openclaw-groupme 0.4.2 → 0.4.4

package/dist/src/history.js

@@ -0,0 +1,37 @@
+export const DEFAULT_GROUPME_HISTORY_LIMIT = 20;
+export function resolveGroupMeHistoryLimit(configured) {
+    if (!Number.isFinite(configured)) {
+        return DEFAULT_GROUPME_HISTORY_LIMIT;
+    }
+    const normalized = Math.floor(configured);
+    if (normalized < 0) {
+        return DEFAULT_GROUPME_HISTORY_LIMIT;
+    }
+    return normalized;
+}
+export function resolveGroupMeBodyForAgent(params) {
+    const { rawBody, imageUrls } = params;
+    const trimmed = rawBody.trim();
+    if (trimmed) {
+        return trimmed;
+    }
+    if (imageUrls.length > 0) {
+        return imageUrls.map((url) => `Image: ${url}`).join("\n");
+    }
+    return rawBody;
+}
+export function buildGroupMeHistoryEntry(params) {
+    const body = params.body.trim();
+    if (!body) {
+        return null;
+    }
+    return {
+        sender: params.senderName,
+        body,
+        timestamp: params.timestamp,
+        messageId: params.messageId,
+    };
+}
+export function formatGroupMeHistoryEntry(entry) {
+    return `${entry.sender}: ${entry.body}`;
+}

package/dist/src/inbound.js

@@ -0,0 +1,308 @@
+import { buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, createReplyPrefixOptions, logInboundDrop, recordPendingHistoryEntryIfEnabled, resolveControlCommandGate, resolveMentionGatingWithBypass, } from "openclaw/plugin-sdk";
+import { buildGroupMeHistoryEntry, formatGroupMeHistoryEntry, resolveGroupMeBodyForAgent, } from "./history.js";
+import { extractImageUrls, detectGroupMeMention } from "./parse.js";
+import { resolveSenderAccess } from "./policy.js";
+import { getGroupMeRuntime } from "./runtime.js";
+import { GROUPME_MAX_TEXT_LENGTH, sendGroupMeMedia, sendGroupMeText, } from "./send.js";
+import { resolveGroupMeSecurity } from "./security.js";
+const CHANNEL_ID = "groupme";
+function resolveTextChunkLimit(account) {
+    const configured = account.config.textChunkLimit;
+    if (!Number.isFinite(configured)) {
+        return GROUPME_MAX_TEXT_LENGTH;
+    }
+    const value = Math.floor(configured);
+    if (value <= 0) {
+        return GROUPME_MAX_TEXT_LENGTH;
+    }
+    return Math.min(value, GROUPME_MAX_TEXT_LENGTH);
+}
+function chunkReplyText(params) {
+    const trimmed = params.text.trim();
+    if (!trimmed) {
+        return [];
+    }
+    return params.core.channel.text
+        .chunkMarkdownText(trimmed, params.limit)
+        .filter(Boolean);
+}
+async function deliverGroupMeReply(params) {
+    const { payload, account, cfg, target, statusSink } = params;
+    const core = getGroupMeRuntime();
+    const text = payload.text ?? "";
+    const mediaUrls = payload.mediaUrls?.length
+        ? payload.mediaUrls
+        : payload.mediaUrl
+            ? [payload.mediaUrl]
+            : [];
+    if (!text.trim() && mediaUrls.length === 0) {
+        return;
+    }
+    const chunks = chunkReplyText({
+        text,
+        limit: resolveTextChunkLimit(account),
+        core,
+    });
+    const sendTextChunk = async (chunk) => {
+        await sendGroupMeText({
+            cfg,
+            to: target,
+            text: chunk,
+            accountId: account.accountId,
+        });
+        statusSink?.({ lastOutboundAt: Date.now() });
+        core.channel.activity.record({
+            channel: CHANNEL_ID,
+            accountId: account.accountId,
+            direction: "outbound",
+        });
+    };
+    if (mediaUrls.length === 0) {
+        for (const chunk of chunks) {
+            await sendTextChunk(chunk);
+        }
+        return;
+    }
+    const [firstMedia, ...restMedia] = mediaUrls;
+    const [firstChunk, ...restChunks] = chunks;
+    await sendGroupMeMedia({
+        cfg,
+        to: target,
+        text: firstChunk ?? "",
+        mediaUrl: firstMedia,
+        accountId: account.accountId,
+    });
+    statusSink?.({ lastOutboundAt: Date.now() });
+    core.channel.activity.record({
+        channel: CHANNEL_ID,
+        accountId: account.accountId,
+        direction: "outbound",
+    });
+    for (const chunk of restChunks) {
+        await sendTextChunk(chunk);
+    }
+    for (const mediaUrl of restMedia) {
+        await sendGroupMeMedia({
+            cfg,
+            to: target,
+            text: "",
+            mediaUrl,
+            accountId: account.accountId,
+        });
+        statusSink?.({ lastOutboundAt: Date.now() });
+        core.channel.activity.record({
