fix(config): remove core BlueBubbles schema (#78612)

LambertArm · vincentkoc · web-flow · commit e1fec3c892a0 · 2026-05-07T03:16:42.000-07:00
* fix(config): remove core BlueBubbles schema

* fix(config): preserve BlueBubbles dmPolicy validation

* fix(config): type BlueBubbles account refinement

* chore(plugin-sdk): refresh API baseline

* chore(plugin-sdk): refresh API baseline

---------

Co-authored-by: Vincent Koc &lt;vincentkoc@ieee.org&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -147,6 +147,7 @@ Docs: https://docs.openclaw.ai
 
 - fix(active-memory): require admin scope for global toggles [AI]. (#78863) Thanks @pgondhi987.
 - Honor owner enforcement for native commands [AI]. (#78864) Thanks @pgondhi987.
+- Config/BlueBubbles: remove the duplicate core-owned BlueBubbles config schema while preserving plugin-owned `dmPolicy` allowFrom validation for channel and account configs. Fixes #69238. Thanks @omarshahine.
 - Tavily: resolve dedicated `tavily_search` and `tavily_extract` tool credentials from the active runtime config snapshot, so `exec` SecretRef-backed API keys do not reach the tools unresolved. (#78610) Thanks @VACInc.
 - Gateway/sessions: clear cached skills snapshots during `/new` and `sessions.reset` so long-lived channel sessions rebuild the visible skill list after skills change. (#78873) Thanks @Evizero.
 - fix(auto-reply): gate inline skill tool dispatch [AI]. (#78517) Thanks @pgondhi987.
diff --git a/docs/.generated/plugin-sdk-api-baseline.sha256 b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-a2a671522a9855594b011c86425911f2297e756c666f4ceb1cc453f613983725  plugin-sdk-api-baseline.json
-b939b18ab3cbd21f338fe2a7cd8783b612c0956e79831d66dae4a49f9ba85014  plugin-sdk-api-baseline.jsonl
+25d5e7d7532d99d06187813e1cf75d3192fb2bf330862bfd1d4d4a50c91c77c9  plugin-sdk-api-baseline.json
+9f9758f36694c4004ab8c2fb772815c91cc2035de872a0e53f053537b2156910  plugin-sdk-api-baseline.jsonl
diff --git a/extensions/bluebubbles/channel-config-api.ts b/extensions/bluebubbles/channel-config-api.ts
@@ -1 +1 @@
-export { BlueBubblesChannelConfigSchema } from "./src/config-schema.js";
+export { BlueBubblesChannelConfigSchema, BlueBubblesConfigSchema } from "./src/config-schema.js";
diff --git a/extensions/bluebubbles/src/config-schema.ts b/extensions/bluebubbles/src/config-schema.ts
@@ -6,6 +6,8 @@ import {
   GroupPolicySchema,
   MarkdownConfigSchema,
   ToolPolicySchema,
+  requireAllowlistAllowFrom,
+  requireOpenAllowFrom,
 } from "openclaw/plugin-sdk/channel-config-schema";
 import { z } from "openclaw/plugin-sdk/zod";
 import { bluebubblesChannelConfigUiHints } from "./config-ui-hints.js";
@@ -123,11 +125,57 @@ const bluebubblesAccountSchema = z
     }
   });
 
