agent-messenger 2.23.4 → 2.23.6

package/dist/src/platforms/webex/encryption.d.ts

@@ -3,6 +3,18 @@ export interface WebexKeyProvider {
     fetchKey(keyUri: string): Promise<string | null>;
     close?(): Promise<void>;
 }
+export interface WebexScr {
+    enc: 'A256GCM';
+    key: string;
+    iv: string;
+    aad: string;
+    loc?: string;
+    tag: string;
+}
+export interface WebexEncryptedBinary {
+    scr: WebexScr;
+    ciphertext: Uint8Array;
+}
 export declare class WebexEncryptionService {
     private rawKeys;
     private keyCache;
@@ -13,5 +25,7 @@ export declare class WebexEncryptionService {
     getKey(keyUri: string): Promise<jose.JWK.Key | null>;
     encryptText(keyUri: string, plaintext: string): Promise<string | null>;
     decryptText(keyUri: string, ciphertext: string): Promise<string | null>;
+    encryptBinary(plaintext: Uint8Array): WebexEncryptedBinary;
+    encryptScr(keyUri: string, scr: WebexScr): Promise<string | null>;
 }
 //# sourceMappingURL=encryption.d.ts.map

package/dist/src/platforms/webex/encryption.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../../src/platforms/webex/encryption.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAA;AAEjC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAChD,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxB;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,WAAW,CAAgC;gBAEvC,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;IAI/C,cAAc,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAI1C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC;IAqBpD,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBtE,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAW9E"}
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../../src/platforms/webex/encryption.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAA;AAEjC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAChD,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxB;AAID,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,SAAS,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,QAAQ,CAAA;IACb,UAAU,EAAE,UAAU,CAAA;CACvB;AAMD,qBAAa,sBAAsB;IACjC,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,WAAW,CAAgC;gBAEvC,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;IAI/C,cAAc,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAI1C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC;IAqBpD,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBtE,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAY7E,aAAa,CAAC,SAAS,EAAE,UAAU,GAAG,oBAAoB;IAsBpD,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAcxE"}

package/dist/src/platforms/webex/encryption.js

@@ -1,4 +1,8 @@
+import { createCipheriv, randomBytes } from 'node:crypto';
 import * as jose from 'node-jose';
+function toBase64Url(buffer) {
+    return buffer.toString('base64url');
+}
 export class WebexEncryptionService {
     rawKeys;
     keyCache = new Map();
@@ -58,5 +62,37 @@ export class WebexEncryptionService {
             return null;
         }
     }
+    encryptBinary(plaintext) {
+        const key = randomBytes(32);
+        const iv = randomBytes(12);
+        const aad = new Date().toISOString();
+        const cipher = createCipheriv('aes-256-gcm', key, iv);
+        cipher.setAAD(Buffer.from(aad, 'utf8'));
+        const ciphertext = Buffer.concat([cipher.update(Buffer.from(plaintext)), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return {
+            scr: {
+                enc: 'A256GCM',
+                key: toBase64Url(key),
+                iv: toBase64Url(iv),
+                aad,
+                tag: toBase64Url(tag),
+            },
+            ciphertext,
+        };
+    }
+    async encryptScr(keyUri, scr) {
+        if (!scr.loc)
+            return null;
+        const key = await this.getKey(keyUri);
+        if (!key)
+            return null;
+        try {
+            return await jose.JWE.createEncrypt({ format: 'compact', contentAlg: 'A256GCM' }, { key, header: { alg: 'dir', kid: keyUri }, reference: null }).final(JSON.stringify(scr), 'utf8');
+        }
+        catch {
+            return null;
+        }
+    }
 }
 //# sourceMappingURL=encryption.js.map

