@kodelyth/zalo 2026.5.39 → 2026.6.1

package/dist/monitor.webhook-CDxUxa9l.js

@@ -0,0 +1,175 @@
+import { B as registerWebhookTargetWithPluginRoute, I as readJsonWebhookBodyOrReject, K as resolveWebhookTargetWithAuthOrRejectSync, Q as withResolvedWebhookRequestPipeline, V as resolveClientIp, a as WEBHOOK_ANOMALY_COUNTER_DEFAULTS, b as createFixedWindowRateLimiter, l as applyBasicWebhookRequestGuards, o as WEBHOOK_RATE_LIMIT_DEFAULTS, x as createWebhookAnomalyTracker, z as registerWebhookTarget } from "./runtime-api-CxXTp1Q2.js";
+import { safeEqualSecret } from "klaw/plugin-sdk/security-runtime";
+import { createClaimableDedupe } from "klaw/plugin-sdk/persistent-dedupe";
+//#region extensions/zalo/src/monitor.webhook.ts
+const ZALO_WEBHOOK_REPLAY_WINDOW_MS = 5 * 6e4;
+const webhookTargets = /* @__PURE__ */ new Map();
+const webhookRateLimiter = createFixedWindowRateLimiter({
+	windowMs: WEBHOOK_RATE_LIMIT_DEFAULTS.windowMs,
+	maxRequests: WEBHOOK_RATE_LIMIT_DEFAULTS.maxRequests,
+	maxTrackedKeys: WEBHOOK_RATE_LIMIT_DEFAULTS.maxTrackedKeys
+});
+const recentWebhookEvents = createClaimableDedupe({
+	ttlMs: ZALO_WEBHOOK_REPLAY_WINDOW_MS,
+	memoryMaxSize: 5e3
+});
+const webhookAnomalyTracker = createWebhookAnomalyTracker({
+	maxTrackedKeys: WEBHOOK_ANOMALY_COUNTER_DEFAULTS.maxTrackedKeys,
+	ttlMs: WEBHOOK_ANOMALY_COUNTER_DEFAULTS.ttlMs,
+	logEvery: WEBHOOK_ANOMALY_COUNTER_DEFAULTS.logEvery
+});
+function clearZaloWebhookSecurityStateForTest() {
+	webhookRateLimiter.clear();
+	recentWebhookEvents.clearMemory();
+	webhookAnomalyTracker.clear();
+}
+function getZaloWebhookRateLimitStateSizeForTest() {
+	return webhookRateLimiter.size();
+}
+function getZaloWebhookStatusCounterSizeForTest() {
+	return webhookAnomalyTracker.size();
+}
+function timingSafeEquals(left, right) {
+	return safeEqualSecret(left, right);
+}
+function buildReplayEventCacheKey(target, update) {
+	const messageId = update.message?.message_id;
+	if (!messageId) return null;
+	const chatId = update.message?.chat?.id ?? "";
+	const senderId = update.message?.from?.id ?? "";
+	return JSON.stringify([
+		target.path,
+		target.account.accountId,
+		update.event_name,
+		chatId,
+		senderId,
+		messageId
+	]);
+}
+var ZaloRetryableWebhookError = class extends Error {
+	constructor(message, options) {
+		super(message, options);
+		this.name = "ZaloRetryableWebhookError";
+	}
+};
+async function processZaloReplayGuardedUpdate(params) {
+	const replayEventKey = buildReplayEventCacheKey(params.target, params.update);
+	if (replayEventKey) {
+		if ((await recentWebhookEvents.claim(replayEventKey, { now: params.nowMs })).kind !== "claimed") return "duplicate";
+	}
+	params.target.statusSink?.({ lastInboundAt: Date.now() });
+	try {
+		await params.processUpdate({
+			update: params.update,
+			target: params.target
+		});
+		if (replayEventKey) await recentWebhookEvents.commit(replayEventKey);
+		return "processed";
+	} catch (error) {
+		if (replayEventKey) if (error instanceof ZaloRetryableWebhookError) recentWebhookEvents.release(replayEventKey, { error });
+		else await recentWebhookEvents.commit(replayEventKey);
+		throw error;
+	}
+}
+function recordWebhookStatus(runtime, path, statusCode) {
+	webhookAnomalyTracker.record({
+		key: `${path}:${statusCode}`,
+		statusCode,
+		log: runtime?.log,
+		message: (count) => `[zalo] webhook anomaly path=${path} status=${statusCode} count=${String(count)}`
