@openclaw/zalouser 2026.5.7 → 2026.5.10-beta.1

package/dist/{accounts-C00IMUgd.js → accounts-ClSPNIvj.js}

@@ -3,7 +3,7 @@ import { normalizeOptionalString } from "openclaw/plugin-sdk/text-runtime";
 //#region extensions/zalouser/src/accounts.ts
 let zalouserAccountsRuntimePromise;
 async function loadZalouserAccountsRuntime() {
-	zalouserAccountsRuntimePromise ??= import("./accounts.runtime-uG7S8cXT.js");
+	zalouserAccountsRuntimePromise ??= import("./accounts.runtime-Bls9vlnf.js");
 	return await zalouserAccountsRuntimePromise;
 }
 const { listAccountIds: listZalouserAccountIds, resolveDefaultAccountId: resolveDefaultZalouserAccountId } = createAccountListHelpers("zalouser");

package/dist/{accounts.runtime-uG7S8cXT.js → accounts.runtime-Bls9vlnf.js}

@@ -1,2 +1,2 @@
-import { n as getZaloUserInfo, t as checkZaloAuthenticated } from "./zalo-js-CHCUlY3c.js";
+import { n as getZaloUserInfo, t as checkZaloAuthenticated } from "./zalo-js-QGi0H5K7.js";
 export { checkZaloAuthenticated, getZaloUserInfo };

package/dist/{api-C3SYq_R3.js → api-Dl_YURKB.js}

@@ -1,11 +1,12 @@
-import "./setup-surface-NCOuKu-l.js";
+import "./setup-surface-6MmoBuUf.js";
 import "./setup-core-CqipqY98.js";
 import { r as parseZalouserOutboundTarget } from "./session-route-C0-Xr8bt.js";
-import "./channel-DLNmGWb8.js";
+import "./channel-BaznOdZe.js";
 import "./security-audit-BZLhil-V.js";
-import { i as listZaloFriendsMatching, n as getZaloUserInfo, s as listZaloGroupsMatching, t as checkZaloAuthenticated } from "./zalo-js-CHCUlY3c.js";
-import "./channel.setup-CiDeBFrn.js";
-import { i as sendMessageZalouser, n as sendImageZalouser, r as sendLinkZalouser } from "./send-BsmySxe3.js";
+import { i as listZaloFriendsMatching, n as getZaloUserInfo, s as listZaloGroupsMatching, t as checkZaloAuthenticated } from "./zalo-js-QGi0H5K7.js";
+import "./channel.setup-Tevqgs6C.js";
+import { i as sendMessageZalouser, n as sendImageZalouser, r as sendLinkZalouser } from "./send-CeCQ8UZF.js";
+import { stringEnum } from "openclaw/plugin-sdk/channel-actions";
 import { formatErrorMessage } from "openclaw/plugin-sdk/error-runtime";
 import { Type } from "typebox";
 //#region extensions/zalouser/src/tool.ts
@@ -18,13 +19,6 @@ const ACTIONS = [
 	"me",
 	"status"
 ];
-function stringEnum(values, options = {}) {
-	return Type.Unsafe({
-		type: "string",
-		enum: [...values],
-		...options
-	});
-}
 const ZalouserToolSchema = Type.Object({
 	action: stringEnum(ACTIONS, { description: `Action to perform: ${ACTIONS.join(", ")}` }),
 	threadId: Type.Optional(Type.String({ description: "Thread ID for messaging" })),

package/dist/api.js

@@ -1,7 +1,7 @@
-import { n as zalouserSetupWizard } from "./setup-surface-NCOuKu-l.js";
+import { n as zalouserSetupWizard } from "./setup-surface-6MmoBuUf.js";
 import { n as zalouserSetupAdapter, t as createZalouserSetupWizardProxy } from "./setup-core-CqipqY98.js";
-import { t as zalouserPlugin } from "./channel-DLNmGWb8.js";
+import { t as zalouserPlugin } from "./channel-BaznOdZe.js";
 import { n as isZalouserMutableGroupEntry, t as collectZalouserSecurityAuditFindings } from "./security-audit-BZLhil-V.js";
-import { t as zalouserSetupPlugin } from "./channel.setup-CiDeBFrn.js";
-import { t as createZalouserTool } from "./api-C3SYq_R3.js";
+import { t as zalouserSetupPlugin } from "./channel.setup-Tevqgs6C.js";
+import { t as createZalouserTool } from "./api-Dl_YURKB.js";
 export { collectZalouserSecurityAuditFindings, createZalouserSetupWizardProxy, createZalouserTool, isZalouserMutableGroupEntry, zalouserPlugin, zalouserSetupAdapter, zalouserSetupPlugin, zalouserSetupWizard };

