@openclaw/matrix 2026.3.12 → 2026.5.9-beta.1

package/dist/approval-handler.runtime-DWTQfd4m.js

@@ -0,0 +1,370 @@
+import { a as resolveMatrixTargetIdentity } from "./target-ids-80nQ2gql.js";
+import { i as resolveMatrixAccount } from "./accounts-Bm90Rzvp.js";
+import { c as shouldHandleMatrixApprovalRequest, r as isMatrixAnyApprovalClientEnabled } from "./exec-approvals-Crnh543m.js";
+import { a as sendMessageMatrix, i as reactMatrixMessage, s as sendSingleTextMessageMatrix } from "./send-Bo0DU1ca.js";
+import { a as repairMatrixDirectRooms } from "./direct-management-DMMMgtTB.js";
+import { a as unregisterMatrixApprovalReactionTarget, n as listMatrixApprovalReactionBindings, r as registerMatrixApprovalReactionTarget, t as buildMatrixApprovalReactionHint } from "./approval-reactions-o2_tuH8D.js";
+import { n as editMatrixMessage, t as deleteMatrixMessage } from "./messages-BpihMh82.js";
+import { listMessageReceiptPlatformIds, resolveMessageReceiptPrimaryId } from "openclaw/plugin-sdk/channel-message";
+import { buildChannelApprovalNativeTargetKey } from "openclaw/plugin-sdk/approval-native-runtime";
+import { setTimeout } from "node:timers/promises";
+import { createChannelApprovalNativeRuntimeAdapter } from "openclaw/plugin-sdk/approval-handler-runtime";
+import { buildExecApprovalPendingReplyPayload, buildPluginApprovalPendingReplyPayload } from "openclaw/plugin-sdk/approval-reply-runtime";
+import { buildPluginApprovalResolvedReplyPayload } from "openclaw/plugin-sdk/approval-runtime";
+//#region extensions/matrix/src/approval-handler.runtime.ts
+const MATRIX_APPROVAL_METADATA_KEY = "com.openclaw.approval";
+const MATRIX_APPROVAL_DELIVERY_ATTEMPTS = 3;
+const MATRIX_APPROVAL_DELIVERY_RETRY_DELAY_MS = 250;
+function resolveHandlerContext(params) {
+	const context = params.context;
+	const accountId = params.accountId?.trim() || "";
+	if (!context?.client || !accountId) return null;
+	return {
+		accountId,
+		context
+	};
+}
+function normalizePendingMessageIds(entry) {
+	return Array.from(new Set(entry.platformMessageIds.map((messageId) => messageId.trim()).filter(Boolean)));
+}
+function normalizeReactionTargetRef(params) {
+	const roomId = params.roomId.trim();
+	const eventId = params.eventId.trim();
+	if (!roomId || !eventId) return null;
+	return {
+		roomId,
+		eventId
+	};
+}
+function normalizeThreadId(value) {
+	return (value == null ? "" : String(value).trim()) || void 0;
+}
+function isSingleMatrixMessageLimitError(error) {
+	return error instanceof Error && error.message.includes("Matrix single-message text exceeds limit");
+}
+async function retryMatrixApprovalDelivery(operation, params = {}) {
+	let lastError;
+	for (let attempt = 1; attempt <= MATRIX_APPROVAL_DELIVERY_ATTEMPTS; attempt += 1) try {
+		return await operation();
+	} catch (error) {
+		lastError = error;
+		if (attempt === MATRIX_APPROVAL_DELIVERY_ATTEMPTS || params.shouldRetry?.(error) === false) break;
+		await setTimeout(MATRIX_APPROVAL_DELIVERY_RETRY_DELAY_MS * attempt);
+	}
+	throw lastError;
+}
+async function prepareTarget(params) {
+	const resolved = resolveHandlerContext(params);
+	if (!resolved) return null;
+	const target = resolveMatrixTargetIdentity(params.rawTarget.to);
+	if (!target) return null;
+	const threadId = normalizeThreadId(params.rawTarget.threadId);
+	if (target.kind === "user") {
+		const account = resolveMatrixAccount({
+			cfg: params.cfg,
+			accountId: resolved.accountId
+		});
+		const repairDirectRooms = resolved.context.deps?.repairDirectRooms ?? repairMatrixDirectRooms;
+		const repaired = await retryMatrixApprovalDelivery(async () => await repairDirectRooms({
+			client: resolved.context.client,
+			remoteUserId: target.id,
+			encrypted: account.config.encryption === true
+		}));
+		if (!repaired.activeRoomId) return null;
+		return {
+			to: `room:${repaired.activeRoomId}`,
+			roomId: repaired.activeRoomId,
+			threadId
+		};
+	}
+	return {
+		to: `room:${target.id}`,
+		roomId: target.id,
+		threadId
+	};
+}
+function buildMatrixApprovalMetadata(params) {
+	const base = {
+		version: 1,
+		type: "approval.request",
+		id: params.view.approvalId,
+		state: "pending",
+		kind: params.view.approvalKind,
+		phase: params.view.phase,
+		title: params.view.title,
+		expiresAtMs: params.view.expiresAtMs,
+		metadata: params.view.metadata,
+		allowedDecisions: Array.from(params.allowedDecisions),
+		actions: params.view.actions.map((action) => ({
+			decision: action.decision,
+			label: action.label,
+			style: action.style,
+			command: action.command
+		})),
+		...params.view.description != null ? { description: params.view.description } : {}
+	};
+	if (params.view.approvalKind === "plugin") return {
