openclaw-groupme 0.4.4 → 0.5.1

package/dist/src/channel.js

@@ -1,14 +1,15 @@
-import { applyAccountNameToChannelSection, buildChannelConfigSchema, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, migrateBaseNameToDefaultAccount, missingTargetError, normalizeAccountId, registerPluginHttpRoute, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk";
-import { listGroupMeAccountIds, resolveDefaultGroupMeAccountId, resolveGroupMeAccount, } from "./accounts.js";
+import { missingTargetError } from "openclaw/plugin-sdk/channel-feedback";
+import { applyAccountNameToChannelSection, buildChannelConfigSchema, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, migrateBaseNameToDefaultAccount, normalizeAccountId, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk/core";
+import { registerPluginHttpRoute } from "openclaw/plugin-sdk/webhook-ingress";
+import { hasSecretInput, listGroupMeAccountIds, resolveDefaultGroupMeAccountId, resolveGroupMeAccount, } from "./accounts.js";
 import { GroupMeConfigSchema } from "./config-schema.js";
 import { createGroupMeWebhookHandler } from "./monitor.js";
-import { normalizeGroupMeAllowEntry, normalizeGroupMeTarget, looksLikeGroupMeTargetId, } from "./normalize.js";
+import { looksLikeGroupMeTargetId, normalizeGroupMeAllowEntry, normalizeGroupMeTarget, } from "./normalize.js";
 import { groupmeOnboardingAdapter } from "./onboarding.js";
 import { getGroupMeRuntime } from "./runtime.js";
-import { redactCallbackUrl, resolveGroupMeSecurity } from "./security.js";
-import { GROUPME_MAX_TEXT_LENGTH, sendGroupMeMedia, sendGroupMeText, } from "./send.js";
+import { GROUPME_MAX_TEXT_LENGTH, sendGroupMeMedia, sendGroupMeText } from "./send.js";
 const CHANNEL_ID = "groupme";
-function normalizeCallbackUrl(raw) {
+function normalizeWebhookPath(raw) {
     const trimmed = raw?.trim() ?? "";
     if (!trimmed) {
         return "/groupme";
@@ -18,20 +19,34 @@ function normalizeCallbackUrl(raw) {
         return parsed.pathname || "/groupme";
     }
     catch {
-        const noQuery = trimmed.split("?")[0] ?? trimmed;
+        // Unparseable input (e.g. "http://%"): strip any query/fragment and ensure a
+        // leading slash so we still return a route-shaped path rather than throwing.
+        // This is a display/registration fallback for malformed config, not a parser.
+        // The `?? trimmed` and empty-`noQuery` guards are defensive: split() always yields
+        // a [0], and a non-empty trimmed string can't reduce to an empty noQuery here.
+        /* v8 ignore start */
+        const noQuery = trimmed.split(/[?#]/)[0] ?? trimmed;
         if (!noQuery) {
             return "/groupme";
         }
+        /* v8 ignore stop */
         return noQuery.startsWith("/") ? noQuery : `/${noQuery}`;
     }
 }
-function redactWebhookPath(account, callbackUrl) {
-    const normalized = callbackUrl?.trim() || "/groupme";
-    const security = resolveGroupMeSecurity(account.config);
-    if (!security.logging.redactSecrets) {
-        return normalized;
+function parseWebhookSetupInput(raw) {
+    try {
+        const parsed = new URL(raw.trim(), "http://localhost");
+        const callbackToken = parsed.searchParams.get("k")?.trim() || undefined;
+        return {
+            webhookPath: parsed.pathname || "/groupme",
+            callbackToken,
+        };
+    }
+    catch {
+        return {
+            webhookPath: normalizeWebhookPath(raw),
+        };
     }
-    return redactCallbackUrl(normalized, security);
 }
 const meta = {
     id: CHANNEL_ID,
@@ -47,7 +62,7 @@ const meta = {
 export const groupmePlugin = {
     id: CHANNEL_ID,
     meta,
-    onboarding: groupmeOnboardingAdapter,
+    setupWizard: groupmeOnboardingAdapter,
     setup: {
         resolveAccountId: ({ accountId }) => normalizeAccountId(accountId),
         applyAccountName: ({ cfg, accountId, name }) => applyAccountNameToChannelSection({
@@ -81,10 +96,16 @@ export const groupmePlugin = {
             if (input.accessToken?.trim())
                 updates.accessToken = input.accessToken.trim();
             if (input.webhookUrl?.trim()) {
-                updates.callbackUrl = input.webhookUrl.trim();
+                const parsed = parseWebhookSetupInput(input.webhookUrl);
+                updates.webhookPath = parsed.webhookPath;
+                if (parsed.callbackToken)
+                    updates.callbackToken = parsed.callbackToken;
             }
             else if (input.webhookPath?.trim()) {
-                updates.callbackUrl = input.webhookPath.trim();
+                const parsed = parseWebhookSetupInput(input.webhookPath);
+                updates.webhookPath = parsed.webhookPath;
+                if (parsed.callbackToken)
+                    updates.callbackToken = parsed.callbackToken;
             }
             const section = (next.channels?.groupme ?? {});
             if (accountId === DEFAULT_ACCOUNT_ID) {
@@ -154,10 +175,11 @@ export const groupmePlugin = {
                 "name",
                 "botId",
                 "accessToken",
+                "callbackToken",
                 "botName",
                 "groupId",
