botschat 0.1.15 → 0.1.17

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "botschat",
-  "version": "0.1.15",
+  "version": "0.1.17",
   "description": "A self-hosted chat interface for OpenClaw AI agents",
   "workspaces": [
     "packages/*"
@@ -24,6 +24,9 @@
     "android:open": "npx cap open android",
     "android:run": "npx cap run android",
     "android:sync": "npx cap sync android",
+    "mac:build": "npm run build -w packages/web && cd macos && xcodegen generate",
+    "mac:open": "cd macos && xcodegen generate && open BotsChatMac.xcodeproj",
+    "mac:run": "npm run mac:build && xcodebuild -project macos/BotsChatMac.xcodeproj -scheme BotsChatMac -configuration Debug build && open macos/build/Debug/BotsChat.app",
     "test:e2e": "npx tsx scripts/verify-e2e.ts && npx tsx packages/e2e-crypto/e2e-crypto.test.ts",
     "test:e2e-db": "npx tsx scripts/verify-e2e-db.ts"
   },

package/packages/api/src/do/connection-do.ts

@@ -5,6 +5,20 @@ import { sendApnsNotification, type ApnsConfig } from "../utils/apns.js";
 import { generateId as generateIdUtil } from "../utils/id.js";
 import { randomUUID } from "../utils/uuid.js";
 
+/** Presence info stored in browser WebSocket attachments (survives DO hibernation). */
+interface BrowserAttachment {
+  authenticated: boolean;
+  tag: string;
+  foreground: boolean;
+  sessionKey: string | null;
+  /** Timestamp (ms) when the session last went to background. */
+  backgroundAt: number | null;
+}
+
+/** Grace period constants for push notification suppression. */
+const BG_GRACE_MS = 15_000;   // 15 s after going background
+const DC_GRACE_MS = 30_000;   // 30 s after WebSocket disconnect
+
 /**
  * ConnectionDO — one Durable Object instance per BotsChat user.
  *
@@ -29,8 +43,12 @@ export class ConnectionDO implements DurableObject {
   /** Pending resolve for a real-time task.scan.request → task.scan.result round-trip. */
   private pendingScanResolve: ((tasks: Array<Record<string, unknown>>) => void) | null = null;
 
-  /** Browser sessions that report themselves in foreground (push notifications are suppressed). */
-  private foregroundSessions = new Set<string>();
+  /**
+   * Recently disconnected browser sessions — provides a grace period so that
+   * brief network blips don't immediately trigger push notifications.
+   * In-memory only; if the DO hibernates, the grace period has expired anyway.
+   */
+  private recentDisconnects = new Map<string, number>();
 
   /** Timestamp of last accepted OpenClaw WebSocket (in-memory, no storage write). */
   private lastOpenClawAcceptedAt = 0;
@@ -150,9 +168,13 @@ export class ConnectionDO implements DurableObject {
         JSON.stringify({ type: "openclaw.disconnected" }),
       );
     }
-    // Clean up foreground tracking for browser sessions
+    // Disconnect grace: remember recently-disconnected browser sessions so
+    // push notifications are still suppressed during brief network blips.
     if (tag?.startsWith("browser:")) {
-      this.foregroundSessions.delete(tag);
+      const att = ws.deserializeAttachment() as BrowserAttachment | null;
+      if (att?.foreground) {
+        this.recentDisconnects.set(tag, Date.now());
+      }
     }
   }
 
@@ -217,7 +239,17 @@ export class ConnectionDO implements DurableObject {
 
     const tag = `browser:${sessionId}`;
     this.state.acceptWebSocket(server, [tag]);
-    server.serializeAttachment({ authenticated: false, tag });
+    const att: BrowserAttachment = {
+      authenticated: false,
+      tag,
+      foreground: false,
+      sessionKey: null,
+      backgroundAt: null,
+    };
+    server.serializeAttachment(att);
+
+    // Clear disconnect grace entry — this session is back.
+    this.recentDisconnects.delete(tag);
 
     return new Response(null, { status: 101, webSocket: client });
   }
@@ -296,16 +328,19 @@ export class ConnectionDO implements DurableObject {
 