+	});
+}
+function headerValue(value) {
+	return Array.isArray(value) ? value[0] : value;
+}
+function registerZaloWebhookTarget(target, opts) {
+	if (opts?.route) return registerWebhookTargetWithPluginRoute({
+		targetsByPath: webhookTargets,
+		target,
+		route: opts.route,
+		onLastPathTargetRemoved: opts.onLastPathTargetRemoved
+	}).unregister;
+	return registerWebhookTarget(webhookTargets, target, opts).unregister;
+}
+async function handleZaloWebhookRequest(req, res, processUpdate) {
+	return await withResolvedWebhookRequestPipeline({
+		req,
+		res,
+		targetsByPath: webhookTargets,
+		allowMethods: ["POST"],
+		handle: async ({ targets, path }) => {
+			const trustedProxies = targets[0]?.config.gateway?.trustedProxies;
+			const allowRealIpFallback = targets[0]?.config.gateway?.allowRealIpFallback === true;
+			const rateLimitKey = `${path}:${resolveClientIp({
+				remoteAddr: req.socket.remoteAddress,
+				forwardedFor: headerValue(req.headers["x-forwarded-for"]),
+				realIp: headerValue(req.headers["x-real-ip"]),
+				trustedProxies,
+				allowRealIpFallback
+			}) ?? req.socket.remoteAddress ?? "unknown"}`;
+			const nowMs = Date.now();
+			if (!applyBasicWebhookRequestGuards({
+				req,
+				res,
+				rateLimiter: webhookRateLimiter,
+				rateLimitKey,
+				nowMs
+			})) {
+				recordWebhookStatus(targets[0]?.runtime, path, res.statusCode);
+				return true;
+			}
+			const headerToken = String(req.headers["x-bot-api-secret-token"] ?? "");
+			const target = resolveWebhookTargetWithAuthOrRejectSync({
+				targets,
+				res,
+				isMatch: (entry) => timingSafeEquals(entry.secret, headerToken)
+			});
+			if (!target) {
+				recordWebhookStatus(targets[0]?.runtime, path, res.statusCode);
+				return true;
+			}
+			if (!applyBasicWebhookRequestGuards({
+				req,
+				res,
+				requireJsonContentType: true
+			})) {
+				recordWebhookStatus(target.runtime, path, res.statusCode);
+				return true;
+			}
+			const body = await readJsonWebhookBodyOrReject({
+				req,
+				res,
+				maxBytes: 1024 * 1024,
+				timeoutMs: 3e4,
+				emptyObjectOnEmpty: false,
+				invalidJsonMessage: "Bad Request"
+			});
+			if (!body.ok) {
+				recordWebhookStatus(target.runtime, path, res.statusCode);
+				return true;
+			}
+			const raw = body.value;
+			const record = raw && typeof raw === "object" ? raw : null;
+			const update = record && record.ok === true && record.result ? record.result : record ?? void 0;
+			if (!update?.event_name) {
+				res.statusCode = 400;
+				res.end("Bad Request");
+				recordWebhookStatus(target.runtime, path, res.statusCode);
+				return true;
+			}
+			processZaloReplayGuardedUpdate({
+				target,
+				update,
+				processUpdate,
+				nowMs
+			}).catch((err) => {
+				target.runtime.error?.(`[${target.account.accountId}] Zalo webhook failed: ${String(err)}`);
+			});
+			res.statusCode = 200;
+			res.end("ok");
+			return true;
+		}
+	});
+}
+//#endregion
+export { ZaloRetryableWebhookError, clearZaloWebhookSecurityStateForTest, getZaloWebhookRateLimitStateSizeForTest, getZaloWebhookStatusCounterSizeForTest, handleZaloWebhookRequest, processZaloReplayGuardedUpdate, registerZaloWebhookTarget };

package/dist/runtime-api-CxXTp1Q2.js

@@ -0,0 +1,23 @@
+import { formatAllowFromLowercase as formatAllowFromLowercase$1, isNormalizedSenderAllowed } from "klaw/plugin-sdk/allow-from";
+import { createChannelMessageReplyPipeline } from "klaw/plugin-sdk/channel-message";