package/dist/src/platforms/webex/encryption.js.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../../src/platforms/webex/encryption.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAA;AAOjC,MAAM,OAAO,sBAAsB;IACzB,OAAO,CAAqB;IAC5B,QAAQ,GAA8B,IAAI,GAAG,EAAE,CAAA;IAC/C,WAAW,GAA4B,IAAI,CAAA;IAEnD,YAAY,cAAmC;QAC7C,IAAI,CAAC,OAAO,GAAG,cAAc,CAAA;IAC/B,CAAC;IAED,cAAc,CAAC,QAA0B;QACvC,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAA;IAC7B,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,EAAE,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAc;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QAEzB,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAClC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC7B,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,SAAS,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAA;YACjD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAChD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;YAC7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YAClC,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,SAAiB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,gFAAgF;YAChF,8EAA8E;YAC9E,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CACjC,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,EAC5C,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAC9D,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,UAAkB;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YACpE,OAAO,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../../src/platforms/webex/encryption.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEzD,OAAO,KAAK,IAAI,MAAM,WAAW,CAAA;AAuBjC,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;AACrC,CAAC;AAED,MAAM,OAAO,sBAAsB;IACzB,OAAO,CAAqB;IAC5B,QAAQ,GAA8B,IAAI,GAAG,EAAE,CAAA;IAC/C,WAAW,GAA4B,IAAI,CAAA;IAEnD,YAAY,cAAmC;QAC7C,IAAI,CAAC,OAAO,GAAG,cAAc,CAAA;IAC/B,CAAC;IAED,cAAc,CAAC,QAA0B;QACvC,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAA;IAC7B,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,EAAE,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAc;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QAEzB,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAClC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC7B,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,SAAS,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAA;YACjD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAChD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;YAC7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YAClC,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,SAAiB;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,gFAAgF;YAChF,8EAA8E;YAC9E,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CACjC,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,EAC5C,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAC9D,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,UAAkB;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YACpE,OAAO,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,aAAa,CAAC,SAAqB;QACjC,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAA;QAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAA;QAC1B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAEpC,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;QACrD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAA;QACvC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QACzF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QAE/B,OAAO;YACL,GAAG,EAAE;gBACH,GAAG,EAAE,SAAS;gBACd,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC;gBACrB,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC;gBACnB,GAAG;gBACH,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC;aACtB;YACD,UAAU;SACX,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,GAAa;QAC5C,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CACjC,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,EAC5C,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAC9D,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAA;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;CACF"}

package/docs/content/docs/cli/webex.mdx

@@ -203,6 +203,19 @@ agent-webex member list <space-id>
 agent-webex member list abc123 --limit 100
 ```
 
+### File Commands
+
+```bash
+# Upload a local file to a space
+agent-webex file upload <space-id> <path>
+agent-webex file upload abc123 ./report.pdf --text "Latest report"
+agent-webex file upload abc123 ./image.png --text "**Done**" --markdown
+
+# Download a file attachment by content URL or ID
+agent-webex file download <content-url-or-id>
+agent-webex file download <content-url-or-id> ./out.pdf
+```
+
 ### Snapshot Command
 
 Get workspace overview for AI agents (brief by default):

package/docs/content/docs/sdk/webex.mdx

@@ -104,6 +104,18 @@ const limited = await client.listMemberships(roomId, { max: 100 })
 // → WebexMembership[]
 ```
 
+### Files
+
+```typescript
+// Upload a file to a space (optionally with a text comment)
+const msg = await client.uploadFile(roomId, { content: blob, filename: 'report.pdf' }, { text: 'Latest report' })
+// → WebexMessage { id, roomId, files, ... }
+
+// Download a file attachment by content URL or ID
+const { data, filename, contentType } = await client.downloadContent(contentUrlOrId)
+// → { data: ArrayBuffer, filename: string, contentType: string }
+```
+
 ## WebexCredentialManager
 
