@searchfe/openclaw-baiduapp 0.1.9 → 0.1.11

package/dist/index.js

@@ -1,12 +1,13 @@
+import fs from 'fs';
+import os, { tmpdir } from 'os';
 import path2 from 'path';
+import readline from 'readline';
 import { fileURLToPath } from 'url';
-import crypto3 from 'crypto';
+import crypto from 'crypto';
 import { createRequire } from 'module';
 import { lookup } from 'dns/promises';
 import fs2 from 'fs/promises';
 import net from 'net';
-import fs from 'fs';
-import { tmpdir } from 'os';
 
 var __create = Object.create;
 var __defProp = Object.defineProperty;
@@ -1357,20 +1358,20 @@ var require_package = __commonJS({
 // node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/crypto.js
 var require_crypto = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/crypto.js"(exports$1) {
-    var fs3 = __require("fs");
-    var crypto4 = __require("crypto");
+    var fs4 = __require("fs");
+    var crypto3 = __require("crypto");
     var Q = require_q();
     exports$1.md5sum = function(data, enc, digest) {
       if (!Buffer.isBuffer(data)) {
         data = new Buffer(data, enc || "UTF-8");
       }
-      var md5 = crypto4.createHash("md5");
+      var md5 = crypto3.createHash("md5");
       md5.update(data);
       return md5.digest(digest || "base64");
     };
     exports$1.md5stream = function(stream, digest) {
       var deferred = Q.defer();
-      var md5 = crypto4.createHash("md5");
+      var md5 = crypto3.createHash("md5");
       stream.on("data", function(chunk2) {
         md5.update(chunk2);
       });
@@ -1383,7 +1384,7 @@ var require_crypto = __commonJS({
       return deferred.promise;
     };
     exports$1.md5file = function(filename, digest) {
-      return exports$1.md5stream(fs3.createReadStream(filename), digest);
+      return exports$1.md5stream(fs4.createReadStream(filename), digest);
     };
     exports$1.md5blob = function(blob, digest) {
       var deferred = Q.defer();
@@ -2312,8 +2313,8 @@ var init_tap = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/toPath.js
-function toPath(path4) {
-  return isArray_default(path4) ? path4 : [path4];
+function toPath(path5) {
+  return isArray_default(path5) ? path5 : [path5];
 }
 var init_toPath = __esm({
   "node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/toPath.js"() {
@@ -2324,8 +2325,8 @@ var init_toPath = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/_toPath.js
-function toPath2(path4) {
-  return _.toPath(path4);
+function toPath2(path5) {
+  return _.toPath(path5);
 }
 var init_toPath2 = __esm({
   "node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/_toPath.js"() {
@@ -2335,11 +2336,11 @@ var init_toPath2 = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/_deepGet.js
-function deepGet(obj, path4) {
-  var length = path4.length;
+function deepGet(obj, path5) {
+  var length = path5.length;
   for (var i = 0; i < length; i++) {
     if (obj == null) return void 0;
-    obj = obj[path4[i]];
+    obj = obj[path5[i]];
   }
   return length ? obj : void 0;
 }
@@ -2349,8 +2350,8 @@ var init_deepGet = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/get.js
-function get(object2, path4, defaultValue) {
-  var value = deepGet(object2, toPath2(path4));
+function get(object2, path5, defaultValue) {
+  var value = deepGet(object2, toPath2(path5));
   return isUndefined(value) ? defaultValue : value;
 }
 var init_get = __esm({
@@ -2362,11 +2363,11 @@ var init_get = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/has.js
-function has2(obj, path4) {
-  path4 = toPath2(path4);
-  var length = path4.length;
+function has2(obj, path5) {
+  path5 = toPath2(path5);
+  var length = path5.length;
   for (var i = 0; i < length; i++) {
-    var key = path4[i];
+    var key = path5[i];
     if (!has(obj, key)) return false;
     obj = obj[key];
   }
@@ -2403,10 +2404,10 @@ var init_matcher = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/property.js
-function property(path4) {
-  path4 = toPath2(path4);
+function property(path5) {
+  path5 = toPath2(path5);
   return function(obj) {
-    return deepGet(obj, path4);
+    return deepGet(obj, path5);
   };
 }
 var init_property = __esm({
@@ -2515,8 +2516,8 @@ var init_noop = __esm({
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/propertyOf.js
 function propertyOf(obj) {
   if (obj == null) return noop;
-  return function(path4) {
-    return get(obj, path4);
+  return function(path5) {
+    return get(obj, path5);
   };
 }
 var init_propertyOf = __esm({
@@ -2710,14 +2711,14 @@ var init_template = __esm({
 });
 
 // node_modules/.pnpm/underscore@1.13.8/node_modules/underscore/modules/result.js
-function result(obj, path4, fallback2) {
-  path4 = toPath2(path4);
-  var length = path4.length;
+function result(obj, path5, fallback2) {
+  path5 = toPath2(path5);
+  var length = path5.length;
   if (!length) {
     return isFunction_default(fallback2) ? fallback2.call(obj) : fallback2;
   }
   for (var i = 0; i < length; i++) {
-    var prop = obj == null ? void 0 : obj[path4[i]];
+    var prop = obj == null ? void 0 : obj[path5[i]];
     if (prop === void 0) {
       prop = fallback2;
       i = length;
@@ -3400,14 +3401,14 @@ var init_invoke = __esm({
     init_map();
     init_deepGet();
     init_toPath2();
-    invoke_default = restArguments(function(obj, path4, args) {
+    invoke_default = restArguments(function(obj, path5, args) {
       var contextPath, func;
-      if (isFunction_default(path4)) {
-        func = path4;
+      if (isFunction_default(path5)) {
+        func = path5;
       } else {
-        path4 = toPath2(path4);
-        contextPath = path4.slice(0, -1);
-        path4 = path4[path4.length - 1];
+        path5 = toPath2(path5);
+        contextPath = path5.slice(0, -1);
+        path5 = path5[path5.length - 1];
       }
       return map(obj, function(context) {
         var method = func;
@@ -3416,7 +3417,7 @@ var init_invoke = __esm({
             context = deepGet(context, contextPath);
           }
           if (context == null) return void 0;
-          method = context[path4];
+          method = context[path5];
         }
         return method == null ? method : method.apply(context, args);
       });
@@ -5129,8 +5130,8 @@ var require_auth = __commonJS({
       return [canonicalHeaders.join("\n"), signedHeaders];
     };
     Auth.prototype.hash = function(data, key) {
-      var crypto4 = __require("crypto");
-      var sha256Hmac = crypto4.createHmac("sha256", key);
+      var crypto3 = __require("crypto");
+      var sha256Hmac = crypto3.createHmac("sha256", key);
       sha256Hmac.update(data);
       return sha256Hmac.digest("hex");
     };
@@ -6365,8 +6366,8 @@ var require_http_client = __commonJS({
       this._req = null;
     }
     util2.inherits(HttpClient, EventEmitter);
-    HttpClient.prototype.updateConfigByPath = function(path4, value) {
-      const pathArr = path4.split(".");
+    HttpClient.prototype.updateConfigByPath = function(path5, value) {
+      const pathArr = path5.split(".");
       function traverseAndUpdate(currentObj, index2) {
         if (index2 >= pathArr.length - 1) {
           currentObj[pathArr[index2]] = value;
@@ -6380,9 +6381,9 @@ var require_http_client = __commonJS({
       traverseAndUpdate(this.config, 0);
       return this.config;
     };
-    HttpClient.prototype.sendRequest = function(httpMethod, path4, body, headers, params, signFunction, outputStream) {
+    HttpClient.prototype.sendRequest = function(httpMethod, path5, body, headers, params, signFunction, outputStream) {
       httpMethod = httpMethod.toUpperCase();
-      var requestUrl = this._getRequestUrl(path4, params);
+      var requestUrl = this._getRequestUrl(path5, params);
       var options = __require("url").parse(requestUrl);
       debug("httpMethod = %s, requestUrl = %s, options = %j", httpMethod, requestUrl, options);
       var defaultHeaders = {};
@@ -6429,7 +6430,7 @@ var require_http_client = __commonJS({
         }
       }
       if (typeof signFunction === "function") {
-        var promise = signFunction(this.config.credentials, httpMethod, path4, params, headers, this);
+        var promise = signFunction(this.config.credentials, httpMethod, path5, params, headers, this);
         if (isPromise(promise)) {
           return promise.then(function(authorization, xbceDate) {
             headers[H.AUTHORIZATION] = authorization;
@@ -6445,14 +6446,14 @@ var require_http_client = __commonJS({
           throw new Error("Invalid signature = (" + promise + ")");
         }
       } else {
-        headers[H.AUTHORIZATION] = createSignature(this.config.credentials, httpMethod, path4, params, headers);
+        headers[H.AUTHORIZATION] = createSignature(this.config.credentials, httpMethod, path5, params, headers);
       }
       debug("options = %j", options);
       return client._doRequest(options, body, outputStream);
     };
-    function createSignature(credentials, httpMethod, path4, params, headers) {
+    function createSignature(credentials, httpMethod, path5, params, headers) {
       var auth = new Auth(credentials.ak, credentials.sk);
-      return auth.generateAuthorization(httpMethod, path4, params, headers);
+      return auth.generateAuthorization(httpMethod, path5, params, headers);
     }
     function isPromise(obj) {
       return obj && (typeof obj === "object" || typeof obj === "function") && typeof obj.then === "function";
@@ -6634,8 +6635,8 @@ var require_http_client = __commonJS({
         return "%" + char.charCodeAt().toString(16);
       });
     };
-    HttpClient.prototype._getRequestUrl = function(path4, params) {
-      var uri = path4;
+    HttpClient.prototype._getRequestUrl = function(path5, params) {
+      var uri = path5;
       var qs = this.buildQueryString(params);
       if (qs) {
         uri += "?" + qs;
@@ -6717,12 +6718,12 @@ var require_bce_base_client = __commonJS({
         config.DEFAULT_SERVICE_DOMAIN
       );
     };
-    BceBaseClient.prototype.createSignature = function(credentials, httpMethod, path4, params, headers) {
+    BceBaseClient.prototype.createSignature = function(credentials, httpMethod, path5, params, headers) {
       var revisionTimestamp = Date.now() + (this.timeOffset || 0);
       headers[H.X_BCE_DATE] = new Date(revisionTimestamp).toISOString().replace(/\.\d+Z$/, "Z");
       return Q.fcall(function() {
         var auth = new Auth(credentials.ak, credentials.sk);
-        return auth.generateAuthorization(httpMethod, path4, params, headers, revisionTimestamp / 1e3);
+        return auth.generateAuthorization(httpMethod, path5, params, headers, revisionTimestamp / 1e3);
       });
     };
     BceBaseClient.prototype.sendRequest = function(httpMethod, resource, varArgs) {
@@ -9772,7 +9773,7 @@ var init_async = __esm({
 // node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/helper.js
 var require_helper = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/helper.js"(exports$1) {
-    var fs3 = __require("fs");
+    var fs4 = __require("fs");
     var stream = __require("stream");
     var async = (init_async(), __toCommonJS(async_exports));
     var u = (init_index_all(), __toCommonJS(index_all_exports));
@@ -9796,7 +9797,7 @@ var require_helper = __commonJS({
       var contentLength = 0;
       var dataType = -1;
       if (typeof data === "string") {
-        contentLength = fs3.lstatSync(data).size;
+        contentLength = fs4.lstatSync(data).size;
         dataType = DATA_TYPE_FILE;
       } else if (Buffer.isBuffer(data)) {
         contentLength = data.length;
@@ -10900,11 +10901,11 @@ var require_baseGet = __commonJS({
   "node_modules/.pnpm/lodash@4.17.23/node_modules/lodash/_baseGet.js"(exports$1, module) {
     var castPath = require_castPath();
     var toKey = require_toKey();
-    function baseGet(object2, path4) {
-      path4 = castPath(path4, object2);
-      var index2 = 0, length = path4.length;
+    function baseGet(object2, path5) {
+      path5 = castPath(path5, object2);
+      var index2 = 0, length = path5.length;
       while (object2 != null && index2 < length) {
-        object2 = object2[toKey(path4[index2++])];
+        object2 = object2[toKey(path5[index2++])];
       }
       return index2 && index2 == length ? object2 : void 0;
     }
@@ -11887,8 +11888,8 @@ var require_baseMatches = __commonJS({
 var require_get = __commonJS({
   "node_modules/.pnpm/lodash@4.17.23/node_modules/lodash/get.js"(exports$1, module) {
     var baseGet = require_baseGet();
-    function get2(object2, path4, defaultValue) {