+            channel: CHANNEL_ID,
+            accountId: account.accountId,
+            direction: "outbound",
+        });
+    }
+}
+export async function handleGroupMeInbound(params) {
+    const { message, account, config, runtime, groupHistories, historyLimit, statusSink, } = params;
+    const core = getGroupMeRuntime();
+    const inboundTimestamp = message.createdAt * 1000;
+    statusSink?.({ lastInboundAt: inboundTimestamp });
+    core.channel.activity.record({
+        channel: CHANNEL_ID,
+        accountId: account.accountId,
+        direction: "inbound",
+        at: inboundTimestamp,
+    });
+    const allowFrom = account.config.allowFrom ?? [];
+    const security = resolveGroupMeSecurity(account.config);
+    const senderAllowed = resolveSenderAccess({
+        senderId: message.senderId,
+        allowFrom,
+    });
+    if (!senderAllowed) {
+        runtime.log?.(`groupme: drop sender ${message.senderId} (not in allowFrom)`);
+        return;
+    }
+    const route = core.channel.routing.resolveAgentRoute({
+        cfg: config,
+        channel: CHANNEL_ID,
+        accountId: account.accountId,
+        peer: {
+            kind: "group",
+            id: message.groupId,
+        },
+    });
+    const mentionRegexes = core.channel.mentions.buildMentionRegexes(config, route.agentId);
+    const requireMention = account.config.requireMention ?? true;
+    const wasMentioned = detectGroupMeMention({
+        text: message.text,
+        botName: account.config.botName,
+        channelMentionPatterns: account.config.mentionPatterns,
+        mentionRegexes,
+    });
+    const allowTextCommands = core.channel.commands.shouldHandleTextCommands({
+        cfg: config,
+        surface: CHANNEL_ID,
+    });
+    const hasControlCommand = core.channel.text.hasControlCommand(message.text, config);
+    const commandBypassNeedsAllowFrom = security.commandBypass.requireAllowFrom && hasControlCommand;
+    const commandBypassCanSkipMention = !(security.commandBypass.requireMentionForCommands &&
+        requireMention &&
+        hasControlCommand);
+    const commandGate = resolveControlCommandGate({
+        useAccessGroups: config.commands?.useAccessGroups !== false || commandBypassNeedsAllowFrom,
+        authorizers: [{ configured: allowFrom.length > 0, allowed: senderAllowed }],
+        allowTextCommands,
+        hasControlCommand,
+    });
+    if (commandGate.shouldBlock) {
+        logInboundDrop({
+            log: (line) => runtime.log?.(line),
+            channel: CHANNEL_ID,
+            reason: "control command (unauthorized)",
+            target: message.senderId,
+        });
+        return;
+    }
+    const mentionGate = resolveMentionGatingWithBypass({
+        isGroup: true,
+        requireMention,
+        canDetectMention: true,
+        wasMentioned,
+        hasAnyMention: false,
+        allowTextCommands,
+        hasControlCommand: commandBypassCanSkipMention ? hasControlCommand : false,
+        commandAuthorized: commandBypassCanSkipMention
+            ? commandGate.commandAuthorized
+            : false,
+    });
+    const imageUrls = extractImageUrls(message.attachments);
+    const rawBody = message.text;
+    const bodyForAgent = resolveGroupMeBodyForAgent({
+        rawBody,
+        imageUrls,
+    });
+    if (mentionGate.shouldSkip) {
+        const buffered = recordPendingHistoryEntryIfEnabled({
+            historyMap: groupHistories,
+            historyKey: message.groupId,
+            limit: historyLimit,
+            entry: buildGroupMeHistoryEntry({
+                senderName: message.name,
+                body: bodyForAgent,
+                timestamp: inboundTimestamp,
+                messageId: message.id,
+            }),
+        });
+        if (buffered.length > 0) {
+            runtime.log?.(`groupme: buffered message from ${message.name} (${buffered.length}/${historyLimit})`);
+        }
+        else {
+            runtime.log?.("groupme: skip message (mention required, not mentioned)");
+        }
+        return;
+    }
+    const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(config);
+    const storePath = core.channel.session.resolveStorePath(config.session?.store, {
+        agentId: route.agentId,
+    });
+    const previousTimestamp = core.channel.session.readSessionUpdatedAt({
+        storePath,
+        sessionKey: route.sessionKey,
+    });
+    const body = core.channel.reply.formatAgentEnvelope({
