@rine-network/openclaw 0.1.0

package/dist/index.js

@@ -0,0 +1,638 @@
+import { a as INTERNAL_TOOLS, i as DEFAULT_ACCOUNT_ID, n as resolveRineConfig, r as rinePlugin, t as readRineCredentials } from "./config-BsdV6THh.js";
+import { i as normalizeStandardWebhook, n as normalizeA2A, t as isAllowed } from "./inbound-G0JD7YmI.js";
+import { defineChannelPluginEntry } from "openclaw/plugin-sdk/channel-core";
+import { HttpClient, fetchAgents, getOrRefreshToken, resolveAgent } from "@rine-network/core";
+import { dispatchInboundDirectDmWithRuntime } from "openclaw/plugin-sdk/channel-inbound";
+import { tools } from "@rine-network/mcp/tools";
+import { jsonResult } from "openclaw/plugin-sdk/channel-actions";
+//#region openclaw.plugin.json
+var description = "Agent-to-agent E2EE messaging over the rine network (A2A relay / SSE / poll).";
+var uiHints = {
+	"exposeBaseUrl": {
+		"label": "Public base URL",
+		"sensitive": false,
+		"help": "Required for EXPOSE: publicly reachable Gateway URL for inbound push (reverse proxy / tunnel)."
+	},
+	"transport": { "help": "expose = A2A/standard-webhook push (NAT-friendly, owner opt-in, needs a public URL); sse = long-lived outbound stream (safe default, needs the Gateway kept alive); poll = interval /poll check (least token-intensive)." }
+};
+var configSchema = {
+	"type": "object",
+	"additionalProperties": false,
+	"properties": {
+		"transport": {
+			"type": "string",
+			"enum": [
+				"expose",
+				"sse",
+				"poll"
+			],
+			"default": "sse",
+			"description": "Inbound transport posture. expose=A2A/standard-webhook push (NAT-friendly, owner opt-in, needs public URL); sse=long-lived outbound stream (safe default); poll=interval /poll check (least token-intensive)."
+		},
+		"configDir": {
+			"type": "string",
+			"description": "Override rine creds dir (default $RINE_CONFIG_DIR > ~/.config/rine > cwd/.rine)."
+		},
+		"agentId": {
+			"type": "string",
+			"description": "rine agent id to bind (default: credentialed agent)."
+		},
+		"baseUrl": {
+			"type": "string",
+			"description": "rine API base URL (default from credentials.json / RINE_API_URL / https://rine.network)."
+		},
+		"pollIntervalMs": {
+			"type": "number",
+			"default": 6e4,
+			"description": "POLL only: interval between /poll checks."
+		},
+		"reconnectBaseMs": {
+			"type": "number",
+			"default": 3e3,
+			"description": "SSE/EXPOSE reconnect base backoff."
+		},
+		"reconnectMaxMs": {
+			"type": "number",
+			"default": 3e5,
+			"description": "SSE/EXPOSE reconnect ceiling."
+		},
+		"exposeBaseUrl": {
+			"type": "string",
+			"description": "EXPOSE only: public base URL for inbound webhook (e.g. https://gw.example.com)."
+		},
+		"a2aAcceptCleartext": {
+			"type": "boolean",
+			"default": true,
+			"description": "EXPOSE only: allow unencrypted A2A inbound."
+		},
+		"allowFrom": {
+			"type": "array",
+			"items": { "type": "string" },
+			"default": ["*"],
+			"description": "Sender allowlist: '*'=all, '@org'=org-scoped, exact handle. Disallowed senders are quarantined (logged), not silently dropped."
+		},
+		"healthMonitor": {
+			"type": "object",
+			"additionalProperties": false,
+			"description": "OpenClaw channel-health-monitor opt-out. rine is a thin channel (no gateway socket; the notify service owns delivery), so the monitor treats it as perpetually not-running and churns restarts (~every 5 min). Set enabled:false to silence it; omitting the block inherits the global gateway setting.",
+			"properties": { "enabled": {
+				"type": "boolean",
+				"default": false,
+				"description": "Whether OpenClaw's channel-health-monitor may restart this channel. Recommended false for rine — nothing to monitor."
