@openclaw/zalo 2026.5.7 → 2026.5.10-beta.1

package/dist/{actions.runtime-kJ65ZxW7.js → actions.runtime-BQ5w5Doy.js}

@@ -1,4 +1,4 @@
-import { t as sendMessageZalo } from "./send-Gv3l5EGI.js";
+import { t as sendMessageZalo } from "./send-znUV-Z2f.js";
 //#region extensions/zalo/src/actions.runtime.ts
 const zaloActionsRuntime = { sendMessageZalo };
 //#endregion

package/dist/api.js

@@ -1,5 +1,5 @@
-import { t as zaloPlugin } from "./channel-VPbtV3Oq.js";
+import { t as zaloPlugin } from "./channel-CqYdiVMC.js";
 import { n as zaloDmPolicy, r as zaloSetupAdapter, t as createZaloSetupWizardProxy } from "./setup-core-DigRD3j1.js";
-import { r as resolveZaloRuntimeGroupPolicy, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
+import { n as resolveZaloRuntimeGroupPolicy } from "./group-access-B_fAqJAN.js";
 import { zaloSetupWizard } from "./setup-api.js";
-export { createZaloSetupWizardProxy, evaluateZaloGroupAccess, resolveZaloRuntimeGroupPolicy, zaloDmPolicy, zaloPlugin, zaloSetupAdapter, zaloSetupWizard };
+export { createZaloSetupWizardProxy, resolveZaloRuntimeGroupPolicy, zaloDmPolicy, zaloPlugin, zaloSetupAdapter, zaloSetupWizard };

package/dist/{channel-VPbtV3Oq.js → channel-CqYdiVMC.js}

@@ -6,6 +6,7 @@ import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/account-id";
 import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from";
 import { adaptScopedAccountAccessor, createScopedChannelConfigAdapter, createScopedDmSecurityResolver, mapAllowFromEntries } from "openclaw/plugin-sdk/channel-config-helpers";
 import { buildChannelConfigSchema, createChatChannelPlugin } from "openclaw/plugin-sdk/channel-core";
+import { defineChannelMessageAdapter } from "openclaw/plugin-sdk/channel-message";
 import { buildOpenGroupPolicyRestrictSendersWarning, buildOpenGroupPolicyWarning, createOpenProviderGroupPolicyWarningCollector } from "openclaw/plugin-sdk/channel-policy";
 import { createEmptyChannelResult, createRawChannelSendResultAdapter } from "openclaw/plugin-sdk/channel-send-result";
 import { buildTokenChannelStatusSummary } from "openclaw/plugin-sdk/channel-status";
@@ -24,7 +25,7 @@ import { AllowFromListSchema, DmPolicySchema, GroupPolicySchema, MarkdownConfigS
 import { z } from "openclaw/plugin-sdk/zod";
 import { coerceStatusIssueAccountId, readStatusIssueFields } from "openclaw/plugin-sdk/extension-shared";
 //#region extensions/zalo/src/actions.ts
-const loadZaloActionsRuntime = createLazyRuntimeNamedExport(() => import("./actions.runtime-kJ65ZxW7.js"), "zaloActionsRuntime");
+const loadZaloActionsRuntime = createLazyRuntimeNamedExport(() => import("./actions.runtime-BQ5w5Doy.js"), "zaloActionsRuntime");
 const providerId = "zalo";
 function listEnabledAccounts(cfg, accountId) {
 	return (accountId ? [resolveZaloAccount({
@@ -173,7 +174,7 @@ function normalizeZaloMessagingTarget(raw) {
 	if (!trimmed) return;
 	return trimmed.replace(/^(zalo|zl):/i, "").trim();
 }
-const loadZaloChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime-BnTAWQx5.js"));
+const loadZaloChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime-CAA9uPYO.js"));
 const zaloSetupWizard = createZaloSetupWizardProxy(async () => (await import("./setup-surface-2Up3yWov.js")).zaloSetupWizard);
 const zaloTextChunkLimit = 2e3;
 const zaloRawSendResultAdapter = createRawChannelSendResultAdapter({
@@ -192,6 +193,29 @@ const zaloRawSendResultAdapter = createRawChannelSendResultAdapter({
 		cfg
 	})
 });
+const zaloMessageAdapter = defineChannelMessageAdapter({
+	id: "zalo",
+	durableFinal: { capabilities: {
+		text: true,
+		media: true,
+		messageSendingHooks: true
+	} },
+	send: {
+		text: async ({ to, text, accountId, cfg }) => await (await loadZaloChannelRuntime()).sendZaloText({
+			to,
+			text,
+			accountId: accountId ?? void 0,
+			cfg
+		}),
+		media: async ({ to, text, mediaUrl, accountId, cfg }) => await (await loadZaloChannelRuntime()).sendZaloText({
+			to,
+			text,
+			accountId: accountId ?? void 0,
+			mediaUrl,
+			cfg
+		})
+	}
+});
 const zaloConfigAdapter = createScopedChannelConfigAdapter({
 	sectionKey: "zalo",
 	listAccountIds: listZaloAccountIds,
@@ -310,7 +334,8 @@ const zaloPlugin = createChatChannelPlugin({
 				};
 			}
 		}),
-		gateway: { startAccount: async (ctx) => await (await loadZaloChannelRuntime()).startZaloGatewayAccount(ctx) }
+		gateway: { startAccount: async (ctx) => await (await loadZaloChannelRuntime()).startZaloGatewayAccount(ctx) },
+		message: zaloMessageAdapter
 	},
 	security: {
 		resolveDmPolicy: resolveZaloDmPolicy,

package/dist/channel-plugin-api.js

@@ -1,2 +1,2 @@
-import { t as zaloPlugin } from "./channel-VPbtV3Oq.js";
+import { t as zaloPlugin } from "./channel-CqYdiVMC.js";
 export { zaloPlugin };

package/dist/{channel.runtime-BnTAWQx5.js → channel.runtime-CAA9uPYO.js}

@@ -1,7 +1,7 @@
 import { c as normalizeSecretInputString } from "./accounts-9NLDDlZ8.js";
-import { n as PAIRING_APPROVED_MESSAGE } from "./runtime-api-MOTmRW4F.js";
-import { i as getMe, n as ZaloApiError, t as resolveZaloProxyFetch } from "./proxy-CY8VuC6H.js";
-import { t as sendMessageZalo } from "./send-Gv3l5EGI.js";
+import { n as PAIRING_APPROVED_MESSAGE } from "./runtime-api-df534_Ih.js";
+import { i as getMe, n as ZaloApiError, t as resolveZaloProxyFetch } from "./proxy-D5AGEsI0.js";
+import { t as sendMessageZalo } from "./send-znUV-Z2f.js";
 import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle";
 //#region extensions/zalo/src/probe.ts
 async function probeZalo(token, timeoutMs = 5e3, fetcher) {
@@ -87,7 +87,7 @@ async function startZaloGatewayAccount(ctx) {
 		setStatus: ctx.setStatus
 	});
 	ctx.log?.info(`[${account.accountId}] starting provider${zaloBotLabel} mode=${mode}`);
-	const { monitorZaloProvider } = await import("./monitor-DMysJBWa.js");
+	const { monitorZaloProvider } = await import("./monitor-CpIJP2uj.js");
 	return monitorZaloProvider({
 		token,
 		account,

