npm - openclaw-threema - Versions diffs - 0.5.2 → 0.6.0 - Mend

openclaw-threema 0.5.2 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# @openclaw/threema
+# openclaw-threema
 Threema Gateway channel plugin for [OpenClaw](https://github.com/openclaw/openclaw) — privacy-focused E2E encrypted messaging via the [Threema Gateway API](https://gateway.threema.ch/).
@@ -8,24 +8,25 @@ Threema Gateway channel plugin for [OpenClaw](https://github.com/openclaw/opencl
 - **Media send/receive** — images, files, audio (E2E encrypted blobs)
 - **Voice transcription** — automatic speech-to-text via local Whisper
 - **Instant wake** — webhook-based message delivery (no polling)
+- **Slash commands** — `/status`, `/compact`, etc. work natively via Threema (v0.6.0+)
 - **CLI tools** — `openclaw threema send|send-file|status|keygen`
 ## Requirements
 - A [Threema Gateway](https://gateway.threema.ch/) account (E2E mode)
-- OpenClaw v0.30+ with channel plugin support
+- OpenClaw 2026.3.2+ with channel plugin support
 - For voice transcription: [OpenAI Whisper](https://github.com/openai/whisper) installed locally
-Please keep in mind that the use of the Threema Gateway is not for free.
-At the time of writing these lines you have to pay 1.600 "Credits" to get an ID.
-Every Message costs another Credit (roughly EUR 0,02).
-2.500 Credits are about EUR 55,00
+> **Note:** Threema Gateway usage is not free. At the time of writing, you need ~1,600 credits to register a Gateway ID, and each message costs 1 credit (~€0.02). 2,500 credits cost approximately €55.
 ## Installation
 ```bash
-# From npm (when published)
-npm install @openclaw/threema
+# From npm
+npm install openclaw-threema
+# From ClawHub
+openclaw plugins install clawhub:threema
 # Or as a local extension
 cp -r . ~/.openclaw/extensions/threema/
@@ -77,7 +78,7 @@ https://your-host:18789/threema/webhook
 The default port is `18789` (OpenClaw Gateway). The path matches `webhookPath` in your config (default: `/threema/webhook`).
-**Note:** If you're behind a reverse proxy, adjust the URL accordingly. The plugin registers the endpoint at the configured `webhookPath`.
+**Note:** If you're behind a reverse proxy (Cloudflare Tunnel, nginx, etc.), adjust the URL accordingly. The plugin registers the endpoint at the configured `webhookPath`.
 ### 3. Restart OpenClaw
@@ -96,7 +97,7 @@ openclaw threema send ABCD1234 "Hello from OpenClaw!"
 | Policy | Description |
 |--------|-------------|
-| `allowlist` | Only IDs in `allowFrom` array (default) |
+| `allowlist` | Only IDs in `allowFrom` array (default, recommended) |
 | `open` | Accept from anyone |
 | `disabled` | Reject all DMs |
@@ -104,7 +105,7 @@ openclaw threema send ABCD1234 "Hello from OpenClaw!"
 When a voice message is received, the plugin automatically transcribes it using local Whisper (no API key needed). The transcription is included in the message delivered to the agent.
-Whisper must be installed and accessible in PATH (e.g., via `pip install openai-whisper` or Homebrew).
+Whisper must be installed and accessible in PATH (e.g., `pip install openai-whisper`).
 ## Message Types Supported
@@ -119,8 +120,26 @@ Whisper must be installed and accessible in PATH (e.g., via `pip install openai-
 - Private keys never leave the host
 - Webhook verification via HMAC-SHA256 (mandatory, verified before decryption)
 - SSRF protection: redirect blocking, DNS rebinding checks, private IP filtering
+- Secrets are redacted in all log output
+## Changelog
+### v0.6.0 (2026-04-17)
+- **Channel Inbound Pipeline** — messages now go through OpenClaw's native channel pipeline instead of raw `enqueueSystemEvent`. This enables slash commands (`/status`, `/compact`, etc.) directly from Threema.
+- **Graceful fallback** — automatically falls back to `enqueueSystemEvent` if the channel pipeline is unavailable (e.g., older OpenClaw versions).