-      var result2 = object2 == null ? void 0 : baseGet(object2, path4);
+    function get2(object2, path5, defaultValue) {
+      var result2 = object2 == null ? void 0 : baseGet(object2, path5);
       return result2 === void 0 ? defaultValue : result2;
     }
     module.exports = get2;
@@ -11914,11 +11915,11 @@ var require_hasPath = __commonJS({
     var isIndex = require_isIndex();
     var isLength = require_isLength();
     var toKey = require_toKey();
-    function hasPath(object2, path4, hasFunc) {
-      path4 = castPath(path4, object2);
-      var index2 = -1, length = path4.length, result2 = false;
+    function hasPath(object2, path5, hasFunc) {
+      path5 = castPath(path5, object2);
+      var index2 = -1, length = path5.length, result2 = false;
       while (++index2 < length) {
-        var key = toKey(path4[index2]);
+        var key = toKey(path5[index2]);
         if (!(result2 = object2 != null && hasFunc(object2, key))) {
           break;
         }
@@ -11939,8 +11940,8 @@ var require_hasIn = __commonJS({
   "node_modules/.pnpm/lodash@4.17.23/node_modules/lodash/hasIn.js"(exports$1, module) {
     var baseHasIn = require_baseHasIn();
     var hasPath = require_hasPath();
-    function hasIn(object2, path4) {
-      return object2 != null && hasPath(object2, path4, baseHasIn);
+    function hasIn(object2, path5) {
+      return object2 != null && hasPath(object2, path5, baseHasIn);
     }
     module.exports = hasIn;
   }
@@ -11958,13 +11959,13 @@ var require_baseMatchesProperty = __commonJS({
     var toKey = require_toKey();
     var COMPARE_PARTIAL_FLAG = 1;
     var COMPARE_UNORDERED_FLAG = 2;
-    function baseMatchesProperty(path4, srcValue) {
-      if (isKey(path4) && isStrictComparable(srcValue)) {
-        return matchesStrictComparable(toKey(path4), srcValue);
+    function baseMatchesProperty(path5, srcValue) {
+      if (isKey(path5) && isStrictComparable(srcValue)) {
+        return matchesStrictComparable(toKey(path5), srcValue);
       }
       return function(object2) {
-        var objValue = get2(object2, path4);
-        return objValue === void 0 && objValue === srcValue ? hasIn(object2, path4) : baseIsEqual(srcValue, objValue, COMPARE_PARTIAL_FLAG | COMPARE_UNORDERED_FLAG);
+        var objValue = get2(object2, path5);
+        return objValue === void 0 && objValue === srcValue ? hasIn(object2, path5) : baseIsEqual(srcValue, objValue, COMPARE_PARTIAL_FLAG | COMPARE_UNORDERED_FLAG);
       };
     }
     module.exports = baseMatchesProperty;
@@ -11997,9 +11998,9 @@ var require_baseProperty = __commonJS({
 var require_basePropertyDeep = __commonJS({
   "node_modules/.pnpm/lodash@4.17.23/node_modules/lodash/_basePropertyDeep.js"(exports$1, module) {
     var baseGet = require_baseGet();
-    function basePropertyDeep(path4) {
+    function basePropertyDeep(path5) {
       return function(object2) {
-        return baseGet(object2, path4);
+        return baseGet(object2, path5);
       };
     }
     module.exports = basePropertyDeep;
@@ -12013,8 +12014,8 @@ var require_property = __commonJS({
     var basePropertyDeep = require_basePropertyDeep();
     var isKey = require_isKey();
     var toKey = require_toKey();
-    function property2(path4) {
-      return isKey(path4) ? baseProperty(toKey(path4)) : basePropertyDeep(path4);
+    function property2(path5) {
+      return isKey(path5) ? baseProperty(toKey(path5)) : basePropertyDeep(path5);
     }
     module.exports = property2;
   }
@@ -13069,8 +13070,8 @@ var require_parent = __commonJS({
   "node_modules/.pnpm/lodash@4.17.23/node_modules/lodash/_parent.js"(exports$1, module) {
     var baseGet = require_baseGet();
     var baseSlice = require_baseSlice();
-    function parent2(object2, path4) {
-      return path4.length < 2 ? object2 : baseGet(object2, baseSlice(path4, 0, -1));
+    function parent2(object2, path5) {
+      return path5.length < 2 ? object2 : baseGet(object2, baseSlice(path5, 0, -1));
     }
     module.exports = parent2;
   }
@@ -13085,30 +13086,30 @@ var require_baseUnset = __commonJS({
     var toKey = require_toKey();
     var objectProto = Object.prototype;
     var hasOwnProperty2 = objectProto.hasOwnProperty;
-    function baseUnset(object2, path4) {
-      path4 = castPath(path4, object2);
-      var index2 = -1, length = path4.length;
+    function baseUnset(object2, path5) {
+      path5 = castPath(path5, object2);
+      var index2 = -1, length = path5.length;
       if (!length) {
         return true;
       }
       var isRootPrimitive = object2 == null || typeof object2 !== "object" && typeof object2 !== "function";
       while (++index2 < length) {
-        var key = path4[index2];
+        var key = path5[index2];
         if (typeof key !== "string") {
           continue;
         }
         if (key === "__proto__" && !hasOwnProperty2.call(object2, "__proto__")) {
           return false;
         }
-        if (key === "constructor" && index2 + 1 < length && typeof path4[index2 + 1] === "string" && path4[index2 + 1] === "prototype") {
+        if (key === "constructor" && index2 + 1 < length && typeof path5[index2 + 1] === "string" && path5[index2 + 1] === "prototype") {
           if (isRootPrimitive && index2 === 0) {
             continue;
           }
           return false;
         }
       }
-      var obj = parent2(object2, path4);
-      return obj == null || delete obj[toKey(last2(path4))];
+      var obj = parent2(object2, path5);
+      return obj == null || delete obj[toKey(last2(path5))];
     }
     module.exports = baseUnset;
   }
@@ -13197,10 +13198,10 @@ var require_omit = __commonJS({
         return result2;
       }
       var isDeep = false;
-      paths = arrayMap(paths, function(path4) {
-        path4 = castPath(path4, object2);
-        isDeep || (isDeep = path4.length > 1);
-        return path4;
+      paths = arrayMap(paths, function(path5) {
+        path5 = castPath(path5, object2);
+        isDeep || (isDeep = path5.length > 1);
+        return path5;
       });
       copyObject(object2, getAllKeysIn(object2), result2);
       if (isDeep) {
@@ -14389,15 +14390,15 @@ var require_super_upload = __commonJS({
 var require_bos_client = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/bos_client.js"(exports$1, module) {
     var util2 = __require("util");
-    var path4 = __require("path");
-    var fs3 = __require("fs");
+    var path5 = __require("path");
+    var fs4 = __require("fs");
     var qs = __require("querystring");
     var u = (init_index_all(), __toCommonJS(index_all_exports));
     var Q = require_q();
     var H = require_headers();
     var strings = require_strings();
     var Auth = require_auth();
-    var crypto4 = require_crypto();
+    var crypto3 = require_crypto();
     var HttpClient = require_http_client();
     var BceBaseClient = require_bce_base_client();
     var MimeType = require_mime_types();
@@ -14457,8 +14458,8 @@ var require_bos_client = __commonJS({
         customGenerateUrl: config.customGenerateUrl
       });
       params = params || {};
-      var resource = path4.normalize(
-        path4.join(
+      var resource = path5.normalize(
+        path5.join(
           config.removeVersionPrefix ? "/" : "/v1",
           !pathStyleEnable ? "" : strings.normalize(bucketName || ""),
           strings.normalize(key || "", false)
@@ -14486,8 +14487,8 @@ var require_bos_client = __commonJS({
     BosClient.prototype.generateUrl = function(bucketName, key, pipeline, cdn, config) {
       config = u.extend({}, this.config, config);
       bucketName = config.cname_enabled ? "" : bucketName;
-      var resource = path4.normalize(
-        path4.join(
+      var resource = path5.normalize(
+        path5.join(
           config.removeVersionPrefix ? "/" : "/v1",
           strings.normalize(bucketName || ""),
           strings.normalize(key || "", false)
@@ -14511,9 +14512,9 @@ var require_bos_client = __commonJS({
       }
       if (command) {
         if (cdn) {
-          return util2.format("http://%s/%s%s", cdn, path4.normalize(key), command);
+          return util2.format("http://%s/%s%s", cdn, path5.normalize(key), command);
         }
-        return util2.format("http://%s.%s/%s%s", path4.normalize(bucketName), IMAGE_DOMAIN, path4.normalize(key), command);
+        return util2.format("http://%s.%s/%s%s", path5.normalize(bucketName), IMAGE_DOMAIN, path5.normalize(key), command);
       }
       return util2.format("%s%s%s", this.config.endpoint, resource, command);
     };
@@ -15013,21 +15014,21 @@ var require_bos_client = __commonJS({
       options = options || {};
       var headers = {};
       headers[H.CONTENT_LENGTH] = Buffer.byteLength(data);
-      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path4.extname(key));
-      headers[H.CONTENT_MD5] = crypto4.md5sum(data);
+      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path5.extname(key));
+      headers[H.CONTENT_MD5] = crypto3.md5sum(data);
       options = u.extend(headers, options);
       return this.putObject(bucketName, key, data, options);
     };
     BosClient.prototype.putObjectFromFile = function(bucketName, key, filename, options) {
       options = options || {};
       var headers = {};
-      var fileSize = fs3.statSync(filename).size;
+      var fileSize = fs4.statSync(filename).size;
       var contentLength = u.has(options, H.CONTENT_LENGTH) ? options[H.CONTENT_LENGTH] : fileSize;
       if (contentLength > fileSize) {
         throw new Error("options['Content-Length'] should less than " + fileSize);
       }
       headers[H.CONTENT_LENGTH] = contentLength;
-      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path4.extname(filename));
+      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path5.extname(filename));
       options = u.extend(headers, options);
       var streamOptions = {
         start: 0,
@@ -15035,7 +15036,7 @@ var require_bos_client = __commonJS({
       };
       var me = this;
       function putObjectWithRetry(lastRetryTimes) {
-        return me.putObject(bucketName, key, fs3.createReadStream(filename, streamOptions), options).catch(function(err) {
+        return me.putObject(bucketName, key, fs4.createReadStream(filename, streamOptions), options).catch(function(err) {
           var serverTimestamp = new Date(err[H.X_BCE_DATE]).getTime();
           BceBaseClient.prototype.timeOffset = serverTimestamp - Date.now();
           if (err[H.X_STATUS_CODE] === 400 && err[H.X_CODE] === "Http400" && lastRetryTimes > 0) {
@@ -15045,8 +15046,8 @@ var require_bos_client = __commonJS({
         });
       }
       if (!u.has(options, H.CONTENT_MD5)) {
-        var fp2 = fs3.createReadStream(filename, streamOptions);
-        return crypto4.md5stream(fp2).then(function(md5sum) {
+        var fp2 = fs4.createReadStream(filename, streamOptions);
+        return crypto3.md5stream(fp2).then(function(md5sum) {
           options[H.CONTENT_MD5] = md5sum;
           return putObjectWithRetry(options.retryCount || MAX_RETRY_COUNT);
         });
@@ -15124,7 +15125,7 @@ var require_bos_client = __commonJS({
           Range: range3 ? util2.format("bytes=%s", range3) : ""
         },
         config: options.config,
-        outputStream: fs3.createWriteStream(filename)
+        outputStream: fs4.createWriteStream(filename)
       });
     };
     BosClient.prototype.copyObject = function(sourceBucketName, sourceKey, targetBucketName, targetKey, options) {
@@ -15166,7 +15167,7 @@ var require_bos_client = __commonJS({
     BosClient.prototype.initiateMultipartUpload = function(bucketName, key, options) {
       options = options || {};
       var headers = {};
-      headers[H.CONTENT_TYPE] = MimeType.guess(path4.extname(key));
+      headers[H.CONTENT_TYPE] = MimeType.guess(path5.extname(key));
       options = this._checkOptions(u.extend(headers, options));
       return this.sendRequest("POST", {
         bucketName,
@@ -15201,7 +15202,7 @@ var require_bos_client = __commonJS({
     BosClient.prototype.uploadPartFromFile = function(bucketName, key, uploadId, partNumber, partSize, filename, offset, options) {
       var start = offset;
       var end = offset + partSize - 1;
-      var partFp = fs3.createReadStream(filename, {
+      var partFp = fs4.createReadStream(filename, {
         start,
         end
       });
@@ -15266,7 +15267,7 @@ var require_bos_client = __commonJS({
         );
       }
       var client = this;
-      var clonedPartFp = fs3.createReadStream(partFp.path, {
