@openclaw/zalouser 2026.5.2 → 2026.5.3-beta.2

package/dist/channel-ou_w_2j-.js

@@ -0,0 +1,484 @@
+import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-C00IMUgd.js";
+import { a as isNumericTargetId, i as isDangerousNameMatchingEnabled, n as DEFAULT_ACCOUNT_ID, o as normalizeAccountId, r as chunkTextForOutbound, s as sendPayloadWithChunkedTextAndMedia, t as createZalouserPluginBase } from "./shared-DSy8aIUx.js";
+import { a as resolveZalouserReactionMessageIds, o as buildZalouserGroupCandidates, s as findZalouserGroupEntry, t as getZalouserRuntime } from "./runtime-QNU7vLgI.js";
+import { n as zalouserSetupAdapter, r as writeQrDataUrlToTempFile, t as createZalouserSetupWizardProxy } from "./setup-core-CqipqY98.js";
+import { i as resolveZalouserOutboundSessionRoute, n as parseZalouserDirectoryGroupId, r as parseZalouserOutboundTarget, t as normalizeZalouserTarget } from "./session-route-C0-Xr8bt.js";
+import { createChatChannelPlugin } from "openclaw/plugin-sdk/channel-core";
+import { createAccountStatusSink } from "openclaw/plugin-sdk/channel-lifecycle";
+import { buildPassiveProbedChannelStatusSummary, coerceStatusIssueAccountId, readStatusIssueFields } from "openclaw/plugin-sdk/extension-shared";
+import { createLazyRuntimeModule } from "openclaw/plugin-sdk/lazy-runtime";
+import { createAsyncComputedAccountStatusAdapter, createDefaultChannelRuntimeState } from "openclaw/plugin-sdk/status-helpers";
+import { normalizeLowercaseStringOrEmpty } from "openclaw/plugin-sdk/text-runtime";
+import { createScopedDmSecurityResolver } from "openclaw/plugin-sdk/channel-config-helpers";
+import { createPairingPrefixStripper } from "openclaw/plugin-sdk/channel-pairing";
+import { createEmptyChannelResult, createRawChannelSendResultAdapter } from "openclaw/plugin-sdk/channel-send-result";
+import { createStaticReplyToModeResolver } from "openclaw/plugin-sdk/conversation-runtime";
+//#region extensions/zalouser/src/channel.adapters.ts
+const loadZalouserChannelRuntime$1 = createLazyRuntimeModule(() => import("./channel.runtime-C9WxiAiR.js"));
+const ZALOUSER_TEXT_CHUNK_LIMIT = 2e3;
+function resolveZalouserQrProfile(accountId) {
+	const normalized = normalizeAccountId(accountId);
+	if (!normalized || normalized === DEFAULT_ACCOUNT_ID) return process.env.ZALOUSER_PROFILE?.trim() || process.env.ZCA_PROFILE?.trim() || "default";
+	return normalized;
+}
+function resolveZalouserOutboundChunkMode(cfg, accountId) {
+	return getZalouserRuntime().channel.text.resolveChunkMode(cfg, "zalouser", accountId);
+}
+function resolveZalouserOutboundTextChunkLimit(cfg, accountId) {
+	return getZalouserRuntime().channel.text.resolveTextChunkLimit(cfg, "zalouser", accountId, { fallbackLimit: ZALOUSER_TEXT_CHUNK_LIMIT });
+}
+function resolveZalouserGroupPolicyEntry(params) {
+	const account = resolveZalouserAccountSync({
+		cfg: params.cfg,
+		accountId: params.accountId ?? void 0
+	});
+	return findZalouserGroupEntry(account.config.groups ?? {}, buildZalouserGroupCandidates({
+		groupId: params.groupId,
+		groupChannel: params.groupChannel,
+		includeWildcard: true,
+		allowNameMatching: isDangerousNameMatchingEnabled(account.config)
+	}));
+}
+function resolveZalouserGroupToolPolicy(params) {
+	return resolveZalouserGroupPolicyEntry(params)?.tools;
+}
+function resolveZalouserRequireMention(params) {
+	const entry = resolveZalouserGroupPolicyEntry(params);
+	if (typeof entry?.requireMention === "boolean") return entry.requireMention;
+	return true;
+}
+const zalouserRawSendResultAdapter = createRawChannelSendResultAdapter({
+	channel: "zalouser",
+	sendText: async ({ to, text, accountId, cfg }) => {
+		const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
+		const account = resolveZalouserAccountSync({
+			cfg,
+			accountId
+		});
+		const target = parseZalouserOutboundTarget(to);
+		return await sendMessageZalouser(target.threadId, text, {
