@openclaw/zalo 2026.5.2 → 2026.5.3-beta.1

package/dist/accounts-9NLDDlZ8.js

@@ -0,0 +1,118 @@
+import { createAccountListHelpers, resolveMergedAccountConfig } from "openclaw/plugin-sdk/account-helpers";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id";
+import { normalizeOptionalString } from "openclaw/plugin-sdk/text-runtime";
+import { tryReadSecretFileSync } from "openclaw/plugin-sdk/core";
+import { resolveAccountEntry } from "openclaw/plugin-sdk/routing";
+import { buildSecretInputSchema, normalizeResolvedSecretInputString, normalizeSecretInputString } from "openclaw/plugin-sdk/secret-input";
+//#region \0rolldown/runtime.js
+var __defProp = Object.defineProperty;
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) __defProp(target, name, {
+		get: all[name],
+		enumerable: true
+	});
+	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
+	return target;
+};
+//#endregion
+//#region extensions/zalo/src/token.ts
+function readTokenFromFile(tokenFile) {
+	return tryReadSecretFileSync(tokenFile, "Zalo token file", { rejectSymlink: true }) ?? "";
+}
+function resolveZaloToken(config, accountId, options) {
+	const resolvedAccountId = normalizeAccountId(accountId ?? config?.defaultAccount);
+	const isDefaultAccount = resolvedAccountId === DEFAULT_ACCOUNT_ID;
+	const baseConfig = config;
+	const accountConfig = resolveAccountEntry(baseConfig?.accounts, normalizeAccountId(resolvedAccountId));
+	const accountHasBotToken = Boolean(accountConfig && Object.prototype.hasOwnProperty.call(accountConfig, "botToken"));
+	if (accountConfig && accountHasBotToken) {
+		const token = options?.allowUnresolvedSecretRef ? normalizeSecretInputString(accountConfig.botToken) : normalizeResolvedSecretInputString({
+			value: accountConfig.botToken,
+			path: `channels.zalo.accounts.${resolvedAccountId}.botToken`
+		});
+		if (token) return {
+			token,
+			source: "config"
+		};
+		const fileToken = readTokenFromFile(accountConfig.tokenFile);
+		if (fileToken) return {
+			token: fileToken,
+			source: "configFile"
+		};
+	}
+	if (!accountHasBotToken) {
+		const fileToken = readTokenFromFile(accountConfig?.tokenFile);
+		if (fileToken) return {
+			token: fileToken,
+			source: "configFile"
+		};
+	}
+	if (!accountHasBotToken) {
+		const token = options?.allowUnresolvedSecretRef ? normalizeSecretInputString(baseConfig?.botToken) : normalizeResolvedSecretInputString({
+			value: baseConfig?.botToken,
+			path: "channels.zalo.botToken"
+		});
+		if (token) return {
+			token,
+			source: "config"
+		};
+		const fileToken = readTokenFromFile(baseConfig?.tokenFile);
+		if (fileToken) return {
+			token: fileToken,
+			source: "configFile"
+		};
+	}
+	if (isDefaultAccount) {
+		const envToken = process.env.ZALO_BOT_TOKEN?.trim();
+		if (envToken) return {
+			token: envToken,
+			source: "env"
+		};
+	}
+	return {
+		token: "",
+		source: "none"
+	};
+}
+//#endregion
+//#region extensions/zalo/src/accounts.ts
+var accounts_exports = /* @__PURE__ */ __exportAll({
+	listEnabledZaloAccounts: () => listEnabledZaloAccounts,
+	listZaloAccountIds: () => listZaloAccountIds,
+	resolveDefaultZaloAccountId: () => resolveDefaultZaloAccountId,
+	resolveZaloAccount: () => resolveZaloAccount
+});
+const { listAccountIds: listZaloAccountIds, resolveDefaultAccountId: resolveDefaultZaloAccountId } = createAccountListHelpers("zalo");
+function mergeZaloAccountConfig(cfg, accountId) {
+	return resolveMergedAccountConfig({
+		channelConfig: cfg.channels?.zalo,
+		accounts: (cfg.channels?.zalo)?.accounts,
+		accountId,
+		omitKeys: ["defaultAccount"]
+	});
+}
+function resolveZaloAccount(params) {
+	const accountId = normalizeAccountId(params.accountId ?? (params.cfg.channels?.zalo)?.defaultAccount);
+	const baseEnabled = (params.cfg.channels?.zalo)?.enabled !== false;
+	const merged = mergeZaloAccountConfig(params.cfg, accountId);
+	const accountEnabled = merged.enabled !== false;
+	const enabled = baseEnabled && accountEnabled;
+	const tokenResolution = resolveZaloToken(params.cfg.channels?.zalo, accountId, { allowUnresolvedSecretRef: params.allowUnresolvedSecretRef });
+	return {
+		accountId,
+		name: normalizeOptionalString(merged.name),
+		enabled,
+		token: tokenResolution.token,
+		tokenSource: tokenResolution.source,
+		config: merged
+	};
+}
+function listEnabledZaloAccounts(cfg) {
+	return listZaloAccountIds(cfg).map((accountId) => resolveZaloAccount({
+		cfg,
+		accountId
+	})).filter((account) => account.enabled);
+}
+//#endregion
+export { resolveZaloAccount as a, normalizeSecretInputString as c, resolveDefaultZaloAccountId as i, listEnabledZaloAccounts as n, resolveZaloToken as o, listZaloAccountIds as r, buildSecretInputSchema as s, accounts_exports as t };

