@openclaw/zalouser 2026.5.2 → 2026.5.3-beta.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/zalouser",
-  "version": "2026.5.2",
+  "version": "2026.5.3-beta.2",
   "description": "OpenClaw Zalo Personal Account plugin via native zca-js integration",
   "repository": {
     "type": "git",
@@ -16,7 +16,7 @@
     "openclaw": "workspace:*"
   },
   "peerDependencies": {
-    "openclaw": ">=2026.5.2"
+    "openclaw": ">=2026.5.3-beta.2"
   },
   "peerDependenciesMeta": {
     "openclaw": {
@@ -53,14 +53,23 @@
       "minHostVersion": ">=2026.4.10"
     },
     "compat": {
-      "pluginApi": ">=2026.5.2"
+      "pluginApi": ">=2026.5.3-beta.2"
     },
     "build": {
-      "openclawVersion": "2026.5.2"
+      "openclawVersion": "2026.5.3-beta.2"
     },
     "release": {
       "publishToClawHub": true,
       "publishToNpm": true
-    }
-  }
+    },
+    "runtimeExtensions": [
+      "./dist/index.js"
+    ],
+    "runtimeSetupEntry": "./dist/setup-entry.js"
+  },
+  "files": [
+    "dist/**",
+    "openclaw.plugin.json",
+    "README.md"
+  ]
 }

package/api.ts

@@ -1,9 +0,0 @@
-export { zalouserPlugin } from "./src/channel.js";
-export { zalouserSetupPlugin } from "./src/channel.setup.js";
-export { createZalouserTool } from "./src/tool.js";
-export { createZalouserSetupWizardProxy, zalouserSetupAdapter } from "./src/setup-core.js";
-export { zalouserSetupWizard } from "./src/setup-surface.js";
-export {
-  collectZalouserSecurityAuditFindings,
-  isZalouserMutableGroupEntry,
-} from "./src/security-audit.js";

package/channel-plugin-api.ts

@@ -1,3 +0,0 @@
-// Keep bundled channel entry imports narrow so bootstrap/discovery paths do
-// not drag setup-only or tool runtime surfaces into lightweight plugin loads.
-export { zalouserPlugin } from "./src/channel.js";

package/contract-api.ts

@@ -1,2 +0,0 @@
-export { collectZalouserSecurityAuditFindings } from "./src/security-audit.js";
-export { legacyConfigRules, normalizeCompatibilityConfig } from "./src/doctor-contract.js";

package/doctor-contract-api.ts

@@ -1 +0,0 @@
-export { normalizeCompatibilityConfig, legacyConfigRules } from "./src/doctor-contract.js";

package/index.ts

@@ -1,34 +0,0 @@
-import {
-  type AnyAgentTool,
-  defineBundledChannelEntry,
-  loadBundledEntryExportSync,
-} from "openclaw/plugin-sdk/channel-entry-contract";
-
-function createZalouserTool(context?: unknown): AnyAgentTool {
-  const createTool = loadBundledEntryExportSync<(context?: unknown) => AnyAgentTool>(
-    import.meta.url,
-    {
-      specifier: "./api.js",
-      exportName: "createZalouserTool",
-    },
-  );
-  return createTool(context);
-}
-
-export default defineBundledChannelEntry({
-  id: "zalouser",
-  name: "Zalo Personal",
-  description: "Zalo personal account messaging via native zca-js integration",
-  importMetaUrl: import.meta.url,
-  plugin: {
-    specifier: "./channel-plugin-api.js",
-    exportName: "zalouserPlugin",
-  },
-  runtime: {
-    specifier: "./runtime-api.js",
-    exportName: "setZalouserRuntime",
-  },
-  registerFull(api) {
-    api.registerTool((ctx) => createZalouserTool(ctx), { name: "zalouser" });
-  },
-});