package/dist/{channel-DLNmGWb8.js → channel-BaznOdZe.js}

@@ -1,5 +1,5 @@
-import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-C00IMUgd.js";
-import { a as isNumericTargetId, i as isDangerousNameMatchingEnabled, n as DEFAULT_ACCOUNT_ID, o as normalizeAccountId, r as chunkTextForOutbound, s as sendPayloadWithChunkedTextAndMedia, t as createZalouserPluginBase } from "./shared-DSy8aIUx.js";
+import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-ClSPNIvj.js";
+import { a as isNumericTargetId, i as isDangerousNameMatchingEnabled, n as DEFAULT_ACCOUNT_ID, o as normalizeAccountId, r as chunkTextForOutbound, s as sendPayloadWithChunkedTextAndMedia, t as createZalouserPluginBase } from "./shared-C4hIhcfY.js";
 import { a as resolveZalouserReactionMessageIds, o as buildZalouserGroupCandidates, s as findZalouserGroupEntry, t as getZalouserRuntime } from "./runtime-QNU7vLgI.js";
 import { n as zalouserSetupAdapter, r as writeQrDataUrlToTempFile, t as createZalouserSetupWizardProxy } from "./setup-core-CqipqY98.js";
 import { i as resolveZalouserOutboundSessionRoute, n as parseZalouserDirectoryGroupId, r as parseZalouserOutboundTarget, t as normalizeZalouserTarget } from "./session-route-C0-Xr8bt.js";
@@ -10,11 +10,12 @@ import { createLazyRuntimeModule } from "openclaw/plugin-sdk/lazy-runtime";
 import { createAsyncComputedAccountStatusAdapter, createDefaultChannelRuntimeState } from "openclaw/plugin-sdk/status-helpers";
 import { normalizeLowercaseStringOrEmpty } from "openclaw/plugin-sdk/text-runtime";
 import { createScopedDmSecurityResolver } from "openclaw/plugin-sdk/channel-config-helpers";
+import { defineChannelMessageAdapter } from "openclaw/plugin-sdk/channel-message";
 import { createPairingPrefixStripper } from "openclaw/plugin-sdk/channel-pairing";
 import { createEmptyChannelResult, createRawChannelSendResultAdapter } from "openclaw/plugin-sdk/channel-send-result";
 import { createStaticReplyToModeResolver } from "openclaw/plugin-sdk/conversation-runtime";
 //#region extensions/zalouser/src/channel.adapters.ts
-const loadZalouserChannelRuntime$1 = createLazyRuntimeModule(() => import("./channel.runtime-C9WxiAiR.js"));
+const loadZalouserChannelRuntime$1 = createLazyRuntimeModule(() => import("./channel.runtime-85pFFq1m.js"));
 const ZALOUSER_TEXT_CHUNK_LIMIT = 2e3;
 function resolveZalouserQrProfile(accountId) {
 	const normalized = normalizeAccountId(accountId);
@@ -47,40 +48,54 @@ function resolveZalouserRequireMention(params) {
 	if (typeof entry?.requireMention === "boolean") return entry.requireMention;
 	return true;
 }
+async function sendZalouserTextFromContext({ to, text, accountId, cfg }) {
+	const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
+	const account = resolveZalouserAccountSync({
+		cfg,
+		accountId
+	});
+	const target = parseZalouserOutboundTarget(to);
+	return await sendMessageZalouser(target.threadId, text, {
+		profile: account.profile,
+		isGroup: target.isGroup,
+		textMode: "markdown",
+		textChunkMode: resolveZalouserOutboundChunkMode(cfg, account.accountId),
+		textChunkLimit: resolveZalouserOutboundTextChunkLimit(cfg, account.accountId)
+	});
+}
+async function sendZalouserMediaFromContext({ to, text, mediaUrl, accountId, cfg, mediaLocalRoots, mediaReadFile }) {
+	const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
+	const account = resolveZalouserAccountSync({
+		cfg,
+		accountId
+	});
+	const target = parseZalouserOutboundTarget(to);
+	return await sendMessageZalouser(target.threadId, text, {
+		profile: account.profile,
+		isGroup: target.isGroup,
+		mediaUrl,
+		mediaLocalRoots,
+		mediaReadFile,
+		textMode: "markdown",
+		textChunkMode: resolveZalouserOutboundChunkMode(cfg, account.accountId),
+		textChunkLimit: resolveZalouserOutboundTextChunkLimit(cfg, account.accountId)
+	});
+}
 const zalouserRawSendResultAdapter = createRawChannelSendResultAdapter({
 	channel: "zalouser",
-	sendText: async ({ to, text, accountId, cfg }) => {
-		const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
-		const account = resolveZalouserAccountSync({
-			cfg,
-			accountId
-		});
-		const target = parseZalouserOutboundTarget(to);
-		return await sendMessageZalouser(target.threadId, text, {
-			profile: account.profile,
-			isGroup: target.isGroup,
-			textMode: "markdown",
-			textChunkMode: resolveZalouserOutboundChunkMode(cfg, account.accountId),
-			textChunkLimit: resolveZalouserOutboundTextChunkLimit(cfg, account.accountId)
-		});
-	},
-	sendMedia: async ({ to, text, mediaUrl, accountId, cfg, mediaLocalRoots, mediaReadFile }) => {
-		const { sendMessageZalouser } = await loadZalouserChannelRuntime$1();
-		const account = resolveZalouserAccountSync({
-			cfg,
-			accountId
-		});
-		const target = parseZalouserOutboundTarget(to);
-		return await sendMessageZalouser(target.threadId, text, {
-			profile: account.profile,
-			isGroup: target.isGroup,
-			mediaUrl,
-			mediaLocalRoots,
-			mediaReadFile,
-			textMode: "markdown",
-			textChunkMode: resolveZalouserOutboundChunkMode(cfg, account.accountId),
-			textChunkLimit: resolveZalouserOutboundTextChunkLimit(cfg, account.accountId)
-		});
+	sendText: sendZalouserTextFromContext,
+	sendMedia: sendZalouserMediaFromContext
+});
+const zalouserMessageAdapter = defineChannelMessageAdapter({
+	id: "zalouser",
+	durableFinal: { capabilities: {
+		text: true,
+		media: true,
+		messageSendingHooks: true
+	} },
+	send: {
+		text: sendZalouserTextFromContext,
+		media: sendZalouserMediaFromContext
 	}
 });
 const resolveZalouserDmPolicy = createScopedDmSecurityResolver({
@@ -331,8 +346,8 @@ function collectZalouserStatusIssues(accounts) {
 }
 //#endregion
 //#region extensions/zalouser/src/channel.ts
-const loadZalouserChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime-C9WxiAiR.js"));
-const zalouserSetupWizardProxy = createZalouserSetupWizardProxy(async () => (await import("./setup-surface-NCOuKu-l.js").then((n) => n.t)).zalouserSetupWizard);
+const loadZalouserChannelRuntime = createLazyRuntimeModule(() => import("./channel.runtime-85pFFq1m.js"));
+const zalouserSetupWizardProxy = createZalouserSetupWizardProxy(async () => (await import("./setup-surface-6MmoBuUf.js").then((n) => n.t)).zalouserSetupWizard);
 function mapUser(params) {
 	return {
 		kind: "user",
@@ -411,6 +426,7 @@ const zalouserPlugin = createChatChannelPlugin({
 		},
 		resolver: zalouserResolverAdapter,
 		auth: zalouserAuthAdapter,
+		message: zalouserMessageAdapter,
 		status: createAsyncComputedAccountStatusAdapter({
 			defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID),
 			collectStatusIssues: collectZalouserStatusIssues,
@@ -448,7 +464,7 @@ const zalouserPlugin = createChatChannelPlugin({
 					setStatus: ctx.setStatus
 				});
 				ctx.log?.info(`[${account.accountId}] starting zalouser provider${userLabel}`);
-				const { monitorZalouserProvider } = await import("./monitor-dpWp8FkN.js");
+				const { monitorZalouserProvider } = await import("./monitor-BfclyB4b.js");
 				return monitorZalouserProvider({
 					account,
 					config: ctx.cfg,

package/dist/channel-plugin-api.js

@@ -1,2 +1,2 @@
-import { t as zalouserPlugin } from "./channel-DLNmGWb8.js";
+import { t as zalouserPlugin } from "./channel-BaznOdZe.js";
 export { zalouserPlugin };

package/dist/{channel.runtime-C9WxiAiR.js → channel.runtime-85pFFq1m.js}

@@ -1,6 +1,6 @@
 import { t as collectZalouserSecurityAuditFindings } from "./security-audit-BZLhil-V.js";
-import { a as listZaloGroupMembers, b as waitForZaloQrLogin, c as logoutZaloProfile, i as listZaloFriendsMatching, n as getZaloUserInfo, s as listZaloGroupsMatching, y as startZaloQrLogin } from "./zalo-js-CHCUlY3c.js";
-import { a as sendReactionZalouser, i as sendMessageZalouser } from "./send-BsmySxe3.js";
+import { a as listZaloGroupMembers, b as waitForZaloQrLogin, c as logoutZaloProfile, i as listZaloFriendsMatching, n as getZaloUserInfo, s as listZaloGroupsMatching, y as startZaloQrLogin } from "./zalo-js-QGi0H5K7.js";
+import { a as sendReactionZalouser, i as sendMessageZalouser } from "./send-CeCQ8UZF.js";
 import { formatErrorMessage } from "openclaw/plugin-sdk/error-runtime";
 //#region extensions/zalouser/src/probe.ts
 async function probeZalouser(profile, timeoutMs) {

package/dist/{channel.setup-CiDeBFrn.js → channel.setup-Tevqgs6C.js}

@@ -1,5 +1,5 @@
-import { n as zalouserSetupWizard } from "./setup-surface-NCOuKu-l.js";
-import { t as createZalouserPluginBase } from "./shared-DSy8aIUx.js";
+import { n as zalouserSetupWizard } from "./setup-surface-6MmoBuUf.js";
+import { t as createZalouserPluginBase } from "./shared-C4hIhcfY.js";
 import { n as zalouserSetupAdapter } from "./setup-core-CqipqY98.js";
 //#region extensions/zalouser/src/channel.setup.ts
 const zalouserSetupPlugin = { ...createZalouserPluginBase({