+		...base,
+		kind: "plugin",
+		severity: params.view.severity,
+		...params.view.agentId != null ? { agentId: params.view.agentId } : {},
+		...params.view.pluginId != null ? { pluginId: params.view.pluginId } : {},
+		...params.view.toolName != null ? { toolName: params.view.toolName } : {}
+	};
+	return {
+		...base,
+		kind: "exec",
+		commandText: params.view.commandText,
+		...params.view.ask != null ? { ask: params.view.ask } : {},
+		...params.view.agentId != null ? { agentId: params.view.agentId } : {},
+		...params.view.commandPreview != null ? { commandPreview: params.view.commandPreview } : {},
+		...params.view.cwd != null ? { cwd: params.view.cwd } : {},
+		...params.view.envKeys != null ? { envKeys: params.view.envKeys } : {},
+		...params.view.host != null ? { host: params.view.host } : {},
+		...params.view.nodeId != null ? { nodeId: params.view.nodeId } : {},
+		...params.view.sessionKey != null ? { sessionKey: params.view.sessionKey } : {}
+	};
+}
+function buildPendingApprovalContent(params) {
+	const allowedDecisions = params.view.actions.map((action) => action.decision);
+	const payload = params.view.approvalKind === "plugin" ? buildPluginApprovalPendingReplyPayload({
+		request: {
+			id: params.view.approvalId,
+			request: {
+				title: params.view.title,
+				description: params.view.description ?? "",
+				severity: params.view.severity,
+				toolName: params.view.toolName ?? void 0,
+				pluginId: params.view.pluginId ?? void 0,
+				agentId: params.view.agentId ?? void 0
+			},
+			createdAtMs: 0,
+			expiresAtMs: params.view.expiresAtMs
+		},
+		nowMs: params.nowMs,
+		allowedDecisions
+	}) : buildExecApprovalPendingReplyPayload({
+		approvalId: params.view.approvalId,
+		approvalSlug: params.view.approvalId.slice(0, 8),
+		approvalCommandId: params.view.approvalId,
+		ask: params.view.ask ?? void 0,
+		agentId: params.view.agentId ?? void 0,
+		allowedDecisions,
+		command: params.view.commandText,
+		cwd: params.view.cwd ?? void 0,
+		host: params.view.host === "node" ? "node" : "gateway",
+		nodeId: params.view.nodeId ?? void 0,
+		sessionKey: params.view.sessionKey ?? void 0,
+		expiresAtMs: params.view.expiresAtMs,
+		nowMs: params.nowMs
+	});
+	const hint = buildMatrixApprovalReactionHint(allowedDecisions);
+	const text = payload.text ?? "";
+	return {
+		approvalId: params.view.approvalId,
+		text: hint ? text ? `${hint}\n\n${text}` : hint : text,
+		allowedDecisions,
+		extraContent: { [MATRIX_APPROVAL_METADATA_KEY]: buildMatrixApprovalMetadata({
+			view: params.view,
+			allowedDecisions
+		}) }
+	};
+}
+function buildResolvedApprovalText(view) {
+	if (view.approvalKind === "plugin") return buildPluginApprovalResolvedReplyPayload({ resolved: {
+		id: view.approvalId,
+		decision: view.decision,
+		resolvedBy: view.resolvedBy ?? void 0,
+		ts: 0
+	} }).text ?? "";
+	return [
+		`Exec approval: ${view.decision === "allow-once" ? "Allowed once" : view.decision === "allow-always" ? "Allowed always" : "Denied"}`,
+		"",
+		"Command",
+		buildMarkdownCodeBlock(view.commandText)
+	].join("\n");
+}
+function buildMarkdownCodeBlock(text) {
+	const longestFence = Math.max(...Array.from(text.matchAll(/`+/g), (match) => match[0].length), 0);
+	const fence = "`".repeat(Math.max(3, longestFence + 1));
+	return [
+		fence,
+		text,
+		fence
+	].join("\n");
+}
+const matrixApprovalNativeRuntime = createChannelApprovalNativeRuntimeAdapter({
+	eventKinds: ["exec", "plugin"],
+	availability: {
+		isConfigured: ({ cfg, accountId, context }) => {
+			const resolved = resolveHandlerContext({
+				cfg,
+				accountId,
+				context
+			});
+			if (!resolved) return false;
+			return isMatrixAnyApprovalClientEnabled({
+				cfg,
+				accountId: resolved.accountId
+			});
+		},
+		shouldHandle: ({ cfg, accountId, request, context }) => {
+			const resolved = resolveHandlerContext({
+				cfg,
+				accountId,
+				context
+			});
+			if (!resolved) return false;
+			return shouldHandleMatrixApprovalRequest({
+				cfg,
+				accountId: resolved.accountId,
+				request
+			});
+		}
+	},
+	presentation: {
+		buildPendingPayload: ({ view, nowMs }) => buildPendingApprovalContent({
+			view,
+			nowMs
+		}),
+		buildResolvedResult: ({ view }) => ({
+			kind: "update",
+			payload: buildResolvedApprovalText(view)
+		}),
+		buildExpiredResult: () => ({ kind: "delete" })
+	},
+	transport: {
+		prepareTarget: ({ cfg, accountId, context, plannedTarget }) => {
+			return prepareTarget({
+				cfg,
+				accountId,
+				context,
+				rawTarget: plannedTarget.target
+			}).then((preparedTarget) => preparedTarget ? {
+				dedupeKey: buildChannelApprovalNativeTargetKey({
+					to: preparedTarget.roomId,
