@kodelyth/nextcloud-talk 2026.5.39 → 2026.5.42

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kodelyth/nextcloud-talk",
-  "version": "2026.5.39",
+  "version": "2026.5.42",
   "description": "Klaw Nextcloud Talk channel plugin",
   "repository": {
     "type": "git",
@@ -9,7 +9,7 @@
   "type": "module",
   "devDependencies": {
     "@kodelyth/plugin-sdk": "1.0.1",
-    "@kodelyth/klaw": "2026.5.41"
+    "@kodelyth/klaw": "2026.5.42"
   },
   "peerDependencies": {
     "@kodelyth/klaw": ">=2026.5.19"
@@ -21,9 +21,9 @@
   },
   "klaw": {
     "extensions": [
-      "./index.js"
+      "./index.ts"
     ],
-    "setupEntry": "./setup-entry.js",
+    "setupEntry": "./setup-entry.ts",
     "channel": {
       "id": "nextcloud-talk",
       "label": "Nextcloud Talk",

package/runtime-api.ts

@@ -0,0 +1,29 @@
+// Private runtime barrel for the bundled Nextcloud Talk extension.
+// Keep this barrel thin and aligned with the local extension surface.
+
+export type { AllowlistMatch } from "klaw/plugin-sdk/allow-from";
+export type { ChannelGroupContext } from "klaw/plugin-sdk/channel-contract";
+export { logInboundDrop } from "klaw/plugin-sdk/channel-logging";
+export { createChannelPairingController } from "klaw/plugin-sdk/channel-pairing";
+export type {
+  BlockStreamingCoalesceConfig,
+  DmConfig,
+  DmPolicy,
+  GroupPolicy,
+  GroupToolPolicyConfig,
+  KlawConfig,
+} from "klaw/plugin-sdk/config-contracts";
+export {
+  GROUP_POLICY_BLOCKED_LABEL,
+  resolveAllowlistProviderRuntimeGroupPolicy,
+  resolveDefaultGroupPolicy,
+  warnMissingProviderGroupPolicyFallbackOnce,
+} from "klaw/plugin-sdk/runtime-group-policy";
+export { createChannelMessageReplyPipeline } from "klaw/plugin-sdk/channel-message";
+export type { OutboundReplyPayload } from "klaw/plugin-sdk/reply-payload";
+export { deliverFormattedTextWithAttachments } from "klaw/plugin-sdk/reply-payload";
+export type { PluginRuntime } from "klaw/plugin-sdk/runtime-store";
+export type { RuntimeEnv } from "klaw/plugin-sdk/runtime";
+export type { SecretInput } from "klaw/plugin-sdk/secret-input";
+export { fetchWithSsrFGuard } from "klaw/plugin-sdk/ssrf-runtime";
+export { setNextcloudTalkRuntime } from "./src/runtime.js";

package/secret-contract-api.ts

@@ -0,0 +1,5 @@
+export {
+  channelSecrets,
+  collectRuntimeConfigAssignments,
+  secretTargetRegistryEntries,
+} from "./src/secret-contract.js";

package/setup-entry.ts

@@ -0,0 +1,13 @@
+import { defineBundledChannelSetupEntry } from "klaw/plugin-sdk/channel-entry-contract";
+
+export default defineBundledChannelSetupEntry({
+  importMetaUrl: import.meta.url,
+  plugin: {
+    specifier: "./api.js",
+    exportName: "nextcloudTalkPlugin",
+  },
+  secrets: {
+    specifier: "./secret-contract-api.js",
+    exportName: "channelSecrets",
+  },
+});

package/src/accounts.test.ts

@@ -0,0 +1,31 @@
+import { describe, expect, it } from "vitest";
+import {
+  listNextcloudTalkAccountIds,
+  resolveDefaultNextcloudTalkAccountId,
+  resolveNextcloudTalkAccount,
+} from "./accounts.js";
+import type { CoreConfig } from "./types.js";
+
+describe("Nextcloud Talk account resolution", () => {
+  it("preserves top-level default account when named accounts are configured", () => {
+    const cfg = {
+      channels: {
+        "nextcloud-talk": {
+          baseUrl: "https://cloud.example.com",
+          botSecret: "shared-secret",
+          accounts: {
+            work: { enabled: false },
+          },
+        },
+      },
+    } satisfies CoreConfig;
+
+    expect(listNextcloudTalkAccountIds(cfg)).toEqual(["default", "work"]);
+    expect(resolveDefaultNextcloudTalkAccountId(cfg)).toBe("default");
+    expect(resolveNextcloudTalkAccount({ cfg })).toMatchObject({
+      accountId: "default",
+      baseUrl: "https://cloud.example.com",
+      secret: "shared-secret",
+    });
+  });
+});

