@shadowob/openclaw-shadowob 1.1.3 → 1.1.5

package/dist/{chunk-PEV3R2R7.js → chunk-4G572ZLC.js}

@@ -22,6 +22,9 @@ function mentionTargetsBot(params) {
     return mention.username?.toLowerCase() === botUsername;
   });
 }
+function mentionsTargetServerApp(mentions) {
+  return mentions.some((mention) => mention.kind === "app" && (mention.appKey || mention.targetId));
+}
 function formatShadowMentionsForAgent(mentions) {
   if (mentions.length === 0) return "";
   const lines = mentions.map((mention) => {
@@ -32,6 +35,9 @@ function formatShadowMentionsForAgent(mentions) {
     if (mention.kind === "server") {
       return `- ${label} [server] serverId=${mention.serverId ?? mention.targetId} slug=${mention.serverSlug ?? ""}`;
     }
+    if (mention.kind === "app") {
+      return `- ${label} [server-app] appKey=${mention.appKey ?? mention.targetId} appId=${mention.appId ?? mention.targetId} serverId=${mention.serverId ?? ""} server=${mention.serverName ?? ""}`;
+    }
     if (mention.kind === "user" || mention.kind === "buddy") {
       return `- ${label} [${mention.kind}] userId=${mention.userId ?? mention.targetId} username=${mention.username ?? ""}`;
     }
@@ -40,8 +46,9 @@ function formatShadowMentionsForAgent(mentions) {
   return [
     "Shadow mentions:",
     ...lines,
-    "To mention a Shadow entity in a reply, write its visible handle (for example @username or #channel); Shadow will resolve it before delivery."
-  ].join("\n");
+    "To mention a Shadow entity in a reply, write its visible handle (for example @username or #channel); Shadow will resolve it before delivery.",
+    mentionsTargetServerApp(mentions) ? 'If a server app is mentioned, operate it through the Shadow CLI only: first run `shadowob app discover --server "<serverId-or-slug>" --json`, then run `shadowob app call "<appKey>" <command> --server "<serverId-or-slug>" --json-input \'<raw-command-input-json>\' --json`. Do not use curl, fetch, raw HTTP routes, or the JavaScript SDK for server-app commands. Use the mentioned appKey/serverId; do not ask the user to describe the CLI path.' : ""
+  ].filter(Boolean).join("\n");
 }
 function mentionContextFields(mentions) {
   if (mentions.length === 0) return {};
@@ -66,6 +73,14 @@ function mentionContextFields(mentions) {
       serverId: mention.serverId ?? mention.targetId,
       serverSlug: mention.serverSlug,
       serverName: mention.serverName
+    })),
+    MentionedApps: mentions.filter((mention) => mention.kind === "app").map((mention) => ({
+      appId: mention.appId ?? mention.targetId,
+      appKey: mention.appKey,
+      appName: mention.appName,
+      serverId: mention.serverId,
+      serverSlug: mention.serverSlug,
+      serverName: mention.serverName
     }))
   };
 }
@@ -162,6 +177,8 @@ async function buildInteractiveResponseContext(params) {
   const responsePrompt = sourceInteractive && typeof sourceInteractive === "object" && !Array.isArray(sourceInteractive) ? sourceInteractive.responsePrompt : void 0;
   const lines = [
     "Shadow interactive response received.",
+    "Use the submitted values once. Do not separately restate or grade the submitted form unless the source command explicitly asks for an evaluation.",
+    "If the next step is another Shadow interactive dialog, send that dialog only and do not add a separate normal text reply for the same step.",
     `Source message: ${source?.content ?? "(unavailable)"}`,
     typeof sourcePrompt === "string" && sourcePrompt.trim() ? `Source prompt: ${sourcePrompt.trim()}` : "",
     typeof responsePrompt === "string" && responsePrompt.trim() ? `Follow-up instruction: ${responsePrompt.trim()}` : "",
@@ -281,8 +298,10 @@ async function resolveShadowInboundMediaContext(params) {
 }
 