package/dist/contract-api.js

@@ -1,3 +1,3 @@
 import { n as collectRuntimeConfigAssignments, r as secretTargetRegistryEntries } from "./secret-contract-Dw93tGo2.js";
-import { r as resolveZaloRuntimeGroupPolicy, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
-export { collectRuntimeConfigAssignments, evaluateZaloGroupAccess, resolveZaloRuntimeGroupPolicy, secretTargetRegistryEntries };
+import { n as resolveZaloRuntimeGroupPolicy } from "./group-access-B_fAqJAN.js";
+export { collectRuntimeConfigAssignments, resolveZaloRuntimeGroupPolicy, secretTargetRegistryEntries };

package/dist/group-access-B_fAqJAN.js

@@ -0,0 +1,15 @@
+import { resolveOpenProviderRuntimeGroupPolicy } from "openclaw/plugin-sdk/runtime-group-policy";
+//#region extensions/zalo/src/group-access.ts
+const ZALO_ALLOW_FROM_PREFIX_RE = /^(zalo|zl):/i;
+function normalizeZaloAllowEntry(value) {
+	return value.trim().replace(ZALO_ALLOW_FROM_PREFIX_RE, "").trim().toLowerCase();
+}
+function resolveZaloRuntimeGroupPolicy(params) {
+	return resolveOpenProviderRuntimeGroupPolicy({
+		providerConfigPresent: params.providerConfigPresent,
+		groupPolicy: params.groupPolicy,
+		defaultGroupPolicy: params.defaultGroupPolicy
+	});
+}
+//#endregion
+export { resolveZaloRuntimeGroupPolicy as n, normalizeZaloAllowEntry as t };