 Manages Webex credentials stored at `~/.config/agent-messenger/webex-credentials.json`. Files are written with `0o600` permissions. Supports OAuth Device Grant flow, bot tokens, and PATs.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-messenger",
-  "version": "2.23.4",
+  "version": "2.23.6",
   "description": "Multi-platform messaging CLI for AI agents (Slack, Discord, Teams, Webex, Telegram, Telegram Bot, WhatsApp, LINE, Instagram, KakaoTalk, Channel Talk)",
   "repository": {
     "type": "git",

package/skills/agent-channeltalk/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-channeltalk
 description: Interact with Channel Talk using extracted desktop app or browser credentials - read chats, send messages, search messages, manage groups
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-channeltalk:*)
 metadata:
   openclaw:

package/skills/agent-channeltalkbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-channeltalkbot
 description: Interact with Channel Talk workspaces using API credentials - send messages, read chats, manage groups and bots
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-channeltalkbot:*)
 metadata:
   openclaw:

package/skills/agent-discord/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-discord
 description: Interact with Discord servers - send messages, read channels, manage reactions
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-discord:*)
 metadata:
   openclaw:

package/skills/agent-discordbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-discordbot
 description: Interact with Discord servers using bot tokens - send messages, read channels, manage reactions
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-discordbot:*)
 metadata:
   openclaw:

package/skills/agent-instagram/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-instagram
 description: Interact with Instagram DMs - send messages, read conversations, manage accounts
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-instagram:*)
 metadata:
   openclaw:

package/skills/agent-kakaotalk/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-kakaotalk
 description: Interact with KakaoTalk - send messages, read chats, manage conversations
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-kakaotalk:*)
 metadata:
   openclaw:

package/skills/agent-line/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-line
 description: Interact with LINE - send messages, read chats, manage conversations
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-line:*)
 metadata:
   openclaw:

package/skills/agent-slack/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-slack
 description: Interact with Slack workspaces - send messages, read channels, manage reactions
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-slack:*)
 metadata:
   openclaw:

package/skills/agent-slackbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-slackbot
 description: Interact with Slack workspaces using bot tokens - send messages, read channels, manage reactions
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-slackbot:*)
 metadata:
   openclaw:

package/skills/agent-teams/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-teams
 description: Interact with Microsoft Teams - send messages, read channels, manage reactions
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-teams:*)
 metadata:
   openclaw:

package/skills/agent-telegram/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-telegram
 description: Interact with Telegram through TDLib - authenticate, inspect chats, and send messages
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-telegram:*)
 ---
 

package/skills/agent-telegrambot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-telegrambot
 description: Interact with Telegram using bot tokens - send messages, read chats, manage reactions
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-telegrambot:*)
 metadata:
   openclaw:

