@openclaw/matrix 2026.7.1 → 2026.7.2-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/dist/{account-selection-5e4mHR1m.js → account-selection-Bz00QTmQ.js} +4 -3
  2. package/dist/api.js +8 -8
  3. package/dist/{approval-handler.runtime-DI5x9r8I.js → approval-handler.runtime-BQZdg_dJ.js} +27 -17
  4. package/dist/{approval-ids-ZgqbspmS.js → approval-ids-De4IhOSN.js} +1 -1
  5. package/dist/{approval-reaction-auth-D9LijQhr.js → approval-reaction-auth-BLJKPLku.js} +2 -2
  6. package/dist/approval-reactions-D-BxBK_L.js +202 -0
  7. package/dist/auth-presence.js +1 -1
  8. package/dist/{channel-jUTBsjHU.js → channel-B1woOUgk.js} +103 -143
  9. package/dist/channel-plugin-api.js +1 -1
  10. package/dist/{channel.runtime-DO1Nv9ed.js → channel.runtime-BvJm9z0w.js} +7 -7
  11. package/dist/{cli-CEfWwCKx.js → cli-CLWOkMvw.js} +15 -12
  12. package/dist/{cli-metadata-CfiEO-CE.js → cli-metadata-9Naf7in0.js} +1 -1
  13. package/dist/cli-metadata.js +1 -1
  14. package/dist/{client-FRuyCNju.js → client-BUai6s29.js} +2 -2
  15. package/dist/{client-tgnlQJk4.js → client-CPuYbNL8.js} +4 -4
  16. package/dist/{client-bootstrap-DjFJ7e0N.js → client-bootstrap-CNVF73sF.js} +1 -1
  17. package/dist/{config-schema-DtnhNYd-.js → config-schema-BTSatSY3.js} +27 -63
  18. package/dist/contract-api.js +2 -2
  19. package/dist/{create-client-CNakT7zF.js → create-client-85ttAWDP.js} +3 -3
  20. package/dist/{credentials-Ds9V1mn2.js → credentials-CncWUieb.js} +1 -1
  21. package/dist/{credentials-read-BlkvsNFg.js → credentials-read-CwNJrmwu.js} +2 -2
  22. package/dist/{credentials-write.runtime-CTqqxcut.js → credentials-write.runtime-BDtpqvj0.js} +1 -1
  23. package/dist/{crypto-runtime-B74cTS6A.js → crypto-runtime-DoEB5RpM.js} +74 -44
  24. package/dist/{deps-CdjHvnmh.js → deps-DDbghaZH.js} +23 -90
  25. package/dist/{directory-live-Ufd4qSpX.js → directory-live-0TyS9xep.js} +3 -3
  26. package/dist/doctor-BGTs609f.js +64 -0
  27. package/dist/{doctor-contract-BAja_fmb.js → doctor-contract-D2qTLe-C.js} +72 -6
  28. package/dist/doctor-contract-api.js +323 -45
  29. package/dist/{draft-stream-D4EH25gv.js → draft-stream-GOdPZMBm.js} +1 -1
  30. package/dist/{encryption-guidance-D8walY04.js → encryption-guidance-BFfgq7c7.js} +1 -1
  31. package/dist/{env-auth-DIzOApj0.js → env-auth-CQsYbz-p.js} +1 -1
  32. package/dist/{env-vars-KzaYveuy.js → env-vars-B0NxQnPk.js} +3 -1
  33. package/dist/{exec-approval-resolver-f9j6staN.js → exec-approval-resolver-BCgqRtZS.js} +2 -1
  34. package/dist/{file-sync-store-DVm0ACml.js → file-sync-store-CUE9WwD2.js} +2 -3
  35. package/dist/helper-api.js +4 -4
  36. package/dist/{http-client-nSmFiVgk.js → http-client-Jw5_bwQo.js} +18 -34
  37. package/dist/{idb-persistence-BHm97th-.js → idb-persistence-BiHEEzD7.js} +1 -1
  38. package/dist/inbound-dedupe-CaBLblef.js +48 -0
  39. package/dist/index.js +1 -1
  40. package/dist/{media-text-p-LP21qs.js → media-text-DPCtdFjk.js} +1 -1
  41. package/dist/{messages-DRKkiEY-.js → messages-DCRbGLMh.js} +3 -3
  42. package/dist/{monitor-CsGOGdwu.js → monitor-C5EOF9et.js} +90 -427
  43. package/dist/plugin-entry.handlers.runtime.js +1 -1
  44. package/dist/probe.runtime-BBvciVfo.js +3 -0
  45. package/dist/{profile-update-Ucc8RrJL.js → profile-update-DompcDyu.js} +2 -2
  46. package/dist/{reaction-events-DentrVii.js → reaction-events-QUgxkQKQ.js} +60 -10
  47. package/dist/record-shared-CvzjvHRn.js +2 -0
  48. package/dist/{recovery-key-store-DSeLFvNx.js → recovery-key-store-B2RglalK.js} +1 -1
  49. package/dist/{resolve-targets-DcV_KfgX.js → resolve-targets-Cx1VVArA.js} +1 -1
  50. package/dist/{resolver.runtime-Hr6bO5zl.js → resolver.runtime-PPrv3ZHu.js} +1 -1
  51. package/dist/room-info-B6vKD5DF.js +86 -0
  52. package/dist/{runtime-api-CsBoesCU.js → runtime-api-D1xI_cvh.js} +3 -3
  53. package/dist/runtime-api.js +6 -6
  54. package/dist/{sdk-AZYVl34z.js → sdk-1TXuSiXZ.js} +10 -15