package/runtime-api.ts

@@ -1,67 +0,0 @@
-export {
-  collectZalouserSecurityAuditFindings,
-  createZalouserSetupWizardProxy,
-  createZalouserTool,
-  isZalouserMutableGroupEntry,
-  zalouserPlugin,
-  zalouserSetupAdapter,
-  zalouserSetupPlugin,
-  zalouserSetupWizard,
-} from "./api.js";
-export { setZalouserRuntime } from "./src/runtime.js";
-export type { ReplyPayload } from "openclaw/plugin-sdk/reply-runtime";
-export type {
-  BaseProbeResult,
-  ChannelAccountSnapshot,
-  ChannelDirectoryEntry,
-  ChannelGroupContext,
-  ChannelMessageActionAdapter,
-  ChannelStatusIssue,
-} from "openclaw/plugin-sdk/channel-contract";
-export type {
-  OpenClawConfig,
-  GroupToolPolicyConfig,
-  MarkdownTableMode,
-} from "openclaw/plugin-sdk/config-types";
-export type {
-  PluginRuntime,
-  AnyAgentTool,
-  ChannelPlugin,
-  OpenClawPluginToolContext,
-} from "openclaw/plugin-sdk/core";
-export type { RuntimeEnv } from "openclaw/plugin-sdk/runtime";
-export {
-  DEFAULT_ACCOUNT_ID,
-  buildChannelConfigSchema,
-  normalizeAccountId,
-} from "openclaw/plugin-sdk/core";
-export { chunkTextForOutbound } from "openclaw/plugin-sdk/text-chunking";
-export { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/dangerous-name-runtime";
-export {
-  resolveDefaultGroupPolicy,
-  resolveOpenProviderRuntimeGroupPolicy,
-  warnMissingProviderGroupPolicyFallbackOnce,
-} from "openclaw/plugin-sdk/runtime-group-policy";
-export {
-  mergeAllowlist,
-  summarizeMapping,
-  formatAllowFromLowercase,
-} from "openclaw/plugin-sdk/allow-from";
-export { resolveInboundMentionDecision } from "openclaw/plugin-sdk/channel-inbound";
-export { createChannelPairingController } from "openclaw/plugin-sdk/channel-pairing";
-export { createChannelReplyPipeline } from "openclaw/plugin-sdk/channel-reply-pipeline";
-export { buildBaseAccountStatusSnapshot } from "openclaw/plugin-sdk/status-helpers";
-export { resolveSenderCommandAuthorization } from "openclaw/plugin-sdk/command-auth";
-export {
-  evaluateGroupRouteAccessForPolicy,
-  resolveSenderScopedGroupPolicy,
-} from "openclaw/plugin-sdk/group-access";
-export { loadOutboundMediaFromUrl } from "openclaw/plugin-sdk/outbound-media";
-export {
-  deliverTextOrMediaReply,
-  isNumericTargetId,
-  resolveSendableOutboundReplyParts,
-  sendPayloadWithChunkedTextAndMedia,
-  type OutboundReplyPayload,
-} from "openclaw/plugin-sdk/reply-payload";
-export { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/temp-path";

package/secret-contract-api.ts

@@ -1,4 +0,0 @@
-// Zalo User does not expose secret-contract surfaces.
-export const secretTargetRegistryEntries: readonly [] = [];
-
-export function collectRuntimeConfigAssignments(): void {}

package/setup-entry.ts

@@ -1,9 +0,0 @@
-import { defineBundledChannelSetupEntry } from "openclaw/plugin-sdk/channel-entry-contract";
-
-export default defineBundledChannelSetupEntry({
-  importMetaUrl: import.meta.url,
-  plugin: {
-    specifier: "./setup-plugin-api.js",
-    exportName: "zalouserSetupPlugin",
-  },
-});

package/setup-plugin-api.ts

@@ -1,2 +0,0 @@
-// Keep setup-entry imports narrow so setup loads do not pull tool surfaces.
-export { zalouserSetupPlugin } from "./src/channel.setup.js";

package/src/accounts.runtime.ts

@@ -1 +0,0 @@
-export { checkZaloAuthenticated, getZaloUserInfo } from "./zalo-js.js";

package/src/accounts.test-mocks.ts

@@ -1,14 +0,0 @@
-import { vi } from "vitest";
-import { createDefaultResolvedZalouserAccount } from "./test-helpers.js";
-
-vi.mock("./accounts.js", () => {
-  return {
-    listZalouserAccountIds: () => ["default"],
-    resolveDefaultZalouserAccountId: () => "default",
-    resolveZalouserAccountSync: () => createDefaultResolvedZalouserAccount(),
-    resolveZalouserAccount: async () => createDefaultResolvedZalouserAccount(),
-    listEnabledZalouserAccounts: async () => [createDefaultResolvedZalouserAccount()],
-    getZcaUserInfo: async () => null,
-    checkZcaAuthenticated: async () => false,
-  };
-});