+			profile: account.profile,
+			isGroup: target.isGroup,
+			textMode: "markdown",
+			textChunkMode: resolveZalouserOutboundChunkMode(cfg, account.accountId),
+			textChunkLimit: resolveZalouserOutboundTextChunkLimit(cfg, account.accountId)
+		});
+	},
+	sendMedia: async ({ to, text, mediaUrl, accountId, cfg, mediaLocalRoots, mediaReadFile }) => {
+		const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
+		const account = resolveZalouserAccountSync({
+			cfg,
+			accountId
+		});
+		const target = parseZalouserOutboundTarget(to);
+		return await sendMessageZalouser(target.threadId, text, {
+			profile: account.profile,
+			isGroup: target.isGroup,
+			mediaUrl,
+			mediaLocalRoots,
+			mediaReadFile,
+			textMode: "markdown",
+			textChunkMode: resolveZalouserOutboundChunkMode(cfg, account.accountId),
+			textChunkLimit: resolveZalouserOutboundTextChunkLimit(cfg, account.accountId)
+		});
+	}
+});
+const resolveZalouserDmPolicy = createScopedDmSecurityResolver({
+	channelKey: "zalouser",
+	resolvePolicy: (account) => account.config.dmPolicy,
+	resolveAllowFrom: (account) => account.config.allowFrom,
+	policyPathSuffix: "dmPolicy",
+	normalizeEntry: (raw) => raw.trim().replace(/^(zalouser|zlu):/i, "")
+});
+const zalouserGroupsAdapter = {
+	resolveRequireMention: resolveZalouserRequireMention,
+	resolveToolPolicy: resolveZalouserGroupToolPolicy
+};
+const zalouserMessageActions = {
+	describeMessageTool: ({ cfg, accountId }) => {
+		if ((accountId ? [resolveZalouserAccountSync({
+			cfg,
+			accountId
+		})].filter((account) => account.enabled) : listZalouserAccountIds(cfg).map((resolvedAccountId) => resolveZalouserAccountSync({
+			cfg,
+			accountId: resolvedAccountId
+		})).filter((account) => account.enabled)).length === 0) return null;
+		return { actions: ["react"] };
+	},
+	supportsAction: ({ action }) => action === "react",
+	handleAction: async ({ action, params, cfg, accountId, toolContext }) => {
+		if (action !== "react") throw new Error(`Zalouser action ${action} not supported`);
+		const { sendReactionZalouser } = await loadZalouserChannelRuntime$1();
+		const account = resolveZalouserAccountSync({
+			cfg,
+			accountId
+		});
+		const threadId = (typeof params.threadId === "string" ? params.threadId.trim() : "") || (typeof params.to === "string" ? params.to.trim() : "") || (typeof params.chatId === "string" ? params.chatId.trim() : "") || (toolContext?.currentChannelId?.trim() ?? "");
+		if (!threadId) throw new Error("Zalouser react requires threadId (or to/chatId).");
+		const emoji = typeof params.emoji === "string" ? params.emoji.trim() : "";
+		if (!emoji) throw new Error("Zalouser react requires emoji.");
+		const ids = resolveZalouserReactionMessageIds({
+			messageId: typeof params.messageId === "string" ? params.messageId : void 0,
+			cliMsgId: typeof params.cliMsgId === "string" ? params.cliMsgId : void 0,
+			currentMessageId: toolContext?.currentMessageId
+		});
+		if (!ids) throw new Error("Zalouser react requires messageId + cliMsgId (or a current message context id).");
+		const result = await sendReactionZalouser({
+			profile: account.profile,
+			threadId,
+			isGroup: params.isGroup === true,
+			msgId: ids.msgId,
+			cliMsgId: ids.cliMsgId,
+			emoji,
+			remove: params.remove === true
+		});
+		if (!result.ok) throw new Error(result.error || "Failed to react on Zalo message");
+		return {
+			content: [{
+				type: "text",
+				text: params.remove === true ? `Removed reaction ${emoji} from ${ids.msgId}` : `Reacted ${emoji} on ${ids.msgId}`
+			}],
+			details: {
+				messageId: ids.msgId,
+				cliMsgId: ids.cliMsgId,
+				threadId
+			}
+		};
+	}
+};
+const zalouserResolverAdapter = { resolveTargets: async ({ cfg, accountId, inputs, kind, runtime }) => {
+	const results = [];
+	for (const input of inputs) {
+		const trimmed = input.trim();
+		if (!trimmed) {
+			results.push({
