openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extensions/imessage/src/monitor.media-policy.test.ts‎
Lines changed: 115 additions & 0 deletions b/‎extensions/imessage/src/monitor.media-policy.test.ts‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎extensions/imessage/src/monitor/media-staging.test.ts‎
Lines changed: 120 additions & 0 deletions b/‎extensions/imessage/src/monitor/media-staging.test.ts‎
Lines changed: 120 additions & 0 deletions
@@ -767,6 +767,7 @@ Docs: https://docs.openclaw.ai
 - Discord/groups: tell Discord-channel agents to wrap bare URLs as `<https://example.com>` so link previews do not expand into uninvited embeds. (#78614)
 - Agents/fallback: fail fast on session write-lock timeouts instead of trying fallback models for local file contention. Fixes #66646. Thanks @sallyom.
 - Browser/SSRF: stop closing user-owned Chrome tabs when a read-only operation (snapshot/screenshot/interactions) is rejected by the SSRF guard — only OpenClaw-initiated navigations now close on policy denial. Thanks @scotthuang.
+- iMessage: stage native inbound attachments into OpenClaw-managed media and convert HEIC/HEIF images to JPEG before dispatch, so image tools can read photos sent over native iMessage without requiring BlueBubbles.
 - Agents/Gateway: throttle and cap live exec command-output events so noisy tool runs cannot flood Gateway WebSocket clients or starve RPC handling. (#78645) Thanks @joshavant.
 - Memory Wiki: skip empty and whitespace-only source pages when refreshing generated Related blocks, preventing blank pages from being rewritten into Related-only stubs. Fixes #78121. Thanks @amknight.
 - Telegram: keep duplicate message-tool-only Codex turns from posting generic silent-reply fallback text, so private finals stay private after inbound dedupe. Thanks @rubencu.
 
@@ -0,0 +1,115 @@
+import type { waitForTransportReady } from "openclaw/plugin-sdk/transport-ready-runtime";
+import { describe, expect, it, vi } from "vitest";
+import type { createIMessageRpcClient } from "./client.js";
+import { monitorIMessageProvider } from "./monitor.js";
+import type { stageIMessageAttachments } from "./monitor/media-staging.js";
+
+const waitForTransportReadyMock = vi.hoisted(() =>
+  vi.fn<typeof waitForTransportReady>(async () => {}),
+);
+const createIMessageRpcClientMock = vi.hoisted(() => vi.fn<typeof createIMessageRpcClient>());
+const stageIMessageAttachmentsMock = vi.hoisted(() => vi.fn<typeof stageIMessageAttachments>());
+const readChannelAllowFromStoreMock = vi.hoisted(() => vi.fn(async () => [] as string[]));
+
+vi.mock("openclaw/plugin-sdk/transport-ready-runtime", () => ({
+  waitForTransportReady: waitForTransportReadyMock,
+}));
+
+vi.mock("openclaw/plugin-sdk/conversation-runtime", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("openclaw/plugin-sdk/conversation-runtime")>();
+  return {
+    ...actual,
+    readChannelAllowFromStore: readChannelAllowFromStoreMock,
+    recordInboundSession: vi.fn(),
+    upsertChannelPairingRequest: vi.fn(),
+  };
+});
+
+vi.mock("openclaw/plugin-sdk/channel-inbound", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("openclaw/plugin-sdk/channel-inbound")>();
+  return {
+    ...actual,
+    createChannelInboundDebouncer: vi.fn((opts) => ({
+      debouncer: {
+        enqueue: async (entry: unknown) => await opts.onFlush([entry]),
+      },
+    })),
+    shouldDebounceTextInbound: vi.fn(() => false),
+  };
+});
+
+vi.mock("./client.js", () => ({
+  createIMessageRpcClient: createIMessageRpcClientMock,
+}));
+
+vi.mock("./monitor/abort-handler.js", () => ({
+  attachIMessageMonitorAbortHandler: vi.fn(() => () => {}),
+}));
+
+vi.mock("./monitor/media-staging.js", () => ({
+  stageIMessageAttachments: stageIMessageAttachmentsMock,
+}));
+
+describe("iMessage monitor attachment policy", () => {
+  it("does not stage local attachments for messages dropped by inbound policy", async () => {
+    stageIMessageAttachmentsMock.mockResolvedValue([]);
+    readChannelAllowFromStoreMock.mockResolvedValue([]);
+
+    const attachmentPath = "/Users/openclaw/Library/Messages/Attachments/AA/BB/photo.heic";
+    let onNotification: ((message: { method: string; params: unknown }) => void) | undefined;
+    const client = {
+      request: vi.fn(async () => ({ subscription: 1 })),
+      waitForClose: vi.fn(async () => {
+        onNotification?.({
+          method: "message",
+          params: {
+            message: {
+              id: 1,
+              chat_id: 123,
+              sender: "+15550001111",
+              is_from_me: false,
+              is_group: true,
+              text: "no mention here",
+              attachments: [
+                {
+                  original_path: attachmentPath,
+                  mime_type: "image/heic",
+                  missing: false,
+                },
+              ],
+            },
+          },
+        });
+        await Promise.resolve();
+        await Promise.resolve();
+      }),
+      stop: vi.fn(async () => {}),
+    };