+import { PAIRING_APPROVED_MESSAGE, buildTokenChannelStatusSummary as buildTokenChannelStatusSummary$1 } from "klaw/plugin-sdk/channel-status";
+import { deliverTextOrMediaReply as deliverTextOrMediaReply$1, isNumericTargetId as isNumericTargetId$1, sendPayloadWithChunkedTextAndMedia as sendPayloadWithChunkedTextAndMedia$1 } from "klaw/plugin-sdk/reply-payload";
+import { buildBaseAccountStatusSnapshot } from "klaw/plugin-sdk/status-helpers";
+import { chunkTextForOutbound as chunkTextForOutbound$1 } from "klaw/plugin-sdk/text-chunking";
+import { DEFAULT_ACCOUNT_ID as DEFAULT_ACCOUNT_ID$1, buildChannelConfigSchema, createDedupeCache, formatPairingApproveHint, jsonResult, normalizeAccountId as normalizeAccountId$1, readStringParam, resolveClientIp } from "klaw/plugin-sdk/core";
+import { buildSecretInputSchema, hasConfiguredSecretInput as hasConfiguredSecretInput$1, normalizeResolvedSecretInputString, normalizeSecretInputString } from "klaw/plugin-sdk/secret-input";
+import { addWildcardAllowFrom as addWildcardAllowFrom$1, applyAccountNameToChannelSection, applySetupAccountConfigPatch, buildSingleChannelSecretPromptState as buildSingleChannelSecretPromptState$1, mergeAllowFromEntries as mergeAllowFromEntries$1, migrateBaseNameToDefaultAccount, promptSingleChannelSecretInput as promptSingleChannelSecretInput$1, runSingleChannelSecretStep as runSingleChannelSecretStep$1, setTopLevelChannelDmPolicyWithAllowFrom } from "klaw/plugin-sdk/setup";
+import { resolveDefaultGroupPolicy as resolveDefaultGroupPolicy$1, resolveOpenProviderRuntimeGroupPolicy as resolveOpenProviderRuntimeGroupPolicy$1, warnMissingProviderGroupPolicyFallbackOnce as warnMissingProviderGroupPolicyFallbackOnce$1 } from "klaw/plugin-sdk/runtime-group-policy";
+import { createChannelPairingController as createChannelPairingController$1 } from "klaw/plugin-sdk/channel-pairing";
+import { logTypingFailure as logTypingFailure$1 } from "klaw/plugin-sdk/channel-feedback";
+import { resolveInboundRouteEnvelopeBuilderWithRuntime as resolveInboundRouteEnvelopeBuilderWithRuntime$1 } from "klaw/plugin-sdk/inbound-envelope";
+import { waitForAbortSignal } from "klaw/plugin-sdk/runtime";
+import { WEBHOOK_ANOMALY_COUNTER_DEFAULTS, WEBHOOK_RATE_LIMIT_DEFAULTS, applyBasicWebhookRequestGuards, createFixedWindowRateLimiter, createWebhookAnomalyTracker, readJsonWebhookBodyOrReject, registerPluginHttpRoute as registerPluginHttpRoute$1, registerWebhookTarget, registerWebhookTargetWithPluginRoute, resolveWebhookPath as resolveWebhookPath$1, resolveWebhookTargetWithAuthOrRejectSync, withResolvedWebhookRequestPipeline } from "klaw/plugin-sdk/webhook-ingress";
+import { createPluginRuntimeStore } from "klaw/plugin-sdk/runtime-store";
+//#region extensions/zalo/src/runtime.ts
+const { setRuntime: setZaloRuntime, getRuntime: getZaloRuntime } = createPluginRuntimeStore({
+	pluginId: "zalo",
+	errorMessage: "Zalo runtime not initialized"
+});
+//#endregion
