liangzimixin 0.3.43 → 0.3.45

package/dist/index.cjs

@@ -17441,6 +17441,9 @@ function parseChannelAddress(address) {
   const prefix = `${CHANNEL_ID}:`;
   return address.startsWith(prefix) ? address.slice(prefix.length) : address;
 }
+var GUIDE_URL = "https://www.kdocs.cn/l/ca5LX4wxpSSE";
+var HINT_NO_QUANTUM_ACCOUNT = "\u60A8\u672A\u914D\u7F6E\u91CF\u5B50\u52A0\u5BC6\u53C2\u6570\uFF0C\u8BF7\u53C2\u8003[\u300A\u63A5\u5165\u6307\u5357\u300B\u5B89\u88C5\u91CF\u5B50\u5BC6\u4FE1\u63D2\u4EF6](" + GUIDE_URL + ") \u4FEE\u6539\u914D\u7F6E";
+var HINT_PLAINTEXT_NOT_SUPPORTED = "\u5F53\u524D\u6A21\u5F0F\u4E0D\u652F\u6301\u666E\u901A\u6D88\u606F\uFF0C\u8BF7\u53C2\u8003[\u300A\u63A5\u5165\u6307\u5357\u300B\u5B89\u88C5\u91CF\u5B50\u5BC6\u4FE1\u63D2\u4EF6](" + GUIDE_URL + ") \u4FEE\u6539\u914D\u7F6E";
 
 // src/config.ts
 var AccountConfigSchema = external_exports.object({
@@ -17462,7 +17465,9 @@ var AccountConfigSchema = external_exports.object({
    */
   botUserId: external_exports.string().optional(),
   /** 🟡 部署环境 — staging=联调, production=线上 */
-  env: external_exports.enum(["staging", "production"]).optional()
+  env: external_exports.enum(["staging", "production"]).optional(),
+  /** 🟡 消息加密模式 — quantum_only=仅加密, quantum_and_plain=加密+普通(默认) */
+  encryptionMode: external_exports.enum(["quantum_only", "quantum_and_plain"]).default("quantum_and_plain")
 }).transform((raw) => ({
   appId: raw.appId,
   appSecret: raw.appSecret,
@@ -17471,7 +17476,8 @@ var AccountConfigSchema = external_exports.object({
   // quantumAppId: raw.quantumAppId,
   // quantumAppSecret: raw.quantumAppSecret,
   botUserId: raw.botUserId,
-  env: raw.env
+  env: raw.env,
+  encryptionMode: raw.encryptionMode
 }));
 var ENV_PRESETS = {
   /** 联调环境 */
@@ -18180,13 +18186,15 @@ var quantumImOutbound = {
     }
     const messagePipe = messagePipeGetter();
     const chatId = parseChannelAddress(to);
+    const encryptionMode = pluginConfigGetter?.()?.credentials?.encryptionMode;
     const isEncrypted = getOutboundEncryptionStatus(chatId);
+    const skipEncrypt = encryptionMode === "quantum_only" ? false : isEncrypted !== true;
     await messagePipe.sendMessage({
       chatId,
       senderId: chatId,
       msgType: "markdown",
       content: JSON.stringify({ content: text }),
-      skipEncrypt: isEncrypted !== true
+      skipEncrypt
     });
     return { channel: CHANNEL_ID, messageId: "", chatId };
   },
@@ -18201,7 +18209,9 @@ var quantumImOutbound = {
     const sdkRuntime = sdkRuntimeGetter();
     const chatId = parseChannelAddress(to);
     const fileCfg = pluginConfigGetter().file;
+    const encryptionMode = pluginConfigGetter?.()?.credentials?.encryptionMode;
     const isEncrypted = getOutboundEncryptionStatus(chatId);
+    const skipEncrypt = encryptionMode === "quantum_only" ? false : isEncrypted !== true;
     const result = await resolveAndUploadMedia({
       mediaUrl: mediaUrl ?? void 0,
       tokenManager: tokenManagerGetter(),
@@ -18214,7 +18224,7 @@ var quantumImOutbound = {
       maxFileSizeMb: fileCfg.maxFileSizeMb,
       chunkSizeMb: fileCfg.chunkSizeMb,
       timeoutMs: fileCfg.fetchTimeoutMs,
-      skipEncrypt: isEncrypted !== true
+      skipEncrypt
     });
     if (result.warning) {
       log4.warn("sendMedia:degraded", { chatId, warning: result.warning });
@@ -18515,8 +18525,10 @@ function createQuantumImDeliverFn(deps) {
     maxFileSizeMb,
     chunkSizeMb,
     timeoutMs,
-    isEncrypted
+    isEncrypted,
+    encryptionMode
   } = deps;
+  const shouldSkipEncrypt = encryptionMode === "quantum_only" ? false : isEncrypted === false;
   const deliver = async (payload) => {
     const mediaUrls = [];
     if (payload.mediaUrls?.length) {
@@ -18534,7 +18546,7 @@ function createQuantumImDeliverFn(deps) {
         msgType: "markdown",
         content: JSON.stringify({ content: payload.text }),
         replyToMessageId,
-        skipEncrypt: isEncrypted === false
+        skipEncrypt: shouldSkipEncrypt
       });
       log11.info("\u{1F4E4} AI \u6587\u672C\u56DE\u590D\u5DF2\u53D1\u9001", {
         chatId,
@@ -18557,7 +18569,7 @@ function createQuantumImDeliverFn(deps) {
             maxFileSizeMb,
             chunkSizeMb,
             timeoutMs,
-            skipEncrypt: isEncrypted === false
+            skipEncrypt: shouldSkipEncrypt
           });
           if (result.warning) {
             log11.warn("\u{1F4E4} \u5A92\u4F53\u53D1\u9001\u964D\u7EA7", { chatId, mediaUrl, warning: result.warning });
@@ -18576,7 +18588,7 @@ function createQuantumImDeliverFn(deps) {
             msgType: "markdown",
             content: JSON.stringify({ content: `\u{1F4CE} ${mediaUrl}` }),
             replyToMessageId,
-            skipEncrypt: isEncrypted === false
+            skipEncrypt: shouldSkipEncrypt
           });
         }
       }
@@ -18626,12 +18638,13 @@ var InboundPipeline = class {
         });
         return;
       }
+      const feedbackSkipEncrypt = this.deps.pluginConfig.credentials.encryptionMode === "quantum_only" ? false : true;
       this.deps.messagePipe.sendMessage({
         chatId: msg.chatId,
         senderId: msg.senderId,
         msgType: "text",
         content: JSON.stringify({ content: "\u4EFB\u52A1\u5DF2\u6536\u5230\u{1F44C}\uFF0C\u6B63\u5728\u5904\u7406\u4E2D..." }),
-        skipEncrypt: true
+        skipEncrypt: feedbackSkipEncrypt
       }).catch((err) => {
         log12.warn("\u26A0\uFE0F \u5373\u65F6\u53CD\u9988\u53D1\u9001\u5931\u8D25", { error: err.message });