package/dist/{monitor-DMysJBWa.js → monitor-CpIJP2uj.js}

@@ -1,20 +1,36 @@
-import { n as isZaloSenderAllowed, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
+import { n as resolveZaloRuntimeGroupPolicy, t as normalizeZaloAllowEntry } from "./group-access-B_fAqJAN.js";
 import { t as getZaloRuntime } from "./runtime-BRFxnYQx.js";
-import { a as getUpdates, c as sendMessage, l as sendPhoto, n as ZaloApiError, o as getWebhookInfo, r as deleteWebhook, s as sendChatAction, t as resolveZaloProxyFetch, u as setWebhook } from "./proxy-CY8VuC6H.js";
+import { a as getUpdates, c as sendMessage, l as sendPhoto, n as ZaloApiError, o as getWebhookInfo, r as deleteWebhook, s as sendChatAction, t as resolveZaloProxyFetch, u as setWebhook } from "./proxy-D5AGEsI0.js";
 import { deliverTextOrMediaReply, resolveSendableOutboundReplyParts } from "openclaw/plugin-sdk/reply-payload";
+import { normalizeStringEntries } from "openclaw/plugin-sdk/text-runtime";
 import { resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce } from "openclaw/plugin-sdk/runtime-group-policy";
 import { createChannelPairingController } from "openclaw/plugin-sdk/channel-pairing";
-import { createChannelReplyPipeline } from "openclaw/plugin-sdk/channel-reply-pipeline";
 import { logTypingFailure } from "openclaw/plugin-sdk/channel-feedback";
-import { resolveDirectDmAuthorizationOutcome, resolveSenderCommandAuthorizationWithRuntime } from "openclaw/plugin-sdk/command-auth";
 import { resolveInboundRouteEnvelopeBuilderWithRuntime } from "openclaw/plugin-sdk/inbound-envelope";
 import { registerPluginHttpRoute, resolveWebhookPath } from "openclaw/plugin-sdk/webhook-ingress";
+import { resolveStableChannelMessageIngress } from "openclaw/plugin-sdk/channel-ingress-runtime";
 import { waitForAbortSignal } from "openclaw/plugin-sdk/runtime-env";
 import { randomBytes } from "node:crypto";
-import { chmod, mkdir, readFile, readdir, stat, unlink, writeFile } from "node:fs/promises";
+import { readFile, readdir, stat, unlink } from "node:fs/promises";
 import { join } from "node:path";
 import { loadOutboundMediaFromUrl } from "openclaw/plugin-sdk/outbound-media";
+import { privateFileStore } from "openclaw/plugin-sdk/security-runtime";
 import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/temp-path";
+//#region extensions/zalo/src/monitor-durable.ts
+function prepareZaloDurableReplyPayload(params) {
+	if (!params.payload.text) return params.payload;
+	return {
+		...params.payload,
+		text: params.convertMarkdownTables(params.payload.text, params.tableMode)
+	};
+}
+function resolveZaloDurableReplyOptions(params) {
+	if (params.infoKind !== "final") return false;
+	const reply = resolveSendableOutboundReplyParts(params.payload);
+	if (reply.hasMedia || !reply.hasText) return false;
+	return { to: params.chatId };
+}
+//#endregion
 //#region extensions/zalo/src/outbound-media.ts
 const ZALO_OUTBOUND_MEDIA_TTL_MS = 2 * 6e4;
 const ZALO_OUTBOUND_MEDIA_SEGMENT = "media";
@@ -34,11 +50,8 @@ function createHostedZaloMediaToken() {
 	return randomBytes(24).toString("hex");
 }
 async function ensureHostedZaloMediaDir() {
-	await mkdir(ZALO_OUTBOUND_MEDIA_DIR, {
-		recursive: true,
-		mode: 448
-	});
-	await chmod(ZALO_OUTBOUND_MEDIA_DIR, 448).catch(() => void 0);
+	await privateFileStore(ZALO_OUTBOUND_MEDIA_DIR).writeText(".ready", "");
+	await unlink(join(ZALO_OUTBOUND_MEDIA_DIR, ".ready")).catch(() => void 0);
 }
 async function deleteHostedZaloMediaEntry(id) {
 	await Promise.all([unlink(resolveHostedZaloMediaMetadataPath(id)).catch(() => void 0), unlink(resolveHostedZaloMediaBufferPath(id)).catch(() => void 0)]);
@@ -97,16 +110,14 @@ async function prepareHostedZaloMediaUrl(params) {
 	const id = createHostedZaloMediaId();
 	const token = createHostedZaloMediaToken();
 	const publicBaseUrl = new URL(params.webhookUrl).origin;
-	await writeFile(resolveHostedZaloMediaBufferPath(id), media.buffer, { mode: 384 });
+	const store = privateFileStore(ZALO_OUTBOUND_MEDIA_DIR);
+	await store.writeText(`${id}.bin`, media.buffer);
 	try {
-		await writeFile(resolveHostedZaloMediaMetadataPath(id), JSON.stringify({
+		await store.writeJson(`${id}.json`, {
 			routePath,
 			token,
 			contentType: media.contentType,
 			expiresAt: Date.now() + ZALO_OUTBOUND_MEDIA_TTL_MS
-		}), {
-			encoding: "utf8",
-			mode: 384
 		});
 	} catch (error) {
 		await deleteHostedZaloMediaEntry(id);
@@ -175,7 +186,7 @@ const ZALO_TYPING_TIMEOUT_MS = 5e3;
 let zaloWebhookModulePromise;
 const hostedMediaRouteRefs = /* @__PURE__ */ new Map();
 function loadZaloWebhookModule() {
-	zaloWebhookModulePromise ??= import("./monitor.webhook-DqnuvgjV.js");
+	zaloWebhookModulePromise ??= import("./monitor.webhook-DDHdDX2R.js");
 	return zaloWebhookModulePromise;
 }
 function registerSharedHostedMediaRoute(params) {
@@ -397,56 +408,58 @@ async function authorizeZaloMessage(params) {
 	const senderId = from.id;
 	const senderName = from.display_name ?? from.name;
 	const dmPolicy = account.config.dmPolicy ?? "pairing";
-	const configAllowFrom = (account.config.allowFrom ?? []).map((v) => String(v));
-	const configuredGroupAllowFrom = (account.config.groupAllowFrom ?? []).map((v) => String(v));
-	const groupAllowFrom = configuredGroupAllowFrom.length > 0 ? configuredGroupAllowFrom : configAllowFrom;
 	const defaultGroupPolicy = resolveDefaultGroupPolicy(config);
-	const groupAccess = isGroup ? evaluateZaloGroupAccess({
+	const rawBody = text?.trim() || (mediaPath ? "<media:image>" : "");
+	const { groupPolicy, providerMissingFallbackApplied } = resolveZaloRuntimeGroupPolicy({
 		providerConfigPresent: config.channels?.zalo !== void 0,
-		configuredGroupPolicy: account.config.groupPolicy,
-		defaultGroupPolicy,
-		groupAllowFrom,
-		senderId
-	}) : void 0;
-	if (groupAccess) {
+		groupPolicy: account.config.groupPolicy,
+		defaultGroupPolicy
+	});
+	const shouldComputeAuth = core.channel.commands.shouldComputeCommandAuthorized(rawBody, config);
+	const access = await resolveStableChannelMessageIngress({
+		channelId: "zalo",
+		accountId: account.accountId,
+		identity: {
+			key: "zalo-user-id",
+			normalize: normalizeZaloAllowEntry,
+			sensitivity: "pii",
+			entryIdPrefix: "zalo-entry"
+		},
+		cfg: config,
+		readStoreAllowFrom: async () => await pairing.readAllowFromStore(),
+		subject: { stableId: senderId },
+		conversation: {
+			kind: isGroup ? "group" : "direct",
+			id: chatId
+		},
+		providerMissingFallbackApplied,
+		dmPolicy,
+		groupPolicy,
+		policy: { groupAllowFromFallbackToAllowFrom: true },
