openclaw-groupme 0.4.4 → 0.5.0

package/README.md

@@ -1,6 +1,22 @@
 # openclaw-groupme
 
-An [OpenClaw](https://github.com/oddrationale/openclaw) channel plugin that brings your AI agent into GroupMe group chats. It hooks into GroupMe's Bot API via webhooks so your agent can receive messages, understand context, and reply — all within the group conversations your team (or friends) are already having. Group chats only; DMs are not supported by the GroupMe Bot API.
+[![npm version](https://img.shields.io/npm/v/openclaw-groupme.svg)](https://www.npmjs.com/package/openclaw-groupme)
+[![npm downloads](https://img.shields.io/npm/dm/openclaw-groupme.svg)](https://www.npmjs.com/package/openclaw-groupme)
+[![CI](https://github.com/oddrationale/openclaw-groupme/actions/workflows/ci.yml/badge.svg)](https://github.com/oddrationale/openclaw-groupme/actions/workflows/ci.yml)
+[![CodeQL](https://github.com/oddrationale/openclaw-groupme/actions/workflows/codeql.yml/badge.svg)](https://github.com/oddrationale/openclaw-groupme/actions/workflows/codeql.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Node.js](https://img.shields.io/node/v/openclaw-groupme.svg)](https://nodejs.org)
+[![OpenClaw](https://img.shields.io/badge/OpenClaw-%E2%89%A5%202026.6.1-6f42c1.svg)](https://github.com/openclaw/openclaw)
+
+An [OpenClaw](https://github.com/openclaw/openclaw) channel plugin that brings your AI agent into GroupMe group chats. It hooks into GroupMe's Bot API via webhooks so your agent can receive messages, understand context, and reply — all within the group conversations your team (or friends) are already having. Group chats only; DMs are not supported by the GroupMe Bot API.
+
+## Requirements
+
+- **OpenClaw** `>= 2026.6.1` — this plugin targets the 2026.6.1 plugin SDK.
+- **Node.js** `>= 22.19.0` — matches OpenClaw's runtime.
+- A reachable, public **HTTPS** endpoint for the GroupMe callback (see [Prerequisites](#prerequisites)).
+
+> New to OpenClaw? Start with the [OpenClaw docs](https://docs.openclaw.ai) and the [channels overview](https://docs.openclaw.ai/channels).
 
 ## Install
 
@@ -20,7 +36,7 @@ After installing, restart the gateway so it picks up the new plugin:
 openclaw gateway restart
 ```
 
-That's it — the plugin is loaded and ready to configure.
+That's it — the plugin is loaded and ready to configure. (It ships compiled, so there's no build step on your end.)
 
 ## Prerequisites
 
@@ -66,31 +82,33 @@ The interactive wizard is the easiest way to get started. It creates a new Group
 openclaw channels add
 ```
 
-**2.** When asked "Configure chat channels now?", select **Yes**.
+> You can also reach the same GroupMe wizard from the broader setup flows: `openclaw configure --section channels` or the first-run `openclaw onboard`.
 
-**3.** Use the arrow keys to select **GroupMe** from the channel list.
+**2.** Choose **GroupMe** from the channel list (use the arrow keys to select it).
 
-**4.** Enter a **bot name**. This is the display name your bot will use in the group (e.g., `openclaw`). This name is also used for mention detection.
+**3.** Enter a **bot name**. This is the display name your bot will use in the group (e.g., `openclaw`). This name is also used for mention detection.
 
-**5.** Paste your **GroupMe access token** when prompted.
+**4.** Paste your **GroupMe access token** when prompted.
 
-**6.** The wizard fetches your groups from GroupMe. **Select the group** you want the bot to live in.
+**5.** The wizard fetches your groups from GroupMe. **Select the group** you want the bot to live in.
 
-**7.** Choose whether to **require an @mention**:
+**6.** Choose whether to **require an @mention**:
    - **Yes** — The bot only responds when someone mentions it by name (e.g., "hey @openclaw, what's the weather?"). This is great for groups with multiple people where you don't want the bot jumping into every conversation.
    - **No** — The bot responds to every message in the group. Perfect if you're the only human in the group and want a direct chat experience.
 
