@openclaw/zalouser 2026.3.7 → 2026.3.10

package/src/monitor.ts

@@ -1,3 +1,13 @@
+import {
+  DM_GROUP_ACCESS_REASON,
+  DEFAULT_GROUP_HISTORY_LIMIT,
+  type HistoryEntry,
+  KeyedAsyncQueue,
+  buildPendingHistoryContextFromMap,
+  clearHistoryEntriesIfEnabled,
+  recordPendingHistoryEntryIfEnabled,
+  resolveDmGroupAccessWithLists,
+} from "openclaw/plugin-sdk/compat";
 import type {
   MarkdownTableMode,
   OpenClawConfig,
@@ -73,8 +83,111 @@ function buildNameIndex<T>(items: T[], nameFn: (item: T) => string | undefined):
   return index;
 }
 
+function resolveUserAllowlistEntries(
+  entries: string[],
+  byName: Map<string, Array<{ userId: string }>>,
+): {
+  additions: string[];
+  mapping: string[];
+  unresolved: string[];
+} {
+  const additions: string[] = [];
+  const mapping: string[] = [];
+  const unresolved: string[] = [];
+  for (const entry of entries) {
+    if (/^\d+$/.test(entry)) {
+      additions.push(entry);
+      continue;
+    }
+    const matches = byName.get(entry.toLowerCase()) ?? [];
+    const match = matches[0];
+    const id = match?.userId ? String(match.userId) : undefined;
+    if (id) {
+      additions.push(id);
+      mapping.push(`${entry}->${id}`);
+    } else {
+      unresolved.push(entry);
+    }
+  }
+  return { additions, mapping, unresolved };
+}
+
 type ZalouserCoreRuntime = ReturnType<typeof getZalouserRuntime>;
 
+type ZalouserGroupHistoryState = {
+  historyLimit: number;
+  groupHistories: Map<string, HistoryEntry[]>;
+};
+
+function resolveInboundQueueKey(message: ZaloInboundMessage): string {
+  const threadId = message.threadId?.trim() || "unknown";
+  if (message.isGroup) {
+    return `group:${threadId}`;
+  }
+  const senderId = message.senderId?.trim();
+  return `direct:${senderId || threadId}`;
+}
+
+function createDeferred<T>() {
+  let resolve!: (value: T | PromiseLike<T>) => void;
+  let reject!: (reason?: unknown) => void;
+  const promise = new Promise<T>((res, rej) => {
+    resolve = res;
+    reject = rej;
+  });
+  return { promise, resolve, reject };
+}
+
+function resolveZalouserDmSessionScope(config: OpenClawConfig) {
+  const configured = config.session?.dmScope;
+  return configured === "main" || !configured ? "per-channel-peer" : configured;
+}
+
+function resolveZalouserInboundSessionKey(params: {
+  core: ZalouserCoreRuntime;
+  config: OpenClawConfig;
+  route: { agentId: string; accountId: string; sessionKey: string };
+  storePath: string;
+  isGroup: boolean;
+  senderId: string;
+}): string {
+  if (params.isGroup) {
+    return params.route.sessionKey;
+  }
+
+  const directSessionKey = params.core.channel.routing
+    .buildAgentSessionKey({
+      agentId: params.route.agentId,
+      channel: "zalouser",
+      accountId: params.route.accountId,
+      peer: { kind: "direct", id: params.senderId },
+      dmScope: resolveZalouserDmSessionScope(params.config),
+      identityLinks: params.config.session?.identityLinks,
+    })
+    .toLowerCase();
+  const legacySessionKey = params.core.channel.routing
+    .buildAgentSessionKey({
+      agentId: params.route.agentId,
+      channel: "zalouser",
+      accountId: params.route.accountId,
+      peer: { kind: "group", id: params.senderId },
+    })
+    .toLowerCase();
+  const hasDirectSession =
+    params.core.channel.session.readSessionUpdatedAt({
+      storePath: params.storePath,
+      sessionKey: directSessionKey,
+    }) !== undefined;
+  const hasLegacySession =
+    params.core.channel.session.readSessionUpdatedAt({
+      storePath: params.storePath,
+      sessionKey: legacySessionKey,
+    }) !== undefined;
+
+  // Keep existing DM history on upgrade, but use canonical direct keys for new sessions.
+  return hasLegacySession && !hasDirectSession ? legacySessionKey : directSessionKey;
+}
+
 function logVerbose(core: ZalouserCoreRuntime, runtime: RuntimeEnv, message: string): void {
   if (core.logging.shouldLogVerbose()) {
     runtime.log(`[zalouser] ${message}`);
@@ -139,6 +252,7 @@ async function processMessage(
   config: OpenClawConfig,
   core: ZalouserCoreRuntime,
   runtime: RuntimeEnv,
+  historyState: ZalouserGroupHistoryState,
   statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void,
 ): Promise<void> {
   const pairing = createScopedPairingAccess({
@@ -151,6 +265,7 @@ async function processMessage(
   if (!rawBody) {
     return;
   }
+  const commandBody = message.commandContent?.trim() || rawBody;
 
