Move provider to a plugin-architecture (#661)

* refactor: introduce provider plugin registry * refactor: move provider CLI to plugins * docs: add provider plugin implementation notes * refactor: shift provider runtime logic into plugins * refactor: add plugin defaults and summaries * docs: update provider plugin notes * feat(commands): add /commands slash list * Auto-reply: tidy help message * Auto-reply: fix status command lint * Tests: align google shared expectations * Auto-reply: tidy help message * Auto-reply: fix status command lint * refactor: move provider routing into plugins * test: align agent routing expectations * docs: update provider plugin notes * refactor: route replies via provider plugins * docs: note route-reply plugin hooks * refactor: extend provider plugin contract * refactor: derive provider status from plugins * refactor: unify gateway provider control * refactor: use plugin metadata in auto-reply * fix: parenthesize cron target selection * refactor: derive gateway methods from plugins * refactor: generalize provider logout * refactor: route provider logout through plugins * refactor: move WhatsApp web login methods into plugin * refactor: generalize provider log prefixes * refactor: centralize default chat provider * refactor: derive provider lists from registry * refactor: move provider reload noops into plugins * refactor: resolve web login provider via alias * refactor: derive CLI provider options from plugins * refactor: derive prompt provider list from plugins * style: apply biome lint fixes * fix: resolve provider routing edge cases * docs: update provider plugin refactor notes * fix(gateway): harden agent provider routing * refactor: move provider routing into plugins * refactor: move provider CLI to plugins * refactor: derive provider lists from registry * fix: restore slash command parsing * refactor: align provider ids for schema * refactor: unify outbound target resolution * fix: keep outbound labels stable * feat: add msteams to cron surfaces * fix: clean up lint build issues * refactor: localize chat provider alias normalization * refactor: drive gateway provider lists from plugins * docs: update provider plugin notes * style: format message-provider * fix: avoid provider registry init cycles * style: sort message-provider imports * fix: relax provider alias map typing * refactor: move provider routing into plugins * refactor: add plugin pairing/config adapters * refactor: route pairing and provider removal via plugins * refactor: align auto-reply provider typing * test: stabilize telegram media mocks * docs: update provider plugin refactor notes * refactor: pluginize outbound targets * refactor: pluginize provider selection * refactor: generalize text chunk limits * docs: update provider plugin notes * refactor: generalize group session/config * fix: normalize provider id for room detection * fix: avoid provider init in system prompt * style: formatting cleanup * refactor: normalize agent delivery targets * test: update outbound delivery labels * chore: fix lint regressions * refactor: extend provider plugin adapters * refactor: move elevated/block streaming defaults to plugins * refactor: defer outbound send deps to plugins * docs: note plugin-driven streaming/elevated defaults * refactor: centralize webchat provider constant * refactor: add provider setup adapters * refactor: delegate provider add config to plugins * docs: document plugin-driven provider add * refactor: add plugin state/binding metadata * refactor: build agent provider status from plugins * docs: note plugin-driven agent bindings * refactor: centralize internal provider constant usage * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize default chat provider * refactor: centralize WhatsApp target normalization * refactor: move provider routing into plugins * refactor: normalize agent delivery targets * chore: fix lint regressions * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * feat: expand provider plugin adapters * refactor: route auto-reply via provider plugins * fix: align WhatsApp target normalization * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize WhatsApp target normalization * feat: add /config chat