+				input,
+				resolved: false,
+				note: "empty input"
+			});
+			continue;
+		}
+		if (/^\d+$/.test(trimmed)) {
+			results.push({
+				input,
+				resolved: true,
+				id: trimmed
+			});
+			continue;
+		}
+		try {
+			const runtimeModule = await loadZalouserChannelRuntime$1();
+			const account = resolveZalouserAccountSync({
+				cfg,
+				accountId: accountId ?? resolveDefaultZalouserAccountId(cfg)
+			});
+			if (kind === "user") {
+				const friends = await runtimeModule.listZaloFriendsMatching(account.profile, trimmed);
+				const best = friends[0];
+				results.push({
+					input,
+					resolved: Boolean(best?.userId),
+					id: best?.userId,
+					name: best?.displayName,
+					note: friends.length > 1 ? "multiple matches; chose first" : void 0
+				});
+			} else {
+				const groups = await runtimeModule.listZaloGroupsMatching(account.profile, trimmed);
+				const best = groups.find((group) => normalizeLowercaseStringOrEmpty(group.name) === normalizeLowercaseStringOrEmpty(trimmed)) ?? groups[0];
+				results.push({
+					input,
+					resolved: Boolean(best?.groupId),
+					id: best?.groupId,
+					name: best?.name,
+					note: groups.length > 1 ? "multiple matches; chose first" : void 0
+				});
+			}
+		} catch (err) {
+			runtime.error?.(`zalouser resolve failed: ${String(err)}`);
+			results.push({
+				input,
+				resolved: false,
+				note: "lookup failed"
+			});
+		}
+	}
+	return results;
+} };
+const zalouserAuthAdapter = { login: async ({ cfg, accountId, runtime }) => {
+	const { startZaloQrLogin, waitForZaloQrLogin } = await loadZalouserChannelRuntime$1();
+	const account = resolveZalouserAccountSync({
+		cfg,
+		accountId: accountId ?? resolveDefaultZalouserAccountId(cfg)
+	});
+	runtime.log(`Generating QR login for Zalo Personal (account: ${account.accountId}, profile: ${account.profile})...`);
+	const started = await startZaloQrLogin({
+		profile: account.profile,
+		timeoutMs: 35e3
+	});
+	if (!started.qrDataUrl) throw new Error(started.message || "Failed to start QR login");
+	const qrPath = await writeQrDataUrlToTempFile(started.qrDataUrl, account.profile);
+	if (qrPath) runtime.log(`Scan QR image: ${qrPath}`);
+	else runtime.log("QR generated but could not be written to a temp file.");
+	const waited = await waitForZaloQrLogin({
+		profile: account.profile,
+		timeoutMs: 18e4
+	});
+	if (!waited.connected) throw new Error(waited.message || "Zalouser login failed");
+	runtime.log(waited.message);
+} };
+const zalouserSecurityAdapter = {
+	resolveDmPolicy: resolveZalouserDmPolicy,
+	collectAuditFindings: async (params) => (await loadZalouserChannelRuntime$1()).collectZalouserSecurityAuditFindings(params)
+};
+const zalouserThreadingAdapter = { resolveReplyToMode: createStaticReplyToModeResolver("off") };
+const zalouserPairingTextAdapter = {
+	idLabel: "zalouserUserId",
+	message: "Your pairing request has been approved.",
+	normalizeAllowEntry: createPairingPrefixStripper(/^(zalouser|zlu):/i),
+	notify: async ({ cfg, id, message }) => {
+		const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
+		const account = resolveZalouserAccountSync({ cfg });
+		if (!await checkZcaAuthenticated(account.profile)) throw new Error("Zalouser not authenticated");
+		await sendMessageZalouser(id, message, { profile: account.profile });
+	}
+};
+const zalouserOutboundAdapter = {
+	deliveryMode: "direct",
+	chunker: chunkTextForOutbound,
+	chunkerMode: "markdown",
+	sendPayload: async (ctx) => await sendPayloadWithChunkedTextAndMedia({
+		ctx,
+		sendText: (nextCtx) => zalouserRawSendResultAdapter.sendText(nextCtx),
+		sendMedia: (nextCtx) => zalouserRawSendResultAdapter.sendMedia(nextCtx),
+		emptyResult: createEmptyChannelResult("zalouser")
+	}),
+	...zalouserRawSendResultAdapter
+};
+const zalouserMessagingAdapter = {
+	targetPrefixes: ["zalouser", "zlu"],
+	normalizeTarget: (raw) => normalizeZalouserTarget(raw),