+      var clonedPartFp = fs4.createReadStream(partFp.path, {
         start: partFp.start,
         end: partFp.end
       });
@@ -15380,8 +15381,8 @@ var require_bos_client = __commonJS({
       options = options || {};
       var headers = {};
       headers[H.CONTENT_LENGTH] = Buffer.byteLength(data);
-      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path4.extname(key));
-      headers[H.CONTENT_MD5] = crypto4.md5sum(data);
+      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path5.extname(key));
+      headers[H.CONTENT_MD5] = crypto3.md5sum(data);
       options = u.extend(headers, options);
       return this.appendObject(bucketName, key, data, offset, options);
     };
@@ -15391,22 +15392,22 @@ var require_bos_client = __commonJS({
         return this.appendObjectFromString(bucketName, key, "", offset, options);
       }
       var headers = {};
-      var fileSize = fs3.statSync(filename).size;
+      var fileSize = fs4.statSync(filename).size;
       if (size2 + offset > fileSize) {
         throw new Error("Can't read the content beyond the end of file.");
       }
       headers[H.CONTENT_LENGTH] = size2;
-      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path4.extname(filename));
+      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path5.extname(filename));
       options = u.extend(headers, options);
       var streamOptions = {
         start: offset || 0,
         end: (offset || 0) + size2 - 1
       };
-      var fp = fs3.createReadStream(filename, streamOptions);
+      var fp = fs4.createReadStream(filename, streamOptions);
       if (!u.has(options, H.CONTENT_MD5)) {
         var me = this;
-        var fp2 = fs3.createReadStream(filename, streamOptions);
-        return crypto4.md5stream(fp2).then(function(md5sum) {
+        var fp2 = fs4.createReadStream(filename, streamOptions);
+        return crypto3.md5stream(fp2).then(function(md5sum) {
           options[H.CONTENT_MD5] = md5sum;
           return me.appendObject(bucketName, key, fp, offset, options);
         });
@@ -15427,7 +15428,7 @@ var require_bos_client = __commonJS({
       var boundary = "MM8964" + (Math.random() * Math.pow(2, 63)).toString(36);
       var contentType = "multipart/form-data; boundary=" + boundary;
       if (u.isString(data)) {
-        data = fs3.readFileSync(data);
+        data = fs4.readFileSync(data);
       } else if (!Buffer.isBuffer(data)) {
         throw new Error("Invalid data type.");
       }
@@ -15634,7 +15635,7 @@ var require_bos_client = __commonJS({
       var pathStyleEnable = !!domainUtils.isIpHost(endpoint) || this.config.pathStyleEnable;
       if (typeof customGenerateUrl === "function") {
         endpoint = customGenerateUrl(bucketName, region);
-        var resource = requestUrl || path4.normalize(path4.join(versionPrefix, strings.normalize(varArgs.key || "", false))).replace(/\\/g, "/");
+        var resource = requestUrl || path5.normalize(path5.join(versionPrefix, strings.normalize(varArgs.key || "", false))).replace(/\\/g, "/");
       } else {
         endpoint = domainUtils.handleEndpoint({
           bucketName,
@@ -15644,8 +15645,8 @@ var require_bos_client = __commonJS({
           cname_enabled: this.config.cname_enabled,
           pathStyleEnable
         });
-        var resource = requestUrl || path4.normalize(
-          path4.join(
+        var resource = requestUrl || path5.normalize(
+          path5.join(
             "/" ,
             // if pathStyleEnable is true
             !pathStyleEnable ? "" : strings.normalize(varArgs.bucketName || ""),
@@ -15851,11 +15852,11 @@ var require_bos_client = __commonJS({
       params = params || {};
       const { objectName, data } = params;
       const MAX_UPLOAD_FILE_SIZE = 48.8 * 1024 ** 4;
-      const ContentType = params.ContentType || MimeType.guess(path4.extname(objectName));
+      const ContentType = params.ContentType || MimeType.guess(path5.extname(objectName));
       let ContentLength = params.ContentLength;
       let dataType = "";
       if (typeof data === "string") {
-        ContentLength = fs3.lstatSync(data).size;
+        ContentLength = fs4.lstatSync(data).size;
         dataType = "File";
       } else if (Buffer.isBuffer(data)) {
         ContentLength = data.length;
@@ -15987,10 +15988,10 @@ var require_bos_client = __commonJS({
 // node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/bcs_client.js
 var require_bcs_client = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/bcs_client.js"(exports$1, module) {
-    var crypto4 = __require("crypto");
+    var crypto3 = __require("crypto");
     var util2 = __require("util");
-    var path4 = __require("path");
-    var fs3 = __require("fs");
+    var path5 = __require("path");
+    var fs4 = __require("fs");
     var u = (init_index_all(), __toCommonJS(index_all_exports));
     var H = require_headers();
     var HttpClient = require_http_client();
@@ -16105,10 +16106,10 @@ var require_bcs_client = __commonJS({
     BcsClient.prototype.putObjectFromFile = function(bucketName, key, filename, options) {
       options = options || {};
       var headers = {};
-      headers[H.CONTENT_LENGTH] = fs3.statSync(filename).size;
-      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path4.extname(filename));
+      headers[H.CONTENT_LENGTH] = fs4.statSync(filename).size;
+      headers[H.CONTENT_TYPE] = options[H.CONTENT_TYPE] || MimeType.guess(path5.extname(filename));
       options = u.extend(headers, options);
-      var fp = fs3.createReadStream(filename);
+      var fp = fs4.createReadStream(filename);
       if (!u.has(options, H.CONTENT_MD5)) {
         var me = this;
         return require_crypto().md5file(filename, "hex").then(function(md5sum) {
@@ -16126,7 +16127,7 @@ var require_bcs_client = __commonJS({
         "Object=" + objectName
       ].join("\n");
       var content = flag + "\n" + body + "\n";
-      var hmac = crypto4.createHmac("sha1", credentials.sk);
+      var hmac = crypto3.createHmac("sha1", credentials.sk);
       hmac.update(new Buffer(content, "utf-8"));
       var digest = encodeURIComponent(hmac.digest("base64")).replace(/%2F/g, "/");
       return [flag, credentials.ak, digest].join(":");
@@ -16356,8 +16357,8 @@ var require_bcc_client = __commonJS({
 // node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/ses_client.js
 var require_ses_client = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/ses_client.js"(exports$1, module) {
-    var fs3 = __require("fs");
-    var path4 = __require("path");
+    var fs4 = __require("fs");
+    var path5 = __require("path");
     var util2 = __require("util");
     var BceBaseClient = require_bce_base_client();
     function SesClient(config) {
@@ -16423,9 +16424,9 @@ var require_ses_client = __commonJS({
         if (typeof item === "string") {
           return {
             /* eslint-disable */
-            file_name: path4.basename(item),
+            file_name: path5.basename(item),
             file_data: {
-              data: fs3.readFileSync(item).toString("base64")
+              data: fs4.readFileSync(item).toString("base64")
             }
             /* eslint-enable */
           };
@@ -17444,10 +17445,10 @@ var require_media_client = __commonJS({
       var url = "/v3/statistic/job/realtime";
       return this.sendRequest("GET", url);
     };
-    MediaClient.prototype.createSignature = function(credentials, httpMethod, path4, params, headers) {
+    MediaClient.prototype.createSignature = function(credentials, httpMethod, path5, params, headers) {
       var auth = new Auth(credentials.ak, credentials.sk);
       var headersToSign = ["host"];
-      return auth.generateAuthorization(httpMethod, path4, params, headers, 0, 0, headersToSign);
+      return auth.generateAuthorization(httpMethod, path5, params, headers, 0, 0, headersToSign);
     };
     MediaClient.prototype.sendRequest = function(httpMethod, resource, varArgs) {
       var defaultArgs = {
@@ -17957,8 +17958,8 @@ var require_vod_client = __commonJS({
 // node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/doc_client.js
 var require_doc_client = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/doc_client.js"(exports$1) {
-    var fs3 = __require("fs");
-    var path4 = __require("path");
+    var fs4 = __require("fs");
+    var path5 = __require("path");
     var util2 = __require("util");
     var builtinUrl = __require("url");
     var Q = require_q();
@@ -17967,7 +17968,7 @@ var require_doc_client = __commonJS({
     var BosClient = require_bos_client();
     var BceBaseClient = require_bce_base_client();
     var UploadHelper = require_helper();
-    var crypto4 = require_crypto();
+    var crypto3 = require_crypto();
     var DATA_TYPE_FILE = 1;
     var DATA_TYPE_BUFFER = 2;
     var DATA_TYPE_BLOB = 4;
@@ -18002,8 +18003,8 @@ var require_doc_client = __commonJS({
             var bucket = parsed.host;
             var object2 = parsed.pathname.substr(1);
             options = u.extend(options, parsed.query);
-            var title = options.title || path4.basename(object2);
-            var format = options.format || path4.extname(object2).substr(1);
+            var title = options.title || path5.basename(object2);
+            var format = options.format || path5.extname(object2).substr(1);
             var notification = options.notification;
             return this.createFromBos(
               bucket,
@@ -18017,8 +18018,8 @@ var require_doc_client = __commonJS({
           }
         }
         dataType = DATA_TYPE_FILE;
-        options.format = options.format || path4.extname(data).substr(1);
-        options.title = options.title || path4.basename(data, path4.extname(data));
+        options.format = options.format || path5.extname(data).substr(1);
+        options.title = options.title || path5.basename(data, path5.extname(data));
       } else if (Buffer.isBuffer(data)) {
         if (options.format == null || options.title == null) {
           return Q.reject(new Error("buffer type required options.format and options.title"));
@@ -18026,8 +18027,8 @@ var require_doc_client = __commonJS({
         dataType = DATA_TYPE_BUFFER;
       } else if (typeof Blob !== "undefined" && data instanceof Blob) {
         dataType = DATA_TYPE_BLOB;
-        options.format = options.format || path4.extname(data.name).substr(1);
-        options.title = options.title || path4.basename(data.name, path4.extname(data.name));
+        options.format = options.format || path5.extname(data.name).substr(1);
+        options.title = options.title || path5.basename(data.name, path5.extname(data.name));
       } else {
         return Q.reject(new Error("Unsupported dataType."));
       }
@@ -18039,12 +18040,12 @@ var require_doc_client = __commonJS({
       }
       var self2 = this;
       if (dataType === DATA_TYPE_FILE) {
-        return crypto4.md5stream(fs3.createReadStream(data), "hex").then(function(md5) {
+        return crypto3.md5stream(fs4.createReadStream(data), "hex").then(function(md5) {
           options.meta.md5 = md5;
           return self2._doCreate(data, options);
         });
       } else if (dataType === DATA_TYPE_BLOB) {
-        return crypto4.md5blob(data, "hex").then(function(md5) {
+        return crypto3.md5blob(data, "hex").then(function(md5) {
           options.meta.md5 = md5;
           return self2._doCreate(data, options);
         });
@@ -18122,7 +18123,7 @@ var require_doc_client = __commonJS({
         object: object2,
         title
       };
-      var format = opt_format || path4.extname(object2).substr(1);
+      var format = opt_format || path5.extname(object2).substr(1);
       if (!format) {
         throw new Error("Document format parameter required");
       }
@@ -18362,10 +18363,10 @@ var require_tsdb_data_client = __commonJS({
       params.authorization = authorization;
       return util2.format("%s%s?%s", config.endpoint, resource, qs.encode(params));
     };
-    TsdbDataClient.prototype.createSignature = function(credentials, httpMethod, path4, params, headers) {
+    TsdbDataClient.prototype.createSignature = function(credentials, httpMethod, path5, params, headers) {
       var auth = new Auth(credentials.ak, credentials.sk);
       var headersToSign = ["host"];
-      return auth.generateAuthorization(httpMethod, path4, params, headers, 0, 0, headersToSign);
+      return auth.generateAuthorization(httpMethod, path5, params, headers, 0, 0, headersToSign);
     };