   const isGroup = message.isGroup;
   const chatId = message.threadId;
@@ -237,65 +352,90 @@ async function processMessage(
 
   const dmPolicy = account.config.dmPolicy ?? "pairing";
   const configAllowFrom = (account.config.allowFrom ?? []).map((v) => String(v));
-  const { senderAllowedForCommands, commandAuthorized } = await resolveSenderCommandAuthorization({
-    cfg: config,
-    rawBody,
+  const configGroupAllowFrom = (account.config.groupAllowFrom ?? []).map((v) => String(v));
+  const shouldComputeCommandAuth = core.channel.commands.shouldComputeCommandAuthorized(
+    commandBody,
+    config,
+  );
+  const storeAllowFrom =
+    !isGroup && dmPolicy !== "allowlist" && (dmPolicy !== "open" || shouldComputeCommandAuth)
+      ? await pairing.readAllowFromStore().catch(() => [])
+      : [];
+  const accessDecision = resolveDmGroupAccessWithLists({
     isGroup,
     dmPolicy,
-    configuredAllowFrom: configAllowFrom,
-    senderId,
-    isSenderAllowed,
-    readAllowFromStore: pairing.readAllowFromStore,
-    shouldComputeCommandAuthorized: (body, cfg) =>
-      core.channel.commands.shouldComputeCommandAuthorized(body, cfg),
-    resolveCommandAuthorizedFromAuthorizers: (params) =>
-      core.channel.commands.resolveCommandAuthorizedFromAuthorizers(params),
+    groupPolicy,
+    allowFrom: configAllowFrom,
+    groupAllowFrom: configGroupAllowFrom,
+    storeAllowFrom,
+    isSenderAllowed: (allowFrom) => isSenderAllowed(senderId, allowFrom),
   });
-
-  if (!isGroup) {
-    if (dmPolicy === "disabled") {
-      logVerbose(core, runtime, `Blocked zalouser DM from ${senderId} (dmPolicy=disabled)`);
-      return;
+  if (isGroup && accessDecision.decision !== "allow") {
+    if (accessDecision.reasonCode === DM_GROUP_ACCESS_REASON.GROUP_POLICY_EMPTY_ALLOWLIST) {
+      logVerbose(core, runtime, "Blocked zalouser group message (no group allowlist)");
+    } else if (accessDecision.reasonCode === DM_GROUP_ACCESS_REASON.GROUP_POLICY_NOT_ALLOWLISTED) {
+      logVerbose(
+        core,
+        runtime,
+        `Blocked zalouser sender ${senderId} (not in groupAllowFrom/allowFrom)`,
+      );
     }
+    return;
+  }
 