+					threadId: preparedTarget.threadId
+				}),
+				target: preparedTarget
+			} : null);
+		},
+		deliverPending: async ({ cfg, accountId, context, preparedTarget, pendingPayload, view }) => {
+			const resolved = resolveHandlerContext({
+				cfg,
+				accountId,
+				context
+			});
+			if (!resolved) return null;
+			const sendSingleTextMessage = resolved.context.deps?.sendSingleTextMessage ?? sendSingleTextMessageMatrix;
+			const reactMessage = resolved.context.deps?.reactMessage ?? reactMatrixMessage;
+			let result;
+			try {
+				result = await retryMatrixApprovalDelivery(async () => await sendSingleTextMessage(preparedTarget.to, pendingPayload.text, {
+					cfg,
+					accountId: resolved.accountId,
+					client: resolved.context.client,
+					threadId: preparedTarget.threadId,
+					extraContent: pendingPayload.extraContent
+				}), { shouldRetry: (error) => !isSingleMatrixMessageLimitError(error) });
+			} catch (error) {
+				if (!isSingleMatrixMessageLimitError(error)) throw error;
+				const sendMessage = resolved.context.deps?.sendMessage ?? sendMessageMatrix;
+				result = await retryMatrixApprovalDelivery(async () => await sendMessage(preparedTarget.to, pendingPayload.text, {
+					cfg,
+					accountId: resolved.accountId,
+					client: resolved.context.client,
+					threadId: preparedTarget.threadId,
+					extraContent: pendingPayload.extraContent
+				}));
+			}
+			const receiptMessageIds = listMessageReceiptPlatformIds(result.receipt);
+			const platformMessageIds = receiptMessageIds.length ? receiptMessageIds : [result.messageId.trim()].filter(Boolean);
+			const reactionEventId = resolveMessageReceiptPrimaryId(result.receipt) || result.primaryMessageId?.trim() || platformMessageIds[0] || result.messageId.trim();
+			registerMatrixApprovalReactionTarget({
+				roomId: result.roomId,
+				eventId: reactionEventId,
+				approvalId: pendingPayload.approvalId,
+				allowedDecisions: pendingPayload.allowedDecisions,
+				ttlMs: view.expiresAtMs - Date.now()
+			});
+			await Promise.allSettled(listMatrixApprovalReactionBindings(pendingPayload.allowedDecisions).map(async ({ emoji }) => {
+				await reactMessage(result.roomId, reactionEventId, emoji, {
+					cfg,
+					accountId: resolved.accountId,
+					client: resolved.context.client
+				});
+			}));
+			return {
+				roomId: result.roomId,
+				platformMessageIds,
+				reactionEventId
+			};
+		},
+		updateEntry: async ({ cfg, accountId, context, entry, payload }) => {
+			const resolved = resolveHandlerContext({
+				cfg,
+				accountId,
+				context
+			});
+			if (!resolved) return;
+			const editMessage = resolved.context.deps?.editMessage ?? editMatrixMessage;
+			const deleteMessage = resolved.context.deps?.deleteMessage ?? deleteMatrixMessage;
+			const [primaryMessageId, ...staleMessageIds] = normalizePendingMessageIds(entry);
+			if (!primaryMessageId) return;
+			const text = payload;
+			await Promise.allSettled([editMessage(entry.roomId, primaryMessageId, text, {
+				cfg,
+				accountId: resolved.accountId,
+				client: resolved.context.client
+			}), ...staleMessageIds.map(async (messageId) => {
+				await deleteMessage(entry.roomId, messageId, {
+					cfg,
+					accountId: resolved.accountId,
+					client: resolved.context.client,
+					reason: "approval resolved"
+				});
+			})]);
+		},
+		deleteEntry: async ({ cfg, accountId, context, entry, phase }) => {
+			const resolved = resolveHandlerContext({
+				cfg,
+				accountId,
+				context
+			});
+			if (!resolved) return;
+			const deleteMessage = resolved.context.deps?.deleteMessage ?? deleteMatrixMessage;
+			await Promise.allSettled(normalizePendingMessageIds(entry).map(async (messageId) => {
+				await deleteMessage(entry.roomId, messageId, {
+					cfg,
+					accountId: resolved.accountId,
+					client: resolved.context.client,
+					reason: phase === "expired" ? "approval expired" : "approval resolved"
+				});
+			}));
+		}
+	},
+	interactions: {
+		bindPending: (params) => {
+			const target = normalizeReactionTargetRef({
+				roomId: params.entry.roomId,
+				eventId: params.entry.reactionEventId
+			});
+			if (!target) return null;
+			registerMatrixApprovalReactionTarget({
+				roomId: target.roomId,
+				eventId: target.eventId,
+				approvalId: params.pendingPayload.approvalId,
+				allowedDecisions: params.pendingPayload.allowedDecisions,
+				ttlMs: params.view.expiresAtMs - Date.now()
+			});
+			return target;
+		},
+		unbindPending: (params) => {
+			const target = normalizeReactionTargetRef(params.binding);
+			if (!target) return;
+			unregisterMatrixApprovalReactionTarget(target);
+		}
+	}
+});
+//#endregion
+export { matrixApprovalNativeRuntime };

