npm - @openclaw/nextcloud-talk - Versions diffs - 2026.3.1 → 2026.3.7 - Mend

@openclaw/nextcloud-talk 2026.3.1 → 2026.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/index.ts +2 -2
package/package.json +4 -1
package/src/accounts.ts +26 -59
package/src/channel.startup.test.ts +9 -41
package/src/channel.ts +82 -85
package/src/config-schema.test.ts +36 -0
package/src/config-schema.ts +4 -3
package/src/inbound.authz.test.ts +2 -2
package/src/inbound.ts +31 -50
package/src/monitor.backend.test.ts +4 -23
package/src/monitor.replay.test.ts +2 -28
package/src/monitor.test-fixtures.ts +30 -0
package/src/monitor.ts +1 -1
package/src/onboarding.ts +126 -145
package/src/policy.test.ts +106 -1
package/src/policy.ts +27 -19
package/src/replay-guard.ts +1 -1
package/src/room-info.ts +40 -25
package/src/runtime.ts +1 -1
package/src/secret-input.ts +13 -0
package/src/send.test.ts +104 -0
package/src/send.ts +3 -2
package/src/types.ts +4 -3

package/src/room-info.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import { readFileSync } from "node:fs";
-import type { RuntimeEnv } from "openclaw/plugin-sdk";
+import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/nextcloud-talk";
+import type { RuntimeEnv } from "openclaw/plugin-sdk/nextcloud-talk";
 import type { ResolvedNextcloudTalkAccount } from "./accounts.js";
+import { normalizeResolvedSecretInputString } from "./secret-input.js";
 const ROOM_CACHE_TTL_MS = 5 * 60 * 1000;
 const ROOM_CACHE_ERROR_TTL_MS = 30 * 1000;
@@ -15,11 +17,15 @@ function resolveRoomCacheKey(params: { accountId: string; roomToken: string }) {
 }
 function readApiPassword(params: {
-  apiPassword?: string;
+  apiPassword?: unknown;
   apiPasswordFile?: string;
 }): string | undefined {
-  if (params.apiPassword?.trim()) {
-    return params.apiPassword.trim();
+  const inlinePassword = normalizeResolvedSecretInputString({
+    value: params.apiPassword,
+    path: "channels.nextcloud-talk.apiPassword",
+  });
+  if (inlinePassword) {
+    return inlinePassword;
   }
   if (!params.apiPasswordFile) {
     return undefined;
@@ -89,31 +95,40 @@ export async function resolveNextcloudTalkRoomKind(params: {
   const auth = Buffer.from(`${apiUser}:${apiPassword}`, "utf-8").toString("base64");
   try {
-    const response = await fetch(url, {
-      method: "GET",
-      headers: {
-        Authorization: `Basic ${auth}`,
-        "OCS-APIRequest": "true",
-        Accept: "application/json",
+    const { response, release } = await fetchWithSsrFGuard({
+      url,
+      init: {
+        method: "GET",
+        headers: {
+          Authorization: `Basic ${auth}`,
+          "OCS-APIRequest": "true",
+          Accept: "application/json",
+        },
       },
+      auditContext: "nextcloud-talk.room-info",
     });
+    try {
+      if (!response.ok) {
+        roomCache.set(key, {
+          fetchedAt: Date.now(),
+          error: `status:${response.status}`,
+        });
+        runtime?.log?.(
+          `nextcloud-talk: room lookup failed (${response.status}) token=${roomToken}`,
+        );
+        return undefined;
+      }
-    if (!response.ok) {
-      roomCache.set(key, {
-        fetchedAt: Date.now(),
-        error: `status:${response.status}`,
-      });
-      runtime?.log?.(`nextcloud-talk: room lookup failed (${response.status}) token=${roomToken}`);
-      return undefined;
+      const payload = (await response.json()) as {
+        ocs?: { data?: { type?: number | string } };
+      };
+      const type = coerceRoomType(payload.ocs?.data?.type);
+      const kind = resolveRoomKindFromType(type);
+      roomCache.set(key, { fetchedAt: Date.now(), kind });
+      return kind;
+    } finally {
+      await release();
     }
-    const payload = (await response.json()) as {
-      ocs?: { data?: { type?: number | string } };
-    };
-    const type = coerceRoomType(payload.ocs?.data?.type);
-    const kind = resolveRoomKindFromType(type);
-    roomCache.set(key, { fetchedAt: Date.now(), kind });
-    return kind;
   } catch (err) {
     roomCache.set(key, {
       fetchedAt: Date.now(),

package/src/runtime.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { PluginRuntime } from "openclaw/plugin-sdk";
+import type { PluginRuntime } from "openclaw/plugin-sdk/nextcloud-talk";
 let runtime: PluginRuntime | null = null;

package/src/secret-input.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import {
+  buildSecretInputSchema,
+  hasConfiguredSecretInput,
+  normalizeResolvedSecretInputString,
+  normalizeSecretInputString,
+} from "openclaw/plugin-sdk/nextcloud-talk";
+export {
+  buildSecretInputSchema,
+  hasConfiguredSecretInput,
+  normalizeResolvedSecretInputString,
+  normalizeSecretInputString,
+};