     TsdbDataClient.prototype.sendRequest = function(httpMethod, resource, varArgs) {
       var defaultArgs = {
@@ -22686,7 +22687,7 @@ var require_bts_client = __commonJS({
 var require_iot_client = __commonJS({
   "node_modules/.pnpm/@baiducloud+sdk@1.0.7/node_modules/@baiducloud/sdk/src/iot_client.js"(exports$1, module) {
     var util2 = __require("util");
-    var path4 = __require("path");
+    var path5 = __require("path");
     var u = (init_index_all(), __toCommonJS(index_all_exports));
     var strings = require_strings();
     var BceBaseClient = require_bce_base_client();
@@ -22748,7 +22749,7 @@ var require_iot_client = __commonJS({
     };
     IoTClient.prototype._buildUrl = function() {
       var extraPaths = u.toArray(arguments);
-      return path4.normalize(extraPaths.join("/")).replace(/\\/g, "/");
+      return path5.normalize(extraPaths.join("/")).replace(/\\/g, "/");
     };
     module.exports = IoTClient;
   }
@@ -22787,6 +22788,156 @@ var require_sdk = __commonJS({
   }
 });
 
+// src/auth/login.ts
+var login_exports = {};
+__export(login_exports, {
+  loginBaiduApp: () => loginBaiduApp
+});
+function createTerminalPrompter() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  const question = (message) => new Promise((resolve) => {
+    rl.question(message, (answer) => resolve(answer));
+  });
+  return {
+    select: async (message, choices) => {
+      while (true) {
+        process.stdout.write(`${message}
+`);
+        for (const [index2, choice] of choices.entries()) {
+          process.stdout.write(`${index2 + 1}. ${choice}
+`);
+        }
+        const answer = (await question("\u8BF7\u9009\u62E9\u5E8F\u53F7: ")).trim();
+        const choiceIndex = Number(answer);
+        if (Number.isInteger(choiceIndex) && choiceIndex >= 1 && choiceIndex <= choices.length) {
+          return choices[choiceIndex - 1];
+        }
+        process.stdout.write(`\u8BF7\u8F93\u5165 1-${choices.length} \u4E4B\u95F4\u7684\u5E8F\u53F7\u3002
+`);
+      }
+    },
+    text: async (message, opts) => {
+      while (true) {
+        const answer = (await question(`${message}: `)).trim();
+        if (!opts?.required || answer) {
+          return answer;
+        }
+        process.stdout.write("\u8BE5\u9879\u4E3A\u5FC5\u586B\uFF0C\u8BF7\u91CD\u65B0\u8F93\u5165\u3002\n");
+      }
+    },
+    close: () => {
+      rl.close();
+    }
+  };
+}
+function redactValue(value, opts) {
+  if (!value) {
+    return "(empty)";
+  }
+  const keepStart = opts?.keepStart ?? 2;
+  const keepEnd = opts?.keepEnd ?? 2;
+  if (value.length <= keepStart + keepEnd) {
+    return "*".repeat(value.length);
+  }
+  return `${value.slice(0, keepStart)}***${value.slice(-keepEnd)}`;
+}
+function resolveOpenclawConfigPath() {
+  const override = process.env["OPENCLAW_CONFIG_PATH"]?.trim();
+  if (override) {
+    return override;
+  }
+  const stateDir = process.env["OPENCLAW_STATE_DIR"]?.trim() ?? path2.join(os.homedir(), ".openclaw");
+  return path2.join(stateDir, "openclaw.json");
+}
+function readOpenclawConfig(configPath) {
+  try {
+    const raw = fs.readFileSync(configPath, "utf8");
+    const parsed = JSON.parse(raw);
+    if (parsed !== null && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed;
+    }
+    return {};
+  } catch (err) {
+    if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+      return {};
+    }
+    throw err;
+  }
+}
+function writeOpenclawConfig(configPath, config) {
+  const dir2 = path2.dirname(configPath);
+  fs.mkdirSync(dir2, { recursive: true });
+  const tmpPath = `${configPath}.tmp.${process.pid}`;
+  const content = `${JSON.stringify(config, null, 2)}
+`;
+  fs.writeFileSync(tmpPath, content, "utf8");
+  fs.renameSync(tmpPath, configPath);
+}
+function setAccountConfig(params) {
+  const config = readOpenclawConfig(params.configPath);
+  const channels = config["channels"] !== null && typeof config["channels"] === "object" && !Array.isArray(config["channels"]) ? config["channels"] : {};
+  const channelKey = "openclaw-baiduapp";
+  const channelConfig = channels[channelKey] !== null && typeof channels[channelKey] === "object" && !Array.isArray(channels[channelKey]) ? channels[channelKey] : {};
+  const accounts = channelConfig["accounts"] !== null && typeof channelConfig["accounts"] === "object" && !Array.isArray(channelConfig["accounts"]) ? channelConfig["accounts"] : {};
+  const existingAccount = accounts[params.accountId] !== null && typeof accounts[params.accountId] === "object" && !Array.isArray(accounts[params.accountId]) ? accounts[params.accountId] : {};
+  writeOpenclawConfig(params.configPath, {
+    ...config,
+    channels: {
+      ...channels,
+      [channelKey]: {
+        ...channelConfig,
+        accounts: {
+          ...accounts,
+          [params.accountId]: {
+            ...existingAccount,
+            appKey: params.appKey,
+            appSecret: params.appSecret,
+            enabled: true
+          }
+        }
+      }
+    }
+  });
+}
+async function loginBaiduApp(params) {
+  void params.cfg;
+  void params.verbose;
+  const agentId = params.accountId?.trim() || "main";
+  const prompter = createTerminalPrompter();
+  try {
+    const mode = await prompter.select("\u8BF7\u9009\u62E9\u767E\u5EA6 App \u914D\u7F6E\u65B9\u5F0F", [
+      "\u624B\u52A8\u586B\u5199",
+      "\u626B\u7801\u914D\u7F6E\uFF08\u5373\u5C06\u652F\u6301\uFF09"
+    ]);
+    if (mode === "\u626B\u7801\u914D\u7F6E\uFF08\u5373\u5C06\u652F\u6301\uFF09") {
+      params.runtime.log("\u23F3 \u626B\u7801\u914D\u7F6E\u529F\u80FD\u6B63\u5728\u5F00\u53D1\u4E2D\uFF0C\u656C\u8BF7\u671F\u5F85...");
+      params.runtime.log("\u8BF7\u5148\u4F7F\u7528\u624B\u52A8\u586B\u5199\u65B9\u5F0F\u5B8C\u6210\u914D\u7F6E\u3002");
+      return;
+    }
+    const appKey = await prompter.text("App Key", { required: true });
+    const appSecret = await prompter.text("App Secret", { required: true });
+    const configPath = resolveOpenclawConfigPath();
+    setAccountConfig({ configPath, accountId: agentId, appKey, appSecret });
+    params.runtime.log(`\u2705 openclaw-baiduapp \u5DF2\u5B8C\u6210\u914D\u7F6E\uFF08account: ${agentId}\uFF09`);
+    params.runtime.log(`- appKey: ${redactValue(appKey, { keepStart: 3, keepEnd: 3 })}`);
+    params.runtime.log(`- appSecret: ${redactValue(appSecret, { keepStart: 3, keepEnd: 3 })}`);
+    params.runtime.log(`- \u914D\u7F6E\u5DF2\u5199\u5165: ${configPath}`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    params.runtime.error(`openclaw-baiduapp \u767B\u5F55\u914D\u7F6E\u5931\u8D25\uFF1A${message}`);
+    throw error;
+  } finally {
+    prompter.close();
+  }
+}
+var init_login = __esm({
+  "src/auth/login.ts"() {
+  }
+});
+
 // node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/external.js
 var external_exports = {};
 __export(external_exports, {
@@ -23265,8 +23416,8 @@ function getErrorMap() {
 
 // node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/helpers/parseUtil.js
 var makeIssue = (params) => {
-  const { data, path: path4, errorMaps, issueData } = params;
-  const fullPath = [...path4, ...issueData.path || []];
+  const { data, path: path5, errorMaps, issueData } = params;
+  const fullPath = [...path5, ...issueData.path || []];
   const fullIssue = {
     ...issueData,
     path: fullPath
@@ -23382,11 +23533,11 @@ var errorUtil;
 
 // node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/types.js
 var ParseInputLazyPath = class {
-  constructor(parent2, value, path4, key) {
+  constructor(parent2, value, path5, key) {
     this._cachedPath = [];
     this.parent = parent2;
     this.data = value;
-    this._path = path4;
+    this._path = path5;
     this._key = key;
   }
   get path() {
@@ -26829,14 +26980,12 @@ var NEVER = INVALID;
 
 // src/config.ts
 var DEFAULT_ACCOUNT_ID = "default";
+var DEFAULT_AGENT_ID = "main";
 var DEFAULT_API_BASE = "https://claw.baidu.com";
 var BaiduAppAccountSchema = external_exports.object({
   name: external_exports.string().optional(),
   enabled: external_exports.boolean().optional(),
-  pollingEnabled: external_exports.boolean().optional(),
   webhookPath: external_exports.string().optional(),
-  token: external_exports.string().optional(),
-  encodingAESKey: external_exports.string().optional(),
   appKey: external_exports.string().optional(),
   appSecret: external_exports.string().optional(),
   apiBase: external_exports.string().optional(),
@@ -26853,10 +27002,7 @@ var BaiduAppConfigJsonSchema = {
     properties: {
       name: { type: "string" },
       enabled: { type: "boolean" },
-      pollingEnabled: { type: "boolean" },
       webhookPath: { type: "string" },
-      token: { type: "string" },
-      encodingAESKey: { type: "string" },
       appKey: { type: "string" },
       appSecret: { type: "string" },
       apiBase: { type: "string" },
@@ -26870,10 +27016,7 @@ var BaiduAppConfigJsonSchema = {
           properties: {
             name: { type: "string" },
             enabled: { type: "boolean" },
-            pollingEnabled: { type: "boolean" },
             webhookPath: { type: "string" },
-            token: { type: "string" },
-            encodingAESKey: { type: "string" },
             appKey: { type: "string" },
             appSecret: { type: "string" },
             apiBase: { type: "string" },
@@ -26888,6 +27031,10 @@ function normalizeAccountId(raw) {
   const trimmed = String(raw ?? "").trim();
   return trimmed || DEFAULT_ACCOUNT_ID;
 }
+function extractAgentId(msg) {
+  const raw = msg.agentid ?? "";
+  return raw.trim() || DEFAULT_AGENT_ID;
+}
 function listConfiguredAccountIds(cfg) {
   const accounts = cfg.channels?.["openclaw-baiduapp"]?.accounts;
   if (!accounts || typeof accounts !== "object") {
@@ -26935,12 +27082,10 @@ function resolveBaiduAppAccount(params) {
   const merged = mergeBaiduAppAccountConfig(params.cfg, accountId);
   const enabled = baseEnabled && merged.enabled !== false;
   const isDefaultAccount = accountId === DEFAULT_ACCOUNT_ID;
-  const token = merged.token?.trim() || (isDefaultAccount ? process.env.BAIDU_APP_TOKEN?.trim() : void 0) || void 0;
-  const encodingAESKey = merged.encodingAESKey?.trim() || (isDefaultAccount ? process.env.BAIDU_APP_ENCODING_AES_KEY?.trim() : void 0) || void 0;
   const appKey = merged.appKey?.trim() || (isDefaultAccount ? process.env.BAIDU_APP_KEY?.trim() : void 0) || void 0;
   const appSecret = merged.appSecret?.trim() || (isDefaultAccount ? process.env.BAIDU_APP_SECRET?.trim() : void 0) || void 0;
-  const configured = Boolean(token && encodingAESKey);
-  const canSendActive = Boolean(appKey && appSecret && token && encodingAESKey);
+  const configured = Boolean(appKey && appSecret);
+  const canSendActive = Boolean(appKey && appSecret);
   const rawApiBase = merged.apiBase?.trim() || (isDefaultAccount ? process.env.BAIDU_API_BASE?.trim() : void 0) || void 0;
   const apiBase = (rawApiBase || DEFAULT_API_BASE).replace(/\/+$/, "");
   return {
@@ -26948,8 +27093,6 @@ function resolveBaiduAppAccount(params) {
     name: merged.name?.trim() || void 0,
     enabled,
     configured,
-    token,
-    encodingAESKey,
     appKey,
     appSecret,
     apiBase,
@@ -26957,6 +27100,37 @@ function resolveBaiduAppAccount(params) {
     config: merged
   };
 }
+function resolveAgentField(agentCfg, mainCfg, baseAccount, field) {
+  return agentCfg?.[field]?.trim() || mainCfg?.[field]?.trim() || baseAccount[field];
+}
+function resolveAgentAccount(params) {
+  const { baseAccount, cfg, agentId } = params;
+  if (agentId === baseAccount.accountId) {
+    return baseAccount;
+  }
+  const accounts = cfg.channels?.["openclaw-baiduapp"]?.accounts;
+  const agentCfg = accounts?.[agentId] && typeof accounts[agentId] === "object" ? accounts[agentId] : void 0;
+  const mainCfg = agentId !== DEFAULT_AGENT_ID && accounts?.[DEFAULT_AGENT_ID] && typeof accounts[DEFAULT_AGENT_ID] === "object" ? accounts[DEFAULT_AGENT_ID] : void 0;
+  const appKey = resolveAgentField(agentCfg, mainCfg, baseAccount, "appKey");
+  const appSecret = resolveAgentField(agentCfg, mainCfg, baseAccount, "appSecret");
+  const apiBase = baseAccount.apiBase;
+  const name = resolveAgentField(agentCfg, mainCfg, baseAccount, "name");
+  const configured = Boolean(appKey && appSecret);
+  const canSendActive = Boolean(appKey && appSecret);
+  const agentEnabled = agentCfg?.enabled !== false;
+  return {
+    ...baseAccount,
+    accountId: agentId,
+    name: name || baseAccount.name,
+    enabled: agentEnabled && baseAccount.enabled,