package/dist/approval-ids-DoC2z7tR.js

@@ -0,0 +1,7 @@
+import { n as normalizeMatrixUserId } from "./allowlist-sTzpCn5d.js";
+//#region extensions/matrix/src/approval-ids.ts
+function normalizeMatrixApproverId(value) {
+	return normalizeMatrixUserId(String(value)) || void 0;
+}
+//#endregion
+export { normalizeMatrixApproverId as t };

package/dist/approval-reaction-auth-DbcA1gGd.js

@@ -0,0 +1,27 @@
+import { i as resolveMatrixAccount } from "./accounts-Bm90Rzvp.js";
+import { t as normalizeMatrixApproverId } from "./approval-ids-DoC2z7tR.js";
+import { resolveApprovalApprovers } from "openclaw/plugin-sdk/approval-auth-runtime";
+//#region extensions/matrix/src/approval-reaction-auth.ts
+function normalizeMatrixExecApproverId(value) {
+	const normalized = normalizeMatrixApproverId(value);
+	return normalized === "*" ? void 0 : normalized;
+}
+function getMatrixApprovalReactionApprovers(params) {
+	const account = resolveMatrixAccount(params).config;
+	if (params.approvalKind === "plugin") return resolveApprovalApprovers({
+		allowFrom: account.dm?.allowFrom,
+		normalizeApprover: normalizeMatrixApproverId
+	});
+	return resolveApprovalApprovers({
+		explicit: account.execApprovals?.approvers,
+		allowFrom: account.dm?.allowFrom,
+		normalizeApprover: normalizeMatrixExecApproverId
+	});
+}
+function isMatrixApprovalReactionAuthorizedSender(params) {
+	const normalizedSenderId = params.senderId ? normalizeMatrixApproverId(params.senderId) : void 0;
+	if (!normalizedSenderId) return false;
+	return getMatrixApprovalReactionApprovers(params).includes(normalizedSenderId);
+}
+//#endregion
+export { isMatrixApprovalReactionAuthorizedSender };