+			} }
+		}
+	}
+};
+//#endregion
+//#region src/rine-client.ts
+/** Hard ceiling on a single unauthenticated /poll request (the poll loop owns the cadence). */
+const POLL_REQUEST_TIMEOUT_MS = 3e4;
+/**
+* Build the rine HTTP client + ToolContext from resolved creds. Mirrors
+* rine-mcp/src/server.ts bootstrap: tokenFn = getCredentialEntry + getOrRefreshToken;
+* new HttpClient({ tokenFn, apiUrl, canRefresh }).
+*/
+function buildRineClient(creds) {
+	const { configDir, apiUrl, entry } = creds;
+	const getJwt = (force) => getOrRefreshToken(configDir, apiUrl, entry, DEFAULT_ACCOUNT_ID, { force });
+	const client = new HttpClient({
+		tokenFn: getJwt,
+		apiUrl,
+		canRefresh: Boolean(entry)
+	});
+	const toolContext = {
+		client,
+		configDir,
+		apiUrl
+	};
+	async function pollCount(pollUrl, signal) {
+		try {
+			const res = await fetch(pollUrl, { signal: signal ?? AbortSignal.timeout(POLL_REQUEST_TIMEOUT_MS) });
+			if (!res.ok) return 0;
+			const body = await res.json();
+			return typeof body.count === "number" ? body.count : 0;
+		} catch {
+			return 0;
+		}
+	}
+	async function fetchNewMessages(agentId, limit = 50) {
+		const res = await client.get(`/agents/${agentId}/messages`, {
+			status: "new",
+			limit
+		});
+		return Array.isArray(res.items) ? res.items : [];
+	}
+	async function markDelivered(agentId, ids) {
+		if (ids.length === 0) return 0;
+		return (await client.markDelivered(agentId, ids)).marked;
+	}
+	return {
+		toolContext,
+		client,
+		configDir,
+		apiUrl,
+		getJwt,
+		pollCount,
+		fetchNewMessages,
+		markDelivered
+	};
+}
+//#endregion
+//#region src/outbound.ts
+function toolByName(name, all = tools) {
+	const def = all.find((t) => t.name === name);
+	if (!def) throw new Error(`rine: required mcp tool "${name}" not found — version skew`);
+	return def;
+}
+/**
+* Route an agent reply back out as a rine message, reusing the lifted `rine_reply`
+* handler (E2EE encrypt + POST /messages/{id}/reply, auto-routed to the original
+* sender, conversation_id preserved). No crypto/HTTP reimplemented.
+*/
+async function sendRineReply(client, inbound, text) {
+	return toolByName("rine_reply").handler(client.toolContext, {
+		message_id: inbound.id,
+		payload: { text }
+	});
+}
+//#endregion
+//#region src/dispatch.ts
+function msgOf(err) {
+	return err instanceof Error ? err.message : String(err);
+}
+/** The inline pointer body — ciphertext stays out of the transcript; agent calls `rine_read`. */
+function pointerText(msg) {
+	return `[rine ${msg.type} from ${msg.fromHandle}] message ${msg.id} (read with rine_read)`;
+}
+/**
+* Build the shared `onMessage` path all transports converge on.
+*
+* Invariants (acceptance §6):
+*  - dedupe by rine message id (Set, add-id-BEFORE-await race guard; delete-on-error
+*    so a failed dispatch is retried; hourly clear bounds memory).
+*  - mark-delivered ONLY after a successful dispatch (at-least-once).
+*  - disallowed sender → quarantine (logged exactly once), no dispatch, not marked
+*    delivered (recoverable after the operator fixes allowFrom + restarts the gateway).
