openclaw-quiubo 2.0.3 → 2.2.0

package/dist/index.js

@@ -34,6 +34,7 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
 // ../../node_modules/.pnpm/pusher-js@8.4.0/node_modules/pusher-js/dist/node/pusher.js
 var require_pusher = __commonJS({
   "../../node_modules/.pnpm/pusher-js@8.4.0/node_modules/pusher-js/dist/node/pusher.js"(exports, module) {
+    "use strict";
     module.exports = /******/
     (function(modules) {
       var installedModules = {};
@@ -9191,6 +9192,25 @@ var QuiuboApiClient = class {
     return this.request("GET", `/agents/${agentId}/groups/${groupId}/encryption/epochs${query}`);
   }
   // ========================================================================
+  // Group Agents
+  // ========================================================================
+  /**
+   * List all groups for an agent (partner + directory)
+   */
+  async listAgentGroups(agentId) {
+    return this.request("GET", `/agents/${agentId}/groups`);
+  }
+  /**
+   * Get group agent status (cache-miss fallback for directory groups)
+   */
+  async getGroupAgent(agentId, groupId) {
+    try {
+      return await this.request("GET", `/agents/${agentId}/groups/${groupId}/agent-status`);
+    } catch {
+      return null;
+    }
+  }
+  // ========================================================================
   // Pusher Auth
   // ========================================================================
   /**
@@ -12459,6 +12479,9 @@ var RealtimeGateway = class {
   // E2EE state
   keyManager;
   e2eeGrantedGroups;
+  // Agent identity for mention matching
+  agentName;
+  agentDisplayName;
   stopped = false;
   constructor(opts) {
     this.client = opts.client;
@@ -12472,11 +12495,17 @@ var RealtimeGateway = class {
     this.agentId = opts.agentId ?? null;
     this.keyManager = opts.keyManager ?? null;
     this.e2eeGrantedGroups = opts.e2eeGrantedGroups ?? /* @__PURE__ */ new Set();
+    this.agentName = opts.agentName ?? null;
+    this.agentDisplayName = opts.agentDisplayName ?? null;
   }
   /** Set bot config for a group */
   setBotConfig(groupId, config) {
     this.botConfigCache.set(groupId, config);
   }
+  /** Get bot config for a group (for outbound scope checks) */
+  getBotConfig(groupId) {
+    return this.botConfigCache.get(groupId);
+  }
   /** Set the cache-miss callback */
   setOnCacheMiss(fn) {
     this.onCacheMiss = fn;
@@ -12491,6 +12520,20 @@ var RealtimeGateway = class {
       }
     }
   }
+  /**
+   * Check if text contains a @mention for this agent.
+   */
+  matchesMention(text, config) {
+    const lower = text.toLowerCase();
+    const names = [];
+    if (config?.agentDisplayName) names.push(config.agentDisplayName);
+    if (this.agentDisplayName) names.push(this.agentDisplayName);
+    if (this.agentName) names.push(this.agentName);
+    for (const name of names) {
+      if (lower.includes(`@${name.toLowerCase()}`)) return true;
+    }
+    return false;
+  }
   /**
    * Gate a message through bot-enabled filtering + owner suppression.
    * Returns true if the message should be processed, false to skip.
