openclaw-groupme 0.0.3 → 0.3.0

package/src/inbound.ts

@@ -1,15 +1,37 @@
-import type { OpenClawConfig, ReplyPayload, RuntimeEnv } from "openclaw/plugin-sdk";
+import type {
+  OpenClawConfig,
+  ReplyPayload,
+  RuntimeEnv,
+} from "openclaw/plugin-sdk";
 import {
+  buildPendingHistoryContextFromMap,
+  clearHistoryEntriesIfEnabled,
   createReplyPrefixOptions,
   logInboundDrop,
+  recordPendingHistoryEntryIfEnabled,
   resolveControlCommandGate,
   resolveMentionGatingWithBypass,
+  type HistoryEntry,
 } from "openclaw/plugin-sdk";
-import type { GroupMeCallbackData, ResolvedGroupMeAccount, CoreConfig } from "./types.js";
+import type {
+  GroupMeCallbackData,
+  ResolvedGroupMeAccount,
+  CoreConfig,
+} from "./types.js";
+import {
+  buildGroupMeHistoryEntry,
+  formatGroupMeHistoryEntry,
+  resolveGroupMeBodyForAgent,
+} from "./history.js";
 import { extractImageUrls, detectGroupMeMention } from "./parse.js";
 import { resolveSenderAccess } from "./policy.js";
 import { getGroupMeRuntime } from "./runtime.js";
-import { GROUPME_MAX_TEXT_LENGTH, sendGroupMeMedia, sendGroupMeText } from "./send.js";
+import {
+  GROUPME_MAX_TEXT_LENGTH,
+  sendGroupMeMedia,
+  sendGroupMeText,
+} from "./send.js";
+import { resolveGroupMeSecurity } from "./security.js";
 
 const CHANNEL_ID = "groupme" as const;
 
@@ -35,7 +57,9 @@ function chunkReplyText(params: {
     return [];
   }
 
-  return params.core.channel.text.chunkMarkdownText(trimmed, params.limit).filter(Boolean);
+  return params.core.channel.text
+    .chunkMarkdownText(trimmed, params.limit)
+    .filter(Boolean);
 }
 
 async function deliverGroupMeReply(params: {
@@ -130,9 +154,22 @@ export async function handleGroupMeInbound(params: {
   account: ResolvedGroupMeAccount;
   config: CoreConfig;
   runtime: RuntimeEnv;
-  statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
+  groupHistories: Map<string, HistoryEntry[]>;
+  historyLimit: number;
+  statusSink?: (patch: {
+    lastInboundAt?: number;
+    lastOutboundAt?: number;
+  }) => void;
 }): Promise<void> {
-  const { message, account, config, runtime, statusSink } = params;
+  const {
+    message,
+    account,
+    config,
+    runtime,
+    groupHistories,
+    historyLimit,
+    statusSink,
+  } = params;
   const core = getGroupMeRuntime();
 
   const inboundTimestamp = message.createdAt * 1000;
@@ -145,12 +182,15 @@ export async function handleGroupMeInbound(params: {
   });
 
   const allowFrom = account.config.allowFrom ?? [];
+  const security = resolveGroupMeSecurity(account.config);
   const senderAllowed = resolveSenderAccess({
     senderId: message.senderId,
     allowFrom,
   });
   if (!senderAllowed) {
-    runtime.log?.(`groupme: drop sender ${message.senderId} (not in allowFrom)`);
+    runtime.log?.(
+      `groupme: drop sender ${message.senderId} (not in allowFrom)`,
+    );
     return;
   }
 
@@ -168,6 +208,7 @@ export async function handleGroupMeInbound(params: {
     config as OpenClawConfig,
     route.agentId,
   );
+  const requireMention = account.config.requireMention ?? true;
   const wasMentioned = detectGroupMeMention({
     text: message.text,
     botName: account.config.botName,
@@ -183,9 +224,17 @@ export async function handleGroupMeInbound(params: {
     message.text,
     config as OpenClawConfig,
   );
+  const commandBypassNeedsAllowFrom =
+    security.commandBypass.requireAllowFrom && hasControlCommand;
+  const commandBypassCanSkipMention = !(
+    security.commandBypass.requireMentionForCommands &&
+    requireMention &&
+    hasControlCommand
+  );
 