+		allowFrom: normalizeStringEntries(account.config.allowFrom),
+		groupAllowFrom: normalizeStringEntries(account.config.groupAllowFrom),
+		command: shouldComputeAuth ? {} : void 0
+	});
+	const senderAccess = access.senderAccess;
+	if (isGroup) {
 		warnMissingProviderGroupPolicyFallbackOnce({
-			providerMissingFallbackApplied: groupAccess.providerMissingFallbackApplied,
+			providerMissingFallbackApplied: senderAccess.providerMissingFallbackApplied,
 			providerKey: "zalo",
 			accountId: account.accountId,
 			log: (message) => logVerbose(core, runtime, message)
 		});
-		if (!groupAccess.allowed) {
-			if (groupAccess.reason === "disabled") logVerbose(core, runtime, `zalo: drop group ${chatId} (groupPolicy=disabled)`);
-			else if (groupAccess.reason === "empty_allowlist") logVerbose(core, runtime, `zalo: drop group ${chatId} (groupPolicy=allowlist, no groupAllowFrom)`);
-			else if (groupAccess.reason === "sender_not_allowlisted") logVerbose(core, runtime, `zalo: drop group sender ${senderId} (groupPolicy=allowlist)`);
+		if (!senderAccess.allowed) {
+			if (senderAccess.reasonCode === "group_policy_disabled") logVerbose(core, runtime, `zalo: drop group ${chatId} (groupPolicy=disabled)`);
+			else if (senderAccess.reasonCode === "group_policy_empty_allowlist") logVerbose(core, runtime, `zalo: drop group ${chatId} (groupPolicy=allowlist, no groupAllowFrom)`);
+			else if (senderAccess.reasonCode === "group_policy_not_allowlisted") logVerbose(core, runtime, `zalo: drop group sender ${senderId} (groupPolicy=allowlist)`);
 			return;
 		}
 	}
-	const rawBody = text?.trim() || (mediaPath ? "<media:image>" : "");
-	const { senderAllowedForCommands, commandAuthorized } = await resolveSenderCommandAuthorizationWithRuntime({
-		cfg: config,
-		rawBody,
-		isGroup,
-		dmPolicy,
-		configuredAllowFrom: configAllowFrom,
-		configuredGroupAllowFrom: groupAllowFrom,
-		senderId,
-		isSenderAllowed: isZaloSenderAllowed,
-		channel: "zalo",
-		accountId: account.accountId,
-		readAllowFromStore: pairing.readAllowFromStore,
-		runtime: core.channel.commands
-	});
-	const directDmOutcome = resolveDirectDmAuthorizationOutcome({
-		isGroup,
-		dmPolicy,
-		senderAllowedForCommands
-	});
-	if (directDmOutcome === "disabled") {
+	if (!isGroup && senderAccess.decision === "block" && senderAccess.reasonCode === "dm_policy_disabled") {
 		logVerbose(core, runtime, `Blocked zalo DM from ${senderId} (dmPolicy=disabled)`);
 		return;
 	}
-	if (directDmOutcome === "unauthorized") {
+	if (!isGroup && senderAccess.decision !== "allow") {
 		if (dmPolicy === "pairing") await pairing.issueChallenge({
 			senderId,
 			senderIdLine: `Your Zalo user id: ${senderId}`,
@@ -470,7 +483,7 @@ async function authorizeZaloMessage(params) {
 	}
 	return {
 		chatId,
-		commandAuthorized,
+		commandAuthorized: access.commandAccess.requested ? access.commandAccess.authorized : void 0,
 		isGroup,
 		rawBody,
 		senderId,
@@ -559,12 +572,54 @@ async function processMessageWithPipeline(params) {
 		channel: "zalo",
 		accountId: account.accountId
 	});
-	const { onModelSelected, ...replyPipeline } = createChannelReplyPipeline({
+	await core.channel.turn.runAssembled({
 		cfg: config,
-		agentId: route.agentId,
 		channel: "zalo",
 		accountId: account.accountId,
-		typing: {
+		agentId: route.agentId,
+		routeSessionKey: route.sessionKey,
+		storePath,
+		ctxPayload,
+		recordInboundSession: core.channel.session.recordInboundSession,
+		dispatchReplyWithBufferedBlockDispatcher: core.channel.reply.dispatchReplyWithBufferedBlockDispatcher,
+		delivery: {
+			preparePayload: (payload) => prepareZaloDurableReplyPayload({
+				payload,
+				tableMode,
+				convertMarkdownTables: core.channel.text.convertMarkdownTables
+			}),
+			durable: (payload, info) => resolveZaloDurableReplyOptions({
+				payload,
+				infoKind: info.kind,
+				chatId
+			}),
+			deliver: async (payload) => {
+				await deliverZaloReply({
+					payload,
+					token,
+					chatId,
+					runtime,
+					core,
+					config,
+					webhookUrl: params.webhookUrl,
+					webhookPath: params.webhookPath,
+					proxyUrl: account.config.proxy,
+					mediaMaxBytes: params.mediaMaxMb * 1024 * 1024,
+					canHostMedia: params.canHostMedia,
+					accountId: account.accountId,
+					statusSink,
+					fetcher,
+					tableMode: "off"
+				});
+			},
+			onDelivered: () => {
+				statusSink?.({ lastOutboundAt: Date.now() });
+			},
+			onError: (err, info) => {
+				runtime.error?.(`[${account.accountId}] Zalo ${info.kind} reply failed: ${String(err)}`);
+			}
+		},
+		replyPipeline: { typing: {
 			start: async () => {
 				await sendChatAction(token, {
 					chat_id: chatId,
@@ -580,62 +635,10 @@ async function processMessageWithPipeline(params) {
 					error: err
 				});
 			}
-		}
-	});
-	await core.channel.turn.run({
-		channel: "zalo",
-		accountId: account.accountId,
-		raw: message,
-		adapter: {
-			ingest: () => ({
-				id: message_id,
-				timestamp: date ? date * 1e3 : void 0,
-				rawText: rawBody,
-				textForAgent: rawBody,
-				textForCommands: rawBody,
-				raw: message
-			}),
-			resolveTurn: () => ({
-				cfg: config,
-				channel: "zalo",
-				accountId: account.accountId,
-				agentId: route.agentId,
-				routeSessionKey: route.sessionKey,
-				storePath,
-				ctxPayload,
-				recordInboundSession: core.channel.session.recordInboundSession,
-				dispatchReplyWithBufferedBlockDispatcher: core.channel.reply.dispatchReplyWithBufferedBlockDispatcher,
-				delivery: {
-					deliver: async (payload) => {
-						await deliverZaloReply({
-							payload,
-							token,
-							chatId,
-							runtime,
-							core,
-							config,
-							webhookUrl: params.webhookUrl,
-							webhookPath: params.webhookPath,
-							proxyUrl: account.config.proxy,
-							mediaMaxBytes: params.mediaMaxMb * 1024 * 1024,
-							canHostMedia: params.canHostMedia,
-							accountId: account.accountId,
-							statusSink,
-							fetcher,
-							tableMode
-						});
-					},
-					onError: (err, info) => {
-						runtime.error?.(`[${account.accountId}] Zalo ${info.kind} reply failed: ${String(err)}`);
-					}
-				},
-				dispatcherOptions: replyPipeline,
-				replyOptions: { onModelSelected },
-				record: { onRecordError: (err) => {
-					runtime.error?.(`zalo: failed updating session meta: ${String(err)}`);
-				} }
-			})
-		}
+		} },
+		record: { onRecordError: (err) => {
+			runtime.error?.(`zalo: failed updating session meta: ${String(err)}`);
+		} }
 	});
 }
 async function deliverZaloReply(params) {