       // For agent.media, cache external images to R2 so they remain accessible
       // even after the original URL expires (e.g. DALL-E temporary URLs).
+      // Skip caching if the plugin already uploaded E2E-encrypted media.
       let persistedMediaUrl = msg.mediaUrl as string | undefined;
-      if (msg.type === "agent.media" && persistedMediaUrl) {
+      if (msg.type === "agent.media" && persistedMediaUrl && !msg.mediaEncrypted) {
         const cachedUrl = await this.cacheExternalMedia(persistedMediaUrl);
         if (cachedUrl) {
           persistedMediaUrl = cachedUrl;
-          // Update the message object so browsers get the cached URL
           msg.mediaUrl = cachedUrl;
         }
       }
 
+      // Bitmask: bit 0 = text encrypted, bit 1 = media encrypted
+      const encryptedBits = (msg.encrypted ? 1 : 0) | (msg.mediaEncrypted ? 2 : 0);
+
       await this.persistMessage({
         id: msg.messageId as string | undefined,
         sender: "agent",
@@ -314,7 +349,7 @@ export class ConnectionDO implements DurableObject {
         text: (msg.text ?? msg.caption ?? "") as string,
         mediaUrl: persistedMediaUrl,
         a2ui: msg.jsonl as string | undefined,
-        encrypted: msg.encrypted ? 1 : 0,
+        encrypted: encryptedBits,
       });
     }
 
@@ -377,10 +412,10 @@ export class ConnectionDO implements DurableObject {
     const { notifyPreview: _stripped, ...msgForBrowser } = msg;
     this.broadcastToBrowsers(JSON.stringify(msgForBrowser));
 
-    // Send push notification if no browser session is in foreground
+    // Send push notification unless a device is (or was recently) in the foreground
     if (
       (msg.type === "agent.text" || msg.type === "agent.media" || msg.type === "agent.a2ui") &&
-      this.foregroundSessions.size === 0 &&
+      !this.shouldSuppressPush() &&
       (this.env.FCM_SERVICE_ACCOUNT_JSON || this.env.APNS_AUTH_KEY)
     ) {
       this.sendPushNotifications(msg).catch((err) => {
@@ -393,7 +428,7 @@ export class ConnectionDO implements DurableObject {
     ws: WebSocket,
     msg: Record<string, unknown>,
   ): Promise<void> {
-    const attachment = ws.deserializeAttachment() as { authenticated: boolean; tag: string } | null;
+    const attachment = ws.deserializeAttachment() as BrowserAttachment | null;
 
     // Handle browser auth — verify JWT token
     if (msg.type === "auth") {
@@ -444,15 +479,29 @@ export class ConnectionDO implements DurableObject {
       return;
     }
 
-    // Handle foreground/background state tracking for push notifications
+    // ---- Presence / focus tracking (stored in WS attachment, hibernation-safe) ----
     if (msg.type === "foreground.enter") {
-      const tag = attachment.tag;
-      if (tag) this.foregroundSessions.add(tag);
+      ws.serializeAttachment({
+        ...attachment,
+        foreground: true,
+        sessionKey: (msg.sessionKey as string) ?? attachment.sessionKey ?? null,
+        backgroundAt: null,
+      } satisfies BrowserAttachment);
       return;
     }
     if (msg.type === "foreground.leave") {
-      const tag = attachment.tag;
-      if (tag) this.foregroundSessions.delete(tag);
+      ws.serializeAttachment({
+        ...attachment,
+        foreground: false,
+        backgroundAt: Date.now(),
+      } satisfies BrowserAttachment);
+      return;
+    }
+    if (msg.type === "focus.update") {
+      ws.serializeAttachment({
+        ...attachment,
+        sessionKey: (msg.sessionKey as string) ?? null,
+      } satisfies BrowserAttachment);
       return;
     }
 