+        channel: "GroupMe",
+        from: message.name,
+        timestamp: inboundTimestamp,
+        previousTimestamp,
+        envelope: envelopeOptions,
+        body: bodyForAgent,
+    });
+    const shouldUseHistoryBuffer = requireMention && historyLimit > 0;
+    const historyEntriesForContext = shouldUseHistoryBuffer
+        ? [...(groupHistories.get(message.groupId) ?? [])]
+        : [];
+    if (shouldUseHistoryBuffer) {
+        clearHistoryEntriesIfEnabled({
+            historyMap: groupHistories,
+            historyKey: message.groupId,
+            limit: historyLimit,
+        });
+    }
+    const combinedBody = shouldUseHistoryBuffer
+        ? buildPendingHistoryContextFromMap({
+            historyMap: new Map([[message.groupId, historyEntriesForContext]]),
+            historyKey: message.groupId,
+            limit: historyLimit,
+            currentMessage: body,
+            formatEntry: formatGroupMeHistoryEntry,
+        })
+        : body;
+    const inboundHistory = shouldUseHistoryBuffer
+        ? historyEntriesForContext.map((entry) => ({
+            sender: entry.sender,
+            body: entry.body,
+            timestamp: entry.timestamp,
+        }))
+        : undefined;
+    const ctxPayload = core.channel.reply.finalizeInboundContext({
+        Body: combinedBody,
+        BodyForAgent: bodyForAgent,
+        InboundHistory: inboundHistory,
+        RawBody: rawBody,
+        CommandBody: rawBody,
+        From: `groupme:user:${message.senderId}`,
+        To: `groupme:group:${message.groupId}`,
+        SessionKey: route.sessionKey,
+        AccountId: route.accountId,
+        ChatType: "group",
+        ConversationLabel: `groupme:${message.groupId}`,
+        SenderName: message.name,
+        SenderId: message.senderId,
+        Provider: CHANNEL_ID,
+        Surface: CHANNEL_ID,
+        WasMentioned: mentionGate.effectiveWasMentioned,
+        MessageSid: message.id,
+        Timestamp: inboundTimestamp,
+        OriginatingChannel: CHANNEL_ID,
+        OriginatingTo: `groupme:group:${message.groupId}`,
+        GroupSpace: message.groupId,
+        CommandAuthorized: commandGate.commandAuthorized,
+        MediaUrl: imageUrls[0],
+        MediaUrls: imageUrls.length > 0 ? imageUrls : undefined,
+    });
+    await core.channel.session.recordInboundSession({
+        storePath,
+        sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+        ctx: ctxPayload,
+        onRecordError: (err) => {
+            runtime.error?.(`groupme: failed updating session meta: ${String(err)}`);
+        },
+    });
+    const { onModelSelected, ...prefixOptions } = createReplyPrefixOptions({
+        cfg: config,
+        agentId: route.agentId,
+        channel: CHANNEL_ID,
+        accountId: account.accountId,
+    });
+    await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+        ctx: ctxPayload,
+        cfg: config,
+        dispatcherOptions: {
+            ...prefixOptions,
+            deliver: async (payload) => {
+                await deliverGroupMeReply({
+                    payload,
+                    account,
+                    cfg: config,
+                    target: `groupme:group:${message.groupId}`,
+                    statusSink,
+                });
+            },
+            onError: (err, info) => {
+                runtime.error?.(`groupme ${info.kind} reply failed: ${String(err)}`);
+            },
+        },
+        replyOptions: {
+            onModelSelected,
+            disableBlockStreaming: typeof account.config.blockStreaming === "boolean"
+                ? !account.config.blockStreaming
+                : undefined,
+        },
+    });
+}

package/dist/src/monitor.js

@@ -0,0 +1,234 @@
+import { readJsonBodyWithLimit, requestBodyErrorToText, } from "openclaw/plugin-sdk";
+import { resolveGroupMeHistoryLimit } from "./history.js";
+import { handleGroupMeInbound } from "./inbound.js";
+import { parseGroupMeCallback, shouldProcessCallback } from "./parse.js";
+import { GroupMeRateLimiter } from "./rate-limit.js";
+import { GroupMeReplayCache, buildReplayKey } from "./replay-cache.js";
+import { checkGroupBinding, redactCallbackUrl, resolveGroupMeSecurity, validateProxyRequest, verifyCallbackAuth, } from "./security.js";
+// GroupMe callbacks are small JSON payloads; use tighter limits than the SDK
+// defaults (DEFAULT_WEBHOOK_MAX_BODY_BYTES = 1 MB, DEFAULT_WEBHOOK_BODY_TIMEOUT_MS = 30 s).