package/src/accounts.ts

@@ -0,0 +1,149 @@
+import {
+  createAccountListHelpers,
+  DEFAULT_ACCOUNT_ID,
+  hasConfiguredAccountValue,
+  normalizeAccountId,
+  resolveAccountWithDefaultFallback,
+  resolveMergedAccountConfig,
+} from "klaw/plugin-sdk/account-core";
+import { tryReadSecretFileSync } from "klaw/plugin-sdk/secret-file-runtime";
+import {
+  normalizeLowercaseStringOrEmpty,
+  normalizeOptionalString,
+} from "klaw/plugin-sdk/string-coerce-runtime";
+import { normalizeResolvedSecretInputString } from "./secret-input.js";
+import type { CoreConfig, NextcloudTalkAccountConfig } from "./types.js";
+
+function isTruthyEnvValue(value?: string): boolean {
+  const normalized = normalizeLowercaseStringOrEmpty(value);
+  return normalized === "true" || normalized === "1" || normalized === "yes" || normalized === "on";
+}
+
+const debugAccounts = (...args: unknown[]) => {
+  if (isTruthyEnvValue(process.env.KLAW_DEBUG_NEXTCLOUD_TALK_ACCOUNTS)) {
+    console.warn("[nextcloud-talk:accounts]", ...args);
+  }
+};
+
+export type ResolvedNextcloudTalkAccount = {
+  accountId: string;
+  enabled: boolean;
+  name?: string;
+  baseUrl: string;
+  secret: string;
+  secretSource: "env" | "secretFile" | "config" | "none";
+  config: NextcloudTalkAccountConfig;
+};
+
+const {
+  listAccountIds: listNextcloudTalkAccountIdsInternal,
+  resolveDefaultAccountId: resolveDefaultNextcloudTalkAccountId,
+} = createAccountListHelpers("nextcloud-talk", {
+  normalizeAccountId,
+  hasImplicitDefaultAccount: (cfg) => {
+    const channel = cfg.channels?.["nextcloud-talk"];
+    return Boolean(
+      channel?.baseUrl?.trim() &&
+      (hasConfiguredAccountValue(channel.botSecret) ||
+        channel.botSecretFile?.trim() ||
+        process.env.NEXTCLOUD_TALK_BOT_SECRET?.trim()),
+    );
+  },
+});
+export { resolveDefaultNextcloudTalkAccountId };
+
+export function listNextcloudTalkAccountIds(cfg: CoreConfig): string[] {
+  const ids = listNextcloudTalkAccountIdsInternal(cfg);
+  debugAccounts("listNextcloudTalkAccountIds", ids);
+  return ids;
+}
+
+function mergeNextcloudTalkAccountConfig(
+  cfg: CoreConfig,
+  accountId: string,
+): NextcloudTalkAccountConfig {
+  return resolveMergedAccountConfig<NextcloudTalkAccountConfig>({
+    channelConfig: cfg.channels?.["nextcloud-talk"] as NextcloudTalkAccountConfig | undefined,
+    accounts: cfg.channels?.["nextcloud-talk"]?.accounts as
+      | Record<string, Partial<NextcloudTalkAccountConfig>>
+      | undefined,
+    accountId,
+    omitKeys: ["defaultAccount"],
+    normalizeAccountId,
+  });
+}
+
+function resolveNextcloudTalkSecret(
+  cfg: CoreConfig,
+  opts: { accountId?: string },
+): { secret: string; source: ResolvedNextcloudTalkAccount["secretSource"] } {
+  const resolvedAccountId = opts.accountId ?? resolveDefaultNextcloudTalkAccountId(cfg);
+  const merged = mergeNextcloudTalkAccountConfig(cfg, resolvedAccountId);
+
+  const envSecret = normalizeOptionalString(process.env.NEXTCLOUD_TALK_BOT_SECRET);
+  if (envSecret && resolvedAccountId === DEFAULT_ACCOUNT_ID) {
+    return { secret: envSecret, source: "env" };
+  }
+
+  if (merged.botSecretFile) {
+    const fileSecret = tryReadSecretFileSync(
+      merged.botSecretFile,
+      "Nextcloud Talk bot secret file",
+      { rejectSymlink: true },
+    );
+    if (fileSecret) {
+      return { secret: fileSecret, source: "secretFile" };
+    }
+  }
+
+  const inlineSecret = normalizeResolvedSecretInputString({
+    value: merged.botSecret,
+    path: `channels.nextcloud-talk.accounts.${resolvedAccountId}.botSecret`,
+  });
+  if (inlineSecret) {
+    return { secret: inlineSecret, source: "config" };
+  }
+
+  return { secret: "", source: "none" };
+}
+
+export function resolveNextcloudTalkAccount(params: {
+  cfg: CoreConfig;
+  accountId?: string | null;
+}): ResolvedNextcloudTalkAccount {
+  const baseEnabled = params.cfg.channels?.["nextcloud-talk"]?.enabled !== false;
+  const resolvedAccountId = params.accountId ?? resolveDefaultNextcloudTalkAccountId(params.cfg);
+
+  const resolve = (accountId: string) => {
+    const merged = mergeNextcloudTalkAccountConfig(params.cfg, accountId);
+    const accountEnabled = merged.enabled !== false;
+    const enabled = baseEnabled && accountEnabled;
+    const secretResolution = resolveNextcloudTalkSecret(params.cfg, { accountId });
+    const baseUrl = merged.baseUrl?.trim()?.replace(/\/$/, "") ?? "";
+
+    debugAccounts("resolve", {
+      accountId,
+      enabled,
+      secretSource: secretResolution.source,
+      baseUrl: baseUrl ? "[set]" : "[missing]",
+    });
+
+    return {
+      accountId,
+      enabled,
+      name: normalizeOptionalString(merged.name),
+      baseUrl,
+      secret: secretResolution.secret,
+      secretSource: secretResolution.source,
+      config: merged,
+    } satisfies ResolvedNextcloudTalkAccount;
+  };
+
+  return resolveAccountWithDefaultFallback({
+    accountId: resolvedAccountId,
+    normalizeAccountId,
+    resolvePrimary: resolve,
+    hasCredential: (account) => account.secretSource !== "none",
+    resolveDefaultAccountId: () => resolveDefaultNextcloudTalkAccountId(params.cfg),
+  });
+}

