@kodelyth/zalo 2026.5.42 → 2026.6.2

package/runtime-api.ts

@@ -1,71 +0,0 @@
-export {
-  addWildcardAllowFrom,
-  applyAccountNameToChannelSection,
-  applyBasicWebhookRequestGuards,
-  applySetupAccountConfigPatch,
-  type BaseProbeResult,
-  type BaseTokenResolution,
-  buildBaseAccountStatusSnapshot,
-  buildChannelConfigSchema,
-  buildSecretInputSchema,
-  buildSingleChannelSecretPromptState,
-  buildTokenChannelStatusSummary,
-  type ChannelAccountSnapshot,
-  type ChannelMessageActionAdapter,
-  type ChannelMessageActionName,
-  type ChannelPlugin,
-  type ChannelStatusIssue,
-  chunkTextForOutbound,
-  createChannelPairingController,
-  createChannelMessageReplyPipeline,
-  createDedupeCache,
-  createFixedWindowRateLimiter,
-  createWebhookAnomalyTracker,
-  DEFAULT_ACCOUNT_ID,
-  deliverTextOrMediaReply,
-  formatAllowFromLowercase,
-  formatPairingApproveHint,
-  type GroupPolicy,
-  hasConfiguredSecretInput,
-  isNormalizedSenderAllowed,
-  isNumericTargetId,
-  jsonResult,
-  logTypingFailure,
-  type MarkdownTableMode,
-  mergeAllowFromEntries,
-  migrateBaseNameToDefaultAccount,
-  normalizeAccountId,
-  normalizeResolvedSecretInputString,
-  normalizeSecretInputString,
-  type KlawConfig,
-  type OutboundReplyPayload,
-  PAIRING_APPROVED_MESSAGE,
-  type PluginRuntime,
-  promptSingleChannelSecretInput,
-  readJsonWebhookBodyOrReject,
-  readStringParam,
-  registerPluginHttpRoute,
-  type RegisterWebhookPluginRouteOptions,
-  registerWebhookTarget,
-  type RegisterWebhookTargetOptions,
-  registerWebhookTargetWithPluginRoute,
-  type ReplyPayload,
-  resolveClientIp,
-  resolveDefaultGroupPolicy,
-  resolveInboundRouteEnvelopeBuilderWithRuntime,
-  resolveOpenProviderRuntimeGroupPolicy,
-  resolveWebhookPath,
-  resolveWebhookTargetWithAuthOrRejectSync,
-  runSingleChannelSecretStep,
-  type RuntimeEnv,
-  type SecretInput,
-  sendPayloadWithChunkedTextAndMedia,
-  setTopLevelChannelDmPolicyWithAllowFrom,
-  setZaloRuntime,
-  waitForAbortSignal,
-  warnMissingProviderGroupPolicyFallbackOnce,
-  WEBHOOK_ANOMALY_COUNTER_DEFAULTS,
-  WEBHOOK_RATE_LIMIT_DEFAULTS,
-  withResolvedWebhookRequestPipeline,
-  type WizardPrompter,
-} from "./src/runtime-api.js";

package/secret-contract-api.ts

@@ -1,5 +0,0 @@
-export {
-  channelSecrets,
-  collectRuntimeConfigAssignments,
-  secretTargetRegistryEntries,
-} from "./src/secret-contract.js";

package/setup-api.ts

@@ -1,34 +0,0 @@
-import { loadBundledEntryExportSync } from "klaw/plugin-sdk/channel-entry-contract";
-
-type SetupSurfaceModule = typeof import("./src/setup-surface.js");
-
-function createLazyObjectValue<T extends object>(load: () => T): T {
-  return new Proxy({} as T, {
-    get(_target, property, receiver) {
-      return Reflect.get(load(), property, receiver);
-    },
-    has(_target, property) {
-      return property in load();
-    },
-    ownKeys() {
-      return Reflect.ownKeys(load());
-    },
-    getOwnPropertyDescriptor(_target, property) {
-      const descriptor = Object.getOwnPropertyDescriptor(load(), property);
-      return descriptor ? { ...descriptor, configurable: true } : undefined;
-    },
-  });
-}
-
-function loadSetupSurfaceModule(): SetupSurfaceModule {
-  return loadBundledEntryExportSync<SetupSurfaceModule>(import.meta.url, {
-    specifier: "./src/setup-surface.js",
-  });
-}
-
-export { zaloDmPolicy, zaloSetupAdapter, createZaloSetupWizardProxy } from "./src/setup-core.js";
-export { resolveZaloRuntimeGroupPolicy } from "./src/group-access.js";
-
-export const zaloSetupWizard: SetupSurfaceModule["zaloSetupWizard"] = createLazyObjectValue(
-  () => loadSetupSurfaceModule().zaloSetupWizard as object,
-) as SetupSurfaceModule["zaloSetupWizard"];