+const GROUPME_WEBHOOK_MAX_BODY_BYTES = 64 * 1024;
+const GROUPME_WEBHOOK_BODY_TIMEOUT_MS = 15_000;
+function rejectDecision(params) {
+    return {
+        kind: "reject",
+        status: params.status,
+        reason: params.reason,
+        logLevel: params.logLevel ?? "warn",
+    };
+}
+const STATUS_TEXT = {
+    400: "Bad Request",
+    401: "Unauthorized",
+    403: "Forbidden",
+    404: "Not Found",
+    405: "Method Not Allowed",
+    408: "Request Timeout",
+    413: "Payload Too Large",
+    429: "Too Many Requests",
+};
+function formatRejectionBody(status) {
+    return STATUS_TEXT[status] ?? "rejected";
+}
+function asRequestBodyErrorCode(value) {
+    if (value === "PAYLOAD_TOO_LARGE" ||
+        value === "REQUEST_BODY_TIMEOUT" ||
+        value === "CONNECTION_CLOSED") {
+        return value;
+    }
+    return null;
+}
+function logWebhookRejection(params) {
+    if (!params.security.logging.logRejectedRequests) {
+        return;
+    }
+    const url = params.security.logging.redactSecrets
+        ? redactCallbackUrl(`${params.reqUrl.pathname}${params.reqUrl.search}`, params.security)
+        : `${params.reqUrl.pathname}${params.reqUrl.search}`;
+    const line = `groupme: webhook rejected (${params.decision.reason}) status=${params.decision.status} url=${url}`;
+    if (params.decision.logLevel === "warn") {
+        params.runtime.error?.(line);
+        return;
+    }
+    params.runtime.log?.(line);
+}
+async function decideWebhookRequest(params) {
+    const reqUrl = new URL(params.req.url ?? "/", "http://localhost");
+    if (params.req.method !== "POST") {
+        return rejectDecision({
+            status: 405,
+            reason: "invalid_method",
+            logLevel: "debug",
+        });
+    }
+    const auth = verifyCallbackAuth({ url: reqUrl, security: params.security });
+    if (!auth.ok && auth.reason !== "disabled") {
+        return rejectDecision({
+            status: params.security.callbackRejectStatus,
+            reason: `auth_${auth.reason}`,
+            logLevel: "warn",
+        });
+    }
+    const proxyValidation = validateProxyRequest({
+        headers: params.req.headers,
+        remoteAddress: params.req.socket.remoteAddress ?? "",
+        socketEncrypted: Boolean(params.req.socket.encrypted),
+        security: params.security,
+    });
+    if (!proxyValidation.ok) {
+        return rejectDecision({
+            status: proxyValidation.status,
+            reason: `proxy_${proxyValidation.reason}`,
+            logLevel: "warn",
+        });
+    }
+    const body = await readJsonBodyWithLimit(params.req, {
+        maxBytes: GROUPME_WEBHOOK_MAX_BODY_BYTES,
+        timeoutMs: GROUPME_WEBHOOK_BODY_TIMEOUT_MS,
+        emptyObjectOnEmpty: false,
+    });
+    if (!body.ok) {
+        let status;
+        if (body.code === "PAYLOAD_TOO_LARGE") {
+            status = 413;
+        }
+        else if (body.code === "REQUEST_BODY_TIMEOUT") {
+            status = 408;
+        }
+        else {
+            status = 400;
+        }
+        return rejectDecision({
+            status,
+            reason: `body_${body.code.toLowerCase()}`,
+            logLevel: "debug",
+        });
+    }
+    const message = parseGroupMeCallback(body.value);
+    if (!message) {
+        return rejectDecision({
+            status: 400,
+            reason: "parse_invalid_callback",
+            logLevel: "debug",
+        });
+    }
+    const ignoreReason = shouldProcessCallback(message);
+    if (ignoreReason) {
+        return rejectDecision({
+            status: 200,
+            reason: `ignore_${ignoreReason.replace(/\s+/g, "_")}`,
+            logLevel: "debug",
+        });
+    }
+    const groupBinding = checkGroupBinding({
+        groupId: params.security.groupId,
+        inboundGroupId: message.groupId,
+    });
+    if (!groupBinding.ok) {
+        return rejectDecision({
+            status: 403,
+            reason: "group_binding_mismatch",
+            logLevel: "warn",
+        });
+    }
+    if (params.security.replay.enabled) {
+        const replay = params.replayCache.checkAndRemember(buildReplayKey(message));
+        if (replay.kind === "duplicate") {
+            return rejectDecision({
+                status: 200,
+                reason: "duplicate_replay",
+                logLevel: "debug",
+            });