 // src/monitor/preflight.ts
-function escapeRegex(value) {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+function normalizeTriggerUserIds(policyConfig) {
+  const value = policyConfig?.allowedTriggerUserIds ?? policyConfig?.triggerUserIds;
+  if (!Array.isArray(value)) return null;
+  return value.filter((item) => typeof item === "string" && item.length > 0);
 }
 function evaluateShadowMessagePreflight(params) {
   const { message, botUserId, botUsername, channelPolicies, runtime } = params;
@@ -292,7 +311,6 @@ function evaluateShadowMessagePreflight(params) {
   }
   const policy = channelPolicies.get(message.channelId);
   const policyConfig = policy?.config;
-  const structuredMentions = getShadowMessageMentions(message);
   let isProcessingBuddyMessage = false;
   if (message.author?.isBot) {
     if (!policyConfig?.replyToBuddy) {
@@ -347,82 +365,22 @@ function evaluateShadowMessagePreflight(params) {
       reason: `[msg] Policy blocks reply for channel ${message.channelId}, skipping (${message.id})`
     };
   }
-  let wasMentionedExplicitly = false;
-  if (policy?.mentionOnly) {
-    const mentionRegex = new RegExp(`@${escapeRegex(botUsername)}(?:\\s|$)`, "i");
-    wasMentionedExplicitly = mentionTargetsBot({ mentions: structuredMentions, botUserId, botUsername }) || mentionRegex.test(message.content);
-    if (!wasMentionedExplicitly) {
-      return {
-        ok: false,
-        reason: `[msg] mentionOnly policy \u2014 no @${botUsername} mention found, skipping (${message.id})`
-      };
-    }
-    runtime.log?.(
-      `[msg] mentionOnly policy \u2014 @${botUsername} mentioned, processing (${message.id})`
-    );
-  }
-  if (policyConfig?.replyToUsers?.length) {
-    const allowedUsers = policyConfig.replyToUsers.map((u) => u.toLowerCase());
-    const senderUser = (message.author?.username ?? "").toLowerCase();
-    if (!allowedUsers.includes(senderUser)) {
-      return {
-        ok: false,
-        reason: `[msg] replyToUsers policy \u2014 sender "${senderUser}" not in allowed list, skipping (${message.id})`
-      };
-    }
-  }
-  if (policyConfig?.keywords?.length) {
-    const lowerContent = message.content.toLowerCase();
-    const matched = policyConfig.keywords.some((kw) => lowerContent.includes(kw.toLowerCase()));
-    if (!matched) {
-      return {
-        ok: false,
-        reason: `[msg] keywords policy \u2014 no matching keyword found, skipping (${message.id})`
-      };
-    }
-    runtime.log?.(`[msg] keywords policy \u2014 keyword matched, processing (${message.id})`);
+  const triggerUserIds = normalizeTriggerUserIds(policyConfig);
+  if (triggerUserIds && !triggerUserIds.includes(message.authorId)) {
+    return {
+      ok: false,
+      reason: `[msg] Sender ${senderLabel} is not the Buddy owner or active tenant, skipping (${message.id})`
+    };
   }
-  const smartReplyEnabled = policyConfig?.smartReply !== false;
-  if (smartReplyEnabled && !isProcessingBuddyMessage && !wasMentionedExplicitly) {
-    const mentionPattern = /@([a-zA-Z0-9_\-\u4e00-\u9fa5]+)/g;
-    const userMentions = structuredMentions.filter(
-      (mention) => mention.kind === "user" || mention.kind === "buddy"
-    );
-    const allMentions = structuredMentions.length > 0 ? [] : message.content.match(mentionPattern) || [];
-    const structuredSelfMentioned = mentionTargetsBot({
-      mentions: userMentions,
-      botUserId,
-      botUsername
-    });
-    if (userMentions.length > 0 && !structuredSelfMentioned) {
-      return {
-        ok: false,
-        reason: `[msg] Smart reply: message mentions other users but not @${botUsername}, skipping (${message.id})`
-      };
-    }
-    const mentionsWithoutSelf = userMentions.length > 0 ? [] : allMentions.filter((m) => {
-      const mentionedUser = m.slice(1).toLowerCase();
-      return mentionedUser !== botUsername.toLowerCase();
-    });
-    if (userMentions.length === 0 && allMentions.length > 0 && mentionsWithoutSelf.length === allMentions.length) {
-      return {
-        ok: false,
-        reason: `[msg] Smart reply: message @mentions others (${allMentions.join(", ")}) but not @${botUsername}, skipping (${message.id})`
-      };
-    }
-    const replyToData = message.replyTo;
-    if (replyToData?.authorId && replyToData.authorId !== botUserId) {
-      const selfMentioned = allMentions.some((m) => {
-        const mentionedUser = m.slice(1).toLowerCase();
-        return mentionedUser === botUsername.toLowerCase();
-      }) || structuredSelfMentioned;
-      if (!selfMentioned) {
-        return {
-          ok: false,
-          reason: `[msg] Smart reply: message is a reply to another user (${replyToData.authorId}), not this Buddy, skipping (${message.id})`
-        };
-      }
-    }
+  const structuredMentions = getShadowMessageMentions(message);
+  const escapedBotUsername = botUsername.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const mentionRegex = new RegExp(`@${escapedBotUsername}(?:\\s|$)`, "i");
+  const wasMentionedExplicitly = mentionTargetsBot({ mentions: structuredMentions, botUserId, botUsername }) || mentionsTargetServerApp(structuredMentions) || mentionRegex.test(message.content);
+  if (policy?.mentionOnly && !wasMentionedExplicitly) {
+    return {
+      ok: false,
+      reason: `[msg] Policy requires mention for channel ${message.channelId}, skipping (${message.id})`
+    };
   }
   return {
     ok: true,
@@ -602,6 +560,7 @@ function resolveSessionStore(cfg) {
 // src/monitor/slash-commands.ts
 import fsPromises2 from "fs/promises";
 var SLASH_COMMAND_RE = /^\/([a-zA-Z][a-zA-Z0-9._-]{0,63})(?:\s+([\s\S]*))?$/;