package/src/accounts.test.ts

@@ -1,266 +0,0 @@
-import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/account-id";
-import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../runtime-api.js";
-import {
-  getZcaUserInfo,
-  listEnabledZalouserAccounts,
-  listZalouserAccountIds,
-  resolveDefaultZalouserAccountId,
-  resolveZalouserAccount,
-  resolveZalouserAccountSync,
-} from "./accounts.js";
-import { checkZaloAuthenticated, getZaloUserInfo } from "./zalo-js.js";
-
-vi.mock("./zalo-js.js", () => ({
-  checkZaloAuthenticated: vi.fn(),
-  getZaloUserInfo: vi.fn(),
-}));
-
-const mockCheckAuthenticated = vi.mocked(checkZaloAuthenticated);
-const mockGetUserInfo = vi.mocked(getZaloUserInfo);
-
-function asConfig(value: unknown): OpenClawConfig {
-  return value as OpenClawConfig;
-}
-
-describe("zalouser account resolution", () => {
-  beforeEach(() => {
-    mockCheckAuthenticated.mockReset();
-    mockGetUserInfo.mockReset();
-    delete process.env.ZALOUSER_PROFILE;
-    delete process.env.ZCA_PROFILE;
-  });
-
-  it("returns default account id when no accounts are configured", () => {
-    expect(listZalouserAccountIds(asConfig({}))).toEqual([DEFAULT_ACCOUNT_ID]);
-  });
-
-  it("returns sorted configured account ids", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            work: {},
-            personal: {},
-            default: {},
-          },
-        },
-      },
-    });
-
-    expect(listZalouserAccountIds(cfg)).toEqual(["default", "personal", "work"]);
-  });
-
-  it("uses configured defaultAccount when present", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          defaultAccount: "work",
-          accounts: {
-            default: {},
-            work: {},
-          },
-        },
-      },
-    });
-
-    expect(resolveDefaultZalouserAccountId(cfg)).toBe("work");
-  });
-
-  it("falls back to default account when configured defaultAccount is missing", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          defaultAccount: "missing",
-          accounts: {
-            default: {},
-            work: {},
-          },
-        },
-      },
-    });
-
-    expect(resolveDefaultZalouserAccountId(cfg)).toBe("default");
-  });
-
-  it("falls back to first sorted configured account when default is absent", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            zzz: {},
-            aaa: {},
-          },
-        },
-      },
-    });
-
-    expect(resolveDefaultZalouserAccountId(cfg)).toBe("aaa");
-  });
-
-  it("resolves sync account by merging base + account config", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          enabled: true,
-          dmPolicy: "pairing",
-          accounts: {
-            work: {
-              enabled: false,
-              name: "Work",
-              dmPolicy: "allowlist",
-              allowFrom: ["123"],
-            },
-          },
-        },
-      },
-    });
-
-    const resolved = resolveZalouserAccountSync({ cfg, accountId: "work" });
-    expect(resolved.accountId).toBe("work");
-    expect(resolved.enabled).toBe(false);
-    expect(resolved.name).toBe("Work");
-    expect(resolved.config.dmPolicy).toBe("allowlist");
-    expect(resolved.config.allowFrom).toEqual(["123"]);
-  });
-
-  it("uses configured defaultAccount when accountId is omitted", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          defaultAccount: "work",
-          accounts: {
-            work: {
-              name: "Work",