+export { mergeAllowFromEntries$1 as A, registerWebhookTargetWithPluginRoute as B, formatAllowFromLowercase$1 as C, isNumericTargetId$1 as D, isNormalizedSenderAllowed as E, promptSingleChannelSecretInput$1 as F, resolveWebhookPath$1 as G, resolveDefaultGroupPolicy$1 as H, readJsonWebhookBodyOrReject as I, sendPayloadWithChunkedTextAndMedia$1 as J, resolveWebhookTargetWithAuthOrRejectSync as K, readStringParam as L, normalizeAccountId$1 as M, normalizeResolvedSecretInputString as N, jsonResult as O, normalizeSecretInputString as P, withResolvedWebhookRequestPipeline as Q, registerPluginHttpRoute$1 as R, deliverTextOrMediaReply$1 as S, hasConfiguredSecretInput$1 as T, resolveInboundRouteEnvelopeBuilderWithRuntime$1 as U, resolveClientIp as V, resolveOpenProviderRuntimeGroupPolicy$1 as W, waitForAbortSignal as X, setTopLevelChannelDmPolicyWithAllowFrom as Y, warnMissingProviderGroupPolicyFallbackOnce$1 as Z, createChannelMessageReplyPipeline as _, WEBHOOK_ANOMALY_COUNTER_DEFAULTS as a, createFixedWindowRateLimiter as b, applyAccountNameToChannelSection as c, buildBaseAccountStatusSnapshot as d, buildChannelConfigSchema as f, chunkTextForOutbound$1 as g, buildTokenChannelStatusSummary$1 as h, PAIRING_APPROVED_MESSAGE as i, migrateBaseNameToDefaultAccount as j, logTypingFailure$1 as k, applyBasicWebhookRequestGuards as l, buildSingleChannelSecretPromptState$1 as m, setZaloRuntime as n, WEBHOOK_RATE_LIMIT_DEFAULTS as o, buildSecretInputSchema as p, runSingleChannelSecretStep$1 as q, DEFAULT_ACCOUNT_ID$1 as r, addWildcardAllowFrom$1 as s, getZaloRuntime as t, applySetupAccountConfigPatch as u, createChannelPairingController$1 as v, formatPairingApproveHint as w, createWebhookAnomalyTracker as x, createDedupeCache as y, registerWebhookTarget as z };

package/dist/runtime-api.js

@@ -0,0 +1,2 @@
+import { A as mergeAllowFromEntries, B as registerWebhookTargetWithPluginRoute, C as formatAllowFromLowercase, D as isNumericTargetId, E as isNormalizedSenderAllowed, F as promptSingleChannelSecretInput, G as resolveWebhookPath, H as resolveDefaultGroupPolicy, I as readJsonWebhookBodyOrReject, J as sendPayloadWithChunkedTextAndMedia, K as resolveWebhookTargetWithAuthOrRejectSync, L as readStringParam, M as normalizeAccountId, N as normalizeResolvedSecretInputString, O as jsonResult, P as normalizeSecretInputString, Q as withResolvedWebhookRequestPipeline, R as registerPluginHttpRoute, S as deliverTextOrMediaReply, T as hasConfiguredSecretInput, U as resolveInboundRouteEnvelopeBuilderWithRuntime, V as resolveClientIp, W as resolveOpenProviderRuntimeGroupPolicy, X as waitForAbortSignal, Y as setTopLevelChannelDmPolicyWithAllowFrom, Z as warnMissingProviderGroupPolicyFallbackOnce, _ as createChannelMessageReplyPipeline, a as WEBHOOK_ANOMALY_COUNTER_DEFAULTS, b as createFixedWindowRateLimiter, c as applyAccountNameToChannelSection, d as buildBaseAccountStatusSnapshot, f as buildChannelConfigSchema, g as chunkTextForOutbound, h as buildTokenChannelStatusSummary, i as PAIRING_APPROVED_MESSAGE, j as migrateBaseNameToDefaultAccount, k as logTypingFailure, l as applyBasicWebhookRequestGuards, m as buildSingleChannelSecretPromptState, n as setZaloRuntime, o as WEBHOOK_RATE_LIMIT_DEFAULTS, p as buildSecretInputSchema, q as runSingleChannelSecretStep, r as DEFAULT_ACCOUNT_ID, s as addWildcardAllowFrom, u as applySetupAccountConfigPatch, v as createChannelPairingController, w as formatPairingApproveHint, x as createWebhookAnomalyTracker, y as createDedupeCache, z as registerWebhookTarget } from "./runtime-api-CxXTp1Q2.js";