                 "publicDomain",
-                "callbackUrl",
+                "webhookPath",
                 "mentionPatterns",
                 "requireMention",
                 "historyLimit",
@@ -173,12 +195,12 @@ export const groupmePlugin = {
             name: account.name,
             enabled: account.enabled,
             configured: account.configured,
-            botId: account.botId ? "***" : "",
+            botId: hasSecretInput(account.config.botId) ? "***" : "",
             publicDomain: account.config.publicDomain ?? "",
-            callbackUrl: redactWebhookPath(account, account.config.callbackUrl),
+            webhookPath: normalizeWebhookPath(account.config.webhookPath),
+            callbackToken: hasSecretInput(account.config.callbackToken) ? "***" : "",
         }),
-        resolveAllowFrom: ({ cfg, accountId }) => (resolveGroupMeAccount({ cfg: cfg, accountId }).config
-            .allowFrom ?? []).map((entry) => String(entry)),
+        resolveAllowFrom: ({ cfg, accountId }) => (resolveGroupMeAccount({ cfg: cfg, accountId }).config.allowFrom ?? []).map((entry) => String(entry)),
         formatAllowFrom: ({ allowFrom }) => allowFrom
             .map((entry) => normalizeGroupMeAllowEntry(String(entry)))
             .filter((entry) => Boolean(entry)),
@@ -297,7 +319,7 @@ export const groupmePlugin = {
         buildChannelSummary: ({ snapshot }) => ({
             configured: snapshot.configured ?? false,
             running: snapshot.running ?? false,
-            callbackUrl: snapshot.webhookPath ?? null,
+            webhookPath: snapshot.webhookPath ?? null,
             lastStartAt: snapshot.lastStartAt ?? null,
             lastStopAt: snapshot.lastStopAt ?? null,
             lastInboundAt: snapshot.lastInboundAt ?? null,
@@ -309,9 +331,9 @@ export const groupmePlugin = {
             name: account.name,
             enabled: account.enabled,
             configured: account.configured,
-            botId: account.botId ? "***" : "",
-            tokenSource: account.accessToken ? "configured" : "none",
-            webhookPath: redactWebhookPath(account, account.config.callbackUrl),
+            botId: hasSecretInput(account.config.botId) ? "***" : "",
+            tokenSource: hasSecretInput(account.config.accessToken) ? "configured" : "none",
+            webhookPath: normalizeWebhookPath(account.config.webhookPath),
             running: runtime?.running ?? false,
             lastStartAt: runtime?.lastStartAt ?? null,
             lastStopAt: runtime?.lastStopAt ?? null,
@@ -327,8 +349,7 @@ export const groupmePlugin = {
             if (!account.configured) {
                 throw new Error(`GroupMe is not configured for account "${account.accountId}" (missing botId).`);
             }
-            const callbackPath = normalizeCallbackUrl(account.config.callbackUrl);
-            const redactedCallbackPath = redactWebhookPath(account, account.config.callbackUrl ?? callbackPath);
+            const callbackPath = normalizeWebhookPath(account.config.webhookPath);
             const unregister = registerPluginHttpRoute({
                 path: callbackPath,
                 fallbackPath: "/groupme",
@@ -336,8 +357,12 @@ export const groupmePlugin = {
                     account,
                     config: ctx.cfg,
                     runtime: ctx.runtime,
+                    // Thin setStatus adapter; exercised end-to-end through the live gateway, not in
+                    // unit isolation (the webhook-flow tests drive the handler with their own sink).
+                    /* v8 ignore next */
                     statusSink: (patch) => ctx.setStatus({ accountId: account.accountId, ...patch }),
                 }),
+                auth: "plugin",
                 pluginId: CHANNEL_ID,
                 accountId: account.accountId,
                 log: (message) => ctx.log?.info(message),
@@ -346,18 +371,27 @@ export const groupmePlugin = {
                 accountId: account.accountId,
                 running: true,
                 mode: "webhook",
-                webhookPath: redactedCallbackPath,
+                webhookPath: callbackPath,
                 lastStartAt: Date.now(),
                 lastError: null,
             });
-            ctx.log?.info(`[${account.accountId}] GroupMe webhook listening on ${redactedCallbackPath}`);
+            ctx.log?.info(`[${account.accountId}] GroupMe webhook listening on ${callbackPath}`);
+            const markStopped = () => {
+                ctx.setStatus({
+                    accountId: account.accountId,
+                    running: false,
+                    lastStopAt: Date.now(),
+                });
+            };
             if (ctx.abortSignal.aborted) {
                 unregister();
+                markStopped();
                 return;
             }
             await new Promise((resolve) => {
                 ctx.abortSignal.addEventListener("abort", () => {
                     unregister();
+                    markStopped();
                     resolve();
                 }, { once: true });
             });