package/dist/{monitor.webhook-DqnuvgjV.js → monitor.webhook-DDHdDX2R.js}

@@ -1,6 +1,6 @@
-import { $ as withResolvedWebhookRequestPipeline, B as resolveClientIp, F as readJsonWebhookBodyOrReject, R as registerWebhookTarget, i as WEBHOOK_RATE_LIMIT_DEFAULTS, q as resolveWebhookTargetWithAuthOrRejectSync, r as WEBHOOK_ANOMALY_COUNTER_DEFAULTS, s as applyBasicWebhookRequestGuards, v as createFixedWindowRateLimiter, y as createWebhookAnomalyTracker, z as registerWebhookTargetWithPluginRoute } from "./runtime-api-MOTmRW4F.js";
-import { createClaimableDedupe } from "openclaw/plugin-sdk/persistent-dedupe";
+import { L as registerWebhookTarget, P as readJsonWebhookBodyOrReject, R as registerWebhookTargetWithPluginRoute, W as resolveWebhookTargetWithAuthOrRejectSync, X as withResolvedWebhookRequestPipeline, i as WEBHOOK_RATE_LIMIT_DEFAULTS, r as WEBHOOK_ANOMALY_COUNTER_DEFAULTS, s as applyBasicWebhookRequestGuards, v as createFixedWindowRateLimiter, y as createWebhookAnomalyTracker, z as resolveClientIp } from "./runtime-api-df534_Ih.js";
 import { safeEqualSecret } from "openclaw/plugin-sdk/security-runtime";
+import { createClaimableDedupe } from "openclaw/plugin-sdk/persistent-dedupe";
 //#region extensions/zalo/src/monitor.webhook.ts
 const ZALO_WEBHOOK_REPLAY_WINDOW_MS = 5 * 6e4;
 const webhookTargets = /* @__PURE__ */ new Map();