+export { DEFAULT_ACCOUNT_ID, PAIRING_APPROVED_MESSAGE, WEBHOOK_ANOMALY_COUNTER_DEFAULTS, WEBHOOK_RATE_LIMIT_DEFAULTS, addWildcardAllowFrom, applyAccountNameToChannelSection, applyBasicWebhookRequestGuards, applySetupAccountConfigPatch, buildBaseAccountStatusSnapshot, buildChannelConfigSchema, buildSecretInputSchema, buildSingleChannelSecretPromptState, buildTokenChannelStatusSummary, chunkTextForOutbound, createChannelMessageReplyPipeline, createChannelPairingController, createDedupeCache, createFixedWindowRateLimiter, createWebhookAnomalyTracker, deliverTextOrMediaReply, formatAllowFromLowercase, formatPairingApproveHint, hasConfiguredSecretInput, isNormalizedSenderAllowed, isNumericTargetId, jsonResult, logTypingFailure, mergeAllowFromEntries, migrateBaseNameToDefaultAccount, normalizeAccountId, normalizeResolvedSecretInputString, normalizeSecretInputString, promptSingleChannelSecretInput, readJsonWebhookBodyOrReject, readStringParam, registerPluginHttpRoute, registerWebhookTarget, registerWebhookTargetWithPluginRoute, resolveClientIp, resolveDefaultGroupPolicy, resolveInboundRouteEnvelopeBuilderWithRuntime, resolveOpenProviderRuntimeGroupPolicy, resolveWebhookPath, resolveWebhookTargetWithAuthOrRejectSync, runSingleChannelSecretStep, sendPayloadWithChunkedTextAndMedia, setTopLevelChannelDmPolicyWithAllowFrom, setZaloRuntime, waitForAbortSignal, warnMissingProviderGroupPolicyFallbackOnce, withResolvedWebhookRequestPipeline };

package/dist/secret-contract-CRFukr2n.js

@@ -0,0 +1,87 @@
+import { collectConditionalChannelFieldAssignments, getChannelSurface, hasOwnProperty } from "klaw/plugin-sdk/channel-secret-basic-runtime";
+//#region extensions/zalo/src/secret-contract.ts
+const secretTargetRegistryEntries = [
+	{
+		id: "channels.zalo.accounts.*.botToken",
+		targetType: "channels.zalo.accounts.*.botToken",
+		configFile: "klaw.json",
+		pathPattern: "channels.zalo.accounts.*.botToken",
+		secretShape: "secret_input",
+		expectedResolvedValue: "string",
+		includeInPlan: true,
+		includeInConfigure: true,
+		includeInAudit: true
+	},
+	{
+		id: "channels.zalo.accounts.*.webhookSecret",
+		targetType: "channels.zalo.accounts.*.webhookSecret",
+		configFile: "klaw.json",
+		pathPattern: "channels.zalo.accounts.*.webhookSecret",
+		secretShape: "secret_input",
+		expectedResolvedValue: "string",
+		includeInPlan: true,
+		includeInConfigure: true,
+		includeInAudit: true
+	},
+	{
+		id: "channels.zalo.botToken",
+		targetType: "channels.zalo.botToken",
+		configFile: "klaw.json",
+		pathPattern: "channels.zalo.botToken",
+		secretShape: "secret_input",
+		expectedResolvedValue: "string",
+		includeInPlan: true,
+		includeInConfigure: true,
+		includeInAudit: true
+	},
+	{
+		id: "channels.zalo.webhookSecret",
+		targetType: "channels.zalo.webhookSecret",
+		configFile: "klaw.json",
+		pathPattern: "channels.zalo.webhookSecret",
+		secretShape: "secret_input",
+		expectedResolvedValue: "string",
+		includeInPlan: true,
+		includeInConfigure: true,
+		includeInAudit: true
+	}
+];
+function collectRuntimeConfigAssignments(params) {
+	const resolved = getChannelSurface(params.config, "zalo");
+	if (!resolved) return;
+	const { channel: zalo, surface } = resolved;
+	collectConditionalChannelFieldAssignments({
+		channelKey: "zalo",
+		field: "botToken",
+		channel: zalo,
+		surface,
+		defaults: params.defaults,
+		context: params.context,
+		topLevelActiveWithoutAccounts: true,
+		topLevelInheritedAccountActive: ({ account, enabled }) => enabled && !hasOwnProperty(account, "botToken"),
+		accountActive: ({ enabled }) => enabled,
+		topInactiveReason: "no enabled Zalo surface inherits this top-level botToken.",
+		accountInactiveReason: "Zalo account is disabled."