  55. package/dist/{secret-contract-DTgQyQxc.js → secret-contract-OZoQf0kI.js} +7 -48
  56. package/dist/secret-contract-api.js +1 -1
  57. package/dist/{send-D92v6Yy0.js → send-yre1krm8.js} +9 -3
  58. package/dist/session-binding-contract-api.js +1 -1
  59. package/dist/{setup-bootstrap-Da564w5f.js → setup-bootstrap-DXVRCd4G.js} +2 -2
  60. package/dist/{setup-core-BGgbrdaJ.js → setup-core-CYQRY2oG.js} +9 -7
  61. package/dist/setup-plugin-api.js +3 -3
  62. package/dist/{setup-surface-iJ6pd-t5.js → setup-surface-BjvRQzK6.js} +7 -7
  63. package/dist/{shared-DkFfq7mH.js → shared-BfW4lxGu.js} +13 -8
  64. package/dist/{startup-verification-BKMAXvcV.js → startup-verification-DSiyDKM5.js} +2 -3
  65. package/dist/storage-DD-EnNJE.js +718 -0
  66. package/dist/{storage-paths-BWo_ZEMC.js → storage-paths-B4_I9iqO.js} +1 -12
  67. package/dist/{thread-bindings-BX5nmWpw.js → thread-bindings-U5ZroBeZ.js} +3 -4
  68. package/dist/{tool-actions.runtime-C1d5fxE_.js → tool-actions.runtime-BlfTr9b0.js} +246 -53
  69. package/dist/{verification-BGCMiO1p.js → verification-CGnI9k1O.js} +2 -2
  70. package/npm-shrinkwrap.json +3 -3
  71. package/openclaw.plugin.json +136 -125
  72. package/package.json +4 -4
  73. package/dist/approval-reactions-BdUaUXVw.js +0 -113
  74. package/dist/crypto-state-store-Jy3qwhdy.js +0 -352
  75. package/dist/doctor-DfaOqFtr.js +0 -167
  76. package/dist/legacy-crypto-inspector-vzXSkm18.js +0 -42
  77. package/dist/legacy-crypto-restore-CIBfOmLn.js +0 -93
  78. package/dist/matrix-migration.runtime-BMCyrANT.js +0 -524
  79. package/dist/migration-snapshot-backup-YcCrSjbE.js +0 -69
  80. package/dist/migration-snapshot.runtime-VGD4QfeS.js +0 -2
  81. package/dist/probe.runtime-2MZLc6ng.js +0 -3
  82. package/dist/runtime-heavy-api.js +0 -3
  83. package/dist/storage-CQdyKcGg.js +0 -430
@@ -26,17 +26,6 @@ function resolveMatrixCredentialsDir(stateDir) {
26
26
  function resolveMatrixCredentialsPath(params) {
27
27
  return path.join(resolveMatrixCredentialsDir(params.stateDir), resolveMatrixCredentialsFilename(params.accountId));
28
28
  }
29
- function resolveMatrixLegacyFlatStoreRoot(stateDir) {
30
- return path.join(stateDir, "matrix");
31
- }
32
- function resolveMatrixLegacyFlatStoragePaths(stateDir) {
33
- const rootDir = resolveMatrixLegacyFlatStoreRoot(stateDir);
34
- return {
35
- rootDir,
36
- storagePath: path.join(rootDir, "bot-storage.json"),
37
- cryptoPath: path.join(rootDir, "crypto")
38
- };
39
- }
40
29
  function resolveMatrixAccountStorageRoot(params) {
41
30
  const accountKey = sanitizeMatrixPathSegment(params.accountId ?? DEFAULT_ACCOUNT_ID);
42
31
  const userKey = sanitizeMatrixPathSegment(params.userId);
@@ -49,4 +38,4 @@ function resolveMatrixAccountStorageRoot(params) {
49
38
  };
50
39
  }
51
40
  //#endregion
52
- export { resolveMatrixCredentialsPath as a, resolveMatrixLegacyFlatStoreRoot as c, resolveMatrixCredentialsFilename as i, sanitizeMatrixPathSegment as l, resolveMatrixAccountStorageRoot as n, resolveMatrixHomeserverKey as o, resolveMatrixCredentialsDir as r, resolveMatrixLegacyFlatStoragePaths as s, hashMatrixAccessToken as t };
41
+ export { resolveMatrixCredentialsPath as a, resolveMatrixCredentialsFilename as i, resolveMatrixAccountStorageRoot as n, resolveMatrixHomeserverKey as o, resolveMatrixCredentialsDir as r, sanitizeMatrixPathSegment as s, hashMatrixAccessToken as t };
@@ -1,14 +1,13 @@
1
1
  import { t as getMatrixRuntime } from "./runtime-6S3DNFNv.js";
2
2
  import { a as listBindingsForAccount, c as resolveBindingKey, f as setMatrixThreadBindingManagerEntry, h as toSessionBindingRecord, l as resolveEffectiveBindingExpiry, m as toMatrixBindingTargetKind, o as removeBindingRecord, r as getMatrixThreadBindingManagerEntry, t as deleteMatrixThreadBindingManagerEntry, u as setBindingRecord } from "./thread-bindings-shared-CKnY4LSd.js";
3
- import { O as resolveMatrixSqliteStateEnv, k as resolveMatrixSqliteStateKey } from "./crypto-state-store-Jy3qwhdy.js";