package/dist/src/config-schema.js

@@ -1,6 +1,8 @@
-import { BlockStreamingCoalesceSchema, MarkdownConfigSchema, } from "openclaw/plugin-sdk";
+import { BlockStreamingCoalesceSchema, MarkdownConfigSchema, } from "openclaw/plugin-sdk/channel-config-primitives";
+import { buildOptionalSecretInputSchema } from "openclaw/plugin-sdk/secret-input";
 import { z } from "zod";
 const allowFromEntry = z.union([z.string(), z.number()]);
+const optionalSecretInput = buildOptionalSecretInputSchema();
 const GroupMeReplaySchema = z
     .object({
     ttlSeconds: z.number().int().positive().optional(),
@@ -40,9 +42,7 @@ const GroupMeProxySecuritySchema = z
     trustedProxyCidrs: z.array(z.string()).optional(),
     allowedPublicHosts: z.array(z.string()).optional(),
     requireHttpsProto: z.boolean().optional().default(false),
-    rejectStatus: z
-        .union([z.literal(400), z.literal(403), z.literal(404)])
-        .optional(),
+    rejectStatus: z.union([z.literal(400), z.literal(403), z.literal(404)]).optional(),
 })
     .strict();
 const GroupMeSecuritySchema = z
@@ -55,16 +55,17 @@ const GroupMeSecuritySchema = z
     proxy: GroupMeProxySecuritySchema.optional(),
 })
     .strict();
-export const GroupMeAccountSchemaBase = z
+const GroupMeAccountSchemaBase = z
     .object({
     name: z.string().optional(),
     enabled: z.boolean().optional(),
-    botId: z.string().optional(),
-    accessToken: z.string().optional(),
+    botId: optionalSecretInput,
+    accessToken: optionalSecretInput,
+    callbackToken: optionalSecretInput,
     botName: z.string().optional(),
     groupId: z.string().optional(),
     publicDomain: z.string().optional(),
-    callbackUrl: z.string().optional(),
+    webhookPath: z.string().optional(),
     mentionPatterns: z.array(z.string()).optional(),
     requireMention: z.boolean().optional().default(true),
     historyLimit: z.number().int().nonnegative().optional(),
@@ -79,8 +80,6 @@ export const GroupMeAccountSchemaBase = z
 })
     .strict();
 export const GroupMeConfigSchema = GroupMeAccountSchemaBase.extend({
-    accounts: z
-        .record(z.string(), GroupMeAccountSchemaBase.optional())
-        .optional(),
+    accounts: z.record(z.string(), GroupMeAccountSchemaBase.optional()).optional(),
     defaultAccount: z.string().optional(),
 }).strict();