@@ -668,6 +717,39 @@ export class ConnectionDO implements DurableObject {
     }
   }
 
+  // ---- Presence helpers ----
+
+  /**
+   * Determine whether push notifications should be suppressed because a device
+   * is (or was very recently) in the foreground.
+   *
+   * Checks three layers:
+   * 1. Any connected browser socket with `foreground === true`
+   * 2. Background grace: socket went background < BG_GRACE_MS ago
+   * 3. Disconnect grace: socket disconnected < DC_GRACE_MS ago
+   */
+  private shouldSuppressPush(): boolean {
+    const now = Date.now();
+
+    // 1 + 2: scan connected browser sockets
+    const sockets = this.state.getWebSockets();
+    for (const s of sockets) {
+      const att = s.deserializeAttachment() as BrowserAttachment | null;
+      if (!att || !att.tag?.startsWith("browser:") || !att.authenticated) continue;
+      if (att.foreground) return true;
+      if (att.backgroundAt && now - att.backgroundAt < BG_GRACE_MS) return true;
+    }
+
+    // 3: recently disconnected sessions
+    for (const [tag, disconnectedAt] of this.recentDisconnects) {
+      if (now - disconnectedAt < DC_GRACE_MS) return true;
+      // Expired — prune
+      this.recentDisconnects.delete(tag);
+    }
+
+    return false;
+  }
+
   // ---- Push notifications ----
 
   /**
@@ -1035,15 +1117,21 @@ export class ConnectionDO implements DurableObject {
           if (mediaUrl) {
             mediaUrl = await this.refreshMediaUrl(mediaUrl, secret);
           }
+          const encBits = (row.encrypted as number) ?? 0;
+          // Derive mediaEncrypted:
+          // - User messages with encrypted=1: media was always encrypted by browser
+          // - Any message with bit 1 set (encrypted >= 2): media was E2E encrypted
+          const mediaEncrypted = (row.sender === "user" && encBits >= 1) || (encBits & 2) !== 0;
           return {
             id: row.id,
             sender: row.sender,
             text: row.text ?? "",
-            timestamp: ((row.created_at as number) ?? 0) * 1000, // unix seconds → ms
+            timestamp: ((row.created_at as number) ?? 0) * 1000,
             mediaUrl,
             a2ui: row.a2ui ?? undefined,
             threadId: row.thread_id ?? undefined,
-            encrypted: row.encrypted ?? 0,
+            encrypted: encBits,
+            mediaEncrypted,
           };
         }),
       );

package/packages/api/src/index.ts

@@ -1,7 +1,8 @@
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import type { Env } from "./env.js";
-import { authMiddleware, verifyToken, getJwtSecret, verifyMediaSignature } from "./utils/auth.js";
+import { authMiddleware, verifyToken, getJwtSecret, verifyMediaSignature, signMediaUrl } from "./utils/auth.js";
+import { randomUUID } from "./utils/uuid.js";
 import { auth } from "./routes/auth.js";
 import { agents } from "./routes/agents.js";
 import { channels } from "./routes/channels.js";
@@ -423,13 +424,21 @@ app.all("/api/gateway/:connId", async (c) => {
 