package/setup-entry.ts

@@ -1,13 +0,0 @@
-import { defineBundledChannelSetupEntry } from "klaw/plugin-sdk/channel-entry-contract";
-
-export default defineBundledChannelSetupEntry({
-  importMetaUrl: import.meta.url,
-  plugin: {
-    specifier: "./api.js",
-    exportName: "zaloPlugin",
-  },
-  secrets: {
-    specifier: "./secret-contract-api.js",
-    exportName: "channelSecrets",
-  },
-});

package/src/accounts.test.ts

@@ -1,95 +0,0 @@
-import { describe, expect, it } from "vitest";
-import {
-  listEnabledZaloAccounts,
-  listZaloAccountIds,
-  resolveDefaultZaloAccountId,
-  resolveZaloAccount,
-} from "./accounts.js";
-
-describe("resolveZaloAccount", () => {
-  it("resolves account config when account key casing differs from normalized id", () => {
-    const resolved = resolveZaloAccount({
-      cfg: {
-        channels: {
-          zalo: {
-            webhookUrl: "https://top.example.com",
-            accounts: {
-              Work: {
-                name: "Work",
-                webhookUrl: "https://work.example.com",
-              },
-            },
-          },
-        },
-      },
-      accountId: "work",
-    });
-
-    expect(resolved.accountId).toBe("work");
-    expect(resolved.name).toBe("Work");
-    expect(resolved.config.webhookUrl).toBe("https://work.example.com");
-  });
-
-  it("falls back to top-level config for named accounts without overrides", () => {
-    const resolved = resolveZaloAccount({
-      cfg: {
-        channels: {
-          zalo: {
-            enabled: true,
-            webhookUrl: "https://top.example.com",
-            accounts: {
-              work: {},
-            },
-          },
-        },
-      },
-      accountId: "work",
-    });
-
-    expect(resolved.accountId).toBe("work");
-    expect(resolved.enabled).toBe(true);
-    expect(resolved.config.webhookUrl).toBe("https://top.example.com");
-  });
-
-  it("uses configured defaultAccount when accountId is omitted", () => {
-    const resolved = resolveZaloAccount({
-      cfg: {
-        channels: {
-          zalo: {
-            defaultAccount: "work",
-            accounts: {
-              work: {
-                name: "Work",
-                botToken: "work-token",
-              },
-            },
-          },
-        },
-      },
-    });
-
-    expect(resolved.accountId).toBe("work");
-    expect(resolved.name).toBe("Work");
-    expect(resolved.token).toBe("work-token");
-  });
-
-  it("keeps the implicit default account when named accounts are added to top-level credentials", () => {
-    const cfg = {
-      channels: {
-        zalo: {
-          botToken: "default-token",
-          accounts: {
-            work: {
-              enabled: false,
-              botToken: "work-token",
-            },
-          },
-        },
-      },
-    };
-
-    expect(listZaloAccountIds(cfg)).toEqual(["default", "work"]);
-    expect(resolveDefaultZaloAccountId(cfg)).toBe("default");
-    expect(listEnabledZaloAccounts(cfg).map((account) => account.accountId)).toEqual(["default"]);
-  });
-});