+var DEFAULT_SLASH_COMMANDS_PATH = "/etc/shadowob/slash-commands.json";
 function normalizeSlashCommandName(value) {
   if (typeof value !== "string") return null;
   const name = value.trim().replace(/^\/+/, "");
@@ -700,6 +659,7 @@ function normalizeShadowSlashCommands(input) {
       )
     ].filter((alias) => alias.toLowerCase() !== key) : void 0;
     const interaction = normalizeSlashInteraction(record.interaction);
+    const dispatch = readString(record.dispatch, 40);
     commands.push({
       name,
       ...typeof record.description === "string" && record.description.trim() ? { description: record.description.trim().slice(0, 240) } : {},
@@ -707,16 +667,24 @@ function normalizeShadowSlashCommands(input) {
       ...typeof record.packId === "string" && record.packId.trim() ? { packId: record.packId.trim().slice(0, 80) } : {},
       ...typeof record.sourcePath === "string" && record.sourcePath.trim() ? { sourcePath: record.sourcePath.trim().slice(0, 500) } : {},
       ...typeof record.body === "string" && record.body.trim() ? { body: record.body.trim().slice(0, 2e4) } : {},
+      ...dispatch === "agent" || dispatch === "passthrough" ? { dispatch } : {},
       ...interaction ? { interaction } : {}
     });
   }
   return commands.slice(0, 200);
 }
 function toPublicSlashCommands(commands) {
-  return commands.map(({ body: _body, ...command }) => command);
+  return commands.map(({ body: _body, dispatch: _dispatch, ...command }) => command);
 }
-async function loadLocalSlashCommands(runtime) {
-  const indexPath = process.env.SHADOW_SLASH_COMMANDS_PATH;
+async function fileExists(path) {
+  try {
+    await fsPromises2.access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function loadSlashCommandFile(indexPath, runtime) {
   if (!indexPath) return [];
   try {
     const raw = await fsPromises2.readFile(indexPath, "utf-8");
@@ -728,6 +696,73 @@ async function loadLocalSlashCommands(runtime) {
     return [];
   }
 }
+function logDuplicateSlashCommands(sources, runtime) {
+  const owners = /* @__PURE__ */ new Map();
+  for (const source of sources) {
+    for (const command of source.commands) {
+      const key = command.name.toLowerCase();
+      const existingPath = owners.get(key);
+      if (existingPath) {
+        runtime.log?.(
+          `[slash] Ignoring duplicate command /${command.name} from ${source.path}; already defined by ${existingPath}`
+        );
+        continue;
+      }
+      owners.set(key, source.path);
+    }
+  }
+}
+async function runtimeExtensionSlashCommandPaths(runtime) {
+  const candidates = [
+    process.env.SHADOW_RUNTIME_EXTENSIONS_PATH,
+    process.env.OPENCLAW_RUNTIME_EXTENSIONS_PATH,
+    "/etc/shadowob/runtime-extensions.json",
+    "/etc/openclaw/runtime-extensions.json"
+  ].filter((path) => Boolean(path));
+  const paths = [];
+  for (const manifestPath of [...new Set(candidates)]) {
+    if (!await fileExists(manifestPath)) continue;
+    try {
+      const raw = await fsPromises2.readFile(manifestPath, "utf-8");
+      const manifest = JSON.parse(raw);
+      const artifacts = Array.isArray(manifest.artifacts) ? manifest.artifacts : [];
+      for (const artifact of artifacts) {
+        if (!artifact || typeof artifact !== "object" || Array.isArray(artifact)) continue;
+        const record = artifact;
+        if (record.kind === "shadow.slashCommands" && typeof record.path === "string") {
+          paths.push(record.path);
+        }
+      }
+    } catch (err) {
+      runtime.error?.(`[slash] Failed to read runtime extensions ${manifestPath}: ${String(err)}`);
+    }
+  }
+  return paths;
+}
+async function loadShadowSlashCommands(runtime) {
+  const defaultIndexPath = process.env.SHADOW_DEFAULT_SLASH_COMMANDS_PATH || DEFAULT_SLASH_COMMANDS_PATH;
+  const paths = [
+    defaultIndexPath,
+    process.env.SHADOW_SLASH_COMMANDS_PATH,
+    ...await runtimeExtensionSlashCommandPaths(runtime)
+  ].filter((path) => Boolean(path));
+  const seenPaths = [...new Set(paths)];
+  const existingPaths = (await Promise.all(seenPaths.map(async (path) => await fileExists(path) ? path : null))).filter((path) => Boolean(path));
+  const sources = await Promise.all(
+    existingPaths.map(async (path) => ({
+      path,
+      commands: await loadSlashCommandFile(path, runtime)
+    }))
+  );
+  logDuplicateSlashCommands(sources, runtime);
+  const merged = normalizeShadowSlashCommands(sources.flatMap((source) => source.commands));
+  if (existingPaths.length > 1) {
+    runtime.log?.(
+      `[slash] Merged ${merged.length} slash command(s) from ${existingPaths.length} source(s)`
+    );
+  }
+  return merged;
+}
 async function registerAgentSlashCommands(params) {
   const baseUrl = params.account.serverUrl.replace(/\/api\/?$/, "").replace(/\/$/, "");
   const response = await fetch(`${baseUrl}/api/agents/${params.agentId}/slash-commands`, {
@@ -1148,6 +1183,66 @@ function buildChannelContextForAgent(info, channelId) {
     `Shadow channel id: ${channelId}`
   ].join("\n");
 }
+function normalizeStringList(value) {
+  if (!Array.isArray(value)) return [];
+  return value.filter((item) => typeof item === "string" && item.trim().length > 0);
+}
+function isSenderCommandAuthorized(policyConfig, senderId) {
+  const triggerUserIds = normalizeStringList(
+    policyConfig?.allowedTriggerUserIds ?? policyConfig?.triggerUserIds
+  );
+  if (triggerUserIds.length > 0) return triggerUserIds.includes(senderId);
+  const ownerId = typeof policyConfig?.ownerId === "string" ? policyConfig.ownerId.trim() : "";
+  if (ownerId && ownerId === senderId) return true;
+  const activeTenantIds = normalizeStringList(policyConfig?.activeTenantIds);