+    configured,
+    appKey,
+    appSecret,
+    apiBase,
+    canSendActive,
+    config: { ...baseAccount.config, ...mainCfg ?? {}, ...agentCfg ?? {} }
+  };
+}
 
 // src/shared/logger.ts
 function createLogger(prefix, opts) {
@@ -26969,135 +27143,85 @@ function createLogger(prefix, opts) {
     error: (msg) => errorFn(`[${prefix}] [ERROR] ${msg}`)
   };
 }
-function decodeEncodingAESKey(encodingAESKey) {
-  const trimmed = encodingAESKey.trim();
-  if (!trimmed) {
-    throw new Error("encodingAESKey missing");
-  }
-  const withPadding = trimmed.endsWith("=") ? trimmed : `${trimmed}=`;
-  const key = Buffer.from(withPadding, "base64");
-  if (key.length !== 32) {
-    throw new Error(`invalid encodingAESKey (expected 32 bytes after base64 decode, got ${key.length})`);
-  }
-  return key;
-}
-var PKCS7_BLOCK_SIZE = 32;
-function pkcs7Pad(buf, blockSize) {
-  const mod = buf.length % blockSize;
-  const pad = mod === 0 ? blockSize : blockSize - mod;
-  return Buffer.concat([buf, Buffer.alloc(pad, pad)]);
-}
-function pkcs7Unpad(buf, blockSize) {
-  if (buf.length === 0) {
-    throw new Error("invalid pkcs7 payload");
-  }
-  const pad = buf[buf.length - 1];
-  if (!pad || pad < 1 || pad > blockSize || pad > buf.length) {
-    throw new Error("invalid pkcs7 padding");
-  }
-  for (let i = 1; i <= pad; i += 1) {
-    if (buf[buf.length - i] !== pad) {
-      throw new Error("invalid pkcs7 padding");
-    }
-  }
-  return buf.subarray(0, buf.length - pad);
-}
 function sha1Hex(input) {
-  return crypto3.createHash("sha1").update(input).digest("hex");
+  return crypto.createHash("sha1").update(input).digest("hex");
 }
-function computeBaiduAppMsgSignature(params) {
-  const parts = [params.token, params.timestamp, params.nonce, params.encrypt].map((value) => String(value ?? "")).sort();
-  return sha1Hex(parts.join(""));
+function computeAKSKBearerToken(params) {
+  return sha1Hex(params.ak + params.sk + params.timestamp + params.nonce);
 }
-function verifyBaiduAppSignature(params) {
-  const expected = computeBaiduAppMsgSignature({
-    token: params.token,
+function verifyAKSKBearerToken(params) {
+  const expected = computeAKSKBearerToken({
+    ak: params.ak,
+    sk: params.sk,
     timestamp: params.timestamp,
-    nonce: params.nonce,
-    encrypt: params.encrypt
+    nonce: params.nonce
   });
-  return expected === params.signature;
-}
-function decryptBaiduAppEncrypted(params) {
-  const aesKey = decodeEncodingAESKey(params.encodingAESKey);
-  const iv = aesKey.subarray(0, 16);
-  const decipher = crypto3.createDecipheriv("aes-256-cbc", aesKey, iv);
-  decipher.setAutoPadding(false);
-  const decryptedPadded = Buffer.concat([decipher.update(Buffer.from(params.encrypt, "base64")), decipher.final()]);
-  const decrypted = pkcs7Unpad(decryptedPadded, PKCS7_BLOCK_SIZE);
-  if (decrypted.length < 20) {
-    throw new Error(`invalid decrypted payload (expected at least 20 bytes, got ${decrypted.length})`);
-  }
-  const msgLen = decrypted.readUInt32BE(16);
-  const msgStart = 20;
-  const msgEnd = msgStart + msgLen;
-  if (msgEnd > decrypted.length) {
-    throw new Error(`invalid decrypted msg length (msgEnd=${msgEnd}, payloadLength=${decrypted.length})`);
-  }
-  return decrypted.subarray(msgStart, msgEnd).toString("utf8");
-}
-function encryptBaiduAppPlaintext(params) {
-  const aesKey = decodeEncodingAESKey(params.encodingAESKey);
-  const iv = aesKey.subarray(0, 16);
-  const random16 = crypto3.randomBytes(16);
-  const msg = Buffer.from(params.plaintext ?? "", "utf8");
-  const msgLen = Buffer.alloc(4);
-  msgLen.writeUInt32BE(msg.length, 0);
-  const raw = Buffer.concat([random16, msgLen, msg]);
-  const padded = pkcs7Pad(raw, PKCS7_BLOCK_SIZE);
-  const cipher = crypto3.createCipheriv("aes-256-cbc", aesKey, iv);
-  cipher.setAutoPadding(false);
-  const encrypted = Buffer.concat([cipher.update(padded), cipher.final()]);
-  return encrypted.toString("base64");
+  return expected === params.token;
+}
+function generateNonce() {
+  return crypto.randomBytes(8).toString("hex");
 }
+function buildAuthorizationHeader(params) {
+  const token = computeAKSKBearerToken(params);
+  return `Bearer ${token}`;
+}
+
+// src/types.ts
+var DEFAULT_BAIDU_APP_SESSION_ID = "agent:main:main";
 var require2 = createRequire(import.meta.url);
 var pkg = require2("../package.json");
 var PLUGIN_VERSION = pkg.version;
 
 // src/api.ts
 var logger = createLogger("openclaw-baiduapp");
+var DEFAULT_sessionId = DEFAULT_BAIDU_APP_SESSION_ID;
 async function sendBaiduAppMessage(account, message, options) {
   if (!account.canSendActive) {
-    logger.error("Account not configured for active sending (missing appKey, token, or encodingAESKey)");
+    logger.error("Account not configured for active sending (missing appKey or appSecret)");
     return {
       ok: false,
       errcode: -1,
-      errmsg: "Account not configured for active sending (missing appKey, token, or encodingAESKey)"
+      errmsg: "Account not configured for active sending (missing appKey or appSecret)"
     };
   }
   const normalizedPayload = typeof message === "string" ? {
-    msgtype: "text",
-    text: { content: message }
+    list: [{
+      type: "text",
+      data: {
+        text: { content: message }
+      }
+    }]
   } : message;
-  const payload = {
-    ...normalizedPayload,
+  const sessionId = options?.sessionId ?? DEFAULT_sessionId;
+  const callbackBody = {
+    sessionId,
+    list: normalizedPayload.list,
     version: PLUGIN_VERSION,
-    ...options?.msgid != null ? { msgid: options.msgid } : {},
-    ...options?.streamId != null ? { streamId: options.streamId } : {},
-    ...options?.chunkKey != null ? { chunkKey: options.chunkKey } : {}
+    isActive: options?.isActive || false,
+    ...options?.agentid ? { agentid: options.agentid } : {},
+    ...options?.chunkKey != null ? { chunkKey: options.chunkKey } : {},
+    ...options?.replyToMsgId ? { replyToMsgId: options.replyToMsgId } : {}
   };
-  const plaintext = JSON.stringify(payload);
-  const encrypt = encryptBaiduAppPlaintext({
-    encodingAESKey: account.encodingAESKey ?? "",
-    plaintext
-  });
   const timestamp = String(Math.floor(Date.now() / 1e3));
-  const nonce = crypto3.randomBytes(8).toString("hex");
-  const msgSignature = computeBaiduAppMsgSignature({
-    token: account.token ?? "",
+  const nonce = generateNonce();
+  const authorization = buildAuthorizationHeader({
+    ak: account.appKey ?? "",
+    sk: account.appSecret ?? "",
     timestamp,
-    nonce,
-    encrypt
+    nonce
   });
-  const sendMessageUrl = `${account.apiBase}/chat/openclaw/callback`;
-  const url = `${sendMessageUrl}?timestamp=${encodeURIComponent(timestamp)}&ak=${encodeURIComponent(account.appKey ?? "")}&nonce=${encodeURIComponent(nonce)}&msg_signature=${encodeURIComponent(msgSignature)}`;
-  const body = JSON.stringify({ encrypt });
+  const sendMessageUrl = `${account.apiBase}/channel/msg/callback`;
+  const url = `${sendMessageUrl}?timestamp=${encodeURIComponent(timestamp)}&ak=${encodeURIComponent(account.appKey ?? "")}&nonce=${encodeURIComponent(nonce)}`;
+  const body = JSON.stringify(callbackBody);
   logger.info(`POST ${url}`);
   logger.debug(`request body: ${body}`);
   const resp = await fetch(url, {
     method: "POST",
     body,
-    headers: { "Content-Type": "application/json" }
+    headers: {
+      "Authorization": authorization,
+      "Content-Type": "application/json"
+    }
   });
   const text = await resp.text();
   if (!text) {
@@ -27113,6 +27237,15 @@ async function sendBaiduAppMessage(account, message, options) {
     logger.error(`request failed: ${errmsg}`);
     return { ok: false, errcode: resp.status, errmsg };
   }
+  if (data.code !== 0) {
+    const errmsg = data.msg ?? `channel callback failed with code ${String(data.code)}`;
+    logger.error(`request failed: ${errmsg}`);
+    return {
+      ok: false,
+      errcode: data.code,
+      errmsg
+    };
+  }
   const result2 = {
     ok: true
   };
@@ -27138,21 +27271,21 @@ function buildMediaPayload(mediaList, opts) {
 
 // src/bot.ts
 function extractBaiduAppTextContent(msg) {
-  const msgtype = String(msg.msgtype ?? msg.MsgType ?? "").toLowerCase();
+  const msgtype = String(msg.msgtype ?? "").toLowerCase();
   if (msgtype === "text") {
-    const content = msg.text?.content ?? msg.Content;
+    const content = msg.text?.content;
     return typeof content === "string" ? content : "";
   }
   if (msgtype === "event") {
     const eventtype = String(
-      msg.event?.eventtype ?? msg.Event ?? ""
+      msg.event?.eventtype ?? ""
     ).trim();
     return eventtype ? `[event] ${eventtype}` : "[event]";
   }
   return msgtype ? `[${msgtype}]` : "";
 }
 function canDispatchBaiduAppInboundMessage(msg) {
-  const msgtype = String(msg.msgtype ?? msg.MsgType ?? "").toLowerCase();
+  const msgtype = String(msg.msgtype ?? "").toLowerCase();
   if (msgtype === "text") {
     if (extractBaiduAppTextContent(msg)) {
       return true;
@@ -27222,7 +27355,7 @@ async function dispatchBaiduAppMessage(params) {
     cfg: safeCfg,
     channel: "openclaw-baiduapp",
     accountId: account.accountId,
-    peer: { kind: "dm", id: "default" }
+    peer: { kind: "dm", id: account.accountId || DEFAULT_AGENT_ID }
   });
   logger3.info(`SessionKey: ${route.sessionKey}`);
   logger3.info(
@@ -27252,7 +27385,7 @@ async function dispatchBaiduAppMessage(params) {
     envelope: envelopeOptions,
     body: rawBody
   }) : rawBody;
-  const msgid = msg.msgid ?? msg.MsgId ?? void 0;
+  const msgid = msg.msgid ?? void 0;
   const ctxPayload = channel.reply?.finalizeInboundContext ? channel.reply.finalizeInboundContext({
     Body: body,
     RawBody: rawBody,
@@ -27459,92 +27592,122 @@ var DEFAULT_DOWNLOAD_MAX_BYTES = 20 * 1024 * 1024;
 path2.join("openclaw-baiduapp", "media");
 var DefaultBosClient = import_sdk.default.BosClient;
 var MAX_DOWNLOAD_REDIRECTS = 5;
-var EMPTY_QUERY_MD5 = crypto3.createHash("md5").update("").digest("hex");
-var SKS_BASE_TOKEN_POSITIONS = [12, 37, 5, 23, 48, 15, 62, 33];
-async function fetchSksCredentials(account, deps = {}) {
-  if (!account.appKey?.trim()) {
-    throw new Error("Cannot fetch SKS credentials without account.appKey");
-  }
-  if (!account.appSecret?.trim()) {
-    throw new Error("Cannot fetch SKS credentials without account.appSecret");
-  }
-  const fetchImpl = deps.fetchImpl ?? fetch;
-  const apiBase = account.apiBase.replace(/\/+$/, "");
-  const pageLid = deps.createPageLid?.() ?? generateSksPageLid();
-  const timestamp = String((deps.now?.() ?? /* @__PURE__ */ new Date()).getTime());
-  const token = createSksRequestToken({ pageLid, timestamp });
-  const url = `${apiBase}/file/sts?ak=${encodeURIComponent(account.appKey)}&sk=${encodeURIComponent(account.appSecret)}&tk=${encodeURIComponent(token)}`;
-  const response = await fetchImpl(url, { method: "POST" });
-  if (!response.ok) {
-    throw new Error(`SKS request failed with HTTP ${response.status}`);
-  }
-  let payload;
-  try {
-    payload = await response.json();
-  } catch (error) {
-    throw new Error(`SKS response is not valid JSON: ${formatError(error)}`, { cause: error });
-  }
-  return parseSksCredentialsFromPayload(payload);
-}
-function parseSksCredentialsFromPayload(payload) {
-  const parsed = parseSksResponse(payload);
-  if (parsed.status !== 0) {
-    throw new Error(`SKS request failed with status ${parsed.status}`);
+async function fetchFileUploadSts(options, deps = {}) {
+  assertAccountCanUseChannelApi(options.account);
+  const responsePayload = await postAuthenticatedChannelJson(
+    options.account,
+    "/channel/file/sts",
+    {
+      sessionId: options.sessionId ?? DEFAULT_BAIDU_APP_SESSION_ID,
+      filename: requireSafeDisplayFileName(options.filename),
+      fileSize: options.fileSize,
+      fileType: normalizeOutboundFileType(options.fileType),
+      ...options.md5 ? { md5: options.md5 } : {}
+    },
+    deps
+  );
+  const envelope = parseChannelEnvelope(responsePayload, "file STS");
+  const data = envelope.data;
+  if (!data) {
+    throw new Error("file STS response missing data");
   }
-  if (!parsed.data) {
-    throw new Error("SKS response missing data");
+  const fileId = requireNonEmptyString(data.fileId, "file STS data.fileId");
+  const reuse = requireBoolean(data.reuse, "file STS data.reuse");
+  if (reuse) {
+    return { fileId, reuse };
   }
   return {
-    ak: requireNonEmptyString(parsed.data.ak, "SKS data.ak"),
-    sk: requireNonEmptyString(parsed.data.sk, "SKS data.sk"),