+	resolveOutboundSessionRoute: (params) => resolveZalouserOutboundSessionRoute(params),
+	targetResolver: {
+		looksLikeId: (raw) => {
+			const normalized = normalizeZalouserTarget(raw);
+			if (!normalized) return false;
+			if (/^group:[^\s]+$/i.test(normalized) || /^user:[^\s]+$/i.test(normalized)) return true;
+			return isNumericTargetId(normalized);
+		},
+		hint: "<user:id|group:id>"
+	}
+};
+//#endregion
+//#region extensions/zalouser/src/directory.ts
+function mapUser$1(params) {
+	return {
+		kind: "user",
+		id: params.id,
+		name: params.name ?? void 0,
+		avatarUrl: params.avatarUrl ?? void 0,
+		raw: params.raw
+	};
+}
+async function listZalouserDirectoryGroupMembers(params, deps) {
+	const account = resolveZalouserAccountSync({
+		cfg: params.cfg,
+		accountId: params.accountId
+	});
+	const normalizedGroupId = parseZalouserDirectoryGroupId(params.groupId);
+	const rows = (await deps.listZaloGroupMembers(account.profile, normalizedGroupId)).map((member) => mapUser$1({
+		id: member.userId,
+		name: member.displayName,
+		avatarUrl: member.avatar ?? null,
+		raw: member
+	}));
+	return typeof params.limit === "number" && params.limit > 0 ? rows.slice(0, params.limit) : rows;
+}
+//#endregion
+//#region extensions/zalouser/src/status-issues.ts
+const ZALOUSER_STATUS_FIELDS = [
+	"accountId",
+	"enabled",
+	"configured",
+	"dmPolicy",
+	"lastError"
+];
+function collectZalouserStatusIssues(accounts) {
+	const issues = [];
+	for (const entry of accounts) {
+		const account = readStatusIssueFields(entry, ZALOUSER_STATUS_FIELDS);
+		if (!account) continue;
+		const accountId = coerceStatusIssueAccountId(account.accountId) ?? "default";
+		if (!(account.enabled !== false)) continue;
+		if (!(account.configured === true)) {
+			issues.push({
+				channel: "zalouser",
+				accountId,
+				kind: "auth",
+				message: "Not authenticated (no saved Zalo session).",
+				fix: "Run: openclaw channels login --channel zalouser"
+			});
+			continue;
+		}
+		if (account.dmPolicy === "open") issues.push({
+			channel: "zalouser",
+			accountId,
+			kind: "config",
+			message: "Zalo Personal dmPolicy is \"open\", allowing any user to message the bot without pairing.",
+			fix: "Set channels.zalouser.dmPolicy to \"pairing\" or \"allowlist\" to restrict access."
+		});
+	}
+	return issues;
+}
+//#endregion
+//#region extensions/zalouser/src/channel.ts
+const loadZalouserChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime-C9WxiAiR.js"));
+const zalouserSetupWizardProxy = createZalouserSetupWizardProxy(async () => (await import("./setup-surface-NCOuKu-l.js").then((n) => n.t)).zalouserSetupWizard);
+function mapUser(params) {
+	return {
+		kind: "user",
+		id: params.id,
+		name: params.name ?? void 0,
+		avatarUrl: params.avatarUrl ?? void 0,
+		raw: params.raw
+	};
+}
+function mapGroup(params) {
+	return {
+		kind: "group",
+		id: params.id,
+		name: params.name ?? void 0,
+		raw: params.raw
+	};
+}
+const zalouserPlugin = createChatChannelPlugin({
+	base: {
+		...createZalouserPluginBase({
+			setupWizard: zalouserSetupWizardProxy,
+			setup: zalouserSetupAdapter
+		}),
+		groups: zalouserGroupsAdapter,
+		actions: zalouserMessageActions,
+		messaging: zalouserMessagingAdapter,
+		directory: {
+			self: async ({ cfg, accountId }) => {
+				const { getZaloUserInfo } = await loadZalouserChannelRuntime();
+				const parsed = await getZaloUserInfo(resolveZalouserAccountSync({
+					cfg,
+					accountId
+				}).profile);
+				if (!parsed?.userId) return null;
+				return mapUser({
+					id: parsed.userId,
+					name: parsed.displayName ?? null,
+					avatarUrl: parsed.avatar ?? null,
+					raw: parsed
+				});
+			},
+			listPeers: async ({ cfg, accountId, query, limit }) => {
+				const { listZaloFriendsMatching } = await loadZalouserChannelRuntime();
+				const rows = (await listZaloFriendsMatching(resolveZalouserAccountSync({