package/src/send.test.ts ADDED Viewed

@@ -0,0 +1,104 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+const hoisted = vi.hoisted(() => ({
+  loadConfig: vi.fn(),
+  resolveMarkdownTableMode: vi.fn(() => "preserve"),
+  convertMarkdownTables: vi.fn((text: string) => text),
+  record: vi.fn(),
+  resolveNextcloudTalkAccount: vi.fn(() => ({
+    accountId: "default",
+    baseUrl: "https://nextcloud.example.com",
+    secret: "secret-value", // pragma: allowlist secret
+  })),
+  generateNextcloudTalkSignature: vi.fn(() => ({
+    random: "r",
+    signature: "s",
+  })),
+}));
+vi.mock("./runtime.js", () => ({
+  getNextcloudTalkRuntime: () => ({
+    config: {
+      loadConfig: hoisted.loadConfig,
+    },
+    channel: {
+      text: {
+        resolveMarkdownTableMode: hoisted.resolveMarkdownTableMode,
+        convertMarkdownTables: hoisted.convertMarkdownTables,
+      },
+      activity: {
+        record: hoisted.record,
+      },
+    },
+  }),
+}));
+vi.mock("./accounts.js", () => ({
+  resolveNextcloudTalkAccount: hoisted.resolveNextcloudTalkAccount,
+}));
+vi.mock("./signature.js", () => ({
+  generateNextcloudTalkSignature: hoisted.generateNextcloudTalkSignature,
+}));
+import { sendMessageNextcloudTalk, sendReactionNextcloudTalk } from "./send.js";
+describe("nextcloud-talk send cfg threading", () => {
+  const fetchMock = vi.fn<typeof fetch>();
+  beforeEach(() => {
+    vi.clearAllMocks();
+    fetchMock.mockReset();
+    vi.stubGlobal("fetch", fetchMock);
+  });
+  afterEach(() => {
+    vi.unstubAllGlobals();
+  });
+  it("uses provided cfg for sendMessage and skips runtime loadConfig", async () => {
+    const cfg = { source: "provided" } as const;
+    fetchMock.mockResolvedValueOnce(
+      new Response(
+        JSON.stringify({
+          ocs: { data: { id: 12345, timestamp: 1_706_000_000 } },
+        }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      ),
+    );
+    const result = await sendMessageNextcloudTalk("room:abc123", "hello", {
+      cfg,
+      accountId: "work",
+    });
+    expect(hoisted.loadConfig).not.toHaveBeenCalled();
+    expect(hoisted.resolveNextcloudTalkAccount).toHaveBeenCalledWith({
+      cfg,
+      accountId: "work",
+    });
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    expect(result).toEqual({
+      messageId: "12345",
+      roomToken: "abc123",
+      timestamp: 1_706_000_000,
+    });
+  });
+  it("falls back to runtime cfg for sendReaction when cfg is omitted", async () => {
+    const runtimeCfg = { source: "runtime" } as const;
+    hoisted.loadConfig.mockReturnValueOnce(runtimeCfg);
+    fetchMock.mockResolvedValueOnce(new Response("{}", { status: 200 }));
+    const result = await sendReactionNextcloudTalk("room:ops", "m-1", "👍", {
+      accountId: "default",
+    });
+    expect(result).toEqual({ ok: true });
+    expect(hoisted.loadConfig).toHaveBeenCalledTimes(1);
+    expect(hoisted.resolveNextcloudTalkAccount).toHaveBeenCalledWith({
+      cfg: runtimeCfg,
+      accountId: "default",
+    });
+  });
+});

package/src/send.ts CHANGED Viewed

@@ -9,6 +9,7 @@ type NextcloudTalkSendOpts = {
   accountId?: string;
   replyTo?: string;
   verbose?: boolean;
+  cfg?: CoreConfig;
 };
 function resolveCredentials(
@@ -60,7 +61,7 @@ export async function sendMessageNextcloudTalk(
   text: string,
   opts: NextcloudTalkSendOpts = {},
 ): Promise<NextcloudTalkSendResult> {
-  const cfg = getNextcloudTalkRuntime().config.loadConfig() as CoreConfig;
+  const cfg = (opts.cfg ?? getNextcloudTalkRuntime().config.loadConfig()) as CoreConfig;
   const account = resolveNextcloudTalkAccount({
     cfg,
     accountId: opts.accountId,
@@ -175,7 +176,7 @@ export async function sendReactionNextcloudTalk(
   reaction: string,
   opts: Omit<NextcloudTalkSendOpts, "replyTo"> = {},
 ): Promise<{ ok: true }> {
-  const cfg = getNextcloudTalkRuntime().config.loadConfig() as CoreConfig;
+  const cfg = (opts.cfg ?? getNextcloudTalkRuntime().config.loadConfig()) as CoreConfig;
   const account = resolveNextcloudTalkAccount({
     cfg,
     accountId: opts.accountId,

package/src/types.ts CHANGED Viewed

@@ -3,7 +3,8 @@ import type {
   DmConfig,
   DmPolicy,
   GroupPolicy,
-} from "openclaw/plugin-sdk";
+  SecretInput,
+} from "openclaw/plugin-sdk/nextcloud-talk";
 export type { DmPolicy, GroupPolicy };
@@ -29,13 +30,13 @@ export type NextcloudTalkAccountConfig = {
   /** Base URL of the Nextcloud instance (e.g., "https://cloud.example.com"). */
   baseUrl?: string;
   /** Bot shared secret from occ talk:bot:install output. */
-  botSecret?: string;
+  botSecret?: SecretInput;
   /** Path to file containing bot secret (for secret managers). */
   botSecretFile?: string;
   /** Optional API user for room lookups (DM detection). */
   apiUser?: string;
   /** Optional API password/app password for room lookups. */
-  apiPassword?: string;
+  apiPassword?: SecretInput;
   /** Path to file containing API password/app password. */
   apiPasswordFile?: string;
   /** Direct message policy (default: pairing). */