@@ -12500,11 +12543,6 @@ var RealtimeGateway = class {
     let config = this.botConfigCache.get(groupId);
     const groupType = eventData?.groupType ?? config?.groupType;
     if (groupType === "agent_channel") return true;
-    const securityMode = eventData?.groupSecurityMode ?? "PLAINTEXT_SDK";
-    if (securityMode !== "PLAINTEXT_SDK" && !this.e2eeGrantedGroups.has(groupId)) {
-      this.log.debug?.(`Skipping message in ${groupId}: security mode ${securityMode} and no E2EE grant`);
-      return false;
-    }
     if (!config) {
       if (this.onCacheMiss) {
         try {
@@ -12528,6 +12566,41 @@ var RealtimeGateway = class {
       this.log.debug?.(`Skipping message in ${groupId}: bot disabled`);
       return false;
     }
+    if (config.source === "directory" && config.triggerMode) {
+      if (config.triggerMode === "all_messages") {
+        const secMode = config.securityMode ?? eventData?.groupSecurityMode ?? "PLAINTEXT_SDK";
+        if (secMode !== "PLAINTEXT_SDK" && !this.e2eeGrantedGroups.has(groupId)) {
+          this.log.debug?.(`Skipping directory all_messages in ${groupId}: E2EE but no grant`);
+          return false;
+        }
+        return true;
+      }
+      const plaintext = eventData?.plaintext;
+      if (plaintext) {
+        return this.matchesMention(plaintext, config);
+      }
+      if (eventData?.ciphertext && this.keyManager && this.e2eeGrantedGroups.has(groupId)) {
+        try {
+          const epoch = parseGroupEnvelopeEpoch(eventData.ciphertext);
+          if (epoch !== null) {
+            const cached = await this.keyManager.getEpochKey(groupId, epoch);
+            if (cached) {
+              const decrypted = decryptGroupMessage(eventData.ciphertext, cached.key);
+              return this.matchesMention(decrypted, config);
+            }
+          }
+        } catch (err) {
+          this.log.warn?.(`Mention check decrypt failed for group ${groupId}: ${err}`);
+        }
+      }
+      this.log.debug?.(`Skipping mention-mode message in ${groupId}: no readable text`);
+      return false;
+    }
+    const securityMode = config.securityMode ?? eventData?.groupSecurityMode ?? "PLAINTEXT_SDK";
+    if (securityMode !== "PLAINTEXT_SDK" && !this.e2eeGrantedGroups.has(groupId)) {
+      this.log.debug?.(`Skipping message in ${groupId}: security mode ${securityMode} and no E2EE grant`);
+      return false;
+    }
     const ownerIdentityId = eventData?.groupOwnerIdentityId ?? config.ownerIdentityId;
     if (ownerIdentityId && senderId === ownerIdentityId) {
       const suppressMinutes = config.suppressionMinutes ?? 10;
@@ -12674,13 +12747,33 @@ var RealtimeGateway = class {
         this.keyManager.invalidate(data.groupId);
       }
     });
+    channel.bind("agent:group-added", (data) => {
+      log.info?.(`agent:group-added for group ${data.groupId} (${data.groupName}) triggerMode=${data.triggerMode}`);
+      this.botConfigCache.set(data.groupId, {
+        enabled: true,
+        suppressionMinutes: 10,
+        ownerIdentityId: "",
+        groupType: data.groupType,
+        grantedScopes: data.grantedScopes,
+        triggerMode: data.triggerMode,
+        source: "directory",
+        agentDisplayName: this.agentDisplayName ?? void 0,
+        securityMode: data.securityMode
+      });
+    });
+    channel.bind("agent:group-removed", (data) => {
+      log.info?.(`agent:group-removed for group ${data.groupId}`);
+      this.botConfigCache.delete(data.groupId);
+    });
     channel.bind("new-group-message", (data) => {
       log.info?.(`Pusher event: messageId=${data.messageId} groupId=${data.groupId} sender=${data.senderUsername} plaintext=${!!data.plaintext}`);
       if (data.senderId === this.botIdentityId) return;
       this.shouldProcessMessage(data.groupId, data.senderId, {
         groupSecurityMode: data.groupSecurityMode,
         groupOwnerIdentityId: data.groupOwnerIdentityId,
-        groupType: data.groupType
+        groupType: data.groupType,
+        plaintext: data.plaintext,
+        ciphertext: data.ciphertext
       }).then((shouldProcess) => {
         if (!shouldProcess) return;
         if (data.plaintext) {
@@ -13454,6 +13547,8 @@ var quiuboPlugin = {