package/src/accounts.ts

@@ -1,65 +0,0 @@
-import {
-  createAccountListHelpers,
-  resolveMergedAccountConfig,
-} from "klaw/plugin-sdk/account-helpers";
-import { normalizeAccountId } from "klaw/plugin-sdk/account-id";
-import type { KlawConfig } from "klaw/plugin-sdk/config-contracts";
-import { normalizeOptionalString } from "klaw/plugin-sdk/string-coerce-runtime";
-import { resolveZaloToken } from "./token.js";
-import type { ResolvedZaloAccount, ZaloAccountConfig, ZaloConfig } from "./types.js";
-
-export type { ResolvedZaloAccount };
-
-const { listAccountIds: listZaloAccountIds, resolveDefaultAccountId: resolveDefaultZaloAccountId } =
-  createAccountListHelpers("zalo", {
-    implicitDefaultAccount: {
-      channelKeys: ["botToken", "tokenFile"],
-      envVars: ["ZALO_BOT_TOKEN"],
-    },
-  });
-export { listZaloAccountIds, resolveDefaultZaloAccountId };
-
-function mergeZaloAccountConfig(cfg: KlawConfig, accountId: string): ZaloAccountConfig {
-  return resolveMergedAccountConfig<ZaloAccountConfig>({
-    channelConfig: cfg.channels?.zalo as ZaloAccountConfig | undefined,
-    accounts: (cfg.channels?.zalo as ZaloConfig | undefined)?.accounts as
-      | Record<string, Partial<ZaloAccountConfig>>
-      | undefined,
-    accountId,
-    omitKeys: ["defaultAccount"],
-  });
-}
-
-export function resolveZaloAccount(params: {
-  cfg: KlawConfig;
-  accountId?: string | null;
-  allowUnresolvedSecretRef?: boolean;
-}): ResolvedZaloAccount {
-  const accountId = normalizeAccountId(
-    params.accountId ?? (params.cfg.channels?.zalo as ZaloConfig | undefined)?.defaultAccount,
-  );
-  const baseEnabled = (params.cfg.channels?.zalo as ZaloConfig | undefined)?.enabled !== false;
-  const merged = mergeZaloAccountConfig(params.cfg, accountId);
-  const accountEnabled = merged.enabled !== false;
-  const enabled = baseEnabled && accountEnabled;
-  const tokenResolution = resolveZaloToken(
-    params.cfg.channels?.zalo as ZaloConfig | undefined,
-    accountId,
-    { allowUnresolvedSecretRef: params.allowUnresolvedSecretRef },
-  );
-
-  return {
-    accountId,
-    name: normalizeOptionalString(merged.name),
-    enabled,
-    token: tokenResolution.token,
-    tokenSource: tokenResolution.source,
-    config: merged,
-  };
-}
-
-export function listEnabledZaloAccounts(cfg: KlawConfig): ResolvedZaloAccount[] {
-  return listZaloAccountIds(cfg)
-    .map((accountId) => resolveZaloAccount({ cfg, accountId }))
-    .filter((account) => account.enabled);
-}

package/src/actions.runtime.ts

@@ -1,5 +0,0 @@
-import { sendMessageZalo as sendMessageZaloImpl } from "./send.js";
-
-export const zaloActionsRuntime = {
-  sendMessageZalo: sendMessageZaloImpl,
-};

package/src/actions.test.ts

@@ -1,32 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { zaloMessageActions } from "./actions.js";
-import type { KlawConfig } from "./runtime-api.js";
-
-describe("zaloMessageActions.describeMessageTool", () => {
-  it("honors the selected Zalo account during discovery", () => {
-    const cfg: KlawConfig = {
-      channels: {
-        zalo: {
-          enabled: true,
-          botToken: "root-token",
-          accounts: {
-            default: {
-              enabled: false,
-              botToken: "default-token",
-            },
-            work: {
-              enabled: true,
-              botToken: "work-token",
-            },
-          },
-        },
-      },
-    };
-
-    expect(zaloMessageActions.describeMessageTool?.({ cfg, accountId: "default" })).toBeNull();
-    expect(zaloMessageActions.describeMessageTool?.({ cfg, accountId: "work" })).toEqual({
-      actions: ["send"],
-      capabilities: [],
-    });
-  });
-});