-**8.** Enter the **public domain** that will host your callback URL. This should be the domain name (or public IP) that can reach your OpenClaw gateway — for example, `bot.example.com`. The wizard generates a secure callback URL with a random path and secret token.
+**7.** Enter the **public domain** that will host your callback URL. This should be the domain name (or public IP) that can reach your OpenClaw gateway — for example, `bot.example.com`. The wizard generates a secure callback URL with a random path and secret token, then registers the bot with GroupMe.
 
-**9.** The wizard registers the bot with GroupMe and writes the config. You'll see a summary of what was created.
+**8.** The wizard writes the config and shows a summary of what was created.
 
-**10.** Restart the gateway:
+**9.** Restart the gateway:
 
 ```bash
 openclaw gateway restart
 ```
 
-**11.** Send a test message in the GroupMe group. If everything is wired up correctly, your bot should respond. Make sure your reverse proxy or port forwarding is configured to route the callback URL to your gateway.
+**10.** Send a test message in the GroupMe group. If everything is wired up correctly, your bot should respond. Make sure your reverse proxy or port forwarding is configured to route the callback URL to your gateway.
+
+> **After the wizard — hardening secrets (recommended for production):** the wizard writes your `accessToken`, `botId`, and `callbackToken` as plaintext literals in `openclaw.json`. That's fine for local testing, but for production you should migrate them to [SecretRefs](#secrets) so no plaintext credentials live in your config. See [Secrets](#secrets) below.
 
 ## Setup: Non-Interactive CLI
 
@@ -102,7 +120,7 @@ If you already have a GroupMe bot created (maybe from the [Bots page](https://de
 openclaw channels add --channel groupme \
   --token "YOUR_GROUPME_BOT_ID" \
   --access-token "YOUR_GROUPME_ACCESS_TOKEN" \
-  --webhook-url "/groupme/callback?k=YOUR_SECRET"
+  --webhook-path "/groupme/callback"
 ```
 
 For named accounts (useful if you're running multiple bots):
@@ -113,26 +131,28 @@ openclaw channels add --channel groupme \
   --name "Work Bot" \
   --token "YOUR_GROUPME_BOT_ID" \
   --access-token "YOUR_GROUPME_ACCESS_TOKEN" \
-  --webhook-url "/groupme/callback?k=YOUR_SECRET"
+  --webhook-path "/groupme/callback"
 ```
 
 | Flag | Maps to config | Description |
 | ---- | -------------- | ----------- |
 | `--token` | `botId` | Your GroupMe Bot ID |
 | `--access-token` | `accessToken` | Your GroupMe access token |
-| `--webhook-url` | `callbackUrl` | Full relative webhook URL (path + query token) |
-| `--webhook-path` | `callbackUrl` | Alias for `--webhook-url` |
+| `--webhook-url` | `webhookPath` (+ `callbackToken` if a `?k=` is present) | Full webhook URL; the path and `k` token are extracted |
+| `--webhook-path` | `webhookPath` (+ `callbackToken` if a `?k=` is present) | Relative webhook route path |
 | `--account` | account ID | Named account identifier |
 | `--name` | `name` | Display name for the account |
 
-> **Note:** The non-interactive CLI does not prompt for `botName`, `groupId`, `requireMention`, or `publicDomain`. You can add these manually in your config file afterward, or set them via environment variables.
+> **Note:** The non-interactive CLI does not prompt for `botName`, `groupId`, `requireMention`, `publicDomain`, or `callbackToken`. Add those manually afterward (a `?k=<token>` on `--webhook-path`/`--webhook-url` is the one exception — it's parsed into `callbackToken`), or use the interactive wizard to generate complete webhook settings.
 
-After adding the channel, make sure the callback URL you gave GroupMe (when you created the bot) matches what you passed to `--webhook-url`. Then restart the gateway:
+After adding the channel, make sure the callback URL you gave GroupMe uses the configured `webhookPath` and `callbackToken`. Then restart the gateway:
 
 ```bash
 openclaw gateway restart
 ```
 
+Run `openclaw channels add --help` to see the full list of per-channel flags.
+
 ## Manual Config Example
 