package/dist/approval-reactions-o2_tuH8D.js

@@ -0,0 +1,162 @@
+import { n as getOptionalMatrixRuntime } from "./runtime-Dog86njy.js";
+//#region extensions/matrix/src/approval-reactions.ts
+const MATRIX_APPROVAL_REACTION_META = {
+	"allow-once": {
+		emoji: "✅",
+		label: "Allow once"
+	},
+	"allow-always": {
+		emoji: "♾️",
+		label: "Allow always"
+	},
+	deny: {
+		emoji: "❌",
+		label: "Deny"
+	}
+};
+const MATRIX_APPROVAL_REACTION_ORDER = [
+	"allow-once",
+	"allow-always",
+	"deny"
+];
+const PERSISTENT_NAMESPACE = "matrix.approval-reactions";
+const PERSISTENT_MAX_ENTRIES = 1e3;
+const DEFAULT_REACTION_TARGET_TTL_MS = 1440 * 60 * 1e3;
+const matrixApprovalReactionTargets = /* @__PURE__ */ new Map();
+let persistentStore;
+let persistentStoreDisabled = false;
+function buildReactionTargetKey(roomId, eventId) {
+	const normalizedRoomId = roomId.trim();
+	const normalizedEventId = eventId.trim();
+	if (!normalizedRoomId || !normalizedEventId) return null;
+	return `${normalizedRoomId}:${normalizedEventId}`;
+}
+function reportPersistentApprovalReactionError(error) {
+	try {
+		getOptionalMatrixRuntime()?.logging.getChildLogger({
+			plugin: "matrix",
+			feature: "approval-reaction-state"
+		}).warn("Matrix persistent approval reaction state failed", { error: String(error) });
+	} catch {}
+}
+function disablePersistentApprovalReactionStore(error) {
+	persistentStoreDisabled = true;
+	persistentStore = void 0;
+	reportPersistentApprovalReactionError(error);
+}
+function getPersistentApprovalReactionStore() {
+	if (persistentStoreDisabled) return;
+	if (persistentStore) return persistentStore;
+	const runtime = getOptionalMatrixRuntime();
+	if (!runtime) return;
+	try {
+		persistentStore = runtime.state.openKeyedStore({
+			namespace: PERSISTENT_NAMESPACE,
+			maxEntries: PERSISTENT_MAX_ENTRIES,
+			defaultTtlMs: DEFAULT_REACTION_TARGET_TTL_MS
+		});
+		return persistentStore;
+	} catch (error) {
+		disablePersistentApprovalReactionStore(error);
+		return;
+	}
+}
+function readPersistedTarget(value) {
+	const persisted = value;
+	if (persisted?.version !== 1 || !persisted.target || typeof persisted.target.approvalId !== "string" || !Array.isArray(persisted.target.allowedDecisions)) return null;
+	return persisted.target;
+}
+function rememberPersistentApprovalReactionTarget(params) {
+	const ttlMs = params.ttlMs == null ? DEFAULT_REACTION_TARGET_TTL_MS : Math.max(1, params.ttlMs);
+	const store = getPersistentApprovalReactionStore();
+	if (!store) return;
+	store.register(params.key, {
+		version: 1,
+		target: params.target
+	}, { ttlMs }).catch(disablePersistentApprovalReactionStore);
+}
+function forgetPersistentApprovalReactionTarget(key) {
+	const store = getPersistentApprovalReactionStore();
+	if (!store) return;
+	store.delete(key).catch(disablePersistentApprovalReactionStore);
+}
+async function lookupPersistentApprovalReactionTarget(key) {
+	const store = getPersistentApprovalReactionStore();
+	if (!store) return null;
+	try {
+		return readPersistedTarget(await store.lookup(key));
+	} catch (error) {
+		disablePersistentApprovalReactionStore(error);
+		return null;
+	}
+}
+function listMatrixApprovalReactionBindings(allowedDecisions) {
+	const allowed = new Set(allowedDecisions);