package/dist/src/groupme-api.js

@@ -33,16 +33,18 @@ function readBotResponse(payload) {
     }
     return bot;
 }
-export async function fetchGroups(accessToken) {
+export async function fetchGroups(accessToken, options = {}) {
+    const fetchFn = options.fetchFn ?? fetch;
+    const apiBaseUrl = options.apiBaseUrl ?? GROUPME_API_BASE;
     const groups = [];
     let page = 1;
     while (true) {
-        const url = new URL(`${GROUPME_API_BASE}/groups`);
+        const url = new URL(`${apiBaseUrl}/groups`);
         url.searchParams.set("token", accessToken);
         url.searchParams.set("per_page", "100");
         url.searchParams.set("omit", "memberships");
         url.searchParams.set("page", String(page));
-        const response = await fetch(url);
+        const response = await fetchFn(url);
         if (!response.ok) {
             throw new Error(await readApiError(response));
         }
@@ -57,9 +59,11 @@ export async function fetchGroups(accessToken) {
     return groups;
 }
 export async function createBot(params) {
-    const url = new URL(`${GROUPME_API_BASE}/bots`);
+    const fetchFn = params.fetchFn ?? fetch;
+    const apiBaseUrl = params.apiBaseUrl ?? GROUPME_API_BASE;
+    const url = new URL(`${apiBaseUrl}/bots`);
     url.searchParams.set("token", params.accessToken);
-    const response = await fetch(url, {
+    const response = await fetchFn(url, {
         method: "POST",
         headers: { "content-type": "application/json" },
         body: JSON.stringify({