+					cfg,
+					accountId
+				}).profile, query)).map((friend) => mapUser({
+					id: friend.userId,
+					name: friend.displayName ?? null,
+					avatarUrl: friend.avatar ?? null,
+					raw: friend
+				}));
+				return typeof limit === "number" && limit > 0 ? rows.slice(0, limit) : rows;
+			},
+			listGroups: async ({ cfg, accountId, query, limit }) => {
+				const { listZaloGroupsMatching } = await loadZalouserChannelRuntime();
+				const rows = (await listZaloGroupsMatching(resolveZalouserAccountSync({
+					cfg,
+					accountId
+				}).profile, query)).map((group) => mapGroup({
+					id: `group:${group.groupId}`,
+					name: group.name ?? null,
+					raw: group
+				}));
+				return typeof limit === "number" && limit > 0 ? rows.slice(0, limit) : rows;
+			},
+			listGroupMembers: async ({ cfg, accountId, groupId, limit }) => {
+				const { listZaloGroupMembers } = await loadZalouserChannelRuntime();
+				return await listZalouserDirectoryGroupMembers({
+					cfg,
+					accountId: accountId ?? void 0,
+					groupId,
+					limit: limit ?? void 0
+				}, { listZaloGroupMembers });
+			}
+		},
+		resolver: zalouserResolverAdapter,
+		auth: zalouserAuthAdapter,
+		status: createAsyncComputedAccountStatusAdapter({
+			defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID),
+			collectStatusIssues: collectZalouserStatusIssues,
+			buildChannelSummary: ({ snapshot }) => buildPassiveProbedChannelStatusSummary(snapshot),
+			probeAccount: async ({ account, timeoutMs }) => (await loadZalouserChannelRuntime()).probeZalouser(account.profile, timeoutMs),
+			resolveAccountSnapshot: async ({ account, runtime }) => {
+				const configured = await checkZcaAuthenticated(account.profile);
+				return {
+					accountId: account.accountId,
+					name: account.name,
+					enabled: account.enabled,
+					configured,
+					extra: {
+						dmPolicy: account.config.dmPolicy ?? "pairing",
+						lastError: configured ? runtime?.lastError ?? null : runtime?.lastError ?? "not authenticated"
+					}
+				};
+			}
+		}),
+		gateway: {
+			startAccount: async (ctx) => {
+				const { getZaloUserInfo } = await loadZalouserChannelRuntime();
+				const account = ctx.account;
+				let userLabel = "";
+				try {
+					const userInfo = await getZaloUserInfo(account.profile);
+					if (userInfo?.displayName) userLabel = ` (${userInfo.displayName})`;
+					ctx.setStatus({
+						accountId: account.accountId,
+						profile: userInfo
+					});
+				} catch {}
+				const statusSink = createAccountStatusSink({
+					accountId: ctx.accountId,
+					setStatus: ctx.setStatus
+				});
+				ctx.log?.info(`[${account.accountId}] starting zalouser provider${userLabel}`);
+				const { monitorZalouserProvider } = await import("./monitor-Cg7K_s_s.js");
+				return monitorZalouserProvider({
+					account,
+					config: ctx.cfg,
+					runtime: ctx.runtime,
+					abortSignal: ctx.abortSignal,
+					statusSink
+				});
+			},
+			loginWithQrStart: async (params) => {
+				const { startZaloQrLogin } = await loadZalouserChannelRuntime();
+				return await startZaloQrLogin({
+					profile: resolveZalouserQrProfile(params.accountId),
+					force: params.force,
+					timeoutMs: params.timeoutMs
+				});
+			},
+			loginWithQrWait: async (params) => {
+				const { waitForZaloQrLogin } = await loadZalouserChannelRuntime();
+				return await waitForZaloQrLogin({
+					profile: resolveZalouserQrProfile(params.accountId),
+					timeoutMs: params.timeoutMs
+				});
+			},
+			logoutAccount: async (ctx) => await (await loadZalouserChannelRuntime()).logoutZaloProfile(ctx.account.profile || resolveZalouserQrProfile(ctx.accountId))
+		}
+	},
+	security: zalouserSecurityAdapter,
+	threading: zalouserThreadingAdapter,
+	pairing: { text: zalouserPairingTextAdapter },
+	outbound: zalouserOutboundAdapter
+});
+//#endregion
+export { zalouserPlugin as t };