+*/
+function makeOnMessage(deps) {
+	const { client, config, agentId, logger, dispatch, signal } = deps;
+	const seen = /* @__PURE__ */ new Set();
+	const quarantined = /* @__PURE__ */ new Set();
+	let lastClear = Date.now();
+	function maybeClear() {
+		if (Date.now() - lastClear > 36e5) {
+			seen.clear();
+			lastClear = Date.now();
+		}
+	}
+	return async function onMessage(msg) {
+		maybeClear();
+		if (seen.has(msg.id)) return true;
+		if (isAllowed(msg.fromHandle, config.allowFrom) === "quarantined") {
+			if (!quarantined.has(msg.id)) {
+				quarantined.add(msg.id);
+				logger.warn(`rine: quarantined message ${msg.id} from disallowed sender "${msg.fromHandle}" (allowFrom=${config.allowFrom.join(",")}; allowFrom changes take effect on gateway restart)`);
+			}
+			return true;
+		}
+		logger.info(`rine: inbound ${msg.type} ${msg.id} from ${msg.fromHandle} → dispatching`);
+		seen.add(msg.id);
+		try {
+			await dispatch(msg, signal);
+		} catch (err) {
+			seen.delete(msg.id);
+			logger.error(`rine: dispatch failed for ${msg.id}: ${msgOf(err)}`);
+			return false;
+		}
+		try {
+			await client.markDelivered(agentId, [msg.id]);
+		} catch (err) {
+			logger.warn(`rine: mark-delivered failed for ${msg.id} (already dispatched): ${msgOf(err)}`);
+		}
+		return true;
+	};
+}
+/**
+* Production dispatch fn: wakes an agent turn for one inbound rine message via the
+* canonical `dispatchInboundDirectDmWithRuntime` helper. `api.config` (cfg) and
+* `api.runtime` (the `DirectDmRuntime` facade) are threaded in from the service.
+*
+* Keeps the pointer-body design: `pointerText(msg)` carries only a "read with rine_read"
+* pointer, so ciphertext never enters the transcript.
+*/
+function makeRuntimeDispatcher(params) {
+	const { cfg, runtime, client, agentId, logger } = params;
+	return async function dispatch(msg, signal) {
+		signal.throwIfAborted();
+		const peerId = msg.isGroup ? msg.conversationId : msg.fromHandle;
+		const timestamp = msg.createdAt ? Date.parse(msg.createdAt) : void 0;
+		let dispatchErr;
+		await dispatchInboundDirectDmWithRuntime({
+			cfg,
+			runtime,
+			channel: "rine",
+			channelLabel: "Rine",
+			accountId: agentId,
+			peer: {
+				kind: "direct",
+				id: peerId
+			},
+			senderId: msg.fromHandle,
+			senderAddress: msg.fromHandle,
+			recipientAddress: agentId,
+			conversationLabel: msg.isGroup ? `rine group ${msg.conversationId}` : msg.fromHandle,
+			rawBody: pointerText(msg),
+			messageId: msg.id,
+			timestamp: Number.isFinite(timestamp) ? timestamp : void 0,
+			deliver: async (payload) => {
+				const text = payload.text ?? "";
+				if (!text) {
+					logger.warn(`rine: dropping non-text reply for ${msg.id} (rine replies are text-only)`);
+					return;
+				}
+				await replyToRine(client, msg, text, logger);
+			},
+			onRecordError: (err) => logger.warn(`rine: session-record error for ${msg.id}: ${msgOf(err)}`),
+			onDispatchError: (err) => {
+				dispatchErr = err;
+			}
+		});
+		if (dispatchErr) throw dispatchErr;
+	};
+}
+async function replyToRine(client, msg, text, logger) {
+	if (!text) return;
+	try {
+		await sendRineReply(client, msg, text);
+	} catch (err) {
+		logger.error(`rine: outbound reply failed for ${msg.id}: ${msgOf(err)}`);
+	}
+}
+//#endregion
+//#region src/transports/expose.ts
+const RINE_INBOUND_PATH = "/rine/inbound";
+/** Reject bodies larger than this before HMAC work — bounds memory + CPU on hostile input. */
+const MAX_BODY_BYTES = 512 * 1024;
+let exposeState;
+/** Read the request body with a hard size cap; undefined signals "too large". */
+async function readBody(req) {
+	const chunks = [];
+	let total = 0;
+	for await (const chunk of req) {
+		const buf = typeof chunk === "string" ? Buffer.from(chunk) : chunk;
+		total += buf.length;
+		if (total > MAX_BODY_BYTES) return void 0;
+		chunks.push(buf);
+	}
+	return Buffer.concat(chunks);
+}
+/** The /rine/inbound handler: HMAC-verify, normalize (standard or A2A), dispatch. */
+async function handleInbound(req, res) {
+	if (req.method !== "POST") return false;
+	const state = exposeState;
+	if (!state) {
+		res.statusCode = 503;
+		res.end("rine expose inactive");
+		return true;
+	}
+	const raw = await readBody(req);
+	if (!raw) {
+		res.statusCode = 413;
+		res.end("payload too large");
+		return true;