-    if (dmPolicy !== "open") {
-      const allowed = senderAllowedForCommands;
-      if (!allowed) {
-        if (dmPolicy === "pairing") {
-          await issuePairingChallenge({
-            channel: "zalouser",
-            senderId,
-            senderIdLine: `Your Zalo user id: ${senderId}`,
-            meta: { name: senderName || undefined },
-            upsertPairingRequest: pairing.upsertPairingRequest,
-            onCreated: () => {
-              logVerbose(core, runtime, `zalouser pairing request sender=${senderId}`);
-            },
-            sendPairingReply: async (text) => {
-              await sendMessageZalouser(chatId, text, { profile: account.profile });
-              statusSink?.({ lastOutboundAt: Date.now() });
-            },
-            onReplyError: (err) => {
-              logVerbose(
-                core,
-                runtime,
-                `zalouser pairing reply failed for ${senderId}: ${String(err)}`,
-              );
-            },
-          });
-        } else {
+  if (!isGroup && accessDecision.decision !== "allow") {
+    if (accessDecision.decision === "pairing") {
+      await issuePairingChallenge({
+        channel: "zalouser",
+        senderId,
+        senderIdLine: `Your Zalo user id: ${senderId}`,
+        meta: { name: senderName || undefined },
+        upsertPairingRequest: pairing.upsertPairingRequest,
+        onCreated: () => {
+          logVerbose(core, runtime, `zalouser pairing request sender=${senderId}`);
+        },
+        sendPairingReply: async (text) => {
+          await sendMessageZalouser(chatId, text, { profile: account.profile });
+          statusSink?.({ lastOutboundAt: Date.now() });
+        },
+        onReplyError: (err) => {
           logVerbose(
             core,
             runtime,
-            `Blocked unauthorized zalouser sender ${senderId} (dmPolicy=${dmPolicy})`,
+            `zalouser pairing reply failed for ${senderId}: ${String(err)}`,
           );
-        }
-        return;
-      }
+        },
+      });
+      return;
+    }
+    if (accessDecision.reasonCode === DM_GROUP_ACCESS_REASON.DM_POLICY_DISABLED) {
+      logVerbose(core, runtime, `Blocked zalouser DM from ${senderId} (dmPolicy=disabled)`);
+    } else {
+      logVerbose(
+        core,
+        runtime,
+        `Blocked unauthorized zalouser sender ${senderId} (dmPolicy=${dmPolicy})`,
+      );
     }
+    return;
   }
 
-  const hasControlCommand = core.channel.commands.isControlCommandMessage(rawBody, config);
+  const { commandAuthorized } = await resolveSenderCommandAuthorization({
+    cfg: config,
+    rawBody: commandBody,
+    isGroup,
+    dmPolicy,
+    configuredAllowFrom: configAllowFrom,
+    configuredGroupAllowFrom: configGroupAllowFrom,
+    senderId,
+    isSenderAllowed,
+    readAllowFromStore: async () => storeAllowFrom,
+    shouldComputeCommandAuthorized: (body, cfg) =>
+      core.channel.commands.shouldComputeCommandAuthorized(body, cfg),
+    resolveCommandAuthorizedFromAuthorizers: (params) =>
+      core.channel.commands.resolveCommandAuthorizedFromAuthorizers(params),
+  });
+  const hasControlCommand = core.channel.commands.isControlCommandMessage(commandBody, config);
   if (isGroup && hasControlCommand && commandAuthorized !== true) {
     logVerbose(
       core,
@@ -307,18 +447,19 @@ async function processMessage(
 
   const peer = isGroup
     ? { kind: "group" as const, id: chatId }
-    : { kind: "group" as const, id: senderId };
+    : { kind: "direct" as const, id: senderId };
 
   const route = core.channel.routing.resolveAgentRoute({
     cfg: config,
     channel: "zalouser",
     accountId: account.accountId,
     peer: {
-      // Use "group" kind to avoid dmScope=main collapsing all DMs into the main session.
+      // Keep DM peer kind as "direct" so session keys follow dmScope and UI labels stay DM-shaped.
       kind: peer.kind,
       id: peer.id,
     },
   });
+  const historyKey = isGroup ? route.sessionKey : undefined;
 
