@openclaw/matrix 2026.5.12 → 2026.5.14-beta.2

package/dist/exec-approvals-Crnh543m.js

@@ -1,196 +0,0 @@
-import { i as resolveMatrixAccount, t as listMatrixAccountIds } from "./accounts-Bm90Rzvp.js";
-import { t as normalizeMatrixApproverId } from "./approval-ids-DoC2z7tR.js";
-import { normalizeLowercaseStringOrEmpty } from "openclaw/plugin-sdk/string-coerce-runtime";
-import { resolveApprovalRequestChannelAccountId } from "openclaw/plugin-sdk/approval-native-runtime";
-import { createResolvedApproverActionAuthAdapter, resolveApprovalApprovers } from "openclaw/plugin-sdk/approval-auth-runtime";
-import { createChannelExecApprovalProfile, getExecApprovalReplyMetadata, isChannelExecApprovalClientEnabledFromConfig, isChannelExecApprovalTargetRecipient, matchesApprovalRequestFilters } from "openclaw/plugin-sdk/approval-client-runtime";
-import { normalizeAccountId } from "openclaw/plugin-sdk/routing";
-//#region extensions/matrix/src/approval-auth.ts
-function getMatrixApprovalAuthApprovers(params) {
-	return resolveApprovalApprovers({
-		allowFrom: resolveMatrixAccount(params).config.dm?.allowFrom,
-		normalizeApprover: normalizeMatrixApproverId
-	});
-}
-const matrixApprovalAuth = createResolvedApproverActionAuthAdapter({
-	channelLabel: "Matrix",
-	resolveApprovers: ({ cfg, accountId }) => getMatrixApprovalAuthApprovers({
-		cfg,
-		accountId
-	}),
-	normalizeSenderId: (value) => normalizeMatrixApproverId(value)
-});
-//#endregion
-//#region extensions/matrix/src/exec-approvals.ts
-function normalizeMatrixExecApproverId(value) {
-	const normalized = normalizeMatrixApproverId(value);
-	return normalized === "*" ? void 0 : normalized;
-}
-function resolveMatrixExecApprovalConfig(params) {
-	const account = resolveMatrixAccount(params);
-	const config = account.config.execApprovals;
-	if (!config) return;
-	return {
-		...config,
-		enabled: account.enabled && account.configured ? config.enabled : false
-	};
-}
-function countMatrixExecApprovalEligibleAccounts(params) {
-	return listMatrixAccountIds(params.cfg).filter((accountId) => {
-		const account = resolveMatrixAccount({
-			cfg: params.cfg,
-			accountId
-		});
-		if (!account.enabled || !account.configured) return false;
-		const config = resolveMatrixExecApprovalConfig({
-			cfg: params.cfg,
-			accountId
-		});
-		const filters = config?.enabled ? {
-			agentFilter: config.agentFilter,
-			sessionFilter: config.sessionFilter
-		} : {
-			agentFilter: void 0,
-			sessionFilter: void 0
-		};
-		return isChannelExecApprovalClientEnabledFromConfig({
-			enabled: config?.enabled,
-			approverCount: getMatrixApprovalApprovers({
-				cfg: params.cfg,
-				accountId,
-				approvalKind: params.approvalKind
-			}).length
-		}) && matchesApprovalRequestFilters({
-			request: params.request.request,
-			agentFilter: filters.agentFilter,
-			sessionFilter: filters.sessionFilter
-		});
-	}).length;
-}
-function matchesMatrixRequestAccount(params) {
-	const turnSourceChannel = normalizeLowercaseStringOrEmpty(params.request.request.turnSourceChannel);
-	const boundAccountId = resolveApprovalRequestChannelAccountId({
-		cfg: params.cfg,
-		request: params.request,
-		channel: "matrix"
-	});
-	if (turnSourceChannel && turnSourceChannel !== "matrix" && !boundAccountId) return countMatrixExecApprovalEligibleAccounts({
-		cfg: params.cfg,
-		request: params.request,
-		approvalKind: params.approvalKind
-	}) <= 1;
-	return !boundAccountId || !params.accountId || normalizeAccountId(boundAccountId) === normalizeAccountId(params.accountId);
-}
-function getMatrixExecApprovalApprovers(params) {
-	const account = resolveMatrixAccount(params).config;
-	return resolveApprovalApprovers({
-		explicit: account.execApprovals?.approvers,