4
- import { c as resolveMatrixStateFilePath, t as claimCurrentTokenStorageState } from "./storage-CQdyKcGg.js";
5
- import { a as sendMessageMatrix } from "./send-D92v6Yy0.js";
3
+ import { M as resolveMatrixSqliteStateEnv, N as resolveMatrixSqliteStateKey, c as resolveMatrixStateFilePath, t as claimCurrentTokenStorageState } from "./storage-DD-EnNJE.js";
4
+ import { a as sendMessageMatrix } from "./send-yre1krm8.js";
6
5
  import { normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime";
7
6
  import path from "node:path";
8
7
  import { createHash } from "node:crypto";
9
8
  import { registerSessionBindingAdapter, resolveThreadBindingFarewellText, unregisterSessionBindingAdapter } from "openclaw/plugin-sdk/thread-bindings-session-runtime";
10
- import { readJsonFileWithFallback } from "openclaw/plugin-sdk/json-store";
11
9
  import fs from "node:fs/promises";
10
+ import { readJsonFileWithFallback } from "openclaw/plugin-sdk/json-store";
12
11
  import { resolveAgentIdFromSessionKey } from "openclaw/plugin-sdk/session-key-runtime";
13
12
  //#region extensions/matrix/src/matrix/thread-bindings.ts
14
13
  const STORE_VERSION = 1;
@@ -1,13 +1,17 @@
1
- import { a as resolveMatrixAccountConfig } from "./account-config-BZWN9tGS.js";
2
- import "./setup-core-BGgbrdaJ.js";
3
- import { E as parsePollStart, T as isPollStartType, b as buildPollResponseContent, i as reactMatrixMessage, u as resolveMatrixRoomId } from "./send-D92v6Yy0.js";
1
+ import { a as resolveMatrixAccountConfig, o as resolveMatrixBaseConfig } from "./account-config-BZWN9tGS.js";
2
+ import { g as resolveMatrixAccount } from "./setup-core-CYQRY2oG.js";
3
+ import { r as resolveMatrixRoomConfig } from "./channel-B1woOUgk.js";
4
+ import { r as normalizeMatrixResolvableTarget } from "./target-ids-B-5aQxwn.js";
5
+ import { E as parsePollStart, T as isPollStartType, _ as readJoinedMatrixMembers, b as buildPollResponseContent, g as isStrictDirectMembership, h as hasDirectMatrixMemberFlag, i as reactMatrixMessage, u as resolveMatrixRoomId } from "./send-yre1krm8.js";
4
6
  import { i as buildMatrixReactionRelationsPath, o as selectOwnMatrixReactionEventIds, s as summarizeMatrixReactionEvents } from "./reaction-common-DkrQdBSZ.js";
5
- import { n as withResolvedActionClient, r as withResolvedRoomAction } from "./client-FRuyCNju.js";
6
- import { a as fetchEventSummary, c as resolveMatrixActionLimit, i as sendMatrixMessage, n as editMatrixMessage, o as readPinnedEvents, r as readMatrixMessages, s as EventType, t as deleteMatrixMessage } from "./messages-DRKkiEY-.js";
7
- import { a as jsonResult, c as readStringArrayParam, l as readStringParam, o as readPositiveIntegerParam, r as createActionGate, s as readReactionParams } from "./runtime-api-CsBoesCU.js";
8
- import { t as applyMatrixProfileUpdate } from "./profile-update-Ucc8RrJL.js";
9
- import { _ as scanMatrixVerificationQr, a as confirmMatrixVerificationSas, b as verifyMatrixRecoveryKey, c as getMatrixRoomKeyBackupStatus, d as listMatrixVerifications, f as mismatchMatrixVerificationSas, h as restoreMatrixRoomKeyBackup, i as confirmMatrixVerificationReciprocateQr, l as getMatrixVerificationSas, n as bootstrapMatrixVerification, o as generateMatrixVerificationQr, p as requestMatrixVerification, r as cancelMatrixVerification, s as getMatrixEncryptionStatus, t as acceptMatrixVerification, u as getMatrixVerificationStatus, v as startMatrixVerification } from "./verification-BGCMiO1p.js";
7
+ import { n as withResolvedActionClient, r as withResolvedRoomAction } from "./client-BUai6s29.js";
8
+ import { a as fetchEventSummary, c as resolveMatrixActionLimit, i as sendMatrixMessage, n as editMatrixMessage, o as readPinnedEvents, r as readMatrixMessages, s as EventType, t as deleteMatrixMessage } from "./messages-DCRbGLMh.js";
9
