botschat 0.1.10 → 0.1.13

package/packages/api/src/routes/upload.ts

@@ -8,50 +8,85 @@ export const upload = new Hono<{
   Variables: { userId: string };
 }>();
 
+/** Allowed non-image MIME types for file attachments. */
+const ALLOWED_FILE_TYPES = new Set([
+  "application/pdf",
+  "text/plain",
+  "text/csv",
+  "text/markdown",
+  "application/json",
+  "application/zip",
+  "application/gzip",
+  "application/x-tar",
+  "audio/mpeg", "audio/wav", "audio/ogg", "audio/mp4", "audio/webm", "audio/aac",
+  "video/mp4", "video/webm", "video/quicktime",
+]);
+
+/** Safe file extensions for each category. */
+const SAFE_EXTENSIONS = new Set([
+  "jpg", "jpeg", "png", "gif", "webp", "bmp", "ico",
+  "pdf", "txt", "csv", "md", "json", "zip", "gz", "tar",
+  "mp3", "wav", "ogg", "m4a", "aac", "webm",
+  "mp4", "mov",
+]);
+
 /** POST / — Upload a file to R2 and return a signed URL. */
 upload.post("/", async (c) => {
-  const userId = c.get("userId");
-  const contentType = c.req.header("Content-Type") ?? "";
+  try {
+    const userId = c.get("userId");
+    const contentType = c.req.header("Content-Type") ?? "";
 
-  if (!contentType.includes("multipart/form-data")) {
-    return c.json({ error: "Expected multipart/form-data" }, 400);
-  }
+    if (!contentType.includes("multipart/form-data")) {
+      return c.json({ error: "Expected multipart/form-data" }, 400);
+    }
 
-  const formData = await c.req.formData();
-  const file = formData.get("file") as File | null;
+    const formData = await c.req.formData();
+    const file = formData.get("file") as File | null;
 
-  if (!file) {
-    return c.json({ error: "No file provided" }, 400);
-  }
+    if (!file) {
+      return c.json({ error: "No file provided" }, 400);
+    }
 
-  // Validate file type — only raster images allowed (SVG is an XSS vector)
-  if (!file.type.startsWith("image/") || file.type.includes("svg")) {
-    return c.json({ error: "Only image files are allowed (SVG is not permitted)" }, 400);
-  }
+    const fileType = file.type || "";
 
-  // Limit file size to 10 MB
-  const MAX_SIZE = 10 * 1024 * 1024;
-  if (file.size > MAX_SIZE) {
-    return c.json({ error: "File too large (max 10 MB)" }, 413);
-  }
+    // Block SVG (XSS vector) and executables
+    if (fileType.includes("svg") || fileType.includes("executable") || fileType.includes("javascript")) {
+      return c.json({ error: "File type not permitted (SVG, executables, scripts are blocked)" }, 400);
+    }
 