       });
@@ -18659,7 +18672,8 @@ var InboundPipeline = class {
         allowPrivateNetwork: this.deps.pluginConfig.file.allowPrivateNetwork,
         maxFileSizeMb: this.deps.pluginConfig.file.maxFileSizeMb,
         timeoutMs: this.deps.pluginConfig.file.fetchTimeoutMs,
-        isEncrypted: msg.isEncrypted
+        isEncrypted: msg.isEncrypted,
+        encryptionMode: this.deps.pluginConfig.credentials.encryptionMode
       });
       const { dispatcher, replyOptions } = core.channel.reply.createReplyDispatcherWithTyping({
         deliver
@@ -18759,6 +18773,13 @@ var QUANTUM_IM_CONFIG_JSON_SCHEMA = {
       description: "\u9009\u62E9\u5BF9\u63A5\u7684\u670D\u52A1\u5668\u73AF\u5883\u3002staging = \u8054\u8C03\u73AF\u5883\uFF0Cproduction = \u7EBF\u4E0A\u73AF\u5883",
       enum: ["staging", "production"],
       default: "production"
+    },
+    encryptionMode: {
+      type: "string",
+      title: "\u6D88\u606F\u52A0\u5BC6\u6A21\u5F0F",
+      description: "quantum_only = \u4EC5\u91CF\u5B50\u52A0\u5BC6\u6D88\u606F\uFF08\u6240\u6709\u6D88\u606F\u5FC5\u987B\u52A0\u5BC6\uFF09\uFF1Bquantum_and_plain = \u540C\u65F6\u652F\u6301\u52A0\u5BC6\u548C\u666E\u901A\u6D88\u606F",
+      enum: ["quantum_only", "quantum_and_plain"],
+      default: "quantum_and_plain"
     }
   }
 };
@@ -18853,33 +18874,39 @@ var quantumImOnboarding = {
       ].join("\n"),
       "\u91CF\u5B50\u5BC6\u4FE1 \u2014 \u51ED\u636E\u914D\u7F6E"
     );
-    const appId = await prompter.text({
-      message: "\u5E94\u7528 ID (appId)",
-      initialValue: existing.appId ?? void 0,
-      validate: required2
-    });
-    const appSecret = await prompter.text({
-      message: "\u5E94\u7528\u5BC6\u94A5 (appSecret)",
-      initialValue: existing.appSecret ?? void 0,
-      validate: required2
-    });
-    const encryptionMode = await prompter.select({
-      message: "\u6D88\u606F\u4F20\u8F93\u6A21\u5F0F",
+    const encryptionModeChoice = await prompter.select({
+      message: "\u8BF7\u9009\u62E9\u6D88\u606F\u4EA4\u4E92\u65B9\u5F0F",
       options: [
-        { value: "plain", label: "\u660E\u6587\u6A21\u5F0F\uFF08\u4E0D\u52A0\u5BC6\uFF09", hint: "\u9002\u5408\u6D4B\u8BD5\u6216\u4E0D\u9700\u8981\u52A0\u5BC6\u7684\u573A\u666F" },
-        { value: "quantum", label: "\u91CF\u5B50\u52A0\u5BC6\u6A21\u5F0F", hint: "\u9700\u8981\u91CF\u5B50\u8D26\u6237\u6807\u8BC6" }
+        { value: "quantum_only", label: "\u4EC5\u91CF\u5B50\u52A0\u5BC6\u6D88\u606F" },
+        { value: "quantum_and_plain", label: "\u91CF\u5B50\u52A0\u5BC6+\u666E\u901A\u6D88\u606F\uFF08\u82E5\u91CF\u5B50\u52A0\u5BC6\u7981\u7528\uFF0C\u5219\u7559\u7A7A\uFF09" }
       ],
-      initialValue: existing.quantumAccount?.trim() ? "quantum" : "plain"
+      initialValue: existing.encryptionMode ?? "quantum_and_plain"
     });
     let quantumAccount = "";
-    if (encryptionMode === "quantum") {
+    if (encryptionModeChoice === "quantum_only") {
       quantumAccount = await prompter.text({
         message: "\u91CF\u5B50\u8D26\u6237\u6807\u8BC6 (quantumAccount)",
         placeholder: "\u5982: 17100001111",
         initialValue: existing.quantumAccount ?? void 0,
         validate: required2
       });
+    } else {
+      quantumAccount = await prompter.text({
+        message: "\u91CF\u5B50\u8D26\u6237\u6807\u8BC6\uFF08\u53EF\u9009\uFF0C\u4E0D\u586B\u5219\u4EC5\u652F\u6301\u660E\u6587\uFF09",
+        placeholder: "\u5982: 17100001111",
+        initialValue: existing.quantumAccount ?? void 0
+      });
     }
+    const appId = await prompter.text({
+      message: "\u5E94\u7528 ID (appId)",
+      initialValue: existing.appId ?? void 0,
+      validate: required2
+    });
+    const appSecret = await prompter.text({
+      message: "\u5E94\u7528\u5BC6\u94A5 (appSecret)",
+      initialValue: existing.appSecret ?? void 0,
+      validate: required2
+    });
     const channels = cfg.channels ?? {};
     const channelCfg = channels[CHANNEL_ID] ?? {};
     const accounts = channelCfg.accounts ?? {};
@@ -18895,10 +18922,8 @@ var quantumImOnboarding = {
             default: {
               appId: appId.trim(),
               appSecret: appSecret.trim(),
-              // pin: pin.trim(),
+              encryptionMode: encryptionModeChoice,
               ...quantumAccount.trim() ? { quantumAccount: quantumAccount.trim() } : {}
-              // quantumAppId: quantumAppId.trim(),
-              // quantumAppSecret: quantumAppSecret.trim(),
             }
           }
         }
@@ -20042,6 +20067,8 @@ var MessagePipe = class {
   messageCallback = null;
   /** 量子账户标识 — 用于判断是否具备解密能力 */
   quantumAccount;
+  /** 消息加密模式 */
+  encryptionMode;
   constructor(deps) {
     this.wsClient = deps.wsClient;
     this.dedup = deps.dedup;
@@ -20049,6 +20076,7 @@ var MessagePipe = class {
     this.tokenFn = deps.tokenFn;
     this.messageServiceBaseUrl = deps.messageServiceBaseUrl;
     this.quantumAccount = deps.quantumAccount;
+    this.encryptionMode = deps.encryptionMode;
     this.wsClient.on("message", (rawData) => {
       this.handleInbound(rawData).catch((err) => {
         log21.error("\u274C \u5165\u7AD9\u5904\u7406\u5F02\u5E38", { step: "handleInbound", error: err.message });
@@ -20074,32 +20102,38 @@ var MessagePipe = class {
    * POST {messageServiceBaseUrl}/messages/v1/send
    * 字段映射: senderId → receive_id, msgType → msg_type
    *
-   * 加密模式 (quantumAccount 已配置):
-   *   - 明文 content 加密后放入 extra.encryptMsg