-		allowFrom: account.dm?.allowFrom,
-		normalizeApprover: normalizeMatrixExecApproverId
-	});
-}
-function resolveMatrixApprovalKind(request) {
-	return request.id.startsWith("plugin:") ? "plugin" : "exec";
-}
-function getMatrixApprovalApprovers(params) {
-	if (params.approvalKind === "plugin") return getMatrixApprovalAuthApprovers({
-		cfg: params.cfg,
-		accountId: params.accountId
-	});
-	return getMatrixExecApprovalApprovers(params);
-}
-function isMatrixExecApprovalTargetRecipient(params) {
-	return isChannelExecApprovalTargetRecipient({
-		...params,
-		channel: "matrix",
-		normalizeSenderId: normalizeMatrixApproverId,
-		matchTarget: ({ target, normalizedSenderId }) => normalizeMatrixApproverId(target.to) === normalizedSenderId
-	});
-}
-const matrixExecApprovalProfile = createChannelExecApprovalProfile({
-	resolveConfig: resolveMatrixExecApprovalConfig,
-	resolveApprovers: getMatrixExecApprovalApprovers,
-	normalizeSenderId: normalizeMatrixApproverId,
-	isTargetRecipient: isMatrixExecApprovalTargetRecipient,
-	matchesRequestAccount: (params) => matchesMatrixRequestAccount({
-		...params,
-		approvalKind: "exec"
-	})
-});
-const isMatrixExecApprovalClientEnabled = matrixExecApprovalProfile.isClientEnabled;
-matrixExecApprovalProfile.isApprover;
-const isMatrixExecApprovalAuthorizedSender = matrixExecApprovalProfile.isAuthorizedSender;
-const resolveMatrixExecApprovalTarget = matrixExecApprovalProfile.resolveTarget;
-matrixExecApprovalProfile.shouldHandleRequest;
-function isMatrixApprovalClientEnabled(params) {
-	if (params.approvalKind === "exec") return isMatrixExecApprovalClientEnabled(params);
-	return isChannelExecApprovalClientEnabledFromConfig({
-		enabled: resolveMatrixExecApprovalConfig(params)?.enabled,
-		approverCount: getMatrixApprovalApprovers(params).length
-	});
-}
-function isMatrixAnyApprovalClientEnabled(params) {
-	return isMatrixApprovalClientEnabled({
-		...params,
-		approvalKind: "exec"
-	}) || isMatrixApprovalClientEnabled({
-		...params,
-		approvalKind: "plugin"
-	});
-}
-function shouldHandleMatrixApprovalRequest(params) {
-	const approvalKind = resolveMatrixApprovalKind(params.request);
-	if (!matchesMatrixRequestAccount({
-		...params,
-		approvalKind
-	})) return false;
-	const config = resolveMatrixExecApprovalConfig(params);
-	if (!isChannelExecApprovalClientEnabledFromConfig({
-		enabled: config?.enabled,
-		approverCount: getMatrixApprovalApprovers({
-			...params,
-			approvalKind
-		}).length
-	})) return false;
-	return matchesApprovalRequestFilters({
-		request: params.request.request,
-		agentFilter: config?.agentFilter,
-		sessionFilter: config?.sessionFilter
-	});
-}
-function buildFilterCheckRequest(params) {
-	if (params.metadata.approvalKind === "plugin") return {
-		id: params.metadata.approvalId,
-		request: {
-			title: "Plugin Approval Required",
-			description: "",
-			agentId: params.metadata.agentId ?? null,
-			sessionKey: params.metadata.sessionKey ?? null
-		},
-		createdAtMs: 0,
-		expiresAtMs: 0
-	};
-	return {
-		id: params.metadata.approvalId,
-		request: {
-			command: "",
-			agentId: params.metadata.agentId ?? null,
-			sessionKey: params.metadata.sessionKey ?? null
-		},
-		createdAtMs: 0,
-		expiresAtMs: 0
-	};
-}
-function shouldSuppressLocalMatrixExecApprovalPrompt(params) {
-	if (!matrixExecApprovalProfile.shouldSuppressLocalPrompt(params)) return false;
-	const metadata = getExecApprovalReplyMetadata(params.payload);
-	if (!metadata) return false;
-	const request = buildFilterCheckRequest({ metadata });
-	return shouldHandleMatrixApprovalRequest({
-		cfg: params.cfg,
-		accountId: params.accountId,
-		request
-	});
-}
-//#endregion