package/skills/agent-webex/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-webex
 description: Interact with Cisco Webex - send messages, read spaces, manage memberships
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-webex:*)
 metadata:
   openclaw:
@@ -314,6 +314,19 @@ agent-webex member list <space-id>
 agent-webex member list <space-id> --limit 100
 ```
 
+### File Commands
+
+```bash
+# Upload a local file to a space
+agent-webex file upload <space-id> <path>
+agent-webex file upload <space-id> ./report.pdf --text "Latest report"
+agent-webex file upload <space-id> ./image.png --text "**Done**" --markdown
+
+# Download a file attachment by content URL or ID
+agent-webex file download <content-url-or-id>
+agent-webex file download <content-url-or-id> ./out.pdf
+```
+
 ### Snapshot Command
 
 Get workspace overview for AI agents (brief by default):
@@ -451,7 +464,6 @@ See the [Webex SDK documentation](https://agent-messenger.dev/docs/sdk/webex) fo
 
 ## Limitations
 
-- No file upload or download
 - No reactions / emoji support
 - No thread support
 - No message search

package/skills/agent-webexbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-webexbot
 description: Interact with Cisco Webex using bot tokens - send messages, reply in threads, upload and download files, look up people, read spaces, manage memberships, stream real-time events
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-webexbot:*)
 metadata:
   openclaw:

package/skills/agent-wechatbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-wechatbot
 description: Interact with WeChat Official Account using API credentials - send messages, manage templates, list followers
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-wechatbot:*)
 metadata:
   openclaw:

package/skills/agent-whatsapp/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-whatsapp
 description: Interact with WhatsApp - send messages, read chats, manage conversations
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-whatsapp:*)
 metadata:
   openclaw:

package/skills/agent-whatsappbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-whatsappbot
 description: Interact with WhatsApp using Cloud API credentials - send messages, manage templates
-version: 2.23.4
+version: 2.23.6
 allowed-tools: Bash(agent-whatsappbot:*)
 metadata:
   openclaw:

package/src/platforms/webex/cli.ts

@@ -4,7 +4,15 @@ import type { Command as CommandType } from 'commander'
 import { Command } from 'commander'
 
 import pkg from '../../../package.json' with { type: 'json' }
-import { authCommand, memberCommand, messageCommand, snapshotCommand, spaceCommand, whoamiCommand } from './commands'
+import {
+  authCommand,
+  fileCommand,
+  memberCommand,
+  messageCommand,
+  snapshotCommand,
+  spaceCommand,
+  whoamiCommand,
+} from './commands'
 import { ensureWebexAuth } from './ensure-auth'
 
 function isAuthCommand(command: CommandType): boolean {
@@ -26,6 +34,7 @@ program.hook('preAction', async (_thisCommand, actionCommand) => {
 })
 
 program.addCommand(authCommand)
+program.addCommand(fileCommand)
 program.addCommand(memberCommand)
 program.addCommand(messageCommand)
 program.addCommand(snapshotCommand)

package/src/platforms/webex/client.test.ts

@@ -81,6 +81,38 @@ describe('WebexClient', () => {
       expect((client as any).deviceUrl).toBe('https://wdm-r.wbx2.com/wdm/api/v1/devices/dev-1')
       expect((client as any).tokenType).toBe('extracted')
     })
+
+    const DEVICE_URL = 'https://wdm-r.wbx2.com/wdm/api/v1/devices/dev-1'
+    const encryptionOf = (client: WebexClient) =>
+      (client as unknown as { encryption: WebexEncryptionService | null }).encryption
+
+    it('initializes encryption for explicit extracted credentials with a device URL', async () => {
+      const client = await new WebexClient().login({
+        token: 'extracted-token',
+        deviceUrl: DEVICE_URL,
+        tokenType: 'extracted',
+      })
+      expect(encryptionOf(client)).toBeInstanceOf(WebexEncryptionService)
+    })
+
+    it('initializes encryption for explicit password credentials with a device URL', async () => {
+      const client = await new WebexClient().login({
+        token: 'password-token',
+        deviceUrl: DEVICE_URL,
+        tokenType: 'password',
+      })
+      expect(encryptionOf(client)).toBeInstanceOf(WebexEncryptionService)
+    })
+
