openclaw-seatalk 0.1.0

package/src/config-schema.ts

@@ -0,0 +1,71 @@
+import { z } from "zod";
+export { z };
+
+const DmPolicySchema = z.enum(["open", "allowlist"]);
+const GatewayModeSchema = z.enum(["webhook", "relay"]);
+const GroupPolicySchema = z.enum(["disabled", "allowlist", "open"]);
+const ProcessingIndicatorSchema = z.enum(["typing", "off"]);
+
+export const SeaTalkToolsConfigSchema = z
+	.object({
+		groupInfo: z.boolean().optional().default(true),
+		groupHistory: z.boolean().optional().default(true),
+		groupList: z.boolean().optional().default(true),
+		threadHistory: z.boolean().optional().default(true),
+		getMessage: z.boolean().optional().default(true),
+	})
+	.strict();
+
+export const SeaTalkAccountConfigSchema = z
+	.object({
+		enabled: z.boolean().optional(),
+		appId: z.string().optional(),
+		appSecret: z.string().optional(),
+		signingSecret: z.string().optional(),
+		mode: GatewayModeSchema.optional(),
+		relayUrl: z.string().optional(),
+		webhookPort: z.number().int().positive().optional(),
+		webhookPath: z.string().optional(),
+		dmPolicy: DmPolicySchema.optional(),
+		allowFrom: z.array(z.string()).optional(),
+		groupPolicy: GroupPolicySchema.optional(),
+		groupAllowFrom: z.array(z.string()).optional(),
+		groupSenderAllowFrom: z.array(z.string()).optional(),
+		processingIndicator: ProcessingIndicatorSchema.optional(),
+	})
+	.strict();
+
+export const SeaTalkConfigSchema = z
+	.object({
+		enabled: z.boolean().optional(),
+		appId: z.string().optional(),
+		appSecret: z.string().optional(),
+		signingSecret: z.string().optional(),
+		mode: GatewayModeSchema.optional().default("webhook"),
+		relayUrl: z.string().optional(),
+		webhookPort: z.number().int().positive().optional().default(8080),
+		webhookPath: z.string().optional().default("/callback"),
+		dmPolicy: DmPolicySchema.optional().default("allowlist"),
+		allowFrom: z.array(z.string()).optional(),
+		groupPolicy: GroupPolicySchema.optional().default("disabled"),
+		groupAllowFrom: z.array(z.string()).optional(),
+		groupSenderAllowFrom: z.array(z.string()).optional(),
+		processingIndicator: ProcessingIndicatorSchema.optional().default("typing"),
+		tools: SeaTalkToolsConfigSchema.optional(),
+		accounts: z.record(z.string(), SeaTalkAccountConfigSchema.optional()).optional(),
+	})
+	.strict()
+	.superRefine((value, ctx) => {
+		if (value.dmPolicy === "open") {
+			const allowFrom = value.allowFrom ?? [];
+			const hasWildcard = allowFrom.some((entry) => entry.trim() === "*");
+			if (!hasWildcard) {
+				ctx.addIssue({
+					code: z.ZodIssueCode.custom,
+					path: ["allowFrom"],
+					message:
+						'channels.seatalk.dmPolicy="open" requires channels.seatalk.allowFrom to include "*"',
+				});
+			}
+		}
+	});

package/src/media.ts

@@ -0,0 +1,163 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import type { SeaTalkClient } from "./client.js";
+import { getSeatalkRuntime } from "./runtime.js";
+import type { SeaTalkMediaInfo, SeaTalkMessage, SeaTalkOutboundMedia } from "./types.js";
+
+const PLACEHOLDER_MAP: Record<string, string> = {
+	image: "<media:image>",
+	file: "<media:document>",
+	video: "<media:video>",
+};
+
+const IMAGE_EXTENSIONS = new Set([".png", ".jpg", ".jpeg", ".gif"]);
+const MAX_OUTBOUND_RAW_BYTES = 3.75 * 1024 * 1024; // ~3.75MB raw → 5MB base64
+const SMALL_FILE_THRESHOLD = 10 * 1024 * 1024; // 10MB