   // Cache the rate limit after the DO responds (success or rate-limited).
   // 101 = WebSocket accepted; 429 = DO's own rate limit.
-  // Either way, prevent further DO wake-ups for GATEWAY_COOLDOWN_S.
+  // Either way, prevent further DO wake-ups.
+  // When the DO returns 429, honour its Retry-After so the Worker cache
+  // aligns with the DO's actual cooldown (avoids the client retrying after
+  // the Worker cache expires but before the DO cooldown ends).
   if (doResp.status === 101 || doResp.status === 429) {
+    let cacheTtl = GATEWAY_COOLDOWN_S;
+    if (doResp.status === 429) {
+      const doRetry = parseInt(doResp.headers.get("Retry-After") ?? "", 10);
+      if (doRetry > 0) cacheTtl = doRetry;
+    }
     c.executionCtx.waitUntil(
       cache.put(
         rateCacheReq,
         new Response(null, {
-          headers: { "Cache-Control": `public, max-age=${GATEWAY_COOLDOWN_S}` },
+          headers: { "Cache-Control": `public, max-age=${cacheTtl}` },
         }),
       ),
     );
@@ -477,6 +486,53 @@ app.get("/api/messages/:userId", async (c) => {
   return stub.fetch(new Request(url.toString()));
 });
 
+// ---- Plugin upload (pairing token auth) ----
+app.post("/api/plugin-upload", async (c) => {
+  const token = c.req.header("X-Pairing-Token");
+  if (!token) {
+    return c.json({ error: "Missing X-Pairing-Token header" }, 401);
+  }
+  const row = await c.env.DB.prepare(
+    "SELECT user_id FROM pairing_tokens WHERE token = ? AND revoked_at IS NULL",
+  )
+    .bind(token)
+    .first<{ user_id: string }>();
+  if (!row) {
+    return c.json({ error: "Invalid pairing token" }, 401);
+  }
+
+  const userId = row.user_id;
+  const contentType = c.req.header("Content-Type") ?? "";
+  if (!contentType.includes("multipart/form-data")) {
+    return c.json({ error: "Expected multipart/form-data" }, 400);
+  }
+
+  const formData = await c.req.formData();
+  const file = formData.get("file") as File | null;
+  if (!file) {
+    return c.json({ error: "No file provided" }, 400);
+  }
+
+  const MAX_SIZE = 20 * 1024 * 1024;
+  if (file.size > MAX_SIZE) {
+    return c.json({ error: "File too large (max 20 MB)" }, 413);
+  }
+
+  const fileType = file.type || "application/octet-stream";
+  const ext = file.name.split(".").pop()?.toLowerCase() ?? "bin";
+  const safeExt = /^[a-z0-9]{1,5}$/.test(ext) ? ext : "bin";
+  const filename = `${Date.now()}-${randomUUID().slice(0, 8)}.${safeExt}`;
+  const key = `media/${userId}/${filename}`;
+
+  await c.env.MEDIA.put(key, file.stream(), {
+    httpMetadata: { contentType: fileType },
+  });
+
+  const secret = getJwtSecret(c.env);
+  const url = await signMediaUrl(userId, filename, secret, 3600);
+  return c.json({ url, key });
+});
+
 // ---- Protected routes (require Bearer token) — AFTER ws routes ----
 app.route("/api", protectedApp);
 