package/dist/actions.runtime-kJ65ZxW7.js

@@ -0,0 +1,5 @@
+import { t as sendMessageZalo } from "./send-Gv3l5EGI.js";
+//#region extensions/zalo/src/actions.runtime.ts
+const zaloActionsRuntime = { sendMessageZalo };
+//#endregion
+export { zaloActionsRuntime };

package/dist/api.js

@@ -0,0 +1,5 @@
+import { t as zaloPlugin } from "./channel-VPbtV3Oq.js";
+import { n as zaloDmPolicy, r as zaloSetupAdapter, t as createZaloSetupWizardProxy } from "./setup-core-DigRD3j1.js";
+import { r as resolveZaloRuntimeGroupPolicy, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
+import { zaloSetupWizard } from "./setup-api.js";
+export { createZaloSetupWizardProxy, evaluateZaloGroupAccess, resolveZaloRuntimeGroupPolicy, zaloDmPolicy, zaloPlugin, zaloSetupAdapter, zaloSetupWizard };

package/dist/channel-VPbtV3Oq.js

@@ -0,0 +1,343 @@
+import { a as resolveZaloAccount, i as resolveDefaultZaloAccountId, n as listEnabledZaloAccounts, r as listZaloAccountIds, s as buildSecretInputSchema } from "./accounts-9NLDDlZ8.js";
+import { n as collectRuntimeConfigAssignments, r as secretTargetRegistryEntries } from "./secret-contract-Dw93tGo2.js";
+import { r as zaloSetupAdapter, t as createZaloSetupWizardProxy } from "./setup-core-DigRD3j1.js";
+import { describeWebhookAccountSnapshot } from "openclaw/plugin-sdk/account-helpers";
+import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/account-id";
+import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from";
+import { adaptScopedAccountAccessor, createScopedChannelConfigAdapter, createScopedDmSecurityResolver, mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers";
+import { buildChannelConfigSchema, createChatChannelPlugin } from "openclaw/plugin-sdk/channel-core";
+import { buildOpenGroupPolicyRestrictSendersWarning, buildOpenGroupPolicyWarning, createOpenProviderGroupPolicyWarningCollector } from "openclaw/plugin-sdk/channel-policy";
+import { createEmptyChannelResult, createRawChannelSendResultAdapter } from "openclaw/plugin-sdk/channel-send-result";
+import { buildTokenChannelStatusSummary } from "openclaw/plugin-sdk/channel-status";
+import { createStaticReplyToModeResolver } from "openclaw/plugin-sdk/conversation-runtime";
+import { createChannelDirectoryAdapter, listResolvedDirectoryUserEntriesFromAllowFrom } from "openclaw/plugin-sdk/directory-runtime";
+import { createLazyRuntimeModule, createLazyRuntimeNamedExport } from "openclaw/plugin-sdk/lazy-runtime";
+import { isNumericTargetId, sendPayloadWithChunkedTextAndMedia } from "openclaw/plugin-sdk/reply-payload";
+import { createComputedAccountStatusAdapter, createDefaultChannelRuntimeState } from "openclaw/plugin-sdk/status-helpers";
+import { chunkTextForOutbound } from "openclaw/plugin-sdk/text-chunking";
+import { normalizeLowercaseStringOrEmpty } from "openclaw/plugin-sdk/text-runtime";
+import { buildChannelOutboundSessionRoute, stripChannelTargetPrefix, stripTargetKindPrefix } from "openclaw/plugin-sdk/core";