package/src/api-credentials.ts

@@ -0,0 +1,31 @@
+import { readFileSync } from "node:fs";
+import { normalizeResolvedSecretInputString } from "./secret-input.js";
+
+export function resolveNextcloudTalkApiCredentials(params: {
+  apiUser?: string;
+  apiPassword?: unknown;
+  apiPasswordFile?: string;
+}): { apiUser: string; apiPassword: string } | undefined {
+  const apiUser = params.apiUser?.trim();
+  if (!apiUser) {
+    return undefined;
+  }
+
+  const inlinePassword = normalizeResolvedSecretInputString({
+    value: params.apiPassword,
+    path: "channels.nextcloud-talk.apiPassword",
+  });
+  if (inlinePassword) {
+    return { apiUser, apiPassword: inlinePassword };
+  }
+
+  if (!params.apiPasswordFile) {
+    return undefined;
+  }
+  try {
+    const filePassword = readFileSync(params.apiPasswordFile, "utf-8").trim();
+    return filePassword ? { apiUser, apiPassword: filePassword } : undefined;
+  } catch {
+    return undefined;
+  }
+}

package/src/approval-auth.test.ts

@@ -0,0 +1,17 @@
+import { describe, expect, it } from "vitest";
+import { nextcloudTalkApprovalAuth } from "./approval-auth.js";
+
+describe("nextcloudTalkApprovalAuth", () => {
+  it("matches Nextcloud Talk actor ids case-insensitively", () => {
+    const cfg = { channels: { "nextcloud-talk": { allowFrom: ["Owner"] } } };
+
+    expect(
+      nextcloudTalkApprovalAuth.authorizeActorAction({
+        cfg,
+        senderId: "owner",
+        action: "approve",
+        approvalKind: "exec",
+      }),
+    ).toEqual({ authorized: true });
+  });
+});