package/packages/plugin/dist/src/channel.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../../src/channel.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAuC,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAqDrD,eAAO,MAAM,cAAc;;;;;;;;;;;;;4BAeqB,MAAM,EAAE;;;;;;;;;;;;wCAc/B,MAAM,eAAe,MAAM;;;;;;;uCAY1B,OAAO;uCACP,OAAO,cAAc,MAAM,GAAG,IAAI;yCAEhC,OAAO;kEACkB;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE;qDAElE;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE;yCAE/C,uBAAuB;sCAC1B,uBAAuB;4CACjB,uBAAuB;;;;;;;;;;iCAY5B;YACpB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;YAClC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;kCAyCsB;YACrB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;;;qCAgDyB;YACxB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,uBAAuB,CAAC;YACjC,OAAO,EAAE,OAAO,CAAC;YACjB,WAAW,EAAE,WAAW,CAAC;YACzB,GAAG,CAAC,EAAE;gBAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,KAAK,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAA;aAAE,CAAC;YAC3F,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;oCAoDwB;YACvB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;;;;gEAiB8C;YAC7C,OAAO,EAAE;gBAAE,EAAE,CAAC,EAAE,MAAM,CAAC;gBAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;gBAAC,SAAS,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC;YAChF,aAAa,CAAC,EAAE;gBAAE,KAAK,EAAE,OAAO,CAAA;aAAE,CAAC;SACpC;;;;;uBAD0B,OAAO;;;;;;8CAWL,MAAM;;;yCAIX;YAAE,OAAO,EAAE,uBAAuB,CAAA;SAAE;;uBAEzC,MAAM,EAAE;;;;;;;sDAQU;YACnC,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC1E;;;;;;;;;;;;4CAiB0B;YACzB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC3D;;;;;;;;;;;8DAiB4C;YAC3C,OAAO,EAAE,uBAAuB,CAAC;YACjC,GAAG,EAAE,OAAO,CAAC;YACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnC;;;;;;;;;;;;;;iDAc+B,KAAK,CAAC;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAAC,SAAS,CAAC,EAAE,OAAO,CAAC;YAAC,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;qBAE/F,MAAM;uBAAa,MAAM;kBAAQ,MAAM;qBAAW,MAAM;;;CAerF,CAAC"}
+{"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../../src/channel.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAuC,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAC/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAuDrD,eAAO,MAAM,cAAc;;;;;;;;;;;;;4BAeqB,MAAM,EAAE;;;;;;;;;;;;wCAc/B,MAAM,eAAe,MAAM;;;;;;;uCAY1B,OAAO;uCACP,OAAO,cAAc,MAAM,GAAG,IAAI;yCAEhC,OAAO;kEACkB;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE;qDAElE;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE;yCAE/C,uBAAuB;sCAC1B,uBAAuB;4CACjB,uBAAuB;;;;;;;;;;iCAY5B;YACpB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;YAClC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;kCAyCsB;YACrB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;SAC3B;;;;;;;;;qCA+FyB;YACxB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,OAAO,EAAE,uBAAuB,CAAC;YACjC,OAAO,EAAE,OAAO,CAAC;YACjB,WAAW,EAAE,WAAW,CAAC;YACzB,GAAG,CAAC,EAAE;gBAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;gBAAC,KAAK,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAA;aAAE,CAAC;YAC3F,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;oCAmEwB;YACvB,SAAS,EAAE,MAAM,CAAC;YAClB,SAAS,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;SACjD;;;;gEAiB8C;YAC7C,OAAO,EAAE;gBAAE,EAAE,CAAC,EAAE,MAAM,CAAC;gBAAC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;gBAAC,SAAS,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC;YAChF,aAAa,CAAC,EAAE;gBAAE,KAAK,EAAE,OAAO,CAAA;aAAE,CAAC;SACpC;;;;;uBAD0B,OAAO;;;;;;8CAWL,MAAM;;;yCAIX;YAAE,OAAO,EAAE,uBAAuB,CAAA;SAAE;;uBAEzC,MAAM,EAAE;;;;;;;sDAQU;YACnC,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC1E;;;;;;;;;;;;4CAiB0B;YACzB,GAAG,EAAE,OAAO,CAAC;YACb,SAAS,EAAE,MAAM,CAAC;YAClB,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAC;gBAAC,MAAM,CAAC,EAAE,OAAO,CAAA;aAAE,CAAC;SAC3D;;;;;;;;;;;8DAiB4C;YAC3C,OAAO,EAAE,uBAAuB,CAAC;YACjC,GAAG,EAAE,OAAO,CAAC;YACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACnC;;;;;;;;;;;;;;iDAc+B,KAAK,CAAC;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YAAC,SAAS,CAAC,EAAE,OAAO,CAAC;YAAC,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;qBAE/F,MAAM;uBAAa,MAAM;kBAAQ,MAAM;qBAAW,MAAM;;;CAerF,CAAC"}

