@syengup/friday-channel-next 0.1.23 → 0.1.24

package/dist/src/channel-actions.js

@@ -2,7 +2,7 @@ import crypto from "node:crypto";
 import fs from "node:fs";
 import { sseEmitter } from "./sse/emitter.js";
 import { guessMimeType } from "./http/handlers/files.js";
-import { downloadRemoteMedia, isHttpUrl } from "./media-fetch.js";
+import { decodeBase64Media, downloadRemoteMedia, isHttpUrl } from "./media-fetch.js";
 import { getRunRoute } from "./run-metadata.js";
 import { resolveHistorySessionKeyForFridayDevice } from "./friday-session.js";
 const DISCOVERY = {
@@ -49,6 +49,9 @@ async function handleSend(ctx) {
     const to = pickString(ctx.params, ["to", "target"]).toUpperCase();
     const text = pickString(ctx.params, ["message", "text", "content"]);
     const mediaPath = pickString(ctx.params, ["media", "url", "path", "filePath", "fileUrl"]);
+    const inlineBase64 = pickString(ctx.params, ["buffer", "base64", "data"]);
+    const mediaMimeHint = pickString(ctx.params, ["mimeType", "contentType"]);
+    const filename = pickString(ctx.params, ["filename", "name"]);
     const caption = pickString(ctx.params, ["caption"]);
     if (!to) {
         return { ok: false, error: "Missing required param: to" };
@@ -75,29 +78,38 @@ async function handleSend(ctx) {
             },
         }, to, true);
     }
+    // Resolve media from an inline base64 buffer or a path/url reference. (`attachments[]` arrays are
+    // normalized by the OpenClaw core and arrive via outbound.sendMedia, so they're not handled here.)
+    let media = null;
+    let originalMediaUrl = "";
+    if (inlineBase64) {
+        media = decodeBase64Media(inlineBase64, mediaMimeHint || (filename ? guessMimeType(filename) : ""));
+        originalMediaUrl = filename || "inline-buffer";
+    }
+    else if (mediaPath) {
+        media = await readMediaFile(mediaPath, ctx);
+        originalMediaUrl = mediaPath;
+    }
     // Send media via SSE outbound
-    if (mediaPath) {
-        const result = await readMediaFile(mediaPath, ctx);
-        if (result) {
-            const { saveMediaBuffer } = await import("openclaw/plugin-sdk/media-store");
-            const saved = await saveMediaBuffer(result.buffer, result.mimeType, "inbound");
-            if (saved.id) {
-                const publicUrl = `/friday-next/files/${encodeURIComponent(saved.id)}`;
-                sseEmitter.broadcast({
-                    type: "outbound",
-                    data: {
-                        op: "media",
-                        ts: Date.now(),
-                        runId,
-                        deviceId: to,
-                        sessionKey,
-                        audioAsVoice: false,
-                        caption: caption || text,
-                        mediaUrl: publicUrl,
-                        ctx: { to, text: caption || text, originalMediaUrl: mediaPath },
-                    },
-                }, to, true);
-            }
+    if (media) {
+        const { saveMediaBuffer } = await import("openclaw/plugin-sdk/media-store");
+        const saved = await saveMediaBuffer(media.buffer, media.mimeType, "inbound");
+        if (saved.id) {
+            const publicUrl = `/friday-next/files/${encodeURIComponent(saved.id)}`;
+            sseEmitter.broadcast({
+                type: "outbound",
+                data: {
+                    op: "media",
+                    ts: Date.now(),
+                    runId,
+                    deviceId: to,
+                    sessionKey,
+                    audioAsVoice: false,
+                    caption: caption || text,
+                    mediaUrl: publicUrl,
+                    ctx: { to, text: caption || text, originalMediaUrl },
+                },
+            }, to, true);
         }
     }
     return { ok: true, runId, to };

package/dist/src/media-fetch.d.ts

@@ -1,4 +1,17 @@
 export declare function isHttpUrl(value: string): boolean;
+/**
+ * Decode an inline base64 attachment (the `message` tool's `buffer` param). Accepts both a bare
+ * base64 string and a `data:<mime>;base64,...` data URL.
+ *
+ * The charset guard rejects local paths / http URLs (which contain `:`/`.`), so callers can pass a
+ * possibly-misused value safely — those fall through to the path/url resolver instead of being
+ * decoded into garbage bytes. Like remote downloads, the mime is only a hint; `saveMediaBuffer`
+ * re-detects the real type from magic bytes.
+ */
+export declare function decodeBase64Media(raw: string, mimeHint?: string): {
+    buffer: Buffer;
+    mimeType: string;
+} | null;
 /**
  * Download an http/https URL into a buffer. Returns null on any failure (non-2xx, oversize, timeout,
  * network error) so callers degrade to text-only rather than throwing.