-  // Generate a unique key: media/{userId}/{timestamp}-{random}.{ext}
-  const ext = file.name.split(".").pop()?.toLowerCase() ?? "png";
-  // SVG is excluded — it can contain <script> tags and is a known XSS vector
-  const safeExt = ["jpg", "jpeg", "png", "gif", "webp", "bmp", "ico"].includes(ext) ? ext : "png";
-  const filename = `${Date.now()}-${randomUUID().slice(0, 8)}.${safeExt}`;
-  const key = `media/${userId}/${filename}`;
-
-  // Upload to R2
-  await c.env.MEDIA.put(key, file.stream(), {
-    httpMetadata: {
-      contentType: file.type,
-    },
-  });
-
-  // Return a signed URL (1 hour expiry)
-  const secret = getJwtSecret(c.env);
-  const url = await signMediaUrl(userId, filename, secret, 3600);
-
-  return c.json({ url, key });
+    // Allow images (except SVG) and a curated set of other file types
+    const isImage = fileType.startsWith("image/");
+    const isAllowedFile = ALLOWED_FILE_TYPES.has(fileType);
+    if (!isImage && !isAllowedFile) {
+      return c.json({ error: `File type '${fileType}' is not supported` }, 400);
+    }
+
+    // Limit file size to 10 MB
+    const MAX_SIZE = 10 * 1024 * 1024;
+    if (file.size > MAX_SIZE) {
+      return c.json({ error: "File too large (max 10 MB)" }, 413);
+    }
+
+    // Generate a unique key: media/{userId}/{timestamp}-{random}.{ext}
+    const ext = file.name.split(".").pop()?.toLowerCase() ?? "bin";
+    const safeExt = SAFE_EXTENSIONS.has(ext) ? ext : (isImage ? "png" : "bin");
+    const filename = `${Date.now()}-${randomUUID().slice(0, 8)}.${safeExt}`;
+    const key = `media/${userId}/${filename}`;
+
+    // Upload to R2
+    await c.env.MEDIA.put(key, file.stream(), {
+      httpMetadata: {
+        contentType: fileType || "application/octet-stream",
+      },
+    });
+
+    // Return a signed URL (1 hour expiry)
+    const secret = getJwtSecret(c.env);
+    const url = await signMediaUrl(userId, filename, secret, 3600);
+
+    return c.json({ url, key });
+  } catch (err) {
+    console.error("[upload] Error:", err);
+    return c.json({ error: `Upload failed: ${err instanceof Error ? err.message : String(err)}` }, 500);
+  }
 });

package/packages/api/src/utils/fcm.ts

@@ -0,0 +1,167 @@
+/**
+ * FCM HTTP v1 API — send push notifications from Cloudflare Workers.
+ *
+ * Uses a Google Service Account to obtain OAuth2 access tokens,
+ * then sends data-only messages via FCM so clients can decrypt
+ * E2E-encrypted content before showing notifications.
+ */
+
+type ServiceAccount = {
+  client_email: string;
+  private_key: string;
+  token_uri: string;
+};
+
+// Module-level token cache (survives within DO lifecycle)
+let cachedAccessToken: string | null = null;
+let cachedTokenExpiry = 0;
+
+/**
+ * Get a valid Google OAuth2 access token for FCM.
+ * Caches the token in memory; refreshes 5 minutes before expiry.
+ */
+export async function getFcmAccessToken(serviceAccountJson: string): Promise<string> {
+  const now = Math.floor(Date.now() / 1000);
+  if (cachedAccessToken && cachedTokenExpiry > now + 300) {
+    return cachedAccessToken;
+  }
+
+  const sa: ServiceAccount = JSON.parse(serviceAccountJson);
+
+  // Build JWT assertion for Google OAuth2
+  const header = { alg: "RS256", typ: "JWT" };
+  const claims = {
+    iss: sa.client_email,
+    scope: "https://www.googleapis.com/auth/firebase.messaging",
+    aud: sa.token_uri,
+    iat: now,
+    exp: now + 3600,
+  };
+
+  const key = await importPKCS8Key(sa.private_key);
+  const jwt = await signJwt(header, claims, key);
+
+  // Exchange JWT for access token