package/dist/channel-plugin-api.js

@@ -0,0 +1,2 @@
+import { t as zalouserPlugin } from "./channel-ou_w_2j-.js";
+export { zalouserPlugin };

package/dist/channel.runtime-C9WxiAiR.js

@@ -0,0 +1,25 @@
+import { t as collectZalouserSecurityAuditFindings } from "./security-audit-BZLhil-V.js";
+import { a as listZaloGroupMembers, b as waitForZaloQrLogin, c as logoutZaloProfile, i as listZaloFriendsMatching, n as getZaloUserInfo, s as listZaloGroupsMatching, y as startZaloQrLogin } from "./zalo-js-CHCUlY3c.js";
+import { a as sendReactionZalouser, i as sendMessageZalouser } from "./send-BsmySxe3.js";
+import { formatErrorMessage } from "openclaw/plugin-sdk/error-runtime";
+//#region extensions/zalouser/src/probe.ts
+async function probeZalouser(profile, timeoutMs) {
+	try {
+		const user = timeoutMs ? await Promise.race([getZaloUserInfo(profile), new Promise((resolve) => setTimeout(() => resolve(null), Math.max(timeoutMs, 1e3)))]) : await getZaloUserInfo(profile);
+		if (!user) return {
+			ok: false,
+			error: "Not authenticated"
+		};
+		return {
+			ok: true,
+			user
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			error: formatErrorMessage(error)
+		};
+	}
+}
+//#endregion
+export { collectZalouserSecurityAuditFindings, getZaloUserInfo, listZaloFriendsMatching, listZaloGroupMembers, listZaloGroupsMatching, logoutZaloProfile, probeZalouser, sendMessageZalouser, sendReactionZalouser, startZaloQrLogin, waitForZaloQrLogin };