+  return activeTenantIds.includes(senderId);
+}
+function resolveOwnerAllowFrom(policyConfig) {
+  const ownerId = typeof policyConfig?.ownerId === "string" ? policyConfig.ownerId.trim() : "";
+  return ownerId ? [ownerId] : void 0;
+}
+async function buildMentionedServerAppSkillsContext(params) {
+  const appRefs = /* @__PURE__ */ new Map();
+  for (const mention of params.mentions) {
+    if (mention.kind !== "app") continue;
+    const appKey = mention.appKey ?? mention.targetId;
+    const server = mention.serverId ?? mention.serverSlug ?? params.serverInfo?.serverId;
+    if (!appKey || !server) continue;
+    appRefs.set(`${server}:${appKey}`, {
+      appKey,
+      server,
+      label: mention.label || mention.sourceToken || mention.token || appKey
+    });
+  }
+  if (appRefs.size === 0) return "";
+  const documents = await Promise.all(
+    Array.from(appRefs.values()).map(async (ref) => {
+      try {
+        const skill = await params.client.getServerAppSkills(ref.server, ref.appKey);
+        return [
+          `## ${ref.label}`,
+          `Server reference: ${ref.server}`,
+          `App key: ${ref.appKey}`,
+          "",
+          skill.markdown
+        ].join("\n");
+      } catch (err) {
+        params.runtime.error?.(
+          `[server-app] Failed loading skills for ${ref.appKey} on ${ref.server}: ${String(err)}`
+        );
+        return "";
+      }
+    })
+  );
+  const loaded = documents.filter(Boolean);
+  if (loaded.length === 0) return "";
+  return [
+    "Injected Shadow Server App Skills:",
+    "These instructions are authoritative for mentioned server apps in this message. Use the Shadow CLI path described below so Shadow can bind identity, app grants, and policy.",
+    "",
+    ...loaded
+  ].join("\n");
+}
 async function processShadowMessage(params) {
   const {
     message,
@@ -1209,6 +1304,7 @@ async function processShadowMessage(params) {
     slashCommands
   });
   const slashCommandMatch = matchShadowSlashCommand(cleanBody, slashCommands);
+  const slashCommandPassThrough = slashCommandMatch?.command.dispatch === "passthrough";
   if (slashCommandMatch) {
     runtime.log?.(
       `[slash] Matched /${slashCommandMatch.invokedName} -> /${slashCommandMatch.command.name}`
@@ -1231,17 +1327,22 @@ async function processShadowMessage(params) {
     });
     return;
   }
-  const baseBodyForAgent = slashCommandMatch ? formatSlashCommandPrompt(cleanBody, slashCommandMatch) : cleanBody;
+  const baseBodyForAgent = slashCommandMatch && !slashCommandPassThrough ? formatSlashCommandPrompt(cleanBody, slashCommandMatch) : cleanBody;
+  const commandBody = slashCommandPassThrough ? cleanBody : slashCommandMatch?.args ?? cleanBody;
+  const ownerAllowFrom = resolveOwnerAllowFrom(preflight.policyConfig);
   const structuredMentions = getShadowMessageMentions(message);
   const mentionContext = formatShadowMentionsForAgent(structuredMentions);
   const serverInfo = channelServerMap.get(channelId);
   const channelLabel = serverInfo ? `#${serverInfo.channelName}` : `channel:${channelId}`;
   const conversationLabel = serverInfo ? `${serverInfo.serverName} ${channelLabel}` : peerId;
-  const messageBodyForAgent = interactiveResponseContext.text ? `${interactiveResponseContext.text}
-
-User message:
-${baseBodyForAgent}` : baseBodyForAgent;
+  const messageBodyForAgent = interactiveResponseContext.text || baseBodyForAgent;
   const client = new ShadowClient2(account.serverUrl, account.token);
+  const serverAppSkillsContext = await buildMentionedServerAppSkillsContext({
+    mentions: structuredMentions,
+    client,
+    serverInfo,
+    runtime
+  });
   const viewerCommerceContext = await buildCommerceViewerContextForAgent({
     account,
     client,
@@ -1252,6 +1353,7 @@ ${baseBodyForAgent}` : baseBodyForAgent;
     buildCommerceContextForAgent(account),
     viewerCommerceContext,
     mentionContext,
+    serverAppSkillsContext,
     messageBodyForAgent
   ].filter(Boolean).join("\n\n");
   const body = core.channel.reply.formatAgentEnvelope({
@@ -1263,12 +1365,15 @@ ${baseBodyForAgent}` : baseBodyForAgent;
   });
   const escapedBotUsername = botUsername.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
   const mentionRegex = new RegExp(`@${escapedBotUsername}(?:\\s|$)`, "i");
-  const wasMentioned = mentionTargetsBot({ mentions: structuredMentions, botUserId, botUsername }) || mentionRegex.test(message.content);
+  const wasMentioned = mentionTargetsBot({ mentions: structuredMentions, botUserId, botUsername }) || mentionsTargetServerApp(structuredMentions) || Boolean(slashCommandMatch) || mentionRegex.test(message.content);
   const ctxPayload = core.channel.reply.finalizeInboundContext({
     Body: body,
     BodyForAgent: bodyForAgent,
     RawBody: rawBody,
-    CommandBody: slashCommandMatch?.args ?? cleanBody,
+    CommandBody: commandBody,
+    BodyForCommands: commandBody,
+    CommandAuthorized: isSenderCommandAuthorized(preflight.policyConfig, senderId),
+    CommandSource: "text",
     From: `shadowob:user:${senderId}`,
     To: `shadowob:channel:${channelId}`,
     SessionKey: route.sessionKey,
@@ -1285,6 +1390,8 @@ ${baseBodyForAgent}` : baseBodyForAgent;
     ...mentionContextFields(structuredMentions),
     OriginatingChannel: "shadowob",
     OriginatingTo: `shadowob:channel:${channelId}`,
+    NativeChannelId: channelId,
+    ...ownerAllowFrom ? { OwnerAllowFrom: ownerAllowFrom } : {},
     ...serverInfo ? {
       ServerId: serverInfo.serverId,
       ServerSlug: serverInfo.serverSlug,
@@ -1428,6 +1535,34 @@ ${baseBodyForAgent}` : baseBodyForAgent;
   }
 }
 