+  const res = await fetch(sa.token_uri, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: `grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=${jwt}`,
+  });
+
+  if (!res.ok) {
+    const err = await res.text();
+    throw new Error(`FCM OAuth2 token exchange failed: ${res.status} ${err}`);
+  }
+
+  const data = (await res.json()) as { access_token: string; expires_in: number };
+  cachedAccessToken = data.access_token;
+  cachedTokenExpiry = now + data.expires_in;
+  return data.access_token;
+}
+
+export type PushPayload = {
+  accessToken: string;
+  projectId: string;
+  fcmToken: string;
+  /** Data payload — sent as FCM data-only message so client can decrypt + show notification. */
+  data: Record<string, string>;
+};
+
+/**
+ * Send a data-only push notification via FCM HTTP v1 API.
+ * Returns true on success. Returns false if the token is invalid (404/410)
+ * so the caller can clean it up.
+ */
+export async function sendPushNotification(opts: PushPayload): Promise<boolean> {
+  const url = `https://fcm.googleapis.com/v1/projects/${opts.projectId}/messages:send`;
+
+  const message = {
+    message: {
+      token: opts.fcmToken,
+      // Data-only message — no "notification" field.
+      // Client receives the data and shows a local notification after decryption.
+      data: opts.data,
+      // Platform-specific overrides for data-only delivery
+      android: {
+        priority: "high" as const,
+      },
+      apns: {
+        headers: {
+          "apns-priority": "10",
+          "apns-push-type": "background",
+        },
+        payload: {
+          aps: {
+            "content-available": 1,
+            sound: "default",
+          },
+        },
+      },
+      webpush: {
+        headers: {
+          Urgency: "high",
+        },
+      },
+    },
+  };
+
+  const res = await fetch(url, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${opts.accessToken}`,
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(message),
+  });
+
+  if (!res.ok) {
+    const err = await res.text();
+    console.error(`[FCM] Send failed for token ...${opts.fcmToken.slice(-8)}: ${res.status} ${err}`);
+    // Token invalid/expired — caller should remove it
+    if (res.status === 404 || res.status === 410) return false;
+  }
+  return res.ok;
+}
+
+// ---- Crypto helpers for RS256 JWT signing ----
+
+async function importPKCS8Key(pem: string): Promise<CryptoKey> {
+  const pemContents = pem
+    .replace(/-----BEGIN PRIVATE KEY-----/, "")
+    .replace(/-----END PRIVATE KEY-----/, "")
+    .replace(/\n/g, "");
+  const binary = atob(pemContents);
+  const der = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    der[i] = binary.charCodeAt(i);
+  }
+  return crypto.subtle.importKey(
+    "pkcs8",
+    der.buffer as ArrayBuffer,
+    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    false,
+    ["sign"],
+  );
+}
+
+function base64url(data: string | Uint8Array): string {
+  const str = typeof data === "string" ? btoa(data) : btoa(String.fromCharCode(...data));
+  return str.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+
+async function signJwt(
+  header: Record<string, string>,
+  payload: Record<string, unknown>,
+  key: CryptoKey,
+): Promise<string> {
+  const headerB64 = base64url(JSON.stringify(header));
+  const payloadB64 = base64url(JSON.stringify(payload));
+  const input = `${headerB64}.${payloadB64}`;
+  const sig = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    key,
+    new TextEncoder().encode(input),
+  );
+  const sigB64 = base64url(new Uint8Array(sig));
+  return `${input}.${sigB64}`;
+}