+import { jsonResult, readStringParam } from "openclaw/plugin-sdk/channel-actions";
+import { extractToolSend } from "openclaw/plugin-sdk/tool-send";
+import { createResolvedApproverActionAuthAdapter, resolveApprovalApprovers } from "openclaw/plugin-sdk/approval-auth-runtime";
+import { AllowFromListSchema, DmPolicySchema, GroupPolicySchema, MarkdownConfigSchema, buildCatchallMultiAccountChannelSchema } from "openclaw/plugin-sdk/channel-config-schema";
+import { z } from "openclaw/plugin-sdk/zod";
+import { coerceStatusIssueAccountId, readStatusIssueFields } from "openclaw/plugin-sdk/extension-shared";
+//#region extensions/zalo/src/actions.ts
+const loadZaloActionsRuntime = createLazyRuntimeNamedExport(() => import("./actions.runtime-kJ65ZxW7.js"), "zaloActionsRuntime");
+const providerId = "zalo";
+function listEnabledAccounts(cfg, accountId) {
+	return (accountId ? [resolveZaloAccount({
+		cfg,
+		accountId
+	})] : listEnabledZaloAccounts(cfg)).filter((account) => account.enabled && account.tokenSource !== "none");
+}
+const zaloMessageActions = {
+	describeMessageTool: ({ cfg, accountId }) => {
+		if (listEnabledAccounts(cfg, accountId).length === 0) return null;
+		const actions = new Set(["send"]);
+		return {
+			actions: Array.from(actions),
+			capabilities: []
+		};
+	},
+	extractToolSend: ({ args }) => extractToolSend(args, "sendMessage"),
+	handleAction: async ({ action, params, cfg, accountId }) => {
+		if (action === "send") {
+			const to = readStringParam(params, "to", { required: true });
+			const content = readStringParam(params, "message", {
+				required: true,
+				allowEmpty: true
+			});
+			const mediaUrl = readStringParam(params, "media", { trim: false });
+			const { sendMessageZalo } = await loadZaloActionsRuntime();
+			const result = await sendMessageZalo(to ?? "", content ?? "", {
+				accountId: accountId ?? void 0,
+				mediaUrl: mediaUrl ?? void 0,
+				cfg
+			});
+			if (!result.ok) return jsonResult({
+				ok: false,
+				error: result.error ?? "Failed to send Zalo message"
+			});
+			return jsonResult({
+				ok: true,
+				to,
+				messageId: result.messageId
+			});
+		}
+		throw new Error(`Action ${action} is not supported for provider ${providerId}.`);
+	}
+};
+//#endregion
+//#region extensions/zalo/src/approval-auth.ts
+function normalizeZaloApproverId(value) {
+	const normalized = String(value).trim().replace(/^(zalo|zl):/i, "").trim();
+	return /^\d+$/.test(normalized) ? normalized : void 0;
+}
+const zaloApprovalAuth = createResolvedApproverActionAuthAdapter({
+	channelLabel: "Zalo",
+	resolveApprovers: ({ cfg, accountId }) => {
+		const account = resolveZaloAccount({
+			cfg,
+			accountId
+		}).config;
+		return resolveApprovalApprovers({
+			allowFrom: account.allowFrom,
+			normalizeApprover: normalizeZaloApproverId
+		});
+	},
+	normalizeSenderId: (value) => normalizeZaloApproverId(value)
+});
+const ZaloConfigSchema = buildCatchallMultiAccountChannelSchema(z.object({