   const requireMention = isGroup
     ? resolveGroupRequireMention({
@@ -340,10 +481,11 @@ async function processMessage(
         explicit: explicitMention,
       })
     : true;
+  const canDetectMention = mentionRegexes.length > 0 || explicitMention.canResolveExplicit;
   const mentionGate = resolveMentionGatingWithBypass({
     isGroup,
     requireMention,
-    canDetectMention: mentionRegexes.length > 0 || explicitMention.canResolveExplicit,
+    canDetectMention,
     wasMentioned,
     implicitMention: message.implicitMention === true,
     hasAnyMention: explicitMention.hasAnyMention,
@@ -354,7 +496,32 @@ async function processMessage(
     hasControlCommand,
     commandAuthorized: commandAuthorized === true,
   });
+  if (isGroup && requireMention && !canDetectMention && !mentionGate.effectiveWasMentioned) {
+    runtime.error?.(
+      `[${account.accountId}] zalouser mention required but detection unavailable ` +
+        `(missing mention regexes and bot self id); dropping group ${chatId}`,
+    );
+    return;
+  }
   if (isGroup && mentionGate.shouldSkip) {
+    recordPendingHistoryEntryIfEnabled({
+      historyMap: historyState.groupHistories,
+      historyKey: historyKey ?? "",
+      limit: historyState.historyLimit,
+      entry:
+        historyKey && rawBody
+          ? {
+              sender: senderName || senderId,
+              body: rawBody,
+              timestamp: message.timestampMs,
+              messageId: resolveZalouserMessageSid({
+                msgId: message.msgId,
+                cliMsgId: message.cliMsgId,
+                fallback: `${message.timestampMs}`,
+              }),
+            }
+          : null,
+    });
     logVerbose(core, runtime, `zalouser: skip group ${chatId} (mention required, not mentioned)`);
     return;
   }
@@ -363,10 +530,18 @@ async function processMessage(
   const storePath = core.channel.session.resolveStorePath(config.session?.store, {
     agentId: route.agentId,
   });
+  const inboundSessionKey = resolveZalouserInboundSessionKey({
+    core,
+    config,
+    route,
+    storePath,
+    isGroup,
+    senderId,
+  });
   const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(config);
   const previousTimestamp = core.channel.session.readSessionUpdatedAt({
     storePath,
-    sessionKey: route.sessionKey,
+    sessionKey: inboundSessionKey,
   });
   const body = core.channel.reply.formatAgentEnvelope({
     channel: "Zalo Personal",
@@ -376,15 +551,46 @@ async function processMessage(
     envelope: envelopeOptions,
     body: rawBody,
   });
+  const combinedBody =
+    isGroup && historyKey
+      ? buildPendingHistoryContextFromMap({
+          historyMap: historyState.groupHistories,
+          historyKey,
+          limit: historyState.historyLimit,
+          currentMessage: body,
+          formatEntry: (entry) =>
+            core.channel.reply.formatAgentEnvelope({
+              channel: "Zalo Personal",
+              from: fromLabel,
+              timestamp: entry.timestamp,
+              envelope: envelopeOptions,
+              body: `${entry.sender}: ${entry.body}${
+                entry.messageId ? ` [id:${entry.messageId}]` : ""
+              }`,
+            }),
+        })
+      : body;
+  const inboundHistory =
+    isGroup && historyKey && historyState.historyLimit > 0
+      ? (historyState.groupHistories.get(historyKey) ?? []).map((entry) => ({
+          sender: entry.sender,
+          body: entry.body,
+          timestamp: entry.timestamp,
+        }))
+      : undefined;
+
+  const normalizedTo = isGroup ? `zalouser:group:${chatId}` : `zalouser:${chatId}`;
 
   const ctxPayload = core.channel.reply.finalizeInboundContext({
-    Body: body,
+    Body: combinedBody,
     BodyForAgent: rawBody,
+    InboundHistory: inboundHistory,
     RawBody: rawBody,
-    CommandBody: rawBody,
+    CommandBody: commandBody,
+    BodyForCommands: commandBody,
     From: isGroup ? `zalouser:group:${chatId}` : `zalouser:${senderId}`,
-    To: `zalouser:${chatId}`,
-    SessionKey: route.sessionKey,
+    To: normalizedTo,
+    SessionKey: inboundSessionKey,
     AccountId: route.accountId,
     ChatType: isGroup ? "group" : "direct",
     ConversationLabel: fromLabel,
@@ -407,7 +613,7 @@ async function processMessage(
       cliMsgId: message.cliMsgId,
     }),
     OriginatingChannel: "zalouser",
-    OriginatingTo: `zalouser:${chatId}`,
+    OriginatingTo: normalizedTo,
   });
 
