolveIntclawGroupToolPolicy(params: {
+  account: ResolvedIntclawAccount;
+  groupId: string;
+}): ToolPolicy | undefined {
+  const { account, groupId } = params;
+  const intclawCfg = account.config;
+
+  // Check group-specific policy first
+  const groupConfig = intclawCfg?.groups?.[groupId];
+  if (groupConfig?.tools) {
+    return groupConfig.tools;
+  }
+
+  // Fall back to account-level default (allow all)
+  return { allow: ["*"] };
+}

package/src/probe.ts

@@ -0,0 +1,213 @@
+import { raceWithTimeoutAndAbort } from "./utils/async.ts";
+import type { IntclawProbeResult } from "./types/index.ts";
+import { INTCLAW_CONFIG } from "../config.ts";
+
+/** LRU Cache for probe results to reduce repeated health-check calls. */
+class LRUCache<K, V> {
+  private cache = new Map<K, V>();
+  private maxSize: number;
+
+  constructor(maxSize: number) {
+    this.maxSize = maxSize;
+  }
+
+  get(key: K): V | undefined {
+    const value = this.cache.get(key);
+    if (value !== undefined) {
+      // 重新插入以更新访问顺序
+      this.cache.delete(key);
+      this.cache.set(key, value);
+    }
+    return value;
+  }
+
+  set(key: K, value: V): void {
+    // 如果已存在，先删除（更新顺序）
+    if (this.cache.has(key)) {
+      this.cache.delete(key);
+    }
+    
+    this.cache.set(key, value);
+    
+    // 超过大小限制时删除最旧的（最少使用的）
+    if (this.cache.size > this.maxSize) {
+      const oldest = this.cache.keys().next().value;
+      if (oldest !== undefined) {
+        this.cache.delete(oldest);
+      }
+    }
+  }
+
+  clear(): void {
+    this.cache.clear();
+  }
+}
+
+const probeCache = new LRUCache<string, { result: IntclawProbeResult; expiresAt: number }>(64);
+const PROBE_SUCCESS_TTL_MS = 10 * 60 * 1000; // 10 minutes
+const PROBE_ERROR_TTL_MS = 60 * 1000; // 1 minute
+export const INTCLAW_PROBE_REQUEST_TIMEOUT_MS = 10_000;
+export type ProbeIntclawOptions = {
+  timeoutMs?: number;
+  abortSignal?: AbortSignal;
+};
+
+type IntclawBotInfoResponse = {
+  errcode?: number;
+  errmsg?: string;
+  nick?: string;
+  unionid?: string;
+};
+
+function setCachedProbeResult(
+  cacheKey: string,
+  result: IntclawProbeResult,
+  ttlMs: number,
+): IntclawProbeResult {
+  probeCache.set(cacheKey, { result, expiresAt: Date.now() + ttlMs });
+  return result;
+}
+
+export async function probeIntclaw(
+  creds?: { clientId: string; clientSecret: string; accountId?: string },
+  options: ProbeIntclawOptions = {},
+): Promise<IntclawProbeResult> {
+  if (!creds?.clientId || !creds?.clientSecret) {
+    return {
+      ok: false,
+      error: "missing credentials (clientId, clientSecret)",
+    };
+  }
+  if (options.abortSignal?.aborted) {
+    return {
+      ok: false,
+      clientId: creds.clientId,
+      error: "probe aborted",
+    };
+  }
+
+  const timeoutMs = options.timeoutMs ?? INTCLAW_PROBE_REQUEST_TIMEOUT_MS;
+
+  // Return cached result if still valid.
+  const cacheKey = creds.accountId ?? `${creds.clientId}:${creds.clientSecret.slice(0, 8)}`;
+  const cached = probeCache.get(cacheKey);
+  if (cached && cached.expiresAt > Date.now()) {
+    return cached.result;
+  }
+
+  try {
+    // Get access token
+    const tokenResponse = await raceWithTimeoutAndAbort(
+      fetch(`${INTCLAW_CONFIG.API_BASE_URL}/v1.0/oauth2/accessToken`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          appKey: creds.clientId,
+          appSecret: creds.clientSecret,
+        }),
+      }),
+      { timeoutMs, abortSignal: options.abortSignal },
+    );
+
+    if (tokenResponse.status === "aborted") {
+      return {
+        ok: false,
+        clientId: creds.clientId,
+        error: "probe aborted",
+      };
+    }
+    if (tokenResponse.status === "timeout") {
+      return setCachedProbeResult(
+        cacheKey,
+        {
+          ok: false,
+          clientId: creds.clientId,
+          error: `probe timed out after ${timeoutMs}ms`,
+        },
+        PROBE_ERROR_TTL_MS,
+      );
+    }
+
+    const tokenData = await tokenResponse.value.json() as { accessToken?: string };
+    if (!tokenData.accessToken) {
+      return setCachedProbeResult(
+        cacheKey,
+        {
+          ok: false,
+          clientId: creds.clientId,
+          error: "failed to get access token",
+        },
+        PROBE_ERROR_TTL_MS,
+      );
+    }
+
+    // Get bot info
+    const botResponse = await raceWithTimeoutAndAbort(
+      fetch(`${INTCLAW_CONFIG.API_BASE_URL}/v1.0/contact/users/me`, {
+        method: "GET",
+        headers: {
+          "x-acs-intclaw-access-token": tokenData.accessToken,
+          "Content-Type": "application/json",
+        },
+      }),
+      { timeoutMs, abortSignal: options.abortSignal },
+    );
+
+    if (botResponse.status === "aborted") {
+      return {
+        ok: false,
+        clientId: creds.clientId,
+        error: "probe aborted",
+      };
+    }
+    if (botResponse.status === "timeout") {
+      return setCachedProbeResult(
+        cacheKey,
+        {
+          ok: false,
+          clientId: creds.clientId,
+          error: `probe timed out after ${timeoutMs}ms`,
+        },
+        PROBE_ERROR_TTL_MS,
+      );
+    }
+
+    const botData = await botResponse.value.json() as IntclawBotInfoResponse;
+    if (botData.errcode && botData.errcode !== 0) {
+      return setCachedProbeResult(
+        cacheKey,
+        {
+          ok: false,
+          clientId: creds.clientId,
+          error: `API error: ${botData.errmsg || `code ${botData.errcode}`}`,
+        },
+        PROBE_ERROR_TTL_MS,
+      );
+    }
+
+    return setCachedProbeResult(
+      cacheKey,
+      {
+        ok: true,
+        clientId: creds.clientId,
+        botName: botData.nick,
+      },
+      PROBE_SUCCESS_TTL_MS,
+    );
+  } catch (err) {
+    return setCachedProbeResult(
+      cacheKey,
+      {
+        ok: false,
+        clientId: creds.clientId,
+        error: err instanceof Error ? err.message : String(err),
+      },
+      PROBE_ERROR_TTL_MS,
+    );
+  }
+}
+
+/** Clear the probe cache (for testing). */
+export function clearProbeCache(): void {
+  probeCache.clear();
+}