package/dist/channel.setup-CiDeBFrn.js

@@ -0,0 +1,10 @@
+import { n as zalouserSetupWizard } from "./setup-surface-NCOuKu-l.js";
+import { t as createZalouserPluginBase } from "./shared-DSy8aIUx.js";
+import { n as zalouserSetupAdapter } from "./setup-core-CqipqY98.js";
+//#region extensions/zalouser/src/channel.setup.ts
+const zalouserSetupPlugin = { ...createZalouserPluginBase({
+	setupWizard: zalouserSetupWizard,
+	setup: zalouserSetupAdapter
+}) };
+//#endregion
+export { zalouserSetupPlugin as t };

package/dist/contract-api.js

@@ -0,0 +1,3 @@
+import { n as normalizeCompatibilityConfig, t as legacyConfigRules } from "./doctor-contract-DgqHp8E2.js";
+import { t as collectZalouserSecurityAuditFindings } from "./security-audit-BZLhil-V.js";
+export { collectZalouserSecurityAuditFindings, legacyConfigRules, normalizeCompatibilityConfig };

package/dist/doctor-contract-DgqHp8E2.js

@@ -0,0 +1,128 @@
+//#region extensions/zalouser/src/doctor-contract.ts
+function asObjectRecord(value) {
+	return value && typeof value === "object" && !Array.isArray(value) ? value : null;
+}
+function hasLegacyZalouserGroupAllowAlias(value) {
+	const group = asObjectRecord(value);
+	return Boolean(group && typeof group.allow === "boolean");
+}
+function hasLegacyZalouserGroupAllowAliases(value) {
+	const groups = asObjectRecord(value);
+	return Boolean(groups && Object.values(groups).some((group) => hasLegacyZalouserGroupAllowAlias(group)));
+}
+function hasLegacyZalouserAccountGroupAllowAliases(value) {
+	const accounts = asObjectRecord(value);
+	if (!accounts) return false;
+	return Object.values(accounts).some((account) => {
+		const accountRecord = asObjectRecord(account);
+		return Boolean(accountRecord && hasLegacyZalouserGroupAllowAliases(accountRecord.groups));
+	});
+}
+function normalizeZalouserGroupAllowAliases(params) {
+	let changed = false;
+	const nextGroups = { ...params.groups };
+	for (const [groupId, groupValue] of Object.entries(params.groups)) {
+		const group = asObjectRecord(groupValue);
+		if (!group || typeof group.allow !== "boolean") continue;
+		const nextGroup = { ...group };
+		if (typeof nextGroup.enabled !== "boolean") nextGroup.enabled = group.allow;
+		delete nextGroup.allow;
+		nextGroups[groupId] = nextGroup;
+		changed = true;
+		params.changes.push(`Moved ${params.pathPrefix}.${groupId}.allow → ${params.pathPrefix}.${groupId}.enabled (${String(nextGroup.enabled)}).`);
+	}
+	return {
+		groups: nextGroups,
+		changed
+	};
+}
+function normalizeZalouserCompatibilityConfig(cfg) {
+	const zalouser = asObjectRecord(asObjectRecord(cfg.channels)?.zalouser);
+	if (!zalouser) return {
+		config: cfg,
+		changes: []
+	};
+	const changes = [];
+	let updatedZalouser = zalouser;
+	let changed = false;
+	const groups = asObjectRecord(updatedZalouser.groups);
+	if (groups) {
+		const normalized = normalizeZalouserGroupAllowAliases({
+			groups,
+			pathPrefix: "channels.zalouser.groups",
+			changes
+		});
+		if (normalized.changed) {
+			updatedZalouser = {
+				...updatedZalouser,