+	return MATRIX_APPROVAL_REACTION_ORDER.filter((decision) => allowed.has(decision)).map((decision) => ({
+		decision,
+		emoji: MATRIX_APPROVAL_REACTION_META[decision].emoji,
+		label: MATRIX_APPROVAL_REACTION_META[decision].label
+	}));
+}
+function buildMatrixApprovalReactionHint(allowedDecisions) {
+	const bindings = listMatrixApprovalReactionBindings(allowedDecisions);
+	if (bindings.length === 0) return null;
+	return `React here: ${bindings.map((binding) => `${binding.emoji} ${binding.label}`).join(", ")}`;
+}
+function resolveMatrixApprovalReactionDecision(reactionKey, allowedDecisions) {
+	const normalizedReaction = reactionKey.trim();
+	if (!normalizedReaction) return null;
+	const allowed = new Set(allowedDecisions);
+	for (const decision of MATRIX_APPROVAL_REACTION_ORDER) {
+		if (!allowed.has(decision)) continue;
+		if (MATRIX_APPROVAL_REACTION_META[decision].emoji === normalizedReaction) return decision;
+	}
+	return null;
+}
+function registerMatrixApprovalReactionTarget(params) {
+	const key = buildReactionTargetKey(params.roomId, params.eventId);
+	const approvalId = params.approvalId.trim();
+	const allowedDecisions = Array.from(new Set(params.allowedDecisions.filter((decision) => decision === "allow-once" || decision === "allow-always" || decision === "deny")));
+	if (!key || !approvalId || allowedDecisions.length === 0) return;
+	const target = {
+		approvalId,
+		allowedDecisions
+	};
+	matrixApprovalReactionTargets.set(key, target);
+	rememberPersistentApprovalReactionTarget({
+		key,
+		target,
+		ttlMs: params.ttlMs
+	});
+}
+function unregisterMatrixApprovalReactionTarget(params) {
+	const key = buildReactionTargetKey(params.roomId, params.eventId);
+	if (!key) return;
+	matrixApprovalReactionTargets.delete(key);
+	forgetPersistentApprovalReactionTarget(key);
+}
+function resolveTarget(params) {
+	const target = params.target;
+	if (!target) return null;
+	const decision = resolveMatrixApprovalReactionDecision(params.reactionKey, target.allowedDecisions);
+	if (!decision) return null;
+	return {
+		approvalId: target.approvalId,
+		decision
+	};
+}
+async function resolveMatrixApprovalReactionTargetWithPersistence(params) {
+	const key = buildReactionTargetKey(params.roomId, params.eventId);
+	if (!key) return null;
+	const inMemory = resolveTarget({
+		target: matrixApprovalReactionTargets.get(key),
+		reactionKey: params.reactionKey
+	});
+	if (inMemory) return inMemory;
+	return resolveTarget({
+		target: await lookupPersistentApprovalReactionTarget(key),
+		reactionKey: params.reactionKey
+	});
+}
+//#endregion
+export { unregisterMatrixApprovalReactionTarget as a, resolveMatrixApprovalReactionTargetWithPersistence as i, listMatrixApprovalReactionBindings as n, registerMatrixApprovalReactionTarget as r, buildMatrixApprovalReactionHint as t };

package/dist/async-lock-uQfhfQIY.js

@@ -0,0 +1,19 @@
+//#region extensions/matrix/src/matrix/async-lock.ts
+function createAsyncLock() {
+	let lock = Promise.resolve();
+	return async function withLock(fn) {
+		const previous = lock;
+		let release;
+		lock = new Promise((resolve) => {
+			release = resolve;
+		});
+		await previous;
+		try {
+			return await fn();
+		} finally {
+			release?.();
+		}
+	};
+}
+//#endregion
+export { createAsyncLock as t };