package/dist/{monitor-dpWp8FkN.js → monitor-BfclyB4b.js}

@@ -1,25 +1,19 @@
 import { c as isZalouserGroupEntryAllowed, i as resolveZalouserMessageSid, o as buildZalouserGroupCandidates, r as formatZalouserMessageSidFull, s as findZalouserGroupEntry, t as getZalouserRuntime } from "./runtime-QNU7vLgI.js";
-import { o as listZaloGroups, r as listZaloFriends, u as resolveZaloGroupContext, v as startZaloListener } from "./zalo-js-CHCUlY3c.js";
-import { i as sendMessageZalouser, o as sendSeenZalouser, s as sendTypingZalouser, t as sendDeliveredZalouser } from "./send-BsmySxe3.js";
+import { o as listZaloGroups, r as listZaloFriends, u as resolveZaloGroupContext, v as startZaloListener } from "./zalo-js-QGi0H5K7.js";
+import { i as sendMessageZalouser, o as sendSeenZalouser, s as sendTypingZalouser, t as sendDeliveredZalouser } from "./send-CeCQ8UZF.js";
 import { createDeferred } from "openclaw/plugin-sdk/extension-shared";
-import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString } from "openclaw/plugin-sdk/text-runtime";
+import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString, normalizeStringEntries } from "openclaw/plugin-sdk/text-runtime";
 import { mergeAllowlist, summarizeMapping } from "openclaw/plugin-sdk/allow-from";
 import { KeyedAsyncQueue } from "openclaw/plugin-sdk/core";
 import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/dangerous-name-runtime";
 import { deliverTextOrMediaReply, resolveSendableOutboundReplyParts } from "openclaw/plugin-sdk/reply-payload";
 import { createChannelPairingController } from "openclaw/plugin-sdk/channel-pairing";
-import { DM_GROUP_ACCESS_REASON, resolveDmGroupAccessWithLists } from "openclaw/plugin-sdk/channel-policy";
 import { resolveDefaultGroupPolicy, resolveOpenProviderRuntimeGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce } from "openclaw/plugin-sdk/runtime-group-policy";
 import { implicitMentionKindWhen, resolveInboundMentionDecision } from "openclaw/plugin-sdk/channel-inbound";
-import { createChannelReplyPipeline } from "openclaw/plugin-sdk/channel-reply-pipeline";
-import { resolveSenderCommandAuthorization } from "openclaw/plugin-sdk/command-auth";
-import { evaluateGroupRouteAccessForPolicy, resolveSenderScopedGroupPolicy } from "openclaw/plugin-sdk/group-access";
+import { resolveStableChannelMessageIngress } from "openclaw/plugin-sdk/channel-ingress-runtime";
 import { DEFAULT_GROUP_HISTORY_LIMIT, buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, recordPendingHistoryEntryIfEnabled } from "openclaw/plugin-sdk/reply-history";
 //#region extensions/zalouser/src/monitor.ts
 const ZALOUSER_TEXT_LIMIT = 2e3;
-function normalizeZalouserEntry(entry) {
-	return entry.replace(/^(zalouser|zlu):/i, "").trim();
-}
 function buildNameIndex(items, nameFn) {
 	const index = /* @__PURE__ */ new Map();
 	for (const item of items) {
@@ -52,6 +46,12 @@ function resolveUserAllowlistEntries(entries, byName) {
 		unresolved
 	};
 }
+function normalizeZalouserAllowEntry(entry) {
+	return entry.replace(/^(zalouser|zlu):/i, "").trim();
+}
+function normalizeZalouserSender(value) {
+	return normalizeOptionalLowercaseString(normalizeZalouserAllowEntry(value)) || null;
+}
 function resolveInboundQueueKey(message) {
 	const threadId = message.threadId?.trim() || "unknown";
 	if (message.isGroup) return `group:${threadId}`;
@@ -61,6 +61,29 @@ function resolveZalouserDmSessionScope(config) {
 	const configured = config.session?.dmScope;
 	return configured === "main" || !configured ? "per-channel-peer" : configured;
 }
+function resolveZalouserRouteAccess(params) {
+	if (params.groupPolicy === "disabled") return {
+		allowed: false,
+		reason: "disabled"
+	};
+	if (params.matched && params.enabled === false) return {
+		allowed: false,
+		reason: "route_disabled"
+	};
+	if (params.groupPolicy !== "allowlist") return { allowed: true };
+	if (!params.configured) return {
+		allowed: false,
+		reason: "empty_allowlist"
+	};
+	return params.matched ? { allowed: true } : {
+		allowed: false,
+		reason: "route_not_allowlisted"
+	};
+}
+function senderScopedZalouserGroupPolicy(params) {
+	if (params.groupPolicy === "disabled") return "disabled";
+	return params.groupAllowFrom.length > 0 ? "allowlist" : "open";
+}
 function resolveZalouserInboundSessionKey(params) {
 	if (params.isGroup) return params.route.sessionKey;
 	const directSessionKey = normalizeLowercaseStringOrEmpty(params.core.channel.routing.buildAgentSessionKey({
@@ -95,14 +118,6 @@ function resolveZalouserInboundSessionKey(params) {
 function logVerbose(core, runtime, message) {
 	if (core.logging.shouldLogVerbose()) runtime.log(`[zalouser] ${message}`);
 }
-function isSenderAllowed(senderId, allowFrom) {
-	if (allowFrom.includes("*")) return true;
-	const normalizedSenderId = normalizeOptionalLowercaseString(senderId);
-	if (!normalizedSenderId) return false;
-	return allowFrom.some((entry) => {
-		return normalizeLowercaseStringOrEmpty(entry).replace(/^(zalouser|zlu):/i, "") === normalizedSenderId;
-	});
-}
 function resolveGroupRequireMention(params) {
 	const entry = findZalouserGroupEntry(params.groups ?? {}, buildZalouserGroupCandidates({
 		groupId: params.groupId,
@@ -183,11 +198,11 @@ async function processMessage(message, account, config, core, runtime, historySt
 			includeWildcard: true,
 			allowNameMatching
 		}));
-		const routeAccess = evaluateGroupRouteAccessForPolicy({
+		const routeAccess = resolveZalouserRouteAccess({
 			groupPolicy,
-			routeAllowlistConfigured,
-			routeMatched: Boolean(groupEntry),
-			routeEnabled: isZalouserGroupEntryAllowed(groupEntry)
+			configured: routeAllowlistConfigured,
+			matched: Boolean(groupEntry),
+			enabled: isZalouserGroupEntryAllowed(groupEntry)
 		});
 		if (!routeAccess.allowed) {
 			if (routeAccess.reason === "disabled") logVerbose(core, runtime, `zalouser: drop group ${chatId} (groupPolicy=disabled)`);
@@ -198,30 +213,45 @@ async function processMessage(message, account, config, core, runtime, historySt
 		}
 	}
 	const dmPolicy = account.config.dmPolicy ?? "pairing";
-	const configAllowFrom = (account.config.allowFrom ?? []).map((v) => String(v));
-	const configGroupAllowFrom = (account.config.groupAllowFrom ?? []).map((v) => String(v));
-	const senderGroupPolicy = routeAllowlistConfigured && configGroupAllowFrom.length === 0 ? groupPolicy : resolveSenderScopedGroupPolicy({
+	const configAllowFrom = normalizeStringEntries(account.config.allowFrom);
+	const configGroupAllowFrom = normalizeStringEntries(account.config.groupAllowFrom);
+	const senderGroupPolicy = routeAllowlistConfigured && configGroupAllowFrom.length === 0 ? groupPolicy : senderScopedZalouserGroupPolicy({
 		groupPolicy,
 		groupAllowFrom: configGroupAllowFrom
 	});
-	const storeAllowFrom = !isGroup && dmPolicy !== "allowlist" && dmPolicy !== "open" ? await pairing.readAllowFromStore().catch(() => []) : [];
-	const accessDecision = resolveDmGroupAccessWithLists({
-		isGroup,
+	const shouldComputeCommandAuth = core.channel.commands.shouldComputeCommandAuthorized(commandBody, config);
+	const accessDecision = await resolveStableChannelMessageIngress({
+		channelId: "zalouser",
+		accountId: account.accountId,
+		identity: {
+			normalize: normalizeZalouserSender,
+			sensitivity: "pii",
+			entryIdPrefix: "zalouser-entry"
+		},
+		cfg: config,
+		readStoreAllowFrom: async () => await pairing.readAllowFromStore(),
+		subject: { stableId: senderId },
+		conversation: {
+			kind: isGroup ? "group" : "direct",
+			id: isGroup ? "group" : senderId
+		},
 		dmPolicy,
 		groupPolicy: senderGroupPolicy,
+		policy: { groupAllowFromFallbackToAllowFrom: false },
 		allowFrom: configAllowFrom,
 		groupAllowFrom: configGroupAllowFrom,
-		storeAllowFrom,
-		groupAllowFromFallbackToAllowFrom: false,
-		isSenderAllowed: (allowFrom) => isSenderAllowed(senderId, allowFrom)
+		command: shouldComputeCommandAuth ? {
+			directGroupAllowFrom: "effective",
+			commandGroupAllowFromFallbackToAllowFrom: true
+		} : void 0
 	});
-	if (isGroup && accessDecision.decision !== "allow") {
-		if (accessDecision.reasonCode === DM_GROUP_ACCESS_REASON.GROUP_POLICY_EMPTY_ALLOWLIST) logVerbose(core, runtime, "Blocked zalouser group message (no group allowlist)");
-		else if (accessDecision.reasonCode === DM_GROUP_ACCESS_REASON.GROUP_POLICY_NOT_ALLOWLISTED) logVerbose(core, runtime, `Blocked zalouser sender ${senderId} (not in groupAllowFrom/allowFrom)`);
+	if (isGroup && accessDecision.senderAccess.decision !== "allow") {
+		if (accessDecision.senderAccess.reasonCode === "group_policy_empty_allowlist") logVerbose(core, runtime, "Blocked zalouser group message (no group allowlist)");
+		else if (accessDecision.senderAccess.reasonCode === "group_policy_not_allowlisted") logVerbose(core, runtime, `Blocked zalouser sender ${senderId} (not in groupAllowFrom/allowFrom)`);
 		return;
 	}