package/src/approval-auth.ts

@@ -0,0 +1,27 @@
+import {
+  createResolvedApproverActionAuthAdapter,
+  resolveApprovalApprovers,
+} from "klaw/plugin-sdk/approval-auth-runtime";
+import { normalizeOptionalLowercaseString } from "klaw/plugin-sdk/string-coerce-runtime";
+import { resolveNextcloudTalkAccount } from "./accounts.js";
+import type { CoreConfig } from "./types.js";
+
+function normalizeNextcloudTalkApproverId(value: string | number): string | undefined {
+  return normalizeOptionalLowercaseString(
+    String(value)
+      .trim()
+      .replace(/^(nextcloud-talk|nc-talk|nc):/i, ""),
+  );
+}
+
+export const nextcloudTalkApprovalAuth = createResolvedApproverActionAuthAdapter({
+  channelLabel: "Nextcloud Talk",
+  resolveApprovers: ({ cfg, accountId }) => {
+    const account = resolveNextcloudTalkAccount({ cfg: cfg as CoreConfig, accountId });
+    return resolveApprovalApprovers({
+      allowFrom: account.config.allowFrom,
+      normalizeApprover: normalizeNextcloudTalkApproverId,
+    });
+  },
+  normalizeSenderId: (value) => normalizeNextcloudTalkApproverId(value),
+});

package/src/bot-preflight.test.ts

@@ -0,0 +1,135 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import type { ResolvedNextcloudTalkAccount } from "./accounts.js";
+
+const hoisted = vi.hoisted(() => ({
+  fetchWithSsrFGuard: vi.fn(),
+  ssrfPolicyFromPrivateNetworkOptIn: vi.fn(() => undefined),
+}));
+
+vi.mock("../runtime-api.js", () => ({
+  fetchWithSsrFGuard: hoisted.fetchWithSsrFGuard,
+}));
+
+vi.mock("./send.runtime.js", () => ({
+  ssrfPolicyFromPrivateNetworkOptIn: hoisted.ssrfPolicyFromPrivateNetworkOptIn,
+}));
+
+const { probeNextcloudTalkBotResponseFeature } = await import("./bot-preflight.js");
+
+function account(
+  overrides: Partial<ResolvedNextcloudTalkAccount> = {},
+): ResolvedNextcloudTalkAccount {
+  return {
+    accountId: "default",
+    enabled: true,
+    baseUrl: "https://cloud.example.com",
+    secret: "secret",
+    secretSource: "config",
+    config: {
+      baseUrl: "https://cloud.example.com",
+      botSecret: "secret",
+      apiUser: "admin",
+      apiPassword: "app-password",
+      webhookPublicUrl: "https://bot.example.com/nextcloud-talk-webhook",
+    },
+    ...overrides,
+  };
+}
+
+function mockBotAdmin(features: number): void {
+  hoisted.fetchWithSsrFGuard.mockResolvedValueOnce({
+    response: new Response(
+      JSON.stringify({
+        ocs: {
+          data: [
+            {
+              id: 7,
+              name: "Klaw",
+              url: "https://bot.example.com/nextcloud-talk-webhook",
+              features,
+            },
+          ],
+        },
+      }),
+      { status: 200, headers: { "content-type": "application/json" } },
+    ),
+    release: async () => {},
+    finalUrl: "https://cloud.example.com/ocs/v2.php/apps/spreed/api/v1/bot/admin",
+  });
+}
+
+describe("probeNextcloudTalkBotResponseFeature", () => {
+  beforeEach(() => {
+    hoisted.fetchWithSsrFGuard.mockClear();
+  });
+
+  afterEach(() => {
+    hoisted.fetchWithSsrFGuard.mockReset();
+  });
+
+  it("passes when the matching bot has the response feature bit", async () => {
+    mockBotAdmin(1 | 2 | 8);
+
+    await expect(probeNextcloudTalkBotResponseFeature({ account: account() })).resolves.toEqual({
+      ok: true,
+      code: "ok",
+      botId: "7",
+      botName: "Klaw",
+      features: 11,
+      message: 'Nextcloud Talk bot "Klaw" has the response feature.',
+    });
+  });
+
+  it("reports missing response feature for the matching webhook bot", async () => {
+    mockBotAdmin(1 | 8);
+
+    await expect(probeNextcloudTalkBotResponseFeature({ account: account() })).resolves.toEqual({
+      ok: false,
+      code: "missing_response_feature",
+      botId: "7",
+      botName: "Klaw",
+      features: 9,
+      message:
+        'Nextcloud Talk bot "Klaw" (7) is missing the response feature (features=9); outbound replies will fail. Run ./occ talk:bot:state --feature webhook --feature response --feature reaction 7 1 or reinstall the bot with --feature response.',
+    });
+  });
+
+  it("reports malformed bot admin JSON with a stable channel error", async () => {
+    hoisted.fetchWithSsrFGuard.mockResolvedValueOnce({
+      response: new Response("{ nope", {
+        status: 200,
+        headers: { "content-type": "application/json" },
+      }),
+      release: async () => {},
+      finalUrl: "https://cloud.example.com/ocs/v2.php/apps/spreed/api/v1/bot/admin",
+    });
+
+    await expect(probeNextcloudTalkBotResponseFeature({ account: account() })).resolves.toEqual({
+      ok: false,
+      code: "request_failed",
+      message:
+        "Nextcloud Talk bot response feature probe failed: Nextcloud Talk bot response feature probe failed: malformed JSON response",
+    });
+  });
+
+  it("skips when API credentials are absent", async () => {
+    await expect(
+      probeNextcloudTalkBotResponseFeature({
+        account: account({
+          config: {
+            baseUrl: "https://cloud.example.com",
+            botSecret: "secret",
+            webhookPublicUrl: "https://bot.example.com/nextcloud-talk-webhook",
+          },
+        }),
+      }),
+    ).resolves.toEqual({
+      ok: true,
+      skipped: true,
+      code: "missing_api_credentials",
+      message:
+        "Nextcloud Talk bot response feature probe skipped: apiUser/apiPassword are not configured.",
+    });
+    expect(hoisted.fetchWithSsrFGuard).not.toHaveBeenCalled();
+  });
+});