package/dist/auth-presence.js

@@ -0,0 +1,26 @@
+import { i as resolveMatrixCredentialsFilename, r as resolveMatrixCredentialsDir } from "./storage-paths-BJLdnCjV.js";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { resolveStateDir } from "openclaw/plugin-sdk/state-paths";
+//#region extensions/matrix/auth-presence.ts
+function listMatrixCredentialPaths(_cfg, env = process.env) {
+	const credentialsDir = resolveMatrixCredentialsDir(resolveStateDir(env, os.homedir));
+	const paths = new Set([resolveMatrixCredentialsFilename(), resolveMatrixCredentialsFilename("default")]);
+	try {
+		const entries = fs.readdirSync(credentialsDir, { withFileTypes: true });
+		for (const entry of entries) if (entry.isFile() && /^credentials(?:-[a-z0-9._-]+)?\.json$/i.test(entry.name)) paths.add(entry.name);
+	} catch {}
+	return [...paths].map((filename) => path.join(credentialsDir, filename));
+}
+function hasAnyMatrixAuth(params, env = process.env) {
+	return listMatrixCredentialPaths(params && typeof params === "object" && "cfg" in params ? params.cfg : params, params && typeof params === "object" && "cfg" in params ? params.env ?? env : env).some((filePath) => {
+		try {
+			return fs.existsSync(filePath);
+		} catch {
+			return false;
+		}
+	});
+}
+//#endregion
+export { hasAnyMatrixAuth };

package/dist/backup-health-Cabu_WQC.js

@@ -0,0 +1,60 @@
+//#region extensions/matrix/src/matrix/backup-health.ts
+function resolveMatrixRoomKeyBackupIssue(backup) {
+	if (!backup.serverVersion) return {
+		code: "missing-server-backup",
+		summary: "missing on server",
+		message: "no room-key backup exists on the homeserver"
+	};
+	if (backup.decryptionKeyCached === false) {
+		if (backup.keyLoadError) return {
+			code: "key-load-failed",
+			summary: "present but backup key unavailable on this device",
+			message: `backup decryption key could not be loaded from secret storage (${backup.keyLoadError})`
+		};
+		if (backup.keyLoadAttempted) return {
+			code: "key-not-loaded",
+			summary: "present but backup key unavailable on this device",
+			message: "backup decryption key is not loaded on this device (secret storage did not return a key)"
+		};
+		return {
+			code: "key-not-loaded",
+			summary: "present but backup key unavailable on this device",
+			message: "backup decryption key is not loaded on this device"
+		};
+	}
+	if (backup.matchesDecryptionKey === false) return {
+		code: "key-mismatch",
+		summary: "present but backup key mismatch on this device",
+		message: "backup key mismatch (this device does not have the matching backup decryption key)"
+	};
+	if (backup.trusted === false) return {
+		code: "untrusted-signature",
+		summary: "present but not trusted on this device",
+		message: "backup signature chain is not trusted by this device"
+	};
+	if (!backup.activeVersion) return {
+		code: "inactive",
+		summary: "present on server but inactive on this device",
+		message: "backup exists but is not active on this device"
+	};
+	if (backup.trusted === null || backup.matchesDecryptionKey === null || backup.decryptionKeyCached === null) return {
+		code: "indeterminate",
+		summary: "present but trust state unknown",
+		message: "backup trust state could not be fully determined"
+	};
+	return {
+		code: "ok",
+		summary: "active and trusted on this device",
+		message: null
+	};
+}
+function resolveMatrixRoomKeyBackupReadinessError(backup, opts) {
+	const issue = resolveMatrixRoomKeyBackupIssue(backup);
+	if (issue.code === "missing-server-backup") return opts.requireServerBackup ? "Matrix room key backup is missing on the homeserver." : null;
+	if (issue.code === "ok") return null;
+	if (issue.code === "untrusted-signature" && opts.allowUntrustedMatchingKey === true && backup.matchesDecryptionKey === true && backup.decryptionKeyCached === true) return null;
+	if (issue.message) return `Matrix room key backup is not usable: ${issue.message}.`;
+	return "Matrix room key backup is not usable on this device.";
+}
+//#endregion
+export { resolveMatrixRoomKeyBackupReadinessError as n, resolveMatrixRoomKeyBackupIssue as t };