@openclaw/matrix 2026.3.13 → 2026.5.9-beta.1

package/dist/shared-CpMoYKm1.js

@@ -0,0 +1,195 @@
+import { t as __exportAll } from "./rolldown-runtime-DUslC3ob.js";
+import { n as LogService } from "./logger-CnZRVrux.js";
+import { t as awaitMatrixStartupWithAbort } from "./startup-abort-56edvmbM.js";
+import { n as resolveMatrixAuth, r as resolveMatrixAuthContext } from "./config--5-S2Akv.js";
+import { normalizeOptionalAccountId } from "openclaw/plugin-sdk/account-id";
+//#region extensions/matrix/src/matrix/client/shared.ts
+var shared_exports = /* @__PURE__ */ __exportAll({
+	acquireSharedMatrixClient: () => acquireSharedMatrixClient,
+	releaseSharedClientInstance: () => releaseSharedClientInstance,
+	removeSharedClientInstance: () => removeSharedClientInstance,
+	resolveSharedMatrixClient: () => resolveSharedMatrixClient,
+	stopSharedClient: () => stopSharedClient,
+	stopSharedClientForAccount: () => stopSharedClientForAccount,
+	stopSharedClientInstance: () => stopSharedClientInstance
+});
+let matrixCreateClientDepsPromise;
+async function loadMatrixCreateClientDeps() {
+	matrixCreateClientDepsPromise ??= import("./create-client-DCnqDaqd.js").then((n) => n.n).then((runtime) => ({ createMatrixClient: runtime.createMatrixClient }));
+	return await matrixCreateClientDepsPromise;
+}
+const sharedClientStates = /* @__PURE__ */ new Map();
+const sharedClientPromises = /* @__PURE__ */ new Map();
+function serializeDispatcherPolicyKey(auth) {
+	return JSON.stringify(auth.dispatcherPolicy ?? null);
+}
+function buildSharedClientKey(auth) {
+	return [
+		auth.homeserver,
+		auth.userId,
+		auth.accessToken,
+		auth.encryption ? "e2ee" : "plain",
+		auth.allowPrivateNetwork ? "private-net" : "strict-net",
+		serializeDispatcherPolicyKey(auth),
+		auth.accountId
+	].join("|");
+}
+async function createSharedMatrixClient(params) {
+	const { createMatrixClient } = await loadMatrixCreateClientDeps();
+	return {
+		client: await createMatrixClient({
+			homeserver: params.auth.homeserver,
+			userId: params.auth.userId,
+			accessToken: params.auth.accessToken,
+			password: params.auth.password,
+			deviceId: params.auth.deviceId,
+			encryption: params.auth.encryption,
+			localTimeoutMs: params.timeoutMs,
+			initialSyncLimit: params.auth.initialSyncLimit,
+			accountId: params.auth.accountId,
+			allowPrivateNetwork: params.auth.allowPrivateNetwork,
+			ssrfPolicy: params.auth.ssrfPolicy,
+			dispatcherPolicy: params.auth.dispatcherPolicy
+		}),
+		key: buildSharedClientKey(params.auth),
+		started: false,
+		cryptoReady: false,
+		startPromise: null,
+		leases: 0
+	};
+}
+function findSharedClientStateByInstance(client) {
+	for (const state of sharedClientStates.values()) if (state.client === client) return state;
+	return null;
+}
+function deleteSharedClientState(state) {
+	sharedClientStates.delete(state.key);
+	sharedClientPromises.delete(state.key);
+}
+async function ensureSharedClientStarted(params) {
+	const waitForStart = async (startPromise) => {
+		await awaitMatrixStartupWithAbort(startPromise, params.abortSignal);
+	};
+	if (params.state.started) return;
+	if (params.state.startPromise) {
+		await waitForStart(params.state.startPromise);
+		return;
+	}
+	const guardedStart = (async () => {
+		const client = params.state.client;
+		if (params.encryption && !params.state.cryptoReady) try {
+			const joinedRooms = await client.getJoinedRooms();
+			if (client.crypto) {
+				await client.crypto.prepare(joinedRooms);
+				params.state.cryptoReady = true;
+			}
+		} catch (err) {
+			LogService.warn("MatrixClientLite", "Failed to prepare crypto:", err);
+		}
+		await client.start({ abortSignal: params.abortSignal });
+		params.state.started = true;
+	})().finally(() => {
+		if (params.state.startPromise === guardedStart) params.state.startPromise = null;
+	});
+	params.state.startPromise = guardedStart;
+	await waitForStart(guardedStart);
+}
+async function resolveSharedMatrixClientState(params = {}) {
+	const requestedAccountId = normalizeOptionalAccountId(params.accountId);
+	if (params.auth && requestedAccountId && requestedAccountId !== params.auth.accountId) throw new Error(`Matrix shared client account mismatch: requested ${requestedAccountId}, auth resolved ${params.auth.accountId}`);
+	const authContext = (() => {
+		if (params.auth) return null;
+		if (!params.cfg) throw new Error("Matrix shared client requires a resolved runtime config. Load and resolve config at the command or gateway boundary, then pass cfg through the runtime path.");
+		return resolveMatrixAuthContext({
+			cfg: params.cfg,
+			env: params.env,
+			accountId: params.accountId
+		});
+	})();
+	const auth = params.auth ?? await resolveMatrixAuth({
+		cfg: authContext?.cfg ?? params.cfg,
+		env: authContext?.env ?? params.env,
+		accountId: authContext?.accountId
+	});
+	const key = buildSharedClientKey(auth);
+	const shouldStart = params.startClient !== false;
+	const existingState = sharedClientStates.get(key);
+	if (existingState) {
+		if (shouldStart) await ensureSharedClientStarted({
+			state: existingState,
+			encryption: auth.encryption,
+			abortSignal: params.abortSignal
+		});
+		return existingState;
+	}
+	const existingPromise = sharedClientPromises.get(key);
+	if (existingPromise) {
+		const pending = await existingPromise;
+		if (shouldStart) await ensureSharedClientStarted({
+			state: pending,
+			encryption: auth.encryption,
+			abortSignal: params.abortSignal
+		});
+		return pending;
+	}
+	const creationPromise = createSharedMatrixClient({
+		auth,
+		timeoutMs: params.timeoutMs
+	});
+	sharedClientPromises.set(key, creationPromise);
+	try {
+		const created = await creationPromise;
+		sharedClientStates.set(key, created);
+		if (shouldStart) await ensureSharedClientStarted({
+			state: created,
+			encryption: auth.encryption,
+			abortSignal: params.abortSignal
+		});
+		return created;
+	} finally {
+		sharedClientPromises.delete(key);
+	}
+}
+async function resolveSharedMatrixClient(params = {}) {
+	return (await resolveSharedMatrixClientState(params)).client;
+}
+async function acquireSharedMatrixClient(params = {}) {
+	const state = await resolveSharedMatrixClientState(params);
+	state.leases += 1;
+	return state.client;
+}
+function stopSharedClient() {
+	for (const state of sharedClientStates.values()) state.client.stop();
+	sharedClientStates.clear();
+	sharedClientPromises.clear();
+}
+function stopSharedClientForAccount(auth) {
+	const key = buildSharedClientKey(auth);
+	const state = sharedClientStates.get(key);
+	if (!state) return;
+	state.client.stop();
+	deleteSharedClientState(state);
+}
+function removeSharedClientInstance(client) {
+	const state = findSharedClientStateByInstance(client);
+	if (!state) return false;
+	deleteSharedClientState(state);
+	return true;
+}
+function stopSharedClientInstance(client) {
+	if (!removeSharedClientInstance(client)) return;
+	client.stop();
+}
+async function releaseSharedClientInstance(client, mode = "stop") {
+	const state = findSharedClientStateByInstance(client);
+	if (!state) return false;
+	state.leases = Math.max(0, state.leases - 1);
+	if (state.leases > 0) return false;
+	deleteSharedClientState(state);
+	if (mode === "persist") await client.stopAndPersist();
+	else if (mode === "discard") client.stopWithoutPersist();
+	else client.stop();
+	return true;
+}
+//#endregion
+export { shared_exports as a, resolveSharedMatrixClient as i, releaseSharedClientInstance as n, stopSharedClientForAccount as o, removeSharedClientInstance as r, stopSharedClientInstance as s, acquireSharedMatrixClient as t };