-	if (!isGroup && accessDecision.decision !== "allow") {
-		if (accessDecision.decision === "pairing") {
+	if (!isGroup && accessDecision.senderAccess.decision !== "allow") {
+		if (accessDecision.senderAccess.decision === "pairing") {
 			await pairing.issueChallenge({
 				senderId,
 				senderIdLine: `Your Zalo user id: ${senderId}`,
@@ -239,25 +269,11 @@ async function processMessage(message, account, config, core, runtime, historySt
 			});
 			return;
 		}
-		if (accessDecision.reasonCode === DM_GROUP_ACCESS_REASON.DM_POLICY_DISABLED) logVerbose(core, runtime, `Blocked zalouser DM from ${senderId} (dmPolicy=disabled)`);
+		if (accessDecision.senderAccess.reasonCode === "dm_policy_disabled") logVerbose(core, runtime, `Blocked zalouser DM from ${senderId} (dmPolicy=disabled)`);
 		else logVerbose(core, runtime, `Blocked unauthorized zalouser sender ${senderId} (dmPolicy=${dmPolicy})`);
 		return;
 	}
-	const { commandAuthorized } = await resolveSenderCommandAuthorization({
-		cfg: config,
-		rawBody: commandBody,
-		isGroup,
-		dmPolicy,
-		configuredAllowFrom: configAllowFrom,
-		configuredGroupAllowFrom: configGroupAllowFrom,
-		senderId,
-		isSenderAllowed,
-		channel: "zalouser",
-		accountId: account.accountId,
-		readAllowFromStore: async () => storeAllowFrom,
-		shouldComputeCommandAuthorized: (body, cfg) => core.channel.commands.shouldComputeCommandAuthorized(body, cfg),
-		resolveCommandAuthorizedFromAuthorizers: (params) => core.channel.commands.resolveCommandAuthorizedFromAuthorizers(params)
-	});
+	const commandAuthorized = accessDecision.commandAccess.requested ? accessDecision.commandAccess.authorized : void 0;
 	const hasControlCommand = core.channel.commands.isControlCommandMessage(commandBody, config);
 	if (isGroup && hasControlCommand && commandAuthorized !== true) {
 		logVerbose(core, runtime, `zalouser: drop control command from unauthorized sender ${senderId}`);
@@ -437,12 +453,50 @@ async function processMessage(message, account, config, core, runtime, historySt
 			CommandAuthorized: commandAuthorized
 		}
 	});
-	const { onModelSelected, ...replyPipeline } = createChannelReplyPipeline({
-		cfg: config,
-		agentId: route.agentId,
+	await core.channel.turn.runAssembled({
 		channel: "zalouser",
 		accountId: account.accountId,
-		typing: {
+		cfg: config,
+		agentId: route.agentId,
+		routeSessionKey: route.sessionKey,
+		storePath,
+		ctxPayload,
+		recordInboundSession: core.channel.session.recordInboundSession,
+		dispatchReplyWithBufferedBlockDispatcher: core.channel.reply.dispatchReplyWithBufferedBlockDispatcher,
+		delivery: {
+			preparePayload: (payload) => {
+				if (payload.text === void 0) return payload;
+				return {
+					...payload,
+					text: core.channel.text.convertMarkdownTables(payload.text, core.channel.text.resolveMarkdownTableMode({
+						cfg: config,
+						channel: "zalouser",
+						accountId: account.accountId
+					}))
+				};
+			},
+			durable: () => ({ to: normalizedTo }),
+			deliver: async (payload) => {
+				return await deliverZalouserReply({
+					payload,
+					profile: account.profile,
+					chatId,
+					isGroup,
+					runtime,
+					core,
+					config,
+					accountId: account.accountId,
+					tableMode: "off"
+				});
+			},
+			onDelivered: (_payload, _info, result) => {
+				if (result?.visibleReplySent !== false) statusSink?.({ lastOutboundAt: Date.now() });
+			},
+			onError: (err, info) => {
+				runtime.error(`[${account.accountId}] Zalouser ${info.kind} reply failed: ${String(err)}`);
+			}
+		},
+		replyPipeline: { typing: {
 			start: async () => {
 				await sendTypingZalouser(chatId, {
 					profile: account.profile,
@@ -453,61 +507,10 @@ async function processMessage(message, account, config, core, runtime, historySt
 				runtime.error?.(`[${account.accountId}] zalouser typing start failed for ${chatId}: ${String(err)}`);
 				logVerbose(core, runtime, `zalouser typing failed for ${chatId}: ${String(err)}`);
 			}
-		}
-	});
-	await core.channel.turn.run({
-		channel: "zalouser",
-		accountId: account.accountId,
-		raw: message,
-		adapter: {
-			ingest: () => ({
-				id: messageSid ?? `${message.timestampMs}`,
-				timestamp: message.timestampMs,
-				rawText: rawBody,
-				textForAgent: rawBody,
-				textForCommands: commandBody,
-				raw: message
-			}),
-			resolveTurn: () => ({
-				cfg: config,
-				channel: "zalouser",
-				accountId: account.accountId,
-				agentId: route.agentId,
-				routeSessionKey: route.sessionKey,
-				storePath,
-				ctxPayload,
-				recordInboundSession: core.channel.session.recordInboundSession,
-				dispatchReplyWithBufferedBlockDispatcher: core.channel.reply.dispatchReplyWithBufferedBlockDispatcher,
-				delivery: {
-					deliver: async (payload) => {
-						await deliverZalouserReply({
-							payload,
-							profile: account.profile,
-							chatId,
-							isGroup,
-							runtime,
-							core,
-							config,
-							accountId: account.accountId,
-							statusSink,
-							tableMode: core.channel.text.resolveMarkdownTableMode({
-								cfg: config,
-								channel: "zalouser",
-								accountId: account.accountId
-							})
-						});
-					},
-					onError: (err, info) => {
-						runtime.error(`[${account.accountId}] Zalouser ${info.kind} reply failed: ${String(err)}`);
-					}
-				},
-				dispatcherOptions: replyPipeline,
-				replyOptions: { onModelSelected },
-				record: { onRecordError: (err) => {
-					runtime.error?.(`zalouser: failed updating session meta: ${String(err)}`);
-				} }
-			})
-		}
+		} },
+		record: { onRecordError: (err) => {
+			runtime.error?.(`zalouser: failed updating session meta: ${String(err)}`);
+		} }
 	});
 	if (isGroup && historyKey) clearHistoryEntriesIfEnabled({
 		historyMap: historyState.groupHistories,
@@ -516,8 +519,9 @@ async function processMessage(message, account, config, core, runtime, historySt
 	});
 }
 async function deliverZalouserReply(params) {
-	const { payload, profile, chatId, isGroup, runtime, core, config, accountId, statusSink } = params;
+	const { payload, profile, chatId, isGroup, runtime, core, config, accountId } = params;
 	const tableMode = params.tableMode ?? "code";
+	let visibleReplySent = false;
 	const reply = resolveSendableOutboundReplyParts(payload, { text: core.channel.text.convertMarkdownTables(payload.text ?? "", tableMode) });
 	const chunkMode = core.channel.text.resolveChunkMode(config, "zalouser", accountId);
 	const textChunkLimit = core.channel.text.resolveTextChunkLimit(config, "zalouser", accountId, { fallbackLimit: ZALOUSER_TEXT_LIMIT });
@@ -533,7 +537,7 @@ async function deliverZalouserReply(params) {
 					textChunkMode: chunkMode,
 					textChunkLimit
 				});
-				statusSink?.({ lastOutboundAt: Date.now() });
+				visibleReplySent = true;
 			} catch (err) {
 				runtime.error(`Zalouser message send failed: ${String(err)}`);
 			}
@@ -548,12 +552,13 @@ async function deliverZalouserReply(params) {
 				textChunkMode: chunkMode,
 				textChunkLimit
 			});
-			statusSink?.({ lastOutboundAt: Date.now() });
+			visibleReplySent = true;
 		},
 		onMediaError: (error) => {
 			runtime.error(`Zalouser media send failed: ${error instanceof Error ? error.message : JSON.stringify(error)}`);
 		}
 	});
+	return { visibleReplySent };
 }
 async function monitorZalouserProvider(options) {
 	let { account, config } = options;
@@ -564,8 +569,8 @@ async function monitorZalouserProvider(options) {
 	const groupHistories = /* @__PURE__ */ new Map();
 	try {
 		const profile = account.profile;
-		const allowFromEntries = (account.config.allowFrom ?? []).map((entry) => normalizeZalouserEntry(String(entry))).filter((entry) => entry && entry !== "*");
-		const groupAllowFromEntries = (account.config.groupAllowFrom ?? []).map((entry) => normalizeZalouserEntry(String(entry))).filter((entry) => entry && entry !== "*");
+		const allowFromEntries = (account.config.allowFrom ?? []).map((entry) => normalizeZalouserAllowEntry(String(entry))).filter((entry) => entry && entry !== "*");
+		const groupAllowFromEntries = (account.config.groupAllowFrom ?? []).map((entry) => normalizeZalouserAllowEntry(String(entry))).filter((entry) => entry && entry !== "*");
 		const allowNameMatching = isDangerousNameMatchingEnabled(account.config);
 		if (allowNameMatching && (allowFromEntries.length > 0 || groupAllowFromEntries.length > 0)) {
 			const byName = buildNameIndex(await listZaloFriends(profile), (friend) => friend.displayName);
@@ -608,7 +613,7 @@ async function monitorZalouserProvider(options) {
 			const unresolved = [];
 			const nextGroups = { ...groupsConfig };
 			for (const entry of groupKeys) {
-				const cleaned = normalizeZalouserEntry(entry);
+				const cleaned = normalizeZalouserAllowEntry(entry);
 				if (/^\d+$/.test(cleaned)) {
 					if (!nextGroups[cleaned]) nextGroups[cleaned] = groupsConfig[entry];
 					mapping.push(`${entry}→${cleaned}`);