-   *   - extra.sessionId / extra.cryptoIv 由加密函数返回
-   *   - 原始 content 置为空字符串 {content: ''}
-   *   - extra 序列化为 JSON 字符串
-   *
-   * 失败不抛异常，避免阻塞 SDK deliver 回调。
+   * 加密行为取决于 encryptionMode:
+   * - quantum_only:      强制加密，失败直接抛错（不降级明文）
+   * - quantum_and_plain:  加密失败降级明文（保持兼容）
    */
   async sendMessage(msg) {
     let content = msg.content;
     let extra = "";
-    if (this.quantumAccount && !msg.skipEncrypt) {
-      try {
+    if (!msg.skipEncrypt && this.quantumAccount) {
+      if (this.encryptionMode === "quantum_only") {
         const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
         extra = JSON.stringify({
           cryptoIv: iv,
-          // 随机生成的 IV，解密时需要回传
           encryptMsg: ciphertext,
           sessionId: keyId
         });
         content = JSON.stringify({ content: "" });
-        log21.debug("\u{1F512} \u51FA\u7AD9\u6D88\u606F\u5DF2\u52A0\u5BC6", { sessionId: keyId });
-      } catch (err) {
-        log21.error("\u274C \u51FA\u7AD9\u6D88\u606F\u52A0\u5BC6\u5931\u8D25\uFF0C\u5C06\u53D1\u9001\u660E\u6587", {
-          error: err.message
-        });
+        log21.debug("\u{1F512} \u51FA\u7AD9\u6D88\u606F\u5DF2\u52A0\u5BC6 (quantum_only)", { sessionId: keyId });
+      } else {
+        try {
+          const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
+          extra = JSON.stringify({
+            cryptoIv: iv,
+            encryptMsg: ciphertext,
+            sessionId: keyId
+          });
+          content = JSON.stringify({ content: "" });
+          log21.debug("\u{1F512} \u51FA\u7AD9\u6D88\u606F\u5DF2\u52A0\u5BC6 (quantum_and_plain)", { sessionId: keyId });
+        } catch (err) {
+          log21.error("\u274C \u51FA\u7AD9\u6D88\u606F\u52A0\u5BC6\u5931\u8D25\uFF0C\u5C06\u53D1\u9001\u660E\u6587", {
+            error: err.message
+          });
+        }
       }
     }
     const body = {
@@ -20231,47 +20265,67 @@ var MessagePipe = class {
       log21.warn("\u26A0\uFE0F CallbackData \u89E3\u6790\u5931\u8D25", { error: err.message });
       return;
     }
+    log21.info("\u{1F4E9} \u5165\u7AD9\u539F\u59CB\u6570\u636E", {
+      appId: callbackData.appId,
+      msgUid: callbackData.msgUid,
+      eventType: callbackData.eventType,
+      userId: callbackData.userId,
+      toUserId: callbackData.toUserId,
+      groupId: callbackData.groupId,
+      type: callbackData.type,
+      content: callbackData.content,
+      extra: callbackData.extra
+    });
     const extra = callbackData.extra;
-    const isEncrypted = typeof extra === "string" && extra.length > 0;
+    let isEncrypted = false;
+    if (typeof extra === "string" && extra.length > 0) {
+      try {
+        const parsed = JSON.parse(extra);
+        isEncrypted = Boolean(parsed.encryptMsg);
+      } catch {
+        log21.debug("\u2139\uFE0F extra \u4E0D\u662F\u6709\u6548 JSON\uFF0C\u89C6\u4E3A\u660E\u6587", { msgUid: callbackData.msgUid });
+      }
+    }
     let contentObj;
-    if (isEncrypted) {
+    if (this.encryptionMode === "quantum_only") {
       if (!this.quantumAccount) {
-        log21.error("\u274C \u6536\u5230\u52A0\u5BC6\u6D88\u606F\u4F46\u672A\u914D\u7F6E\u91CF\u5B50\u5BC6\u94A5\uFF0C\u89E3\u5BC6\u5931\u8D25\u3002\u8BF7\u5728 openclaw.json \u4E2D\u914D\u7F6E quantumAccount", {
-          msgUid: callbackData.msgUid,
-          eventType: callbackData.eventType
-        });
+        log21.info("\u26A0\uFE0F quantum_only: \u672A\u914D\u7F6E quantumAccount\uFF0C\u53D1\u9001\u5F15\u5BFC\u63D0\u793A", { chatId: callbackData.userId });
+        await this.sendHintMessage(callbackData, HINT_NO_QUANTUM_ACCOUNT);
+        return;
+      }
+      if (!isEncrypted) {
+        log21.info("\u26A0\uFE0F quantum_only: \u6536\u5230\u660E\u6587\u6D88\u606F\uFF0C\u62D2\u7EDD\u5904\u7406", { msgUid: callbackData.msgUid });
+        await this.sendHintMessage(callbackData, HINT_PLAINTEXT_NOT_SUPPORTED);
         return;
       }
       try {
-        const extraData = JSON.parse(extra);
-        const encryptMsg = extraData.encryptMsg ?? "";
-        const sessionId = extraData.sessionId ?? "";
-        if (!encryptMsg) {
-          log21.warn("\u26A0\uFE0F extra \u4E2D encryptMsg \u4E3A\u7A7A\uFF0C\u8DF3\u8FC7\u89E3\u5BC6", { msgUid: callbackData.msgUid });
-          contentObj = callbackData.content;
-        } else {
-          const cryptoIv = extraData.cryptoIv ?? "";
-          const decrypted = await this.crypto.decrypt(encryptMsg, sessionId, cryptoIv);
-          try {
-            contentObj = JSON.parse(decrypted);
-          } catch {
-            contentObj = { content: decrypted };
-          }
-          log21.debug("\u{1F513} \u6D88\u606F\u89E3\u5BC6\u6210\u529F", {
-            msgUid: callbackData.msgUid,
-            sessionId,
-            hasIv: Boolean(extraData.cryptoIv)
-          });
-        }
+        contentObj = await this.decryptExtra(callbackData);
       } catch (err) {
-        log21.error("\u274C \u6D88\u606F\u89E3\u5BC6\u5931\u8D25", {
+        log21.error("\u274C quantum_only: \u6D88\u606F\u89E3\u5BC6\u5931\u8D25", {
           msgUid: callbackData.msgUid,
           error: err.message
         });
         return;
       }
     } else {
-      contentObj = callbackData.content;
+      if (isEncrypted) {
+        if (!this.quantumAccount) {
+          log21.info("\u26A0\uFE0F quantum_and_plain: \u6536\u5230\u52A0\u5BC6\u6D88\u606F\u4F46\u672A\u914D\u7F6E quantumAccount", { msgUid: callbackData.msgUid });