+	});
+	const baseWebhookUrl = typeof zalo.webhookUrl === "string" ? zalo.webhookUrl.trim() : "";
+	const accountWebhookUrl = (account) => hasOwnProperty(account, "webhookUrl") ? typeof account.webhookUrl === "string" ? account.webhookUrl.trim() : "" : baseWebhookUrl;
+	collectConditionalChannelFieldAssignments({
+		channelKey: "zalo",
+		field: "webhookSecret",
+		channel: zalo,
+		surface,
+		defaults: params.defaults,
+		context: params.context,
+		topLevelActiveWithoutAccounts: baseWebhookUrl.length > 0,
+		topLevelInheritedAccountActive: ({ account, enabled }) => enabled && !hasOwnProperty(account, "webhookSecret") && accountWebhookUrl(account).length > 0,
+		accountActive: ({ account, enabled }) => enabled && accountWebhookUrl(account).length > 0,
+		topInactiveReason: "no enabled Zalo webhook surface inherits this top-level webhookSecret (webhook mode is not active).",
+		accountInactiveReason: "Zalo account is disabled or webhook mode is not active for this account."
+	});
+}
+const channelSecrets = {
+	secretTargetRegistryEntries,
+	collectRuntimeConfigAssignments
+};
+//#endregion
+export { collectRuntimeConfigAssignments as n, secretTargetRegistryEntries as r, channelSecrets as t };

package/dist/secret-contract-api.js

@@ -0,0 +1,2 @@
+import { n as collectRuntimeConfigAssignments, r as secretTargetRegistryEntries, t as channelSecrets } from "./secret-contract-CRFukr2n.js";
+export { channelSecrets, collectRuntimeConfigAssignments, secretTargetRegistryEntries };

package/dist/send-CGAqdfSA.js

@@ -0,0 +1,270 @@
+import { d as resolveZaloToken, u as resolveZaloAccount } from "./setup-core-Dr75wK6l.js";
+import { createMessageReceiptFromOutboundResults } from "klaw/plugin-sdk/channel-message";
+import { formatErrorMessage } from "klaw/plugin-sdk/error-runtime";
+import { resolvePinnedHostnameWithPolicy } from "klaw/plugin-sdk/ssrf-runtime";
+import { makeProxyFetch } from "klaw/plugin-sdk/fetch-runtime";
+//#region extensions/zalo/src/api.ts
+/**
+* Zalo Bot API client
+* @see https://bot.zaloplatforms.com/docs
+*/
+const ZALO_API_BASE = "https://bot-api.zaloplatforms.com";
+const ZALO_MEDIA_SSRF_POLICY = {};
+var ZaloApiError = class extends Error {
+	constructor(message, errorCode, description) {
+		super(message);
+		this.errorCode = errorCode;
+		this.description = description;
+		this.name = "ZaloApiError";
+	}
+	/** True if this is a long-polling timeout (no updates available) */
+	get isPollingTimeout() {
+		return this.errorCode === 408;
+	}
+};
+/**
+* Call the Zalo Bot API
+*/
+async function callZaloApi(method, token, body, options) {
+	const url = `${ZALO_API_BASE}/bot${token}/${method}`;
+	const controller = new AbortController();
+	const timeoutId = options?.timeoutMs ? setTimeout(() => controller.abort(), options.timeoutMs) : void 0;
+	const fetcher = options?.fetch ?? fetch;
+	try {
+		const data = await (await fetcher(url, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: body ? JSON.stringify(body) : void 0,
+			signal: controller.signal
+		})).json();
+		if (!data.ok) throw new ZaloApiError(data.description ?? `Zalo API error: ${method}`, data.error_code, data.description);
+		return data;
+	} finally {
+		if (timeoutId) clearTimeout(timeoutId);
+	}
+}
+/**
+* Validate bot token and get bot info
+*/
+async function getMe(token, timeoutMs, fetcher) {
+	return callZaloApi("getMe", token, void 0, {
+		timeoutMs,
+		fetch: fetcher
+	});
+}
+/**
+* Send a text message
+*/
+async function sendMessage(token, params, fetcher) {
+	return callZaloApi("sendMessage", token, params, { fetch: fetcher });
+}
+/**
+* Send a photo message
+*/
+async function sendPhoto(token, params, fetcher) {
+	const photoUrl = params.photo.trim();
+	let parsedPhotoUrl;
+	try {
+		parsedPhotoUrl = new URL(photoUrl);
+	} catch {
+		throw new Error("Zalo photo URL must be an absolute HTTP or HTTPS URL");
+	}
+	if (parsedPhotoUrl.protocol !== "http:" && parsedPhotoUrl.protocol !== "https:") throw new Error("Zalo photo URL must use HTTP or HTTPS");
+	await resolvePinnedHostnameWithPolicy(parsedPhotoUrl.hostname, { policy: ZALO_MEDIA_SSRF_POLICY });
+	return callZaloApi("sendPhoto", token, {
+		...params,
+		photo: parsedPhotoUrl.href
+	}, { fetch: fetcher });
+}
+/**
+* Send a temporary chat action such as typing.