+        }
+    }
+    if (!params.security.rateLimit.enabled) {
+        return { kind: "accept", message, release: () => undefined };
+    }
+    const rate = params.rateLimiter.evaluate({
+        ip: proxyValidation.context.clientIp,
+        senderId: message.senderId,
+    });
+    if (rate.kind === "rejected") {
+        return rejectDecision({
+            status: 429,
+            reason: `rate_limited_${rate.scope}`,
+            logLevel: "warn",
+        });
+    }
+    return { kind: "accept", message, release: rate.release };
+}
+export function createGroupMeWebhookHandler(params) {
+    const groupHistories = new Map();
+    const historyLimit = resolveGroupMeHistoryLimit(params.account.config.historyLimit);
+    const security = resolveGroupMeSecurity(params.account.config);
+    if (!security.groupId) {
+        params.runtime.error?.("groupme: WARNING — no groupId configured; all inbound messages will be rejected. Set groupId in your account config.");
+    }
+    const replayCache = new GroupMeReplayCache({
+        ttlSeconds: security.replay.ttlSeconds,
+        maxEntries: security.replay.maxEntries,
+    });
+    const rateLimiter = new GroupMeRateLimiter({
+        windowMs: security.rateLimit.windowMs,
+        maxRequestsPerIp: security.rateLimit.maxRequestsPerIp,
+        maxRequestsPerSender: security.rateLimit.maxRequestsPerSender,
+        maxConcurrent: security.rateLimit.maxConcurrent,
+    });
+    return async (req, res) => {
+        const decision = await decideWebhookRequest({
+            req,
+            security,
+            replayCache,
+            rateLimiter,
+        });
+        if (decision.kind === "reject") {
+            const reqUrl = new URL(req.url ?? "/", "http://localhost");
+            logWebhookRejection({
+                runtime: params.runtime,
+                security,
+                decision,
+                reqUrl,
+            });
+            if (decision.status === 405) {
+                res.setHeader("Allow", "POST");
+            }
+            res.statusCode = decision.status;
+            if (decision.status === 200) {
+                res.end("ok");
+                return;
+            }
+            if (decision.reason.startsWith("body_")) {
+                const code = decision.reason.slice("body_".length).toUpperCase();
+                if (code === "INVALID_JSON") {
+                    res.end("Invalid JSON");
+                    return;
+                }
+                const requestBodyErrorCode = asRequestBodyErrorCode(code);
+                if (requestBodyErrorCode) {
+                    res.end(requestBodyErrorToText(requestBodyErrorCode));
+                    return;
+                }
+            }
+            res.end(formatRejectionBody(decision.status));
+            return;
+        }
+        const { message, release } = decision;
+        res.statusCode = 200;
+        res.end("ok");
+        void handleGroupMeInbound({
+            message,
+            account: params.account,
+            config: params.config,
+            runtime: params.runtime,
+            statusSink: params.statusSink,
+            groupHistories,
+            historyLimit,
+        })
+            .catch((err) => {
+            params.runtime.error?.(`groupme: inbound processing failed: ${String(err)}`);
+        })
+            .finally(() => {
+            release();
+        });
+    };
+}

package/dist/src/normalize.js

@@ -0,0 +1,30 @@
+export function normalizeStringId(raw) {
+    const normalized = String(raw).trim();
+    return normalized || undefined;
+}
+const TARGET_PREFIX_RE = /^(groupme:)?(user:|group:)?/i;
+export function normalizeGroupMeTarget(raw) {
+    const trimmed = raw.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    const stripped = trimmed.replace(TARGET_PREFIX_RE, "").trim();
+    return stripped || undefined;
+}
+export function normalizeGroupMeAllowEntry(raw) {
+    const normalized = normalizeGroupMeTarget(raw);
+    if (!normalized) {
+        return undefined;
+    }
+    return normalized.toLowerCase() === "*" ? "*" : normalized;
+}
+export function looksLikeGroupMeTargetId(raw) {
+    const normalized = normalizeGroupMeTarget(raw);
+    if (!normalized) {
+        return false;
+    }
+    if (normalized === "*") {
+        return false;
+    }
+    return !/\s/.test(normalized);
+}