-export { isMatrixExecApprovalAuthorizedSender as a, shouldHandleMatrixApprovalRequest as c, matrixApprovalAuth as d, isMatrixApprovalClientEnabled as i, shouldSuppressLocalMatrixExecApprovalPrompt as l, getMatrixExecApprovalApprovers as n, isMatrixExecApprovalClientEnabled as o, isMatrixAnyApprovalClientEnabled as r, resolveMatrixExecApprovalTarget as s, getMatrixApprovalApprovers as t, getMatrixApprovalAuthApprovers as u };

package/dist/probe.runtime-NE73hi9o.js

@@ -1,3 +0,0 @@
-import { t as createMatrixClient } from "./create-client-DpoW106T.js";
-import "./client-CyxIx4Fv.js";
-export { createMatrixClient };

package/dist/profile-BlHu0wDX.js

@@ -1,111 +0,0 @@
-import { t as __exportAll } from "./rolldown-runtime-DUslC3ob.js";
-import { normalizeLowercaseStringOrEmpty, normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime";
-//#region extensions/matrix/src/matrix/profile.ts
-var profile_exports = /* @__PURE__ */ __exportAll({
-	MATRIX_PROFILE_AVATAR_MAX_BYTES: () => MATRIX_PROFILE_AVATAR_MAX_BYTES,
-	isMatrixHttpAvatarUri: () => isMatrixHttpAvatarUri,
-	isMatrixMxcUri: () => isMatrixMxcUri,
-	isSupportedMatrixAvatarSource: () => isSupportedMatrixAvatarSource,
-	syncMatrixOwnProfile: () => syncMatrixOwnProfile
-});
-const MATRIX_PROFILE_AVATAR_MAX_BYTES = 10 * 1024 * 1024;
-function isMatrixMxcUri(value) {
-	return normalizeLowercaseStringOrEmpty(normalizeOptionalString(value)).startsWith("mxc://");
-}
-function isMatrixHttpAvatarUri(value) {
-	const normalized = normalizeLowercaseStringOrEmpty(normalizeOptionalString(value));
-	return normalized.startsWith("https://") || normalized.startsWith("http://");
-}
-function isSupportedMatrixAvatarSource(value) {
-	return isMatrixMxcUri(value) || isMatrixHttpAvatarUri(value);
-}
-async function uploadAvatarMedia(params) {
-	const media = await params.loadAvatar(params.avatarSource, params.avatarMaxBytes);
-	return await params.client.uploadContent(media.buffer, media.contentType, media.fileName || "avatar");
-}
-async function resolveAvatarUrl(params) {
-	const avatarPath = normalizeOptionalString(params.avatarPath) ?? null;
-	if (avatarPath) {
-		if (!params.loadAvatarFromPath) throw new Error("Matrix avatar path upload requires a media loader.");
-		return {
-			resolvedAvatarUrl: await uploadAvatarMedia({
-				client: params.client,
-				avatarSource: avatarPath,
-				avatarMaxBytes: params.avatarMaxBytes,
-				loadAvatar: params.loadAvatarFromPath
-			}),
-			uploadedAvatarSource: "path",
-			convertedAvatarFromHttp: false
-		};
-	}
-	const avatarUrl = normalizeOptionalString(params.avatarUrl) ?? null;
-	if (!avatarUrl) return {
-		resolvedAvatarUrl: null,
-		uploadedAvatarSource: null,
-		convertedAvatarFromHttp: false
-	};
-	if (isMatrixMxcUri(avatarUrl)) return {
-		resolvedAvatarUrl: avatarUrl,
-		uploadedAvatarSource: null,
-		convertedAvatarFromHttp: false
-	};
-	if (!isMatrixHttpAvatarUri(avatarUrl)) throw new Error("Matrix avatar URL must be an mxc:// URI or an http(s) URL.");
-	if (!params.loadAvatarFromUrl) throw new Error("Matrix avatar URL conversion requires a media loader.");
-	return {
-		resolvedAvatarUrl: await uploadAvatarMedia({
-			client: params.client,
-			avatarSource: avatarUrl,
-			avatarMaxBytes: params.avatarMaxBytes,
-			loadAvatar: params.loadAvatarFromUrl
-		}),
-		uploadedAvatarSource: "http",
-		convertedAvatarFromHttp: true
-	};
-}
-async function syncMatrixOwnProfile(params) {
-	const desiredDisplayName = normalizeOptionalString(params.displayName) ?? null;
-	const avatar = await resolveAvatarUrl({
-		client: params.client,
-		avatarUrl: params.avatarUrl ?? null,
-		avatarPath: params.avatarPath ?? null,
-		avatarMaxBytes: params.avatarMaxBytes ?? 10485760,