+- **Long message chunking** — replies exceeding 3,500 chars are split at newline boundaries.
+### v0.5.2 (2026-03-30)
+- OpenClaw 2026.3.2 compatibility fixes
+- Health monitor improvements
+- ClawHub publishing support (`compat.pluginApi`, `build.openclawVersion`)
+### v0.4.5 (2026-02-17)
+- Initial npm release
+- Full E2E text + media support
+- Voice transcription via Whisper
+- Security hardening (SSRF protection, path restrictions, PII log reduction)
 ## License
 MIT

package/index.ts CHANGED Viewed

@@ -1622,7 +1622,7 @@ const threemaChannel = {
 export const id = "threema";
 export const name = "Threema Gateway";
-export const version = "0.5.2";
+export const version = "0.6.0";
 export const description =
   "Threema messaging channel via Threema Gateway API (E2E encrypted, with media support)";
@@ -1782,25 +1782,138 @@ export default function register(api: any) {
             api.logger?.info?.("Threema text message received");
             api.logger?.debug?.(`Threema text from=${from} messageId=${messageId}`);
-            // Dispatch to OpenClaw via enqueueSystemEvent
-            const enqueue = runtime?.system?.enqueueSystemEvent;
-            if (enqueue) {
-              const envelope = `[Threema message from ${senderLabel} (${from})]\n${decrypted.text}`;
-              enqueue(envelope, {
-                sessionKey: "agent:main:main",
-                deliveryContext: {
+            // Dispatch through the proper Channel Inbound Pipeline
+            // This enables slash-command parsing (/status, /compact, etc.)
+            const channelRuntime = runtime?.channel;
+            if (channelRuntime?.routing?.resolveAgentRoute && channelRuntime?.reply?.finalizeInboundContext && channelRuntime?.reply?.dispatchReplyWithBufferedBlockDispatcher) {
+              try {
+                const currentCfg = runtime.config.loadConfig();
+                // 1. Resolve the agent route and session key
+                const route = channelRuntime.routing.resolveAgentRoute({
+                  cfg: currentCfg,
                   channel: "threema",
-                  to: from,
-                  from: from,
                   accountId: "default",
-                },
-              });
-              api.logger?.info?.("Threema message dispatched via enqueueSystemEvent");
+                  peer: { kind: "direct", id: from },
+                });
-              // Wake the agent
-              wakeAgent(config);
+                const sessionKey = channelRuntime.routing.buildAgentSessionKey({
+                  agentId: route.agentId,
+                  channel: "threema",
+                  accountId: "default",
+                  peer: { kind: "direct", id: from },
+                  dmScope: "per-account-channel-peer",
+                });
+                // 2. Check if sender is command-authorized (in allowFrom list)
+                const senderAllowed = allowFrom.length === 0 || allowFrom.includes(from);
+                // 3. Build the finalized inbound context
+                const msgCtx = channelRuntime.reply.finalizeInboundContext({
+                  Body: decrypted.text,
+                  RawBody: decrypted.text,
+                  CommandBody: decrypted.text,
+                  From: `threema:${from}`,
+                  To: `threema:${ownGatewayId}`,
+                  SessionKey: sessionKey,
+                  AccountId: "default",
+                  OriginatingChannel: "threema",
+                  OriginatingTo: `threema:${from}`,
+                  ChatType: "direct" as const,
+                  SenderName: senderLabel,
+                  SenderId: from,
+                  Provider: "threema",
+                  Surface: "threema",
+                  ConversationLabel: senderLabel || from,
+                  Timestamp: Date.now(),
+                  CommandAuthorized: senderAllowed,
+                });
+                // 4. Dispatch through the full pipeline (command parsing + agent)
+                const replyClient = new ThreemaClient(getThreemaConfig(currentCfg)!);
+                await channelRuntime.reply.dispatchReplyWithBufferedBlockDispatcher({
+                  ctx: msgCtx,
+                  cfg: currentCfg,
+                  dispatcherOptions: {
+                    deliver: async (payload: any) => {
+                      const text = payload.text ?? payload.body;
+                      if (!text) return;
+                      // Chunk long replies if needed
+                      const limit = getThreemaConfig(currentCfg)?.textChunkLimit ?? 3500;
+                      if (text.length <= limit) {