+const MAX_INBOUND_SAVE_BYTES = 250 * 1024 * 1024; // 250MB
+
+export async function resolveInboundMedia(params: {
+	message: SeaTalkMessage;
+	client: SeaTalkClient;
+	log?: (msg: string) => void;
+}): Promise<SeaTalkMediaInfo | null> {
+	const { message, client, log } = params;
+	const core = getSeatalkRuntime();
+
+	let url: string | undefined;
+	let filename: string | undefined;
+	let placeholder = PLACEHOLDER_MAP.file;
+
+	switch (message.tag) {
+		case "image":
+			url = message.image?.content;
+			placeholder = PLACEHOLDER_MAP.image;
+			break;
+		case "file":
+			url = message.file?.content;
+			filename = message.file?.filename;
+			break;
+		case "video":
+			url = message.video?.content;
+			placeholder = PLACEHOLDER_MAP.video;
+			break;
+		default:
+			return null;
+	}
+
+	if (!url) return null;
+
+	const MAX_RETRY = 1;
+
+	for (let attempt = 0; attempt <= MAX_RETRY; attempt++) {
+		try {
+			const result = await client.downloadMedia(url);
+			let contentType = result.contentType;
+
+			if (
+				(!contentType || contentType === "application/octet-stream") &&
+				result.buffer.length < SMALL_FILE_THRESHOLD
+			) {
+				contentType = await core.media.detectMime({ buffer: result.buffer });
+			}
+
+			const saved = await core.channel.media.saveMediaBuffer(
+				result.buffer,
+				contentType,
+				"inbound",
+				MAX_INBOUND_SAVE_BYTES,
+				filename,
+			);
+
+			log?.(`seatalk: downloaded ${message.tag} media, saved to ${saved.path}`);
+
+			return {
+				path: saved.path,
+				contentType: saved.contentType,
+				filename,
+				placeholder,
+			};
+		} catch (err) {
+			if (attempt < MAX_RETRY) {
+				log?.(
+					`seatalk: retry ${attempt + 1}/${MAX_RETRY} downloading ${message.tag} media: ${String(err)}`,
+				);
+				continue;
+			}
+			log?.(
+				`seatalk: failed to download ${message.tag} media after ${MAX_RETRY + 1} attempts: ${String(err)}`,
+			);
+			return null;
+		}
+	}
+
+	return null;
+}
+
+export async function prepareOutboundMedia(mediaUrl: string): Promise<SeaTalkOutboundMedia | null> {
+	let buffer: Buffer;
+	let detectedName: string;
+
+	if (mediaUrl.startsWith("http://") || mediaUrl.startsWith("https://")) {
+		const controller = new AbortController();
+		const timeout = setTimeout(() => controller.abort(), 30_000);
+		try {
+			const res = await fetch(mediaUrl, { signal: controller.signal });
+			if (!res.ok) {
+				throw new Error(`Failed to fetch media from ${mediaUrl}: HTTP ${res.status}`);
+			}
+			const arrayBuffer = await res.arrayBuffer();
+			buffer = Buffer.from(arrayBuffer);
+		} finally {
+			clearTimeout(timeout);
+		}
+		const urlPath = new URL(mediaUrl).pathname;
+		detectedName = path.basename(urlPath) || "file";
+	} else {
+		const resolved = mediaUrl.startsWith("~")
+			? path.join(process.env.HOME ?? "", mediaUrl.slice(1))
+			: mediaUrl.replace(/^file:\/\//, "");
+
+		if (!fs.existsSync(resolved)) {
+			throw new Error(`Media file not found: ${resolved}`);
+		}
+		buffer = fs.readFileSync(resolved);
+		detectedName = path.basename(resolved);
+	}
+
+	if (buffer.length > MAX_OUTBOUND_RAW_BYTES) {
+		throw new Error(
+			`Media file too large: ${(buffer.length / 1024 / 1024).toFixed(1)}MB exceeds ~3.75MB limit`,
+		);
+	}
+
+	const ext = path.extname(detectedName).toLowerCase();
+	const sendAs = IMAGE_EXTENSIONS.has(ext) ? "image" : "file";