+	name: z.string().optional(),
+	enabled: z.boolean().optional(),
+	markdown: MarkdownConfigSchema,
+	botToken: buildSecretInputSchema().optional(),
+	tokenFile: z.string().optional(),
+	webhookUrl: z.string().optional(),
+	webhookSecret: buildSecretInputSchema().optional(),
+	webhookPath: z.string().optional(),
+	dmPolicy: DmPolicySchema.optional(),
+	allowFrom: AllowFromListSchema,
+	groupPolicy: GroupPolicySchema.optional(),
+	groupAllowFrom: AllowFromListSchema,
+	mediaMaxMb: z.number().optional(),
+	proxy: z.string().optional(),
+	responsePrefix: z.string().optional()
+}));
+//#endregion
+//#region extensions/zalo/src/session-route.ts
+function resolveZaloOutboundSessionRoute(params) {
+	const trimmed = stripChannelTargetPrefix(params.target, "zalo", "zl");
+	if (!trimmed) return null;
+	const isGroup = normalizeLowercaseStringOrEmpty(trimmed).startsWith("group:");
+	const peerId = stripTargetKindPrefix(trimmed);
+	if (!peerId) return null;
+	return buildChannelOutboundSessionRoute({
+		cfg: params.cfg,
+		agentId: params.agentId,
+		channel: "zalo",
+		accountId: params.accountId,
+		peer: {
+			kind: isGroup ? "group" : "direct",
+			id: peerId
+		},
+		chatType: isGroup ? "group" : "direct",
+		from: isGroup ? `zalo:group:${peerId}` : `zalo:${peerId}`,
+		to: `zalo:${peerId}`
+	});
+}
+//#endregion
+//#region extensions/zalo/src/status-issues.ts
+const ZALO_STATUS_FIELDS = [
+	"accountId",
+	"enabled",
+	"configured",
+	"dmPolicy"
+];
+function collectZaloStatusIssues(accounts) {
+	const issues = [];
+	for (const entry of accounts) {
+		const account = readStatusIssueFields(entry, ZALO_STATUS_FIELDS);
+		if (!account) continue;
+		const accountId = coerceStatusIssueAccountId(account.accountId) ?? "default";
+		const enabled = account.enabled !== false;
+		const configured = account.configured === true;
+		if (!enabled || !configured) continue;
+		if (account.dmPolicy === "open") issues.push({
+			channel: "zalo",
+			accountId,
+			kind: "config",
+			message: "Zalo dmPolicy is \"open\", allowing any user to message the bot without pairing.",
+			fix: "Set channels.zalo.dmPolicy to \"pairing\" or \"allowlist\" to restrict access."
+		});
+	}
+	return issues;
+}
+//#endregion
+//#region extensions/zalo/src/channel.ts
+const meta = {
+	id: "zalo",
+	label: "Zalo",
+	selectionLabel: "Zalo (Bot API)",
+	docsPath: "/channels/zalo",
+	docsLabel: "zalo",
+	blurb: "Vietnam-focused messaging platform with Bot API.",
+	aliases: ["zl"],
+	order: 80,
+	quickstartAllowFrom: true
+};
+function normalizeZaloMessagingTarget(raw) {
+	const trimmed = raw?.trim();
+	if (!trimmed) return;
+	return trimmed.replace(/^(zalo|zl):/i, "").trim();
+}
+const loadZaloChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime-BnTAWQx5.js"));
+const zaloSetupWizard = createZaloSetupWizardProxy(async () => (await import("./setup-surface-2Up3yWov.js")).zaloSetupWizard);
+const zaloTextChunkLimit = 2e3;
+const zaloRawSendResultAdapter = createRawChannelSendResultAdapter({