+	}
+	const sig = headerValue(req.headers["x-rine-signature"]);
+	const { verifyRineSignature } = await import("./hmac-BDQF87Wz.js");
+	if (!verifyRineSignature(raw, sig, state.secret)) {
+		state.logger.warn("rine: rejected inbound webhook with invalid HMAC signature");
+		res.statusCode = 401;
+		res.end("invalid signature");
+		return true;
+	}
+	let parsed;
+	try {
+		parsed = JSON.parse(raw.toString("utf-8"));
+	} catch {
+		res.statusCode = 400;
+		res.end("bad json");
+		return true;
+	}
+	const inbound = normalizeA2A(parsed) ?? normalizeStandardWebhook(parsed);
+	if (!inbound) {
+		res.statusCode = 202;
+		res.end("ignored");
+		return true;
+	}
+	if (inbound.encryptionVersion === "cleartext" && !state.a2aAcceptCleartext) {
+		state.logger.warn(`rine: dropped cleartext inbound ${inbound.id} (a2aAcceptCleartext=false)`);
+		res.statusCode = 202;
+		res.end("cleartext rejected");
+		return true;
+	}
+	res.statusCode = 200;
+	res.end("ok");
+	await state.onMessage(inbound);
+	return true;
+}
+function headerValue(h) {
+	return Array.isArray(h) ? h[0] : h;
+}
+/** Register the /rine/inbound route globally (idempotent no-op until EXPOSE active). */
+function registerExposeRoute(api) {
+	api.registerHttpRoute({
+		path: RINE_INBOUND_PATH,
+		auth: "plugin",
+		match: "exact",
+		handler: handleInbound
+	});
+}
+/**
+* EXPOSE transport. Requires a public base URL; enrolls a standard agent webhook
+* (`POST /webhooks`, HMAC-signed, fires on all inbound). On any precondition failure
+* (no URL / SSRF reject / enroll fail) it falls back to SSE. Never a hard failure.
+* The enrolled webhook is DELETEd best-effort on teardown so it doesn't accumulate
+* against the per-agent quota.
+*/
+async function runExposeTransport(tc) {
+	const { client, config, agentId, logger, onMessage } = tc;
+	if (!config.exposeBaseUrl) {
+		logger.warn("rine: EXPOSE requires exposeBaseUrl (public Gateway URL) — falling back to SSE");
+		return fallbackToSse(tc);
+	}
+	const url = `${config.exposeBaseUrl.replace(/\/$/, "")}${RINE_INBOUND_PATH}`;
+	let secret;
+	let webhookId;
+	try {
+		const created = await client.client.post("/webhooks", {
+			agent_id: agentId,
+			url
+		});
+		if (!created.secret) throw new Error("no secret returned");
+		secret = created.secret;
+		webhookId = created.id;
+	} catch (err) {
+		logger.warn(`rine: webhook enrollment failed (${err instanceof Error ? err.message : String(err)}) — falling back to SSE`);
+		return fallbackToSse(tc);
+	}
+	exposeState = {
+		secret,
+		onMessage,
+		a2aAcceptCleartext: config.a2aAcceptCleartext,
+		logger
+	};
+	logger.info(`rine: EXPOSE active — standard webhook enrolled at ${url}`);
+	try {
+		await waitUntilAbort(tc.signal);
+	} finally {
+		exposeState = void 0;
+		await deleteWebhook(client, webhookId, logger);
+	}
+}
+/** Best-effort webhook teardown; never throws (a failed delete must not crash stop). */
+async function deleteWebhook(client, webhookId, logger) {
+	if (!webhookId) return;
+	try {
+		await client.client.delete(`/webhooks/${webhookId}`);
+	} catch (err) {
+		logger.warn(`rine: webhook ${webhookId} cleanup failed (${err instanceof Error ? err.message : String(err)})`);
+	}
+}
+async function fallbackToSse(tc) {
+	const { runSseTransport } = await import("./sse-DqQGOjpI.js");
+	await runSseTransport(tc);
+}
+function waitUntilAbort(signal) {
+	return new Promise((resolve) => {
+		if (signal.aborted) {
+			resolve();
+			return;
+		}
+		signal.addEventListener("abort", () => resolve(), { once: true });
+	});
+}
+//#endregion
+//#region src/service.ts
+const SERVICE_ID = "rine-notify";
+/** Run the chosen transport. Exposed for testing with a stubbed transport map. */
+async function runTransport(tc) {
+	switch (tc.config.transport) {
+		case "poll": {
+			const { runPollTransport } = await import("./poll-BvmG87ve.js");
+			return runPollTransport(tc);
+		}
+		case "expose": return runExposeTransport(tc);
+		default: {
+			const { runSseTransport } = await import("./sse-DqQGOjpI.js");
+			return runSseTransport(tc);
+		}
+	}
+}
+/**
+* Resolve the rine agent id this install is bound to. `channels.rine.agentId` (a UUID,
+* handle, or bare name) wins; otherwise the org's sole agent is auto-selected — the same
+* resolution the CLI uses (`fetchAgents` + `resolveAgent`).