+// src/monitor/message-queue.ts
+function queueKeyForMessage(message) {
+  return `${message.channelId}:${message.threadId ?? ""}`;
+}
+function createShadowMessageProcessingQueue(options) {
+  const queues = /* @__PURE__ */ new Map();
+  return {
+    enqueue(message, source) {
+      const key = queueKeyForMessage(message);
+      const previous = queues.get(key) ?? Promise.resolve();
+      const task = previous.catch(() => void 0).then(() => {
+        if (options.isStopped?.()) {
+          options.onSkipped?.(message, source);
+          return;
+        }
+        return options.process(message, source);
+      }).finally(() => {
+        if (queues.get(key) === task) queues.delete(key);
+      });
+      queues.set(key, task);
+      return task;
+    },
+    pendingKeys() {
+      return [...queues.keys()];
+    }
+  };
+}
+
 // src/runtime.ts
 import { createPluginRuntimeStore } from "openclaw/plugin-sdk/runtime-store";
 var store = createPluginRuntimeStore(
@@ -1534,7 +1669,7 @@ async function monitorShadowProvider(options) {
   } else {
     runtime.log?.(`[config] Resolved agentId: ${agentId}`);
   }
-  const slashCommands = await loadLocalSlashCommands(runtime);
+  const slashCommands = await loadShadowSlashCommands(runtime);
   if (agentId) {
     try {
       await runShadowApiOperation(
@@ -1554,6 +1689,23 @@ async function monitorShadowProvider(options) {
   const messageWatermarks = await loadMessageWatermarks(accountId);
   const processedMessageIds = /* @__PURE__ */ new Set();
   const catchupInFlight = /* @__PURE__ */ new Map();
+  const buildAccessPolicyConfig = (config2) => {
+    const activeTenantIds = config2?.activeTenantIds ?? [];
+    const allowedTriggerUserIds = config2?.allowedTriggerUserIds ?? [config2?.ownerId, ...activeTenantIds].filter((id) => Boolean(id));
+    return {
+      allowedTriggerUserIds,
+      triggerUserIds: allowedTriggerUserIds,
+      ownerId: config2?.ownerId,
+      activeTenantIds,
+      replyRequiresMention: false
+    };
+  };
+  const buildDefaultAccessPolicy = (config2) => ({
+    listen: true,
+    reply: true,
+    mentionOnly: false,
+    config: buildAccessPolicyConfig(config2)
+  });
   const rememberProcessedMessage = (messageId) => {
     processedMessageIds.add(messageId);
     if (processedMessageIds.size > MAX_TRACKED_MESSAGE_IDS) {
@@ -1669,12 +1821,7 @@ async function monitorShadowProvider(options) {
     for (const ch of directChannels) {
       if (!allChannelIds.includes(ch.id)) allChannelIds.push(ch.id);
       if (!channelPolicies.has(ch.id)) {
-        channelPolicies.set(ch.id, {
-          listen: true,
-          reply: true,
-          mentionOnly: false,
-          config: {}
-        });
+        channelPolicies.set(ch.id, buildDefaultAccessPolicy(remoteConfig));
       }
     }
     runtime.log?.(`[config] Monitoring ${directChannels.length} direct channel(s)`);
@@ -1735,6 +1882,13 @@ async function monitorShadowProvider(options) {
       );
     }
   };
+  const messageQueue = createShadowMessageProcessingQueue({
+    process: processChannelMessageWithRetry,
+    isStopped: () => stopped,
+    onSkipped: (message, source) => {
+      runtime.log?.(`[${source}] Monitor stopped, skipping queued message ${message.id}`);
+    }
+  });
   const catchUpChannel = async (channelId, reason) => {
     try {
       const result = await client.getMessages(channelId, 50);
@@ -1759,7 +1913,7 @@ async function monitorShadowProvider(options) {
       }
       for (const message of candidates) {
         rememberProcessedMessage(message.id);
-        await processChannelMessageWithRetry(message, "catchup");
+        await messageQueue.enqueue(message, "catchup");
       }
     } catch (err) {
       runtime.error?.(`[catchup] Failed for channel ${channelId}: ${String(err)}`);
@@ -1865,25 +2019,78 @@ async function monitorShadowProvider(options) {
     "agent:policy-changed",
     (data) => {
       if (data.agentId !== agentId) return;
-      if (!data.channelId) return;
-      const mentionOnly = data.mentionOnly ?? false;
+      if (!data.channelId) {
+        void (async () => {
+          try {
+            const updatedConfig = await runShadowApiOperation(
+              "refresh remote config after access policy change",