package/src/actions.ts

@@ -1,62 +0,0 @@
-import { jsonResult, readStringParam } from "klaw/plugin-sdk/channel-actions";
-import type {
-  ChannelMessageActionAdapter,
-  ChannelMessageActionName,
-} from "klaw/plugin-sdk/channel-contract";
-import type { KlawConfig } from "klaw/plugin-sdk/config-contracts";
-import { createLazyRuntimeNamedExport } from "klaw/plugin-sdk/lazy-runtime";
-import { extractToolSend } from "klaw/plugin-sdk/tool-send";
-import { listEnabledZaloAccounts, resolveZaloAccount } from "./accounts.js";
-
-const loadZaloActionsRuntime = createLazyRuntimeNamedExport(
-  () => import("./actions.runtime.js"),
-  "zaloActionsRuntime",
-);
-
-const providerId = "zalo";
-
-function listEnabledAccounts(cfg: KlawConfig, accountId?: string | null) {
-  return (
-    accountId ? [resolveZaloAccount({ cfg, accountId })] : listEnabledZaloAccounts(cfg)
-  ).filter((account) => account.enabled && account.tokenSource !== "none");
-}
-
-export const zaloMessageActions: ChannelMessageActionAdapter = {
-  describeMessageTool: ({ cfg, accountId }) => {
-    const accounts = listEnabledAccounts(cfg, accountId);
-    if (accounts.length === 0) {
-      return null;
-    }
-    const actions = new Set<ChannelMessageActionName>(["send"]);
-    return { actions: Array.from(actions), capabilities: [] };
-  },
-  extractToolSend: ({ args }) => extractToolSend(args, "sendMessage"),
-  handleAction: async ({ action, params, cfg, accountId }) => {
-    if (action === "send") {
-      const to = readStringParam(params, "to", { required: true });
-      const content = readStringParam(params, "message", {
-        required: true,
-        allowEmpty: true,
-      });
-      const mediaUrl = readStringParam(params, "media", { trim: false });
-
-      const { sendMessageZalo } = await loadZaloActionsRuntime();
-      const result = await sendMessageZalo(to ?? "", content ?? "", {
-        accountId: accountId ?? undefined,
-        mediaUrl: mediaUrl ?? undefined,
-        cfg: cfg,
-      });
-
-      if (!result.ok) {
-        return jsonResult({
-          ok: false,
-          error: result.error ?? "Failed to send Zalo message",
-        });
-      }
-
-      return jsonResult({ ok: true, to, messageId: result.messageId });
-    }
-
-    throw new Error(`Action ${action} is not supported for provider ${providerId}.`);
-  },
-};