   await core.channel.session.recordInboundSession({
@@ -433,6 +639,9 @@ async function processMessage(
       });
     },
     onStartError: (err) => {
+      runtime.error?.(
+        `[${account.accountId}] zalouser typing start failed for ${chatId}: ${String(err)}`,
+      );
       logVerbose(core, runtime, `zalouser typing failed for ${chatId}: ${String(err)}`);
     },
   });
@@ -469,6 +678,13 @@ async function processMessage(
       onModelSelected,
     },
   });
+  if (isGroup && historyKey) {
+    clearHistoryEntriesIfEnabled({
+      historyMap: historyState.groupHistories,
+      historyKey,
+      limit: historyState.historyLimit,
+    });
+  }
 }
 
 async function deliverZalouserReply(params: {
@@ -534,43 +750,60 @@ export async function monitorZalouserProvider(
   const { abortSignal, statusSink, runtime } = options;
 
   const core = getZalouserRuntime();
+  const inboundQueue = new KeyedAsyncQueue();
+  const historyLimit = Math.max(
+    0,
+    account.config.historyLimit ??
+      config.messages?.groupChat?.historyLimit ??
+      DEFAULT_GROUP_HISTORY_LIMIT,
+  );
+  const groupHistories = new Map<string, HistoryEntry[]>();
 
   try {
     const profile = account.profile;
     const allowFromEntries = (account.config.allowFrom ?? [])
       .map((entry) => normalizeZalouserEntry(String(entry)))
       .filter((entry) => entry && entry !== "*");
+    const groupAllowFromEntries = (account.config.groupAllowFrom ?? [])
+      .map((entry) => normalizeZalouserEntry(String(entry)))
+      .filter((entry) => entry && entry !== "*");
 
-    if (allowFromEntries.length > 0) {
+    if (allowFromEntries.length > 0 || groupAllowFromEntries.length > 0) {
       const friends = await listZaloFriends(profile);
       const byName = buildNameIndex(friends, (friend) => friend.displayName);
-      const additions: string[] = [];
-      const mapping: string[] = [];
-      const unresolved: string[] = [];
-      for (const entry of allowFromEntries) {
-        if (/^\d+$/.test(entry)) {
-          additions.push(entry);
-          continue;
-        }
-        const matches = byName.get(entry.toLowerCase()) ?? [];
-        const match = matches[0];
-        const id = match?.userId ? String(match.userId) : undefined;
-        if (id) {
-          additions.push(id);
-          mapping.push(`${entry}→${id}`);
-        } else {
-          unresolved.push(entry);
-        }
+      if (allowFromEntries.length > 0) {
+        const { additions, mapping, unresolved } = resolveUserAllowlistEntries(
+          allowFromEntries,
+          byName,
+        );
+        const allowFrom = mergeAllowlist({ existing: account.config.allowFrom, additions });
+        account = {
+          ...account,
+          config: {
+            ...account.config,
+            allowFrom,
+          },
+        };
+        summarizeMapping("zalouser users", mapping, unresolved, runtime);
+      }
+      if (groupAllowFromEntries.length > 0) {
+        const { additions, mapping, unresolved } = resolveUserAllowlistEntries(
+          groupAllowFromEntries,
+          byName,
+        );
+        const groupAllowFrom = mergeAllowlist({
+          existing: account.config.groupAllowFrom,
+          additions,
+        });
+        account = {
+          ...account,
+          config: {
+            ...account.config,
+            groupAllowFrom,
+          },
+        };
+        summarizeMapping("zalouser group users", mapping, unresolved, runtime);
       }
-      const allowFrom = mergeAllowlist({ existing: account.config.allowFrom, additions });
-      account = {
-        ...account,
-        config: {
-          ...account.config,
-          allowFrom,
-        },
-      };
-      summarizeMapping("zalouser users", mapping, unresolved, runtime);
     }
 
     const groupsConfig = account.config.groups ?? {};
@@ -627,40 +860,92 @@ export async function monitorZalouserProvider(
     listenerStop = null;
   };
 