package/dist/{proxy-CY8VuC6H.js → proxy-D5AGEsI0.js}

@@ -1,5 +1,5 @@
 import { resolvePinnedHostnameWithPolicy } from "openclaw/plugin-sdk/ssrf-runtime";
-import { ProxyAgent, fetch as fetch$1 } from "undici";
+import { makeProxyFetch } from "openclaw/plugin-sdk/fetch-runtime";
 //#region extensions/zalo/src/api.ts
 /**
 * Zalo Bot API client
@@ -123,11 +123,7 @@ function resolveZaloProxyFetch(proxyUrl) {
 	if (!trimmed) return;
 	const cached = proxyCache.get(trimmed);
 	if (cached) return cached;
-	const agent = new ProxyAgent(trimmed);
-	const fetcher = (input, init) => fetch$1(input, {
-		...init,
-		dispatcher: agent
-	});
+	const fetcher = makeProxyFetch(trimmed);
 	proxyCache.set(trimmed, fetcher);
 	return fetcher;
 }

package/dist/{runtime-api-MOTmRW4F.js → runtime-api-df534_Ih.js}

@@ -1,5 +1,6 @@
 import "./runtime-BRFxnYQx.js";
-import { formatAllowFromLowercase as formatAllowFromLowercase$1, isNormalizedSenderAllowed as isNormalizedSenderAllowed$1 } from "openclaw/plugin-sdk/allow-from";
+import { formatAllowFromLowercase as formatAllowFromLowercase$1, isNormalizedSenderAllowed } from "openclaw/plugin-sdk/allow-from";
+import { createChannelMessageReplyPipeline } from "openclaw/plugin-sdk/channel-message";
 import { PAIRING_APPROVED_MESSAGE, buildTokenChannelStatusSummary as buildTokenChannelStatusSummary$1 } from "openclaw/plugin-sdk/channel-status";
 import { deliverTextOrMediaReply as deliverTextOrMediaReply$1, isNumericTargetId as isNumericTargetId$1, sendPayloadWithChunkedTextAndMedia as sendPayloadWithChunkedTextAndMedia$1 } from "openclaw/plugin-sdk/reply-payload";
 import { buildBaseAccountStatusSnapshot } from "openclaw/plugin-sdk/status-helpers";
@@ -7,13 +8,10 @@ import { chunkTextForOutbound as chunkTextForOutbound$1 } from "openclaw/plugin-
 import { DEFAULT_ACCOUNT_ID as DEFAULT_ACCOUNT_ID$1, buildChannelConfigSchema, createDedupeCache, formatPairingApproveHint, jsonResult, normalizeAccountId as normalizeAccountId$1, readStringParam, resolveClientIp } from "openclaw/plugin-sdk/core";
 import { buildSecretInputSchema, hasConfiguredSecretInput as hasConfiguredSecretInput$1, normalizeResolvedSecretInputString, normalizeSecretInputString } from "openclaw/plugin-sdk/secret-input";
 import { addWildcardAllowFrom as addWildcardAllowFrom$1, applyAccountNameToChannelSection, applySetupAccountConfigPatch, buildSingleChannelSecretPromptState as buildSingleChannelSecretPromptState$1, mergeAllowFromEntries as mergeAllowFromEntries$1, migrateBaseNameToDefaultAccount, promptSingleChannelSecretInput as promptSingleChannelSecretInput$1, runSingleChannelSecretStep as runSingleChannelSecretStep$1, setTopLevelChannelDmPolicyWithAllowFrom } from "openclaw/plugin-sdk/setup";
-import { evaluateSenderGroupAccess as evaluateSenderGroupAccess$1 } from "openclaw/plugin-sdk/group-access";
 import { resolveDefaultGroupPolicy as resolveDefaultGroupPolicy$1, resolveOpenProviderRuntimeGroupPolicy as resolveOpenProviderRuntimeGroupPolicy$1, warnMissingProviderGroupPolicyFallbackOnce as warnMissingProviderGroupPolicyFallbackOnce$1 } from "openclaw/plugin-sdk/runtime-group-policy";
 import { createChannelPairingController as createChannelPairingController$1 } from "openclaw/plugin-sdk/channel-pairing";
-import { createChannelReplyPipeline as createChannelReplyPipeline$1 } from "openclaw/plugin-sdk/channel-reply-pipeline";
 import { logTypingFailure as logTypingFailure$1 } from "openclaw/plugin-sdk/channel-feedback";
-import { resolveDirectDmAuthorizationOutcome as resolveDirectDmAuthorizationOutcome$1, resolveSenderCommandAuthorizationWithRuntime as resolveSenderCommandAuthorizationWithRuntime$1 } from "openclaw/plugin-sdk/command-auth";
 import { resolveInboundRouteEnvelopeBuilderWithRuntime as resolveInboundRouteEnvelopeBuilderWithRuntime$1 } from "openclaw/plugin-sdk/inbound-envelope";
 import { waitForAbortSignal } from "openclaw/plugin-sdk/runtime";
 import { WEBHOOK_ANOMALY_COUNTER_DEFAULTS, WEBHOOK_RATE_LIMIT_DEFAULTS, applyBasicWebhookRequestGuards, createFixedWindowRateLimiter, createWebhookAnomalyTracker, readJsonWebhookBodyOrReject, registerPluginHttpRoute as registerPluginHttpRoute$1, registerWebhookTarget, registerWebhookTargetWithPluginRoute, resolveWebhookPath as resolveWebhookPath$1, resolveWebhookTargetWithAuthOrRejectSync, withResolvedWebhookRequestPipeline } from "openclaw/plugin-sdk/webhook-ingress";
-export { withResolvedWebhookRequestPipeline as $, migrateBaseNameToDefaultAccount as A, resolveClientIp as B, formatPairingApproveHint as C, jsonResult as D, isNumericTargetId$1 as E, readJsonWebhookBodyOrReject as F, resolveSenderCommandAuthorizationWithRuntime$1 as G, resolveDirectDmAuthorizationOutcome$1 as H, readStringParam as I, runSingleChannelSecretStep$1 as J, resolveWebhookPath$1 as K, registerPluginHttpRoute$1 as L, normalizeResolvedSecretInputString as M, normalizeSecretInputString as N, logTypingFailure$1 as O, promptSingleChannelSecretInput$1 as P, warnMissingProviderGroupPolicyFallbackOnce$1 as Q, registerWebhookTarget as R, formatAllowFromLowercase$1 as S, isNormalizedSenderAllowed$1 as T, resolveInboundRouteEnvelopeBuilderWithRuntime$1 as U, resolveDefaultGroupPolicy$1 as V, resolveOpenProviderRuntimeGroupPolicy$1 as W, setTopLevelChannelDmPolicyWithAllowFrom as X, sendPayloadWithChunkedTextAndMedia$1 as Y, waitForAbortSignal as Z, createDedupeCache as _, addWildcardAllowFrom$1 as a, deliverTextOrMediaReply$1 as b, applySetupAccountConfigPatch as c, buildSecretInputSchema as d, buildSingleChannelSecretPromptState$1 as f, createChannelReplyPipeline$1 as g, createChannelPairingController$1 as h, WEBHOOK_RATE_LIMIT_DEFAULTS as i, normalizeAccountId$1 as j, mergeAllowFromEntries$1 as k, buildBaseAccountStatusSnapshot as l, chunkTextForOutbound$1 as m, PAIRING_APPROVED_MESSAGE as n, applyAccountNameToChannelSection as o, buildTokenChannelStatusSummary$1 as p, resolveWebhookTargetWithAuthOrRejectSync as q, WEBHOOK_ANOMALY_COUNTER_DEFAULTS as r, applyBasicWebhookRequestGuards as s, DEFAULT_ACCOUNT_ID$1 as t, buildChannelConfigSchema as u, createFixedWindowRateLimiter as v, hasConfiguredSecretInput$1 as w, evaluateSenderGroupAccess$1 as x, createWebhookAnomalyTracker as y, registerWebhookTargetWithPluginRoute as z };
+export { normalizeAccountId$1 as A, resolveDefaultGroupPolicy$1 as B, hasConfiguredSecretInput$1 as C, logTypingFailure$1 as D, jsonResult as E, readStringParam as F, runSingleChannelSecretStep$1 as G, resolveOpenProviderRuntimeGroupPolicy$1 as H, registerPluginHttpRoute$1 as I, waitForAbortSignal as J, sendPayloadWithChunkedTextAndMedia$1 as K, registerWebhookTarget as L, normalizeSecretInputString as M, promptSingleChannelSecretInput$1 as N, mergeAllowFromEntries$1 as O, readJsonWebhookBodyOrReject as P, registerWebhookTargetWithPluginRoute as R, formatPairingApproveHint as S, isNumericTargetId$1 as T, resolveWebhookPath$1 as U, resolveInboundRouteEnvelopeBuilderWithRuntime$1 as V, resolveWebhookTargetWithAuthOrRejectSync as W, withResolvedWebhookRequestPipeline as X, warnMissingProviderGroupPolicyFallbackOnce$1 as Y, createDedupeCache as _, addWildcardAllowFrom$1 as a, deliverTextOrMediaReply$1 as b, applySetupAccountConfigPatch as c, buildSecretInputSchema as d, buildSingleChannelSecretPromptState$1 as f, createChannelPairingController$1 as g, createChannelMessageReplyPipeline as h, WEBHOOK_RATE_LIMIT_DEFAULTS as i, normalizeResolvedSecretInputString as j, migrateBaseNameToDefaultAccount as k, buildBaseAccountStatusSnapshot as l, chunkTextForOutbound$1 as m, PAIRING_APPROVED_MESSAGE as n, applyAccountNameToChannelSection as o, buildTokenChannelStatusSummary$1 as p, setTopLevelChannelDmPolicyWithAllowFrom as q, WEBHOOK_ANOMALY_COUNTER_DEFAULTS as r, applyBasicWebhookRequestGuards as s, DEFAULT_ACCOUNT_ID$1 as t, buildChannelConfigSchema as u, createFixedWindowRateLimiter as v, isNormalizedSenderAllowed as w, formatAllowFromLowercase$1 as x, createWebhookAnomalyTracker as y, resolveClientIp as z };