 If you prefer editing config files directly, here's what a complete setup looks like:
@@ -147,21 +167,62 @@ If you prefer editing config files directly, here's what a complete setup looks
       "botId": "YOUR_GROUPME_BOT_ID",
       "groupId": "YOUR_GROUPME_GROUP_ID",
       "publicDomain": "bot.example.com",
-      "callbackUrl": "/groupme/e60b3e59da98950f?k=YOUR_SECRET_TOKEN",
+      "webhookPath": "/groupme/e60b3e59da98950f",
+      "callbackToken": "YOUR_SECRET_TOKEN",
       "requireMention": true
     }
   }
 }
 ```
 
+## Multiple Accounts
+
+Each GroupMe bot is bound to a single group, so running the bot in more than one group means configuring more than one account. Top-level fields act as the `default` account, and additional accounts live under `accounts.<id>`. Named accounts inherit any fields you don't override.
+
+```json
+{
+  "channels": {
+    "groupme": {
+      "enabled": true,
+      "defaultAccount": "family",
+      "botName": "openclaw",
+      "accounts": {
+        "family": {
+          "name": "Family Bot",
+          "accessToken": "FAMILY_ACCESS_TOKEN",
+          "botId": "FAMILY_BOT_ID",
+          "groupId": "FAMILY_GROUP_ID",
+          "publicDomain": "bot.example.com",
+          "webhookPath": "/groupme/family-a1b2c3",
+          "callbackToken": "FAMILY_SECRET_TOKEN",
+          "requireMention": false
+        },
+        "work": {
+          "name": "Work Bot",
+          "accessToken": "WORK_ACCESS_TOKEN",
+          "botId": "WORK_BOT_ID",
+          "groupId": "WORK_GROUP_ID",
+          "publicDomain": "bot.example.com",
+          "webhookPath": "/groupme/work-d4e5f6",
+          "callbackToken": "WORK_SECRET_TOKEN",
+          "requireMention": true
+        }
+      }
+    }
+  }
+}
+```
+
+Each account needs its **own** `webhookPath` and `callbackToken`, since each registered bot has its own callback URL.
+
 ## Reconfiguring an Existing Setup
 
-If GroupMe is already configured and you run `openclaw configure` again, you'll get a menu of targeted actions instead of repeating the full wizard:
+If GroupMe is already configured and you run `openclaw configure --section channels` (or `openclaw channels add`) again, you'll get a menu of targeted actions instead of repeating the full wizard:
 
 - **Skip** — leave everything as-is
 - **Rotate access token** — replace the stored access token (validates the new token by fetching your groups)
 - **Change group** — pick a different GroupMe group and optionally register a new bot in it
-- **Regenerate callback URL** — create a new random callback path and secret token (you'll need to update the bot's callback URL in GroupMe afterward)
+- **Regenerate webhook settings** — create a new random webhook path and callback token (you'll need to update the bot's callback URL in GroupMe afterward)
 - **Toggle requireMention** — flip mention-required mode on or off
 - **Update public domain** — change the public domain used for callback URLs
 - **Full re-setup** — start from scratch with the interactive wizard
@@ -231,7 +292,7 @@ The plugin ships with some security defaults out of the box. Replay protection a
 Every incoming webhook request goes through this gauntlet before your agent ever sees it:
 
 1. **Method check** — Only `POST` requests are accepted (405 for everything else)
-2. **Callback token auth** — The `k` query parameter in the callback URL is verified using timing-safe comparison
+2. **Callback token auth** — The `k` query parameter in the callback URL is verified against `callbackToken` using timing-safe comparison
 3. **Proxy validation** — If configured, validates trusted proxy headers, allowed hosts, and HTTPS protocol
 4. **Body parsing** — 64KB size limit, 15-second timeout
 5. **Payload parsing** — Extracts the GroupMe callback data and filters out bot messages, system messages, and empty messages
@@ -239,6 +300,8 @@ Every incoming webhook request goes through this gauntlet before your agent ever
 7. **Replay protection** — SHA-256 keyed deduplication with a sliding TTL window
 8. **Rate limiting** — Per-IP, per-sender, and global concurrency caps
 
+Accepted requests get an immediate `200 ok` and the message is processed asynchronously, so GroupMe never waits on your agent.
+
 ### Outbound Media Security
 
 When the bot sends image replies, outbound media fetches are hardened with:
@@ -296,6 +359,8 @@ You only need a `security` block if you want to override the defaults. Just incl
 | `security.media.requestTimeoutMs` | number | `10000` | Timeout for outbound media fetch requests (ms) |
 | `security.media.allowedMimePrefixes` | string[] | `["image/"]` | Allowed MIME type prefixes for outbound media |
 
+> **Inbound vs. outbound media limits:** the `security.media.*` settings above govern **outbound** media — images the bot downloads from a URL and re-uploads to GroupMe. The separate top-level `mediaMaxMb` field governs **inbound** media the OpenClaw runtime fetches from GroupMe callbacks. They are independent knobs.
+
 #### Logging
 
 | Field | Type | Default | Description |
@@ -321,47 +386,78 @@ Include a `proxy` block to enable trusted-proxy validation. This is useful when
 | `security.proxy.requireHttpsProto` | boolean | `false` | Require the effective protocol to be HTTPS |
 | `security.proxy.rejectStatus` | number | `403` | HTTP status for proxy-policy rejections (`400`, `403`, or `404`) |
 
-## Environment Variables
+## Secrets
+
+`botId`, `accessToken`, and `callbackToken` are OpenClaw secret inputs. You can store literal values, but **for production the recommended approach is SecretRefs** so no plaintext credentials live in your config — this matches OpenClaw's [secrets guidance](https://docs.openclaw.ai/gateway/secrets) and how official channels like Slack and Discord document setup. Plaintext is fully supported and fine for quick local testing.
 