package/dist/startup-abort-56edvmbM.js

@@ -0,0 +1,32 @@
+//#region extensions/matrix/src/matrix/startup-abort.ts
+function createMatrixStartupAbortError() {
+	const error = /* @__PURE__ */ new Error("Matrix startup aborted");
+	error.name = "AbortError";
+	return error;
+}
+function throwIfMatrixStartupAborted(abortSignal) {
+	if (abortSignal?.aborted === true) throw createMatrixStartupAbortError();
+}
+function isMatrixStartupAbortError(error) {
+	return error instanceof Error && error.name === "AbortError";
+}
+async function awaitMatrixStartupWithAbort(promise, abortSignal) {
+	if (!abortSignal) return await promise;
+	if (abortSignal.aborted) throw createMatrixStartupAbortError();
+	return await new Promise((resolve, reject) => {
+		const onAbort = () => {
+			abortSignal.removeEventListener("abort", onAbort);
+			reject(createMatrixStartupAbortError());
+		};
+		abortSignal.addEventListener("abort", onAbort, { once: true });
+		promise.then((value) => {
+			abortSignal.removeEventListener("abort", onAbort);
+			resolve(value);
+		}, (error) => {
+			abortSignal.removeEventListener("abort", onAbort);
+			reject(error);
+		});
+	});
+}
+//#endregion
+export { throwIfMatrixStartupAborted as i, createMatrixStartupAbortError as n, isMatrixStartupAbortError as r, awaitMatrixStartupWithAbort as t };