package/dist/runtime-api.js

@@ -1,3 +1,3 @@
-import { $ as withResolvedWebhookRequestPipeline, A as migrateBaseNameToDefaultAccount, B as resolveClientIp, C as formatPairingApproveHint, D as jsonResult, E as isNumericTargetId, F as readJsonWebhookBodyOrReject, G as resolveSenderCommandAuthorizationWithRuntime, H as resolveDirectDmAuthorizationOutcome, I as readStringParam, J as runSingleChannelSecretStep, K as resolveWebhookPath, L as registerPluginHttpRoute, M as normalizeResolvedSecretInputString, N as normalizeSecretInputString, O as logTypingFailure, P as promptSingleChannelSecretInput, Q as warnMissingProviderGroupPolicyFallbackOnce, R as registerWebhookTarget, S as formatAllowFromLowercase, T as isNormalizedSenderAllowed, U as resolveInboundRouteEnvelopeBuilderWithRuntime, V as resolveDefaultGroupPolicy, W as resolveOpenProviderRuntimeGroupPolicy, X as setTopLevelChannelDmPolicyWithAllowFrom, Y as sendPayloadWithChunkedTextAndMedia, Z as waitForAbortSignal, _ as createDedupeCache, a as addWildcardAllowFrom, b as deliverTextOrMediaReply, c as applySetupAccountConfigPatch, d as buildSecretInputSchema, f as buildSingleChannelSecretPromptState, g as createChannelReplyPipeline, h as createChannelPairingController, i as WEBHOOK_RATE_LIMIT_DEFAULTS, j as normalizeAccountId, k as mergeAllowFromEntries, l as buildBaseAccountStatusSnapshot, m as chunkTextForOutbound, n as PAIRING_APPROVED_MESSAGE, o as applyAccountNameToChannelSection, p as buildTokenChannelStatusSummary, q as resolveWebhookTargetWithAuthOrRejectSync, r as WEBHOOK_ANOMALY_COUNTER_DEFAULTS, s as applyBasicWebhookRequestGuards, t as DEFAULT_ACCOUNT_ID, u as buildChannelConfigSchema, v as createFixedWindowRateLimiter, w as hasConfiguredSecretInput, x as evaluateSenderGroupAccess, y as createWebhookAnomalyTracker, z as registerWebhookTargetWithPluginRoute } from "./runtime-api-MOTmRW4F.js";
+import { A as normalizeAccountId, B as resolveDefaultGroupPolicy, C as hasConfiguredSecretInput, D as logTypingFailure, E as jsonResult, F as readStringParam, G as runSingleChannelSecretStep, H as resolveOpenProviderRuntimeGroupPolicy, I as registerPluginHttpRoute, J as waitForAbortSignal, K as sendPayloadWithChunkedTextAndMedia, L as registerWebhookTarget, M as normalizeSecretInputString, N as promptSingleChannelSecretInput, O as mergeAllowFromEntries, P as readJsonWebhookBodyOrReject, R as registerWebhookTargetWithPluginRoute, S as formatPairingApproveHint, T as isNumericTargetId, U as resolveWebhookPath, V as resolveInboundRouteEnvelopeBuilderWithRuntime, W as resolveWebhookTargetWithAuthOrRejectSync, X as withResolvedWebhookRequestPipeline, Y as warnMissingProviderGroupPolicyFallbackOnce, _ as createDedupeCache, a as addWildcardAllowFrom, b as deliverTextOrMediaReply, c as applySetupAccountConfigPatch, d as buildSecretInputSchema, f as buildSingleChannelSecretPromptState, g as createChannelPairingController, h as createChannelMessageReplyPipeline, i as WEBHOOK_RATE_LIMIT_DEFAULTS, j as normalizeResolvedSecretInputString, k as migrateBaseNameToDefaultAccount, l as buildBaseAccountStatusSnapshot, m as chunkTextForOutbound, n as PAIRING_APPROVED_MESSAGE, o as applyAccountNameToChannelSection, p as buildTokenChannelStatusSummary, q as setTopLevelChannelDmPolicyWithAllowFrom, r as WEBHOOK_ANOMALY_COUNTER_DEFAULTS, s as applyBasicWebhookRequestGuards, t as DEFAULT_ACCOUNT_ID, u as buildChannelConfigSchema, v as createFixedWindowRateLimiter, w as isNormalizedSenderAllowed, x as formatAllowFromLowercase, y as createWebhookAnomalyTracker, z as resolveClientIp } from "./runtime-api-df534_Ih.js";
 import { n as setZaloRuntime } from "./runtime-BRFxnYQx.js";
-export { DEFAULT_ACCOUNT_ID, PAIRING_APPROVED_MESSAGE, WEBHOOK_ANOMALY_COUNTER_DEFAULTS, WEBHOOK_RATE_LIMIT_DEFAULTS, addWildcardAllowFrom, applyAccountNameToChannelSection, applyBasicWebhookRequestGuards, applySetupAccountConfigPatch, buildBaseAccountStatusSnapshot, buildChannelConfigSchema, buildSecretInputSchema, buildSingleChannelSecretPromptState, buildTokenChannelStatusSummary, chunkTextForOutbound, createChannelPairingController, createChannelReplyPipeline, createDedupeCache, createFixedWindowRateLimiter, createWebhookAnomalyTracker, deliverTextOrMediaReply, evaluateSenderGroupAccess, formatAllowFromLowercase, formatPairingApproveHint, hasConfiguredSecretInput, isNormalizedSenderAllowed, isNumericTargetId, jsonResult, logTypingFailure, mergeAllowFromEntries, migrateBaseNameToDefaultAccount, normalizeAccountId, normalizeResolvedSecretInputString, normalizeSecretInputString, promptSingleChannelSecretInput, readJsonWebhookBodyOrReject, readStringParam, registerPluginHttpRoute, registerWebhookTarget, registerWebhookTargetWithPluginRoute, resolveClientIp, resolveDefaultGroupPolicy, resolveDirectDmAuthorizationOutcome, resolveInboundRouteEnvelopeBuilderWithRuntime, resolveOpenProviderRuntimeGroupPolicy, resolveSenderCommandAuthorizationWithRuntime, resolveWebhookPath, resolveWebhookTargetWithAuthOrRejectSync, runSingleChannelSecretStep, sendPayloadWithChunkedTextAndMedia, setTopLevelChannelDmPolicyWithAllowFrom, setZaloRuntime, waitForAbortSignal, warnMissingProviderGroupPolicyFallbackOnce, withResolvedWebhookRequestPipeline };
+export { DEFAULT_ACCOUNT_ID, PAIRING_APPROVED_MESSAGE, WEBHOOK_ANOMALY_COUNTER_DEFAULTS, WEBHOOK_RATE_LIMIT_DEFAULTS, addWildcardAllowFrom, applyAccountNameToChannelSection, applyBasicWebhookRequestGuards, applySetupAccountConfigPatch, buildBaseAccountStatusSnapshot, buildChannelConfigSchema, buildSecretInputSchema, buildSingleChannelSecretPromptState, buildTokenChannelStatusSummary, chunkTextForOutbound, createChannelMessageReplyPipeline, createChannelPairingController, createDedupeCache, createFixedWindowRateLimiter, createWebhookAnomalyTracker, deliverTextOrMediaReply, formatAllowFromLowercase, formatPairingApproveHint, hasConfiguredSecretInput, isNormalizedSenderAllowed, isNumericTargetId, jsonResult, logTypingFailure, mergeAllowFromEntries, migrateBaseNameToDefaultAccount, normalizeAccountId, normalizeResolvedSecretInputString, normalizeSecretInputString, promptSingleChannelSecretInput, readJsonWebhookBodyOrReject, readStringParam, registerPluginHttpRoute, registerWebhookTarget, registerWebhookTargetWithPluginRoute, resolveClientIp, resolveDefaultGroupPolicy, resolveInboundRouteEnvelopeBuilderWithRuntime, resolveOpenProviderRuntimeGroupPolicy, resolveWebhookPath, resolveWebhookTargetWithAuthOrRejectSync, runSingleChannelSecretStep, sendPayloadWithChunkedTextAndMedia, setTopLevelChannelDmPolicyWithAllowFrom, setZaloRuntime, waitForAbortSignal, warnMissingProviderGroupPolicyFallbackOnce, withResolvedWebhookRequestPipeline };