package/dist/src/media-fetch.js

@@ -13,6 +13,39 @@ const REMOTE_MEDIA_TIMEOUT_MS = 20_000;
 export function isHttpUrl(value) {
     return /^https?:\/\//i.test(value.trim());
 }
+const DATA_URL_PREFIX_RE = /^data:([^;,]+)?(;base64)?,/i;
+/**
+ * Decode an inline base64 attachment (the `message` tool's `buffer` param). Accepts both a bare
+ * base64 string and a `data:<mime>;base64,...` data URL.
+ *
+ * The charset guard rejects local paths / http URLs (which contain `:`/`.`), so callers can pass a
+ * possibly-misused value safely — those fall through to the path/url resolver instead of being
+ * decoded into garbage bytes. Like remote downloads, the mime is only a hint; `saveMediaBuffer`
+ * re-detects the real type from magic bytes.
+ */
+export function decodeBase64Media(raw, mimeHint) {
+    let body = raw.trim();
+    let dataUrlMime = "";
+    const match = body.match(DATA_URL_PREFIX_RE);
+    if (match) {
+        dataUrlMime = (match[1] ?? "").trim().toLowerCase();
+        body = body.slice(match[0].length);
+    }
+    body = body.replace(/\s+/g, "");
+    if (!body || !/^[A-Za-z0-9+/]+={0,2}$/.test(body))
+        return null;
+    let buffer;
+    try {
+        buffer = Buffer.from(body, "base64");
+    }
+    catch {
+        return null;
+    }
+    if (!buffer.length)
+        return null;
+    const mimeType = mimeHint?.trim().toLowerCase() || dataUrlMime || "application/octet-stream";
+    return { buffer, mimeType };
+}
 /**
  * Download an http/https URL into a buffer. Returns null on any failure (non-2xx, oversize, timeout,
  * network error) so callers degrade to text-only rather than throwing.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@syengup/friday-channel-next",
-  "version": "0.1.23",
+  "version": "0.1.24",
   "description": "OpenClaw Friday Next Apple channel plugin",
   "license": "MIT",
   "type": "module",
@@ -12,6 +12,15 @@
     "tsconfig.json",
     "openclaw.plugin.json"
   ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepublishOnly": "pnpm build && rm -rf dist/attachments",
+    "test": "npm run test:unit && npm run test:e2e",
+    "test:unit": "vitest run",
+    "test:e2e": "vitest run --config vitest.e2e.config.ts",
+    "test:smoke": "node scripts/e2e-smoke.mjs",
+    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
+  },
   "bin": {
     "friday-channel-next": "install.js"
   },
@@ -57,13 +66,5 @@
     "typescript": "^6.0.3",
     "vitest": "^4.1.5",
     "zod": "^4.3.6"
-  },
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "test": "npm run test:unit && npm run test:e2e",
-    "test:unit": "vitest run",
-    "test:e2e": "vitest run --config vitest.e2e.config.ts",
-    "test:smoke": "node scripts/e2e-smoke.mjs",
-    "test:msg-live": "node scripts/message-roundtrip-live.mjs"
   }
-}
+}

package/src/channel-actions.test.ts

@@ -130,6 +130,39 @@ describe("channel-actions handleSend sessionKey routing", () => {
     expect(media?.data.sessionKey).toBe(appSession);
   });
 