+          await this.sendHintMessage(callbackData, HINT_NO_QUANTUM_ACCOUNT);
+          return;
+        }
+        try {
+          contentObj = await this.decryptExtra(callbackData);
+        } catch (err) {
+          log21.error("\u274C quantum_and_plain: \u6D88\u606F\u89E3\u5BC6\u5931\u8D25", {
+            msgUid: callbackData.msgUid,
+            error: err.message
+          });
+          return;
+        }
+      } else {
+        contentObj = callbackData.content;
+      }
     }
     if (callbackData.eventType !== "callback:direct") {
       log21.debug("\u2139\uFE0F \u5FFD\u7565\u975E\u76EE\u6807\u4E8B\u4EF6", { eventType: callbackData.eventType });
@@ -20298,6 +20352,48 @@ var MessagePipe = class {
       log21.warn("\u26A0\uFE0F \u6D88\u606F\u56DE\u8C03\u672A\u6CE8\u518C\uFF0C\u65E0\u6CD5\u5904\u7406", { messageId: msg.messageId });
     }
   }
+  // ── 私有辅助方法 ──
+  /**
+   * 发送系统提示消息（明文，不加密）。
+   * 用于在模式不匹配时向用户发送引导信息。
+   */
+  async sendHintMessage(callbackData, hintText) {
+    const chatId = callbackData.groupId || callbackData.userId;
+    const senderId = callbackData.userId;
+    try {
+      await this.sendMessage({
+        chatId,
+        senderId,
+        msgType: "markdown",
+        content: JSON.stringify({ content: hintText }),
+        skipEncrypt: true
+      });
+      log21.info("\u{1F4A1} \u5DF2\u53D1\u9001\u6A21\u5F0F\u63D0\u793A\u6D88\u606F", { chatId });
+    } catch (err) {
+      log21.error("\u274C \u63D0\u793A\u6D88\u606F\u53D1\u9001\u5931\u8D25", { error: err.message });
+    }
+  }
+  /**
+   * 解密 extra 中的加密内容。
+   * @throws 解密失败时抛出异常
+   */
+  async decryptExtra(callbackData) {
+    const extraData = JSON.parse(callbackData.extra);
+    const encryptMsg = extraData.encryptMsg ?? "";
+    const sessionId = extraData.sessionId ?? "";
+    if (!encryptMsg) {
+      log21.warn("\u26A0\uFE0F extra \u4E2D encryptMsg \u4E3A\u7A7A\uFF0C\u4F7F\u7528\u539F\u59CB content", { msgUid: callbackData.msgUid });
+      return callbackData.content;
+    }
+    const cryptoIv = extraData.cryptoIv ?? "";
+    const decrypted = await this.crypto.decrypt(encryptMsg, sessionId, cryptoIv);
+    log21.debug("\u{1F513} \u6D88\u606F\u89E3\u5BC6\u6210\u529F", { msgUid: callbackData.msgUid, sessionId, hasIv: Boolean(cryptoIv) });
+    try {
+      return JSON.parse(decrypted);
+    } catch {
+      return { content: decrypted };
+    }
+  }
 };
 
 // src/transport/connection-manager.ts
@@ -20380,7 +20476,7 @@ var ConnectionManager = class {
     this.client.on("pong", () => {
       this.pongReceived = true;
       this.clearPongTimeout();
-      log22.info("heartbeat: pong received");
+      log22.debug("heartbeat: pong received");
     });
   }
   /** 启动心跳保活 — 定时发送 WebSocket Ping 帧 */
@@ -20401,7 +20497,7 @@ var ConnectionManager = class {
       }
       this.pongReceived = false;
       this.client.ping();
-      log22.info("heartbeat: ping sent");
+      log22.debug("heartbeat: ping sent");
       this.clearPongTimeout();
       this.pongTimeoutTimer = setTimeout(() => {
         if (!this.pongReceived && this.running) {
@@ -20933,7 +21029,8 @@ async function startPlugin(accountConfig, internalOverrides) {
     crypto: cryptoEngine,
     tokenFn: () => tokenManager.getValidToken(),
     messageServiceBaseUrl: config2.message.messageServiceBaseUrl,
-    quantumAccount: accountConfig.quantumAccount
+    quantumAccount: accountConfig.quantumAccount,
+    encryptionMode: accountConfig.encryptionMode
   });
   const connectionManager = new ConnectionManager(wsClient, {
     heartbeatIntervalMs: config2.transport.heartbeatIntervalMs,

package/dist/index.d.cts

@@ -23,15 +23,21 @@ declare const AccountConfigSchema: z.ZodPipe<z.ZodObject<{
         staging: "staging";
         production: "production";
     }>>;
+    encryptionMode: z.ZodDefault<z.ZodEnum<{
+        quantum_only: "quantum_only";
+        quantum_and_plain: "quantum_and_plain";
+    }>>;
 }, z.core.$strip>, z.ZodTransform<{
     appId: string;
     appSecret: string;
     quantumAccount: string | undefined;
     botUserId: string | undefined;
     env: "staging" | "production" | undefined;
+    encryptionMode: "quantum_only" | "quantum_and_plain";
 }, {
     appId: string;
     appSecret: string;
+    encryptionMode: "quantum_only" | "quantum_and_plain";
     quantumAccount?: string | undefined;
     botUserId?: string | undefined;
     env?: "staging" | "production" | undefined;
@@ -757,6 +763,8 @@ declare class MessagePipe {
     private messageCallback;
     /** 量子账户标识 — 用于判断是否具备解密能力 */
     private readonly quantumAccount?;
+    /** 消息加密模式 */
+    private readonly encryptionMode;
     constructor(deps: {
         wsClient: WSClient;
         dedup: MessageDedup;
@@ -767,6 +775,8 @@ declare class MessagePipe {
         messageServiceBaseUrl: string;
         /** 量子账户标识 — 用于判断是否具备解密能力 */
         quantumAccount?: string;
+        /** 消息加密模式 */
+        encryptionMode: 'quantum_only' | 'quantum_and_plain';
     });
     /** 注册入站消息回调 — 解密后的消息会通过此回调传给 L4 层 */
     onMessage(callback: (msg: InboundMessage) => void): void;
@@ -781,13 +791,9 @@ declare class MessagePipe {
      * POST {messageServiceBaseUrl}/messages/v1/send
      * 字段映射: senderId → receive_id, msgType → msg_type
      *
-     * 加密模式 (quantumAccount 已配置):
-     *   - 明文 content 加密后放入 extra.encryptMsg
-     *   - extra.sessionId / extra.cryptoIv 由加密函数返回
-     *   - 原始 content 置为空字符串 {content: ''}