package/packages/plugin/dist/src/channel.js

@@ -2,7 +2,7 @@ import { deleteBotsChatAccount, listBotsChatAccountIds, resolveBotsChatAccount,
 import { getBotsChatRuntime } from "./runtime.js";
 import { BotsChatCloudClient } from "./ws-client.js";
 import crypto from "crypto";
-import { encryptText, decryptText, decryptBytes, toBase64, fromBase64 } from "./e2e-crypto.js";
+import { encryptText, encryptBytes, decryptText, decryptBytes, toBase64, fromBase64 } from "./e2e-crypto.js";
 // ---------------------------------------------------------------------------
 // A2UI message-tool hints — injected via agentPrompt.messageToolHints so
 // the agent knows it can output interactive UI components.  These strings
@@ -42,6 +42,8 @@ function readAgentModel(_agentId) {
 const cloudClients = new Map();
 /** Maps accountId → cloudUrl so handleCloudMessage can resolve relative URLs */
 const cloudUrls = new Map();
+/** Maps accountId → pairingToken for plugin HTTP uploads */
+const pairingTokens = new Map();
 function getCloudClient(accountId) {
     return cloudClients.get(accountId);
 }
@@ -141,16 +143,17 @@ export const botschatPlugin = {
             return { ok: true };
         },
         sendMedia: async (ctx) => {
-            const client = getCloudClient(ctx.accountId ?? "default");
+            const accountId = ctx.accountId ?? "default";
+            const client = getCloudClient(accountId);
             if (!client?.connected) {
                 return { ok: false, error: new Error("Not connected to BotsChat cloud") };
             }
             const messageId = crypto.randomUUID();
             let text = ctx.text;
             let encrypted = false;
-            if (client.e2eKey && text) { // Only encrypt checksum if present
+            let mediaEncrypted = false;
+            if (client.e2eKey && text) {
                 try {
-                    // Encrypt caption using messageId as contextId
                     const ciphertext = await encryptText(client.e2eKey, text, messageId);
                     text = toBase64(ciphertext);
                     encrypted = true;
@@ -159,17 +162,60 @@ export const botschatPlugin = {
                     return { ok: false, error: new Error(`Encryption failed: ${err}`) };
                 }
             }
+            let finalMediaUrl = ctx.mediaUrl;
+            if (client.e2eKey && ctx.mediaUrl && !ctx.mediaUrl.startsWith("/api/media/")) {
+                try {
+                    const baseUrl = cloudUrls.get(accountId);
+                    const token = pairingTokens.get(accountId);
+                    if (baseUrl && token) {
+                        const resp = await fetch(ctx.mediaUrl, { signal: AbortSignal.timeout(15_000) });
+                        if (resp.ok) {
+                            const rawBytes = new Uint8Array(await resp.arrayBuffer());
+                            const encBytes = await encryptBytes(client.e2eKey, rawBytes, `${messageId}:media`);
+                            const contentType = resp.headers.get("Content-Type") ?? "application/octet-stream";
+                            const extMap = { "image/png": "png", "image/jpeg": "jpg", "image/gif": "gif", "image/webp": "webp" };
+                            const ext = extMap[contentType] ?? (contentType.startsWith("image/") ? "png" : "bin");
+                            const formData = new FormData();
+                            const blob = new Blob([encBytes], { type: contentType });
+                            formData.append("file", blob, `encrypted.${ext}`);
+                            const uploadUrl = `${baseUrl.replace(/\/$/, "")}/api/plugin-upload`;
+                            const uploadResp = await fetch(uploadUrl, {
+                                method: "POST",
+                                headers: { "X-Pairing-Token": token },
+                                body: formData,
+                                signal: AbortSignal.timeout(30_000),
+                            });
+                            if (uploadResp.ok) {
+                                const result = await uploadResp.json();
+                                finalMediaUrl = result.url;
+                                mediaEncrypted = true;