package/src/bot-preflight.ts

@@ -0,0 +1,183 @@
+import { formatErrorMessage } from "klaw/plugin-sdk/error-runtime";
+import { readProviderJsonResponse } from "klaw/plugin-sdk/provider-http";
+import { fetchWithSsrFGuard } from "../runtime-api.js";
+import type { ResolvedNextcloudTalkAccount } from "./accounts.js";
+import { resolveNextcloudTalkApiCredentials } from "./api-credentials.js";
+import { ssrfPolicyFromPrivateNetworkOptIn } from "./send.runtime.js";
+
+const BOT_FEATURE_RESPONSE = 2;
+
+type NextcloudTalkBotAdminEntry = {
+  id?: number | string;
+  name?: string;
+  url?: string;
+  features?: number | string;
+};
+
+export type NextcloudTalkBotResponseFeatureProbe = {
+  ok: boolean;
+  skipped?: boolean;
+  code:
+    | "ok"
+    | "missing_api_credentials"
+    | "missing_webhook_url"
+    | "missing_base_url"
+    | "bot_not_found"
+    | "missing_response_feature"
+    | "api_error"
+    | "request_failed";
+  message: string;
+  botId?: string;
+  botName?: string;
+  features?: number;
+  status?: number;
+};
+
+function normalizeUrlForMatch(value: string | undefined): string {
+  if (!value?.trim()) {
+    return "";
+  }
+  try {
+    const url = new URL(value.trim());
+    url.hash = "";
+    return url.toString().replace(/\/$/, "");
+  } catch {
+    return value.trim().replace(/\/$/, "");
+  }
+}
+
+function coerceFeatureMask(value: unknown): number | undefined {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value;
+  }
+  if (typeof value === "string" && value.trim()) {
+    const parsed = Number.parseInt(value, 10);
+    return Number.isFinite(parsed) ? parsed : undefined;
+  }
+  return undefined;
+}
+
+function formatMissingResponseFeatureMessage(bot: NextcloudTalkBotAdminEntry, features?: number) {
+  const id = bot.id == null ? "unknown" : String(bot.id);
+  const name = bot.name?.trim() || "matching bot";
+  const featureText = typeof features === "number" ? ` (features=${features})` : "";
+  return `Nextcloud Talk bot "${name}" (${id}) is missing the response feature${featureText}; outbound replies will fail. Run ./occ talk:bot:state --feature webhook --feature response --feature reaction ${id} 1 or reinstall the bot with --feature response.`;
+}
+
+export async function probeNextcloudTalkBotResponseFeature(params: {
+  account: ResolvedNextcloudTalkAccount;
+  timeoutMs?: number;
+}): Promise<NextcloudTalkBotResponseFeatureProbe> {
+  const { account, timeoutMs } = params;
+  const baseUrl = account.baseUrl?.trim();
+  if (!baseUrl) {
+    return {
+      ok: true,
+      skipped: true,
+      code: "missing_base_url",
+      message: "Nextcloud Talk bot response feature probe skipped: baseUrl is not configured.",
+    };
+  }
+
+  const webhookUrl = normalizeUrlForMatch(account.config.webhookPublicUrl);
+  if (!webhookUrl) {
+    return {
+      ok: true,
+      skipped: true,
+      code: "missing_webhook_url",
+      message:
+        "Nextcloud Talk bot response feature probe skipped: webhookPublicUrl is not configured.",
+    };
+  }
+
+  const credentials = resolveNextcloudTalkApiCredentials({
+    apiUser: account.config.apiUser,
+    apiPassword: account.config.apiPassword,
+    apiPasswordFile: account.config.apiPasswordFile,
+  });
+  if (!credentials) {