+	const base64 = buffer.toString("base64");
+
+	return {
+		base64,
+		sendAs,
+		filename: sendAs === "file" ? detectedName.slice(0, 100) : undefined,
+	};
+}
+
+export function buildSeaTalkMediaPayload(mediaList: SeaTalkMediaInfo[]): {
+	MediaPath?: string;
+	MediaType?: string;
+	MediaUrl?: string;
+	MediaPaths?: string[];
+	MediaUrls?: string[];
+	MediaTypes?: string[];
+} {
+	const first = mediaList[0];
+	const mediaPaths = mediaList.map((m) => m.path);
+	const mediaTypes = mediaList.map((m) => m.contentType).filter(Boolean) as string[];
+	return {
+		MediaPath: first?.path,
+		MediaType: first?.contentType,
+		MediaUrl: first?.path,
+		MediaPaths: mediaPaths.length > 0 ? mediaPaths : undefined,
+		MediaUrls: mediaPaths.length > 0 ? mediaPaths : undefined,
+		MediaTypes: mediaTypes.length > 0 ? mediaTypes : undefined,
+	};
+}

package/src/monitor.ts

@@ -0,0 +1,205 @@
+import * as crypto from "node:crypto";
+import * as http from "node:http";
+import type { ClawdbotConfig, RuntimeEnv } from "openclaw/plugin-sdk";
+import { listEnabledSeaTalkAccounts, resolveSeaTalkAccount } from "./accounts.js";
+import { dispatchSeaTalkEvent } from "./bot.js";
+import { resolveSeaTalkClient } from "./client.js";
+import type { ResolvedSeaTalkAccount, SeaTalkCallbackRequest } from "./types.js";
+
+export type MonitorSeaTalkOpts = {
+	config?: ClawdbotConfig;
+	runtime?: RuntimeEnv;
+	abortSignal?: AbortSignal;
+	accountId?: string;
+};
+
+function verifySignature(rawBody: Buffer, signingSecret: string, signature: string): boolean {
+	const secretBytes = Buffer.from(signingSecret, "latin1");
+	const calculated = crypto
+		.createHash("sha256")
+		.update(Buffer.concat([rawBody, secretBytes]))
+		.digest("hex");
+
+	try {
+		return crypto.timingSafeEqual(
+			Buffer.from(calculated, "hex"),
+			Buffer.from(signature, "hex"),
+		);
+	} catch {
+		return false;
+	}
+}
+
+const MAX_BODY_BYTES = 1024 * 1024; // 1 MB
+
+class PayloadTooLargeError extends Error {
+	constructor() {
+		super("Request body too large");
+		this.name = "PayloadTooLargeError";
+	}
+}
+
+function readBody(req: http.IncomingMessage): Promise<Buffer> {
+	return new Promise((resolve, reject) => {
+		let received = 0;
+		const chunks: Buffer[] = [];
+		req.on("data", (chunk: Buffer) => {
+			received += chunk.length;
+			if (received > MAX_BODY_BYTES) {
+				req.destroy(new PayloadTooLargeError());
+				return;
+			}
+			chunks.push(chunk);
+		});
+		req.on("end", () => resolve(Buffer.concat(chunks)));
+		req.on("error", reject);
+	});
+}
+
+async function monitorSingleAccount(params: {
+	cfg: ClawdbotConfig;
+	account: ResolvedSeaTalkAccount;
+	runtime?: RuntimeEnv;
+	abortSignal?: AbortSignal;
+}): Promise<void> {
+	const { cfg, account, runtime, abortSignal } = params;
+	const { accountId } = account;
+	const log = runtime?.log ?? console.log;
+	const error = runtime?.error ?? console.error;
+
+	const port = account.webhookPort;
+	const callbackPath = account.webhookPath;
+	const signingSecret = account.signingSecret;
+
+	if (!signingSecret) {
+		throw new Error(`SeaTalk account "${accountId}" missing signingSecret`);
+	}
+
+	const client = resolveSeaTalkClient(account);
+	if (!client) {
+		throw new Error(`SeaTalk client not available for account "${accountId}"`);
+	}
+
+	log(`seatalk[${accountId}]: starting webhook server on port ${port}, path ${callbackPath}...`);