-For the default account, you can use environment variables instead of (or alongside) config file values. This is handy for CI/CD, Docker deployments, or anywhere you'd rather not put secrets in a config file.
+The plugin does **not** read environment variables on its own. The `GROUPME_BOT_ID`, `GROUPME_ACCESS_TOKEN`, and `GROUPME_CALLBACK_TOKEN` names it declares (as `channelEnvVars`) are what OpenClaw surfaces as **env-backed SecretRefs** and for setup tooling — to actually use them, reference them from config with a SecretRef (shown below), or let the setup wizard write the config for you. Setting those env vars alone, without a SecretRef in config, is not enough to configure the channel.
 
-| Variable | Maps to config | Description |
-| -------- | -------------- | ----------- |
-| `GROUPME_BOT_ID` | `botId` | GroupMe Bot ID |
-| `GROUPME_ACCESS_TOKEN` | `accessToken` | GroupMe access token |
-| `GROUPME_BOT_NAME` | `botName` | Bot display name |
-| `GROUPME_GROUP_ID` | `groupId` | GroupMe group ID |
-| `GROUPME_PUBLIC_DOMAIN` | `publicDomain` | Public domain for the callback URL |
-| `GROUPME_CALLBACK_URL` | `callbackUrl` | Relative webhook URL (path + query token) |
+```json
+{
+  "channels": {
+    "groupme": {
+      "botId": { "source": "env", "provider": "default", "id": "GROUPME_BOT_ID" },
+      "accessToken": { "source": "env", "provider": "default", "id": "GROUPME_ACCESS_TOKEN" },
+      "callbackToken": { "source": "env", "provider": "default", "id": "GROUPME_CALLBACK_TOKEN" },
+      "groupId": "YOUR_GROUPME_GROUP_ID",
+      "webhookPath": "/groupme/callback"
+    }
+  }
+}
+```
 
-If both a config value and an environment variable are set, the **config value wins**. Environment variables only apply to the default account — named accounts must be configured in the config file.
+SecretRefs also support `file`- and `exec`-backed providers, and work per account (under `accounts.<id>`), not just the default account.
+
+### Migrating wizard-written plaintext to SecretRefs
+
+The setup wizard writes plaintext credentials. To convert them to SecretRefs (and scrub the plaintext residue), use OpenClaw's secrets workflow — GroupMe's `botId`, `accessToken`, and `callbackToken` are registered targets, so they show up in the planner automatically:
+
+```bash
+openclaw secrets configure          # plan the migration (interactive)
+openclaw secrets apply --from <plan> # write SecretRefs and scrub plaintext
+openclaw secrets audit --check       # verify no plaintext residue remains
+openclaw secrets reload              # re-resolve refs into the runtime snapshot
+```
 
 ## Config Reference
 
 | Field | Type | Default | Description |
 | ----- | ---- | ------- | ----------- |
-| `botId` | string | — | GroupMe Bot ID |
-| `accessToken` | string | — | GroupMe access token (required for image uploads and the interactive wizard) |
+| `enabled` | boolean | `true` | Whether the GroupMe channel/account is active; only an explicit `false` disables it. An account still needs a `botId` before it will actually run. |
+| `name` | string | — | Display name for the account |
+| `botId` | secret input | — | GroupMe Bot ID |
+| `accessToken` | secret input | — | GroupMe access token (required for image uploads and the interactive wizard) |
+| `callbackToken` | secret input | — | Secret expected in the inbound `k` query parameter |
 | `botName` | string | — | Bot display name, used for mention detection |
 | `groupId` | string | — | Expected GroupMe `group_id` for inbound binding |
 | `publicDomain` | string | — | Public domain where the gateway is reachable (e.g., `bot.example.com`) |
-| `callbackUrl` | string | `/groupme` | Relative webhook URL including query token |
+| `webhookPath` | string | `/groupme` | Relative webhook route path |
 | `requireMention` | boolean | `true` | Only respond when mentioned by name |
-| `historyLimit` | number | `20` | Max buffered messages per group (when `requireMention: true`) |
+| `historyLimit` | number | `20` | Max buffered messages per group (when `requireMention: true`); `0` disables buffering |
 | `mentionPatterns` | string[] | — | Custom regex patterns for mention detection |
 | `allowFrom` | array | — | Sender allowlist (`"*"` allows everyone) |
-| `textChunkLimit` | number | `1000` | Max characters per outbound text chunk |
+| `textChunkLimit` | number | `1000` | Max characters per outbound text chunk (capped at GroupMe's 1000-char limit) |
+| `responsePrefix` | string | — | Text prepended to each outbound reply |
+| `blockStreaming` | boolean | unset (OpenClaw default) | Override block streaming for this channel. When unset, OpenClaw's dispatcher default applies; set `true` to stream completed assistant blocks as separate messages, or `false` to send a single final reply |
+| `blockStreamingCoalesce` | object | — | Fine-tunes how streamed blocks are coalesced (see OpenClaw docs) |
+| `markdown` | object | — | Markdown rendering overrides for outbound messages |
+| `mediaMaxMb` | number | — | Max size (MB) for **inbound** media the OpenClaw runtime fetches from GroupMe. Distinct from `security.media.maxDownloadBytes`, which caps **outbound** media the bot downloads before re-uploading. |
 | `security` | object | — | Security overrides (see [Security](#security) section above) |
+| `accounts` | object | — | Named accounts (`accounts.<id>`), each accepting the fields above |
+| `defaultAccount` | string | — | Which named account is the default for outbound routing |
 
-## Callback URL Format
+## Webhook URL Format
 
-The `callbackUrl` stores the full relative webhook URL (path + secret query token):
+The plugin stores the route path and secret separately:
 
-```
-/groupme/e60b3e59da98950f?k=775c9958da544c73e6d97c04f884957caa174c8570889bbaa0900d6253f20bbc
+```json
+{
+  "webhookPath": "/groupme/e60b3e59da98950f",
+  "callbackToken": "775c9958da544c73e6d97c04f884957caa174c8570889bbaa0900d6253f20bbc"
+}
 ```
 