-    sessionToken: requireNonEmptyString(parsed.data.token, "SKS data.token"),
-    bucketName: requireNonEmptyString(parsed.data.bucketName, "SKS data.bucketName"),
-    prefixPath: sanitizeObjectKeyPrefix(requireNonEmptyString(parsed.data.preFixPath, "SKS data.preFixPath")),
-    endpoint: requireNonEmptyString(parsed.data.bceUrl, "SKS data.bceUrl")
+    fileId,
+    reuse,
+    sts: parseFileUploadStsCredentials(data.sts),
+    bceUrl: requireNonEmptyString(data.bceUrl, "file STS data.bceUrl"),
+    bucket: requireNonEmptyString(data.bucket, "file STS data.bucket"),
+    bosName: requireNonEmptyString(data.bosName, "file STS data.bosName")
   };
 }
-function createSksRequestToken(params) {
-  const pageLid = requireNonEmptyString(params.pageLid, "SKS pageLid");
-  const timestamp = requireNonEmptyString(params.timestamp, "SKS timestamp");
-  const baseToken = createSksBaseToken(pageLid);
-  const payload = `${baseToken}|${EMPTY_QUERY_MD5}|${timestamp}|${pageLid}`;
-  return `${Buffer.from(payload, "utf8").toString("base64")}-${pageLid}-3`;
+async function notifyFileUploadComplete(options, deps = {}) {
+  assertAccountCanUseChannelApi(options.account);
+  if (options.fileIds.length === 0) {
+    throw new Error("file complete requires at least one fileId");
+  }
+  const responsePayload = await postAuthenticatedChannelJson(
+    options.account,
+    "/channel/file/complete",
+    {
+      sessionId: options.sessionId ?? DEFAULT_BAIDU_APP_SESSION_ID,
+      fileIds: options.fileIds
+    },
+    deps
+  );
+  const envelope = parseChannelEnvelope(responsePayload, "file complete");
+  const files = extractCompleteFiles(envelope.data);
+  const fileIds = new Set(options.fileIds);
+  for (const file of files) {
+    if (!fileIds.has(file.fileId)) {
+      continue;
+    }
+    if (file.status === -1) {
+      throw new Error(`file complete failed for fileId ${file.fileId}`);
+    }
+  }
+  return { files };
 }
-function createBosClient(credentials, deps = {}) {
+function createBosClient(fileSts, deps = {}) {
+  if (!fileSts.sts || !fileSts.bceUrl) {
+    throw new Error("Cannot create BOS client without STS credentials");
+  }
   const BosClientCtor = deps.bosClientCtor ?? DefaultBosClient;
   return new BosClientCtor({
-    endpoint: credentials.endpoint,
-    sessionToken: credentials.sessionToken,
+    endpoint: fileSts.bceUrl,
+    sessionToken: fileSts.sts.token,
     credentials: {
-      ak: credentials.ak,
-      sk: credentials.sk
+      ak: fileSts.sts.ak,
+      sk: fileSts.sts.sk
     }
   });
 }
 async function uploadLocalFileToBos(options, deps = {}) {
   const localFile = await assertUploadableLocalFile(options.filePath);
-  const credentials = await fetchSksCredentials(options.account, deps);
-  const client = createBosClient(credentials, deps);
   const sourceName = options.fileName ?? path2.basename(localFile);
-  const sanitizedFileName = sanitizeFileName(sourceName);
-  const key = buildBosObjectKey({
-    prefixPath: credentials.prefixPath,
-    fileName: sanitizedFileName,
-    now: deps.now
-  });
-  const uploadOptions = options.contentType?.trim() ? {
-    "Content-Type": options.contentType.trim()
-  } : void 0;
-  const [, fileStat] = await Promise.all([
-    client.putObjectFromFile(credentials.bucketName, key, localFile, uploadOptions),
-    fs2.stat(localFile)
-  ]);
+  const fileName = requireSafeDisplayFileName(sourceName);
+  const [fileBuffer, fileStat] = await Promise.all([fs2.readFile(localFile), fs2.stat(localFile)]);
+  const md5 = crypto.createHash("md5").update(fileBuffer).digest("hex");
+  const fileType = inferOutboundFileType(fileName);
+  const fileSts = await fetchFileUploadSts(
+    {
+      account: options.account,
+      sessionId: options.sessionId,
+      filename: fileName,
+      fileSize: fileStat.size,
+      fileType,
+      md5
+    },
+    deps
+  );
+  if (!fileSts.reuse) {
+    const bucketName = requireNonEmptyString(fileSts.bucket, "file STS bucket");
+    const key = requireNonEmptyString(fileSts.bosName, "file STS bosName");
+    const client = createBosClient(fileSts, deps);
+    const uploadOptions = options.contentType?.trim() ? {
+      "Content-Type": options.contentType.trim()
+    } : void 0;
+    await client.putObjectFromFile(bucketName, key, localFile, uploadOptions);
+  }
+  await notifyFileUploadComplete(
+    {
+      account: options.account,
+      sessionId: options.sessionId,
+      fileIds: [fileSts.fileId]
+    },
+    deps
+  );
   return {
-    bucketName: credentials.bucketName,
-    key,
-    url: client.generateUrl(credentials.bucketName, key),
-    fileName: sanitizedFileName,
-    fileSize: fileStat.size
+    fileId: fileSts.fileId,
+    bucketName: fileSts.bucket,
+    key: fileSts.bosName,
+    fileName,
+    fileSize: fileStat.size,
+    reuse: fileSts.reuse
   };
 }
 async function downloadInboundFileToTemp(options, deps = {}) {
@@ -27642,38 +27805,93 @@ async function pruneExpiredTempFiles(deps = {}) {
   await walk(tempDir);
   return { deletedFiles };
 }
-function parseSksResponse(payload) {
+async function postAuthenticatedChannelJson(account, pathname, bodyPayload, deps) {
+  const fetchImpl = deps.fetchImpl ?? fetch;
+  const now = deps.now?.() ?? /* @__PURE__ */ new Date();
+  const timestamp = String(Math.floor(now.getTime() / 1e3));
+  const nonce = (deps.generateNonceImpl ?? generateNonce)();
+  const authorization = buildAuthorizationHeader({
+    ak: account.appKey ?? "",
+    sk: account.appSecret ?? "",
+    timestamp,
+    nonce
+  });
+  const url = new URL(`${account.apiBase.replace(/\/+$/, "")}${pathname}`);
+  url.searchParams.set("ak", account.appKey ?? "");
+  url.searchParams.set("timestamp", timestamp);
+  url.searchParams.set("nonce", nonce);
+  const response = await fetchImpl(url.toString(), {
+    method: "POST",
+    headers: {
+      "Authorization": authorization,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(bodyPayload)
+  });
+  if (!response.ok) {
+    throw new Error(`channel request failed with HTTP ${response.status}`);
+  }
+  try {
+    return await response.json();
+  } catch (error) {
+    throw new Error(`channel response is not valid JSON: ${formatError(error)}`, { cause: error });
+  }
+}
+function parseChannelEnvelope(payload, label) {
   if (!payload || typeof payload !== "object") {
-    throw new Error("SKS response must be an object");
+    throw new Error(`${label} response must be an object`);
   }
   const record = payload;
-  const status = typeof record.code === "number" ? record.code : typeof record.status === "number" ? record.status : void 0;
+  const code = record.code;
+  if (typeof code !== "number") {
+    throw new Error(`${label} response missing numeric code`);
+  }
+  if (code !== 0) {
+    const msg = typeof record.msg === "string" ? record.msg : "unknown error";
+    throw new Error(`${label} request failed with code ${code}: ${msg}`);
+  }
   const data = record.data;
   return {
-    status,
-    data: data && typeof data === "object" ? {
-      ak: data.ak,
-      sk: data.sk,
-      token: data.token,
-      bucketName: data.bucketName,
-      preFixPath: data.preFixPath,
-      bceUrl: data.bceUrl
-    } : void 0
+    code,
+    msg: typeof record.msg === "string" ? record.msg : void 0,
+    data: data && typeof data === "object" ? data : void 0
   };
 }
-function generateSksPageLid() {
-  return crypto3.randomBytes(16).toString("hex");
+function parseFileUploadStsCredentials(payload) {
+  if (!payload || typeof payload !== "object") {
+    throw new Error("file STS data.sts is required");
+  }
+  const record = payload;
+  return {
+    ak: requireNonEmptyString(record.ak, "file STS data.sts.ak"),
+    sk: requireNonEmptyString(record.sk, "file STS data.sts.sk"),
+    token: requireNonEmptyString(record.token, "file STS data.sts.token"),
+    expireAt: requireNumber(record.expireAt, "file STS data.sts.expireAt")
+  };
 }
-function createSksBaseToken(pageLid) {
-  const pageLidHash = crypto3.createHash("sha256").update(pageLid).digest("hex");
-  const characters = SKS_BASE_TOKEN_POSITIONS.map((position) => {
-    const character = pageLidHash[position];
-    if (!character) {
-      throw new Error(`SKS base token position is out of range: ${position}`);
+function extractCompleteFiles(payload) {
+  const files = payload?.files;
+  if (!Array.isArray(files)) {
+    return [];
+  }
+  return files.map((file, index2) => {
+    if (!file || typeof file !== "object") {
+      throw new Error(`file complete data.files[${index2}] must be an object`);
     }
-    return character;
+    const record = file;
+    return {
+      fileId: requireNonEmptyString(record.fileId, `file complete data.files[${index2}].fileId`),
+      status: requireNumber(record.status, `file complete data.files[${index2}].status`)
+    };
   });
-  return characters.join("");
+}
+function assertAccountCanUseChannelApi(account) {
+  if (!account.appKey?.trim()) {
+    throw new Error("Cannot call channel API without account.appKey");
+  }
+  if (!account.appSecret?.trim()) {
+    throw new Error("Cannot call channel API without account.appSecret");
+  }
 }
 function requireNonEmptyString(value, label) {
   if (typeof value !== "string" || !value.trim()) {
@@ -27681,36 +27899,19 @@ function requireNonEmptyString(value, label) {
   }
   return value.trim();
 }
-function sanitizeObjectKeyPrefix(prefixPath) {
-  const normalized = prefixPath.replace(/\\/g, "/").trim();
-  const segments = normalized.split("/").map((segment) => segment.trim()).filter(Boolean);
-  if (segments.length === 0) {
-    throw new Error("SKS data.preFixPath must contain at least one safe path segment");
+function requireBoolean(value, label) {
+  if (typeof value !== "boolean") {
+    throw new Error(`${label} must be a boolean`);
   }
-  const safeSegments = segments.map((segment) => {
-    if (segment === "." || segment === "..") {
-      throw new Error("SKS data.preFixPath contains path traversal");
-    }
-    return sanitizeObjectKeySegment(segment);
-  });
-  return safeSegments.join("/");
+  return value;
 }
-function sanitizeObjectKeySegment(segment) {
-  const sanitized = segment.replace(/[^a-zA-Z0-9._-]+/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
-  if (!sanitized) {
-    throw new Error(`Object key segment is not safe: ${segment}`);
+function requireNumber(value, label) {
+  if (typeof value !== "number" || !Number.isFinite(value)) {
+    throw new Error(`${label} must be a finite number`);
   }
-  return sanitized.slice(0, 80);
-}
-function sanitizeFileName(fileName) {
-  assertSafeUntrustedFileName(fileName);
-  const parsed = path2.parse(fileName.trim());
-  const safeBase = parsed.name.replace(/[^a-zA-Z0-9._-]+/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
-  const safeExt = parsed.ext.replace(/[^a-zA-Z0-9.]+/g, "").slice(0, 16);
-  const baseName = safeBase || "file";
-  return `${baseName.slice(0, 80)}${safeExt}`;
+  return value;
 }
-function assertSafeUntrustedFileName(fileName) {
+function requireSafeDisplayFileName(fileName) {
   const trimmed = fileName.trim();
   if (!trimmed) {
     throw new Error("Filename cannot be empty");
@@ -27721,14 +27922,18 @@ function assertSafeUntrustedFileName(fileName) {
   if (trimmed === "." || trimmed === "..") {
     throw new Error(`Filename is not safe: ${fileName}`);
   }
+  return trimmed;
 }
-function buildBosObjectKey(params) {
-  const timestamp = formatUtcDate(params.now?.() ?? /* @__PURE__ */ new Date());
-  const uniqueId2 = crypto3.randomUUID();
-  return `${params.prefixPath}/${timestamp}/${uniqueId2}-${params.fileName}`;
+function normalizeOutboundFileType(fileType) {
+  const normalized = fileType.trim().replace(/^\.+/, "").toLowerCase();
+  if (!normalized) {
+    throw new Error("fileType is required");
+  }
+  return normalized;
 }
-function formatUtcDate(date) {
-  return date.toISOString().slice(0, 10);
+function inferOutboundFileType(fileName) {
+  const extension = path2.extname(fileName).replace(/^\./, "").toLowerCase();
+  return extension || "bin";
 }
 async function assertUploadableLocalFile(filePath) {
   const resolvedPath = path2.resolve(filePath);
@@ -27853,11 +28058,11 @@ function parseContentDispositionFileName(contentDisposition) {
 }
 function resolveDownloadFileName(params) {
   const candidate = params.explicitFileName ?? params.headerFileName ?? params.urlFileName ?? "file.bin";
-  return sanitizeFileName(candidate);
+  return requireSafeDisplayFileName(candidate);
 }