package/dist/startup-verification-Demyp0bP.js

@@ -0,0 +1,132 @@
+import { t as formatMatrixErrorMessage } from "./errors-CTcpEDq-.js";
+import { a as resolveMatrixStoragePaths } from "./storage-tC3ujLiW.js";
+import path from "node:path";
+import { readJsonFileWithFallback, writeJsonFileAtomically } from "openclaw/plugin-sdk/json-store";
+import fs from "node:fs/promises";
+//#region extensions/matrix/src/matrix/monitor/startup-verification.ts
+const STARTUP_VERIFICATION_STATE_FILENAME = "startup-verification.json";
+const DEFAULT_STARTUP_VERIFICATION_MODE = "if-unverified";
+const DEFAULT_STARTUP_VERIFICATION_COOLDOWN_HOURS = 24;
+const DEFAULT_STARTUP_VERIFICATION_FAILURE_COOLDOWN_MS = 3600 * 1e3;
+function normalizeCooldownHours(value) {
+	if (typeof value !== "number" || !Number.isFinite(value)) return DEFAULT_STARTUP_VERIFICATION_COOLDOWN_HOURS;
+	return Math.max(0, value);
+}
+function resolveStartupVerificationStatePath(params) {
+	const storagePaths = resolveMatrixStoragePaths({
+		homeserver: params.auth.homeserver,
+		userId: params.auth.userId,
+		accessToken: params.auth.accessToken,
+		accountId: params.auth.accountId,
+		deviceId: params.auth.deviceId,
+		env: params.env
+	});
+	return path.join(storagePaths.rootDir, STARTUP_VERIFICATION_STATE_FILENAME);
+}
+async function readStartupVerificationState(filePath) {
+	const { value } = await readJsonFileWithFallback(filePath, null);
+	return value && typeof value === "object" ? value : null;
+}
+async function clearStartupVerificationState(filePath) {
+	await fs.rm(filePath, { force: true }).catch(() => {});
+}
+function resolveStateCooldownMs(state, cooldownMs) {
+	if (state?.outcome === "failed") return Math.min(cooldownMs, DEFAULT_STARTUP_VERIFICATION_FAILURE_COOLDOWN_MS);
+	return cooldownMs;
+}
+function resolveRetryAfterMs(params) {
+	const attemptedAtMs = Date.parse(params.attemptedAt ?? "");
+	if (!Number.isFinite(attemptedAtMs)) return;
+	const remaining = attemptedAtMs + params.cooldownMs - params.nowMs;
+	return remaining > 0 ? remaining : void 0;
+}
+function shouldHonorCooldown(params) {
+	if (!params.state || params.stateCooldownMs <= 0) return false;
+	if (params.state.userId && params.verification.userId && params.state.userId !== params.verification.userId) return false;
+	if (params.state.deviceId && params.verification.deviceId && params.state.deviceId !== params.verification.deviceId) return false;
+	return resolveRetryAfterMs({
+		attemptedAt: params.state.attemptedAt,
+		cooldownMs: params.stateCooldownMs,
+		nowMs: params.nowMs
+	}) !== void 0;
+}
+function hasPendingSelfVerification(verifications) {
+	return verifications.some((entry) => entry.isSelfVerification && !entry.completed && entry.pending);
+}
+async function ensureMatrixStartupVerification(params) {
+	if (params.auth.encryption !== true || !params.client.crypto) return { kind: "unsupported" };
+	const verification = await params.client.getOwnDeviceVerificationStatus();
+	const statePath = params.stateFilePath ?? resolveStartupVerificationStatePath({
+		auth: params.auth,
+		env: params.env
+	});
+	if (verification.verified) {
+		await clearStartupVerificationState(statePath);
+		return {
+			kind: "verified",
+			verification
+		};
+	}
+	if ((params.accountConfig.startupVerification ?? DEFAULT_STARTUP_VERIFICATION_MODE) === "off") {
+		await clearStartupVerificationState(statePath);
+		return {
+			kind: "disabled",
+			verification
+		};
+	}
+	if (hasPendingSelfVerification(await params.client.crypto.listVerifications().catch(() => []))) return {
+		kind: "pending",
+		verification
+	};
+	const cooldownMs = normalizeCooldownHours(params.accountConfig.startupVerificationCooldownHours) * 60 * 60 * 1e3;
+	const nowMs = params.nowMs ?? Date.now();
+	const state = await readStartupVerificationState(statePath);
+	const stateCooldownMs = resolveStateCooldownMs(state, cooldownMs);
+	if (shouldHonorCooldown({
+		state,
+		verification,
+		stateCooldownMs,
+		nowMs
+	})) return {
+		kind: "cooldown",
+		verification,
+		retryAfterMs: resolveRetryAfterMs({
+			attemptedAt: state?.attemptedAt,
+			cooldownMs: stateCooldownMs,
+			nowMs
+		})
+	};
+	try {
+		const request = await params.client.crypto.requestVerification({ ownUser: true });
+		await writeJsonFileAtomically(statePath, {
+			userId: verification.userId,
+			deviceId: verification.deviceId,
+			attemptedAt: new Date(nowMs).toISOString(),
+			outcome: "requested",
+			requestId: request.id,
+			transactionId: request.transactionId
+		});
+		return {
+			kind: "requested",
+			verification,
+			requestId: request.id,
+			transactionId: request.transactionId ?? void 0
+		};
+	} catch (err) {
+		const error = formatMatrixErrorMessage(err);
+		await writeJsonFileAtomically(statePath, {
+			userId: verification.userId,
+			deviceId: verification.deviceId,
+			attemptedAt: new Date(nowMs).toISOString(),
+			outcome: "failed",
+			error
+		}).catch(() => {});
+		return {
+			kind: "request-failed",
+			verification,
+			error
+		};
+	}
+}
+//#endregion
+export { ensureMatrixStartupVerification };