+ import { c as readReactionParams, d as resolveAllowlistProviderRuntimeGroupPolicy, f as resolveDefaultGroupPolicy, i as createActionGate, l as readStringArrayParam, n as ToolAuthorizationError, o as jsonResult, s as readPositiveIntegerParam, u as readStringParam } from "./runtime-api-D1xI_cvh.js";
10
+ import { t as applyMatrixProfileUpdate } from "./profile-update-DompcDyu.js";
11
+ import { _ as scanMatrixVerificationQr, a as confirmMatrixVerificationSas, b as verifyMatrixRecoveryKey, c as getMatrixRoomKeyBackupStatus, d as listMatrixVerifications, f as mismatchMatrixVerificationSas, h as restoreMatrixRoomKeyBackup, i as confirmMatrixVerificationReciprocateQr, l as getMatrixVerificationSas, n as bootstrapMatrixVerification, o as generateMatrixVerificationQr, p as requestMatrixVerification, r as cancelMatrixVerification, s as getMatrixEncryptionStatus, t as acceptMatrixVerification, u as getMatrixVerificationStatus, v as startMatrixVerification } from "./verification-CGnI9k1O.js";
12
+ import { t as createMatrixRoomInfoResolver } from "./room-info-B6vKD5DF.js";
10
13
  import { normalizeOptionalLowercaseString, uniqueStrings, uniqueValues } from "openclaw/plugin-sdk/string-coerce-runtime";
14
+ import { normalizeAccountId } from "openclaw/plugin-sdk/account-id";
11
15
  //#region extensions/matrix/src/matrix/actions/polls.ts
12
16
  function normalizeOptionIndexes(indexes) {
13
17
  return uniqueValues(indexes.map((index) => Math.trunc(index)).filter((index) => Number.isFinite(index) && index > 0));
@@ -116,9 +120,10 @@ async function listMatrixPins(roomId, opts = {}) {
116
120
  }
117
121
  //#endregion
118
122
  //#region extensions/matrix/src/matrix/actions/room.ts
119
- async function getMatrixMemberInfo(userId, opts = {}) {
123
+ async function getMatrixMemberInfo(userId, opts) {
120
124
  return await withResolvedActionClient(opts, async (client) => {
121
- const roomId = opts.roomId ? await resolveMatrixRoomId(client, opts.roomId) : void 0;
125
+ const roomId = await resolveMatrixRoomId(client, opts.roomId);
126
+ if (!(await client.getJoinedRoomMembers(roomId)).includes(userId)) throw new Error(`User ${userId} is not a member of room ${roomId}`);
122
127
  const profile = await client.getUserProfile(userId);
123
128
  return {
124
129
  userId,
@@ -129,7 +134,7 @@ async function getMatrixMemberInfo(userId, opts = {}) {
129
134
  membership: null,
130
135
  powerLevel: null,
131
136
  displayName: profile?.displayname ?? null,
132
- roomId: roomId ?? null
137
+ roomId
133
138
  };
134
139
  });
135
140
  }
@@ -165,6 +170,126 @@ async function getMatrixRoomInfo(roomId, opts = {}) {
165
170
  });
166
171
  }
167
172
  //#endregion
173
+ //#region extensions/matrix/src/matrix/read-policy.ts
174
+ function normalizeRoomId(raw) {
175
+ return raw?.trim().replace(/^room:/i, "") ?? "";
176
+ }
177
+ function isCurrentRoom(params) {
178
+ return params.context?.currentChannelProvider?.trim().toLowerCase() === "matrix" && params.context.requesterAccountId?.trim() === params.accountId && normalizeRoomId(params.context.currentChannelId) === normalizeRoomId(params.roomId);
179
+ }
180
+ function includesEntry(entries, value) {
181
+ const normalized = value.trim().toLowerCase();
182
+ return (entries ?? []).some((entry) => {
183
+ const candidate = String(entry).replace(/^matrix:/i, "").trim().toLowerCase();
184
+ return candidate === "*" || candidate === normalized;
185
+ });
186
+ }
187
+ function hasWildcardEntry(entries) {
188
+ return (entries ?? []).some((entry) => String(entry).replace(/^matrix:/i, "").trim() === "*");
189
+ }
190
+ function resolveMatrixReadRoomPolicy(params) {
191
+ const room = resolveMatrixRoomConfig({
192
+ rooms: params.account.config.groups ?? params.account.config.rooms,
193
+ roomId: params.roomId,
194
+ aliases: params.aliases
195
+ });
196
+ const baseRoom = resolveMatrixRoomConfig({
197
+ rooms: params.baseConfig.groups ?? params.baseConfig.rooms,
198
+ roomId: params.roomId,
199
+ aliases: params.aliases
200
+ });
201