+*
+* The OAuth `client_id` is NOT an agent id: credentials.json stores `client_id`/`client_secret`,
+* and binding the transport to it requests `/agents/{client_id}/stream|messages`, which 404s on
+* every transport. Returns undefined (the service idles) on a network error or an ambiguous
+* multi-agent org with no `agentId` set — both surface an actionable log; the gateway
+* health-monitor restarts the idle service, re-resolving once connectivity/config is fixed.
+*/
+async function resolveBoundAgentId(client, config, logger) {
+	try {
+		const agents = await fetchAgents(client.client);
+		return await resolveAgent(client.apiUrl, agents, config.agentId);
+	} catch (err) {
+		logger.error(`rine: cannot resolve agent to bind (${err instanceof Error ? err.message : String(err)}). Set channels.rine.agentId (UUID or handle) or check connectivity — notify service idle.`);
+		return;
+	}
+}
+/** Resolve the bound agent, wire dispatch + transport context, and run the transport loop. */
+async function startNotifyLoop(params) {
+	const { api, config, creds, client, signal, logger } = params;
+	const agentId = await resolveBoundAgentId(client, config, logger);
+	if (!agentId || signal.aborted) return;
+	const tc = {
+		client,
+		config,
+		agentId,
+		logger,
+		onMessage: makeOnMessage({
+			client,
+			config,
+			agentId,
+			logger,
+			dispatch: makeRuntimeDispatcher({
+				cfg: api.config,
+				runtime: api.runtime,
+				client,
+				agentId,
+				logger
+			}),
+			signal
+		}),
+		signal,
+		pollUrl: creds.pollUrl
+	};
+	logger.info(`rine: notify service starting (transport=${config.transport}, agent=${agentId})`);
+	await runTransport(tc);
+}
+/**
+* The single background notify service. `start(ctx)` resolves creds, owns the
+* AbortController (the service ctx has NO abort signal — see SDK_CONTRACT.md), then
+* hands off to `startNotifyLoop` which resolves the bound agent id and runs the transport.
+* `stop` aborts it. The long-lived loop lives here, not in a channel `gateway.startAccount`.
+*/
+function makeRineService(api) {
+	let controller;
+	return {
+		id: SERVICE_ID,
+		start(ctx) {
+			const logger = ctx.logger ?? api.logger;
+			const config = resolveRineConfig(api.pluginConfig ?? {});
+			const creds = readRineCredentials(config);
+			if (!creds.entry) {
+				logger.warn(`rine: no credentials.json at ${creds.configDir} — notify service idle (run rine_onboard or set RINE_CONFIG_DIR)`);
+				return;
+			}
+			const client = buildRineClient(creds);
+			controller = new AbortController();
+			const signal = controller.signal;
+			startNotifyLoop({
+				api,
+				config,
+				creds,
+				client,
+				signal,
+				logger
+			}).catch((err) => {
+				logger.error(`rine: notify transport exited: ${err instanceof Error ? err.message : String(err)}`);
+			});
+		},
+		stop() {
+			controller?.abort();
+			controller = void 0;
+		}
+	};
+}
+//#endregion
+//#region src/tools.ts
+/** Tools exposed by the plugin (filtered from the mcp tool array). */
+const EXPOSED_TOOLS = [
+	"rine_whoami",
+	"rine_discover",
+	"rine_send",
+	"rine_read",
+	"rine_inbox",
+	"rine_onboard"
+];
+/** Mutating tools gated behind the allowlist (manifest `toolMetadata.optional`). */
+const OPTIONAL_TOOLS = new Set(["rine_send", "rine_onboard"]);
+const CIPHERTEXT_KEYS = ["encrypted_payload"];
+/**
+* Strip raw ciphertext from any tool result before it reaches a transcript.