config updates * docs: add /config get alias * feat(commands): add /commands slash list * refactor: centralize default chat provider * style: apply biome lint fixes * chore: fix lint regressions * fix: clean up whatsapp allowlist typing * style: format config command helpers * refactor: pluginize tool threading context * refactor: normalize session announce targets * docs: note new plugin threading and announce hooks * refactor: pluginize message actions * docs: update provider plugin actions notes * fix: align provider action adapters * refactor: centralize webchat checks * style: format message provider helpers * refactor: move provider onboarding into adapters * docs: note onboarding provider adapters * feat: add msteams onboarding adapter * style: organize onboarding imports * fix: normalize msteams allowFrom types * feat: add plugin text chunk limits * refactor: use plugin chunk limit fallbacks * feat: add provider mention stripping hooks * style: organize provider plugin type imports * refactor: generalize health snapshots * refactor: update macOS health snapshot handling * docs: refresh health snapshot notes * style: format health snapshot updates * refactor: drive security warnings via plugins * docs: note provider security adapter * style: format provider security adapters * refactor: centralize provider account defaults * refactor: type gateway client identity constants * chore: regen gateway protocol swift * fix: degrade health on failed provider probe * refactor: centralize pairing approve hint * docs: add plugin CLI command references * refactor: route auth and tool sends through plugins * docs: expand provider plugin hooks * refactor: document provider docking touchpoints * refactor: normalize internal provider defaults * refactor: streamline outbound delivery wiring * refactor: make provider onboarding plugin-owned * refactor: support provider-owned agent tools * refactor: move telegram draft chunking into telegram module * refactor: infer provider tool sends via extractToolSend * fix: repair plugin onboarding imports * refactor: de-dup outbound target normalization * style: tidy plugin and agent imports * refactor: data-drive provider selection line * fix: satisfy lint after provider plugin rebase * test: deflake gateway-cli coverage * style: format gateway-cli coverage test * refactor(provider-plugins): simplify provider ids * test(pairing-cli): avoid provider-specific ternary * style(macos): swiftformat HealthStore * refactor(sandbox): derive provider tool denylist * fix(sandbox): avoid plugin init in defaults * refactor(provider-plugins): centralize provider aliases * style(test): satisfy biome * refactor(protocol): v3 providers.status maps * refactor(ui): adapt to protocol v3 * refactor(macos): adapt to protocol v3 * test: update providers.status v3 fixtures * refactor(gateway): map provider runtime snapshot * test(gateway): update reload runtime snapshot * refactor(whatsapp): normalize heartbeat provider id * docs(refactor): update provider plugin notes * style: satisfy biome after rebase * fix: describe sandboxed elevated in prompt * feat(gateway): add agent image attachments + live probe * refactor: derive CLI provider options from plugins * fix(gateway): harden agent provider routing * fix(gateway): harden agent provider routing * refactor: align provider ids for schema * fix(protocol): keep agent provider string * fix(gateway): harden agent provider routing * fix(protocol): keep agent provider string * refactor: normalize agent delivery targets * refactor: support provider-owned agent tools * refactor(config): provider-keyed elevated allowFrom * style: satisfy biome * fix(gateway): appease provider narrowing * style: satisfy biome * refactor(reply): move group intro hints into plugin * fix(reply): avoid plugin registry init cycle * refactor(providers): add lightweight provider dock * refactor(gateway): use typed client id in connect * refactor(providers): document docks and avoid init cycles * refactor(providers): make media limit helper generic * fix(providers): break plugin registry import cycles * style: satisfy biome * refactor(status-all): build providers table from plugins * refactor(gateway): delegate web