+ const baseRoomAccount = baseRoom.config?.account;
202
+ const explicitlyScopedToAnotherAccount = room.config === void 0 && baseRoom.matchSource === "direct" && typeof baseRoomAccount === "string" && normalizeAccountId(baseRoomAccount) !== params.account.accountId;
203
+ const accountMatches = !room.config?.account || room.config.account === params.account.accountId;
204
+ const configuredRoomBlocked = room.config !== void 0 && (!room.allowed || !accountMatches);
205
+ return {
206
+ blocked: explicitlyScopedToAnotherAccount || configuredRoomBlocked,
207
+ blockedBeforeProviderAccess: explicitlyScopedToAnotherAccount || room.matchSource === "direct" && configuredRoomBlocked,
208
+ room
209
+ };
210
+ }
211
+ async function classifyMatrixReadRoom(params) {
212
+ const members = await readJoinedMatrixMembers(params.client, params.roomId);
213
+ if (!members) return { kind: "unknown" };
214
+ if (members.length >= 3) return { kind: "group" };
215
+ if (members.length !== 2) return { kind: "unknown" };
216
+ const selfUserId = await params.client.getUserId().catch(() => null);
217
+ if (!selfUserId || !members.includes(selfUserId)) return { kind: "unknown" };
218
+ const remoteUserId = members.find((member) => member !== selfUserId);
219
+ if (!isStrictDirectMembership({
220
+ selfUserId,
221
+ remoteUserId,
222
+ joinedMembers: members
223
+ }) || !remoteUserId) return { kind: "unknown" };
224
+ const memberStateFlag = await hasDirectMatrixMemberFlag(params.client, params.roomId, selfUserId);
225
+ await params.client.dms.update().catch(() => false);
226
+ if (memberStateFlag === true || params.client.dms.isDm(params.roomId)) return {
227
+ kind: "direct",
228
+ remoteUserId
229
+ };
230
+ return memberStateFlag === false ? { kind: "group" } : { kind: "unknown" };
231
+ }
232
+ async function withAuthorizedMatrixReadTarget(params) {
233
+ const account = resolveMatrixAccount({
234
+ cfg: params.cfg,
235
+ accountId: params.accountId
236
+ });
237
+ const baseConfig = resolveMatrixBaseConfig(params.cfg);
238
+ if (resolveMatrixReadRoomPolicy({
239
+ account,
240
+ baseConfig,
241
+ roomId: normalizeMatrixResolvableTarget(params.roomId),
242
+ aliases: []
243
+ }).blockedBeforeProviderAccess) throw new ToolAuthorizationError("Matrix read target is not allowed.");
244
+ return await withResolvedActionClient(params.opts, async (client) => {
245
+ const roomId = await resolveMatrixRoomId(client, params.roomId);
246
+ const inputAlias = params.roomId.trim().startsWith("#") ? params.roomId.trim() : void 0;
247
+ const { getRoomInfo } = createMatrixRoomInfoResolver(client);
248
+ const roomInfo = await getRoomInfo(roomId, { includeAliases: true });
249
+ const mutableRoomName = account.config.dangerouslyAllowNameMatching === true ? roomInfo.name : void 0;
250
+ const aliases = [
251
+ inputAlias,
252
+ roomInfo.canonicalAlias,
253
+ ...roomInfo.altAliases,
254
+ mutableRoomName
255
+ ].filter((value) => Boolean(value));
256
+ const finalPolicy = resolveMatrixReadRoomPolicy({
257
+ account,
258
+ baseConfig,
259
+ roomId,
260
+ aliases
261
+ });
262
+ const room = finalPolicy.room;
263
+ const current = isCurrentRoom({
264
+ accountId: account.accountId,
265
+ context: params.context,
266
+ roomId
267
+ });
268
+ const currentChatType = params.context?.currentChatType?.trim().toLowerCase();
269
+ const trustedCurrentClassification = currentChatType === "direct" ? {
270
+ kind: "direct",
271
+ remoteUserId: ""
272
+ } : currentChatType === "group" || currentChatType === "channel" ? { kind: "group" } : null;
273
+ const classification = room.matchSource === "direct" ? { kind: "group" } : current && trustedCurrentClassification ? trustedCurrentClassification : await classifyMatrixReadRoom({
274
+ client,
275
+ roomId
276
+ });
277
+ const resolvedGroupPolicy = resolveAllowlistProviderRuntimeGroupPolicy({
278
+ providerConfigPresent: params.cfg.channels?.matrix !== void 0,
279
+ groupPolicy: account.config.groupPolicy,