-     *   - extra 序列化为 JSON 字符串
-     *
-     * 失败不抛异常，避免阻塞 SDK deliver 回调。
+     * 加密行为取决于 encryptionMode:
+     * - quantum_only:      强制加密，失败直接抛错（不降级明文）
+     * - quantum_and_plain:  加密失败降级明文（保持兼容）
      */
     sendMessage(msg: OutboundMessage): Promise<void>;
     /**
@@ -822,6 +828,16 @@ declare class MessagePipe {
      * 7. 回调 L4
      */
     private handleInbound;
+    /**
+     * 发送系统提示消息（明文，不加密）。
+     * 用于在模式不匹配时向用户发送引导信息。
+     */
+    private sendHintMessage;
+    /**
+     * 解密 extra 中的加密内容。
+     * @throws 解密失败时抛出异常
+     */
+    private decryptExtra;
 }
 
 /**
@@ -1141,6 +1157,13 @@ declare const QUANTUM_IM_CONFIG_JSON_SCHEMA: {
             readonly enum: readonly ["staging", "production"];
             readonly default: "production";
         };
+        readonly encryptionMode: {
+            readonly type: "string";
+            readonly title: "消息加密模式";
+            readonly description: "quantum_only = 仅量子加密消息（所有消息必须加密）；quantum_and_plain = 同时支持加密和普通消息";
+            readonly enum: readonly ["quantum_only", "quantum_and_plain"];
+            readonly default: "quantum_and_plain";
+        };
     };
 };
 

package/dist/setup-entry.cjs

@@ -3688,6 +3688,9 @@ function parseChannelAddress(address) {
   const prefix = `${CHANNEL_ID}:`;
   return address.startsWith(prefix) ? address.slice(prefix.length) : address;
 }
+var GUIDE_URL = "https://www.kdocs.cn/l/ca5LX4wxpSSE";
+var HINT_NO_QUANTUM_ACCOUNT = "\u60A8\u672A\u914D\u7F6E\u91CF\u5B50\u52A0\u5BC6\u53C2\u6570\uFF0C\u8BF7\u53C2\u8003[\u300A\u63A5\u5165\u6307\u5357\u300B\u5B89\u88C5\u91CF\u5B50\u5BC6\u4FE1\u63D2\u4EF6](" + GUIDE_URL + ") \u4FEE\u6539\u914D\u7F6E";
+var HINT_PLAINTEXT_NOT_SUPPORTED = "\u5F53\u524D\u6A21\u5F0F\u4E0D\u652F\u6301\u666E\u901A\u6D88\u606F\uFF0C\u8BF7\u53C2\u8003[\u300A\u63A5\u5165\u6307\u5357\u300B\u5B89\u88C5\u91CF\u5B50\u5BC6\u4FE1\u63D2\u4EF6](" + GUIDE_URL + ") \u4FEE\u6539\u914D\u7F6E";
 
 // src/logger.ts
 var LOG_LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
@@ -4275,13 +4278,15 @@ var quantumImOutbound = {
     }
     const messagePipe = messagePipeGetter();
     const chatId = parseChannelAddress(to);
+    const encryptionMode = pluginConfigGetter?.()?.credentials?.encryptionMode;
     const isEncrypted = getOutboundEncryptionStatus(chatId);
+    const skipEncrypt = encryptionMode === "quantum_only" ? false : isEncrypted !== true;
     await messagePipe.sendMessage({
       chatId,
       senderId: chatId,
       msgType: "markdown",
       content: JSON.stringify({ content: text }),
-      skipEncrypt: isEncrypted !== true
+      skipEncrypt
     });
     return { channel: CHANNEL_ID, messageId: "", chatId };
   },
@@ -4296,7 +4301,9 @@ var quantumImOutbound = {
     const sdkRuntime = sdkRuntimeGetter();
     const chatId = parseChannelAddress(to);
     const fileCfg = pluginConfigGetter().file;
+    const encryptionMode = pluginConfigGetter?.()?.credentials?.encryptionMode;
     const isEncrypted = getOutboundEncryptionStatus(chatId);
+    const skipEncrypt = encryptionMode === "quantum_only" ? false : isEncrypted !== true;
     const result = await resolveAndUploadMedia({
       mediaUrl: mediaUrl ?? void 0,
       tokenManager: tokenManagerGetter(),
@@ -4309,7 +4316,7 @@ var quantumImOutbound = {
       maxFileSizeMb: fileCfg.maxFileSizeMb,
       chunkSizeMb: fileCfg.chunkSizeMb,
       timeoutMs: fileCfg.fetchTimeoutMs,
-      skipEncrypt: isEncrypted !== true
+      skipEncrypt
     });
     if (result.warning) {
       log4.warn("sendMedia:degraded", { chatId, warning: result.warning });
@@ -18110,7 +18117,9 @@ var AccountConfigSchema = external_exports.object({
    */
   botUserId: external_exports.string().optional(),
   /** 🟡 部署环境 — staging=联调, production=线上 */
-  env: external_exports.enum(["staging", "production"]).optional()
+  env: external_exports.enum(["staging", "production"]).optional(),
+  /** 🟡 消息加密模式 — quantum_only=仅加密, quantum_and_plain=加密+普通(默认) */
+  encryptionMode: external_exports.enum(["quantum_only", "quantum_and_plain"]).default("quantum_and_plain")
 }).transform((raw) => ({
   appId: raw.appId,
   appSecret: raw.appSecret,
@@ -18119,7 +18128,8 @@ var AccountConfigSchema = external_exports.object({
   // quantumAppId: raw.quantumAppId,
   // quantumAppSecret: raw.quantumAppSecret,
   botUserId: raw.botUserId,
-  env: raw.env
+  env: raw.env,
+  encryptionMode: raw.encryptionMode
 }));
 var ENV_PRESETS = {
   /** 联调环境 */
@@ -19101,6 +19111,8 @@ var MessagePipe = class {
   messageCallback = null;
   /** 量子账户标识 — 用于判断是否具备解密能力 */
   quantumAccount;
+  /** 消息加密模式 */
+  encryptionMode;
   constructor(deps) {
     this.wsClient = deps.wsClient;
     this.dedup = deps.dedup;
@@ -19108,6 +19120,7 @@ var MessagePipe = class {
     this.tokenFn = deps.tokenFn;
     this.messageServiceBaseUrl = deps.messageServiceBaseUrl;
     this.quantumAccount = deps.quantumAccount;
+    this.encryptionMode = deps.encryptionMode;
     this.wsClient.on("message", (rawData) => {
       this.handleInbound(rawData).catch((err) => {
         log12.error("\u274C \u5165\u7AD9\u5904\u7406\u5F02\u5E38", { step: "handleInbound", error: err.message });
@@ -19133,32 +19146,38 @@ var MessagePipe = class {
    * POST {messageServiceBaseUrl}/messages/v1/send
    * 字段映射: senderId → receive_id, msgType → msg_type
    *
-   * 加密模式 (quantumAccount 已配置):
-   *   - 明文 content 加密后放入 extra.encryptMsg
-   *   - extra.sessionId / extra.cryptoIv 由加密函数返回
-   *   - 原始 content 置为空字符串 {content: ''}