+                        if (replyClient.isE2EEnabled) {
+                          await replyClient.sendE2E(from, text);
+                        } else {
+                          await replyClient.sendSimple(from, text);
+                        }
+                      } else {
+                        // Split into chunks at newline boundaries
+                        const chunks: string[] = [];
+                        let remaining = text;
+                        while (remaining.length > 0) {
+                          if (remaining.length <= limit) {
+                            chunks.push(remaining);
+                            break;
+                          }
+                          let splitIdx = remaining.lastIndexOf("\n", limit);
+                          if (splitIdx <= 0) splitIdx = limit;
+                          chunks.push(remaining.slice(0, splitIdx));
+                          remaining = remaining.slice(splitIdx).replace(/^\n/, "");
+                        }
+                        for (const chunk of chunks) {
+                          if (replyClient.isE2EEnabled) {
+                            await replyClient.sendE2E(from, chunk);
+                          } else {
+                            await replyClient.sendSimple(from, chunk);
+                          }
+                        }
+                      }
+                    },
+                    onReplyStart: () => {
+                      api.logger?.info?.(`Threema: agent reply started for ${from}`);
+                    },
+                  },
+                });
+                api.logger?.info?.("Threema message dispatched via Channel Inbound Pipeline");
+              } catch (pipelineErr: any) {
+                api.logger?.error?.(`Threema inbound pipeline error: ${pipelineErr.message}`);
+                // Fallback to enqueueSystemEvent if pipeline fails
+                const enqueue = runtime?.system?.enqueueSystemEvent;
+                if (enqueue) {
+                  const envelope = `[Threema message from ${senderLabel} (${from})]\n${decrypted.text}`;
+                  enqueue(envelope, {
+                    sessionKey: "agent:main:main",
+                    deliveryContext: {
+                      channel: "threema",
+                      to: from,
+                      from: from,
+                      accountId: "default",
+                    },
+                  });
+                  api.logger?.info?.("Threema message dispatched via enqueueSystemEvent (fallback)");
+                  wakeAgent(config);
+                }
+              }
             } else {
-              api.logger?.warn?.("enqueueSystemEvent not available");
+              // Fallback: use enqueueSystemEvent if channel runtime not available
+              api.logger?.warn?.("Channel inbound pipeline not available, falling back to enqueueSystemEvent");
+              const enqueue = runtime?.system?.enqueueSystemEvent;
+              if (enqueue) {
+                const envelope = `[Threema message from ${senderLabel} (${from})]\n${decrypted.text}`;
+                enqueue(envelope, {
+                  sessionKey: "agent:main:main",
+                  deliveryContext: {
+                    channel: "threema",
+                    to: from,
+                    from: from,
+                    accountId: "default",
+                  },
+                });
+                api.logger?.info?.("Threema message dispatched via enqueueSystemEvent (legacy)");
+                wakeAgent(config);
+              } else {
+                api.logger?.warn?.("Neither channel pipeline nor enqueueSystemEvent available");
+              }
             }
           } else if (decrypted?.type === 0x17 && decrypted?.fileMessage) {
             // File message - PII only on debug level

package/openclaw.plugin.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "id": "threema",
   "name": "Threema Gateway",
   "description": "Threema messaging channel via Threema Gateway API (E2E encrypted)",
-  "version": "0.5.1",
+  "version": "0.6.0",
   "channels": [
     "threema"
   ],

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-threema",
-  "version": "0.5.2",
+  "version": "0.6.0",
   "description": "Threema Gateway channel plugin for OpenClaw",
   "type": "module",
   "main": "index.ts",
@@ -19,7 +19,13 @@
         "threema-gateway"
       ]
     },
-    "id": "threema"
+    "id": "threema",
+    "compat": {
+      "pluginApi": ">=1.0.0"
+    },
+    "build": {
+      "openclawVersion": "2026.3.28"
+    }
   },
   "dependencies": {
     "tweetnacl": "^1.0.3",