280
+ defaultGroupPolicy: resolveDefaultGroupPolicy(params.cfg)
281
+ }).groupPolicy;
282
+ const groupPolicy = account.config.allowlistOnly && resolvedGroupPolicy === "open" ? "allowlist" : resolvedGroupPolicy;
283
+ const dmPolicy = account.config.allowlistOnly ? account.config.dm?.policy === "disabled" ? "disabled" : "allowlist" : account.config.dm?.policy ?? "pairing";
284
+ const directOperator = params.context?.conversationReadOrigin === "direct-operator";
285
+ if (!(finalPolicy.blocked ? false : directOperator ? classification.kind === "direct" ? account.config.dm?.enabled !== false && dmPolicy !== "disabled" : classification.kind === "group" ? groupPolicy !== "disabled" : groupPolicy !== "disabled" && dmPolicy !== "disabled" && account.config.dm?.enabled !== false : classification.kind === "direct" ? account.config.dm?.enabled !== false && dmPolicy !== "disabled" && (current || includesEntry(account.config.dm?.allowFrom, classification.remoteUserId)) : classification.kind === "group" ? groupPolicy !== "disabled" && (current || groupPolicy === "open" || room.config !== void 0) : current ? groupPolicy !== "disabled" && dmPolicy !== "disabled" && account.config.dm?.enabled !== false : groupPolicy === "open" && dmPolicy !== "disabled" && account.config.dm?.enabled !== false && hasWildcardEntry(account.config.dm?.allowFrom))) throw new ToolAuthorizationError("Matrix read target is not allowed.");
286
+ return await params.run({
287
+ client,
288
+ roomId
289
+ });
290
+ });
291
+ }
292
+ //#endregion
168
293
  //#region extensions/matrix/src/tool-actions.ts
169
294
  const messageActions = /* @__PURE__ */ new Set([
170
295
  "sendMessage",
@@ -247,6 +372,14 @@ async function handleMatrixAction(params, cfg, opts = {}) {
247
372
  cfg,
248
373
  ...accountId ? { accountId } : {}
249
374
  };
375
+ const withReadTarget = async (roomId, run) => await withAuthorizedMatrixReadTarget({
376
+ cfg,
377
+ accountId,
378
+ roomId,
379
+ context: opts.readContext,
380
+ opts: clientOpts,
381
+ run
382
+ });
250
383
  if (reactionActions.has(action)) {
251
384
  if (!isActionEnabled("reactions")) throw new Error("Matrix reactions are disabled.");
252
385
  const roomId = readRoomId(params);
@@ -255,12 +388,20 @@ async function handleMatrixAction(params, cfg, opts = {}) {
255
388
  const { emoji, remove, isEmpty } = readReactionParams(params, { removeErrorMessage: "Emoji is required to remove a Matrix reaction." });
256
389
  if (remove || isEmpty) return jsonResult({
257
390
  ok: true,
258
- removed: (await removeMatrixReactions(roomId, messageId, {
259
- ...clientOpts,
260
- emoji: remove ? emoji : void 0
391
+ removed: (await withReadTarget(roomId, async (target) => {
392
+ return await removeMatrixReactions(target.roomId, messageId, {
393
+ ...clientOpts,
394
+ client: target.client,
395
+ emoji: remove ? emoji : void 0
396
+ });
261
397
  })).removed
262
398
  });
263
- await reactMatrixMessage(roomId, messageId, emoji, clientOpts);
399
+ await withReadTarget(roomId, async (target) => {
400
+ await reactMatrixMessage(target.roomId, messageId, emoji, {
401
+ ...clientOpts,
402
+ client: target.client
403
+ });
404
+ });
264
405
  return jsonResult({
265
406
  ok: true,
266
407
  added: emoji
@@ -269,9 +410,12 @@ async function handleMatrixAction(params, cfg, opts = {}) {
269
410
  const limit = readPositiveIntegerParam(params, "limit", { message: "limit must be a positive integer." });
270
411
  return jsonResult({
271
412
  ok: true,
272
- reactions: await listMatrixReactions(roomId, messageId, {
273
- ...clientOpts,
274
- limit: limit ?? void 0
413
+ reactions: await withReadTarget(roomId, async (target) => {
414
+ return await listMatrixReactions(target.roomId, messageId, {
415
+ ...clientOpts,
416
+ client: target.client,
417
+ limit: limit ?? void 0
418
+ });
275
419
  })
276
420
  });
277
421
  }
@@ -285,10 +429,13 @@ async function handleMatrixAction(params, cfg, opts = {}) {