-		loadAvatarFromUrl: params.loadAvatarFromUrl,
-		loadAvatarFromPath: params.loadAvatarFromPath
-	});
-	const desiredAvatarUrl = avatar.resolvedAvatarUrl;
-	if (!desiredDisplayName && !desiredAvatarUrl) return {
-		skipped: true,
-		displayNameUpdated: false,
-		avatarUpdated: false,
-		resolvedAvatarUrl: null,
-		uploadedAvatarSource: avatar.uploadedAvatarSource,
-		convertedAvatarFromHttp: avatar.convertedAvatarFromHttp
-	};
-	let currentDisplayName;
-	let currentAvatarUrl;
-	try {
-		const currentProfile = await params.client.getUserProfile(params.userId);
-		currentDisplayName = normalizeOptionalString(currentProfile.displayname);
-		currentAvatarUrl = normalizeOptionalString(currentProfile.avatar_url);
-	} catch {}
-	let displayNameUpdated = false;
-	let avatarUpdated = false;
-	if (desiredDisplayName && currentDisplayName !== desiredDisplayName) {
-		await params.client.setDisplayName(desiredDisplayName);
-		displayNameUpdated = true;
-	}
-	if (desiredAvatarUrl && currentAvatarUrl !== desiredAvatarUrl) {
-		await params.client.setAvatarUrl(desiredAvatarUrl);
-		avatarUpdated = true;
-	}
-	return {
-		skipped: false,
-		displayNameUpdated,
-		avatarUpdated,
-		resolvedAvatarUrl: desiredAvatarUrl,
-		uploadedAvatarSource: avatar.uploadedAvatarSource,
-		convertedAvatarFromHttp: avatar.convertedAvatarFromHttp
-	};
-}
-//#endregion
-export { profile_exports as n, syncMatrixOwnProfile as r, isSupportedMatrixAvatarSource as t };

package/dist/recovery-key-store-BTJ6jz5v.js

@@ -1,294 +0,0 @@
-import { n as formatMatrixErrorReason, t as formatMatrixErrorMessage } from "./errors-CTcpEDq-.js";
-import { n as LogService } from "./logger-CnZRVrux.js";
-import { loadJsonFile, saveJsonFile } from "openclaw/plugin-sdk/json-store";
-import { decodeRecoveryKey } from "matrix-js-sdk/lib/crypto-api/recovery-key.js";
-//#region extensions/matrix/src/matrix/sdk/idb-persistence-lock.ts
-const MATRIX_IDB_PERSIST_INTERVAL_MS = 6e4;
-const IDB_SNAPSHOT_LOCK_STALE_MS = 5 * 6e4;
-const IDB_SNAPSHOT_LOCK_RETRY_BASE = {
-	factor: 2,
-	minTimeout: 50,
-	maxTimeout: 5e3,
-	randomize: true
-};
-function computeRetryDelayMs(retries, attempt) {
-	return Math.min(retries.maxTimeout, Math.max(retries.minTimeout, retries.minTimeout * retries.factor ** attempt));
-}
-function computeMinimumRetryWindowMs(retries) {
-	let total = 0;
-	const attempts = Math.max(1, retries.retries + 1);
-	for (let attempt = 0; attempt < attempts - 1; attempt += 1) total += computeRetryDelayMs(retries, attempt);
-	return total;
-}
-function resolveRetriesForMinimumWindowMs(retries, minimumWindowMs) {
-	const resolved = {
-		...retries,
-		retries: 0
-	};
-	while (computeMinimumRetryWindowMs(resolved) < minimumWindowMs) resolved.retries += 1;
-	return resolved;
-}
-const MATRIX_IDB_SNAPSHOT_LOCK_OPTIONS = {
-	retries: resolveRetriesForMinimumWindowMs(IDB_SNAPSHOT_LOCK_RETRY_BASE, MATRIX_IDB_PERSIST_INTERVAL_MS),
-	stale: IDB_SNAPSHOT_LOCK_STALE_MS
-};
-//#endregion
-//#region extensions/matrix/src/matrix/sdk/recovery-key-store.ts
-function isRepairableSecretStorageAccessError(err) {
-	const message = formatMatrixErrorReason(err);
-	if (!message) return false;
-	if (message.includes("getsecretstoragekey callback returned falsey")) return true;
-	if (message.includes("decrypting secret") && message.includes("bad mac")) return true;
-	return false;
-}
-var MatrixRecoveryKeyStore = class {
-	constructor(recoveryKeyPath) {
-		this.recoveryKeyPath = recoveryKeyPath;
-		this.secretStorageKeyCache = /* @__PURE__ */ new Map();
-		this.stagedRecoveryKey = null;
-		this.stagedRecoveryKeyUsed = false;
-		this.stagedCacheKeyIds = /* @__PURE__ */ new Set();
-	}
-	buildCryptoCallbacks() {
-		return {
-			getSecretStorageKey: async ({ keys }) => {