   const commandGate = resolveControlCommandGate({
-    useAccessGroups: config.commands?.useAccessGroups !== false,
+    useAccessGroups:
+      config.commands?.useAccessGroups !== false || commandBypassNeedsAllowFrom,
     authorizers: [{ configured: allowFrom.length > 0, allowed: senderAllowed }],
     allowTextCommands,
     hasControlCommand,
@@ -202,35 +251,60 @@ export async function handleGroupMeInbound(params: {
 
   const mentionGate = resolveMentionGatingWithBypass({
     isGroup: true,
-    requireMention: account.config.requireMention ?? true,
+    requireMention,
     canDetectMention: true,
     wasMentioned,
     hasAnyMention: false,
     allowTextCommands,
-    hasControlCommand,
-    commandAuthorized: commandGate.commandAuthorized,
+    hasControlCommand: commandBypassCanSkipMention ? hasControlCommand : false,
+    commandAuthorized: commandBypassCanSkipMention
+      ? commandGate.commandAuthorized
+      : false,
+  });
+
+  const imageUrls = extractImageUrls(message.attachments);
+  const rawBody = message.text;
+  const bodyForAgent = resolveGroupMeBodyForAgent({
+    rawBody,
+    imageUrls,
   });
 
   if (mentionGate.shouldSkip) {
-    runtime.log?.("groupme: skip message (mention required, not mentioned)");
+    const buffered = recordPendingHistoryEntryIfEnabled({
+      historyMap: groupHistories,
+      historyKey: message.groupId,
+      limit: historyLimit,
+      entry: buildGroupMeHistoryEntry({
+        senderName: message.name,
+        body: bodyForAgent,
+        timestamp: inboundTimestamp,
+        messageId: message.id,
+      }),
+    });
+    if (buffered.length > 0) {
+      runtime.log?.(
+        `groupme: buffered message from ${message.name} (${buffered.length}/${historyLimit})`,
+      );
+    } else {
+      runtime.log?.("groupme: skip message (mention required, not mentioned)");
+    }
     return;
   }
 
-  const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(config as OpenClawConfig);
-  const storePath = core.channel.session.resolveStorePath(config.session?.store, {
-    agentId: route.agentId,
-  });
+  const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(
+    config as OpenClawConfig,
+  );
+  const storePath = core.channel.session.resolveStorePath(
+    config.session?.store,
+    {
+      agentId: route.agentId,
+    },
+  );
   const previousTimestamp = core.channel.session.readSessionUpdatedAt({
     storePath,
     sessionKey: route.sessionKey,
   });
 
-  const imageUrls = extractImageUrls(message.attachments);
-  const rawBody = message.text;
-  const bodyForAgent =
-    rawBody.trim() ||
-    (imageUrls.length > 0 ? imageUrls.map((url) => `Image: ${url}`).join("\n") : rawBody);
-
   const body = core.channel.reply.formatAgentEnvelope({
     channel: "GroupMe",
     from: message.name,
@@ -239,10 +313,41 @@ export async function handleGroupMeInbound(params: {
     envelope: envelopeOptions,
     body: bodyForAgent,
   });
+  const shouldUseHistoryBuffer = requireMention && historyLimit > 0;
+  const historyEntriesForContext = shouldUseHistoryBuffer
+    ? [...(groupHistories.get(message.groupId) ?? [])]
+    : [];
+  if (shouldUseHistoryBuffer) {
+    clearHistoryEntriesIfEnabled({
+      historyMap: groupHistories,
+      historyKey: message.groupId,
+      limit: historyLimit,
+    });
+  }
+
+  const combinedBody =
+    shouldUseHistoryBuffer
+      ? buildPendingHistoryContextFromMap({
+          historyMap: new Map([[message.groupId, historyEntriesForContext]]),
+          historyKey: message.groupId,
+          limit: historyLimit,
+          currentMessage: body,
+          formatEntry: formatGroupMeHistoryEntry,
+        })
+      : body;
+  const inboundHistory =
+    shouldUseHistoryBuffer
+      ? historyEntriesForContext.map((entry) => ({
+          sender: entry.sender,
+          body: entry.body,
+          timestamp: entry.timestamp,
+        }))
+      : undefined;
 