package/dist/{send-Gv3l5EGI.js → send-znUV-Z2f.js}

@@ -1,28 +1,54 @@
 import { a as resolveZaloAccount, o as resolveZaloToken } from "./accounts-9NLDDlZ8.js";
-import { c as sendMessage, l as sendPhoto, t as resolveZaloProxyFetch } from "./proxy-CY8VuC6H.js";
+import { c as sendMessage, l as sendPhoto, t as resolveZaloProxyFetch } from "./proxy-D5AGEsI0.js";
+import { createMessageReceiptFromOutboundResults } from "openclaw/plugin-sdk/channel-message";
 import { formatErrorMessage } from "openclaw/plugin-sdk/error-runtime";
 //#region extensions/zalo/src/send.ts
-function toZaloSendResult(response) {
+function createZaloSendReceipt(params) {
+	const messageId = params.messageId?.trim();
+	return createMessageReceiptFromOutboundResults({
+		results: messageId ? [{
+			channel: "zalo",
+			messageId,
+			chatId: params.chatId
+		}] : [],
+		kind: params.kind
+	});
+}
+function toZaloSendResult(response, params) {
 	if (response.ok && response.result) return {
 		ok: true,
-		messageId: response.result.message_id
+		messageId: response.result.message_id,
+		receipt: createZaloSendReceipt({
+			messageId: response.result.message_id,
+			chatId: params.chatId,
+			kind: params.kind
+		})
 	};
 	return {
 		ok: false,
-		error: "Failed to send message"
+		error: "Failed to send message",
+		receipt: createZaloSendReceipt({
+			chatId: params.chatId,
+			kind: params.kind
+		})
 	};
 }
-async function runZaloSend(failureMessage, send) {
+async function runZaloSend(failureMessage, params, send) {
 	try {
-		const result = toZaloSendResult(await send());
+		const result = toZaloSendResult(await send(), params);
 		return result.ok ? result : {
 			ok: false,
-			error: failureMessage
+			error: failureMessage,
+			receipt: result.receipt
 		};
 	} catch (err) {
 		return {
 			ok: false,
-			error: formatErrorMessage(err)
+			error: formatErrorMessage(err),
+			receipt: createZaloSendReceipt({
+				chatId: params.chatId,
+				kind: params.kind
+			})
 		};
 	}
 }
@@ -66,7 +92,11 @@ function resolveSendContextOrFailure(chatId, options) {
 	const context = resolveValidatedSendContext(chatId, options);
 	return context.ok ? { context } : { failure: {
 		ok: false,
-		error: context.error
+		error: context.error,
+		receipt: createZaloSendReceipt({
+			chatId,
+			kind: "unknown"
+		})
 	} };
 }
 async function sendMessageZalo(chatId, text, options = {}) {
@@ -78,7 +108,10 @@ async function sendMessageZalo(chatId, text, options = {}) {
 		token: context.token,
 		caption: text || options.caption
 	});
-	return await runZaloSend("Failed to send message", () => sendMessage(context.token, {
+	return await runZaloSend("Failed to send message", {
+		chatId: context.chatId,
+		kind: "text"
+	}, () => sendMessage(context.token, {
 		chat_id: context.chatId,
 		text: text.slice(0, 2e3)
 	}, context.fetcher));
@@ -89,9 +122,16 @@ async function sendPhotoZalo(chatId, photoUrl, options = {}) {
 	const { context } = resolved;
 	if (!photoUrl?.trim()) return {
 		ok: false,
-		error: "No photo URL provided"
+		error: "No photo URL provided",
+		receipt: createZaloSendReceipt({
+			chatId: context.chatId,
+			kind: "media"
+		})
 	};
-	return await runZaloSend("Failed to send photo", () => (async () => sendPhoto(context.token, {
+	return await runZaloSend("Failed to send photo", {
+		chatId: context.chatId,
+		kind: "media"
+	}, () => (async () => sendPhoto(context.token, {
 		chat_id: context.chatId,
 		photo: photoUrl.trim(),
 		caption: options.caption?.slice(0, 2e3)

package/dist/setup-api.js

@@ -1,5 +1,5 @@
 import { n as zaloDmPolicy, r as zaloSetupAdapter, t as createZaloSetupWizardProxy } from "./setup-core-DigRD3j1.js";
-import { r as resolveZaloRuntimeGroupPolicy, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
+import { n as resolveZaloRuntimeGroupPolicy } from "./group-access-B_fAqJAN.js";
 import { loadBundledEntryExportSync } from "openclaw/plugin-sdk/channel-entry-contract";
 //#region extensions/zalo/setup-api.ts
 function createLazyObjectValue(load) {
@@ -27,4 +27,4 @@ function loadSetupSurfaceModule() {
 }
 const zaloSetupWizard = createLazyObjectValue(() => loadSetupSurfaceModule().zaloSetupWizard);
 //#endregion
-export { createZaloSetupWizardProxy, evaluateZaloGroupAccess, resolveZaloRuntimeGroupPolicy, zaloDmPolicy, zaloSetupAdapter, zaloSetupWizard };
+export { createZaloSetupWizardProxy, resolveZaloRuntimeGroupPolicy, zaloDmPolicy, zaloSetupAdapter, zaloSetupWizard };

package/dist/test-api.js

@@ -1,2 +1,2 @@
-import { r as resolveZaloRuntimeGroupPolicy, t as evaluateZaloGroupAccess } from "./group-access-DZR43lOR.js";
-export { evaluateZaloGroupAccess, resolveZaloRuntimeGroupPolicy };
+import { n as resolveZaloRuntimeGroupPolicy } from "./group-access-B_fAqJAN.js";
+export { resolveZaloRuntimeGroupPolicy };

package/package.json

@@ -1,21 +1,18 @@
 {
   "name": "@openclaw/zalo",
-  "version": "2026.5.7",
+  "version": "2026.5.10-beta.1",
   "description": "OpenClaw Zalo channel plugin",
   "repository": {
     "type": "git",
     "url": "https://github.com/openclaw/openclaw"
   },
   "type": "module",
-  "dependencies": {
-    "undici": "8.2.0"
-  },
   "devDependencies": {
     "@openclaw/plugin-sdk": "workspace:*",
     "openclaw": "workspace:*"
   },
   "peerDependencies": {
-    "openclaw": ">=2026.5.7"
+    "openclaw": ">=2026.5.10-beta.1"
   },
   "peerDependenciesMeta": {
     "openclaw": {
@@ -46,10 +43,10 @@
       "minHostVersion": ">=2026.4.10"
     },
     "compat": {
-      "pluginApi": ">=2026.5.7"
+      "pluginApi": ">=2026.5.10-beta.1"
     },
     "build": {
-      "openclawVersion": "2026.5.7"
+      "openclawVersion": "2026.5.10-beta.1"
     },
     "release": {
       "publishToClawHub": true,

package/dist/group-access-DZR43lOR.js

@@ -1,30 +0,0 @@
-import { isNormalizedSenderAllowed } from "openclaw/plugin-sdk/allow-from";
-import { evaluateSenderGroupAccess, resolveOpenProviderRuntimeGroupPolicy } from "openclaw/plugin-sdk/group-access";
-//#region extensions/zalo/src/group-access.ts
-const ZALO_ALLOW_FROM_PREFIX_RE = /^(zalo|zl):/i;
-function isZaloSenderAllowed(senderId, allowFrom) {
-	return isNormalizedSenderAllowed({
-		senderId,
-		allowFrom,
-		stripPrefixRe: ZALO_ALLOW_FROM_PREFIX_RE
-	});
-}
-function resolveZaloRuntimeGroupPolicy(params) {
-	return resolveOpenProviderRuntimeGroupPolicy({
-		providerConfigPresent: params.providerConfigPresent,
-		groupPolicy: params.groupPolicy,
-		defaultGroupPolicy: params.defaultGroupPolicy
-	});
-}
-function evaluateZaloGroupAccess(params) {
-	return evaluateSenderGroupAccess({
-		providerConfigPresent: params.providerConfigPresent,
-		configuredGroupPolicy: params.configuredGroupPolicy,
-		defaultGroupPolicy: params.defaultGroupPolicy,
-		groupAllowFrom: params.groupAllowFrom,
-		senderId: params.senderId,
-		isSenderAllowed: isZaloSenderAllowed
-	});
-}
-//#endregion
-export { isZaloSenderAllowed as n, resolveZaloRuntimeGroupPolicy as r, evaluateZaloGroupAccess as t };