+    createIMessageRpcClientMock.mockImplementation(async (params) => {
+      if (!params?.onNotification) {
+        throw new Error("expected iMessage notification handler");
+      }
+      onNotification = params.onNotification;
+      return client as never;
+    });
+
+    await monitorIMessageProvider({
+      config: {
+        channels: {
+          imessage: {
+            includeAttachments: true,
+            attachmentRoots: ["/Users/*/Library/Messages/Attachments"],
+            dmPolicy: "open",
+            groupPolicy: "open",
+            groups: { "*": { requireMention: true } },
+          },
+        },
+        messages: { groupChat: { mentionPatterns: ["@openclaw"] } },
+        session: { mainKey: "main" },
+      } as never,
+    });
+
+    expect(readChannelAllowFromStoreMock).toHaveBeenCalled();
+    expect(stageIMessageAttachmentsMock).not.toHaveBeenCalled();
+  });
+});
@@ -0,0 +1,120 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { stageIMessageAttachments } from "./media-staging.js";
+
+let tempDir: string;
+
+async function writeTempFile(name: string, contents: Buffer | string): Promise<string> {
+  const filePath = path.join(tempDir, name);
+  await fs.writeFile(filePath, contents);
+  return filePath;
+}
+
+describe("stageIMessageAttachments", () => {
+  beforeEach(async () => {
+    tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-imessage-media-"));
+  });
+
+  afterEach(async () => {
+    await fs.rm(tempDir, { recursive: true, force: true });
+  });
+
+  it("copies allowed iMessage attachments into the inbound media store", async () => {
+    const sourcePath = await writeTempFile("photo.png", Buffer.from("png-bytes"));
+    const saveMediaBuffer = vi.fn(async () => ({
+      id: "saved.png",
+      path: "/state/media/inbound/saved.png",
+      size: 9,
+      contentType: "image/png",
+    }));
+
+    await expect(
+      stageIMessageAttachments(
+        [{ original_path: sourcePath, mime_type: "image/png", missing: false }],
+        { maxBytes: 1024, allowedRoots: [tempDir], deps: { saveMediaBuffer } },
+      ),
+    ).resolves.toEqual([{ path: "/state/media/inbound/saved.png", contentType: "image/png" }]);
+
+    expect(saveMediaBuffer).toHaveBeenCalledWith(
+      Buffer.from("png-bytes"),
+      "image/png",
+      "inbound",
+      1024,
+      "photo.png",
+    );
+  });
+
+  it("drops attachments whose canonical path escapes the allowed root", async () => {
+    const allowedRoot = path.join(tempDir, "allowed");
+    const outsideRoot = path.join(tempDir, "outside");
+    await fs.mkdir(allowedRoot, { recursive: true });
+    await fs.mkdir(outsideRoot, { recursive: true });
+    const outsidePath = path.join(outsideRoot, "secret.png");
+    await fs.writeFile(outsidePath, Buffer.from("secret-bytes"));
+    await fs.symlink(outsideRoot, path.join(allowedRoot, "link"), "dir");
+
+    const saveMediaBuffer = vi.fn();
+    const logVerbose = vi.fn();
+
+    await expect(
+      stageIMessageAttachments(
+        [
+          {
+            original_path: path.join(allowedRoot, "link", "secret.png"),
+            mime_type: "image/png",
+            missing: false,
+          },
+        ],
+        { maxBytes: 1024, allowedRoots: [allowedRoot], deps: { saveMediaBuffer, logVerbose } },
+      ),
+    ).resolves.toEqual([]);
+
+    expect(saveMediaBuffer).not.toHaveBeenCalled();
+    expect(logVerbose).toHaveBeenCalledWith(
+      expect.stringContaining("attachment path resolves outside allowed roots"),
+    );
+  });
+
+  it("converts HEIC iMessage attachments to JPEG before staging", async () => {
+    const sourcePath = await writeTempFile("IMG_0001.HEIC", Buffer.from("heic-bytes"));
+    const saveMediaBuffer = vi.fn(async () => ({
+      id: "saved.jpg",
+      path: "/state/media/inbound/saved.jpg",
+      size: 10,
+      contentType: "image/jpeg",
+    }));
+    const convertHeicToJpeg = vi.fn(async () => Buffer.from("jpeg-bytes"));
+
+    await stageIMessageAttachments(
+      [{ original_path: sourcePath, mime_type: "image/heic", missing: false }],
+      { maxBytes: 1024, deps: { saveMediaBuffer, convertHeicToJpeg } },
+    );
+
+    expect(convertHeicToJpeg).toHaveBeenCalledWith(sourcePath, 1024);
+    expect(saveMediaBuffer).toHaveBeenCalledWith(
+      Buffer.from("jpeg-bytes"),
+      "image/jpeg",
+      "inbound",
+      1024,
+      "IMG_0001.jpg",
+    );
+  });
+
+  it("drops attachments over the inbound media limit", async () => {
+    const sourcePath = await writeTempFile("huge.png", Buffer.from("too large"));
+    const saveMediaBuffer = vi.fn();
+    const logVerbose = vi.fn();
+
+    await expect(
+      stageIMessageAttachments(
+        [{ original_path: sourcePath, mime_type: "image/png", missing: false }],
+        { maxBytes: 4, deps: { saveMediaBuffer, logVerbose } },
+      ),
+    ).resolves.toEqual([]);
+
+    expect(saveMediaBuffer).not.toHaveBeenCalled();
+    expect(logVerbose).toHaveBeenCalledWith(expect.stringContaining("failed to stage"));
+  });
+});