+    it('does not initialize encryption for a plain token without device URL', async () => {
+      const client = await new WebexClient().login({ token: 'plain-token' })
+      expect(encryptionOf(client)).toBeNull()
+    })
+
+    it('does not initialize encryption when device URL is absent', async () => {
+      const client = await new WebexClient().login({ token: 'extracted-token', tokenType: 'extracted' })
+      expect(encryptionOf(client)).toBeNull()
+    })
   })
 
   describe('testAuth', () => {
@@ -623,12 +655,17 @@ describe('WebexClient', () => {
       activities: { items: activities },
     })
 
+    // These tests exercise the cleartext internal-API shape, so the KMS-backed
+    // encryption service is cleared after login; the encrypted path has its own
+    // createEncryptedClient that re-attaches a stub service.
     const createExtractedClient = async () => {
-      return new WebexClient().login({
+      const client = await new WebexClient().login({
         token: 'extracted-token',
         deviceUrl: TEST_DEVICE_URL,
         tokenType: 'extracted',
       })
+      ;(client as unknown as { encryption: null }).encryption = null
+      return client
     }
 
     describe('sendMessage', () => {
@@ -988,6 +1025,31 @@ describe('WebexClient', () => {
         expect(decodeJweHeader(body.object.displayName).kid).toBe(TEST_KEY_URI)
         expect(decodeJweHeader(body.object.content).kid).toBe(TEST_KEY_URI)
       })
+
+      it('explicit-credential login encrypts the send without manually attaching a service', async () => {
+        const keystore = jose.JWK.createKeyStore()
+        const key = await keystore.generate('oct', 256, { alg: 'A256GCM' })
+        const serializedKey = JSON.stringify({ uri: TEST_KEY_URI, jwk: key.toJSON(true) })
+
+        const client = await new WebexClient().login({
+          token: 'extracted-token',
+          deviceUrl: TEST_DEVICE_URL,
+          tokenType: 'extracted',
+        })
+        const service = (client as unknown as { encryption: WebexEncryptionService | null }).encryption
+        expect(service).toBeInstanceOf(WebexEncryptionService)
+        service?.setKeyProvider({ fetchKey: async () => serializedKey })
+
+        mockResponse({ id: TEST_CONV_UUID, defaultActivityEncryptionKeyUrl: TEST_KEY_URI })
+        mockResponse(mockActivity('Hello world'))
+
+        await client.sendMessage(TEST_ROOM_ID, 'Hello world')
+
+        const body = JSON.parse(fetchCalls[1].options?.body as string)
+        expect(body.object.displayName.startsWith('eyJ')).toBe(true)
+        expect(body.encryptionKeyUrl).toBe(TEST_KEY_URI)
+        expect(decodeJweHeader(body.object.displayName).kid).toBe(TEST_KEY_URI)
+      })
     })
 
     describe('sendDirectMessage', () => {
@@ -1018,6 +1080,137 @@ describe('WebexClient', () => {
       })
     })
 
+    describe('uploadFile', () => {
+      const mockUploadFlow = () => {
+        // given: the full internal share flow — conv lookup, space, session, PUT, finish, content
+        mockResponse({ id: TEST_CONV_UUID })
+        mockResponse({ spaceUrl: 'https://files.wbx2.com/spaces/sp1' })
+        mockResponse({
+          uploadUrl: 'https://up.wbx2.com/upload/sess1',
+          finishUploadUrl: 'https://up.wbx2.com/upload/sess1/finish',
+        })
+        mockResponse({}, 200)
+        mockResponse({ downloadUrl: 'https://files.wbx2.com/files/f1' })
+        mockResponse({ ...mockActivity(''), verb: 'share' })
+      }
+
+      const file = () => ({ content: new Blob(['hello world']), filename: 'note.txt' })
+
+      it('routes to the internal conversation API instead of the public messages endpoint', async () => {
+        mockUploadFlow()
+
+        const client = await createExtractedClient()
+        await client.uploadFile(TEST_ROOM_ID, file())
+
+        expect(fetchCalls.every((c) => !c.url.includes('webexapis.com/v1/messages'))).toBe(true)
+        expect(fetchCalls.at(-1)?.url).toBe(`${CONV_BASE}/conversations/${TEST_CONV_UUID}/content`)
+        expect(fetchCalls.at(-1)?.options?.method).toBe('POST')
+      })
+
+      it('requests a space, opens an upload session, PUTs the bytes, then finalizes', async () => {
+        mockUploadFlow()
+
+        const client = await createExtractedClient()
+        await client.uploadFile(TEST_ROOM_ID, file())
+