+type BlueBubblesAccountConfig = z.infer<typeof bluebubblesAccountSchema>;
+type BlueBubblesConfigWithAccounts = BlueBubblesAccountConfig & {
+  accounts?: Record<string, BlueBubblesAccountConfig>;
+};
+
 export const BlueBubblesConfigSchema = buildCatchallMultiAccountChannelSchema(
   bluebubblesAccountSchema,
-).safeExtend({
-  actions: bluebubblesActionSchema,
-});
+)
+  .safeExtend({
+    actions: bluebubblesActionSchema,
+  })
+  .superRefine((value, ctx) => {
+    const config = value as BlueBubblesConfigWithAccounts;
+    requireOpenAllowFrom({
+      policy: config.dmPolicy,
+      allowFrom: config.allowFrom,
+      ctx,
+      path: ["allowFrom"],
+      message:
+        'channels.bluebubbles.dmPolicy="open" requires channels.bluebubbles.allowFrom to include "*"',
+    });
+    requireAllowlistAllowFrom({
+      policy: config.dmPolicy,
+      allowFrom: config.allowFrom,
+      ctx,
+      path: ["allowFrom"],
+      message:
+        'channels.bluebubbles.dmPolicy="allowlist" requires channels.bluebubbles.allowFrom to contain at least one sender ID',
+    });
+
+    for (const [accountId, account] of Object.entries(config.accounts ?? {})) {
+      const effectivePolicy = account.dmPolicy ?? config.dmPolicy;
+      const effectiveAllowFrom = account.allowFrom ?? config.allowFrom;
+      requireOpenAllowFrom({
+        policy: effectivePolicy,
+        allowFrom: effectiveAllowFrom,
+        ctx,
+        path: ["accounts", accountId, "allowFrom"],
+        message:
+          'channels.bluebubbles.accounts.*.dmPolicy="open" requires channels.bluebubbles.accounts.*.allowFrom (or channels.bluebubbles.allowFrom) to include "*"',
+      });
+      requireAllowlistAllowFrom({
+        policy: effectivePolicy,
+        allowFrom: effectiveAllowFrom,
+        ctx,
+        path: ["accounts", accountId, "allowFrom"],
+        message:
+          'channels.bluebubbles.accounts.*.dmPolicy="allowlist" requires channels.bluebubbles.accounts.*.allowFrom (or channels.bluebubbles.allowFrom) to contain at least one sender ID',
+      });
+    }
+  });
 
 export const BlueBubblesChannelConfigSchema = buildChannelConfigSchema(BlueBubblesConfigSchema, {
   uiHints: bluebubblesChannelConfigUiHints,
diff --git a/extensions/bluebubbles/src/setup-surface.test.ts b/extensions/bluebubbles/src/setup-surface.test.ts
@@ -557,6 +557,96 @@ describe("BlueBubblesConfigSchema", () => {
         ?.work?.replyContextApiFallback,
     ).toBe(false);
   });
+
+  it('rejects dmPolicy="allowlist" without channel allowFrom', () => {
+    const parsed = BlueBubblesConfigSchema.safeParse({
+      dmPolicy: "allowlist",
+    });
+    expect(parsed.success).toBe(false);
+    if (parsed.success) {
+      return;
+    }
+    expect(parsed.error.issues[0]?.path).toEqual(["allowFrom"]);
+    expect(parsed.error.issues[0]?.message).toBe(
+      'channels.bluebubbles.dmPolicy="allowlist" requires channels.bluebubbles.allowFrom to contain at least one sender ID',
+    );
+  });
+
+  it('rejects dmPolicy="open" without channel allowFrom wildcard', () => {
+    const parsed = BlueBubblesConfigSchema.safeParse({
+      dmPolicy: "open",
+      allowFrom: ["user@example.com"],
+    });
+    expect(parsed.success).toBe(false);
+    if (parsed.success) {
+      return;
+    }
+    expect(parsed.error.issues[0]?.path).toEqual(["allowFrom"]);
+    expect(parsed.error.issues[0]?.message).toBe(
+      'channels.bluebubbles.dmPolicy="open" requires channels.bluebubbles.allowFrom to include "*"',
+    );
+  });
+
+  it("rejects account allowlist when neither account nor channel has allowFrom", () => {
+    const parsed = BlueBubblesConfigSchema.safeParse({
+      accounts: {
+        work: {
+          dmPolicy: "allowlist",
+        },
+      },
+    });
+    expect(parsed.success).toBe(false);
+    if (parsed.success) {
+      return;
+    }
+    expect(parsed.error.issues[0]?.path).toEqual(["accounts", "work", "allowFrom"]);
+    expect(parsed.error.issues[0]?.message).toBe(
+      'channels.bluebubbles.accounts.*.dmPolicy="allowlist" requires channels.bluebubbles.accounts.*.allowFrom (or channels.bluebubbles.allowFrom) to contain at least one sender ID',
+    );
+  });
+
+  it("accepts account allowlist when channel allowFrom is inherited", () => {
+    const parsed = BlueBubblesConfigSchema.safeParse({
+      allowFrom: ["user@example.com"],
+      accounts: {
+        work: {
+          dmPolicy: "allowlist",
+        },
+      },
+    });
+    expect(parsed.success).toBe(true);
+  });
+
+  it("rejects account open policy when effective allowFrom has no wildcard", () => {
+    const parsed = BlueBubblesConfigSchema.safeParse({
+      allowFrom: ["user@example.com"],
+      accounts: {
+        work: {
+          dmPolicy: "open",
+        },
+      },
+    });
+    expect(parsed.success).toBe(false);
+    if (parsed.success) {
+      return;
+    }
+    expect(parsed.error.issues[0]?.path).toEqual(["accounts", "work", "allowFrom"]);
+    expect(parsed.error.issues[0]?.message).toBe(
+      'channels.bluebubbles.accounts.*.dmPolicy="open" requires channels.bluebubbles.accounts.*.allowFrom (or channels.bluebubbles.allowFrom) to include "*"',
+    );
+  });
+
+  it("accepts account open policy when channel allowFrom wildcard is inherited", () => {
+    const parsed = BlueBubblesConfigSchema.safeParse({
+      allowFrom: ["*"],
+      accounts: {
+        work: {
+          dmPolicy: "open",
+        },
+      },
+    });
+    expect(parsed.success).toBe(true);
+  });
 });
 