-   *   - extra 序列化为 JSON 字符串
-   *
-   * 失败不抛异常，避免阻塞 SDK deliver 回调。
+   * 加密行为取决于 encryptionMode:
+   * - quantum_only:      强制加密，失败直接抛错（不降级明文）
+   * - quantum_and_plain:  加密失败降级明文（保持兼容）
    */
   async sendMessage(msg) {
     let content = msg.content;
     let extra = "";
-    if (this.quantumAccount && !msg.skipEncrypt) {
-      try {
+    if (!msg.skipEncrypt && this.quantumAccount) {
+      if (this.encryptionMode === "quantum_only") {
         const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
         extra = JSON.stringify({
           cryptoIv: iv,
-          // 随机生成的 IV，解密时需要回传
           encryptMsg: ciphertext,
           sessionId: keyId
         });
         content = JSON.stringify({ content: "" });
-        log12.debug("\u{1F512} \u51FA\u7AD9\u6D88\u606F\u5DF2\u52A0\u5BC6", { sessionId: keyId });
-      } catch (err) {
-        log12.error("\u274C \u51FA\u7AD9\u6D88\u606F\u52A0\u5BC6\u5931\u8D25\uFF0C\u5C06\u53D1\u9001\u660E\u6587", {
-          error: err.message
-        });
+        log12.debug("\u{1F512} \u51FA\u7AD9\u6D88\u606F\u5DF2\u52A0\u5BC6 (quantum_only)", { sessionId: keyId });
+      } else {
+        try {
+          const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
+          extra = JSON.stringify({
+            cryptoIv: iv,
+            encryptMsg: ciphertext,
+            sessionId: keyId
+          });
+          content = JSON.stringify({ content: "" });
+          log12.debug("\u{1F512} \u51FA\u7AD9\u6D88\u606F\u5DF2\u52A0\u5BC6 (quantum_and_plain)", { sessionId: keyId });
+        } catch (err) {
+          log12.error("\u274C \u51FA\u7AD9\u6D88\u606F\u52A0\u5BC6\u5931\u8D25\uFF0C\u5C06\u53D1\u9001\u660E\u6587", {
+            error: err.message
+          });
+        }
       }
     }
     const body = {
@@ -19290,47 +19309,67 @@ var MessagePipe = class {
       log12.warn("\u26A0\uFE0F CallbackData \u89E3\u6790\u5931\u8D25", { error: err.message });
       return;
     }
+    log12.info("\u{1F4E9} \u5165\u7AD9\u539F\u59CB\u6570\u636E", {
+      appId: callbackData.appId,
+      msgUid: callbackData.msgUid,
+      eventType: callbackData.eventType,
+      userId: callbackData.userId,
+      toUserId: callbackData.toUserId,
+      groupId: callbackData.groupId,
+      type: callbackData.type,
+      content: callbackData.content,
+      extra: callbackData.extra
+    });
     const extra = callbackData.extra;
-    const isEncrypted = typeof extra === "string" && extra.length > 0;
+    let isEncrypted = false;
+    if (typeof extra === "string" && extra.length > 0) {
+      try {
+        const parsed = JSON.parse(extra);
+        isEncrypted = Boolean(parsed.encryptMsg);
+      } catch {
+        log12.debug("\u2139\uFE0F extra \u4E0D\u662F\u6709\u6548 JSON\uFF0C\u89C6\u4E3A\u660E\u6587", { msgUid: callbackData.msgUid });
+      }
+    }
     let contentObj;
-    if (isEncrypted) {
+    if (this.encryptionMode === "quantum_only") {
       if (!this.quantumAccount) {
-        log12.error("\u274C \u6536\u5230\u52A0\u5BC6\u6D88\u606F\u4F46\u672A\u914D\u7F6E\u91CF\u5B50\u5BC6\u94A5\uFF0C\u89E3\u5BC6\u5931\u8D25\u3002\u8BF7\u5728 openclaw.json \u4E2D\u914D\u7F6E quantumAccount", {
-          msgUid: callbackData.msgUid,
-          eventType: callbackData.eventType
-        });
+        log12.info("\u26A0\uFE0F quantum_only: \u672A\u914D\u7F6E quantumAccount\uFF0C\u53D1\u9001\u5F15\u5BFC\u63D0\u793A", { chatId: callbackData.userId });
+        await this.sendHintMessage(callbackData, HINT_NO_QUANTUM_ACCOUNT);
+        return;
+      }
+      if (!isEncrypted) {
+        log12.info("\u26A0\uFE0F quantum_only: \u6536\u5230\u660E\u6587\u6D88\u606F\uFF0C\u62D2\u7EDD\u5904\u7406", { msgUid: callbackData.msgUid });
+        await this.sendHintMessage(callbackData, HINT_PLAINTEXT_NOT_SUPPORTED);
         return;
       }
       try {
-        const extraData = JSON.parse(extra);
-        const encryptMsg = extraData.encryptMsg ?? "";
-        const sessionId = extraData.sessionId ?? "";
-        if (!encryptMsg) {
-          log12.warn("\u26A0\uFE0F extra \u4E2D encryptMsg \u4E3A\u7A7A\uFF0C\u8DF3\u8FC7\u89E3\u5BC6", { msgUid: callbackData.msgUid });
-          contentObj = callbackData.content;
-        } else {
-          const cryptoIv = extraData.cryptoIv ?? "";
-          const decrypted = await this.crypto.decrypt(encryptMsg, sessionId, cryptoIv);
-          try {
-            contentObj = JSON.parse(decrypted);
-          } catch {
-            contentObj = { content: decrypted };
-          }
-          log12.debug("\u{1F513} \u6D88\u606F\u89E3\u5BC6\u6210\u529F", {
-            msgUid: callbackData.msgUid,
-            sessionId,
-            hasIv: Boolean(extraData.cryptoIv)
-          });
-        }
+        contentObj = await this.decryptExtra(callbackData);
       } catch (err) {
-        log12.error("\u274C \u6D88\u606F\u89E3\u5BC6\u5931\u8D25", {
+        log12.error("\u274C quantum_only: \u6D88\u606F\u89E3\u5BC6\u5931\u8D25", {
           msgUid: callbackData.msgUid,
           error: err.message
         });
         return;
       }
     } else {
-      contentObj = callbackData.content;
+      if (isEncrypted) {
+        if (!this.quantumAccount) {
+          log12.info("\u26A0\uFE0F quantum_and_plain: \u6536\u5230\u52A0\u5BC6\u6D88\u606F\u4F46\u672A\u914D\u7F6E quantumAccount", { msgUid: callbackData.msgUid });
+          await this.sendHintMessage(callbackData, HINT_NO_QUANTUM_ACCOUNT);