package/dist/runtime-api.js

@@ -1,22 +1,20 @@
-import { n as zalouserSetupWizard } from "./setup-surface-NCOuKu-l.js";
+import { n as zalouserSetupWizard } from "./setup-surface-6MmoBuUf.js";
 import { n as setZalouserRuntime } from "./runtime-QNU7vLgI.js";
 import { n as zalouserSetupAdapter, t as createZalouserSetupWizardProxy } from "./setup-core-CqipqY98.js";
-import { t as zalouserPlugin } from "./channel-DLNmGWb8.js";
+import { t as zalouserPlugin } from "./channel-BaznOdZe.js";
 import { n as isZalouserMutableGroupEntry, t as collectZalouserSecurityAuditFindings } from "./security-audit-BZLhil-V.js";
-import { t as zalouserSetupPlugin } from "./channel.setup-CiDeBFrn.js";
-import { t as createZalouserTool } from "./api-C3SYq_R3.js";
+import { t as zalouserSetupPlugin } from "./channel.setup-Tevqgs6C.js";
+import { t as createZalouserTool } from "./api-Dl_YURKB.js";
 import { buildBaseAccountStatusSnapshot } from "openclaw/plugin-sdk/status-helpers";
 import { formatAllowFromLowercase, mergeAllowlist, summarizeMapping } from "openclaw/plugin-sdk/allow-from";
 import { DEFAULT_ACCOUNT_ID, buildChannelConfigSchema, normalizeAccountId } from "openclaw/plugin-sdk/core";
 import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/dangerous-name-runtime";
 import { chunkTextForOutbound } from "openclaw/plugin-sdk/text-chunking";
 import { deliverTextOrMediaReply, isNumericTargetId, resolveSendableOutboundReplyParts, sendPayloadWithChunkedTextAndMedia } from "openclaw/plugin-sdk/reply-payload";
+import { createChannelMessageReplyPipeline } from "openclaw/plugin-sdk/channel-message";
 import { createChannelPairingController } from "openclaw/plugin-sdk/channel-pairing";
 import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/temp-path";
 import { loadOutboundMediaFromUrl } from "openclaw/plugin-sdk/outbound-media";
 import { resolveDefaultGroupPolicy, resolveOpenProviderRuntimeGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce } from "openclaw/plugin-sdk/runtime-group-policy";
 import { resolveInboundMentionDecision } from "openclaw/plugin-sdk/channel-inbound";
-import { createChannelReplyPipeline } from "openclaw/plugin-sdk/channel-reply-pipeline";
-import { resolveSenderCommandAuthorization } from "openclaw/plugin-sdk/command-auth";
-import { evaluateGroupRouteAccessForPolicy, resolveSenderScopedGroupPolicy } from "openclaw/plugin-sdk/group-access";
-export { DEFAULT_ACCOUNT_ID, buildBaseAccountStatusSnapshot, buildChannelConfigSchema, chunkTextForOutbound, collectZalouserSecurityAuditFindings, createChannelPairingController, createChannelReplyPipeline, createZalouserSetupWizardProxy, createZalouserTool, deliverTextOrMediaReply, evaluateGroupRouteAccessForPolicy, formatAllowFromLowercase, isDangerousNameMatchingEnabled, isNumericTargetId, isZalouserMutableGroupEntry, loadOutboundMediaFromUrl, mergeAllowlist, normalizeAccountId, resolveDefaultGroupPolicy, resolveInboundMentionDecision, resolveOpenProviderRuntimeGroupPolicy, resolvePreferredOpenClawTmpDir, resolveSendableOutboundReplyParts, resolveSenderCommandAuthorization, resolveSenderScopedGroupPolicy, sendPayloadWithChunkedTextAndMedia, setZalouserRuntime, summarizeMapping, warnMissingProviderGroupPolicyFallbackOnce, zalouserPlugin, zalouserSetupAdapter, zalouserSetupPlugin, zalouserSetupWizard };
+export { DEFAULT_ACCOUNT_ID, buildBaseAccountStatusSnapshot, buildChannelConfigSchema, chunkTextForOutbound, collectZalouserSecurityAuditFindings, createChannelMessageReplyPipeline, createChannelPairingController, createZalouserSetupWizardProxy, createZalouserTool, deliverTextOrMediaReply, formatAllowFromLowercase, isDangerousNameMatchingEnabled, isNumericTargetId, isZalouserMutableGroupEntry, loadOutboundMediaFromUrl, mergeAllowlist, normalizeAccountId, resolveDefaultGroupPolicy, resolveInboundMentionDecision, resolveOpenProviderRuntimeGroupPolicy, resolvePreferredOpenClawTmpDir, resolveSendableOutboundReplyParts, sendPayloadWithChunkedTextAndMedia, setZalouserRuntime, summarizeMapping, warnMissingProviderGroupPolicyFallbackOnce, zalouserPlugin, zalouserSetupAdapter, zalouserSetupPlugin, zalouserSetupWizard };