-				const requestedKeyIds = Object.keys(keys ?? {});
-				if (requestedKeyIds.length === 0) return null;
-				const staged = this.resolveStagedSecretStorageKey(requestedKeyIds);
-				if (staged) return staged;
-				for (const keyId of requestedKeyIds) {
-					const cached = this.secretStorageKeyCache.get(keyId);
-					if (cached) return [keyId, new Uint8Array(cached.key)];
-				}
-				const stored = this.loadStoredRecoveryKey();
-				if (!stored?.privateKeyBase64) return null;
-				const privateKey = new Uint8Array(Buffer.from(stored.privateKeyBase64, "base64"));
-				if (privateKey.length === 0) return null;
-				if (stored.keyId && requestedKeyIds.includes(stored.keyId)) {
-					this.rememberSecretStorageKey(stored.keyId, privateKey, stored.keyInfo);
-					return [stored.keyId, privateKey];
-				}
-				const firstRequestedKeyId = requestedKeyIds[0];
-				if (!firstRequestedKeyId) return null;
-				this.rememberSecretStorageKey(firstRequestedKeyId, privateKey, stored.keyInfo);
-				return [firstRequestedKeyId, privateKey];
-			},
-			cacheSecretStorageKey: (keyId, keyInfo, key) => {
-				const privateKey = new Uint8Array(key);
-				const normalizedKeyInfo = {
-					passphrase: keyInfo?.passphrase,
-					name: typeof keyInfo?.name === "string" ? keyInfo.name : void 0
-				};
-				this.rememberSecretStorageKey(keyId, privateKey, normalizedKeyInfo);
-				const stored = this.loadStoredRecoveryKey();
-				this.saveRecoveryKeyToDisk({
-					keyId,
-					keyInfo: normalizedKeyInfo,
-					privateKey,
-					encodedPrivateKey: stored?.encodedPrivateKey
-				});
-			}
-		};
-	}
-	getRecoveryKeySummary() {
-		const stored = this.loadStoredRecoveryKey();
-		if (!stored) return null;
-		return {
-			encodedPrivateKey: stored.encodedPrivateKey,
-			keyId: stored.keyId,
-			createdAt: stored.createdAt
-		};
-	}
-	resolveEncodedRecoveryKeyInput(params) {
-		const encodedPrivateKey = params.encodedPrivateKey.trim();
-		if (!encodedPrivateKey) throw new Error("Matrix recovery key is required");
-		let privateKey;
-		try {
-			privateKey = decodeRecoveryKey(encodedPrivateKey);
-		} catch (err) {
-			throw new Error(`Invalid Matrix recovery key: ${formatMatrixErrorMessage(err)}`, { cause: err });
-		}
-		const keyId = typeof params.keyId === "string" && params.keyId.trim() ? params.keyId.trim() : null;
-		return {
-			encodedPrivateKey,
-			privateKey,
-			keyId,
-			keyInfo: params.keyInfo ?? this.loadStoredRecoveryKey()?.keyInfo
-		};
-	}
-	storeEncodedRecoveryKey(params) {
-		const prepared = this.resolveEncodedRecoveryKeyInput(params);
-		this.saveRecoveryKeyToDisk({
-			keyId: prepared.keyId,
-			keyInfo: prepared.keyInfo,
-			privateKey: prepared.privateKey,
-			encodedPrivateKey: prepared.encodedPrivateKey
-		});
-		if (prepared.keyId) this.rememberSecretStorageKey(prepared.keyId, prepared.privateKey, prepared.keyInfo);
-		return this.getRecoveryKeySummary() ?? {};
-	}
-	stageEncodedRecoveryKey(params) {
-		const prepared = this.resolveEncodedRecoveryKeyInput(params);
-		this.discardStagedRecoveryKey();
-		this.stagedRecoveryKey = {
-			version: 1,
-			createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-			keyId: prepared.keyId,
-			encodedPrivateKey: prepared.encodedPrivateKey,
-			privateKeyBase64: Buffer.from(prepared.privateKey).toString("base64"),
-			keyInfo: prepared.keyInfo
-		};
-	}
-	hasStagedRecoveryKeyBeenUsed() {
-		return this.stagedRecoveryKeyUsed;
-	}
-	commitStagedRecoveryKey(params) {
-		if (!this.stagedRecoveryKey) return this.getRecoveryKeySummary();
-		const staged = this.stagedRecoveryKey;
-		const privateKey = new Uint8Array(Buffer.from(staged.privateKeyBase64, "base64"));