         error: (...args) => log.error?.(`[${accountId}] Quiubo:`, ...args)
       } : void 0;
       let resolvedAgentId;
+      let resolvedAgentDisplayName;
+      let resolvedAgentName;
       let agentKeys;
       try {
         const { agents: agentList } = await client.listAgents();
@@ -13468,7 +13563,10 @@ var quiuboPlugin = {
             try {
               const created = await client.createAgent({
                 identityId: botIdentityId,
-                name: `bot-${accountId}`
+                name: `bot-${accountId}`,
+                directoryEnabled: true,
+                offeredScopes: ["send_messages", "read_messages"],
+                directoryDisplayName: auth?.appName ?? accountId
               });
               match = { ...created, scopes: created.scopes ?? ["send_messages", "read_messages"] };
               log?.info?.(`[${accountId}] Quiubo: auto-registered agent ${created.id}`);
@@ -13479,7 +13577,9 @@ var quiuboPlugin = {
         }
         if (match) {
           resolvedAgentId = match.id;
-          log?.info?.(`[${accountId}] Quiubo: resolved agent ${match.name} (${match.id}) for heartbeat`);
+          resolvedAgentDisplayName = match.directoryDisplayName ?? match.name ?? auth.appName;
+          resolvedAgentName = match.name;
+          log?.info?.(`[${accountId}] Quiubo: resolved agent ${match.name} (${match.id}) for heartbeat, displayName=${resolvedAgentDisplayName}`);
           try {
             const keys = loadOrGenerateKeys(quiuboConfig);
             if (!match.e2eeConfigured) {
@@ -13522,6 +13622,8 @@ var quiuboPlugin = {
         agentId: resolvedAgentId,
         keyManager,
         e2eeGrantedGroups,
+        agentName: resolvedAgentName,
+        agentDisplayName: resolvedAgentDisplayName,
         onCacheMiss: async (groupId) => {
           try {
             const [group, { members }] = await Promise.all([
@@ -13536,8 +13638,26 @@ var quiuboPlugin = {
               ownerIdentityId: owner?.identityId ?? "",
               groupType: group.groupType ?? "standard"
             };
-          } catch (err) {
-            log?.warn?.(`[${accountId}] Quiubo: cache-miss fetch failed for group ${groupId}: ${err}`);
+          } catch {
+            if (resolvedAgentId) {
+              try {
+                const status = await client.getGroupAgent(resolvedAgentId, groupId);
+                if (status) {
+                  return {
+                    enabled: status.enabled,
+                    suppressionMinutes: 10,
+                    ownerIdentityId: "",
+                    groupType: "standard",
+                    triggerMode: status.triggerMode,
+                    source: "directory",
+                    grantedScopes: status.grantedScopes,
+                    agentDisplayName: resolvedAgentDisplayName
+                  };
+                }
+              } catch (dirErr) {
+                log?.warn?.(`[${accountId}] Quiubo: directory agent status fetch failed for group ${groupId}: ${dirErr}`);
+              }
+            }
             return null;
           }
         },
@@ -13587,37 +13707,73 @@ var quiuboPlugin = {
       gateways.set(accountId, gateway);
       await gateway.start();
       try {
-        const { groups: allGroups } = await client.listGroups(botIdentityId);
-        for (const group of allGroups) {
-          const botSettings = group.settings?.bot ?? {};
-          let ownerIdentityId = "";
-          try {
-            const { members } = await client.listGroupMembers(group.id);
-            const owner = members.find((m) => m.role === "owner");
-            ownerIdentityId = owner?.identityId ?? "";
-          } catch {
+        if (resolvedAgentId) {
+          const { groups: agentGroups } = await client.listAgentGroups(resolvedAgentId);
+          for (const ag of agentGroups) {
+            if (ag.source === "directory") {
+              gateway.setBotConfig(ag.groupId, {
+                enabled: ag.enabled ?? true,
+                suppressionMinutes: 10,
+                ownerIdentityId: "",
+                groupType: ag.groupType ?? "standard",
+                triggerMode: ag.triggerMode,