 describe("bluebubbles group policy", () => {
diff --git a/src/config/config.allowlist-requires-allowfrom.test.ts b/src/config/config.allowlist-requires-allowfrom.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
+import { BlueBubblesConfigSchema } from "../../extensions/bluebubbles/channel-config-api.js";
 import {
-  BlueBubblesConfigSchema,
   DiscordConfigSchema,
   IMessageConfigSchema,
   IrcConfigSchema,
diff --git a/src/config/zod-schema.providers-core.ts b/src/config/zod-schema.providers-core.ts
@@ -1459,129 +1459,6 @@ export const IMessageConfigSchema = IMessageAccountSchemaBase.extend({
   }
 });
 
-const BlueBubblesAllowFromEntry = z.union([z.string(), z.number()]);
-
-const BlueBubblesActionSchema = z
-  .object({
-    reactions: z.boolean().optional(),
-    edit: z.boolean().optional(),
-    unsend: z.boolean().optional(),
-    reply: z.boolean().optional(),
-    sendWithEffect: z.boolean().optional(),
-    renameGroup: z.boolean().optional(),
-    setGroupIcon: z.boolean().optional(),
-    addParticipant: z.boolean().optional(),
-    removeParticipant: z.boolean().optional(),
-    leaveGroup: z.boolean().optional(),
-    sendAttachment: z.boolean().optional(),
-  })
-  .strict()
-  .optional();
-
-const BlueBubblesGroupConfigSchema = z
-  .object({
-    requireMention: z.boolean().optional(),
-    tools: ToolPolicySchema,
-    toolsBySender: ToolPolicyBySenderSchema,
-  })
-  .strict();
-
-export const BlueBubblesAccountSchemaBase = z
-  .object({
-    name: z.string().optional(),
-    capabilities: z.array(z.string()).optional(),
-    markdown: MarkdownConfigSchema,
-    configWrites: z.boolean().optional(),
-    enabled: z.boolean().optional(),
-    serverUrl: z.string().optional(),
-    password: SecretInputSchema.optional().register(sensitive),
-    webhookPath: z.string().optional(),
-    dmPolicy: DmPolicySchema.optional().default("pairing"),
-    allowFrom: z.array(BlueBubblesAllowFromEntry).optional(),
-    groupAllowFrom: z.array(BlueBubblesAllowFromEntry).optional(),
-    groupPolicy: GroupPolicySchema.optional().default("allowlist"),
-    contextVisibility: ContextVisibilityModeSchema.optional(),
-    historyLimit: z.number().int().min(0).optional(),
-    dmHistoryLimit: z.number().int().min(0).optional(),
-    dms: z.record(z.string(), DmConfigSchema.optional()).optional(),
-    textChunkLimit: z.number().int().positive().optional(),
-    sendTimeoutMs: z.number().int().positive().optional(),
-    chunkMode: z.enum(["length", "newline"]).optional(),
-    mediaMaxMb: z.number().int().positive().optional(),
-    mediaLocalRoots: z.array(z.string()).optional(),
-    sendReadReceipts: z.boolean().optional(),
-    network: z
-      .object({
-        dangerouslyAllowPrivateNetwork: z.boolean().optional(),
-      })
-      .strict()
-      .optional(),
-    blockStreaming: z.boolean().optional(),
-    blockStreamingCoalesce: BlockStreamingCoalesceSchema.optional(),
-    groups: z.record(z.string(), BlueBubblesGroupConfigSchema.optional()).optional(),
-    enrichGroupParticipantsFromContacts: z.boolean().optional(),
-    heartbeat: ChannelHeartbeatVisibilitySchema,
-    healthMonitor: ChannelHealthMonitorSchema,
-    responsePrefix: z.string().optional(),
-    coalesceSameSenderDms: z.boolean().optional(),
-  })
-  .strict();
-
-// Account-level schemas skip allowFrom validation because accounts inherit