package/dist/{send-BsmySxe3.js → send-CeCQ8UZF.js}

@@ -1,4 +1,4 @@
-import { _ as sendZaloTypingEvent, f as sendZaloDeliveredEvent, g as sendZaloTextMessage, h as sendZaloSeenEvent, m as sendZaloReaction, p as sendZaloLink, x as TextStyle } from "./zalo-js-CHCUlY3c.js";
+import { S as TextStyle, _ as sendZaloTypingEvent, f as sendZaloDeliveredEvent, g as sendZaloTextMessage, h as sendZaloSeenEvent, m as sendZaloReaction, p as sendZaloLink, x as createZalouserSendReceipt } from "./zalo-js-QGi0H5K7.js";
 //#region extensions/zalouser/src/text-styles.ts
 const ESCAPE_SENTINEL_START = "
";
 const ESCAPE_SENTINEL_END = "";
@@ -418,7 +418,11 @@ async function sendMessageZalouser(threadId, text, options = {}) {
 	}
 	return lastResult ?? {
 		ok: false,
-		error: "No message content provided"
+		error: "No message content provided",
+		receipt: createZalouserSendReceipt({
+			threadId,
+			kind: "text"
+		})
 	};
 }
 async function sendImageZalouser(threadId, imageUrl, options = {}) {
@@ -446,7 +450,11 @@ async function sendReactionZalouser(params) {
 	});
 	return {
 		ok: result.ok,
-		error: result.error
+		error: result.error,
+		receipt: createZalouserSendReceipt({
+			threadId: params.threadId,
+			kind: "unknown"
+		})
 	};
 }
 async function sendDeliveredZalouser(params) {

package/dist/setup-plugin-api.js

@@ -1,2 +1,2 @@
-import { t as zalouserSetupPlugin } from "./channel.setup-CiDeBFrn.js";
+import { t as zalouserSetupPlugin } from "./channel.setup-Tevqgs6C.js";
 export { zalouserSetupPlugin };

package/dist/{setup-surface-NCOuKu-l.js → setup-surface-6MmoBuUf.js}

@@ -1,6 +1,6 @@
-import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-C00IMUgd.js";
+import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-ClSPNIvj.js";
 import { r as writeQrDataUrlToTempFile } from "./setup-core-CqipqY98.js";
-import { b as waitForZaloQrLogin, c as logoutZaloProfile, d as resolveZaloGroupsByEntries, l as resolveZaloAllowFromEntries, y as startZaloQrLogin } from "./zalo-js-CHCUlY3c.js";
+import { b as waitForZaloQrLogin, c as logoutZaloProfile, d as resolveZaloGroupsByEntries, l as resolveZaloAllowFromEntries, y as startZaloQrLogin } from "./zalo-js-QGi0H5K7.js";
 import { DEFAULT_ACCOUNT_ID, addWildcardAllowFrom, formatCliCommand, formatDocsLink, formatResolvedUnresolvedNote, mergeAllowFromEntries, normalizeAccountId, patchScopedAccountConfig } from "openclaw/plugin-sdk/setup";
 //#region \0rolldown/runtime.js
 var __defProp = Object.defineProperty;

package/dist/{shared-DSy8aIUx.js → shared-C4hIhcfY.js}

@@ -1,4 +1,4 @@
-import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-C00IMUgd.js";
+import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-ClSPNIvj.js";
 import { n as normalizeCompatibilityConfig, t as legacyConfigRules } from "./doctor-contract-DgqHp8E2.js";
 import { n as isZalouserMutableGroupEntry } from "./security-audit-BZLhil-V.js";
 import { formatAllowFromLowercase } from "openclaw/plugin-sdk/allow-from";

package/dist/test-api.js

@@ -1,5 +1,5 @@
-import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, n as getZcaUserInfo, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-C00IMUgd.js";
+import { a as resolveZalouserAccountSync, i as resolveDefaultZalouserAccountId, n as getZcaUserInfo, r as listZalouserAccountIds, t as checkZcaAuthenticated } from "./accounts-ClSPNIvj.js";
 import { r as parseZalouserOutboundTarget } from "./session-route-C0-Xr8bt.js";
-import { a as listZaloGroupMembers, b as waitForZaloQrLogin, c as logoutZaloProfile, d as resolveZaloGroupsByEntries, i as listZaloFriendsMatching, l as resolveZaloAllowFromEntries, n as getZaloUserInfo, s as listZaloGroupsMatching, t as checkZaloAuthenticated, y as startZaloQrLogin } from "./zalo-js-CHCUlY3c.js";
-import { i as sendMessageZalouser } from "./send-BsmySxe3.js";
+import { a as listZaloGroupMembers, b as waitForZaloQrLogin, c as logoutZaloProfile, d as resolveZaloGroupsByEntries, i as listZaloFriendsMatching, l as resolveZaloAllowFromEntries, n as getZaloUserInfo, s as listZaloGroupsMatching, t as checkZaloAuthenticated, y as startZaloQrLogin } from "./zalo-js-QGi0H5K7.js";
+import { i as sendMessageZalouser } from "./send-CeCQ8UZF.js";
 export { checkZaloAuthenticated, checkZcaAuthenticated, getZaloUserInfo, getZcaUserInfo, listZaloFriendsMatching, listZaloGroupMembers, listZaloGroupsMatching, listZalouserAccountIds, logoutZaloProfile, parseZalouserOutboundTarget, resolveDefaultZalouserAccountId, resolveZaloAllowFromEntries, resolveZaloGroupsByEntries, resolveZalouserAccountSync, sendMessageZalouser, startZaloQrLogin, waitForZaloQrLogin };