package/packages/api/src/utils/firebase.ts

@@ -121,6 +121,224 @@ export async function verifyFirebaseIdToken(
   return verifyWithKey(matchingKey, signedContent, signatureBytes, payload, projectId);
 }
 
+// ---------------------------------------------------------------------------
+// Google ID Token verification (for native iOS/Android sign-in)
+// ---------------------------------------------------------------------------
+
+const GOOGLE_OAUTH_JWKS_URL =
+  "https://www.googleapis.com/oauth2/v3/certs";
+
+let cachedGoogleOAuthKeys: JsonWebKey[] | null = null;
+let cachedGoogleOAuthAt = 0;
+
+async function getGoogleOAuthPublicKeys(): Promise<JsonWebKey[]> {
+  const now = Date.now();
+  if (cachedGoogleOAuthKeys && now - cachedGoogleOAuthAt < CACHE_TTL_MS) {
+    return cachedGoogleOAuthKeys;
+  }
+  const resp = await fetch(GOOGLE_OAUTH_JWKS_URL);
+  if (!resp.ok) {
+    throw new Error(`Failed to fetch Google OAuth JWKS: ${resp.status}`);
+  }
+  const jwks = (await resp.json()) as { keys: JsonWebKey[] };
+  cachedGoogleOAuthKeys = jwks.keys;
+  cachedGoogleOAuthAt = now;
+  return jwks.keys;
+}
+
+/**
+ * Verify a Google ID token (from native Google Sign-In) and return the payload.
+ * Google ID tokens have iss=accounts.google.com and aud=<web-client-id>.
+ */
+export async function verifyGoogleIdToken(
+  idToken: string,
+  allowedClientIds: string[],
+): Promise<FirebaseTokenPayload> {
+  const { header, payload, signatureBytes, signedContent } =
+    parseJwtUnverified(idToken);
+
+  if (header.alg !== "RS256") {
+    throw new Error(`Unsupported algorithm: ${header.alg}`);
+  }
+
+  // Find matching key from Google's OAuth JWKS
+  let keys = await getGoogleOAuthPublicKeys();
+  let matchingKey = keys.find((k) => (k as { kid?: string }).kid === header.kid);
+  if (!matchingKey) {
+    cachedGoogleOAuthKeys = null;
+    keys = await getGoogleOAuthPublicKeys();
+    matchingKey = keys.find((k) => (k as { kid?: string }).kid === header.kid);
+    if (!matchingKey) {
+      throw new Error(`No matching Google OAuth key for kid: ${header.kid}`);
+    }
+  }
+
+  return verifyGoogleTokenWithKey(matchingKey, signedContent, signatureBytes, payload, allowedClientIds);
+}
+
+async function verifyGoogleTokenWithKey(
+  jwk: JsonWebKey,
+  signedContent: string,
+  signatureBytes: Uint8Array,
+  payload: FirebaseTokenPayload,
+  allowedClientIds: string[],
+): Promise<FirebaseTokenPayload> {
+  const key = await crypto.subtle.importKey(
+    "jwk", jwk,
+    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    false, ["verify"],
+  );
+
+  const valid = await crypto.subtle.verify(
+    "RSASSA-PKCS1-v1_5", key, signatureBytes,
+    new TextEncoder().encode(signedContent),
+  );
+  if (!valid) throw new Error("Invalid Google token signature");
+
+  const now = Math.floor(Date.now() / 1000);
+  if (payload.exp < now) throw new Error("Google token has expired");
+  if (payload.iat > now + 300) throw new Error("Google token issued in the future");
+
+  // Google ID tokens have iss = "accounts.google.com" or "https://accounts.google.com"
+  if (payload.iss !== "accounts.google.com" && payload.iss !== "https://accounts.google.com") {
+    throw new Error(`Invalid Google token issuer: ${payload.iss}`);
+  }
+
+  // Audience must be one of our allowed client IDs
+  if (!allowedClientIds.includes(payload.aud)) {
+    throw new Error(`Invalid Google token audience: ${payload.aud}`);
+  }
+
+  if (!payload.sub) throw new Error("Missing subject in Google token");
+
+  // Synthesize firebase-like fields so the rest of the auth flow works
+  if (!payload.firebase) {
+    payload.firebase = {
+      sign_in_provider: "google.com",
+      identities: { "google.com": [payload.sub] },
+    };
+  }
+
+  return payload;
+}
+
+/**
+ * Detect whether a token is a Firebase ID token or a Google ID token,
+ * and verify accordingly.
+ */
+export async function verifyAnyGoogleToken(