+* Recurses through objects/arrays so `rine_read`/`rine_inbox` (which spread the
+* raw `MessageRead`) never surface `encrypted_payload`. Plaintext lives on the
+* `decrypted`/`verified` fields the mcp handlers add.
+*/
+function stripCiphertext(value) {
+	if (Array.isArray(value)) return value.map((v) => stripCiphertext(v));
+	if (value && typeof value === "object") {
+		const out = {};
+		for (const [k, v] of Object.entries(value)) {
+			if (CIPHERTEXT_KEYS.includes(k)) continue;
+			out[k] = stripCiphertext(v);
+		}
+		return out;
+	}
+	return value;
+}
+/** Assert one mcp tool name is present; throw a version-skew error otherwise. */
+function requireTool(byName, name, all) {
+	const def = byName.get(name);
+	if (!def) throw new Error(`rine: expected mcp tool "${name}" not found in @rine-network/mcp/tools (got: ${all.map((t) => t.name).join(", ")}) — version skew`);
+	return def;
+}
+/** Filter mcp tools to the exposed set; fail loud on a missing name (version skew). */
+function selectExposedTools(all = tools) {
+	const byName = new Map(all.map((t) => [t.name, t]));
+	return EXPOSED_TOOLS.map((name) => requireTool(byName, name, all));
+}
+/**
+* Validate the undeclared internal tools the plugin relies on (e.g. `rine_reply`,
+* which backs the inbound→reply path). Throws at startup on a version skew so a rename
+* of an mcp tool fails fast at load — not silently at first reply.
+*/
+function assertInternalTools(all = tools) {
+	const byName = new Map(all.map((t) => [t.name, t]));
+	for (const name of INTERNAL_TOOLS) requireTool(byName, name, all);
+}
+/**
+* Adapt one mcp ToolDef into an OpenClaw AnyAgentTool with ciphertext stripping.
+* `parameters` is rine-mcp's JSON-schema `inputSchema`; `registerTool` stores it
+* verbatim (no TypeBox validation — see SDK_CONTRACT.md), so the whole tool object
+* is cast to `AnyAgentTool` at one documented seam. (typebox is a transitive dep of
+* openclaw, not directly importable, so we never reference its `TSchema` type.)
+*
+* A thrown handler (e.g. an optional tool called on a headless install, or a transient
+* API failure) is converted into an actionable `jsonResult` error string — the agent
+* gets a result it can reason about instead of the turn crashing or hanging.
+*/
+function toOpenClawTool(def, ctx) {
+	return {
+		name: def.name,
+		label: def.name,
+		description: def.description,
+		parameters: def.inputSchema,
+		execute: async (_toolCallId, params, signal) => {
+			signal?.throwIfAborted();
+			try {
+				return jsonResult(stripCiphertext(await def.handler(ctx, params ?? {})));
+			} catch (err) {
+				if (err instanceof DOMException && err.name === "AbortError") throw err;
+				const message = err instanceof Error ? err.message : String(err);
+				return jsonResult({ error: `rine: ${def.name} failed: ${message}` });
+			}
+		}
+	};
+}
+/**
+* Register the exposed rine tools on the plugin api. `rine_send`/`rine_onboard`
+* are registered `{ optional: true }` (allowlist gating per manifest toolMetadata).
+* Internal deps (`rine_reply`) are validated here too so version skew fails at load.