+              () => client.getAgentConfig(agentId),
+              { runtime, abortSignal }
+            );
+            remoteConfig = updatedConfig;
+            const remoteChannelIds = /* @__PURE__ */ new Set();
+            const accessConfig2 = buildAccessPolicyConfig(updatedConfig);
+            for (const server of updatedConfig.servers) {
+              for (const ch of server.channels) {
+                remoteChannelIds.add(ch.id);
+                channelServerMap.set(ch.id, {
+                  serverId: server.id,
+                  serverSlug: server.slug ?? server.id,
+                  serverName: server.name,
+                  channelName: ch.name
+                });
+                channelPolicies.set(ch.id, {
+                  ...ch.policy,
+                  config: { ...ch.policy.config, ...accessConfig2 }
+                });
+                if (!allChannelIds.includes(ch.id)) {
+                  allChannelIds.push(ch.id);
+                  void socket.joinChannel(ch.id);
+                }
+              }
+            }
+            for (const [channelId] of channelServerMap) {
+              if (remoteChannelIds.has(channelId)) continue;
+              channelServerMap.delete(channelId);
+              channelPolicies.delete(channelId);
+              const idx = allChannelIds.indexOf(channelId);
+              if (idx !== -1) allChannelIds.splice(idx, 1);
+              socket.leaveChannel(channelId);
+            }
+            for (const [channelId, existing2] of channelPolicies) {
+              if (channelServerMap.has(channelId)) continue;
+              channelPolicies.set(channelId, {
+                ...existing2,
+                config: { ...existing2.config, ...accessConfig2 }
+              });
+            }
+            runtime.log?.("[config] Refreshed Buddy owner/tenant access policy");
+          } catch (err) {
+            runtime.error?.(`[config] Failed to refresh access policy: ${String(err)}`);
+          }
+        })();
+        return;
+      }
+      const existing = channelPolicies.get(data.channelId);
+      const mentionOnly = data.mentionOnly ?? existing?.mentionOnly ?? false;
+      const reply = data.reply ?? existing?.reply ?? true;
+      const accessConfig = buildAccessPolicyConfig(remoteConfig);
       runtime.log?.(
-        `[ws] Received agent:policy-changed for channel ${data.channelId}: mentionOnly=${mentionOnly}, reply=${data.reply}, config=${JSON.stringify(data.config ?? {})}`
+        `[ws] Received agent:policy-changed for channel ${data.channelId}: mentionOnly=${mentionOnly}, reply=${reply}, config=${JSON.stringify(data.config ?? {})}`
       );
-      const existing = channelPolicies.get(data.channelId);
       if (existing) {
         channelPolicies.set(data.channelId, {
           ...existing,
           mentionOnly,
-          reply: data.reply ?? existing.reply,
-          config: data.config ?? existing.config
+          reply,
+          config: { ...existing.config, ...accessConfig, ...data.config ?? {} }
         });
       } else {
         channelPolicies.set(data.channelId, {
           listen: true,
-          reply: data.reply ?? true,
+          reply,
           mentionOnly,
-          config: data.config ?? {}
+          config: { ...accessConfig, ...data.config ?? {} }
         });
       }
     }
@@ -1934,12 +2141,12 @@ async function monitorShadowProvider(options) {
       if (!refreshed) {
         await resolveChannelContext(data.channelId, "member-added");
       }
-      if (!refreshed && !channelPolicies.has(data.channelId)) {
+      if (!channelPolicies.has(data.channelId)) {
         const defaultPolicy = {
           listen: true,
           reply: true,
           mentionOnly: false,
-          config: {}
+          config: buildAccessPolicyConfig(remoteConfig)
         };
         channelPolicies.set(data.channelId, defaultPolicy);
       }
@@ -1983,7 +2190,7 @@ async function monitorShadowProvider(options) {
       runtime.log?.(`[ws] Message from unmonitored channel ${message.channelId}, ignoring`);
       return;
     }
-    void processChannelMessageWithRetry(message, "ws");
+    void messageQueue.enqueue(message, "ws");
   });
   socket.connect();
   const stop = () => {