+  idToken: string,
+  firebaseProjectId: string,
+  allowedGoogleClientIds: string[],
+): Promise<FirebaseTokenPayload> {
+  // Peek at the issuer to decide which verification path to use
+  const { payload: peek } = parseJwtUnverified(idToken);
+
+  if (peek.iss === `${FIREBASE_TOKEN_ISSUER_PREFIX}${firebaseProjectId}`) {
+    // Standard Firebase ID token (from web Firebase popup)
+    return verifyFirebaseIdToken(idToken, firebaseProjectId);
+  }
+
+  if (peek.iss === "accounts.google.com" || peek.iss === "https://accounts.google.com") {
+    // Native Google ID token (from iOS/Android)
+    return verifyGoogleIdToken(idToken, allowedGoogleClientIds);
+  }
+
+  if (peek.iss === "https://appleid.apple.com") {
+    // Native Apple ID token (from iOS Sign in with Apple)
+    return verifyAppleIdToken(idToken, []);
+  }
+
+  throw new Error(`Unrecognized token issuer: ${peek.iss}`);
+}
+
+// ---------------------------------------------------------------------------
+// Apple ID Token verification (for native iOS Sign in with Apple)
+// ---------------------------------------------------------------------------
+
+const APPLE_JWKS_URL = "https://appleid.apple.com/auth/keys";
+
+let cachedAppleKeys: JsonWebKey[] | null = null;
+let cachedAppleAt = 0;
+
+async function getApplePublicKeys(): Promise<JsonWebKey[]> {
+  const now = Date.now();
+  if (cachedAppleKeys && now - cachedAppleAt < CACHE_TTL_MS) {
+    return cachedAppleKeys;
+  }
+  const resp = await fetch(APPLE_JWKS_URL);
+  if (!resp.ok) {
+    throw new Error(`Failed to fetch Apple JWKS: ${resp.status}`);
+  }
+  const jwks = (await resp.json()) as { keys: JsonWebKey[] };
+  cachedAppleKeys = jwks.keys;
+  cachedAppleAt = now;
+  return jwks.keys;
+}
+
+export async function verifyAppleIdToken(
+  idToken: string,
+  allowedAudiences: string[],
+): Promise<FirebaseTokenPayload> {
+  const { header, payload, signatureBytes, signedContent } =
+    parseJwtUnverified(idToken);
+
+  if (header.alg !== "RS256") {
+    throw new Error(`Unsupported algorithm: ${header.alg}`);
+  }
+
+  let keys = await getApplePublicKeys();
+  let matchingKey = keys.find((k) => (k as { kid?: string }).kid === header.kid);
+  if (!matchingKey) {
+    cachedAppleKeys = null;
+    keys = await getApplePublicKeys();
+    matchingKey = keys.find((k) => (k as { kid?: string }).kid === header.kid);
+    if (!matchingKey) {
+      throw new Error(`No matching Apple key for kid: ${header.kid}`);
+    }
+  }
+
+  const key = await crypto.subtle.importKey(
+    "jwk", matchingKey,
+    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    false, ["verify"],
+  );
+
+  const valid = await crypto.subtle.verify(
+    "RSASSA-PKCS1-v1_5", key, signatureBytes,
+    new TextEncoder().encode(signedContent),
+  );
+  if (!valid) throw new Error("Invalid Apple token signature");
+
+  const now = Math.floor(Date.now() / 1000);
+  if (payload.exp < now) throw new Error("Apple token has expired");
+  if (payload.iat > now + 300) throw new Error("Apple token issued in the future");
+
+  if (payload.iss !== "https://appleid.apple.com") {
+    throw new Error(`Invalid Apple token issuer: ${payload.iss}`);
+  }
+
+  if (allowedAudiences.length > 0 && !allowedAudiences.includes(payload.aud)) {
+    throw new Error(`Invalid Apple token audience: ${payload.aud}`);
+  }
+
+  if (!payload.sub) throw new Error("Missing subject in Apple token");
+
+  // Synthesize firebase-like fields so the rest of the auth flow works
+  if (!payload.firebase) {
+    payload.firebase = {
+      sign_in_provider: "apple.com",
+      identities: { "apple.com": [payload.sub] },
+    };
+  }
+
+  return payload;
+}
+
+// ---------------------------------------------------------------------------
+// Shared verification helpers
+// ---------------------------------------------------------------------------
+
 async function verifyWithKey(
   jwk: JsonWebKey,
   signedContent: string,