   const ctxPayload = core.channel.reply.finalizeInboundContext({
-    Body: body,
+    Body: combinedBody,
     BodyForAgent: bodyForAgent,
+    InboundHistory: inboundHistory,
     RawBody: rawBody,
     CommandBody: rawBody,
     From: `groupme:user:${message.senderId}`,

package/src/monitor.ts

@@ -1,54 +1,288 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
+import type { HistoryEntry } from "openclaw/plugin-sdk";
 import type { RuntimeEnv } from "openclaw/plugin-sdk";
-import { readJsonBodyWithLimit, requestBodyErrorToText } from "openclaw/plugin-sdk";
-import type { CoreConfig, ResolvedGroupMeAccount } from "./types.js";
+import {
+  readJsonBodyWithLimit,
+  requestBodyErrorToText,
+} from "openclaw/plugin-sdk";
+import { resolveGroupMeHistoryLimit } from "./history.js";
 import { handleGroupMeInbound } from "./inbound.js";
 import { parseGroupMeCallback, shouldProcessCallback } from "./parse.js";
+import { GroupMeRateLimiter } from "./rate-limit.js";
+import { GroupMeReplayCache, buildReplayKey } from "./replay-cache.js";
+import {
+  checkGroupBinding,
+  redactCallbackUrl,
+  resolveGroupMeSecurity,
+  validateProxyRequest,
+  type ResolvedGroupMeSecurity,
+  verifyCallbackAuth,
+} from "./security.js";
+import type {
+  CoreConfig,
+  ResolvedGroupMeAccount,
+  WebhookDecision,
+} from "./types.js";
 
 export type GroupMeWebhookHandlerParams = {
   account: ResolvedGroupMeAccount;
   config: CoreConfig;
   runtime: RuntimeEnv;
-  statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
+  statusSink?: (patch: {
+    lastInboundAt?: number;
+    lastOutboundAt?: number;
+  }) => void;
 };
 