 function buildTempFilePath(params) {
   const timestamp = (params.now?.() ?? /* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-  return path2.join(params.tempDir, `${timestamp}-${crypto3.randomUUID()}-${params.fileName}`);
+  return path2.join(params.tempDir, `${timestamp}-${crypto.randomUUID()}-${params.fileName}`);
 }
 async function ensurePluginTempDir(resolveTmpDir) {
   const baseTmpDir = resolveTmpDir?.() ?? resolvePreferredOpenClawTmpDir();
@@ -27918,12 +28123,12 @@ function normalizeWebhookPath(raw) {
 function jsonOk(res, body) {
   res.statusCode = 200;
   res.setHeader("Content-Type", "application/json; charset=utf-8");
-  res.end(JSON.stringify({ status: 0, data: body }));
+  res.end(JSON.stringify({ code: 0, msg: "success", data: body }));
 }
 function jsonError(res, message, statusCode = 200) {
   res.statusCode = statusCode;
   res.setHeader("Content-Type", "application/json; charset=utf-8");
-  res.end(JSON.stringify({ status: -1, message }));
+  res.end(JSON.stringify({ code: -1, msg: message, data: {} }));
 }
 async function readRawBody(req, maxBytes) {
   const chunks = [];
@@ -27955,47 +28160,6 @@ async function readRawBody(req, maxBytes) {
     });
   });
 }
-function parseXmlBody(xml) {
-  const result2 = {};
-  const cdataRegex = /<(\w+)><!\[CDATA\[([\s\S]*?)\]\]><\/\1>/g;
-  let match;
-  while ((match = cdataRegex.exec(xml)) !== null) {
-    const [, key = "", value = ""] = match;
-    result2[key] = value;
-  }
-  const simpleRegex = /<(\w+)>([^<]*)<\/\1>/g;
-  while ((match = simpleRegex.exec(xml)) !== null) {
-    const [, key = "", value = ""] = match;
-    if (!result2[key]) {
-      result2[key] = value;
-    }
-  }
-  return result2;
-}
-function isXmlFormat(raw) {
-  const trimmed = raw.trim();
-  return trimmed.startsWith("<") && trimmed.endsWith(">");
-}
-function buildEncryptedJsonReply(params) {
-  const base = params.plaintextJson != null && typeof params.plaintextJson === "object" ? params.plaintextJson : {};
-  const plaintext = JSON.stringify({ ...base, version: PLUGIN_VERSION });
-  const encrypt = encryptBaiduAppPlaintext({
-    encodingAESKey: params.account.encodingAESKey ?? "",
-    plaintext
-  });
-  const msgsignature = computeBaiduAppMsgSignature({
-    token: params.account.token ?? "",
-    timestamp: params.timestamp,
-    nonce: params.nonce,
-    encrypt
-  });
-  return {
-    encrypt,
-    msgsignature,
-    timestamp: params.timestamp,
-    nonce: params.nonce
-  };
-}
 function resolveQueryParams(req) {
   const url = new URL(req.url ?? "/", "http://localhost");
   return url.searchParams;
@@ -28004,8 +28168,16 @@ function resolvePath(req) {
   const url = new URL(req.url ?? "/", "http://localhost");
   return normalizeWebhookPath(url.pathname || "/");
 }
-function resolveSignatureParam(params) {
-  return params.get("msg_signature") ?? params.get("msgsignature") ?? params.get("signature") ?? "";
+function resolveBearerToken(req) {
+  const authorization = req.headers.authorization ?? req.headers.Authorization;
+  if (Array.isArray(authorization)) {
+    return "";
+  }
+  const value = typeof authorization === "string" ? authorization.trim() : "";
+  if (!value.toLowerCase().startsWith("bearer ")) {
+    return "";
+  }
+  return value.slice(7).trim();
 }
 function buildLogger(target) {
   return createLogger("openclaw-baiduapp", {
@@ -28073,50 +28245,49 @@ async function downloadInboundFiles(params) {
     }
   };
 }
-function parseBaiduAppPlainMessage(raw) {
-  const trimmed = raw.trim();
-  if (trimmed.startsWith("<") && trimmed.endsWith(">")) {
-    const xmlData = parseXmlBody(trimmed);
-    return {
-      msgtype: xmlData.MsgType,
-      MsgType: xmlData.MsgType,
-      msgid: xmlData.MsgId,
-      MsgId: xmlData.MsgId,
-      content: xmlData.Content,
-      Content: xmlData.Content,
-      from: xmlData.FromUserName ? { appkey: xmlData.FromUserName } : void 0,
-      ToUserName: xmlData.ToUserName,
-      CreateTime: xmlData.CreateTime ? Number(xmlData.CreateTime) : void 0,
-      BotID: xmlData.BotID ? Number(xmlData.BotID) : void 0,
-      Event: xmlData.Event
-    };
-  }
+function parseV2MsgToInbound(inner, outer) {
+  const list = Array.isArray(inner.list) ? inner.list : [];
+  const textItem = list.find(
+    (item) => item && typeof item === "object" && item.type === "text"
+  );
+  const fileItems = list.filter(
+    (item) => item && typeof item === "object" && item.type === "file"
+  );
+  const textContent = textItem?.data?.text?.content ?? "";
+  const files = fileItems.map((f) => ({ url: f.data.fileId, fileType: "file" }));
+  return {
+    msgtype: "text",
+    msgid: typeof outer.msgid === "string" ? outer.msgid : void 0,
+    agentid: typeof outer.agentid === "string" ? outer.agentid : void 0,
+    text: textContent ? { content: textContent } : void 0,
+    ...files.length > 0 ? { files } : {}
+  };
+}
+function parseBaiduAppCandidates(params) {
+  const results = [];
+  let outer = {};
   try {
-    const parsed = JSON.parse(trimmed);
-    if (!parsed || typeof parsed !== "object") {
-      return {};
+    const parsed = JSON.parse(params.raw);
+    if (parsed && typeof parsed === "object") {
+      outer = parsed;
     }
-    return parsed;
   } catch {
-    return {};
+    outer = {};
   }
-}
-function decryptBaiduAppCandidates(params) {
-  const results = [];
-  for (const candidate of params.candidates) {
-    if (!candidate.account.encodingAESKey) {
-      continue;
-    }
+  let inner = {};
+  if (typeof outer.msg === "string") {
     try {
-      const plaintext = decryptBaiduAppEncrypted({
-        encodingAESKey: candidate.account.encodingAESKey,
-        encrypt: params.encrypt
-      });
-      const msg = parseBaiduAppPlainMessage(plaintext);
-      results.push({ target: candidate, plaintext, msg });
+      const parsedInner = JSON.parse(outer.msg);
+      if (parsedInner && typeof parsedInner === "object") {
+        inner = parsedInner;
+      }
     } catch {
+      inner = {};
     }
   }
+  for (const candidate of params.candidates) {
+    results.push({ target: candidate, msg: parseV2MsgToInbound(inner, outer) });
+  }
   return results;
 }
 function selectDecryptedTarget(params) {
@@ -28133,8 +28304,9 @@ async function processBaiduAppInboundMessage(params) {
   const { target, msg } = params;
   const logger3 = buildLogger(target);
   target.statusSink?.({ lastInboundAt: Date.now() });
-  const msgtype = String(msg.msgtype ?? msg.MsgType ?? "").toLowerCase();
-  const msgid = msg.msgid ?? msg.MsgId ? String(msg.msgid ?? msg.MsgId) : void 0;
+  const msgtype = String(msg.msgtype ?? "").toLowerCase();
+  const msgid = msg.msgid ? String(msg.msgid) : void 0;
+  const agentId = extractAgentId(msg);
   logger3.info(`inbound: type=${msgtype || "unknown"} msgid=${msgid ?? "none"} account=${target.account.accountId}`);
   if (!canDispatchBaiduAppInboundMessage(msg)) {
     logger3.warn(`inbound message skipped: type=${msgtype || "unknown"} reason=no-dispatchable-content`);
@@ -28142,6 +28314,11 @@ async function processBaiduAppInboundMessage(params) {
   }
   const inboundFileResult = msgtype === "text" ? await downloadInboundFiles({ msg, logger: logger3, runtime: target.runtime }) : { localFiles: [], diagnostic: {} };
   const inboundMediaFiles = inboundFileResult.localFiles;
+  const agentAccount = resolveAgentAccount({
+    baseAccount: target.account,
+    cfg: target.config,
+    agentId
+  });
   const core = tryGetBaiduAppRuntime();
   if (core) {
     logger3.info(`agent dispatch started: canSendActive=${target.account.canSendActive}`);
@@ -28154,8 +28331,9 @@ async function processBaiduAppInboundMessage(params) {
         );
         target.statusSink?.({ lastOutboundAt: Date.now() });
         if (target.account.canSendActive) {
-          sendBaiduAppMessage(target.account, text, {
-            msgid,
+          sendBaiduAppMessage(agentAccount, text, {
+            replyToMsgId: msgid,
+            agentid: agentId,
             chunkKey: currentChunkKey
           }).then((result2) => {
             if (!result2.ok) {
@@ -28178,7 +28356,7 @@ async function processBaiduAppInboundMessage(params) {
     };
     dispatchBaiduAppMessage({
       cfg: target.config,
-      account: target.account,
+      account: agentAccount,
       msg,
       core,
       hooks,
@@ -28212,61 +28390,51 @@ function registerBaiduAppWebhookTarget(target) {
   };
 }
 async function handleBaiduAppWebhookRequest(req, res) {
-  const path4 = resolvePath(req);
-  const targets = webhookTargets.get(path4);
+  const path5 = resolvePath(req);
+  const targets = webhookTargets.get(path5);
   if (!targets || targets.length === 0) {
     return false;
   }
   const query = resolveQueryParams(req);
   const timestamp = query.get("timestamp") ?? "";
   const nonce = query.get("nonce") ?? "";
-  const signature = resolveSignatureParam(query);
+  const ak = query.get("ak") ?? "";
+  const token = resolveBearerToken(req);
   const primary = targets[0];
   const logger3 = buildLogger(primary);
   if (req.method === "GET") {
     const echostr = query.get("echostr") ?? "";
-    if (!timestamp || !nonce || !signature || !echostr) {
+    if (!ak || !timestamp || !nonce || !token || !echostr) {
       jsonError(res, "missing query params", 400);
       return true;
     }
-    const signatureMatched2 = targets.filter((candidate) => {
-      if (!candidate.account.token) {
+    const tokenMatched2 = targets.filter((candidate) => {
+      if (!candidate.account.appKey || !candidate.account.appSecret) {
         return false;
       }
-      return verifyBaiduAppSignature({
-        token: candidate.account.token,
+      if (candidate.account.appKey !== ak) {
+        return false;
+      }
+      return verifyAKSKBearerToken({
+        ak: candidate.account.appKey,
+        sk: candidate.account.appSecret,
         timestamp,
         nonce,
-        encrypt: echostr,
-        signature
+        token
       });
     });
-    if (signatureMatched2.length === 0) {
-      jsonError(res, "unauthorized");
-      return true;
-    }
-    const decryptable2 = signatureMatched2.filter((candidate) => Boolean(candidate.account.encodingAESKey));
-    if (decryptable2.length === 0) {
+    if (tokenMatched2.length === 0) {
       jsonError(res, "unauthorized");
       return true;
     }
-    const decryptedCandidates2 = decryptBaiduAppCandidates({
-      candidates: decryptable2,
-      encrypt: echostr
-    });
-    if (decryptedCandidates2.length === 0) {
-      jsonError(res, "decrypt failed");
-      return true;
-    }
-    const selected2 = selectDecryptedTarget({ candidates: decryptedCandidates2, logger: logger3 });
-    jsonOk(res, selected2.plaintext);
+    jsonOk(res, echostr);
     return true;
   }
   if (req.method !== "POST") {
     jsonError(res, "Method Not Allowed", 405);
     return true;
   }
-  if (!timestamp || !nonce || !signature) {
+  if (!ak || !timestamp || !nonce || !token) {
     jsonError(res, "missing query params");
     return true;
   }
@@ -28276,90 +28444,56 @@ async function handleBaiduAppWebhookRequest(req, res) {
     return true;
   }
   const rawBody = body.raw;
-  let encrypt = "";
-  let msgSignature = signature;
-  let msgTimestamp = timestamp;
-  let msgNonce = nonce;
-  if (isXmlFormat(rawBody)) {
-    const xmlData = parseXmlBody(rawBody);
-    encrypt = xmlData.Encrypt ?? "";
-    msgSignature = xmlData.MsgSignature ?? signature;
-    msgTimestamp = xmlData.TimeStamp ?? timestamp;
-    msgNonce = xmlData.Nonce ?? nonce;
-    logger3.info(`inbound xml parsed: hasEncrypt=${Boolean(encrypt)}, msg_signature=${msgSignature ? "yes" : "no"}`);
-  } else {
-    try {
-      const record = JSON.parse(rawBody);
-      encrypt = String(record.encrypt ?? record.Encrypt ?? "");
-      logger3.info(`inbound json parsed: hasEncrypt=${Boolean(encrypt)}`);
-    } catch {
-      logger3.warn(`inbound payload parse failed: not valid xml or json`);
-      jsonError(res, "invalid payload format");
-      return true;
-    }
-  }
-  if (!encrypt) {
-    jsonError(res, "missing encrypt");
+  try {
+    JSON.parse(rawBody);
+    logger3.info("inbound json parsed");
+  } catch {
+    logger3.warn("inbound payload parse failed: not valid json");
+    jsonError(res, "invalid payload format");
     return true;
   }
-  const signatureMatched = targets.filter((candidate) => {
-    if (!candidate.account.token) {
+  const tokenMatched = targets.filter((candidate) => {
+    if (!candidate.account.appKey || !candidate.account.appSecret) {