package/packages/plugin/dist/src/channel.d.ts

@@ -22,6 +22,12 @@ export declare const botschatPlugin: {
     readonly agentPrompt: {
         readonly messageToolHints: () => string[];
     };
+    readonly messaging: {
+        readonly targetResolver: {
+            readonly hint: "Use the session key (e.g. agent:botschat:botschat:u_xxx:ses:ses_xxx)";
+            readonly looksLikeId: (raw: string, _normalized: string) => boolean;
+        };
+    };
     readonly reload: {
         readonly configPrefixes: readonly ["channels.botschat"];
     };

package/packages/plugin/dist/src/channel.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../../src/channel.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAuC,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAqDrD,eAAO,MAAM,cAAc;;;;;;;;;;;;;4BAeqB,MAAM,EAAE;;;;;;;;;;;;;uCAc9B,OAAO;uCACP,OAAO,cAAc,MAAM,GAAG,IAAI;yCAEhC,OAAO;kEACkB;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE;qDAElE;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE;yCAE/C,uBAAuB;sCAC1B,uBAAuB;4CACjB,uBAAuB;;;;;;;;;;iCAY5B;YACpB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;YAClC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;kCAqCsB;YACrB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;;;qCA2CyB;YACxB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,uBAAuB,CAAC;YACjC,OAAO,EAAE,OAAO,CAAC;YACjB,WAAW,EAAE,WAAW,CAAC;YACzB,GAAG,CAAC,EAAE;gBAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,KAAK,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAA;aAAE,CAAC;YAC3F,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;oCAoDwB;YACvB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;;;;gEAiB8C;YAC7C,OAAO,EAAE;gBAAE,EAAE,CAAC,EAAE,MAAM,CAAC;gBAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;gBAAC,SAAS,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC;YAChF,aAAa,CAAC,EAAE;gBAAE,KAAK,EAAE,OAAO,CAAA;aAAE,CAAC;SACpC;;;;;uBAD0B,OAAO;;;;;;8CAWL,MAAM;;;yCAIX;YAAE,OAAO,EAAE,uBAAuB,CAAA;SAAE;;uBAEzC,MAAM,EAAE;;;;;;;sDAQU;YACnC,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC1E;;;;;;;;;;;;4CAiB0B;YACzB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC3D;;;;;;;;;;;8DAiB4C;YAC3C,OAAO,EAAE,uBAAuB,CAAC;YACjC,GAAG,EAAE,OAAO,CAAC;YACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnC;;;;;;;;;;;;;;iDAc+B,KAAK,CAAC;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAAC,SAAS,CAAC,EAAE,OAAO,CAAC;YAAC,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;qBAE/F,MAAM;uBAAa,MAAM;kBAAQ,MAAM;qBAAW,MAAM;;;CAerF,CAAC"}
+{"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../../src/channel.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAuC,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAqDrD,eAAO,MAAM,cAAc;;;;;;;;;;;;;4BAeqB,MAAM,EAAE;;;;;;;;;;;;wCAc/B,MAAM,eAAe,MAAM;;;;;;;uCAY1B,OAAO;uCACP,OAAO,cAAc,MAAM,GAAG,IAAI;yCAEhC,OAAO;kEACkB;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE;qDAElE;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE;yCAE/C,uBAAuB;sCAC1B,uBAAuB;4CACjB,uBAAuB;;;;;;;;;;iCAY5B;YACpB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;YAClC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;kCAqCsB;YACrB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;;;qCA2CyB;YACxB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,uBAAuB,CAAC;YACjC,OAAO,EAAE,OAAO,CAAC;YACjB,WAAW,EAAE,WAAW,CAAC;YACzB,GAAG,CAAC,EAAE;gBAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,KAAK,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAA;aAAE,CAAC;YAC3F,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;oCAoDwB;YACvB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;;;;gEAiB8C;YAC7C,OAAO,EAAE;gBAAE,EAAE,CAAC,EAAE,MAAM,CAAC;gBAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;gBAAC,SAAS,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC;YAChF,aAAa,CAAC,EAAE;gBAAE,KAAK,EAAE,OAAO,CAAA;aAAE,CAAC;SACpC;;;;;uBAD0B,OAAO;;;;;;8CAWL,MAAM;;;yCAIX;YAAE,OAAO,EAAE,uBAAuB,CAAA;SAAE;;uBAEzC,MAAM,EAAE;;;;;;;sDAQU;YACnC,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC1E;;;;;;;;;;;;4CAiB0B;YACzB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC3D;;;;;;;;;;;8DAiB4C;YAC3C,OAAO,EAAE,uBAAuB,CAAC;YACjC,GAAG,EAAE,OAAO,CAAC;YACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnC;;;;;;;;;;;;;;iDAc+B,KAAK,CAAC;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAAC,SAAS,CAAC,EAAE,OAAO,CAAC;YAAC,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;qBAE/F,MAAM;uBAAa,MAAM;kBAAQ,MAAM;qBAAW,MAAM;;;CAerF,CAAC"}