-              profile: "work-profile",
-            },
-          },
-        },
-      },
-    });
-
-    const resolved = resolveZalouserAccountSync({ cfg });
-    expect(resolved.accountId).toBe("work");
-    expect(resolved.name).toBe("Work");
-    expect(resolved.profile).toBe("work-profile");
-  });
-
-  it("resolves account config when account key casing differs from normalized id", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            Work: {
-              name: "Work",
-            },
-          },
-        },
-      },
-    });
-
-    const resolved = resolveZalouserAccountSync({ cfg, accountId: "work" });
-    expect(resolved.accountId).toBe("work");
-    expect(resolved.name).toBe("Work");
-  });
-
-  it("defaults group policy to allowlist when unset", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          enabled: true,
-        },
-      },
-    });
-
-    const resolved = resolveZalouserAccountSync({ cfg, accountId: "default" });
-    expect(resolved.config.groupPolicy).toBe("allowlist");
-  });
-
-  it("resolves profile precedence correctly", () => {
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            work: {},
-          },
-        },
-      },
-    });
-
-    process.env.ZALOUSER_PROFILE = "zalo-env";
-    expect(resolveZalouserAccountSync({ cfg, accountId: "work" }).profile).toBe("zalo-env");
-
-    delete process.env.ZALOUSER_PROFILE;
-    process.env.ZCA_PROFILE = "zca-env";
-    expect(resolveZalouserAccountSync({ cfg, accountId: "work" }).profile).toBe("zca-env");
-
-    delete process.env.ZCA_PROFILE;
-    expect(resolveZalouserAccountSync({ cfg, accountId: "work" }).profile).toBe("work");
-  });
-
-  it("uses explicit profile from config over env fallback", () => {
-    process.env.ZALOUSER_PROFILE = "env-profile";
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            work: {
-              profile: "explicit-profile",
-            },
-          },
-        },
-      },
-    });
-
-    expect(resolveZalouserAccountSync({ cfg, accountId: "work" }).profile).toBe("explicit-profile");
-  });
-
-  it("checks authentication during async account resolution", async () => {
-    mockCheckAuthenticated.mockResolvedValueOnce(true);
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            default: {},
-          },
-        },
-      },
-    });
-
-    const resolved = await resolveZalouserAccount({ cfg, accountId: "default" });
-    expect(mockCheckAuthenticated).toHaveBeenCalledWith("default");
-    expect(resolved.authenticated).toBe(true);
-  });
-
-  it("filters disabled accounts when listing enabled accounts", async () => {
-    mockCheckAuthenticated.mockResolvedValue(true);
-    const cfg = asConfig({
-      channels: {
-        zalouser: {
-          accounts: {
-            default: { enabled: true },
-            work: { enabled: false },
-          },
-        },
-      },
-    });
-
-    const accounts = await listEnabledZalouserAccounts(cfg);
-    expect(accounts.map((account) => account.accountId)).toEqual(["default"]);
-  });
-
-  it("maps account info helper from zalo-js", async () => {
-    mockGetUserInfo.mockResolvedValueOnce({
-      userId: "123",
-      displayName: "Alice",
-      avatar: "https://example.com/avatar.png",
-    });
-    expect(await getZcaUserInfo("default")).toEqual({
-      userId: "123",
-      displayName: "Alice",
-    });
-
-    mockGetUserInfo.mockResolvedValueOnce(null);
-    expect(await getZcaUserInfo("default")).toBeNull();
-  });
-});