+*/
+async function sendChatAction(token, params, fetcher, timeoutMs) {
+	return callZaloApi("sendChatAction", token, params, {
+		timeoutMs,
+		fetch: fetcher
+	});
+}
+/**
+* Get updates using long polling (dev/testing only)
+* Note: Zalo returns a single update per call, not an array like Telegram
+*/
+async function getUpdates(token, params, fetcher) {
+	const pollTimeoutSec = params?.timeout ?? 30;
+	const timeoutMs = (pollTimeoutSec + 5) * 1e3;
+	return callZaloApi("getUpdates", token, { timeout: String(pollTimeoutSec) }, {
+		timeoutMs,
+		fetch: fetcher
+	});
+}
+/**
+* Set webhook URL for receiving updates
+*/
+async function setWebhook(token, params, fetcher) {
+	return callZaloApi("setWebhook", token, params, { fetch: fetcher });
+}
+/**
+* Delete webhook configuration
+*/
+async function deleteWebhook(token, fetcher, timeoutMs) {
+	return callZaloApi("deleteWebhook", token, void 0, {
+		timeoutMs,
+		fetch: fetcher
+	});
+}
+/**
+* Get current webhook info
+*/
+async function getWebhookInfo(token, fetcher) {
+	return callZaloApi("getWebhookInfo", token, void 0, { fetch: fetcher });
+}
+//#endregion
+//#region extensions/zalo/src/proxy.ts
+const proxyCache = /* @__PURE__ */ new Map();
+function resolveZaloProxyFetch(proxyUrl) {
+	const trimmed = proxyUrl?.trim();
+	if (!trimmed) return;
+	const cached = proxyCache.get(trimmed);
+	if (cached) return cached;
+	const fetcher = makeProxyFetch(trimmed);
+	proxyCache.set(trimmed, fetcher);
+	return fetcher;
+}
+//#endregion
+//#region extensions/zalo/src/send.ts
+function createZaloSendReceipt(params) {
+	const messageId = params.messageId?.trim();
+	return createMessageReceiptFromOutboundResults({
+		results: messageId ? [{
+			channel: "zalo",
+			messageId,
+			chatId: params.chatId
+		}] : [],
+		kind: params.kind
+	});
+}
+function toZaloSendResult(response, params) {
+	if (response.ok && response.result) return {
+		ok: true,
+		messageId: response.result.message_id,
+		receipt: createZaloSendReceipt({
+			messageId: response.result.message_id,
+			chatId: params.chatId,
+			kind: params.kind
+		})
+	};
+	return {
+		ok: false,
+		error: "Failed to send message",
+		receipt: createZaloSendReceipt({
+			chatId: params.chatId,
+			kind: params.kind
+		})
+	};
+}
+async function runZaloSend(failureMessage, params, send) {
+	try {
+		const result = toZaloSendResult(await send(), params);
+		return result.ok ? result : {
+			ok: false,
+			error: failureMessage,
+			receipt: result.receipt
+		};
+	} catch (err) {
+		return {
+			ok: false,
+			error: formatErrorMessage(err),
+			receipt: createZaloSendReceipt({
+				chatId: params.chatId,
+				kind: params.kind
+			})
+		};
+	}
+}
+function resolveSendContext(options) {
+	if (options.cfg) {
+		const account = resolveZaloAccount({
+			cfg: options.cfg,
+			accountId: options.accountId
+		});
+		return {
+			token: options.token || account.token,
+			fetcher: resolveZaloProxyFetch(options.proxy ?? account.config.proxy)
+		};
+	}
+	const token = options.token ?? resolveZaloToken(void 0, options.accountId).token;
+	const proxy = options.proxy;
+	return {
+		token,
+		fetcher: resolveZaloProxyFetch(proxy)
+	};
+}
+function resolveValidatedSendContext(chatId, options) {
+	const { token, fetcher } = resolveSendContext(options);
+	if (!token) return {