+	channel: "zalo",
+	sendText: async ({ to, text, accountId, cfg }) => await (await loadZaloChannelRuntime()).sendZaloText({
+		to,
+		text,
+		accountId: accountId ?? void 0,
+		cfg
+	}),
+	sendMedia: async ({ to, text, mediaUrl, accountId, cfg }) => await (await loadZaloChannelRuntime()).sendZaloText({
+		to,
+		text,
+		accountId: accountId ?? void 0,
+		mediaUrl,
+		cfg
+	})
+});
+const zaloConfigAdapter = createScopedChannelConfigAdapter({
+	sectionKey: "zalo",
+	listAccountIds: listZaloAccountIds,
+	resolveAccount: adaptScopedAccountAccessor(resolveZaloAccount),
+	defaultAccountId: resolveDefaultZaloAccountId,
+	clearBaseFields: [
+		"botToken",
+		"tokenFile",
+		"name"
+	],
+	resolveAllowFrom: (account) => account.config.allowFrom,
+	formatAllowFrom: (allowFrom) => formatAllowFromLowercase({
+		allowFrom,
+		stripPrefixRe: /^(zalo|zl):/i
+	})
+});
+const resolveZaloDmPolicy = createScopedDmSecurityResolver({
+	channelKey: "zalo",
+	resolvePolicy: (account) => account.config.dmPolicy,
+	resolveAllowFrom: (account) => account.config.allowFrom,
+	policyPathSuffix: "dmPolicy",
+	normalizeEntry: (raw) => raw.trim().replace(/^(zalo|zl):/i, "")
+});
+const collectZaloSecurityWarnings = createOpenProviderGroupPolicyWarningCollector({
+	providerConfigPresent: (cfg) => cfg.channels?.zalo !== void 0,
+	resolveGroupPolicy: ({ account }) => account.config.groupPolicy,
+	collect: ({ account, groupPolicy }) => {
+		if (groupPolicy !== "open") return [];
+		const explicitGroupAllowFrom = mapAllowFromEntries(account.config.groupAllowFrom);
+		const dmAllowFrom = mapAllowFromEntries(account.config.allowFrom);
+		if ((explicitGroupAllowFrom.length > 0 ? explicitGroupAllowFrom : dmAllowFrom).length > 0) return [buildOpenGroupPolicyRestrictSendersWarning({
+			surface: "Zalo groups",
+			openScope: "any member",
+			groupPolicyPath: "channels.zalo.groupPolicy",
+			groupAllowFromPath: "channels.zalo.groupAllowFrom"
+		})];
+		return [buildOpenGroupPolicyWarning({
+			surface: "Zalo groups",
+			openBehavior: "with no groupAllowFrom/allowFrom allowlist; any member can trigger (mention-gated)",
+			remediation: "Set channels.zalo.groupPolicy=\"allowlist\" + channels.zalo.groupAllowFrom"
+		})];
+	}
+});
+const zaloPlugin = createChatChannelPlugin({
+	base: {
+		id: "zalo",
+		meta,
+		setup: zaloSetupAdapter,
+		setupWizard: zaloSetupWizard,
+		capabilities: {
+			chatTypes: ["direct", "group"],
+			media: true,
+			reactions: false,
+			threads: false,
+			polls: false,
+			nativeCommands: false,
+			blockStreaming: true
+		},
+		reload: { configPrefixes: ["channels.zalo"] },
+		configSchema: buildChannelConfigSchema(ZaloConfigSchema),
+		config: {
+			...zaloConfigAdapter,
+			isConfigured: (account) => Boolean(account.token?.trim()),
+			describeAccount: (account) => describeWebhookAccountSnapshot({
+				account,
+				configured: Boolean(account.token?.trim()),
+				mode: account.config.webhookUrl ? "webhook" : "polling",