       return false;
     }
-    return verifyBaiduAppSignature({
-      token: candidate.account.token,
-      timestamp: msgTimestamp,
-      nonce: msgNonce,
-      encrypt,
-      signature: msgSignature
+    if (candidate.account.appKey !== ak) {
+      return false;
+    }
+    return verifyAKSKBearerToken({
+      ak: candidate.account.appKey,
+      sk: candidate.account.appSecret,
+      timestamp,
+      nonce,
+      token
     });
   });
-  if (signatureMatched.length === 0) {
-    logger3.warn(`signature verification failed: checked ${targets.length} account(s), none matched`);
+  if (tokenMatched.length === 0) {
+    logger3.warn(`bearer token verification failed: checked ${targets.length} account(s), none matched`);
     jsonError(res, "unauthorized");
     return true;
   }
-  logger3.debug(`signature verified: ${signatureMatched.length} account(s) matched`);
-  const decryptable = signatureMatched.filter((candidate) => Boolean(candidate.account.encodingAESKey));
-  if (decryptable.length === 0) {
-    logger3.warn(`no account has encodingAESKey configured`);
-    jsonError(res, "openclaw-baiduapp not configured");
-    return true;
-  }
-  const decryptedCandidates = decryptBaiduAppCandidates({
-    candidates: decryptable,
-    encrypt
+  logger3.debug(`bearer token verified: ${tokenMatched.length} account(s) matched`);
+  const decryptedCandidates = parseBaiduAppCandidates({
+    candidates: tokenMatched,
+    raw: rawBody
   });
-  if (decryptedCandidates.length === 0) {
-    logger3.warn(`decrypt failed for all ${decryptable.length} candidate account(s)`);
-    jsonError(res, "decrypt failed");
-    return true;
-  }
   const selected = selectDecryptedTarget({ candidates: decryptedCandidates, logger: logger3 });
   const target = selected.target;
-  if (!target.account.configured || !target.account.token || !target.account.encodingAESKey) {
+  if (!target.account.configured || !target.account.appKey || !target.account.appSecret) {
     logger3.warn(`selected account ${target.account.accountId} not fully configured`);
     jsonError(res, "openclaw-baiduapp not configured");
     return true;
   }
-  const reply = await processBaiduAppInboundMessage({
+  await processBaiduAppInboundMessage({
     target,
     msg: selected.msg
   });
-  jsonOk(
-    res,
-    buildEncryptedJsonReply({
-      account: target.account,
-      plaintextJson: reply,
-      nonce: msgNonce,
-      timestamp: msgTimestamp
-    })
-  );
+  jsonOk(res, {});
   return true;
 }
 
 // src/poller.ts
-var DEFAULT_POLL_INTERVAL_MS = 1e3;
+var DEFAULT_POLL_INTERVAL_MS = 3e3;
 var DEFAULT_POLL_REQUEST_TIMEOUT_MS = 1e4;
 var accountPollers = /* @__PURE__ */ new Map();
 function buildPollingTextInboundMessage(content) {
@@ -28370,21 +28504,34 @@ function buildPollingTextInboundMessage(content) {
     }
   };
 }
+function parseTextAndFilesFromList(list) {
+  const textItem = list.find((entry) => entry.type === "text");
+  const fileItems = list.filter((entry) => entry.type === "file");
+  const content = textItem?.type === "text" ? textItem.data.text.content : void 0;
+  const files = fileItems.map((file) => {
+    const fileId = file.data.file.fileId;
+    return typeof fileId === "string" && fileId.trim() ? { url: fileId, fileType: "file" } : null;
+  }).filter((file) => file != null);
+  return { content, files };
+}
 async function dispatchPendingPollingMessages(data, target) {
   if (!target || data.length === 0) {
     return;
   }
   for (const item of data) {
-    if (String(item.msgtype).toLowerCase() !== "text") {
-      continue;
-    }
-    const content = item.data?.content;
-    if (typeof content !== "string" || content.length === 0) {
+    const list = Array.isArray(item.list) ? item.list : [];
+    const { content, files } = parseTextAndFilesFromList(list);
+    if (typeof content !== "string" && files.length === 0) {
       continue;
     }
     await processBaiduAppInboundMessage({
       target,
-      msg: buildPollingTextInboundMessage(content)
+      msg: {
+        ...buildPollingTextInboundMessage(typeof content === "string" ? content : ""),
+        msgid: typeof item.msgId === "string" ? item.msgId : void 0,
+        agentid: typeof item.agentId === "string" ? item.agentId : void 0,
+        ...files.length > 0 ? { files } : {}
+      }
     });
   }
 }
@@ -28439,12 +28586,28 @@ function createAbortSignalController(params) {
   };
 }
 async function pollBaiduAppChatlistOnce(account, loggerOptions, requestOptions) {
-  const endpoint = `${account.apiBase}/chat/demo/chatlist`;
+  const endpoint = `${account.apiBase}/channel/msg/poll`;
+  const logger3 = createLogger("openclaw-baiduapp:poller", loggerOptions);
+  const timestamp = String(Math.floor(Date.now() / 1e3));
+  const nonce = generateNonce();
+  const authorization = buildAuthorizationHeader({
+    ak: account.appKey ?? "",
+    sk: account.appSecret ?? "",
+    timestamp,
+    nonce
+  });
   const query = new URLSearchParams({
     ak: account.appKey ?? "",
-    sk: account.appSecret ?? ""
+    timestamp,
+    nonce
   });
   const url = `${endpoint}?${query.toString()}`;
+  const payload = {
+    sessionId: "agent:main:main",
+    num: 5,
+    version: PLUGIN_VERSION
+  };
+  const body = JSON.stringify(payload);
   const requestSignal = createAbortSignalController({
     signal: requestOptions?.signal,
     timeoutMs: requestOptions?.timeoutMs
@@ -28452,8 +28615,13 @@ async function pollBaiduAppChatlistOnce(account, loggerOptions, requestOptions)
   let response;
   try {
     response = await (requestOptions?.fetchImpl ?? fetch)(url, {
-      method: "GET",
-      signal: requestSignal.signal
+      method: "POST",
+      body,
+      signal: requestSignal.signal,
+      headers: {
+        "Authorization": authorization,
+        "Content-Type": "application/json"
+      }
     });
   } catch (error) {
     requestSignal.cleanup();
@@ -28506,10 +28674,13 @@ async function pollBaiduAppChatlistOnce(account, loggerOptions, requestOptions)
       }
     });
   }
-  const data = Array.isArray(parsed.data) ? parsed.data : [];
+  if (parsed.code !== 0) {
+    logger3.debug(`Baidu poll returned non-zero code=${String(parsed.code)}, message=${parsed.message}`);
+  }
+  const msgList = Array.isArray(parsed.data?.msgList) ? parsed.data.msgList : [];
   return buildPollResult({
     ok: true,
-    data
+    data: msgList
   });
 }
 function scheduleNextPoll(account, state) {
@@ -28625,16 +28796,33 @@ function resolveOutboundLocalMediaPath(mediaUrl) {
   }
   return trimmed;
 }
-function inferBaiduOutboundFileType(params) {
-  const ext = path2.extname(params.mediaPath).toLowerCase();
-  return ext.startsWith(".") ? ext.slice(1) : ext || "bin";
-}
 function buildOutboundMediaPayload(params) {
   const caption = params.caption?.trim();
+  const mediaItem = params.externalUrl ? {
+    type: "external_url",
+    data: {
+      externalUrl: {
+        url: params.externalUrl
+      }
+    }
+  } : {
+    type: "file",
+    data: {
+      file: {
+        fileId: params.fileId ?? ""
+      }
+    }
+  };
   return {
-    msgtype: "text",
-    ...caption ? { text: { content: caption } } : {},
-    files: [{ url: params.uploadedUrl, fileType: params.fileType }]
+    list: [
+      ...caption ? [{
+        type: "text",
+        data: {
+          text: { content: caption }
+        }
+      }] : [],
+      mediaItem
+    ]
   };
 }
 function resolveDirectOutboundFiles(files) {
@@ -28871,7 +29059,10 @@ var baiduAppPlugin = {
         };
       }
       try {
-        const result2 = await sendBaiduAppMessage(account, params.text);
+        const result2 = await sendBaiduAppMessage(account, params.text, {
+          agentid: account.accountId,
+          isActive: true
+        });
         return {
           channel: "openclaw-baiduapp",
           ok: result2.ok,
@@ -28914,14 +29105,15 @@ var baiduAppPlugin = {
             account,
             buildOutboundMediaPayload({
               caption: params.text,
-              uploadedUrl: remoteUrl,
-              fileType: inferBaiduOutboundFileType({ mediaPath: remoteUrl })
-            })
+              externalUrl: remoteUrl
+            }),
+            { agentid: account.accountId, isActive: true }
           );
           return {
             channel: "openclaw-baiduapp",
-            ok: true,
-            messageId: result2.msgid ?? ""
+            ok: result2.ok,
+            messageId: result2.msgid ?? "",
+            error: result2.ok ? void 0 : new Error(result2.errmsg ?? "send failed")
           };
         } catch (err) {
           return {
@@ -28954,11 +29146,9 @@ var baiduAppPlugin = {
           account,
           buildOutboundMediaPayload({
             caption: params.text,
-            uploadedUrl: uploaded.url,
-            fileType: inferBaiduOutboundFileType({
-              mediaPath: uploaded.fileName || localMediaPath
-            })
-          })
+            fileId: uploaded.fileId
+          }),
+          { agentid: account.accountId, isActive: true }
         );
         return {
           channel: "openclaw-baiduapp",
@@ -28980,6 +29170,18 @@ var baiduAppPlugin = {
       }
     }
   },
+  auth: {
+    login: async (params) => {
+      void params.channelInput;
+      const { loginBaiduApp: loginBaiduApp2 } = await Promise.resolve().then(() => (init_login(), login_exports));
+      await loginBaiduApp2({
+        cfg: params.cfg,
+        accountId: params.accountId,
+        runtime: params.runtime,
+        verbose: params.verbose
+      });
+    }
+  },
   gateway: {
     startAccount: async (ctx) => {
       ctx.setStatus?.({ accountId: ctx.accountId });
@@ -28995,7 +29197,7 @@ var baiduAppPlugin = {
         ctx.setStatus?.({ accountId: ctx.accountId, running: false, configured: false });
         return;
       }
-      const path4 = (account.config.webhookPath ?? "/openclaw-baiduapp").trim();
+      const path5 = (account.config.webhookPath ?? "/openclaw-baiduapp").trim();
       const runtime2 = {
         log: ctx.log?.info ?? console.log,
         error: ctx.log?.error ?? console.error
@@ -29004,7 +29206,7 @@ var baiduAppPlugin = {
         account,
         config: ctx.cfg ?? {},
         runtime: runtime2,
-        path: path4,
+        path: path5,
         statusSink: (patch) => ctx.setStatus?.({ accountId: ctx.accountId, ...patch })
       });
       try {
@@ -29017,30 +29219,28 @@ var baiduAppPlugin = {
         existing();
       }
       unregisterHooks.set(ctx.accountId, unregister);
-      if (account.config.pollingEnabled === true) {
-        startAccountPolling({
+      startAccountPolling({
+        account,
+        dispatchTarget: {
           account,
-          dispatchTarget: {
-            account,
-            config: ctx.cfg ?? {},
-            runtime: runtime2,
-            statusSink: (patch) => ctx.setStatus?.({ accountId: ctx.accountId, ...patch })
-          },
-          onError: (error) => {
-            const message = error instanceof Error ? error.message : String(error);
-            ctx.log?.error(`[openclaw-baiduapp] polling failed for account ${ctx.accountId}: ${message}`);
-          }
-        });
-      }
+          config: ctx.cfg ?? {},
+          runtime: runtime2,
+          statusSink: (patch) => ctx.setStatus?.({ accountId: ctx.accountId, ...patch })
+        },
+        onError: (error) => {
+          const message = error instanceof Error ? error.message : String(error);
+          ctx.log?.error(`[openclaw-baiduapp] polling failed for account ${ctx.accountId}: ${message}`);
+        }
+      });
       ctx.log?.info(
-        `[openclaw-baiduapp] webhook registered at ${path4} for account ${ctx.accountId} (canSendActive=${account.canSendActive})`
+        `[openclaw-baiduapp] webhook registered at ${path5} for account ${ctx.accountId} (canSendActive=${account.canSendActive})`
       );
       ctx.setStatus?.({
         accountId: ctx.accountId,
         running: true,
         configured: true,
         canSendActive: account.canSendActive,
-        webhookPath: path4,
+        webhookPath: path5,
         lastStartAt: Date.now()
       });
       if (ctx.abortSignal) {
@@ -29083,7 +29283,7 @@ async function sendMessage(account, options) {
     };
   }
   try {
-    const textResult = await sendBaiduAppMessage(account, options.text);
+    const textResult = await sendBaiduAppMessage(account, options.text, { isActive: true });
     return {
       ok: textResult.ok,
       msgid: textResult.msgid,