-The full URL you register with GroupMe is your public domain + this path:
+The full URL you register with GroupMe is your public domain plus the path and `k` token:
 
 ```
 https://bot.example.com/groupme/e60b3e59da98950f?k=775c9958da544c73e6d97c04f884957caa174c8570889bbaa0900d6253f20bbc
@@ -390,14 +486,14 @@ GroupMe bots are intentionally limited compared to full user accounts. These con
 ## Troubleshooting
 
 - **Bot doesn't respond:**
-  - Is your webhook URL public, HTTPS, and matching the `callbackUrl` in config?
+  - Is your webhook URL public, HTTPS, and matching `webhookPath` plus `callbackToken`?
   - Does `groupId` match the actual GroupMe group ID?
   - Is `botId` correct?
   - If `requireMention: true`, are you mentioning the bot by name?
   - Check `allowFrom` if you have a sender allowlist configured
 
 - **Webhook returns 404 or 403:**
-  - Verify the `k` token in the URL matches what's in `callbackUrl`
+  - Verify the `k` token in the URL matches `callbackToken`
   - Check `groupId` binding
   - If using proxy validation, check your `security.proxy` settings
 
@@ -425,6 +521,12 @@ openclaw channels logs --channel groupme
 openclaw channels status --probe
 ```
 