-		const keyId = typeof params?.keyId === "string" && params.keyId.trim() ? params.keyId.trim() : staged.keyId;
-		this.saveRecoveryKeyToDisk({
-			keyId,
-			keyInfo: params?.keyInfo ?? staged.keyInfo,
-			privateKey,
-			encodedPrivateKey: staged.encodedPrivateKey
-		});
-		this.clearStagedRecoveryKeyTracking();
-		return this.getRecoveryKeySummary();
-	}
-	discardStagedRecoveryKey() {
-		for (const keyId of this.stagedCacheKeyIds) this.secretStorageKeyCache.delete(keyId);
-		this.clearStagedRecoveryKeyTracking();
-	}
-	async bootstrapSecretStorageWithRecoveryKey(crypto, options = {}) {
-		let status = null;
-		const getSecretStorageStatus = crypto.getSecretStorageStatus;
-		if (typeof getSecretStorageStatus === "function") try {
-			status = await getSecretStorageStatus.call(crypto);
-		} catch (err) {
-			LogService.warn("MatrixClientLite", "Failed to read secret storage status:", err);
-		}
-		const hasDefaultSecretStorageKey = Boolean(status?.defaultKeyId);
-		const hasKnownInvalidSecrets = Object.values(status?.secretStorageKeyValidityMap ?? {}).some((valid) => !valid);
-		let generatedRecoveryKey = false;
-		const storedRecovery = this.loadStoredRecoveryKey();
-		const stagedRecovery = this.stagedRecoveryKey;
-		const sourceRecovery = options.forceNewRecoveryKey === true ? null : stagedRecovery ?? storedRecovery;
-		let recoveryKey = sourceRecovery ? {
-			keyInfo: sourceRecovery.keyInfo,
-			privateKey: new Uint8Array(Buffer.from(sourceRecovery.privateKeyBase64, "base64")),
-			encodedPrivateKey: sourceRecovery.encodedPrivateKey
-		} : null;
-		if (recoveryKey && status?.defaultKeyId) {
-			const defaultKeyId = status.defaultKeyId;
-			if (!stagedRecovery) {
-				this.rememberSecretStorageKey(defaultKeyId, recoveryKey.privateKey, recoveryKey.keyInfo);
-				if (storedRecovery && storedRecovery.keyId !== defaultKeyId) this.saveRecoveryKeyToDisk({
-					keyId: defaultKeyId,
-					keyInfo: recoveryKey.keyInfo,
-					privateKey: recoveryKey.privateKey,
-					encodedPrivateKey: recoveryKey.encodedPrivateKey
-				});
-			}
-		}
-		const ensureRecoveryKey = async () => {
-			if (recoveryKey) {
-				if (stagedRecovery) this.stagedRecoveryKeyUsed = true;
-				return recoveryKey;
-			}
-			if (typeof crypto.createRecoveryKeyFromPassphrase !== "function") throw new Error("Matrix crypto backend does not support recovery key generation (createRecoveryKeyFromPassphrase missing)");
-			recoveryKey = await crypto.createRecoveryKeyFromPassphrase();
-			this.saveRecoveryKeyToDisk(recoveryKey);
-			generatedRecoveryKey = true;
-			return recoveryKey;
-		};
-		const shouldRecreateSecretStorage = options.forceNewSecretStorage === true || !hasDefaultSecretStorageKey || !recoveryKey && status?.ready === false || hasKnownInvalidSecrets;
-		if (hasKnownInvalidSecrets) recoveryKey = null;
-		const secretStorageOptions = { setupNewKeyBackup: options.setupNewKeyBackup === true };
-		if (shouldRecreateSecretStorage) {
-			secretStorageOptions.setupNewSecretStorage = true;
-			secretStorageOptions.createSecretStorageKey = ensureRecoveryKey;
-		}
-		try {
-			await crypto.bootstrapSecretStorage(secretStorageOptions);
-		} catch (err) {
-			if (!(options.allowSecretStorageRecreateWithoutRecoveryKey === true && hasDefaultSecretStorageKey && isRepairableSecretStorageAccessError(err))) throw err;
-			recoveryKey = null;
-			LogService.warn("MatrixClientLite", "Secret storage exists on the server but local recovery material cannot unlock it; recreating secret storage during explicit bootstrap.");
-			await crypto.bootstrapSecretStorage({
-				setupNewSecretStorage: true,
-				setupNewKeyBackup: options.setupNewKeyBackup === true,
-				createSecretStorageKey: ensureRecoveryKey
-			});
-		}