+				extra: { tokenSource: account.tokenSource }
+			})
+		},
+		approvalCapability: zaloApprovalAuth,
+		secrets: {
+			secretTargetRegistryEntries,
+			collectRuntimeConfigAssignments
+		},
+		groups: { resolveRequireMention: () => true },
+		actions: zaloMessageActions,
+		messaging: {
+			targetPrefixes: ["zalo", "zl"],
+			normalizeTarget: normalizeZaloMessagingTarget,
+			resolveOutboundSessionRoute: (params) => resolveZaloOutboundSessionRoute(params),
+			targetResolver: {
+				looksLikeId: isNumericTargetId,
+				hint: "<chatId>"
+			}
+		},
+		directory: createChannelDirectoryAdapter({
+			listPeers: async (params) => listResolvedDirectoryUserEntriesFromAllowFrom({
+				...params,
+				resolveAccount: adaptScopedAccountAccessor(resolveZaloAccount),
+				resolveAllowFrom: (account) => account.config.allowFrom,
+				normalizeId: (entry) => entry.trim().replace(/^(zalo|zl):/i, "")
+			}),
+			listGroups: async () => []
+		}),
+		status: createComputedAccountStatusAdapter({
+			defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID),
+			collectStatusIssues: collectZaloStatusIssues,
+			buildChannelSummary: ({ snapshot }) => buildTokenChannelStatusSummary(snapshot),
+			probeAccount: async ({ account, timeoutMs }) => await (await loadZaloChannelRuntime()).probeZaloAccount({
+				account,
+				timeoutMs
+			}),
+			resolveAccountSnapshot: ({ account }) => {
+				const configured = Boolean(account.token?.trim());
+				return {
+					accountId: account.accountId,
+					name: account.name,
+					enabled: account.enabled,
+					configured,
+					extra: {
+						tokenSource: account.tokenSource,
+						mode: account.config.webhookUrl ? "webhook" : "polling",
+						dmPolicy: account.config.dmPolicy ?? "pairing"
+					}
+				};
+			}
+		}),
+		gateway: { startAccount: async (ctx) => await (await loadZaloChannelRuntime()).startZaloGatewayAccount(ctx) }
+	},
+	security: {
+		resolveDmPolicy: resolveZaloDmPolicy,
+		collectWarnings: collectZaloSecurityWarnings
+	},
+	pairing: { text: {
+		idLabel: "zaloUserId",
+		message: "Your pairing request has been approved.",
+		normalizeAllowEntry: (entry) => entry.trim().replace(/^(zalo|zl):/i, ""),
+		notify: async (params) => await (await loadZaloChannelRuntime()).notifyZaloPairingApproval(params)
+	} },
+	threading: { resolveReplyToMode: createStaticReplyToModeResolver("off") },
+	outbound: {
+		deliveryMode: "direct",
+		chunker: chunkTextForOutbound,
+		chunkerMode: "text",
+		textChunkLimit: zaloTextChunkLimit,
+		sendPayload: async (ctx) => await sendPayloadWithChunkedTextAndMedia({
+			ctx,
+			textChunkLimit: zaloTextChunkLimit,
+			chunker: chunkTextForOutbound,
+			sendText: (nextCtx) => zaloRawSendResultAdapter.sendText(nextCtx),
+			sendMedia: (nextCtx) => zaloRawSendResultAdapter.sendMedia(nextCtx),
+			emptyResult: createEmptyChannelResult("zalo")
+		}),
+		...zaloRawSendResultAdapter
+	}
+});
+//#endregion
+export { zaloPlugin as t };