+          return;
+        }
+        try {
+          contentObj = await this.decryptExtra(callbackData);
+        } catch (err) {
+          log12.error("\u274C quantum_and_plain: \u6D88\u606F\u89E3\u5BC6\u5931\u8D25", {
+            msgUid: callbackData.msgUid,
+            error: err.message
+          });
+          return;
+        }
+      } else {
+        contentObj = callbackData.content;
+      }
     }
     if (callbackData.eventType !== "callback:direct") {
       log12.debug("\u2139\uFE0F \u5FFD\u7565\u975E\u76EE\u6807\u4E8B\u4EF6", { eventType: callbackData.eventType });
@@ -19357,6 +19396,48 @@ var MessagePipe = class {
       log12.warn("\u26A0\uFE0F \u6D88\u606F\u56DE\u8C03\u672A\u6CE8\u518C\uFF0C\u65E0\u6CD5\u5904\u7406", { messageId: msg.messageId });
     }
   }
+  // ── 私有辅助方法 ──
+  /**
+   * 发送系统提示消息（明文，不加密）。
+   * 用于在模式不匹配时向用户发送引导信息。
+   */
+  async sendHintMessage(callbackData, hintText) {
+    const chatId = callbackData.groupId || callbackData.userId;
+    const senderId = callbackData.userId;
+    try {
+      await this.sendMessage({
+        chatId,
+        senderId,
+        msgType: "markdown",
+        content: JSON.stringify({ content: hintText }),
+        skipEncrypt: true
+      });
+      log12.info("\u{1F4A1} \u5DF2\u53D1\u9001\u6A21\u5F0F\u63D0\u793A\u6D88\u606F", { chatId });
+    } catch (err) {
+      log12.error("\u274C \u63D0\u793A\u6D88\u606F\u53D1\u9001\u5931\u8D25", { error: err.message });
+    }
+  }
+  /**
+   * 解密 extra 中的加密内容。
+   * @throws 解密失败时抛出异常
+   */
+  async decryptExtra(callbackData) {
+    const extraData = JSON.parse(callbackData.extra);
+    const encryptMsg = extraData.encryptMsg ?? "";
+    const sessionId = extraData.sessionId ?? "";
+    if (!encryptMsg) {
+      log12.warn("\u26A0\uFE0F extra \u4E2D encryptMsg \u4E3A\u7A7A\uFF0C\u4F7F\u7528\u539F\u59CB content", { msgUid: callbackData.msgUid });
+      return callbackData.content;
+    }
+    const cryptoIv = extraData.cryptoIv ?? "";
+    const decrypted = await this.crypto.decrypt(encryptMsg, sessionId, cryptoIv);
+    log12.debug("\u{1F513} \u6D88\u606F\u89E3\u5BC6\u6210\u529F", { msgUid: callbackData.msgUid, sessionId, hasIv: Boolean(cryptoIv) });
+    try {
+      return JSON.parse(decrypted);
+    } catch {
+      return { content: decrypted };
+    }
+  }
 };
 
 // src/transport/connection-manager.ts
@@ -19439,7 +19520,7 @@ var ConnectionManager = class {
     this.client.on("pong", () => {
       this.pongReceived = true;
       this.clearPongTimeout();
-      log13.info("heartbeat: pong received");
+      log13.debug("heartbeat: pong received");
     });
   }
   /** 启动心跳保活 — 定时发送 WebSocket Ping 帧 */
@@ -19460,7 +19541,7 @@ var ConnectionManager = class {
       }
       this.pongReceived = false;
       this.client.ping();
-      log13.info("heartbeat: ping sent");
+      log13.debug("heartbeat: ping sent");
       this.clearPongTimeout();
       this.pongTimeoutTimer = setTimeout(() => {
         if (!this.pongReceived && this.running) {
@@ -19993,6 +20074,13 @@ var QUANTUM_IM_CONFIG_JSON_SCHEMA = {
       description: "\u9009\u62E9\u5BF9\u63A5\u7684\u670D\u52A1\u5668\u73AF\u5883\u3002staging = \u8054\u8C03\u73AF\u5883\uFF0Cproduction = \u7EBF\u4E0A\u73AF\u5883",
       enum: ["staging", "production"],
       default: "production"
+    },
+    encryptionMode: {
+      type: "string",
+      title: "\u6D88\u606F\u52A0\u5BC6\u6A21\u5F0F",
+      description: "quantum_only = \u4EC5\u91CF\u5B50\u52A0\u5BC6\u6D88\u606F\uFF08\u6240\u6709\u6D88\u606F\u5FC5\u987B\u52A0\u5BC6\uFF09\uFF1Bquantum_and_plain = \u540C\u65F6\u652F\u6301\u52A0\u5BC6\u548C\u666E\u901A\u6D88\u606F",
+      enum: ["quantum_only", "quantum_and_plain"],
+      default: "quantum_and_plain"
     }
   }
 };
@@ -20062,7 +20150,8 @@ async function startPlugin(accountConfig, internalOverrides) {
     crypto: cryptoEngine,
     tokenFn: () => tokenManager.getValidToken(),
     messageServiceBaseUrl: config2.message.messageServiceBaseUrl,
-    quantumAccount: accountConfig.quantumAccount
+    quantumAccount: accountConfig.quantumAccount,
+    encryptionMode: accountConfig.encryptionMode
   });
   const connectionManager = new ConnectionManager(wsClient, {
     heartbeatIntervalMs: config2.transport.heartbeatIntervalMs,
@@ -20382,8 +20471,10 @@ function createQuantumImDeliverFn(deps) {
     maxFileSizeMb,
     chunkSizeMb,
     timeoutMs,
-    isEncrypted
+    isEncrypted,
+    encryptionMode
   } = deps;
+  const shouldSkipEncrypt = encryptionMode === "quantum_only" ? false : isEncrypted === false;
   const deliver = async (payload) => {
     const mediaUrls = [];
     if (payload.mediaUrls?.length) {
@@ -20401,7 +20492,7 @@ function createQuantumImDeliverFn(deps) {
         msgType: "markdown",
         content: JSON.stringify({ content: payload.text }),
         replyToMessageId,
-        skipEncrypt: isEncrypted === false
+        skipEncrypt: shouldSkipEncrypt
       });
       log23.info("\u{1F4E4} AI \u6587\u672C\u56DE\u590D\u5DF2\u53D1\u9001", {
         chatId,
@@ -20424,7 +20515,7 @@ function createQuantumImDeliverFn(deps) {
             maxFileSizeMb,
             chunkSizeMb,
             timeoutMs,
-            skipEncrypt: isEncrypted === false
+            skipEncrypt: shouldSkipEncrypt
           });
           if (result.warning) {
             log23.warn("\u{1F4E4} \u5A92\u4F53\u53D1\u9001\u964D\u7EA7", { chatId, mediaUrl, warning: result.warning });