285
429
  const optionIndexes = [...readPositiveIntegerArrayParam(params, "pollOptionIndexes"), ...optionIndex !== void 0 ? [optionIndex] : []];
286
430
  return jsonResult({
287
431
  ok: true,
288
- result: await voteMatrixPoll(roomId, pollId, {
289
- ...clientOpts,
290
- optionIds,
291
- optionIndexes
432
+ result: await withReadTarget(roomId, async (target) => {
433
+ return await voteMatrixPoll(target.roomId, pollId, {
434
+ ...clientOpts,
435
+ client: target.client,
436
+ optionIds,
437
+ optionIndexes
438
+ });
292
439
  })
293
440
  });
294
441
  }
@@ -317,19 +464,36 @@ async function handleMatrixAction(params, cfg, opts = {}) {
317
464
  })
318
465
  });
319
466
  }
320
- case "editMessage": return jsonResult({
321
- ok: true,
322
- result: await editMatrixMessage(readRoomId(params), readStringParam(params, "messageId", { required: true }), readStringParam(params, "content", { required: true }), clientOpts)
323
- });
324
- case "deleteMessage":
325
- await deleteMatrixMessage(readRoomId(params), readStringParam(params, "messageId", { required: true }), {
326
- reason: readStringParam(params, "reason") ?? void 0,
327
- ...clientOpts
467
+ case "editMessage": {
468
+ const roomId = readRoomId(params);
469
+ const messageId = readStringParam(params, "messageId", { required: true });
470
+ const content = readStringParam(params, "content", { required: true });
471
+ return jsonResult({
472
+ ok: true,
473
+ result: await withReadTarget(roomId, async (target) => {
474
+ return await editMatrixMessage(target.roomId, messageId, content, {
475
+ ...clientOpts,
476
+ client: target.client
477
+ });
478
+ })
479
+ });
480
+ }
481
+ case "deleteMessage": {
482
+ const roomId = readRoomId(params);
483
+ const messageId = readStringParam(params, "messageId", { required: true });
484
+ const reason = readStringParam(params, "reason");
485
+ await withReadTarget(roomId, async (target) => {
486
+ await deleteMatrixMessage(target.roomId, messageId, {
487
+ reason: reason ?? void 0,
488
+ ...clientOpts,
489
+ client: target.client
490
+ });
328
491
  });
329
492
  return jsonResult({
330
493
  ok: true,
331
494
  deleted: true
332
495
  });
496
+ }
333
497
  case "readMessages": {
334
498
  const roomId = readRoomId(params);
335
499
  const limit = readPositiveIntegerParam(params, "limit", { message: "limit must be a positive integer." });
@@ -338,12 +502,19 @@ async function handleMatrixAction(params, cfg, opts = {}) {
338
502
  const threadId = readStringParam(params, "threadId");
339
503
  return jsonResult({
340
504
  ok: true,
341
- ...await readMatrixMessages(roomId, {
342
- limit: limit ?? void 0,
343
- before: before ?? void 0,
344
- after: after ?? void 0,
345
- threadId: threadId ?? void 0,
346
- ...clientOpts
505
+ ...await withReadTarget(roomId, async (target) => {
506
+ return {
507
+ ...await readMatrixMessages(target.roomId, {
508
+ limit: limit ?? void 0,
509
+ before: before ?? void 0,
510
+ after: after ?? void 0,
511
+ threadId: threadId ?? void 0,
512
+ ...clientOpts,
513
+ client: target.client
514
+ }),
515
+ roomId: target.roomId,
516
+ ...threadId ? { threadId } : {}
517
+ };
347
518
  })
348
519
  });
349
520
  }
@@ -353,19 +524,32 @@ async function handleMatrixAction(params, cfg, opts = {}) {
353
524
  if (pinActions.has(action)) {
354
525
  if (!isActionEnabled("pins")) throw new Error("Matrix pins are disabled.");
355
526
  const roomId = readRoomId(params);
356
- if (action === "pinMessage") return jsonResult({
357
- ok: true,
358
- pinned: (await pinMatrixMessage(roomId, readStringParam(params, "messageId", { required: true }), clientOpts)).pinned
359
- });
360
- if (action === "unpinMessage") return jsonResult({
361
- ok: true,
362
- pinned: (await unpinMatrixMessage(roomId, readStringParam(params, "messageId", { required: true }), clientOpts)).pinned
363
- });
364
- const result = await listMatrixPins(roomId, clientOpts);