package/dist/channel-plugin-api.js

@@ -0,0 +1,2 @@
+import { t as zaloPlugin } from "./channel-VPbtV3Oq.js";
+export { zaloPlugin };

package/dist/channel.runtime-BnTAWQx5.js

@@ -0,0 +1,106 @@
+import { c as normalizeSecretInputString } from "./accounts-9NLDDlZ8.js";
+import { n as PAIRING_APPROVED_MESSAGE } from "./runtime-api-MOTmRW4F.js";
+import { i as getMe, n as ZaloApiError, t as resolveZaloProxyFetch } from "./proxy-CY8VuC6H.js";
+import { t as sendMessageZalo } from "./send-Gv3l5EGI.js";
+import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle";
+//#region extensions/zalo/src/probe.ts
+async function probeZalo(token, timeoutMs = 5e3, fetcher) {
+	if (!token?.trim()) return {
+		ok: false,
+		error: "No token provided",
+		elapsedMs: 0
+	};
+	const startTime = Date.now();
+	try {
+		const response = await getMe(token.trim(), timeoutMs, fetcher);
+		const elapsedMs = Date.now() - startTime;
+		if (response.ok && response.result) return {
+			ok: true,
+			bot: response.result,
+			elapsedMs
+		};
+		return {
+			ok: false,
+			error: "Invalid response from Zalo API",
+			elapsedMs
+		};
+	} catch (err) {
+		const elapsedMs = Date.now() - startTime;
+		if (err instanceof ZaloApiError) return {
+			ok: false,
+			error: err.description ?? err.message,
+			elapsedMs
+		};
+		if (err instanceof Error) {
+			if (err.name === "AbortError") return {
+				ok: false,
+				error: `Request timed out after ${timeoutMs}ms`,
+				elapsedMs
+			};
+			return {
+				ok: false,
+				error: err.message,
+				elapsedMs
+			};
+		}
+		return {
+			ok: false,
+			error: String(err),
+			elapsedMs
+		};
+	}
+}
+//#endregion
+//#region extensions/zalo/src/channel.runtime.ts
+async function notifyZaloPairingApproval(params) {
+	const { resolveZaloAccount } = await import("./accounts-9NLDDlZ8.js").then((n) => n.t);
+	const account = resolveZaloAccount({ cfg: params.cfg });
+	if (!account.token) throw new Error("Zalo token not configured");
+	await sendMessageZalo(params.id, PAIRING_APPROVED_MESSAGE, { token: account.token });
+}
+async function sendZaloText(params) {
+	return await sendMessageZalo(params.to, params.text, params);
+}
+async function probeZaloAccount(params) {
+	return await probeZalo(params.account.token, params.timeoutMs, resolveZaloProxyFetch(params.account.config.proxy));
+}
+async function startZaloGatewayAccount(ctx) {
+	const account = ctx.account;
+	const token = account.token.trim();
+	const mode = account.config.webhookUrl ? "webhook" : "polling";
+	let zaloBotLabel = "";
+	const fetcher = resolveZaloProxyFetch(account.config.proxy);
+	try {
+		const probe = await probeZalo(token, 2500, fetcher);
+		const name = probe.ok ? probe.bot?.name?.trim() : null;
+		if (name) zaloBotLabel = ` (${name})`;
+		if (!probe.ok) ctx.log?.warn?.(`[${account.accountId}] Zalo probe failed before provider start (${String(probe.elapsedMs)}ms): ${probe.error}`);
+		ctx.setStatus({
+			accountId: account.accountId,
+			bot: probe.bot
+		});
+	} catch (err) {
+		ctx.log?.warn?.(`[${account.accountId}] Zalo probe threw before provider start: ${err instanceof Error ? err.stack ?? err.message : String(err)}`);
+	}
+	const statusSink = createAccountStatusSink({
+		accountId: ctx.accountId,
+		setStatus: ctx.setStatus
+	});
+	ctx.log?.info(`[${account.accountId}] starting provider${zaloBotLabel} mode=${mode}`);
+	const { monitorZaloProvider } = await import("./monitor-DMysJBWa.js");
+	return monitorZaloProvider({
+		token,
+		account,
+		config: ctx.cfg,
+		runtime: ctx.runtime,
+		abortSignal: ctx.abortSignal,
+		useWebhook: Boolean(account.config.webhookUrl),
+		webhookUrl: account.config.webhookUrl,
+		webhookSecret: normalizeSecretInputString(account.config.webhookSecret),
+		webhookPath: account.config.webhookPath,
+		fetcher,
+		statusSink
+	});
+}
+//#endregion
+export { notifyZaloPairingApproval, probeZaloAccount, sendZaloText, startZaloGatewayAccount };