package/dist/src/inbound.js

@@ -1,10 +1,14 @@
-import { buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, createReplyPrefixOptions, logInboundDrop, recordPendingHistoryEntryIfEnabled, resolveControlCommandGate, resolveMentionGatingWithBypass, } from "openclaw/plugin-sdk";
+import { logInboundDrop } from "openclaw/plugin-sdk/channel-logging";
+import { resolveMentionGatingWithBypass } from "openclaw/plugin-sdk/channel-mention-gating";
+import { createReplyPrefixOptions } from "openclaw/plugin-sdk/channel-reply-options-runtime";
+import { resolveControlCommandGate } from "openclaw/plugin-sdk/command-gating";
+import { buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, recordPendingHistoryEntryIfEnabled, } from "openclaw/plugin-sdk/reply-history";
 import { buildGroupMeHistoryEntry, formatGroupMeHistoryEntry, resolveGroupMeBodyForAgent, } from "./history.js";
-import { extractImageUrls, detectGroupMeMention } from "./parse.js";
+import { detectGroupMeMention, extractImageUrls } from "./parse.js";
 import { resolveSenderAccess } from "./policy.js";
 import { getGroupMeRuntime } from "./runtime.js";
-import { GROUPME_MAX_TEXT_LENGTH, sendGroupMeMedia, sendGroupMeText, } from "./send.js";
 import { resolveGroupMeSecurity } from "./security.js";
+import { GROUPME_MAX_TEXT_LENGTH, sendGroupMeMedia, sendGroupMeText } from "./send.js";
 const CHANNEL_ID = "groupme";
 function resolveTextChunkLimit(account) {
     const configured = account.config.textChunkLimit;
@@ -22,9 +26,7 @@ function chunkReplyText(params) {
     if (!trimmed) {
         return [];
     }
-    return params.core.channel.text
-        .chunkMarkdownText(trimmed, params.limit)
-        .filter(Boolean);
+    return params.core.channel.text.chunkMarkdownText(trimmed, params.limit).filter(Boolean);
 }
 async function deliverGroupMeReply(params) {
     const { payload, account, cfg, target, statusSink } = params;
@@ -98,7 +100,7 @@ async function deliverGroupMeReply(params) {
     }
 }
 export async function handleGroupMeInbound(params) {
-    const { message, account, config, runtime, groupHistories, historyLimit, statusSink, } = params;
+    const { message, account, config, runtime, groupHistories, historyLimit, statusSink } = params;
     const core = getGroupMeRuntime();
     const inboundTimestamp = message.createdAt * 1000;
     statusSink?.({ lastInboundAt: inboundTimestamp });
@@ -167,9 +169,7 @@ export async function handleGroupMeInbound(params) {
         hasAnyMention: false,
         allowTextCommands,
         hasControlCommand: commandBypassCanSkipMention ? hasControlCommand : false,
-        commandAuthorized: commandBypassCanSkipMention
-            ? commandGate.commandAuthorized
-            : false,
+        commandAuthorized: commandBypassCanSkipMention ? commandGate.commandAuthorized : false,
     });
     const imageUrls = extractImageUrls(message.attachments);
     const rawBody = message.text;
@@ -213,6 +213,14 @@ export async function handleGroupMeInbound(params) {
         envelope: envelopeOptions,
         body: bodyForAgent,
     });
+    // Snapshot-then-clear the per-group buffer. This runs synchronously before the
+    // first `await` below, so it is atomic with respect to other inbound handlers for
+    // the same group (handlers run un-awaited and concurrently up to maxConcurrent).
+    // Accepted behavior: if two mentions for the same group arrive nearly together,
+    // the first handler consumes the buffered context and the second sees an empty
+    // buffer rather than re-reading the same entries — buffered context is consumed
+    // exactly once, never duplicated. Messages buffered while a reply is in flight are
+    // preserved because the clear happens before dispatch.
     const shouldUseHistoryBuffer = requireMention && historyLimit > 0;
     const historyEntriesForContext = shouldUseHistoryBuffer
         ? [...(groupHistories.get(message.groupId) ?? [])]