@@ -20443,7 +20534,7 @@ function createQuantumImDeliverFn(deps) {
             msgType: "markdown",
             content: JSON.stringify({ content: `\u{1F4CE} ${mediaUrl}` }),
             replyToMessageId,
-            skipEncrypt: isEncrypted === false
+            skipEncrypt: shouldSkipEncrypt
           });
         }
       }
@@ -20481,12 +20572,13 @@ var InboundPipeline = class {
         });
         return;
       }
+      const feedbackSkipEncrypt = this.deps.pluginConfig.credentials.encryptionMode === "quantum_only" ? false : true;
       this.deps.messagePipe.sendMessage({
         chatId: msg.chatId,
         senderId: msg.senderId,
         msgType: "text",
         content: JSON.stringify({ content: "\u4EFB\u52A1\u5DF2\u6536\u5230\u{1F44C}\uFF0C\u6B63\u5728\u5904\u7406\u4E2D..." }),
-        skipEncrypt: true
+        skipEncrypt: feedbackSkipEncrypt
       }).catch((err) => {
         log24.warn("\u26A0\uFE0F \u5373\u65F6\u53CD\u9988\u53D1\u9001\u5931\u8D25", { error: err.message });
       });
@@ -20514,7 +20606,8 @@ var InboundPipeline = class {
         allowPrivateNetwork: this.deps.pluginConfig.file.allowPrivateNetwork,
         maxFileSizeMb: this.deps.pluginConfig.file.maxFileSizeMb,
         timeoutMs: this.deps.pluginConfig.file.fetchTimeoutMs,
-        isEncrypted: msg.isEncrypted
+        isEncrypted: msg.isEncrypted,
+        encryptionMode: this.deps.pluginConfig.credentials.encryptionMode
       });
       const { dispatcher, replyOptions } = core.channel.reply.createReplyDispatcherWithTyping({
         deliver
@@ -20647,33 +20740,39 @@ var quantumImOnboarding = {
       ].join("\n"),
       "\u91CF\u5B50\u5BC6\u4FE1 \u2014 \u51ED\u636E\u914D\u7F6E"
     );
-    const appId = await prompter.text({
-      message: "\u5E94\u7528 ID (appId)",
-      initialValue: existing.appId ?? void 0,
-      validate: required2
-    });
-    const appSecret = await prompter.text({
-      message: "\u5E94\u7528\u5BC6\u94A5 (appSecret)",
-      initialValue: existing.appSecret ?? void 0,
-      validate: required2
-    });
-    const encryptionMode = await prompter.select({
-      message: "\u6D88\u606F\u4F20\u8F93\u6A21\u5F0F",
+    const encryptionModeChoice = await prompter.select({
+      message: "\u8BF7\u9009\u62E9\u6D88\u606F\u4EA4\u4E92\u65B9\u5F0F",
       options: [
-        { value: "plain", label: "\u660E\u6587\u6A21\u5F0F\uFF08\u4E0D\u52A0\u5BC6\uFF09", hint: "\u9002\u5408\u6D4B\u8BD5\u6216\u4E0D\u9700\u8981\u52A0\u5BC6\u7684\u573A\u666F" },
-        { value: "quantum", label: "\u91CF\u5B50\u52A0\u5BC6\u6A21\u5F0F", hint: "\u9700\u8981\u91CF\u5B50\u8D26\u6237\u6807\u8BC6" }
+        { value: "quantum_only", label: "\u4EC5\u91CF\u5B50\u52A0\u5BC6\u6D88\u606F" },
+        { value: "quantum_and_plain", label: "\u91CF\u5B50\u52A0\u5BC6+\u666E\u901A\u6D88\u606F\uFF08\u82E5\u91CF\u5B50\u52A0\u5BC6\u7981\u7528\uFF0C\u5219\u7559\u7A7A\uFF09" }
       ],
-      initialValue: existing.quantumAccount?.trim() ? "quantum" : "plain"
+      initialValue: existing.encryptionMode ?? "quantum_and_plain"
     });
     let quantumAccount = "";
-    if (encryptionMode === "quantum") {
+    if (encryptionModeChoice === "quantum_only") {
       quantumAccount = await prompter.text({
         message: "\u91CF\u5B50\u8D26\u6237\u6807\u8BC6 (quantumAccount)",
         placeholder: "\u5982: 17100001111",
         initialValue: existing.quantumAccount ?? void 0,
         validate: required2
       });
+    } else {
+      quantumAccount = await prompter.text({
+        message: "\u91CF\u5B50\u8D26\u6237\u6807\u8BC6\uFF08\u53EF\u9009\uFF0C\u4E0D\u586B\u5219\u4EC5\u652F\u6301\u660E\u6587\uFF09",
+        placeholder: "\u5982: 17100001111",
+        initialValue: existing.quantumAccount ?? void 0
+      });
     }
+    const appId = await prompter.text({
+      message: "\u5E94\u7528 ID (appId)",
+      initialValue: existing.appId ?? void 0,
+      validate: required2
+    });
+    const appSecret = await prompter.text({
+      message: "\u5E94\u7528\u5BC6\u94A5 (appSecret)",
+      initialValue: existing.appSecret ?? void 0,
+      validate: required2
+    });
     const channels = cfg.channels ?? {};
     const channelCfg = channels[CHANNEL_ID] ?? {};
     const accounts = channelCfg.accounts ?? {};
@@ -20689,10 +20788,8 @@ var quantumImOnboarding = {
             default: {
               appId: appId.trim(),
               appSecret: appSecret.trim(),
-              // pin: pin.trim(),
+              encryptionMode: encryptionModeChoice,
               ...quantumAccount.trim() ? { quantumAccount: quantumAccount.trim() } : {}
-              // quantumAppId: quantumAppId.trim(),
-              // quantumAppSecret: quantumAppSecret.trim(),
             }
           }
         }

package/openclaw.plugin.json

@@ -33,6 +33,13 @@
         "description": "选择对接的服务器环境。staging = 联调环境，production = 线上环境",
         "enum": ["staging", "production"],
         "default": "production"
+      },
+      "encryptionMode": {
+        "type": "string",
+        "title": "消息加密模式",
+        "description": "quantum_only = 仅量子加密消息（所有消息必须加密）；quantum_and_plain = 同时支持加密和普通消息",
+        "enum": ["quantum_only", "quantum_and_plain"],
+        "default": "quantum_and_plain"
       }
     }
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "liangzimixin",
-  "version": "0.3.43",
+  "version": "0.3.45",
   "description": "Quantum-encrypted IM channel plugin for OpenClaw",
   "type": "module",
   "main": "dist/index.cjs",