package/src/api.test.ts

@@ -1,166 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from "vitest";
-
-const resolvePinnedHostnameWithPolicyMock = vi.fn();
-
-vi.mock("klaw/plugin-sdk/ssrf-runtime", () => ({
-  resolvePinnedHostnameWithPolicy: (...args: unknown[]) =>
-    resolvePinnedHostnameWithPolicyMock(...args),
-}));
-
-import { deleteWebhook, getWebhookInfo, sendChatAction, sendPhoto, type ZaloFetch } from "./api.js";
-
-function createOkFetcher() {
-  return vi.fn<ZaloFetch>(async () => new Response(JSON.stringify({ ok: true, result: {} })));
-}
-
-function requireFirstFetchCall(fetcher: ReturnType<typeof createOkFetcher>, label: string) {
-  const [call] = fetcher.mock.calls;
-  if (!call) {
-    throw new Error(`expected ${label}`);
-  }
-  return call;
-}
-
-async function expectPostJsonRequest(run: (token: string, fetcher: ZaloFetch) => Promise<unknown>) {
-  const fetcher = createOkFetcher();
-  await run("test-token", fetcher);
-  expect(fetcher).toHaveBeenCalledTimes(1);
-  const [, init] = requireFirstFetchCall(fetcher, "Zalo request");
-  if (!init) {
-    throw new Error("expected Zalo request init");
-  }
-  expect(init.method).toBe("POST");
-  expect(init.headers).toEqual({ "Content-Type": "application/json" });
-}
-
-describe("Zalo API request methods", () => {
-  beforeEach(() => {
-    resolvePinnedHostnameWithPolicyMock.mockReset();
-    resolvePinnedHostnameWithPolicyMock.mockResolvedValue({
-      hostname: "example.com",
-      addresses: ["93.184.216.34"],
-      lookup: vi.fn(),
-    });
-  });
-
-  it("uses POST for getWebhookInfo", async () => {
-    await expectPostJsonRequest(getWebhookInfo);
-  });
-
-  it("keeps POST for deleteWebhook", async () => {
-    await expectPostJsonRequest(deleteWebhook);
-  });
-
-  it("aborts sendChatAction when the typing timeout elapses", async () => {
-    vi.useFakeTimers();
-    try {
-      const fetcher = vi.fn<ZaloFetch>(
-        (_, init) =>
-          new Promise<Response>((_, reject) => {
-            init?.signal?.addEventListener("abort", () => reject(new Error("aborted")), {
-              once: true,
-            });
-          }),
-      );
-
-      const promise = sendChatAction(
-        "test-token",
-        {
-          chat_id: "chat-123",
-          action: "typing",
-        },
-        fetcher,
-        25,
-      );
-      const rejected = expect(promise).rejects.toThrow("aborted");
-
-      await vi.advanceTimersByTimeAsync(25);
-
-      await rejected;
-      const [, init] = requireFirstFetchCall(fetcher, "Zalo chat action request");
-      if (!init) {
-        throw new Error("expected Zalo chat action request init");
-      }
-      if (!init.signal) {
-        throw new Error("expected Zalo chat action abort signal");
-      }
-      expect(init.signal.aborted).toBe(true);
-    } finally {
-      vi.useRealTimers();
-    }
-  });
-
-  it("validates outbound photo URLs against the SSRF guard before posting", async () => {
-    const fetcher = createOkFetcher();
-
-    await sendPhoto(
-      "test-token",
-      {
-        chat_id: "chat-123",
-        photo: "https://example.com/image.png",
-      },
-      fetcher,
-    );
-
-    expect(resolvePinnedHostnameWithPolicyMock).toHaveBeenCalledWith("example.com", {
-      policy: {},
-    });
-    expect(fetcher).toHaveBeenCalledTimes(1);
-  });
-
-  it("blocks private-network photo URLs before they reach the Zalo API", async () => {
-    const fetcher = createOkFetcher();
-    resolvePinnedHostnameWithPolicyMock.mockRejectedValueOnce(
-      new Error("Blocked hostname or private/internal/special-use IP address"),
-    );
-
-    await expect(
-      sendPhoto(
-        "test-token",
-        {
-          chat_id: "chat-123",
-          photo: "http://169.254.169.254/latest/meta-data/iam/security-credentials/",
-        },
-        fetcher,
-      ),
-    ).rejects.toThrow("Blocked hostname or private/internal/special-use IP address");
-
-    expect(fetcher).not.toHaveBeenCalled();
-  });
-
-  it("rejects non-http photo URLs", async () => {
-    const fetcher = createOkFetcher();
-
-    await expect(
-      sendPhoto(
-        "test-token",
-        {
-          chat_id: "chat-123",
-          photo: "file:///etc/passwd",
-        },
-        fetcher,
-      ),
-    ).rejects.toThrow("Zalo photo URL must use HTTP or HTTPS");
-
-    expect(resolvePinnedHostnameWithPolicyMock).not.toHaveBeenCalled();
-    expect(fetcher).not.toHaveBeenCalled();
-  });
-
-  it("rejects non-URL strings", async () => {
-    const fetcher = createOkFetcher();
-
-    await expect(
-      sendPhoto(
-        "test-token",
-        {
-          chat_id: "chat-123",
-          photo: "not a url",
-        },
-        fetcher,
-      ),
-    ).rejects.toThrow("Zalo photo URL must be an absolute HTTP or HTTPS URL");
-
-    expect(resolvePinnedHostnameWithPolicyMock).not.toHaveBeenCalled();
-    expect(fetcher).not.toHaveBeenCalled();
-  });
-});