-		if (generatedRecoveryKey && this.recoveryKeyPath) LogService.warn("MatrixClientLite", `Generated Matrix recovery key and saved it to ${this.recoveryKeyPath}. Keep this file secure.`);
-	}
-	clearStagedRecoveryKeyTracking() {
-		this.stagedRecoveryKey = null;
-		this.stagedRecoveryKeyUsed = false;
-		this.stagedCacheKeyIds.clear();
-	}
-	resolveStagedSecretStorageKey(requestedKeyIds) {
-		const staged = this.stagedRecoveryKey;
-		if (!staged?.privateKeyBase64) return null;
-		const privateKey = new Uint8Array(Buffer.from(staged.privateKeyBase64, "base64"));
-		if (privateKey.length === 0) return null;
-		const keyId = staged.keyId && requestedKeyIds.includes(staged.keyId) ? staged.keyId : requestedKeyIds[0];
-		if (!keyId) return null;
-		this.rememberStagedSecretStorageKey(keyId, privateKey, staged.keyInfo);
-		this.stagedCacheKeyIds.add(keyId);
-		return [keyId, privateKey];
-	}
-	rememberStagedSecretStorageKey(keyId, key, keyInfo) {
-		this.stagedRecoveryKeyUsed = true;
-		this.rememberSecretStorageKey(keyId, key, keyInfo);
-	}
-	rememberSecretStorageKey(keyId, key, keyInfo) {
-		if (!keyId.trim()) return;
-		this.secretStorageKeyCache.set(keyId, {
-			key: new Uint8Array(key),
-			keyInfo
-		});
-	}
-	loadStoredRecoveryKey() {
-		if (!this.recoveryKeyPath) return null;
-		try {
-			const parsed = loadJsonFile(this.recoveryKeyPath);
-			if (parsed?.version !== 1 || typeof parsed.createdAt !== "string" || typeof parsed.privateKeyBase64 !== "string" || !parsed.privateKeyBase64.trim()) return null;
-			return {
-				version: 1,
-				createdAt: parsed.createdAt,
-				keyId: typeof parsed.keyId === "string" ? parsed.keyId : null,
-				encodedPrivateKey: typeof parsed.encodedPrivateKey === "string" ? parsed.encodedPrivateKey : void 0,
-				privateKeyBase64: parsed.privateKeyBase64,
-				keyInfo: parsed.keyInfo && typeof parsed.keyInfo === "object" ? {
-					passphrase: parsed.keyInfo.passphrase,
-					name: typeof parsed.keyInfo.name === "string" ? parsed.keyInfo.name : void 0
-				} : void 0
-			};
-		} catch {
-			return null;
-		}
-	}
-	saveRecoveryKeyToDisk(params) {
-		if (!this.recoveryKeyPath) return;
-		try {
-			const payload = {
-				version: 1,
-				createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-				keyId: typeof params.keyId === "string" ? params.keyId : null,
-				encodedPrivateKey: params.encodedPrivateKey,
-				privateKeyBase64: Buffer.from(params.privateKey).toString("base64"),
-				keyInfo: params.keyInfo ? {
-					passphrase: params.keyInfo.passphrase,
-					name: params.keyInfo.name
-				} : void 0
-			};
-			saveJsonFile(this.recoveryKeyPath, payload);
-		} catch (err) {
-			LogService.warn("MatrixClientLite", "Failed to persist recovery key:", err);
-		}
-	}
-};
-//#endregion
-export { MATRIX_IDB_SNAPSHOT_LOCK_OPTIONS as i, isRepairableSecretStorageAccessError as n, MATRIX_IDB_PERSIST_INTERVAL_MS as r, MatrixRecoveryKeyStore as t };

package/dist/session-store-metadata-DQXjgNLt.js

@@ -1,77 +0,0 @@
-import { a as resolveMatrixTargetIdentity, i as resolveMatrixDirectUserId } from "./target-ids-80nQ2gql.js";
-import { normalizeAccountId } from "openclaw/plugin-sdk/account-id";
-import { addAllowlistUserEntriesFromConfigEntry, buildAllowlistResolutionSummary, canonicalizeAllowlistWithResolvedIds, patchAllowlistUsersInConfigEntries, summarizeMapping } from "openclaw/plugin-sdk/allow-from";
-import { createReplyPrefixOptions, createTypingCallbacks } from "openclaw/plugin-sdk/channel-reply-options-runtime";
-import { formatLocationText, toLocationContext } from "openclaw/plugin-sdk/channel-location";
-import { getAgentScopedMediaLocalRoots } from "openclaw/plugin-sdk/agent-media-payload";
-import { logInboundDrop, logTypingFailure } from "openclaw/plugin-sdk/channel-logging";