+
+	const server = http.createServer();
+
+	server.on("request", async (req, res) => {
+		const pathname = new URL(req.url ?? "/", `http://localhost:${port}`).pathname;
+		if (req.method !== "POST" || pathname !== callbackPath) {
+			res.writeHead(404);
+			res.end("Not Found");
+			return;
+		}
+
+		try {
+			const rawBody = await readBody(req);
+			const signature = req.headers.signature as string | undefined;
+
+			if (!signature || !verifySignature(rawBody, signingSecret, signature)) {
+				log(`seatalk[${accountId}]: signature verification failed`);
+				res.writeHead(403);
+				res.end("Forbidden");
+				return;
+			}
+
+			const body = JSON.parse(rawBody.toString("utf-8")) as SeaTalkCallbackRequest;
+
+			if (body.event_type === "event_verification") {
+				const challenge = (body.event as { seatalk_challenge?: string })?.seatalk_challenge;
+				res.writeHead(200, { "Content-Type": "application/json" });
+				res.end(JSON.stringify({ seatalk_challenge: challenge }));
+				log(`seatalk[${accountId}]: URL verification challenge responded`);
+				return;
+			}
+
+			res.writeHead(200);
+			res.end("OK");
+
+			dispatchSeaTalkEvent({ cfg, event: body, client, runtime, accountId });
+		} catch (err) {
+			error(`seatalk[${accountId}]: request processing error: ${String(err)}`);
+			if (!res.headersSent) {
+				if (err instanceof PayloadTooLargeError) {
+					res.writeHead(413);
+					res.end("Payload Too Large");
+				} else {
+					res.writeHead(500);
+					res.end("Internal Server Error");
+				}
+			}
+		}
+	});
+
+	return new Promise((resolve, reject) => {
+		const cleanup = () => {
+			server.close();
+		};
+
+		const handleAbort = () => {
+			log(`seatalk[${accountId}]: abort signal received, stopping webhook server`);
+			cleanup();
+			resolve();
+		};
+
+		if (abortSignal?.aborted) {
+			cleanup();
+			resolve();
+			return;
+		}
+
+		abortSignal?.addEventListener("abort", handleAbort, { once: true });
+
+		server.listen(port, () => {
+			log(`seatalk[${accountId}]: webhook server listening on port ${port}`);
+		});
+
+		server.on("error", (err) => {
+			error(`seatalk[${accountId}]: webhook server error: ${err}`);
+			abortSignal?.removeEventListener("abort", handleAbort);
+			reject(err);
+		});
+	});
+}
+
+export async function monitorSeaTalkProvider(opts: MonitorSeaTalkOpts = {}): Promise<void> {
+	const cfg = opts.config;
+	if (!cfg) {
+		throw new Error("Config is required for SeaTalk monitor");
+	}
+
+	const log = opts.runtime?.log ?? console.log;
+
+	if (opts.accountId) {
+		const account = resolveSeaTalkAccount({ cfg, accountId: opts.accountId });
+		if (!account.enabled || !account.configured) {
+			throw new Error(`SeaTalk account "${opts.accountId}" not configured or disabled`);
+		}
+		return monitorSingleAccount({
+			cfg,
+			account,
+			runtime: opts.runtime,
+			abortSignal: opts.abortSignal,
+		});
+	}
+
+	const accounts = listEnabledSeaTalkAccounts(cfg);
+	if (accounts.length === 0) {
+		throw new Error("No enabled SeaTalk accounts configured");
+	}
+
+	log(
+		`seatalk: starting ${accounts.length} account(s): ${accounts.map((a) => a.accountId).join(", ")}`,
+	);
+
+	await Promise.all(
+		accounts.map((account) =>
+			monitorSingleAccount({
+				cfg,
+				account,
+				runtime: opts.runtime,
+				abortSignal: opts.abortSignal,
+			}),
+		),
+	);
+}