package/dist/storage-paths-BJLdnCjV.js

@@ -0,0 +1,52 @@
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id";
+import { normalizeLowercaseStringOrEmpty } from "openclaw/plugin-sdk/string-coerce-runtime";
+import path from "node:path";
+import crypto from "node:crypto";
+//#region extensions/matrix/src/storage-paths.ts
+function sanitizeMatrixPathSegment(value) {
+	return normalizeLowercaseStringOrEmpty(value).replace(/[^a-z0-9._-]+/g, "_").replace(/^_+|_+$/g, "") || "unknown";
+}
+function resolveMatrixHomeserverKey(homeserver) {
+	try {
+		const url = new URL(homeserver);
+		if (url.host) return sanitizeMatrixPathSegment(url.host);
+	} catch {}
+	return sanitizeMatrixPathSegment(homeserver);
+}
+function hashMatrixAccessToken(accessToken) {
+	return crypto.createHash("sha256").update(accessToken).digest("hex").slice(0, 16);
+}
+function resolveMatrixCredentialsFilename(accountId) {
+	const normalized = normalizeAccountId(accountId);
+	return normalized === DEFAULT_ACCOUNT_ID ? "credentials.json" : `credentials-${normalized}.json`;
+}
+function resolveMatrixCredentialsDir(stateDir) {
+	return path.join(stateDir, "credentials", "matrix");
+}
+function resolveMatrixCredentialsPath(params) {
+	return path.join(resolveMatrixCredentialsDir(params.stateDir), resolveMatrixCredentialsFilename(params.accountId));
+}
+function resolveMatrixLegacyFlatStoreRoot(stateDir) {
+	return path.join(stateDir, "matrix");
+}
+function resolveMatrixLegacyFlatStoragePaths(stateDir) {
+	const rootDir = resolveMatrixLegacyFlatStoreRoot(stateDir);
+	return {
+		rootDir,
+		storagePath: path.join(rootDir, "bot-storage.json"),
+		cryptoPath: path.join(rootDir, "crypto")
+	};
+}
+function resolveMatrixAccountStorageRoot(params) {
+	const accountKey = sanitizeMatrixPathSegment(params.accountId ?? DEFAULT_ACCOUNT_ID);
+	const userKey = sanitizeMatrixPathSegment(params.userId);
+	const serverKey = resolveMatrixHomeserverKey(params.homeserver);
+	const tokenHash = hashMatrixAccessToken(params.accessToken);
+	return {
+		rootDir: path.join(params.stateDir, "matrix", "accounts", accountKey, `${serverKey}__${userKey}`, tokenHash),
+		accountKey,
+		tokenHash
+	};
+}
+//#endregion
+export { resolveMatrixCredentialsPath as a, resolveMatrixLegacyFlatStoreRoot as c, resolveMatrixCredentialsFilename as i, sanitizeMatrixPathSegment as l, resolveMatrixAccountStorageRoot as n, resolveMatrixHomeserverKey as o, resolveMatrixCredentialsDir as r, resolveMatrixLegacyFlatStoragePaths as s, hashMatrixAccessToken as t };