+    return {
+      ok: true,
+      skipped: true,
+      code: "missing_api_credentials",
+      message:
+        "Nextcloud Talk bot response feature probe skipped: apiUser/apiPassword are not configured.",
+    };
+  }
+
+  const url = `${baseUrl}/ocs/v2.php/apps/spreed/api/v1/bot/admin`;
+  const auth = Buffer.from(`${credentials.apiUser}:${credentials.apiPassword}`, "utf-8").toString(
+    "base64",
+  );
+
+  try {
+    const { response, release } = await fetchWithSsrFGuard({
+      url,
+      init: {
+        method: "GET",
+        headers: {
+          Authorization: `Basic ${auth}`,
+          "OCS-APIRequest": "true",
+          Accept: "application/json",
+        },
+      },
+      auditContext: "nextcloud-talk.bot-response-preflight",
+      policy: ssrfPolicyFromPrivateNetworkOptIn(account.config),
+      timeoutMs,
+    });
+    try {
+      if (!response.ok) {
+        const body = await response.text().catch(() => "");
+        return {
+          ok: false,
+          code: "api_error",
+          status: response.status,
+          message: `Nextcloud Talk bot response feature probe failed (${response.status})${body ? `: ${body}` : ""}`,
+        };
+      }
+
+      const payload = await readProviderJsonResponse<{
+        ocs?: { data?: NextcloudTalkBotAdminEntry[] };
+      }>(response, "Nextcloud Talk bot response feature probe failed");
+      const bots = Array.isArray(payload.ocs?.data) ? payload.ocs.data : [];
+      const bot = bots.find((entry) => normalizeUrlForMatch(entry.url) === webhookUrl);
+      if (!bot) {
+        return {
+          ok: false,
+          code: "bot_not_found",
+          message: `Nextcloud Talk bot response feature probe could not find a bot with webhook URL ${webhookUrl}.`,
+        };
+      }
+
+      const features = coerceFeatureMask(bot.features);
+      if (features == null || (features & BOT_FEATURE_RESPONSE) !== BOT_FEATURE_RESPONSE) {
+        return {
+          ok: false,
+          code: "missing_response_feature",
+          botId: bot.id == null ? undefined : String(bot.id),
+          botName: bot.name,
+          features,
+          message: formatMissingResponseFeatureMessage(bot, features),
+        };
+      }
+
+      return {
+        ok: true,
+        code: "ok",
+        botId: bot.id == null ? undefined : String(bot.id),
+        botName: bot.name,
+        features,
+        message: `Nextcloud Talk bot "${bot.name ?? bot.id ?? "matching bot"}" has the response feature.`,
+      };
+    } finally {
+      await release();
+    }
+  } catch (error) {
+    const detail = error instanceof Error ? error.message : formatErrorMessage(error);
+    return {
+      ok: false,
+      code: "request_failed",
+      message: `Nextcloud Talk bot response feature probe failed: ${detail}`,
+    };
+  }
+}

package/src/channel-api.ts

@@ -0,0 +1,5 @@
+export type { ChannelPlugin } from "klaw/plugin-sdk/channel-plugin-common";
+export type { KlawConfig } from "klaw/plugin-sdk/config-contracts";
+export { clearAccountEntryFields } from "klaw/plugin-sdk/channel-plugin-common";
+export { DEFAULT_ACCOUNT_ID } from "klaw/plugin-sdk/account-id";
+export { buildChannelConfigSchema } from "klaw/plugin-sdk/channel-config-schema";