+function rejectDecision(params: {
+  status: number;
+  reason: string;
+  logLevel?: "debug" | "warn";
+}): WebhookDecision {
+  return {
+    kind: "reject",
+    status: params.status,
+    reason: params.reason,
+    logLevel: params.logLevel ?? "warn",
+  };
+}
+
+const STATUS_TEXT: Record<number, string> = {
+  400: "Bad Request",
+  401: "Unauthorized",
+  403: "Forbidden",
+  404: "Not Found",
+  405: "Method Not Allowed",
+  408: "Request Timeout",
+  413: "Payload Too Large",
+  429: "Too Many Requests",
+};
+
+function formatRejectionBody(status: number): string {
+  return STATUS_TEXT[status] ?? "rejected";
+}
+
+function asRequestBodyErrorCode(
+  value: string,
+): "PAYLOAD_TOO_LARGE" | "REQUEST_BODY_TIMEOUT" | "CONNECTION_CLOSED" | null {
+  if (
+    value === "PAYLOAD_TOO_LARGE" ||
+    value === "REQUEST_BODY_TIMEOUT" ||
+    value === "CONNECTION_CLOSED"
+  ) {
+    return value;
+  }
+  return null;
+}
+
+function logWebhookRejection(params: {
+  runtime: RuntimeEnv;
+  security: ResolvedGroupMeSecurity;
+  decision: Extract<WebhookDecision, { kind: "reject" }>;
+  reqUrl: URL;
+}) {
+  if (!params.security.logging.logRejectedRequests) {
+    return;
+  }
+  const url = params.security.logging.redactSecrets
+    ? redactCallbackUrl(
+        `${params.reqUrl.pathname}${params.reqUrl.search}`,
+        params.security,
+      )
+    : `${params.reqUrl.pathname}${params.reqUrl.search}`;
+  const line = `groupme: webhook rejected (${params.decision.reason}) status=${params.decision.status} url=${url}`;
+  if (params.decision.logLevel === "warn") {
+    params.runtime.error?.(line);
+    return;
+  }
+  params.runtime.log?.(line);
+}
+
+async function decideWebhookRequest(params: {
+  req: IncomingMessage;
+  security: ResolvedGroupMeSecurity;
+  replayCache: GroupMeReplayCache;
+  rateLimiter: GroupMeRateLimiter;
+}): Promise<WebhookDecision> {
+  const reqUrl = new URL(params.req.url ?? "/", "http://localhost");
+
+  if (params.req.method !== "POST") {
+    return rejectDecision({
+      status: 405,
+      reason: "invalid_method",
+      logLevel: "debug",
+    });
+  }
+
+  const auth = verifyCallbackAuth({ url: reqUrl, security: params.security });
+  if (!auth.ok && auth.reason !== "disabled") {
+    return rejectDecision({
+      status: params.security.callbackRejectStatus,
+      reason: `auth_${auth.reason}`,
+      logLevel: "warn",
+    });
+  }
+
+  const proxyValidation = validateProxyRequest({
+    headers: params.req.headers,
+    remoteAddress: params.req.socket.remoteAddress ?? "",
+    socketEncrypted: Boolean((params.req.socket as { encrypted?: boolean }).encrypted),
+    security: params.security,
+  });
+  if (!proxyValidation.ok) {
+    return rejectDecision({
+      status: proxyValidation.status,
+      reason: `proxy_${proxyValidation.reason}`,
+      logLevel: "warn",
+    });
+  }
+
+  const body = await readJsonBodyWithLimit(params.req, {
+    maxBytes: 64 * 1024,
+    timeoutMs: 15_000,
+    emptyObjectOnEmpty: false,
+  });
+  if (!body.ok) {
+    let status: number;
+    if (body.code === "PAYLOAD_TOO_LARGE") {
+      status = 413;
+    } else if (body.code === "REQUEST_BODY_TIMEOUT") {
+      status = 408;
+    } else {
+      status = 400;
+    }
+    return rejectDecision({
+      status,
+      reason: `body_${body.code.toLowerCase()}`,
+      logLevel: "debug",
+    });
+  }
+
+  const message = parseGroupMeCallback(body.value);
+  if (!message) {
+    return rejectDecision({
+      status: 400,
+      reason: "parse_invalid_callback",
+      logLevel: "debug",
+    });
+  }
+
+  const ignoreReason = shouldProcessCallback(message);
+  if (ignoreReason) {
+    return rejectDecision({
+      status: 200,
+      reason: `ignore_${ignoreReason.replace(/\s+/g, "_")}`,
+      logLevel: "debug",
+    });
+  }
+
+  const groupBinding = checkGroupBinding({
+    groupId: params.security.groupId,
+    inboundGroupId: message.groupId,
+  });
+  if (!groupBinding.ok) {
+    return rejectDecision({
+      status: 403,
+      reason: "group_binding_mismatch",
+      logLevel: "warn",
+    });
+  }
+
+  if (params.security.replay.enabled) {
+    const replay = params.replayCache.checkAndRemember(buildReplayKey(message));
+    if (replay.kind === "duplicate") {
+      return rejectDecision({
+        status: 200,
+        reason: "duplicate_replay",
+        logLevel: "debug",
+      });
+    }
+  }
+
+  if (!params.security.rateLimit.enabled) {
+    return { kind: "accept", message, release: () => undefined };
+  }
+
+  const rate = params.rateLimiter.evaluate({
+    ip: proxyValidation.context.clientIp,
+    senderId: message.senderId,
+  });
+  if (rate.kind === "rejected") {
+    return rejectDecision({
+      status: 429,
+      reason: `rate_limited_${rate.scope}`,
+      logLevel: "warn",
+    });
+  }
+
+  return { kind: "accept", message, release: rate.release };
+}
+
 export function createGroupMeWebhookHandler(
   params: GroupMeWebhookHandlerParams,
 ): (req: IncomingMessage, res: ServerResponse) => Promise<void> {
-  return async (req, res) => {
-    if (req.method !== "POST") {
-      res.statusCode = 405;
-      res.setHeader("Allow", "POST");
-      res.end("Method Not Allowed");
-      return;
-    }
+  const groupHistories = new Map<string, HistoryEntry[]>();
+  const historyLimit = resolveGroupMeHistoryLimit(
+    params.account.config.historyLimit,
+  );
+  const security = resolveGroupMeSecurity(params.account.config);
+  const replayCache = new GroupMeReplayCache({
+    ttlSeconds: security.replay.ttlSeconds,
+    maxEntries: security.replay.maxEntries,
+  });
+  const rateLimiter = new GroupMeRateLimiter({
+    windowMs: security.rateLimit.windowMs,
+    maxRequestsPerIp: security.rateLimit.maxRequestsPerIp,
+    maxRequestsPerSender: security.rateLimit.maxRequestsPerSender,
+    maxConcurrent: security.rateLimit.maxConcurrent,
+  });
 