package/src/accounts.ts

@@ -1,131 +0,0 @@
-import {
-  createAccountListHelpers,
-  DEFAULT_ACCOUNT_ID,
-  normalizeAccountId,
-  resolveMergedAccountConfig,
-} from "openclaw/plugin-sdk/account-resolution";
-import type { OpenClawConfig } from "openclaw/plugin-sdk/config-types";
-import { normalizeOptionalString } from "openclaw/plugin-sdk/text-runtime";
-import type { ResolvedZalouserAccount, ZalouserAccountConfig, ZalouserConfig } from "./types.js";
-
-let zalouserAccountsRuntimePromise: Promise<typeof import("./accounts.runtime.js")> | undefined;
-
-async function loadZalouserAccountsRuntime() {
-  zalouserAccountsRuntimePromise ??= import("./accounts.runtime.js");
-  return await zalouserAccountsRuntimePromise;
-}
-
-const {
-  listAccountIds: listZalouserAccountIds,
-  resolveDefaultAccountId: resolveDefaultZalouserAccountId,
-} = createAccountListHelpers("zalouser");
-export { listZalouserAccountIds, resolveDefaultZalouserAccountId };
-
-function mergeZalouserAccountConfig(cfg: OpenClawConfig, accountId: string): ZalouserAccountConfig {
-  const merged = resolveMergedAccountConfig<ZalouserAccountConfig>({
-    channelConfig: cfg.channels?.zalouser as ZalouserAccountConfig | undefined,
-    accounts: (cfg.channels?.zalouser as ZalouserConfig | undefined)?.accounts as
-      | Record<string, Partial<ZalouserAccountConfig>>
-      | undefined,
-    accountId,
-    omitKeys: ["defaultAccount"],
-  });
-  return {
-    ...merged,
-    // Match Telegram's safe default: groups stay allowlisted unless explicitly opened.
-    groupPolicy: merged.groupPolicy ?? "allowlist",
-  };
-}
-
-function resolveProfile(config: ZalouserAccountConfig, accountId: string): string {
-  if (config.profile?.trim()) {
-    return config.profile.trim();
-  }
-  if (process.env.ZALOUSER_PROFILE?.trim()) {
-    return process.env.ZALOUSER_PROFILE.trim();
-  }
-  if (process.env.ZCA_PROFILE?.trim()) {
-    return process.env.ZCA_PROFILE.trim();
-  }
-  if (accountId !== DEFAULT_ACCOUNT_ID) {
-    return accountId;
-  }
-  return "default";
-}
-
-function resolveZalouserAccountBase(params: { cfg: OpenClawConfig; accountId?: string | null }) {
-  const accountId = normalizeAccountId(
-    params.accountId ?? resolveDefaultZalouserAccountId(params.cfg),
-  );
-  const baseEnabled =
-    (params.cfg.channels?.zalouser as ZalouserConfig | undefined)?.enabled !== false;
-  const merged = mergeZalouserAccountConfig(params.cfg, accountId);
-  return {
-    accountId,
-    enabled: baseEnabled && merged.enabled !== false,
-    merged,
-    profile: resolveProfile(merged, accountId),
-  };
-}
-
-export async function resolveZalouserAccount(params: {
-  cfg: OpenClawConfig;
-  accountId?: string | null;
-}): Promise<ResolvedZalouserAccount> {
-  const { accountId, enabled, merged, profile } = resolveZalouserAccountBase(params);
-  const authenticated = await (await loadZalouserAccountsRuntime()).checkZaloAuthenticated(profile);
-
-  return {
-    accountId,
-    name: normalizeOptionalString(merged.name),
-    enabled,
-    profile,
-    authenticated,
-    config: merged,
-  };
-}
-
-export function resolveZalouserAccountSync(params: {
-  cfg: OpenClawConfig;
-  accountId?: string | null;
-}): ResolvedZalouserAccount {
-  const { accountId, enabled, merged, profile } = resolveZalouserAccountBase(params);
-
-  return {
-    accountId,
-    name: normalizeOptionalString(merged.name),
-    enabled,
-    profile,
-    authenticated: false,
-    config: merged,
-  };
-}
-
-export async function listEnabledZalouserAccounts(
-  cfg: OpenClawConfig,
-): Promise<ResolvedZalouserAccount[]> {
-  const ids = listZalouserAccountIds(cfg);
-  const accounts = await Promise.all(
-    ids.map((accountId) => resolveZalouserAccount({ cfg, accountId })),
-  );
-  return accounts.filter((account) => account.enabled);
-}
-
-export async function getZcaUserInfo(
-  profile: string,
-): Promise<{ userId?: string; displayName?: string } | null> {
-  const info = await (await loadZalouserAccountsRuntime()).getZaloUserInfo(profile);
-  if (!info) {
-    return null;
-  }
-  return {
-    userId: info.userId,
-    displayName: info.displayName,
-  };
-}
-
-export async function checkZcaAuthenticated(profile: string): Promise<boolean> {
-  return await (await loadZalouserAccountsRuntime()).checkZaloAuthenticated(profile);
-}
-
-export type { ResolvedZalouserAccount } from "./types.js";

package/src/channel-api.ts

@@ -1,20 +0,0 @@
-export { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from";
-export type {
-  ChannelDirectoryEntry,
-  ChannelGroupContext,
-  ChannelMessageActionAdapter,
-} from "openclaw/plugin-sdk/channel-contract";
-export { buildChannelConfigSchema } from "openclaw/plugin-sdk/channel-config-schema";
-export type { ChannelPlugin } from "openclaw/plugin-sdk/core";
-export {
-  DEFAULT_ACCOUNT_ID,
-  normalizeAccountId,
-  type OpenClawConfig,
-} from "openclaw/plugin-sdk/core";
-export { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/dangerous-name-runtime";
-export type { GroupToolPolicyConfig } from "openclaw/plugin-sdk/config-types";
-export { chunkTextForOutbound } from "openclaw/plugin-sdk/text-chunking";
-export {
-  isNumericTargetId,
-  sendPayloadWithChunkedTextAndMedia,
-} from "openclaw/plugin-sdk/reply-payload";