+  it("send media via an inline base64 `buffer` param decodes it and emits op:media", async () => {
+    const deviceId = "DEV-ACT-BUF";
+    const runId = "run-act-buf";
+    const appSession = "agent:operator:friday:direct:dev-act-buf:1780561609";
+    registerRunRoute({ runId, deviceId, sessionKey: appSession });
+    sseEmitter.trackDeviceForRun(deviceId, runId);
+    const res = connect(deviceId);
+
+    const jpegBytes = Buffer.from([0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10]);
+
+    const result = await handleMessageAction({
+      action: "send",
+      params: {
+        to: deviceId,
+        message: "base64 图来了",
+        buffer: jpegBytes.toString("base64"),
+        mimeType: "image/jpeg",
+        filename: "test-small.jpg",
+      },
+      sessionKey: "agent:operator:main",
+    });
+
+    expect((result as { ok?: boolean }).ok).toBe(true);
+    const frames = parseOutboundFrames(res);
+    const media = frames.find((f) => f.type === "outbound" && f.data.op === "media");
+    expect(media).toBeTruthy();
+    expect(String(media?.data.mediaUrl)).toMatch(/^\/friday-next\/files\//);
+    expect((media?.data.ctx as { originalMediaUrl?: string })?.originalMediaUrl).toBe(
+      "test-small.jpg",
+    );
+    expect(media?.data.sessionKey).toBe(appSession);
+  });
+
   it("falls back to ctx.sessionKey when the device has no active run-route", async () => {
     const deviceId = "DEV-ACT-2";
     const res = connect(deviceId);

package/src/channel-actions.ts

@@ -2,7 +2,7 @@ import crypto from "node:crypto";
 import fs from "node:fs";
 import { sseEmitter } from "./sse/emitter.js";
 import { guessMimeType } from "./http/handlers/files.js";
-import { downloadRemoteMedia, isHttpUrl } from "./media-fetch.js";
+import { decodeBase64Media, downloadRemoteMedia, isHttpUrl } from "./media-fetch.js";
 import { getRunRoute } from "./run-metadata.js";
 import { resolveHistorySessionKeyForFridayDevice } from "./friday-session.js";
 
@@ -63,6 +63,9 @@ async function handleSend(ctx: MessageActionCtx): Promise<unknown> {
   const to = pickString(ctx.params, ["to", "target"]).toUpperCase();
   const text = pickString(ctx.params, ["message", "text", "content"]);
   const mediaPath = pickString(ctx.params, ["media", "url", "path", "filePath", "fileUrl"]);
+  const inlineBase64 = pickString(ctx.params, ["buffer", "base64", "data"]);
+  const mediaMimeHint = pickString(ctx.params, ["mimeType", "contentType"]);
+  const filename = pickString(ctx.params, ["filename", "name"]);
   const caption = pickString(ctx.params, ["caption"]);
 
   if (!to) {
@@ -98,33 +101,45 @@ async function handleSend(ctx: MessageActionCtx): Promise<unknown> {
     );
   }
 
+  // Resolve media from an inline base64 buffer or a path/url reference. (`attachments[]` arrays are
+  // normalized by the OpenClaw core and arrive via outbound.sendMedia, so they're not handled here.)
+  let media: { buffer: Buffer; mimeType: string } | null = null;
+  let originalMediaUrl = "";
+  if (inlineBase64) {
+    media = decodeBase64Media(
+      inlineBase64,
+      mediaMimeHint || (filename ? guessMimeType(filename) : ""),
+    );
+    originalMediaUrl = filename || "inline-buffer";
+  } else if (mediaPath) {
+    media = await readMediaFile(mediaPath, ctx);
+    originalMediaUrl = mediaPath;
+  }
+
   // Send media via SSE outbound
-  if (mediaPath) {
-    const result = await readMediaFile(mediaPath, ctx);
-    if (result) {
-      const { saveMediaBuffer } = await import("openclaw/plugin-sdk/media-store");
-      const saved = await saveMediaBuffer(result.buffer, result.mimeType, "inbound");
-      if (saved.id) {
-        const publicUrl = `/friday-next/files/${encodeURIComponent(saved.id)}`;
-        sseEmitter.broadcast(
-          {
-            type: "outbound",
-            data: {
-              op: "media",
-              ts: Date.now(),
-              runId,
-              deviceId: to,
-              sessionKey,
-              audioAsVoice: false,
-              caption: caption || text,
-              mediaUrl: publicUrl,
-              ctx: { to, text: caption || text, originalMediaUrl: mediaPath },
-            },
+  if (media) {
+    const { saveMediaBuffer } = await import("openclaw/plugin-sdk/media-store");
+    const saved = await saveMediaBuffer(media.buffer, media.mimeType, "inbound");
+    if (saved.id) {
+      const publicUrl = `/friday-next/files/${encodeURIComponent(saved.id)}`;
+      sseEmitter.broadcast(
+        {
+          type: "outbound",
+          data: {
+            op: "media",
+            ts: Date.now(),
+            runId,
+            deviceId: to,
+            sessionKey,
+            audioAsVoice: false,
+            caption: caption || text,
+            mediaUrl: publicUrl,
+            ctx: { to, text: caption || text, originalMediaUrl },
           },
-          to,
-          true,
-        );
-      }
+        },
+        to,
+        true,
+      );
     }
   }
 

