@openclaw/nextcloud-talk 2026.3.1 → 2026.3.7

package/src/monitor.backend.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it, vi } from "vitest";
+import { createSignedCreateMessageRequest } from "./monitor.test-fixtures.js";
 import { startWebhookServer } from "./monitor.test-harness.js";
-import { generateNextcloudTalkSignature } from "./signature.js";
 
 describe("createNextcloudTalkWebhookServer backend allowlist", () => {
   it("rejects requests from unexpected backend origins", async () => {
@@ -11,31 +11,12 @@ describe("createNextcloudTalkWebhookServer backend allowlist", () => {
       onMessage,
     });
 
-    const payload = {
-      type: "Create",
-      actor: { type: "Person", id: "alice", name: "Alice" },
-      object: {
-        type: "Note",
-        id: "msg-1",
-        name: "hello",
-        content: "hello",
-        mediaType: "text/plain",
-      },
-      target: { type: "Collection", id: "room-1", name: "Room 1" },
-    };
-    const body = JSON.stringify(payload);
-    const { random, signature } = generateNextcloudTalkSignature({
-      body,
-      secret: "nextcloud-secret",
+    const { body, headers } = createSignedCreateMessageRequest({
+      backend: "https://nextcloud.unexpected",
     });
     const response = await fetch(harness.webhookUrl, {
       method: "POST",
-      headers: {
-        "content-type": "application/json",
-        "x-nextcloud-talk-random": random,
-        "x-nextcloud-talk-signature": signature,
-        "x-nextcloud-talk-backend": "https://nextcloud.unexpected",
-      },
+      headers,
       body,
     });
 

package/src/monitor.replay.test.ts

@@ -1,15 +1,8 @@
 import { describe, expect, it, vi } from "vitest";
+import { createSignedCreateMessageRequest } from "./monitor.test-fixtures.js";
 import { startWebhookServer } from "./monitor.test-harness.js";
-import { generateNextcloudTalkSignature } from "./signature.js";
 import type { NextcloudTalkInboundMessage } from "./types.js";
 
-function createSignedRequest(body: string): { random: string; signature: string } {
-  return generateNextcloudTalkSignature({
-    body,
-    secret: "nextcloud-secret",
-  });
-}
-
 describe("createNextcloudTalkWebhookServer replay handling", () => {
   it("acknowledges replayed requests and skips onMessage side effects", async () => {
     const seen = new Set<string>();
@@ -27,26 +20,7 @@ describe("createNextcloudTalkWebhookServer replay handling", () => {
       onMessage,
     });
 
-    const payload = {
-      type: "Create",
-      actor: { type: "Person", id: "alice", name: "Alice" },
-      object: {
-        type: "Note",
-        id: "msg-1",
-        name: "hello",
-        content: "hello",
-        mediaType: "text/plain",
-      },
-      target: { type: "Collection", id: "room-1", name: "Room 1" },
-    };
-    const body = JSON.stringify(payload);
-    const { random, signature } = createSignedRequest(body);
-    const headers = {
-      "content-type": "application/json",
-      "x-nextcloud-talk-random": random,
-      "x-nextcloud-talk-signature": signature,
-      "x-nextcloud-talk-backend": "https://nextcloud.example",
-    };
+    const { body, headers } = createSignedCreateMessageRequest();
 
     const first = await fetch(harness.webhookUrl, {
       method: "POST",

package/src/monitor.test-fixtures.ts

@@ -0,0 +1,30 @@
+import { generateNextcloudTalkSignature } from "./signature.js";
+
+export function createSignedCreateMessageRequest(params?: { backend?: string }) {
+  const payload = {
+    type: "Create",
+    actor: { type: "Person", id: "alice", name: "Alice" },
+    object: {
+      type: "Note",
+      id: "msg-1",
+      name: "hello",
+      content: "hello",
+      mediaType: "text/plain",
+    },
+    target: { type: "Collection", id: "room-1", name: "Room 1" },
+  };
+  const body = JSON.stringify(payload);
+  const { random, signature } = generateNextcloudTalkSignature({
+    body,
+    secret: "nextcloud-secret", // pragma: allowlist secret
+  });
+  return {
+    body,
+    headers: {
+      "content-type": "application/json",
+      "x-nextcloud-talk-random": random,
+      "x-nextcloud-talk-signature": signature,
+      "x-nextcloud-talk-backend": params?.backend ?? "https://nextcloud.example",
+    },
+  };
+}