login to provider plugin * refactor(provider): drop web alias * refactor(provider): lazy-load monitors * style: satisfy lint/format * style: format status-all providers table * style: swiftformat gateway discovery model * test: make reload plan plugin-driven * fix: avoid token stringification in status-all * refactor: make provider IDs explicit in status * feat: warn on signal/imessage provider runtime errors * test: cover gateway provider runtime warnings in status * fix: add runtime kind to provider status issues * test: cover health degradation on probe failure * fix: keep routeReply lightweight * style: organize routeReply imports * refactor(web): extract auth-store helpers * refactor(whatsapp): lazy login imports * refactor(outbound): route replies via plugin outbound * docs: update provider plugin notes * style: format provider status issues * fix: make sandbox scope warning wrap-safe * refactor: load outbound adapters from provider plugins * docs: update provider plugin outbound notes * style(macos): fix swiftformat lint * docs: changelog for provider plugins * fix(macos): satisfy swiftformat * fix(macos): open settings via menu action * style: format after rebase * fix(macos): open Settings via menu action --------- Co-authored-by: LK <luke@kyohere.com> Co-authored-by: Luke K (pr-0f3t) <2609441+lc0rp@users.noreply.github.com> Co-authored-by: Xin <xin@imfing.com>
2026-05-09 19:14:33 +00:00 · 2026-01-11 11:45:25 +00:00
parent 23eec7d841
commit 7acd26a2fc
232 changed files with 13642 additions and 10809 deletions
--- a/src/gateway/server-methods/providers.ts
+++ b/src/gateway/server-methods/providers.ts
@@ -1,66 +1,80 @@
 import type { ClawdbotConfig } from "../../config/config.js";
-import {
-  loadConfig,
-  readConfigFileSnapshot,
-  writeConfigFile,
-} from "../../config/config.js";
-import type { TelegramGroupConfig } from "../../config/types.js";
-import {
-  listDiscordAccountIds,
-  resolveDefaultDiscordAccountId,
-  resolveDiscordAccount,
-} from "../../discord/accounts.js";
-import {
-  auditDiscordChannelPermissions,
-  collectDiscordAuditChannelIds,
-} from "../../discord/audit.js";
-import { type DiscordProbe, probeDiscord } from "../../discord/probe.js";
-import {
-  listIMessageAccountIds,
-  resolveDefaultIMessageAccountId,
-  resolveIMessageAccount,
-} from "../../imessage/accounts.js";
-import { type IMessageProbe, probeIMessage } from "../../imessage/probe.js";
+import { loadConfig, readConfigFileSnapshot } from "../../config/config.js";
 import { getProviderActivity } from "../../infra/provider-activity.js";
+import { resolveProviderDefaultAccountId } from "../../providers/plugins/helpers.js";
 import {
-  listSignalAccountIds,
-  resolveDefaultSignalAccountId,
-  resolveSignalAccount,
-} from "../../signal/accounts.js";
-import { probeSignal, type SignalProbe } from "../../signal/probe.js";
-import {
-  listSlackAccountIds,
-  resolveDefaultSlackAccountId,
-  resolveSlackAccount,
-} from "../../slack/accounts.js";
-import { probeSlack, type SlackProbe } from "../../slack/probe.js";
-import {
-  listTelegramAccountIds,
-  resolveDefaultTelegramAccountId,
-  resolveTelegramAccount,
-} from "../../telegram/accounts.js";
-import {
-  auditTelegramGroupMembership,
-  collectTelegramUnmentionedGroupIds,
-} from "../../telegram/audit.js";
-import { probeTelegram, type TelegramProbe } from "../../telegram/probe.js";
-import {
-  listEnabledWhatsAppAccounts,
-  resolveDefaultWhatsAppAccountId,
-} from "../../web/accounts.js";
-import {
-  getWebAuthAgeMs,
-  readWebSelfId,
-  webAuthExists,
-} from "../../web/session.js";
+  getProviderPlugin,
+  listProviderPlugins,
+  normalizeProviderId,
+  type ProviderId,
+} from "../../providers/plugins/index.js";
+import { buildProviderAccountSnapshot } from "../../providers/plugins/status.js";
+import type {
+  ProviderAccountSnapshot,
+  ProviderPlugin,
+} from "../../providers/plugins/types.js";
+import { DEFAULT_ACCOUNT_ID } from "../../routing/session-key.js";
+import { defaultRuntime } from "../../runtime.js";
 import {
  ErrorCodes,
  errorShape,
  formatValidationErrors,
+  validateProvidersLogoutParams,
  validateProvidersStatusParams,
 } from "../protocol/index.js";