package/packages/plugin/dist/src/channel.js

@@ -2,7 +2,7 @@ import { deleteBotsChatAccount, listBotsChatAccountIds, resolveBotsChatAccount,
 import { getBotsChatRuntime } from "./runtime.js";
 import { BotsChatCloudClient } from "./ws-client.js";
 import crypto from "crypto";
-import { encryptText, decryptText, toBase64, fromBase64 } from "./e2e-crypto.js";
+import { encryptText, decryptText, decryptBytes, toBase64, fromBase64 } from "./e2e-crypto.js";
 // ---------------------------------------------------------------------------
 // A2UI message-tool hints — injected via agentPrompt.messageToolHints so
 // the agent knows it can output interactive UI components.  These strings
@@ -70,6 +70,19 @@ export const botschatPlugin = {
     agentPrompt: {
         messageToolHints: () => A2UI_MESSAGE_TOOL_HINTS,
     },
+    messaging: {
+        targetResolver: {
+            hint: "Use the session key (e.g. agent:botschat:botschat:u_xxx:ses:ses_xxx)",
+            looksLikeId: (raw, _normalized) => {
+                const t = raw.trim();
+                if (t.startsWith("agent:") || t.startsWith("botschat:"))
+                    return true;
+                if (/^(ses_|u_)/.test(t))
+                    return true;
+                return false;
+            },
+        },
+    },
     reload: { configPrefixes: ["channels.botschat"] },
     config: {
         listAccountIds: (cfg) => listBotsChatAccountIds(cfg),
@@ -338,6 +351,7 @@ async function handleCloudMessage(msg, ctx) {
                 }
             }
             ctx.log?.info(`[${ctx.accountId}] Message from ${msg.userId}: ${text.slice(0, 80)}${msg.mediaUrl ? " [+image]" : ""}`);
+            console.error(`[botschat-msg] from=${msg.userId} text=${text.slice(0, 40)} mediaUrl=${msg.mediaUrl ?? "none"}`);
             try {
                 const runtime = getBotsChatRuntime();
                 // Load current config
@@ -369,6 +383,58 @@ async function handleCloudMessage(msg, ctx) {
                     parentContext = `[Thread context — this conversation is a thread reply to the following ${parentSender === "user" ? "user" : "assistant"} message]\n${parentText}`;
                     ctx.log?.info(`[${ctx.accountId}] Thread parent context injected (${parentText.length} chars)`);
                 }
+                // Download inbound media (if any) to a local path so OpenClaw's
+                // vision pipeline can attach it to the model (requires MediaPath).
+                console.error(`[botschat-media] mediaUrl=${msg.mediaUrl ?? "none"}`);
+                if (msg.mediaUrl) {
+                    let resolvedUrl = msg.mediaUrl;
+                    if (resolvedUrl.startsWith("/")) {
+                        const baseUrl = cloudUrls.get(ctx.accountId);
+                        if (baseUrl) {
+                            resolvedUrl = baseUrl.replace(/\/$/, "") + resolvedUrl;
+                        }
+                    }
+                    try {
+                        const os = await import("os");
+                        const fsM = await import("fs");
+                        const pathM = await import("path");
+                        const mediaDir = pathM.join(os.homedir(), ".openclaw", "media", "inbound");
+                        await fsM.promises.mkdir(mediaDir, { recursive: true });
+                        ctx.log?.info(`[${ctx.accountId}] Downloading media from ${resolvedUrl}`);
+                        const resp = await fetch(resolvedUrl);
+                        if (resp.ok) {
+                            let buffer = Buffer.from(await resp.arrayBuffer());
+                            const contentType = resp.headers.get("content-type") || "image/png";
+                            // E2E: decrypt media if the message was encrypted
+                            if (msg.encrypted && client?.e2eKey && msg.messageId) {
+                                try {
+                                    const mediaCtx = `${msg.messageId}:media`;
+                                    const decrypted = await decryptBytes(client.e2eKey, new Uint8Array(buffer), mediaCtx);
+                                    buffer = Buffer.from(decrypted);