package/src/monitor.ts

@@ -6,7 +6,7 @@ import {
   isRequestBodyLimitError,
   readRequestBodyWithLimit,
   requestBodyErrorToText,
-} from "openclaw/plugin-sdk";
+} from "openclaw/plugin-sdk/nextcloud-talk";
 import { resolveNextcloudTalkAccount } from "./accounts.js";
 import { handleNextcloudTalkInbound } from "./inbound.js";
 import { createNextcloudTalkReplayGuard } from "./replay-guard.js";

package/src/onboarding.ts

@@ -1,15 +1,20 @@
 import {
-  addWildcardAllowFrom,
+  buildSingleChannelSecretPromptState,
   formatDocsLink,
+  hasConfiguredSecretInput,
+  mapAllowFromEntries,
   mergeAllowFromEntries,
-  promptAccountId,
+  promptSingleChannelSecretInput,
+  resolveAccountIdForConfigure,
   DEFAULT_ACCOUNT_ID,
   normalizeAccountId,
+  setTopLevelChannelDmPolicyWithAllowFrom,
+  type SecretInput,
   type ChannelOnboardingAdapter,
   type ChannelOnboardingDmPolicy,
   type OpenClawConfig,
   type WizardPrompter,
-} from "openclaw/plugin-sdk";
+} from "openclaw/plugin-sdk/nextcloud-talk";
 import {
   listNextcloudTalkAccountIds,
   resolveDefaultNextcloudTalkAccountId,
@@ -20,24 +25,52 @@ import type { CoreConfig, DmPolicy } from "./types.js";
 const channel = "nextcloud-talk" as const;
 
 function setNextcloudTalkDmPolicy(cfg: CoreConfig, dmPolicy: DmPolicy): CoreConfig {
-  const existingConfig = cfg.channels?.["nextcloud-talk"];
-  const existingAllowFrom: string[] = (existingConfig?.allowFrom ?? []).map((x) => String(x));
-  const allowFrom: string[] =
-    dmPolicy === "open" ? (addWildcardAllowFrom(existingAllowFrom) as string[]) : existingAllowFrom;
-
-  const newNextcloudTalkConfig = {
-    ...existingConfig,
+  return setTopLevelChannelDmPolicyWithAllowFrom({
+    cfg,
+    channel: "nextcloud-talk",
     dmPolicy,
-    allowFrom,
-  };
+    getAllowFrom: (inputCfg) =>
+      mapAllowFromEntries(inputCfg.channels?.["nextcloud-talk"]?.allowFrom),
+  }) as CoreConfig;
+}
+
+function setNextcloudTalkAccountConfig(
+  cfg: CoreConfig,
+  accountId: string,
+  updates: Record<string, unknown>,
+): CoreConfig {
+  if (accountId === DEFAULT_ACCOUNT_ID) {
+    return {
+      ...cfg,
+      channels: {
+        ...cfg.channels,
+        "nextcloud-talk": {
+          ...cfg.channels?.["nextcloud-talk"],
+          enabled: true,
+          ...updates,
+        },
+      },
+    };
+  }
 
   return {
     ...cfg,
     channels: {
       ...cfg.channels,
-      "nextcloud-talk": newNextcloudTalkConfig,
+      "nextcloud-talk": {
+        ...cfg.channels?.["nextcloud-talk"],
+        enabled: true,
+        accounts: {
+          ...cfg.channels?.["nextcloud-talk"]?.accounts,
+          [accountId]: {
+            ...cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId],
+            enabled: cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true,
+            ...updates,
+          },
+        },
+      },
     },
-  } as CoreConfig;
+  };
 }
 
 async function noteNextcloudTalkSecretHelp(prompter: WizardPrompter): Promise<void> {
@@ -102,40 +135,10 @@ async function promptNextcloudTalkAllowFrom(params: {
   ];
   const unique = mergeAllowFromEntries(undefined, merged);
 