+				groups: normalized.groups
+			};
+			changed = true;
+		}
+	}
+	const accounts = asObjectRecord(updatedZalouser.accounts);
+	if (accounts) {
+		let accountsChanged = false;
+		const nextAccounts = { ...accounts };
+		for (const [accountId, accountValue] of Object.entries(accounts)) {
+			const account = asObjectRecord(accountValue);
+			if (!account) continue;
+			const accountGroups = asObjectRecord(account.groups);
+			if (!accountGroups) continue;
+			const normalized = normalizeZalouserGroupAllowAliases({
+				groups: accountGroups,
+				pathPrefix: `channels.zalouser.accounts.${accountId}.groups`,
+				changes
+			});
+			if (!normalized.changed) continue;
+			nextAccounts[accountId] = {
+				...account,
+				groups: normalized.groups
+			};
+			accountsChanged = true;
+		}
+		if (accountsChanged) {
+			updatedZalouser = {
+				...updatedZalouser,
+				accounts: nextAccounts
+			};
+			changed = true;
+		}
+	}
+	if (!changed) return {
+		config: cfg,
+		changes: []
+	};
+	return {
+		config: {
+			...cfg,
+			channels: {
+				...cfg.channels,
+				zalouser: updatedZalouser
+			}
+		},
+		changes
+	};
+}
+const legacyConfigRules = [{
+	path: [
+		"channels",
+		"zalouser",
+		"groups"
+	],
+	message: "channels.zalouser.groups.<id>.allow is legacy; use channels.zalouser.groups.<id>.enabled instead. Run \"openclaw doctor --fix\".",
+	match: hasLegacyZalouserGroupAllowAliases
+}, {
+	path: [
+		"channels",
+		"zalouser",
+		"accounts"
+	],
+	message: "channels.zalouser.accounts.<id>.groups.<id>.allow is legacy; use channels.zalouser.accounts.<id>.groups.<id>.enabled instead. Run \"openclaw doctor --fix\".",
+	match: hasLegacyZalouserAccountGroupAllowAliases
+}];
+function normalizeCompatibilityConfig(params) {
+	return normalizeZalouserCompatibilityConfig(params.cfg);
+}
+//#endregion
+export { normalizeCompatibilityConfig as n, legacyConfigRules as t };

package/dist/doctor-contract-api.js

@@ -0,0 +1,2 @@
+import { n as normalizeCompatibilityConfig, t as legacyConfigRules } from "./doctor-contract-DgqHp8E2.js";
+export { legacyConfigRules, normalizeCompatibilityConfig };

package/dist/index.js

@@ -0,0 +1,27 @@
+import { defineBundledChannelEntry, loadBundledEntryExportSync } from "openclaw/plugin-sdk/channel-entry-contract";
+//#region extensions/zalouser/index.ts
+function createZalouserTool(context) {
+	return loadBundledEntryExportSync(import.meta.url, {
+		specifier: "./api.js",
+		exportName: "createZalouserTool"
+	})(context);
+}
+var zalouser_default = defineBundledChannelEntry({
+	id: "zalouser",
+	name: "Zalo Personal",
+	description: "Zalo personal account messaging via native zca-js integration",
+	importMetaUrl: import.meta.url,
+	plugin: {
+		specifier: "./channel-plugin-api.js",
+		exportName: "zalouserPlugin"
+	},
+	runtime: {
+		specifier: "./runtime-api.js",
+		exportName: "setZalouserRuntime"
+	},
+	registerFull(api) {
+		api.registerTool((ctx) => createZalouserTool(ctx), { name: "zalouser" });
+	}
+});
+//#endregion
+export { zalouser_default as default };