-  const listener = await startZaloListener({
-    accountId: account.accountId,
-    profile: account.profile,
-    abortSignal,
-    onMessage: (msg) => {
-      if (stopped) {
-        return;
-      }
-      logVerbose(core, runtime, `[${account.accountId}] inbound message`);
-      statusSink?.({ lastInboundAt: Date.now() });
-      processMessage(msg, account, config, core, runtime, statusSink).catch((err) => {
-        runtime.error(`[${account.accountId}] Failed to process message: ${String(err)}`);
-      });
-    },
-    onError: (err) => {
-      if (stopped || abortSignal.aborted) {
-        return;
-      }
-      runtime.error(`[${account.accountId}] Zalo listener error: ${String(err)}`);
-    },
-  });
+  let settled = false;
+  const { promise: waitForExit, resolve: resolveRun, reject: rejectRun } = createDeferred<void>();
 
-  listenerStop = listener.stop;
+  const settleSuccess = () => {
+    if (settled) {
+      return;
+    }
+    settled = true;
+    stop();
+    resolveRun();
+  };
 
-  await new Promise<void>((resolve) => {
-    abortSignal.addEventListener(
-      "abort",
-      () => {
-        stop();
-        resolve();
+  const settleFailure = (error: unknown) => {
+    if (settled) {
+      return;
+    }
+    settled = true;
+    stop();
+    rejectRun(error instanceof Error ? error : new Error(String(error)));
+  };
+
+  const onAbort = () => {
+    settleSuccess();
+  };
+  abortSignal.addEventListener("abort", onAbort, { once: true });
+
+  let listener: Awaited<ReturnType<typeof startZaloListener>>;
+  try {
+    listener = await startZaloListener({
+      accountId: account.accountId,
+      profile: account.profile,
+      abortSignal,
+      onMessage: (msg) => {
+        if (stopped) {
+          return;
+        }
+        logVerbose(core, runtime, `[${account.accountId}] inbound message`);
+        statusSink?.({ lastInboundAt: Date.now() });
+        const queueKey = resolveInboundQueueKey(msg);
+        void inboundQueue
+          .enqueue(queueKey, async () => {
+            if (stopped || abortSignal.aborted) {
+              return;
+            }
+            await processMessage(
+              msg,
+              account,
+              config,
+              core,
+              runtime,
+              { historyLimit, groupHistories },
+              statusSink,
+            );
+          })
+          .catch((err) => {
+            runtime.error(`[${account.accountId}] Failed to process message: ${String(err)}`);
+          });
       },
-      { once: true },
-    );
-  });
+      onError: (err) => {
+        if (stopped || abortSignal.aborted) {
+          return;
+        }
+        runtime.error(`[${account.accountId}] Zalo listener error: ${String(err)}`);
+        settleFailure(err);
+      },
+    });
+  } catch (error) {
+    abortSignal.removeEventListener("abort", onAbort);
+    throw error;
+  }
+
+  listenerStop = listener.stop;
+  if (stopped) {
+    listenerStop();
+    listenerStop = null;
+  }
+
+  if (abortSignal.aborted) {
+    settleSuccess();
+  }
+
+  try {
+    await waitForExit;
+  } finally {
+    abortSignal.removeEventListener("abort", onAbort);
+  }
 
   return { stop };
 }
@@ -671,14 +956,27 @@ export const __testing = {
     account: ResolvedZalouserAccount;
     config: OpenClawConfig;
     runtime: RuntimeEnv;
+    historyState?: {
+      historyLimit?: number;
+      groupHistories?: Map<string, HistoryEntry[]>;
+    };
     statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
   }) => {
+    const historyLimit = Math.max(
+      0,
+      params.historyState?.historyLimit ??
+        params.account.config.historyLimit ??
+        params.config.messages?.groupChat?.historyLimit ??
+        DEFAULT_GROUP_HISTORY_LIMIT,
+    );
+    const groupHistories = params.historyState?.groupHistories ?? new Map<string, HistoryEntry[]>();
     await processMessage(
       params.message,
       params.account,
       params.config,
       getZalouserRuntime(),
       params.runtime,
+      { historyLimit, groupHistories },
       params.statusSink,
     );
   },