+                source: "directory",
+                grantedScopes: ag.grantedScopes,
+                agentDisplayName: ag.agentDisplayName ?? resolvedAgentDisplayName,
+                securityMode: ag.securityMode
+              });
+            } else {
+              const botSettings = ag.settings?.bot ?? {};
+              let ownerIdentityId = "";
+              try {
+                const { members } = await client.listGroupMembers(ag.groupId);
+                const owner = members.find((m) => m.role === "owner");
+                ownerIdentityId = owner?.identityId ?? "";
+              } catch {
+              }
+              gateway.setBotConfig(ag.groupId, {
+                enabled: botSettings.enabled ?? false,
+                suppressionMinutes: botSettings.suppressionMinutes ?? 10,
+                ownerIdentityId,
+                groupType: ag.groupType ?? "standard",
+                securityMode: ag.securityMode
+              });
+            }
           }
-          gateway.setBotConfig(group.id, {
-            enabled: botSettings.enabled ?? false,
-            suppressionMinutes: botSettings.suppressionMinutes ?? 10,
-            ownerIdentityId,
-            groupType: group.groupType ?? "standard"
-          });
-        }
-        log?.info?.(`[${accountId}] Quiubo: hydrated bot config for ${allGroups.length} group(s)`);
-        if (keyManager && resolvedAgentId) {
+          log?.info?.(`[${accountId}] Quiubo: hydrated bot config for ${agentGroups.length} group(s) via listAgentGroups`);
+          if (keyManager) {
+            for (const ag of agentGroups) {
+              try {
+                const cached = await keyManager.getActiveEpochKey(ag.groupId);
+                if (cached) {
+                  e2eeGrantedGroups.add(ag.groupId);
+                }
+              } catch {
+              }
+            }
+            if (e2eeGrantedGroups.size > 0) {
+              log?.info?.(`[${accountId}] Quiubo: E2EE grants hydrated for ${e2eeGrantedGroups.size} group(s)`);
+            }
+          }
+        } else {
+          const { groups: allGroups } = await client.listGroups(botIdentityId);
           for (const group of allGroups) {
+            const botSettings = group.settings?.bot ?? {};
+            let ownerIdentityId = "";
             try {
-              const cached = await keyManager.getActiveEpochKey(group.id);
-              if (cached) {
-                e2eeGrantedGroups.add(group.id);
-              }
+              const { members } = await client.listGroupMembers(group.id);
+              const owner = members.find((m) => m.role === "owner");
+              ownerIdentityId = owner?.identityId ?? "";
             } catch {
             }
+            gateway.setBotConfig(group.id, {
+              enabled: botSettings.enabled ?? false,
+              suppressionMinutes: botSettings.suppressionMinutes ?? 10,
+              ownerIdentityId,
+              groupType: group.groupType ?? "standard"
+            });
           }
-          if (e2eeGrantedGroups.size > 0) {
-            log?.info?.(`[${accountId}] Quiubo: E2EE grants hydrated for ${e2eeGrantedGroups.size} group(s)`);
-          }
+          log?.info?.(`[${accountId}] Quiubo: hydrated bot config for ${allGroups.length} group(s) via listGroups`);
         }
       } catch (err) {
         log?.warn?.(`[${accountId}] Quiubo: failed to hydrate bot config (non-fatal): ${err}`);
@@ -13770,6 +13926,12 @@ async function routeInboundMessage(opts) {
             log?.debug?.(`[${accountId}] Quiubo: skipping empty ${info.kind} reply`);
             return;
           }
+          const gw = gateways.get(accountId);
+          const cachedConfig = gw?.getBotConfig(groupId);
+          if (cachedConfig?.grantedScopes && !cachedConfig.grantedScopes.includes("send_messages")) {
+            log?.warn?.(`[${accountId}] Quiubo: skipping outbound \u2014 agent lacks send_messages scope for group ${groupId}`);
+            return;
+          }
           log?.info?.(`[${accountId}] Quiubo: delivering ${info.kind} reply [${payload.text?.length ?? 0} chars, ${mdAttachments.length} attachments]`);
           try {
             let ciphertextOut;