-    const body = await readJsonBodyWithLimit(req, {
-      maxBytes: 64 * 1024,
-      timeoutMs: 15_000,
-      emptyObjectOnEmpty: false,
+  return async (req, res) => {
+    const decision = await decideWebhookRequest({
+      req,
+      security,
+      replayCache,
+      rateLimiter,
     });
-    if (!body.ok) {
-      res.statusCode =
-        body.code === "PAYLOAD_TOO_LARGE" ? 413 : body.code === "REQUEST_BODY_TIMEOUT" ? 408 : 400;
-      res.end(body.code === "INVALID_JSON" ? body.error : requestBodyErrorToText(body.code));
-      return;
-    }
 
-    res.statusCode = 200;
-    res.end("ok");
+    if (decision.kind === "reject") {
+      const reqUrl = new URL(req.url ?? "/", "http://localhost");
+      logWebhookRejection({
+        runtime: params.runtime,
+        security,
+        decision,
+        reqUrl,
+      });
 
-    const message = parseGroupMeCallback(body.value);
-    if (!message) {
-      params.runtime.log?.("groupme: unparseable callback payload");
+      if (decision.status === 405) {
+        res.setHeader("Allow", "POST");
+      }
+      res.statusCode = decision.status;
+      if (decision.status === 200) {
+        res.end("ok");
+        return;
+      }
+      if (decision.reason.startsWith("body_")) {
+        const code = decision.reason.slice("body_".length).toUpperCase();
+        if (code === "INVALID_JSON") {
+          res.end("Invalid JSON");
+          return;
+        }
+        const requestBodyErrorCode = asRequestBodyErrorCode(code);
+        if (requestBodyErrorCode) {
+          res.end(
+            requestBodyErrorToText(requestBodyErrorCode),
+          );
+          return;
+        }
+      }
+      res.end(formatRejectionBody(decision.status));
       return;
     }
 
-    const ignoreReason = shouldProcessCallback(message);
-    if (ignoreReason) {
-      params.runtime.log?.(`groupme: ignoring message (${ignoreReason})`);
-      return;
-    }
+    const { message, release } = decision;
+    res.statusCode = 200;
+    res.end("ok");
 
     void handleGroupMeInbound({
       message,
@@ -56,8 +290,16 @@ export function createGroupMeWebhookHandler(
       config: params.config,
       runtime: params.runtime,
       statusSink: params.statusSink,
-    }).catch((err) => {
-      params.runtime.error?.(`groupme: inbound processing failed: ${String(err)}`);
-    });
+      groupHistories,
+      historyLimit,
+    })
+      .catch((err) => {
+        params.runtime.error?.(
+          `groupme: inbound processing failed: ${String(err)}`,
+        );
+      })
+      .finally(() => {
+        release();
+      });
   };
 }

package/src/normalize.ts

@@ -1,16 +1,8 @@
-function normalizeStringId(raw: string | number): string | undefined {
+export function normalizeStringId(raw: string | number): string | undefined {
   const normalized = String(raw).trim();
   return normalized || undefined;
 }
 
-export function normalizeGroupMeUserId(raw: string | number): string | undefined {
-  return normalizeStringId(raw);
-}
-
-export function normalizeGroupMeGroupId(raw: string | number): string | undefined {
-  return normalizeStringId(raw);
-}
-
 const TARGET_PREFIX_RE = /^(groupme:)?(user:|group:)?/i;
 
 export function normalizeGroupMeTarget(raw: string): string | undefined {