package/dist/src/monitor.js

@@ -1,10 +1,10 @@
-import { readJsonBodyWithLimit, requestBodyErrorToText, } from "openclaw/plugin-sdk";
+import { readJsonBodyWithLimit, requestBodyErrorToText, } from "openclaw/plugin-sdk/webhook-request-guards";
 import { resolveGroupMeHistoryLimit } from "./history.js";
 import { handleGroupMeInbound } from "./inbound.js";
 import { parseGroupMeCallback, shouldProcessCallback } from "./parse.js";
 import { GroupMeRateLimiter } from "./rate-limit.js";
-import { GroupMeReplayCache, buildReplayKey } from "./replay-cache.js";
-import { checkGroupBinding, redactCallbackUrl, resolveGroupMeSecurity, validateProxyRequest, verifyCallbackAuth, } from "./security.js";
+import { buildReplayKey, GroupMeReplayCache } from "./replay-cache.js";
+import { checkGroupBinding, redactWebhookUrl, resolveGroupMeSecurity, validateProxyRequest, verifyCallbackAuth, } from "./security.js";
 // GroupMe callbacks are small JSON payloads; use tighter limits than the SDK
 // defaults (DEFAULT_WEBHOOK_MAX_BODY_BYTES = 1 MB, DEFAULT_WEBHOOK_BODY_TIMEOUT_MS = 30 s).
 const GROUPME_WEBHOOK_MAX_BODY_BYTES = 64 * 1024;
@@ -14,7 +14,7 @@ function rejectDecision(params) {
         kind: "reject",
         status: params.status,
         reason: params.reason,
-        logLevel: params.logLevel ?? "warn",
+        logLevel: params.logLevel,
     };
 }
 const STATUS_TEXT = {
@@ -36,6 +36,9 @@ function asRequestBodyErrorCode(value) {
         value === "CONNECTION_CLOSED") {
         return value;
     }
+    // Only ever called with the three codes above (INVALID_JSON returns earlier in
+    // the handler), so this null path is unreachable defense-in-depth.
+    /* v8 ignore next */
     return null;
 }
 function logWebhookRejection(params) {
@@ -43,7 +46,7 @@ function logWebhookRejection(params) {
         return;
     }
     const url = params.security.logging.redactSecrets
-        ? redactCallbackUrl(`${params.reqUrl.pathname}${params.reqUrl.search}`, params.security)
+        ? redactWebhookUrl(`${params.reqUrl.pathname}${params.reqUrl.search}`, params.security)
         : `${params.reqUrl.pathname}${params.reqUrl.search}`;
     const line = `groupme: webhook rejected (${params.decision.reason}) status=${params.decision.status} url=${url}`;
     if (params.decision.logLevel === "warn") {
@@ -88,16 +91,13 @@ async function decideWebhookRequest(params) {
         emptyObjectOnEmpty: false,
     });
     if (!body.ok) {
-        let status;
-        if (body.code === "PAYLOAD_TOO_LARGE") {
-            status = 413;
-        }
-        else if (body.code === "REQUEST_BODY_TIMEOUT") {
-            status = 408;
-        }
-        else {
-            status = 400;
-        }
+        // Map the SDK body-error code to an HTTP status; unmapped codes (INVALID_JSON,
+        // CONNECTION_CLOSED, …) fall back to 400.
+        const bodyErrorStatus = {
+            PAYLOAD_TOO_LARGE: 413,
+            REQUEST_BODY_TIMEOUT: 408,
+        };
+        const status = bodyErrorStatus[body.code] ?? 400;
         return rejectDecision({
             status,
             reason: `body_${body.code.toLowerCase()}`,
@@ -131,18 +131,13 @@ async function decideWebhookRequest(params) {
             logLevel: "warn",
         });
     }
-    if (params.security.replay.enabled) {
-        const replay = params.replayCache.checkAndRemember(buildReplayKey(message));
-        if (replay.kind === "duplicate") {
-            return rejectDecision({
-                status: 200,
-                reason: "duplicate_replay",
-                logLevel: "debug",
-            });
-        }
-    }
-    if (!params.security.rateLimit.enabled) {
-        return { kind: "accept", message, release: () => undefined };
+    const replay = params.replayCache.checkAndRemember(buildReplayKey(message));
+    if (replay.kind === "duplicate") {
+        return rejectDecision({
+            status: 200,
+            reason: "duplicate_replay",
+            logLevel: "debug",
+        });
     }
     const rate = params.rateLimiter.evaluate({
         ip: proxyValidation.context.clientIp,
@@ -164,6 +159,9 @@ export function createGroupMeWebhookHandler(params) {
     if (!security.groupId) {
         params.runtime.error?.("groupme: WARNING — no groupId configured; all inbound messages will be rejected. Set groupId in your account config.");
     }
+    if (!security.callbackToken) {
+        params.runtime.error?.("groupme: WARNING — no callbackToken configured; inbound callbacks are not token-authenticated. Anyone who learns the webhook path and group_id can post. Set callbackToken in your account config.");
+    }
     const replayCache = new GroupMeReplayCache({
         ttlSeconds: security.replay.ttlSeconds,
         maxEntries: security.replay.maxEntries,

package/dist/src/normalize.js

@@ -1,4 +1,10 @@
 export function normalizeStringId(raw) {
+    if (typeof raw !== "string" && typeof raw !== "number") {
+        return undefined;
+    }
+    if (typeof raw === "number" && !Number.isFinite(raw)) {
+        return undefined;
+    }
     const normalized = String(raw).trim();
     return normalized || undefined;
 }