package/dist/index.js

@@ -15,7 +15,7 @@ import {
   resolveOutboundMentions,
   setShadowRuntime,
   tryGetShadowRuntime
-} from "./chunk-PEV3R2R7.js";
+} from "./chunk-4G572ZLC.js";
 
 // index.ts
 import { defineChannelPluginEntry } from "openclaw/plugin-sdk/core";
@@ -808,6 +808,7 @@ var shadowAgentPromptHints = [
   "- When a Shadow user asks for buttons, choices, a select menu, a form, or approval, prefer sending a Shadow interactive dialog instead of plain text options.",
   "- ShadowOwnBuddy enables inline buttons, forms, and file uploads for Shadow channels by default. Do not tell the user that `shadowob.capabilities.inlineButtons` or file sending is unavailable; use the message tool instead.",
   '- Shadow interactive dialogs use the shared message tool with `action: "send"` plus `target`, `message`, `kind`, `prompt`, and shape fields. `message` is required by the shared tool; set `message` and `prompt` to the same user-visible text unless there is a specific reason not to. Supported `kind` values are `buttons`, `select`, `form`, and `approval`; Shadow stores these as `metadata.interactive` so the user can answer in-channel.',
+  "- When your next action is a Shadow interactive dialog, put the full user-visible prompt in that dialog and do not also send a separate ordinary reply in the same turn. This prevents duplicate form-plus-commentary messages.",
   '- Example buttons dialog: `action: "send"`, `target: "shadowob:channel:<ChannelId>"`, `message: "Choose the next step"`, `kind: "buttons"`, `prompt: "Choose the next step"`, `buttons: [{"id":"icp","label":"ICP / JTBD","value":"icp"}]`.',
   '- Example form dialog: `action: "send"`, `target: "shadowob:channel:<ChannelId>"`, `message: "Fill the decision inputs"`, `kind: "form"`, `fields: [{"id":"decision","label":"Decision","kind":"textarea","required":true}]`.',
   '- When Shadow context includes CommerceOfferIds and the user is interested in buying, viewing pricing, or receiving a product card, call the shared message tool yourself: `action: "send"`, `target: "shadowob:channel:<ChannelId>"`, `message: "A natural sales message"`, `commerceOfferId: "<CommerceOfferId>"`. Plain final text will not attach a product card.',
@@ -959,7 +960,7 @@ shadowPlugin.gateway = {
       lastError: null
     });
     ctx.log?.info(`Starting Shadow connection for account ${accountId}`);
-    const { monitorShadowProvider: monitorShadowProvider2 } = await import("./monitor-AE3LRQYD.js");
+    const { monitorShadowProvider: monitorShadowProvider2 } = await import("./monitor-XDUBTELB.js");
     await monitorShadowProvider2({
       account,
       accountId,

package/dist/{monitor-AE3LRQYD.js → monitor-XDUBTELB.js}

@@ -5,7 +5,7 @@ import {
   normalizeShadowSlashCommands,
   resolveShadowAgentIdFromConfig,
   shouldCatchUpShadowMessage
-} from "./chunk-PEV3R2R7.js";
+} from "./chunk-4G572ZLC.js";
 export {
   formatSlashCommandPrompt,
   matchShadowSlashCommand,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shadowob/openclaw-shadowob",
-  "version": "1.1.3",
+  "version": "1.1.5",
   "description": "OpenClaw Shadow channel plugin — enables AI agents to interact in Shadow server channels",
   "type": "module",
   "main": "./dist/index.js",
@@ -58,7 +58,7 @@
   "dependencies": {
     "zod": "^3.25.67",
     "openclaw": "^2026.5.7",
-    "@shadowob/sdk": "1.1.3"
+    "@shadowob/sdk": "1.1.5"
   },
   "devDependencies": {
     "@types/node": "^22.15.21",

package/skills/shadowob/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: shadowob
-description: "Shadow server CLI — complete command-line interface for Shadow servers including servers, channels, DMs, workspace, shop, apps, agents, marketplace, OAuth, and more"
+description: "Use when live Shadow context or actions are needed: channel/DM history, pins, members, server/channel/workspace/shop/app/agent data, or sending/managing Shadow content via the shadowob CLI."
 metadata:
   {
     "openclaw":
@@ -17,6 +17,10 @@ allowed-tools: ["exec"]
 
 Use `shadowob` CLI to interact with Shadow servers.
 
+Activate this skill when you need current Shadow context, such as recent channel or DM history,
+pinned messages, member/server/channel state, workspace/shop/app/agent data, or when you need to
+send or manage Shadow content. Prefer narrow `--json` reads before acting.
+
 ## Quickstart
 
 ```bash
@@ -66,11 +70,6 @@ shadowob servers leave <server-id>
 # Members
 shadowob servers members <server-id> --json
 
-# Homepage
-shadowob servers homepage <server-id>
-shadowob servers homepage <server-id> --set <file.html>
-shadowob servers homepage <server-id> --clear
-
 # Discover public servers
 shadowob servers discover --json
 ```
@@ -179,28 +178,49 @@ shadowob workspace stats <server-id> --json
 shadowob workspace children <server-id> [--parent-id <id>] --json
 
 # Files
-shadowob workspace files get <file-id> --json
-shadowob workspace files create <server-id> --name <name> [--content <text>] [--parent-id <id>] --json
-shadowob workspace files update <file-id> [--name <name>] [--content <text>] --json
-shadowob workspace files delete <file-id>
+shadowob workspace files get <server-id> <file-id> --json
 shadowob workspace files upload <server-id> --file <path> [--name <name>] [--parent-id <id>] --json
-shadowob workspace files download <file-id> [--output <path>]
+shadowob workspace files update <server-id> <file-id> [--name <name>] [--parent-id <id>] --json
+shadowob workspace files delete <server-id> <file-id>
+shadowob workspace files search <server-id> [--search-text <text>] [--ext <ext>] [--parent-id <id>] --json
+# Note: files download is not yet implemented in CLI; download via contentRef URL instead.
 