-  if (accountId === DEFAULT_ACCOUNT_ID) {
-    return {
-      ...cfg,
-      channels: {
-        ...cfg.channels,
-        "nextcloud-talk": {
-          ...cfg.channels?.["nextcloud-talk"],
-          enabled: true,
-          dmPolicy: "allowlist",
-          allowFrom: unique,
-        },
-      },
-    };
-  }
-
-  return {
-    ...cfg,
-    channels: {
-      ...cfg.channels,
-      "nextcloud-talk": {
-        ...cfg.channels?.["nextcloud-talk"],
-        enabled: true,
-        accounts: {
-          ...cfg.channels?.["nextcloud-talk"]?.accounts,
-          [accountId]: {
-            ...cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId],
-            enabled: cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true,
-            dmPolicy: "allowlist",
-            allowFrom: unique,
-          },
-        },
-      },
-    },
-  };
+  return setNextcloudTalkAccountConfig(cfg, accountId, {
+    dmPolicy: "allowlist",
+    allowFrom: unique,
+  });
 }
 
 async function promptNextcloudTalkAllowFromForAccount(params: {
@@ -190,22 +193,16 @@ export const nextcloudTalkOnboardingAdapter: ChannelOnboardingAdapter = {
     shouldPromptAccountIds,
     forceAllowFrom,
   }) => {
-    const nextcloudTalkOverride = accountOverrides["nextcloud-talk"]?.trim();
     const defaultAccountId = resolveDefaultNextcloudTalkAccountId(cfg as CoreConfig);
-    let accountId = nextcloudTalkOverride
-      ? normalizeAccountId(nextcloudTalkOverride)
-      : defaultAccountId;
-
-    if (shouldPromptAccountIds && !nextcloudTalkOverride) {
-      accountId = await promptAccountId({
-        cfg: cfg as CoreConfig,
-        prompter,
-        label: "Nextcloud Talk",
-        currentId: accountId,
-        listAccountIds: listNextcloudTalkAccountIds as (cfg: OpenClawConfig) => string[],
-        defaultAccountId,
-      });
-    }
+    const accountId = await resolveAccountIdForConfigure({
+      cfg,
+      prompter,
+      label: "Nextcloud Talk",
+      accountOverride: accountOverrides["nextcloud-talk"],
+      shouldPromptAccountIds,
+      listAccountIds: listNextcloudTalkAccountIds as (cfg: OpenClawConfig) => string[],
+      defaultAccountId,
+    });
 
     let next = cfg as CoreConfig;
     const resolvedAccount = resolveNextcloudTalkAccount({
@@ -214,10 +211,16 @@ export const nextcloudTalkOnboardingAdapter: ChannelOnboardingAdapter = {
     });
     const accountConfigured = Boolean(resolvedAccount.secret && resolvedAccount.baseUrl);
     const allowEnv = accountId === DEFAULT_ACCOUNT_ID;
-    const canUseEnv = allowEnv && Boolean(process.env.NEXTCLOUD_TALK_BOT_SECRET?.trim());
     const hasConfigSecret = Boolean(
-      resolvedAccount.config.botSecret || resolvedAccount.config.botSecretFile,
+      hasConfiguredSecretInput(resolvedAccount.config.botSecret) ||
+      resolvedAccount.config.botSecretFile,
     );
+    const secretPromptState = buildSingleChannelSecretPromptState({
+      accountConfigured,
+      hasConfigToken: hasConfigSecret,
+      allowEnv,
+      envValue: process.env.NEXTCLOUD_TALK_BOT_SECRET,
+    });
 
     let baseUrl = resolvedAccount.baseUrl;
     if (!baseUrl) {
@@ -238,94 +241,72 @@ export const nextcloudTalkOnboardingAdapter: ChannelOnboardingAdapter = {
       ).trim();
     }
 
-    let secret: string | null = null;
+    let secret: SecretInput | null = null;
     if (!accountConfigured) {
       await noteNextcloudTalkSecretHelp(prompter);
     }
 