+## Resources
+
+- [OpenClaw documentation](https://docs.openclaw.ai) · [Channels](https://docs.openclaw.ai/channels) · [Plugins](https://docs.openclaw.ai/plugins)
+- [GroupMe developer portal](https://dev.groupme.com) · [Bots](https://dev.groupme.com/bots)
+- [Contributing guide](CONTRIBUTING.md) · [Security policy](SECURITY.md) · [Changelog](CHANGELOG.md)
+
 ## License
 
 [MIT](LICENSE)

package/channel-plugin-api.ts

@@ -0,0 +1,3 @@
+// Keep channel entry imports narrow so bootstrap/discovery paths do not pull
+// setup-only GroupMe surfaces into lightweight channel plugin loads.
+export { groupmePlugin } from "./src/channel.js";

package/dist/channel-plugin-api.js

@@ -0,0 +1,3 @@
+// Keep channel entry imports narrow so bootstrap/discovery paths do not pull
+// setup-only GroupMe surfaces into lightweight channel plugin loads.
+export { groupmePlugin } from "./src/channel.js";

package/dist/index.js

@@ -1,14 +1,20 @@
-import { emptyPluginConfigSchema } from "openclaw/plugin-sdk";
-import { groupmePlugin } from "./src/channel.js";
-import { setGroupMeRuntime } from "./src/runtime.js";
-const plugin = {
+import { defineBundledChannelEntry } from "openclaw/plugin-sdk/channel-entry-contract";
+const plugin = defineBundledChannelEntry({
     id: "groupme",
     name: "GroupMe",
     description: "GroupMe channel plugin",
-    configSchema: emptyPluginConfigSchema(),
-    register(api) {
-        setGroupMeRuntime(api.runtime);
-        api.registerChannel({ plugin: groupmePlugin });
+    importMetaUrl: import.meta.url,
+    plugin: {
+        specifier: "./channel-plugin-api.js",
+        exportName: "groupmePlugin",
     },
-};
+    secrets: {
+        specifier: "./secret-contract-api.js",
+        exportName: "channelSecrets",
+    },
+    runtime: {
+        specifier: "./runtime-setter-api.js",
+        exportName: "setGroupMeRuntime",
+    },
+});
 export default plugin;

package/dist/runtime-setter-api.js

@@ -0,0 +1 @@
+export { setGroupMeRuntime } from "./src/runtime.js";

package/dist/secret-contract-api.js

@@ -0,0 +1 @@
+export { channelSecrets, collectRuntimeConfigAssignments, secretTargetRegistryEntries, } from "./src/secret-contract.js";

package/dist/setup-entry.js

@@ -0,0 +1,16 @@
+import { defineBundledChannelSetupEntry } from "openclaw/plugin-sdk/channel-entry-contract";
+export default defineBundledChannelSetupEntry({
+    importMetaUrl: import.meta.url,
+    plugin: {
+        specifier: "./setup-plugin-api.js",
+        exportName: "groupmeSetupPlugin",
+    },
+    secrets: {
+        specifier: "./secret-contract-api.js",
+        exportName: "channelSecrets",
+    },
+    runtime: {
+        specifier: "./runtime-setter-api.js",
+        exportName: "setGroupMeRuntime",
+    },
+});

package/dist/setup-plugin-api.js

@@ -0,0 +1,3 @@
+// Keep setup entry imports narrow while reusing the same channel plugin setup
+// adapter until GroupMe grows a separate setup-only surface.
+export { groupmePlugin as groupmeSetupPlugin } from "./src/channel.js";