package/dist/{zalo-js-CHCUlY3c.js → zalo-js-QGi0H5K7.js}

@@ -1,9 +1,12 @@
-import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString, normalizeOptionalString } from "openclaw/plugin-sdk/text-runtime";
+import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString, normalizeOptionalString, sleep } from "openclaw/plugin-sdk/text-runtime";
+import { createMessageReceiptFromOutboundResults } from "openclaw/plugin-sdk/channel-message";
 import path from "node:path";
 import { randomUUID } from "node:crypto";
 import fs from "node:fs";
 import os from "node:os";
+import { extensionForMime } from "openclaw/plugin-sdk/media-mime";
 import { loadOutboundMediaFromUrl } from "openclaw/plugin-sdk/outbound-media";
+import { privateFileStoreSync, readRegularFileSync, statRegularFileSync, withTimeout } from "openclaw/plugin-sdk/security-runtime";
 import { resolveStateDir } from "openclaw/plugin-sdk/state-paths";
 //#region extensions/zalouser/src/zca-constants.ts
 const ThreadType = {
@@ -66,6 +69,24 @@ function normalizeZaloReactionIcon(raw) {
 	return REACTION_ALIAS_MAP.get(normalizeLowercaseStringOrEmpty(trimmed)) ?? REACTION_ALIAS_MAP.get(trimmed) ?? trimmed;
 }
 //#endregion
+//#region extensions/zalouser/src/send-receipt.ts
+function createZalouserSendReceipt(params) {
+	const platformMessageIds = (params.platformMessageIds ?? [params.messageId]).map((messageId) => messageId?.trim()).filter((messageId) => Boolean(messageId));
+	const threadId = params.threadId?.trim();
+	return createMessageReceiptFromOutboundResults({
+		results: platformMessageIds.map((messageId) => {
+			const result = {
+				channel: "zalouser",
+				messageId
+			};
+			if (threadId) result.conversationId = threadId;
+			return result;
+		}),
+		...threadId ? { threadId } : {},
+		kind: params.kind ?? "unknown"
+	});
+}
+//#endregion
 //#region extensions/zalouser/src/zca-client.ts
 let zcaJsRuntimePromise = null;
 async function loadZcaJsRuntime() {
@@ -110,76 +131,16 @@ function resolveCredentialsPath(profile, env = process.env) {
 function isNodeErrorCode(error, code) {
 	return typeof error === "object" && error !== null && "code" in error && error.code === code;
 }
-function ensureCredentialsDir() {
-	const dir = resolveCredentialsDir();
-	fs.mkdirSync(dir, {
-		recursive: true,
-		mode: 448
-	});
-	const stat = fs.lstatSync(dir);
-	if (!stat.isDirectory() || stat.isSymbolicLink()) throw new Error("Refusing to use non-directory Zalo credentials path");
-	try {
-		fs.chmodSync(dir, 448);
-	} catch {}
-	return dir;
-}
 function isReadableCredentialFile(filePath) {
 	try {
-		const stat = fs.lstatSync(filePath);
-		return stat.isFile() && !stat.isSymbolicLink();
+		return !statRegularFileSync(filePath).missing;
 	} catch (error) {
 		if (isNodeErrorCode(error, "ENOENT")) return false;
 		throw error;
 	}
 }
-function assertWritableCredentialTarget(filePath) {
-	try {
-		const stat = fs.lstatSync(filePath);
-		if (!stat.isFile() || stat.isSymbolicLink()) throw new Error("Refusing to write Zalo credentials to symlinked path");
-	} catch (error) {
-		if (isNodeErrorCode(error, "ENOENT")) return;
-		throw error;
-	}
-}
 function writeCredentialFileAtomic(filePath, payload) {
-	const dir = ensureCredentialsDir();
-	assertWritableCredentialTarget(filePath);
-	const tempPath = path.join(dir, `.${path.basename(filePath)}.tmp-${process.pid}-${randomUUID()}`);
-	try {
-		fs.writeFileSync(tempPath, payload, {
-			encoding: "utf-8",
-			mode: 384,
-			flag: "wx"
-		});
-		try {
-			fs.chmodSync(tempPath, 384);
-		} catch {}
-		fs.renameSync(tempPath, filePath);
-		try {
-			fs.chmodSync(filePath, 384);
-		} catch {}
-	} finally {
-		try {
-			fs.unlinkSync(tempPath);
-		} catch {}
-	}
-}
-function withTimeout(promise, timeoutMs, label) {
-	return new Promise((resolve, reject) => {
-		const timer = setTimeout(() => {
-			reject(new Error(label));
-		}, timeoutMs);
-		promise.then((result) => {
-			clearTimeout(timer);
-			resolve(result);
-		}).catch((err) => {
-			clearTimeout(timer);
-			reject(err);
-		});
-	});
-}
-function delay(ms) {
-	return new Promise((resolve) => setTimeout(resolve, ms));
+	privateFileStoreSync(resolveCredentialsDir()).writeText(path.basename(filePath), payload);
 }
 function normalizeProfile(profile) {
 	const trimmed = profile?.trim();
@@ -380,7 +341,7 @@ function resolveMediaFileName(params) {
 		const fromPath = path.basename(parsed.pathname).trim();
 		if (fromPath) return fromPath;
 	} catch {}
-	return `upload.${params.contentType === "image/png" ? "png" : params.contentType === "image/webp" ? "webp" : params.contentType === "image/jpeg" ? "jpg" : params.contentType === "video/mp4" ? "mp4" : params.contentType === "audio/mpeg" ? "mp3" : params.contentType === "audio/ogg" ? "ogg" : params.contentType === "audio/wav" ? "wav" : params.kind === "video" ? "mp4" : params.kind === "audio" ? "mp3" : params.kind === "image" ? "jpg" : "bin"}`;
+	return `upload.${extensionForMime(params.contentType)?.replace(/^\./u, "") ?? (params.kind === "video" ? "mp4" : params.kind === "audio" ? "mp3" : params.kind === "image" ? "jpg" : "bin")}`;
 }
 function resolveUploadedVoiceAsset(uploaded) {
 	for (const item of uploaded) {
@@ -416,7 +377,7 @@ function readCredentials(profile) {
 	const filePath = resolveCredentialsPath(profile);
 	try {
 		if (!isReadableCredentialFile(filePath)) return null;
-		const raw = fs.readFileSync(filePath, "utf-8");
+		const raw = readRegularFileSync({ filePath }).buffer.toString("utf-8");
 		const parsed = JSON.parse(raw);
 		if (typeof parsed.imei !== "string" || !parsed.imei || !parsed.cookie || typeof parsed.userAgent !== "string" || !parsed.userAgent) return null;
 		const credentials = {
@@ -525,7 +486,7 @@ async function ensureApi(profileInput, timeoutMs = API_LOGIN_TIMEOUT_MS) {
 			cookie: stored.cookie,
 			userAgent: stored.userAgent,
 			language: stored.language
-		}), timeoutMs, `Timed out restoring Zalo session for profile "${profile}"`);
+		}), timeoutMs, { message: `Timed out restoring Zalo session for profile "${profile}"` });
 		apiByProfile.set(profile, api);
 		writeApiCredentials(profile, api, stored);
 		return api;
@@ -669,7 +630,7 @@ async function checkZaloAuthenticated(profileInput) {
 	const profile = normalizeProfile(profileInput);
 	if (!zalouserSessionExists(profile)) return false;
 	try {
-		await withZaloApi(profile, async (api) => await withTimeout(api.fetchAccountInfo(), 12e3, "Timed out checking Zalo session"), { timeoutMs: 12e3 });
+		await withZaloApi(profile, async (api) => await withTimeout(api.fetchAccountInfo(), 12e3, { message: "Timed out checking Zalo session" }), { timeoutMs: 12e3 });
 		return true;
 	} catch {
 		invalidateApi(profile);
@@ -799,7 +760,11 @@ async function sendZaloTextMessage(threadId, text, options = {}) {
 	const trimmedThreadId = threadId.trim();
 	if (!trimmedThreadId) return {