+                                    ctx.log?.info(`[${ctx.accountId}] E2E decrypted media (${buffer.length} bytes, ctx=${mediaCtx.slice(0, 12)}…)`);
+                                }
+                                catch (e2eErr) {
+                                    ctx.log?.warn?.(`[${ctx.accountId}] E2E media decryption failed (using raw): ${e2eErr}`);
+                                }
+                            }
+                            const extMap = { "image/png": ".png", "image/jpeg": ".jpg", "image/gif": ".gif", "image/webp": ".webp" };
+                            const ext = extMap[contentType] || ".png";
+                            const fileName = `botschat-${Date.now()}-${Math.random().toString(36).slice(2, 8)}${ext}`;
+                            const filePath = pathM.join(mediaDir, fileName);
+                            await fsM.promises.writeFile(filePath, buffer);
+                            ctx.log?.info(`[${ctx.accountId}] Downloaded media to ${filePath} (${buffer.length} bytes, ${contentType})`);
+                            msg.__resolvedMedia = { MediaUrl: resolvedUrl, MediaPath: filePath, MediaType: contentType, NumMedia: "1" };
+                        }
+                        else {
+                            ctx.log?.error(`[${ctx.accountId}] Failed to download media: HTTP ${resp.status}`);
+                            msg.__resolvedMedia = { MediaUrl: resolvedUrl, NumMedia: "1" };
+                        }
+                    }
+                    catch (err) {
+                        ctx.log?.error(`[${ctx.accountId}] Failed to download media: ${err}`);
+                        msg.__resolvedMedia = { MediaUrl: msg.mediaUrl, NumMedia: "1" };
+                    }
+                }
                 // Build the MsgContext that OpenClaw's dispatch pipeline expects.
                 // BotsChat users are authenticated (logged in via the web UI), so
                 // mark commands as authorized — this lets directives like /model
@@ -395,24 +461,14 @@ async function handleCloudMessage(msg, ctx) {
                     // Inject parent message as GroupSystemPrompt for thread context.
                     ...(parentContext ? { GroupSystemPrompt: parentContext } : {}),
                     ...(threadId ? { MessageThreadId: threadId, ReplyToId: threadId } : {}),
-                    // Include image URL if the user sent an image.
-                    // Resolve relative URLs (e.g. /api/media/...) to absolute using cloudUrl
-                    // so OpenClaw can fetch the image from the BotsChat cloud.
-                    ...(msg.mediaUrl ? (() => {
-                        let resolvedUrl = msg.mediaUrl;
-                        if (resolvedUrl.startsWith("/")) {
-                            const baseUrl = cloudUrls.get(ctx.accountId);
-                            if (baseUrl) {
-                                resolvedUrl = baseUrl.replace(/\/$/, "") + resolvedUrl;
-                            }
-                        }
-                        return { MediaUrl: resolvedUrl, NumMedia: "1" };
-                    })() : {}),
+                    // Include image: download to local path so OpenClaw vision pipeline
+                    // can attach it to the model request (requires MediaPath).
+                    ...(msg.__resolvedMedia || {}),
                 };
                 // Finalize the context (normalizes fields, resolves agent route)
                 const finalizedCtx = runtime.channel.reply.finalizeInboundContext(msgCtx);
                 // Create a reply dispatcher that sends responses back through the cloud WSS
-                const client = getCloudClient(ctx.accountId);
+                // NOTE: reuses `client` from line ~424 (same block scope, same value)
                 console.log(`[botschat] client for accountId=${ctx.accountId}: connected=${client?.connected}`);
                 const deliver = async (payload) => {
                     console.log(`[botschat][deliver] called, connected=${client?.connected}, hasKey=${!!client?.e2eKey}, textLen=${(payload.text || "").length}`);