package/dist/src/accounts.js

@@ -1,10 +1,4 @@
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId, } from "openclaw/plugin-sdk/account-id";
-const ENV_BOT_ID = "GROUPME_BOT_ID";
-const ENV_ACCESS_TOKEN = "GROUPME_ACCESS_TOKEN";
-const ENV_BOT_NAME = "GROUPME_BOT_NAME";
-const ENV_CALLBACK_URL = "GROUPME_CALLBACK_URL";
-const ENV_GROUP_ID = "GROUPME_GROUP_ID";
-const ENV_PUBLIC_DOMAIN = "GROUPME_PUBLIC_DOMAIN";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id";
 export function readTrimmed(value) {
     if (typeof value !== "string") {
         return undefined;
@@ -12,6 +6,15 @@ export function readTrimmed(value) {
     const trimmed = value.trim();
     return trimmed || undefined;
 }
+export function hasSecretInput(value) {
+    if (typeof value === "string") {
+        return Boolean(value.trim());
+    }
+    return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+function trimSecretInput(value) {
+    return typeof value === "string" ? readTrimmed(value) : value;
+}
 function listConfiguredAccountIds(cfg) {
     const accounts = cfg.channels?.groupme?.accounts;
     if (!accounts || typeof accounts !== "object") {
@@ -40,9 +43,7 @@ function resolveAccountConfig(cfg, accountId) {
 function mergeAccountConfig(cfg, accountId) {
     const raw = (cfg.channels?.groupme ?? {});
     const { accounts: _ignored, defaultAccount: _ignored2, ...base } = raw;
-    const account = accountId === DEFAULT_ACCOUNT_ID
-        ? {}
-        : (resolveAccountConfig(cfg, accountId) ?? {});
+    const account = accountId === DEFAULT_ACCOUNT_ID ? {} : (resolveAccountConfig(cfg, accountId) ?? {});
     return {
         ...base,
         ...account,
@@ -50,10 +51,7 @@ function mergeAccountConfig(cfg, accountId) {
 }
 export function listGroupMeAccountIds(cfg) {
     const sorted = listConfiguredAccountIds(cfg).toSorted((a, b) => a.localeCompare(b));
-    return [
-        DEFAULT_ACCOUNT_ID,
-        ...sorted.filter((id) => id !== DEFAULT_ACCOUNT_ID),
-    ];
+    return [DEFAULT_ACCOUNT_ID, ...sorted.filter((id) => id !== DEFAULT_ACCOUNT_ID)];
 }
 export function resolveDefaultGroupMeAccountId(cfg) {
     const configuredDefault = readTrimmed(cfg.channels?.groupme?.defaultAccount);
@@ -64,54 +62,32 @@ export function resolveDefaultGroupMeAccountId(cfg) {
 }
 export function resolveGroupMeAccount(params) {
     const normalizedRequested = normalizeAccountId(params.accountId);
-    const accountId = normalizedRequested ||
-        resolveDefaultGroupMeAccountId(params.cfg) ||
-        DEFAULT_ACCOUNT_ID;
+    const accountId = normalizedRequested || resolveDefaultGroupMeAccountId(params.cfg) || DEFAULT_ACCOUNT_ID;
     const merged = mergeAccountConfig(params.cfg, accountId);
     const baseEnabled = params.cfg.channels?.groupme?.enabled !== false;
     const accountEnabled = merged.enabled !== false;
     const enabled = baseEnabled && accountEnabled;
-    const isDefaultAccount = accountId === DEFAULT_ACCOUNT_ID;
-    const botId = readTrimmed(merged.botId) ||
-        (isDefaultAccount ? readTrimmed(process.env[ENV_BOT_ID]) : undefined) ||
-        "";
-    const accessToken = readTrimmed(merged.accessToken) ||
-        (isDefaultAccount
-            ? readTrimmed(process.env[ENV_ACCESS_TOKEN])
-            : undefined) ||
-        "";
-    const botName = readTrimmed(merged.botName) ||
-        (isDefaultAccount ? readTrimmed(process.env[ENV_BOT_NAME]) : undefined) ||
-        undefined;
-    const groupId = readTrimmed(merged.groupId) ||
-        (isDefaultAccount
-            ? readTrimmed(process.env[ENV_GROUP_ID])
-            : undefined) ||
-        undefined;
-    const callbackUrl = readTrimmed(merged.callbackUrl) ||
-        (isDefaultAccount
-            ? readTrimmed(process.env[ENV_CALLBACK_URL])
-            : undefined) ||
-        undefined;
-    const publicDomain = readTrimmed(merged.publicDomain) ||
-        (isDefaultAccount
-            ? readTrimmed(process.env[ENV_PUBLIC_DOMAIN])
-            : undefined) ||
-        undefined;
+    const botId = readTrimmed(merged.botId) ?? "";
+    const accessToken = readTrimmed(merged.accessToken) ?? "";
+    const botName = readTrimmed(merged.botName);
+    const groupId = readTrimmed(merged.groupId);
+    const webhookPath = readTrimmed(merged.webhookPath);
+    const publicDomain = readTrimmed(merged.publicDomain);
     const config = {
         ...merged,
-        botId,
-        accessToken,
+        botId: trimSecretInput(merged.botId),
+        accessToken: trimSecretInput(merged.accessToken),
+        callbackToken: trimSecretInput(merged.callbackToken),
         botName,
         groupId,
         publicDomain,
-        callbackUrl,
+        webhookPath,
     };
     return {
         accountId,
         name: readTrimmed(merged.name),
         enabled,
-        configured: Boolean(botId),
+        configured: hasSecretInput(merged.botId),
         botId,
         accessToken,
         config,