package/dist/contract-api.js

@@ -0,0 +1,3 @@
+import { n as collectRuntimeConfigAssignments, r as secretTargetRegistryEntries } from "./secret-contract-Dw93tGo2.js";
+import { r as resolveZaloRuntimeGroupPolicy, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
+export { collectRuntimeConfigAssignments, evaluateZaloGroupAccess, resolveZaloRuntimeGroupPolicy, secretTargetRegistryEntries };

package/dist/group-access-DZR43lOR.js

@@ -0,0 +1,30 @@
+import { isNormalizedSenderAllowed } from "openclaw/plugin-sdk/allow-from";
+import { evaluateSenderGroupAccess, resolveOpenProviderRuntimeGroupPolicy } from "openclaw/plugin-sdk/group-access";
+//#region extensions/zalo/src/group-access.ts
+const ZALO_ALLOW_FROM_PREFIX_RE = /^(zalo|zl):/i;
+function isZaloSenderAllowed(senderId, allowFrom) {
+	return isNormalizedSenderAllowed({
+		senderId,
+		allowFrom,
+		stripPrefixRe: ZALO_ALLOW_FROM_PREFIX_RE
+	});
+}
+function resolveZaloRuntimeGroupPolicy(params) {
+	return resolveOpenProviderRuntimeGroupPolicy({
+		providerConfigPresent: params.providerConfigPresent,
+		groupPolicy: params.groupPolicy,
+		defaultGroupPolicy: params.defaultGroupPolicy
+	});
+}
+function evaluateZaloGroupAccess(params) {
+	return evaluateSenderGroupAccess({
+		providerConfigPresent: params.providerConfigPresent,
+		configuredGroupPolicy: params.configuredGroupPolicy,
+		defaultGroupPolicy: params.defaultGroupPolicy,
+		groupAllowFrom: params.groupAllowFrom,
+		senderId: params.senderId,
+		isSenderAllowed: isZaloSenderAllowed
+	});
+}
+//#endregion
+export { isZaloSenderAllowed as n, resolveZaloRuntimeGroupPolicy as r, evaluateZaloGroupAccess as t };

package/dist/index.js

@@ -0,0 +1,22 @@
+import { defineBundledChannelEntry } from "openclaw/plugin-sdk/channel-entry-contract";
+//#region extensions/zalo/index.ts
+var zalo_default = defineBundledChannelEntry({
+	id: "zalo",
+	name: "Zalo",
+	description: "Zalo channel plugin",
+	importMetaUrl: import.meta.url,
+	plugin: {
+		specifier: "./channel-plugin-api.js",
+		exportName: "zaloPlugin"
+	},
+	secrets: {
+		specifier: "./secret-contract-api.js",
+		exportName: "channelSecrets"
+	},
+	runtime: {
+		specifier: "./runtime-api.js",
+		exportName: "setZaloRuntime"
+	}
+});
+//#endregion
+export { zalo_default as default };