-    if (canUseEnv && !resolvedAccount.config.botSecret) {
-      const keepEnv = await prompter.confirm({
-        message: "NEXTCLOUD_TALK_BOT_SECRET detected. Use env var?",
-        initialValue: true,
-      });
-      if (keepEnv) {
-        next = {
-          ...next,
-          channels: {
-            ...next.channels,
-            "nextcloud-talk": {
-              ...next.channels?.["nextcloud-talk"],
-              enabled: true,
-              baseUrl,
-            },
-          },
-        };
-      } else {
-        secret = String(
-          await prompter.text({
-            message: "Enter Nextcloud Talk bot secret",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
-      }
-    } else if (hasConfigSecret) {
-      const keep = await prompter.confirm({
-        message: "Nextcloud Talk secret already configured. Keep it?",
-        initialValue: true,
+    const secretResult = await promptSingleChannelSecretInput({
+      cfg: next,
+      prompter,
+      providerHint: "nextcloud-talk",
+      credentialLabel: "bot secret",
+      accountConfigured: secretPromptState.accountConfigured,
+      canUseEnv: secretPromptState.canUseEnv,
+      hasConfigToken: secretPromptState.hasConfigToken,
+      envPrompt: "NEXTCLOUD_TALK_BOT_SECRET detected. Use env var?",
+      keepPrompt: "Nextcloud Talk bot secret already configured. Keep it?",
+      inputPrompt: "Enter Nextcloud Talk bot secret",
+      preferredEnvVar: "NEXTCLOUD_TALK_BOT_SECRET",
+    });
+    if (secretResult.action === "set") {
+      secret = secretResult.value;
+    }
+
+    if (secretResult.action === "use-env" || secret || baseUrl !== resolvedAccount.baseUrl) {
+      next = setNextcloudTalkAccountConfig(next, accountId, {
+        baseUrl,
+        ...(secret ? { botSecret: secret } : {}),
       });
-      if (!keep) {
-        secret = String(
-          await prompter.text({
-            message: "Enter Nextcloud Talk bot secret",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
-      }
-    } else {
-      secret = String(
+    }
+
+    const existingApiUser = resolvedAccount.config.apiUser?.trim();
+    const existingApiPasswordConfigured = Boolean(
+      hasConfiguredSecretInput(resolvedAccount.config.apiPassword) ||
+      resolvedAccount.config.apiPasswordFile,
+    );
+    const configureApiCredentials = await prompter.confirm({
+      message: "Configure optional Nextcloud Talk API credentials for room lookups?",
+      initialValue: Boolean(existingApiUser && existingApiPasswordConfigured),
+    });
+    if (configureApiCredentials) {
+      const apiUser = String(
         await prompter.text({
-          message: "Enter Nextcloud Talk bot secret",
-          validate: (value) => (value?.trim() ? undefined : "Required"),
+          message: "Nextcloud Talk API user",
+          initialValue: existingApiUser,
+          validate: (value) => (String(value ?? "").trim() ? undefined : "Required"),
         }),
       ).trim();
-    }
-
-    if (secret || baseUrl !== resolvedAccount.baseUrl) {
-      if (accountId === DEFAULT_ACCOUNT_ID) {
-        next = {
-          ...next,
-          channels: {
-            ...next.channels,
-            "nextcloud-talk": {
-              ...next.channels?.["nextcloud-talk"],
-              enabled: true,
-              baseUrl,
-              ...(secret ? { botSecret: secret } : {}),
-            },
-          },
-        };
-      } else {
-        next = {
-          ...next,
-          channels: {
-            ...next.channels,
-            "nextcloud-talk": {
-              ...next.channels?.["nextcloud-talk"],
-              enabled: true,
-              accounts: {
-                ...next.channels?.["nextcloud-talk"]?.accounts,
-                [accountId]: {
-                  ...next.channels?.["nextcloud-talk"]?.accounts?.[accountId],
-                  enabled:
-                    next.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true,
-                  baseUrl,
-                  ...(secret ? { botSecret: secret } : {}),
-                },
-              },
-            },
-          },
-        };
-      }
+      const apiPasswordResult = await promptSingleChannelSecretInput({
+        cfg: next,
+        prompter,
+        providerHint: "nextcloud-talk-api",
+        credentialLabel: "API password",
+        ...buildSingleChannelSecretPromptState({
+          accountConfigured: Boolean(existingApiUser && existingApiPasswordConfigured),
+          hasConfigToken: existingApiPasswordConfigured,
+          allowEnv: false,
+        }),
+        envPrompt: "",
+        keepPrompt: "Nextcloud Talk API password already configured. Keep it?",
+        inputPrompt: "Enter Nextcloud Talk API password",
+        preferredEnvVar: "NEXTCLOUD_TALK_API_PASSWORD",
+      });
+      const apiPassword = apiPasswordResult.action === "set" ? apiPasswordResult.value : undefined;
+      next = setNextcloudTalkAccountConfig(next, accountId, {
+        apiUser,
+        ...(apiPassword ? { apiPassword } : {}),
+      });
     }
 