package/src/media-fetch.test.ts

@@ -1,5 +1,5 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { downloadRemoteMedia, isHttpUrl } from "./media-fetch.js";
+import { decodeBase64Media, downloadRemoteMedia, isHttpUrl } from "./media-fetch.js";
 
 describe("isHttpUrl", () => {
   it("matches http/https links, rejects local paths", () => {
@@ -76,3 +76,32 @@ describe("downloadRemoteMedia", () => {
     expect(await downloadRemoteMedia("https://example.com/x.png")).toBeNull();
   });
 });
+
+describe("decodeBase64Media", () => {
+  const jpegBytes = Buffer.from([0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10]);
+
+  it("decodes a bare base64 string with a mime hint", () => {
+    const result = decodeBase64Media(jpegBytes.toString("base64"), "image/jpeg");
+    expect(result?.mimeType).toBe("image/jpeg");
+    expect(result?.buffer.equals(jpegBytes)).toBe(true);
+  });
+
+  it("decodes a data: URL and infers the mime from it", () => {
+    const dataUrl = `data:image/png;base64,${jpegBytes.toString("base64")}`;
+    const result = decodeBase64Media(dataUrl);
+    expect(result?.mimeType).toBe("image/png");
+    expect(result?.buffer.equals(jpegBytes)).toBe(true);
+  });
+
+  it("defaults to octet-stream when no mime is known", () => {
+    expect(decodeBase64Media(jpegBytes.toString("base64"))?.mimeType).toBe(
+      "application/octet-stream",
+    );
+  });
+
+  it("rejects local paths and URLs (not base64)", () => {
+    expect(decodeBase64Media("/tmp/test.jpg")).toBeNull();
+    expect(decodeBase64Media("https://example.com/a.png")).toBeNull();
+    expect(decodeBase64Media("")).toBeNull();
+  });
+});

package/src/media-fetch.ts

@@ -17,6 +17,44 @@ export function isHttpUrl(value: string): boolean {
   return /^https?:\/\//i.test(value.trim());
 }
 
+const DATA_URL_PREFIX_RE = /^data:([^;,]+)?(;base64)?,/i;
+
+/**
+ * Decode an inline base64 attachment (the `message` tool's `buffer` param). Accepts both a bare
+ * base64 string and a `data:<mime>;base64,...` data URL.
+ *
+ * The charset guard rejects local paths / http URLs (which contain `:`/`.`), so callers can pass a
+ * possibly-misused value safely — those fall through to the path/url resolver instead of being
+ * decoded into garbage bytes. Like remote downloads, the mime is only a hint; `saveMediaBuffer`
+ * re-detects the real type from magic bytes.
+ */
+export function decodeBase64Media(
+  raw: string,
+  mimeHint?: string,
+): { buffer: Buffer; mimeType: string } | null {
+  let body = raw.trim();
+  let dataUrlMime = "";
+  const match = body.match(DATA_URL_PREFIX_RE);
+  if (match) {
+    dataUrlMime = (match[1] ?? "").trim().toLowerCase();
+    body = body.slice(match[0].length);
+  }
+  body = body.replace(/\s+/g, "");
+  if (!body || !/^[A-Za-z0-9+/]+={0,2}$/.test(body)) return null;
+
+  let buffer: Buffer;
+  try {
+    buffer = Buffer.from(body, "base64");
+  } catch {
+    return null;
+  }
+  if (!buffer.length) return null;
+
+  const mimeType =
+    mimeHint?.trim().toLowerCase() || dataUrlMime || "application/octet-stream";
+  return { buffer, mimeType };
+}
+
 /**
  * Download an http/https URL into a buffer. Returns null on any failure (non-2xx, oversize, timeout,
  * network error) so callers degrade to text-only rather than throwing.