-// allowFrom from the parent channel config at runtime.
-// Validation is enforced at the top-level BlueBubblesConfigSchema instead.
-export const BlueBubblesAccountSchema = BlueBubblesAccountSchemaBase;
-
-export const BlueBubblesConfigSchema = BlueBubblesAccountSchemaBase.extend({
-  accounts: z.record(z.string(), BlueBubblesAccountSchema.optional()).optional(),
-  defaultAccount: z.string().optional(),
-  actions: BlueBubblesActionSchema,
-}).superRefine((value, ctx) => {
-  requireOpenAllowFrom({
-    policy: value.dmPolicy,
-    allowFrom: value.allowFrom,
-    ctx,
-    path: ["allowFrom"],
-    message:
-      'channels.bluebubbles.dmPolicy="open" requires channels.bluebubbles.allowFrom to include "*"',
-  });
-  requireAllowlistAllowFrom({
-    policy: value.dmPolicy,
-    allowFrom: value.allowFrom,
-    ctx,
-    path: ["allowFrom"],
-    message:
-      'channels.bluebubbles.dmPolicy="allowlist" requires channels.bluebubbles.allowFrom to contain at least one sender ID',
-  });
-
-  if (!value.accounts) {
-    return;
-  }
-  for (const [accountId, account] of Object.entries(value.accounts)) {
-    if (!account) {
-      continue;
-    }
-    const effectivePolicy = account.dmPolicy ?? value.dmPolicy;
-    const effectiveAllowFrom = account.allowFrom ?? value.allowFrom;
-    requireOpenAllowFrom({
-      policy: effectivePolicy,
-      allowFrom: effectiveAllowFrom,
-      ctx,
-      path: ["accounts", accountId, "allowFrom"],
-      message:
-        'channels.bluebubbles.accounts.*.dmPolicy="open" requires channels.bluebubbles.accounts.*.allowFrom (or channels.bluebubbles.allowFrom) to include "*"',
-    });
-    requireAllowlistAllowFrom({
-      policy: effectivePolicy,
-      allowFrom: effectiveAllowFrom,
-      ctx,
-      path: ["accounts", accountId, "allowFrom"],
-      message:
-        'channels.bluebubbles.accounts.*.dmPolicy="allowlist" requires channels.bluebubbles.accounts.*.allowFrom (or channels.bluebubbles.allowFrom) to contain at least one sender ID',
-    });
-  }
-});
-
 export const MSTeamsChannelSchema = z
   .object({
     requireMention: z.boolean().optional(),
diff --git a/src/plugin-sdk/bundled-channel-config-schema.ts b/src/plugin-sdk/bundled-channel-config-schema.ts
@@ -19,6 +19,7 @@ export {
   GroupPolicySchema,
   MarkdownConfigSchema,
   ReplyRuntimeConfigSchemaShape,
+  requireAllowlistAllowFrom,
   requireOpenAllowFrom,
 } from "../config/zod-schema.core.js";
 export { ToolPolicySchema } from "../config/zod-schema.agent-runtime.js";
diff --git a/src/plugin-sdk/channel-config-primitives.ts b/src/plugin-sdk/channel-config-primitives.ts
@@ -12,5 +12,6 @@ export {
   GroupPolicySchema,
   MarkdownConfigSchema,
   ReplyRuntimeConfigSchemaShape,
+  requireAllowlistAllowFrom,
   requireOpenAllowFrom,
 } from "../config/zod-schema.core.js";
diff --git a/src/plugin-sdk/channel-config-schema.ts b/src/plugin-sdk/channel-config-schema.ts
@@ -14,6 +14,7 @@ export {
   GroupPolicySchema,
   MarkdownConfigSchema,
   ReplyRuntimeConfigSchemaShape,
+  requireAllowlistAllowFrom,
   requireOpenAllowFrom,
 } from "../config/zod-schema.core.js";
 export { ToolPolicySchema } from "../config/zod-schema.agent-runtime.js";

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-export { BlueBubblesChannelConfigSchema } from "./src/config-schema.js";`
	`1`	`+export { BlueBubblesChannelConfigSchema, BlueBubblesConfigSchema } from "./src/config-schema.js";`