     if (forceAllowFrom) {

package/src/policy.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { resolveNextcloudTalkAllowlistMatch } from "./policy.js";
+import { resolveNextcloudTalkAllowlistMatch, resolveNextcloudTalkGroupAllow } from "./policy.js";
 
 describe("nextcloud-talk policy", () => {
   describe("resolveNextcloudTalkAllowlistMatch", () => {
@@ -30,4 +30,109 @@ describe("nextcloud-talk policy", () => {
       ).toBe(false);
     });
   });
+
+  describe("resolveNextcloudTalkGroupAllow", () => {
+    it("blocks disabled policy", () => {
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "disabled",
+          outerAllowFrom: ["owner"],
+          innerAllowFrom: ["room-user"],
+          senderId: "owner",
+        }),
+      ).toEqual({
+        allowed: false,
+        outerMatch: { allowed: false },
+        innerMatch: { allowed: false },
+      });
+    });
+
+    it("allows open policy", () => {
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "open",
+          outerAllowFrom: [],
+          innerAllowFrom: [],
+          senderId: "owner",
+        }),
+      ).toEqual({
+        allowed: true,
+        outerMatch: { allowed: true },
+        innerMatch: { allowed: true },
+      });
+    });
+
+    it("blocks allowlist mode when both outer and inner allowlists are empty", () => {
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "allowlist",
+          outerAllowFrom: [],
+          innerAllowFrom: [],
+          senderId: "owner",
+        }),
+      ).toEqual({
+        allowed: false,
+        outerMatch: { allowed: false },
+        innerMatch: { allowed: false },
+      });
+    });
+
+    it("requires inner match when only room-specific allowlist is configured", () => {
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "allowlist",
+          outerAllowFrom: [],
+          innerAllowFrom: ["room-user"],
+          senderId: "room-user",
+        }),
+      ).toEqual({
+        allowed: true,
+        outerMatch: { allowed: false },
+        innerMatch: { allowed: true, matchKey: "room-user", matchSource: "id" },
+      });
+    });
+
+    it("blocks when outer allowlist misses even if inner allowlist matches", () => {
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "allowlist",
+          outerAllowFrom: ["team-owner"],
+          innerAllowFrom: ["room-user"],
+          senderId: "room-user",
+        }),
+      ).toEqual({
+        allowed: false,
+        outerMatch: { allowed: false },
+        innerMatch: { allowed: true, matchKey: "room-user", matchSource: "id" },
+      });
+    });
+
+    it("allows when both outer and inner allowlists match", () => {
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "allowlist",
+          outerAllowFrom: ["team-owner"],
+          innerAllowFrom: ["room-user"],
+          senderId: "team-owner",
+        }),
+      ).toEqual({
+        allowed: false,
+        outerMatch: { allowed: true, matchKey: "team-owner", matchSource: "id" },
+        innerMatch: { allowed: false },
+      });
+
+      expect(
+        resolveNextcloudTalkGroupAllow({
+          groupPolicy: "allowlist",
+          outerAllowFrom: ["shared-user"],
+          innerAllowFrom: ["shared-user"],
+          senderId: "shared-user",
+        }),
+      ).toEqual({
+        allowed: true,
+        outerMatch: { allowed: true, matchKey: "shared-user", matchSource: "id" },
+        innerMatch: { allowed: true, matchKey: "shared-user", matchSource: "id" },
+      });
+    });
+  });
 });