+		ok: false,
+		error: "No Zalo bot token configured"
+	};
+	const trimmedChatId = chatId?.trim();
+	if (!trimmedChatId) return {
+		ok: false,
+		error: "No chat_id provided"
+	};
+	return {
+		ok: true,
+		chatId: trimmedChatId,
+		token,
+		fetcher
+	};
+}
+function resolveSendContextOrFailure(chatId, options) {
+	const context = resolveValidatedSendContext(chatId, options);
+	return context.ok ? { context } : { failure: {
+		ok: false,
+		error: context.error,
+		receipt: createZaloSendReceipt({
+			chatId,
+			kind: "unknown"
+		})
+	} };
+}
+async function sendMessageZalo(chatId, text, options = {}) {
+	const resolved = resolveSendContextOrFailure(chatId, options);
+	if ("failure" in resolved) return resolved.failure;
+	const { context } = resolved;
+	if (options.mediaUrl) return sendPhotoZalo(context.chatId, options.mediaUrl, {
+		...options,
+		token: context.token,
+		caption: text || options.caption
+	});
+	return await runZaloSend("Failed to send message", {
+		chatId: context.chatId,
+		kind: "text"
+	}, () => sendMessage(context.token, {
+		chat_id: context.chatId,
+		text: text.slice(0, 2e3)
+	}, context.fetcher));
+}
+async function sendPhotoZalo(chatId, photoUrl, options = {}) {
+	const resolved = resolveSendContextOrFailure(chatId, options);
+	if ("failure" in resolved) return resolved.failure;
+	const { context } = resolved;
+	if (!photoUrl?.trim()) return {
+		ok: false,
+		error: "No photo URL provided",
+		receipt: createZaloSendReceipt({
+			chatId: context.chatId,
+			kind: "media"
+		})
+	};
+	return await runZaloSend("Failed to send photo", {
+		chatId: context.chatId,
+		kind: "media"
+	}, () => (async () => sendPhoto(context.token, {
+		chat_id: context.chatId,
+		photo: photoUrl.trim(),
+		caption: options.caption?.slice(0, 2e3)
+	}, context.fetcher))());
+}
+//#endregion
+export { getMe as a, sendChatAction as c, setWebhook as d, deleteWebhook as i, sendMessage as l, resolveZaloProxyFetch as n, getUpdates as o, ZaloApiError as r, getWebhookInfo as s, sendMessageZalo as t, sendPhoto as u };

package/dist/setup-api.js

@@ -0,0 +1,30 @@
+import { n as zaloDmPolicy, r as zaloSetupAdapter, t as createZaloSetupWizardProxy } from "./setup-core-Dr75wK6l.js";
+import { n as resolveZaloRuntimeGroupPolicy } from "./group-access-DTQVR6Nd.js";
+import { loadBundledEntryExportSync } from "klaw/plugin-sdk/channel-entry-contract";
+//#region extensions/zalo/setup-api.ts
+function createLazyObjectValue(load) {
+	return new Proxy({}, {
+		get(_target, property, receiver) {
+			return Reflect.get(load(), property, receiver);
+		},
+		has(_target, property) {
+			return property in load();
+		},
+		ownKeys() {
+			return Reflect.ownKeys(load());
+		},
+		getOwnPropertyDescriptor(_target, property) {
+			const descriptor = Object.getOwnPropertyDescriptor(load(), property);
+			return descriptor ? {
+				...descriptor,
+				configurable: true
+			} : void 0;
+		}
+	});
+}
+function loadSetupSurfaceModule() {
+	return loadBundledEntryExportSync(import.meta.url, { specifier: "./src/setup-surface.js" });
+}
+const zaloSetupWizard = createLazyObjectValue(() => loadSetupSurfaceModule().zaloSetupWizard);
+//#endregion
+export { createZaloSetupWizardProxy, resolveZaloRuntimeGroupPolicy, zaloDmPolicy, zaloSetupAdapter, zaloSetupWizard };