365
- return jsonResult({
366
- ok: true,
367
- pinned: result.pinned,
368
- events: result.events
527
+ const request = action === "pinMessage" ? {
528
+ kind: "pin",
529
+ messageId: readStringParam(params, "messageId", { required: true })
530
+ } : action === "unpinMessage" ? {
531
+ kind: "unpin",
532
+ messageId: readStringParam(params, "messageId", { required: true })
533
+ } : { kind: "list" };
534
+ return await withReadTarget(roomId, async (target) => {
535
+ const actionOpts = {
536
+ ...clientOpts,
537
+ client: target.client
538
+ };
539
+ if (request.kind === "pin") return jsonResult({
540
+ ok: true,
541
+ pinned: (await pinMatrixMessage(target.roomId, request.messageId, actionOpts)).pinned
542
+ });
543
+ if (request.kind === "unpin") return jsonResult({
544
+ ok: true,
545
+ pinned: (await unpinMatrixMessage(target.roomId, request.messageId, actionOpts)).pinned
546
+ });
547
+ const result = await listMatrixPins(target.roomId, actionOpts);
548
+ return jsonResult({
549
+ ok: true,
550
+ pinned: result.pinned,
551
+ events: result.events
552
+ });
369
553
  });
370
554
  }
371
555
  if (profileActions.has(action)) {
@@ -385,11 +569,15 @@ async function handleMatrixAction(params, cfg, opts = {}) {
385
569
  }
386
570
  if (action === "memberInfo") {
387
571
  if (!isActionEnabled("memberInfo")) throw new Error("Matrix member info is disabled.");
572
+ const userId = readStringParam(params, "userId", { required: true });
388
573
  return jsonResult({
389
574
  ok: true,
390
- member: await getMatrixMemberInfo(readStringParam(params, "userId", { required: true }), {
391
- roomId: readStringParam(params, "roomId") ?? readStringParam(params, "channelId") ?? void 0,
392
- ...clientOpts
575
+ member: await withReadTarget(readRoomId(params), async (target) => {
576
+ return await getMatrixMemberInfo(userId, {
577
+ roomId: target.roomId,
578
+ ...clientOpts,
579
+ client: target.client
580
+ });
393
581
  })
394
582
  });
395
583
  }
@@ -397,7 +585,12 @@ async function handleMatrixAction(params, cfg, opts = {}) {
397
585
  if (!isActionEnabled("channelInfo")) throw new Error("Matrix room info is disabled.");
398
586
  return jsonResult({
399
587
  ok: true,
400
- room: await getMatrixRoomInfo(readRoomId(params), clientOpts)
588
+ room: await withReadTarget(readRoomId(params), async (target) => {
589
+ return await getMatrixRoomInfo(target.roomId, {
590
+ ...clientOpts,
591
+ client: target.client
592
+ });
593
+ })
401
594
  });
402
595
  }
403
596
  if (verificationActions.has(action)) {
@@ -1,6 +1,6 @@
1
1
  import { t as __exportAll } from "./rolldown-runtime-8H4AJuhK.js";
2
- import { i as withStartedActionClient, n as withResolvedActionClient } from "./client-FRuyCNju.js";
3
- import { n as formatMatrixEncryptionUnavailableError } from "./encryption-guidance-D8walY04.js";
2
+ import { i as withStartedActionClient, n as withResolvedActionClient } from "./client-BUai6s29.js";
3
+ import { n as formatMatrixEncryptionUnavailableError } from "./encryption-guidance-BFfgq7c7.js";
4
4
  import { normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime";
5
5
  import { requireRuntimeConfig } from "openclaw/plugin-sdk/plugin-config-runtime";
6
6
  import { setTimeout } from "node:timers/promises";
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "@openclaw/matrix",
3
- "version": "2026.7.1",
3
+ "version": "2026.7.2-beta.2",
4
4
  "lockfileVersion": 3,
5
5
  "requires": true,
6
6
  "packages": {
7
7
  "": {
8
8
  "name": "@openclaw/matrix",
9
- "version": "2026.7.1",
9
+ "version": "2026.7.2-beta.2",
10
10
  "dependencies": {
11
11
  "@matrix-org/matrix-sdk-crypto-nodejs": "0.6.1",
12
12
  "@matrix-org/matrix-sdk-crypto-wasm": "18.3.1",
@@ -18,7 +18,7 @@
18
18
  "zod": "4.4.3"
19
19
  },
20
20
  "peerDependencies": {
21
- "openclaw": ">=2026.7.1"
21
+ "openclaw": ">=2026.7.2-beta.2"
22
22
  },
23
23
  "peerDependenciesMeta": {
24
24
  "openclaw": {