-import { buildChannelKeyCandidates, resolveChannelEntryMatch } from "openclaw/plugin-sdk/channel-targets";
-//#region extensions/matrix/src/matrix/monitor/rooms.ts
-function readLegacyRoomAllowAlias(room) {
-	const rawRoom = room;
-	return typeof rawRoom?.allow === "boolean" ? rawRoom.allow : void 0;
-}
-function resolveMatrixRoomConfig(params) {
-	const rooms = params.rooms ?? {};
-	const allowlistConfigured = Object.keys(rooms).length > 0;
-	const { entry: matched, key: matchedKey, wildcardEntry, wildcardKey } = resolveChannelEntryMatch({
-		entries: rooms,
-		keys: buildChannelKeyCandidates(params.roomId, `room:${params.roomId}`, ...params.aliases),
-		wildcardKey: "*"
-	});
-	const resolved = matched ?? wildcardEntry;
-	const legacyAllow = readLegacyRoomAllowAlias(resolved);
-	return {
-		allowed: resolved ? resolved.enabled !== false && legacyAllow !== false : false,
-		allowlistConfigured,
-		config: resolved,
-		matchKey: matchedKey ?? wildcardKey,
-		matchSource: matched ? "direct" : wildcardEntry ? "wildcard" : void 0
-	};
-}
-//#endregion
-//#region extensions/matrix/src/matrix/session-store-metadata.ts
-function trimMaybeString(value) {
-	if (typeof value !== "string") return;
-	const trimmed = value.trim();
-	return trimmed.length > 0 ? trimmed : void 0;
-}
-function resolveMatrixRoomTargetId(value) {
-	const trimmed = trimMaybeString(value);
-	if (!trimmed) return;
-	const target = resolveMatrixTargetIdentity(trimmed);
-	return target?.kind === "room" && target.id.startsWith("!") ? target.id : void 0;
-}
-function resolveMatrixSessionAccountId(value) {
-	const trimmed = trimMaybeString(value);
-	return trimmed ? normalizeAccountId(trimmed) : void 0;
-}
-function resolveMatrixStoredRoomId(params) {
-	return resolveMatrixRoomTargetId(params.deliveryTo) ?? resolveMatrixRoomTargetId(params.lastTo) ?? resolveMatrixRoomTargetId(params.originNativeChannelId) ?? resolveMatrixRoomTargetId(params.originTo);
-}
-function resolveMatrixStoredSessionMeta(entry) {
-	if (!entry) return null;
-	const channel = trimMaybeString(entry.deliveryContext?.channel) ?? trimMaybeString(entry.lastChannel) ?? trimMaybeString(entry.origin?.provider);
-	const accountId = resolveMatrixSessionAccountId(entry.deliveryContext?.accountId ?? entry.lastAccountId ?? entry.origin?.accountId) ?? void 0;
-	const roomId = resolveMatrixStoredRoomId({
-		deliveryTo: entry.deliveryContext?.to,
-		lastTo: entry.lastTo,
-		originNativeChannelId: entry.origin?.nativeChannelId,
-		originTo: entry.origin?.to
-	});
-	const chatType = trimMaybeString(entry.origin?.chatType) ?? trimMaybeString(entry.chatType) ?? void 0;
-	const directUserId = chatType === "direct" ? trimMaybeString(entry.origin?.nativeDirectUserId) ?? resolveMatrixDirectUserId({
-		from: trimMaybeString(entry.origin?.from),
-		to: (roomId ? `room:${roomId}` : void 0) ?? trimMaybeString(entry.deliveryContext?.to) ?? trimMaybeString(entry.lastTo) ?? trimMaybeString(entry.origin?.to),
-		chatType
-	}) : void 0;
-	if (!channel && !accountId && !roomId && !directUserId) return null;
-	return {
-		...channel ? { channel } : {},
-		...accountId ? { accountId } : {},
-		...roomId ? { roomId } : {},
-		...directUserId ? { directUserId } : {}
-	};
-}
-//#endregion
-export { canonicalizeAllowlistWithResolvedIds as a, formatLocationText as c, logTypingFailure as d, patchAllowlistUsersInConfigEntries as f, buildAllowlistResolutionSummary as i, getAgentScopedMediaLocalRoots as l, toLocationContext as m, resolveMatrixRoomConfig as n, createReplyPrefixOptions as o, summarizeMapping as p, addAllowlistUserEntriesFromConfigEntry as r, createTypingCallbacks as s, resolveMatrixStoredSessionMeta as t, logInboundDrop as u };