+        expect(fetchCalls[1].url).toBe(`${CONV_BASE}/conversations/${TEST_CONV_UUID}/space`)
+        expect(fetchCalls[1].options?.method).toBe('PUT')
+        expect(fetchCalls[2].url).toBe('https://files.wbx2.com/spaces/sp1/upload_sessions')
+        expect(fetchCalls[3].url).toBe('https://up.wbx2.com/upload/sess1')
+        expect(fetchCalls[3].options?.method).toBe('PUT')
+        expect(fetchCalls[4].url).toBe('https://up.wbx2.com/upload/sess1/finish')
+      })
+
+      it('finalize body carries fileSize and a sha256 fileHash of the uploaded bytes', async () => {
+        mockUploadFlow()
+
+        const client = await createExtractedClient()
+        await client.uploadFile(TEST_ROOM_ID, file())
+
+        const body = JSON.parse(fetchCalls[4].options?.body as string)
+        expect(body.fileSize).toBe(11)
+        expect(body.fileHash).toMatch(/^[0-9a-f]{64}$/)
+      })
+
+      it('share activity references the uploaded file with download url and metadata', async () => {
+        mockUploadFlow()
+
+        const client = await createExtractedClient()
+        await client.uploadFile(TEST_ROOM_ID, file())
+
+        const body = JSON.parse(fetchCalls.at(-1)?.options?.body as string)
+        expect(body.verb).toBe('share')
+        expect(body.object.objectType).toBe('content')
+        expect(body.object.contentCategory).toBe('documents')
+        const item = body.object.files.items[0]
+        expect(item.objectType).toBe('file')
+        expect(item.url).toBe('https://files.wbx2.com/files/f1')
+        expect(item.fileSize).toBe(11)
+        expect(item.mimeType).toBe('text/plain')
+        expect(item.displayName).toBe('note.txt')
+      })
+
+      it('attaches an optional text comment to the share activity', async () => {
+        mockUploadFlow()
+
+        const client = await createExtractedClient()
+        await client.uploadFile(TEST_ROOM_ID, file(), { text: 'see attached' })
+
+        const body = JSON.parse(fetchCalls.at(-1)?.options?.body as string)
+        expect(body.object.displayName).toBe('see attached')
+      })
+
+      it('categorizes images by mime type', async () => {
+        mockUploadFlow()
+
+        const client = await createExtractedClient()
+        await client.uploadFile(TEST_ROOM_ID, { content: new Blob(['x']), filename: 'photo.png' })
+
+        const body = JSON.parse(fetchCalls.at(-1)?.options?.body as string)
+        expect(body.object.contentCategory).toBe('images')
+        expect(body.object.files.items[0].mimeType).toBe('image/png')
+      })
+
+      it('refuses to upload when the server returns an untrusted space url', async () => {
+        mockResponse({ id: TEST_CONV_UUID })
+        mockResponse({ spaceUrl: 'https://evil.example.com/spaces/sp1' })
+
+        const client = await createExtractedClient()
+
+        await expect(client.uploadFile(TEST_ROOM_ID, file())).rejects.toThrow('untrusted host')
+        expect(fetchCalls.every((c) => !c.url.includes('evil.example.com'))).toBe(true)
+      })
+
+      it('refuses to upload when the server returns a non-https upload url', async () => {
+        mockResponse({ id: TEST_CONV_UUID })
+        mockResponse({ spaceUrl: 'https://files.wbx2.com/spaces/sp1' })
+        mockResponse({
+          uploadUrl: 'http://up.wbx2.com/upload/sess1',
+          finishUploadUrl: 'https://up.wbx2.com/upload/sess1/finish',
+        })
+
+        const client = await createExtractedClient()
+
+        await expect(client.uploadFile(TEST_ROOM_ID, file())).rejects.toThrow('untrusted host')
+      })
+
+      it('accepts trusted Webex urls that carry an explicit port', async () => {
+        mockResponse({ id: TEST_CONV_UUID })
+        mockResponse({ spaceUrl: 'https://files.wbx2.com:443/spaces/sp1' })
+        mockResponse({
+          uploadUrl: 'https://up.wbx2.com:443/upload/sess1',
+          finishUploadUrl: 'https://up.wbx2.com:443/upload/sess1/finish',
+        })
+        mockResponse({}, 200)
+        mockResponse({ downloadUrl: 'https://files.wbx2.com/files/f1' })
+        mockResponse({ ...mockActivity(''), verb: 'share' })
+
+        const client = await createExtractedClient()
+
+        await expect(client.uploadFile(TEST_ROOM_ID, file())).resolves.toBeDefined()
+      })
+    })
+
     describe('error handling', () => {
       it('throws WebexError when internal API returns non-OK response', async () => {
         fetchResponses.push(