 # Folders
 shadowob workspace folders create <server-id> --name <name> [--parent-id <id>] --json
-shadowob workspace folders update <folder-id> --name <name> --json
-shadowob workspace folders delete <folder-id>
+shadowob workspace folders update <server-id> <folder-id> [--name <name>] [--parent-id <id>] --json
+shadowob workspace folders delete <server-id> <folder-id>
 ```
 
+### Workspace Node Metadata
+
+Each workspace node has a `flags` JSONB field with optional metadata:
+
+- **Access control**: `flags.access = { scope: "server" | "channel", serverId, channelId? }`. All nodes have at least `scope: "server"` + `serverId`. Channel-scoped nodes require channel membership for access.
+- **Traceability**: `flags.source = "channel_message_attachment"` with `channelId` and `messageId` for files uploaded via channel messages, enabling reverse lookup to the originating message.
+- **Path is server-computed**: `path` is derived from parent path + name, maintained server-side. Do not set path manually — it is auto-updated on rename/move.
+
 ## Shop
 
 ```bash
 # Shop info
 shadowob shop get <server-id> --json
+shadowob shop get-by-id <shop-id> --json
+shadowob shop me get --json
 
 # Products
-shadowob shop products list <server-id> --json
+shadowob shop products list <server-id> [--status active] [--keyword <text>] [--limit <n>] --json
+shadowob shop products list-by-shop <shop-id> [--status active] [--limit <n>] --json
 shadowob shop products get <server-id> <product-id> --json
+shadowob shop products context <product-id> --json
+shadowob shop products purchase <shop-id> <product-id> --idempotency-key <unique-operation-id> --json
+
+# Offers, deliverables, and shop assets
+shadowob shop offers list <shop-id> --json
+shadowob shop offers create <shop-id> --data '<offer-json>' --json
+shadowob shop offers deliverables create <shop-id> <offer-id> --data '<deliverable-json>' --json
+shadowob shop assets list <shop-id> --json
+shadowob shop assets create <shop-id> --data '<asset-definition-json>' --json
+shadowob shop entitlements list <shop-id> --json
 
 # Cart
 shadowob shop cart list <server-id> --json
@@ -213,10 +233,64 @@ shadowob shop orders get <server-id> <order-id> --json
 shadowob shop wallet balance --json
 ```
 
+## Commerce
+
+```bash
+# Product and offer buyer context
+shadowob commerce products context <product-id> --json
+shadowob commerce offers preview <offer-id> --json
+shadowob commerce offers purchase <offer-id> --idempotency-key <unique-operation-id> --json
+
+# Chat commerce cards
+shadowob commerce cards list --channel-id <channel-id> [--keyword <text>] --json
+shadowob commerce cards purchase <message-id> <card-id> --idempotency-key <unique-operation-id> --json
+
+# Purchases, delivery, protected files, and community assets
+shadowob commerce entitlements list [--server-id <server-id>] --json
+shadowob commerce entitlements get <entitlement-id> --json
+shadowob commerce entitlements verify <entitlement-id> --json
+shadowob commerce paid-files open <file-id> --json
+shadowob commerce assets list --json
+shadowob commerce assets consume <grant-id> --idempotency-key <unique-operation-id> --json
+
+# Seller income and support actions
+shadowob commerce settlements list --json
+shadowob commerce settlements settle --json
+shadowob commerce tips send --recipient-user-id <user-id> --amount <shrimp> [--message <text>] --json
+shadowob commerce gifts send --recipient-user-id <user-id> --assets '<json-array>' --json
+```
+
+## Commerce Validation Notes
+
+- Use the CLI for setup, inspection, and automation, but validate commerce user stories in the
+  browser before calling them complete.
+- Do not add seed code to populate commerce surfaces. Create ordinary local/test records through
+  browser flows or explicit setup calls.
+- When inspecting a commerce flow, preserve ids for the handoff: product, offer, order,
+  entitlement, shop, server, Buddy, and workspace file where applicable.
+- External app entitlement automation must use Shadow OAuth commerce APIs and remain scoped to the
+  app's own `external_app` resource namespace.
+
 ## Apps
 
 ```bash
-# List apps
+# Server App integrations
+shadowob app list --server <server-id-or-slug> --json
+shadowob app preview --server <server-id-or-slug> --manifest-url <manifest-url> --json
+shadowob app discover --server <server-id-or-slug> --json
+shadowob app inspect <app-key> --server <server-id-or-slug> --json
+shadowob app skills <app-key> --server <server-id-or-slug>
+shadowob app call <app-key> <command> --server <server-id-or-slug> --json-input '<raw-command-input-json>' --json
+```
+
+For server App commands, use the `shadowob app` CLI path only. Do not use curl, fetch, raw HTTP
+routes, or the JavaScript SDK to call server App commands. Pass the command input object directly
+to `--json-input`, for example `{"title":"Example","priority":"high"}`; the CLI wraps the HTTP
+request for you and binds Shadow OAuth identity, server membership, App grants, and command policy.
+When a channel message mentions a server App, use the mentioned app key/server id directly.
+
+```bash
+# Legacy workspace apps
 shadowob apps list <server-id> --json
 
 # Get app
@@ -302,6 +376,10 @@ shadowob oauth consents --json
 
 # Revoke consent for an app
 shadowob oauth revoke <app-id>
+
+# External app commerce entitlement checks use OAuth access tokens, not user JWTs
+shadowob oauth commerce check --access-token <oauth-access-token> --resource-id <app-id>:premium --json
+shadowob oauth commerce redeem --access-token <oauth-access-token> --resource-id <app-id>:premium --idempotency-key <provider-operation-id> --json
 ```
 
 ## Marketplace