+                                console.log(`[botschat][sendMedia] E2E encrypted media uploaded (${rawBytes.length} → ${encBytes.length} bytes)`);
+                            }
+                            else {
+                                console.error(`[botschat][sendMedia] Plugin upload failed: HTTP ${uploadResp.status}`);
+                            }
+                        }
+                        else {
+                            console.error(`[botschat][sendMedia] Failed to download media: HTTP ${resp.status}`);
+                        }
+                    }
+                }
+                catch (err) {
+                    console.error(`[botschat][sendMedia] E2E media encryption failed, sending unencrypted:`, err);
+                }
+            }
             const notifyPreview = (encrypted && client.notifyPreview && ctx.text)
                 ? (ctx.text.length > 100 ? ctx.text.slice(0, 100) + "…" : ctx.text)
                 : undefined;
-            if (ctx.mediaUrl) {
+            if (finalMediaUrl) {
                 client.send({
                     type: "agent.media",
                     sessionKey: ctx.to,
-                    mediaUrl: ctx.mediaUrl,
+                    mediaUrl: finalMediaUrl,
                     caption: text || undefined,
                     messageId,
                     encrypted,
+                    mediaEncrypted,
                     ...(notifyPreview ? { notifyPreview } : {}),
                 });
             }
@@ -193,6 +239,18 @@ export const botschatPlugin = {
                 log?.warn(`[${accountId}] BotsChat not configured — skipping`);
                 return;
             }
+            const existingClient = cloudClients.get(accountId);
+            if (existingClient?.connected) {
+                log?.info(`[${accountId}] Already connected — skipping restart`);
+                return existingClient;
+            }
+            if (existingClient) {
+                log?.info(`[${accountId}] Disconnecting stale client before reconnect`);
+                existingClient.disconnect();
+                cloudClients.delete(accountId);
+                cloudUrls.delete(accountId);
+                pairingTokens.delete(accountId);
+            }
             ctx.setStatus({
                 ...ctx.getStatus(),
                 accountId,
@@ -223,11 +281,13 @@ export const botschatPlugin = {
             });
             cloudClients.set(accountId, client);
             cloudUrls.set(accountId, account.cloudUrl);
+            pairingTokens.set(accountId, account.pairingToken);
             client.connect();
             ctx.abortSignal.addEventListener("abort", () => {
                 client.disconnect();
                 cloudClients.delete(accountId);
                 cloudUrls.delete(accountId);
+                pairingTokens.delete(accountId);
             });
             return client;
         },
@@ -800,6 +860,9 @@ async function openclawCronAdd(msg, log) {
     if (/^at\s+/i.test(s)) {
         args.push("--at", s.replace(/^at\s+/i, ""));
     }
+    else if (/^cron\s+/i.test(s)) {
+        args.push("--cron", s.replace(/^cron\s+/i, ""));
+    }
     else if (s) {
         args.push("--every", s.replace(/^every\s+/i, ""));
     }
@@ -869,6 +932,9 @@ async function handleTaskSchedule(msg, ctx) {
                 if (/^at\s+/i.test(s)) {
                     args.push("--at", s.replace(/^at\s+/i, ""));
                 }
+                else if (/^cron\s+/i.test(s)) {
+                    args.push("--cron", s.replace(/^cron\s+/i, ""));
+                }
                 else {
                     args.push("--every", s.replace(/^every\s+/i, ""));
                 }
@@ -1399,6 +1465,9 @@ async function handleTaskScanRequest(ctx) {
                         else if (job.schedule.kind === "at" && job.schedule.at) {
                             scheduleStr = `at ${job.schedule.at}`;
                         }
+                        else if (job.schedule.kind === "cron" && job.schedule.expr) {
+                            scheduleStr = `cron ${job.schedule.expr}`;
+                        }
                     }
                     let lastRun;
                     // Model: OpenClaw stores it in job.payload.model (agentTurn), not at job top level