package/src/policy.ts

@@ -3,14 +3,15 @@ import type {
   ChannelGroupContext,
   GroupPolicy,
   GroupToolPolicyConfig,
-} from "openclaw/plugin-sdk";
+} from "openclaw/plugin-sdk/nextcloud-talk";
 import {
   buildChannelKeyCandidates,
+  evaluateMatchedGroupAccessForPolicy,
   normalizeChannelSlug,
   resolveChannelEntryMatchWithFallback,
   resolveMentionGatingWithBypass,
   resolveNestedAllowlistDecision,
-} from "openclaw/plugin-sdk";
+} from "openclaw/plugin-sdk/nextcloud-talk";
 import type { NextcloudTalkRoomConfig } from "./types.js";
 
 function normalizeAllowEntry(raw: string): string {
@@ -128,19 +129,8 @@ export function resolveNextcloudTalkGroupAllow(params: {
   innerAllowFrom: Array<string | number> | undefined;
   senderId: string;
 }): { allowed: boolean; outerMatch: AllowlistMatch; innerMatch: AllowlistMatch } {
-  if (params.groupPolicy === "disabled") {
-    return { allowed: false, outerMatch: { allowed: false }, innerMatch: { allowed: false } };
-  }
-  if (params.groupPolicy === "open") {
-    return { allowed: true, outerMatch: { allowed: true }, innerMatch: { allowed: true } };
-  }
-
   const outerAllow = normalizeNextcloudTalkAllowlist(params.outerAllowFrom);
   const innerAllow = normalizeNextcloudTalkAllowlist(params.innerAllowFrom);
-  if (outerAllow.length === 0 && innerAllow.length === 0) {
-    return { allowed: false, outerMatch: { allowed: false }, innerMatch: { allowed: false } };
-  }
-
   const outerMatch = resolveNextcloudTalkAllowlistMatch({
     allowFrom: params.outerAllowFrom,
     senderId: params.senderId,
@@ -149,14 +139,32 @@ export function resolveNextcloudTalkGroupAllow(params: {
     allowFrom: params.innerAllowFrom,
     senderId: params.senderId,
   });
-  const allowed = resolveNestedAllowlistDecision({
-    outerConfigured: outerAllow.length > 0 || innerAllow.length > 0,
-    outerMatched: outerAllow.length > 0 ? outerMatch.allowed : true,
-    innerConfigured: innerAllow.length > 0,
-    innerMatched: innerMatch.allowed,
+  const access = evaluateMatchedGroupAccessForPolicy({
+    groupPolicy: params.groupPolicy,
+    allowlistConfigured: outerAllow.length > 0 || innerAllow.length > 0,
+    allowlistMatched: resolveNestedAllowlistDecision({
+      outerConfigured: outerAllow.length > 0 || innerAllow.length > 0,
+      outerMatched: outerAllow.length > 0 ? outerMatch.allowed : true,
+      innerConfigured: innerAllow.length > 0,
+      innerMatched: innerMatch.allowed,
+    }),
   });
 
-  return { allowed, outerMatch, innerMatch };
+  return {
+    allowed: access.allowed,
+    outerMatch:
+      params.groupPolicy === "open"
+        ? { allowed: true }
+        : params.groupPolicy === "disabled"
+          ? { allowed: false }
+          : outerMatch,
+    innerMatch:
+      params.groupPolicy === "open"
+        ? { allowed: true }
+        : params.groupPolicy === "disabled"
+          ? { allowed: false }
+          : innerMatch,
+  };
 }
 
 export function resolveNextcloudTalkMentionGate(params: {

package/src/replay-guard.ts

@@ -1,5 +1,5 @@
 import path from "node:path";
-import { createPersistentDedupe } from "openclaw/plugin-sdk";
+import { createPersistentDedupe } from "openclaw/plugin-sdk/nextcloud-talk";
 
 const DEFAULT_REPLAY_TTL_MS = 24 * 60 * 60 * 1000;
 const DEFAULT_MEMORY_MAX_SIZE = 1_000;