 		ok: false,
-		error: "No threadId provided"
+		error: "No threadId provided",
+		receipt: createZalouserSendReceipt({
+			threadId,
+			kind: "unknown"
+		})
 	};
 	return await withZaloApi(profile, async (api) => {
 		const type = options.isGroup ? ThreadType.Group : ThreadType.User;
@@ -831,37 +796,59 @@ async function sendZaloTextMessage(threadId, text, options = {}) {
 					}], trimmedThreadId, type));
 					if (!voiceAsset) throw new Error("Failed to resolve uploaded audio URL for voice message");
 					const voiceUrl = buildZaloVoicePlaybackUrl(voiceAsset);
+					const voiceMessageId = extractSendMessageId(await api.sendVoice({ voiceUrl }, trimmedThreadId, type));
 					return {
 						ok: true,
-						messageId: extractSendMessageId(await api.sendVoice({ voiceUrl }, trimmedThreadId, type)) ?? textMessageId
+						messageId: voiceMessageId ?? textMessageId,
+						receipt: createZalouserSendReceipt({
+							platformMessageIds: [textMessageId, voiceMessageId],
+							threadId: trimmedThreadId,
+							kind: "voice"
+						})
 					};
 				}
+				const messageId = extractSendMessageId(await api.sendMessage({
+					msg: payloadText,
+					...textStyles ? { styles: textStyles } : {},
+					attachments: [{
+						data: media.buffer,
+						filename: fileName.includes(".") ? fileName : `${fileName}.bin`,
+						metadata: { totalSize: media.buffer.length }
+					}]
+				}, trimmedThreadId, type));
 				return {
 					ok: true,
-					messageId: extractSendMessageId(await api.sendMessage({
-						msg: payloadText,
-						...textStyles ? { styles: textStyles } : {},
-						attachments: [{
-							data: media.buffer,
-							filename: fileName.includes(".") ? fileName : `${fileName}.bin`,
-							metadata: { totalSize: media.buffer.length }
-						}]
-					}, trimmedThreadId, type))
+					messageId,
+					receipt: createZalouserSendReceipt({
+						messageId,
+						threadId: trimmedThreadId,
+						kind: "media"
+					})
 				};
 			}
 			const payloadText = text.slice(0, 2e3);
 			const textStyles = clampTextStyles(payloadText, options.textStyles);
+			const messageId = extractSendMessageId(await api.sendMessage(textStyles ? {
+				msg: payloadText,
+				styles: textStyles
+			} : payloadText, trimmedThreadId, type));
 			return {
 				ok: true,
-				messageId: extractSendMessageId(await api.sendMessage(textStyles ? {
-					msg: payloadText,
-					styles: textStyles
-				} : payloadText, trimmedThreadId, type))
+				messageId,
+				receipt: createZalouserSendReceipt({
+					messageId,
+					threadId: trimmedThreadId,
+					kind: "text"
+				})
 			};
 		} catch (error) {
 			return {
 				ok: false,
-				error: toErrorMessage(error)
+				error: toErrorMessage(error),
+				receipt: createZalouserSendReceipt({
+					threadId: trimmedThreadId,
+					kind: "unknown"
+				})
 			};
 		}
 	}, { shouldPersist: (result) => result.ok });
@@ -942,11 +929,19 @@ async function sendZaloLink(threadId, url, options = {}) {
 	const trimmedUrl = url.trim();
 	if (!trimmedThreadId) return {
 		ok: false,
-		error: "No threadId provided"
+		error: "No threadId provided",
+		receipt: createZalouserSendReceipt({
+			threadId,
+			kind: "unknown"
+		})
 	};
 	if (!trimmedUrl) return {
 		ok: false,
-		error: "No URL provided"
+		error: "No URL provided",
+		receipt: createZalouserSendReceipt({
+			threadId: trimmedThreadId,
+			kind: "card"
+		})
 	};
 	try {
 		return await withZaloApi(profile, async (api) => {
@@ -955,15 +950,25 @@ async function sendZaloLink(threadId, url, options = {}) {
 				link: trimmedUrl,
 				msg: options.caption
 			}, trimmedThreadId, type);
+			const messageId = String(response.msgId);
 			return {
 				ok: true,
-				messageId: String(response.msgId)
+				messageId,
+				receipt: createZalouserSendReceipt({
+					messageId,
+					threadId: trimmedThreadId,
+					kind: "card"
+				})
 			};
 		}, { shouldPersist: (result) => result.ok });
 	} catch (error) {
 		return {
 			ok: false,
-			error: toErrorMessage(error)
+			error: toErrorMessage(error),
+			receipt: createZalouserSendReceipt({
+				threadId: trimmedThreadId,
+				kind: "card"
+			})
 		};
 	}
 }
@@ -1069,7 +1074,7 @@ async function startZaloQrLogin(params) {
 			qrDataUrl: active.qrDataUrl,
 			message: "Scan this QR with the Zalo app."
 		};
-		await delay(150);
+		await sleep(150);
 	}
 	return { message: "Still preparing QR. Call wait to continue checking login status." };
 }
@@ -1108,7 +1113,7 @@ async function waitForZaloQrLogin(params) {
 				message: "Login successful."
 			};
 		}
-		await Promise.race([active.waitPromise, delay(400)]);
+		await Promise.race([active.waitPromise, sleep(400)]);
 	}
 	return {
 		connected: false,
@@ -1276,4 +1281,4 @@ async function resolveZaloAllowFromEntries(params) {
 	});
 }
 //#endregion
-export { sendZaloTypingEvent as _, listZaloGroupMembers as a, waitForZaloQrLogin as b, logoutZaloProfile as c, resolveZaloGroupsByEntries as d, sendZaloDeliveredEvent as f, sendZaloTextMessage as g, sendZaloSeenEvent as h, listZaloFriendsMatching as i, resolveZaloAllowFromEntries as l, sendZaloReaction as m, getZaloUserInfo as n, listZaloGroups as o, sendZaloLink as p, listZaloFriends as r, listZaloGroupsMatching as s, checkZaloAuthenticated as t, resolveZaloGroupContext as u, startZaloListener as v, TextStyle as x, startZaloQrLogin as y };
+export { TextStyle as S, sendZaloTypingEvent as _, listZaloGroupMembers as a, waitForZaloQrLogin as b, logoutZaloProfile as c, resolveZaloGroupsByEntries as d, sendZaloDeliveredEvent as f, sendZaloTextMessage as g, sendZaloSeenEvent as h, listZaloFriendsMatching as i, resolveZaloAllowFromEntries as l, sendZaloReaction as m, getZaloUserInfo as n, listZaloGroups as o, sendZaloLink as p, listZaloFriends as r, listZaloGroupsMatching as s, checkZaloAuthenticated as t, resolveZaloGroupContext as u, startZaloListener as v, createZalouserSendReceipt as x, startZaloQrLogin as y };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/zalouser",
-  "version": "2026.5.7",
+  "version": "2026.5.10-beta.1",
   "description": "OpenClaw Zalo Personal Account plugin via native zca-js integration",
   "repository": {
     "type": "git",
@@ -8,7 +8,7 @@
   },
   "type": "module",
   "dependencies": {
-    "typebox": "1.1.37",
+    "typebox": "1.1.38",
     "zca-js": "2.1.2"
   },
   "devDependencies": {
@@ -16,7 +16,7 @@
     "openclaw": "workspace:*"
   },
   "peerDependencies": {
-    "openclaw": ">=2026.5.7"
+    "openclaw": ">=2026.5.10-beta.1"
   },
   "peerDependenciesMeta": {
     "openclaw": {
@@ -53,10 +53,10 @@
       "minHostVersion": ">=2026.4.10"
     },
     "compat": {
-      "pluginApi": ">=2026.5.7"
+      "pluginApi": ">=2026.5.10-beta.1"
     },
     "build": {
-      "openclawVersion": "2026.5.7"
+      "openclawVersion": "2026.5.10-beta.1"
     },
     "release": {
       "publishToClawHub": true,