+*/
+function registerRineTools(api, ctx) {
+	assertInternalTools();
+	for (const def of selectExposedTools()) {
+		const opts = OPTIONAL_TOOLS.has(def.name) ? {
+			name: def.name,
+			optional: true
+		} : { name: def.name };
+		api.registerTool(toOpenClawTool(def, ctx), opts);
+	}
+}
+//#endregion
+//#region index.ts
+/**
+* Channel plugin entry. `defineChannelPluginEntry` registers the rine channel in every
+* load mode; `registerFull` runs only in full (non-setup) mode and wires the tools,
+* the always-on EXPOSE route, and the notify service. Top-level module eval stays
+* side-effect-free (no network, no cred reads) — all work happens inside registration.
+*/
+var rine_openclaw_default = defineChannelPluginEntry({
+	id: "rine",
+	name: "rine",
+	description,
+	plugin: rinePlugin,
+	configSchema: {
+		schema: configSchema,
+		uiHints
+	},
+	registerFull(api) {
+		registerRineTools(api, buildRineClient(readRineCredentials(resolveRineConfig(api.pluginConfig ?? {}))).toolContext);
+		registerExposeRoute(api);
+		api.registerService(makeRineService(api));
+	}
+});
+//#endregion
+export { rine_openclaw_default as default };

package/dist/poll-BvmG87ve.js

@@ -0,0 +1,42 @@
+import { r as normalizeRineEvent } from "./inbound-G0JD7YmI.js";
+import { n as sleep } from "./backoff-BMNABavv.js";
+//#region src/transports/poll.ts
+/**
+* POLL transport — least token-intensive. Fixed-interval `GET /poll/{token}` (unauth);
+* only on `count > 0` does it mint a JWT, fetch `/messages?status=new`, and dispatch.
+*
+* Graceful fallback: on `/poll` failure (e.g. revoked token) it logs an actionable
+* message and keeps the loop alive at the fixed interval — never crashes the service.
+* (`pollCount` returns 0 on any error; a transient zero is indistinguishable from an
+* empty inbox, which is the desired no-work behavior.)
+*/
+async function runPollTransport(tc) {
+	const { client, config, agentId, logger, onMessage, signal, pollUrl } = tc;
+	if (!pollUrl) {
+		logger.error("rine: POLL transport requires a poll_url in credentials.json (.default.poll_url) — run `rine poll-token`");
+		return;
+	}
+	while (!signal.aborted) {
+		if (await client.pollCount(pollUrl, signal) <= 0) {
+			await wait(config.pollIntervalMs, signal);
+			continue;
+		}
+		try {
+			const items = await client.fetchNewMessages(agentId);
+			for (const raw of items) {
+				if (signal.aborted) break;
+				await onMessage(normalizeRineEvent(raw));
+			}
+		} catch (err) {
+			logger.warn(`rine: POLL fetch/dispatch error (keeping loop alive): ${err instanceof Error ? err.message : String(err)}`);
+		}
+		await wait(config.pollIntervalMs, signal);
+	}
+}
+async function wait(ms, signal) {
+	try {
+		await sleep(ms, signal);
+	} catch {}
+}
+//#endregion
+export { runPollTransport };

package/dist/setup.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Setup-safe entry for the rine channel. Loaded in setup/discovery registration modes.
+ * Side-effect-free at module top level. The transport posture is a config enum (SPEC
+ * §2.5) surfaced via the manifest configSchema + uiHints — OpenClaw has no native
+ * radio-select setup primitive, so the human sets `channels.rine.transport` directly.
+ *
+ * Credential auto-detection (no re-auth for an already-onboarded agent): the wizard
+ * checks `resolveConfigDir()` ($RINE_CONFIG_DIR > ~/.config/rine > cwd/.rine) for an
+ * existing credentials.json. `detectRineSetup` exposes that decision for the wizard UI.
+ */
+export interface RineSetupDetection {
+    configDir: string;
+    apiUrl: string;
+    hasCredentials: boolean;
+    pollUrl?: string;
+}
+/** Auto-detect existing rine creds for the setup flow. Pure read; no writes. */
+export declare function detectRineSetup(raw?: Record<string, unknown>): RineSetupDetection;
+declare const _default: {
+    plugin: import("openclaw/plugin-sdk/channel-core").ChannelPlugin<import("./src/channel.js").RineAccount>;
+};
+export default _default;