 import { formatForLog } from "../ws-log.js";
-import type { GatewayRequestHandlers } from "./types.js";
+import type { GatewayRequestContext, GatewayRequestHandlers } from "./types.js";
+
+type ProviderLogoutPayload = {
+  provider: ProviderId;
+  accountId: string;
+  cleared: boolean;
+  [key: string]: unknown;
+};
+
+export async function logoutProviderAccount(params: {
+  providerId: ProviderId;
+  accountId?: string | null;
+  cfg: ClawdbotConfig;
+  context: GatewayRequestContext;
+  plugin: ProviderPlugin;
+}): Promise<ProviderLogoutPayload> {
+  const resolvedAccountId =
+    params.accountId?.trim() ||
+    params.plugin.config.defaultAccountId?.(params.cfg) ||
+    params.plugin.config.listAccountIds(params.cfg)[0] ||
+    DEFAULT_ACCOUNT_ID;
+  const account = params.plugin.config.resolveAccount(
+    params.cfg,
+    resolvedAccountId,
+  );
+  await params.context.stopProvider(params.providerId, resolvedAccountId);
+  const result = await params.plugin.gateway?.logoutAccount?.({
+    cfg: params.cfg,
+    accountId: resolvedAccountId,
+    account,
+    runtime: defaultRuntime,
+  });
+  if (!result) {
+    throw new Error(`Provider ${params.providerId} does not support logout`);
+  }
+  const cleared = Boolean(result.cleared);
+  const loggedOut =
+    typeof result.loggedOut === "boolean" ? result.loggedOut : cleared;
+  if (loggedOut) {
+    params.context.markProviderLoggedOut(
+      params.providerId,
+      true,
+      resolvedAccountId,
+    );
+  }
+  return {
+    provider: params.providerId,
+    accountId: resolvedAccountId,
+    ...result,
+    cleared,
+  };
+}

 export const providersHandlers: GatewayRequestHandlers = {
  "providers.status": async ({ params, respond, context }) => {
@@ -81,457 +95,222 @@ export const providersHandlers: GatewayRequestHandlers = {
      typeof timeoutMsRaw === "number" ? Math.max(1000, timeoutMsRaw) : 10_000;
    const cfg = loadConfig();
    const runtime = context.getRuntimeSnapshot();
+    const plugins = listProviderPlugins();
+    const pluginMap = new Map<ProviderId, ProviderPlugin>(
+      plugins.map((plugin) => [plugin.id, plugin]),
+    );

-    const defaultTelegramAccountId = resolveDefaultTelegramAccountId(cfg);
-    const defaultDiscordAccountId = resolveDefaultDiscordAccountId(cfg);
-    const defaultSlackAccountId = resolveDefaultSlackAccountId(cfg);
-    const defaultSignalAccountId = resolveDefaultSignalAccountId(cfg);
-    const defaultIMessageAccountId = resolveDefaultIMessageAccountId(cfg);
+    const resolveRuntimeSnapshot = (
+      providerId: ProviderId,
+      accountId: string,
+      defaultAccountId: string,
+    ): ProviderAccountSnapshot | undefined => {
+      const accounts = runtime.providerAccounts[providerId];
+      const defaultRuntime = runtime.providers[providerId];
+      const raw =
+        accounts?.[accountId] ??
+        (accountId === defaultAccountId ? defaultRuntime : undefined);
+      if (!raw) return undefined;
+      return raw;
+    };

-    const telegramAccounts = await Promise.all(
-      listTelegramAccountIds(cfg).map(async (accountId) => {
-        const account = resolveTelegramAccount({ cfg, accountId });
-        const rt =
-          runtime.telegramAccounts?.[account.accountId] ??
-          (account.accountId === defaultTelegramAccountId
-            ? runtime.telegram
-            : undefined);
-        const configured = Boolean(account.token);
-        let telegramProbe: TelegramProbe | undefined;
+    const isAccountEnabled = (plugin: ProviderPlugin, account: unknown) =>
+      plugin.config.isEnabled
+        ? plugin.config.isEnabled(account, cfg)
+        : !account ||
+          typeof account !== "object" ||
+          (account as { enabled?: boolean }).enabled !== false;
+
+    const buildProviderAccounts = async (providerId: ProviderId) => {
+      const plugin = pluginMap.get(providerId);
+      if (!plugin) {
+        return {
+          accounts: [] as ProviderAccountSnapshot[],
+          defaultAccountId: DEFAULT_ACCOUNT_ID,
+          defaultAccount: undefined as ProviderAccountSnapshot | undefined,
+          resolvedAccounts: {} as Record<string, unknown>,
+        };
+      }
+      const accountIds = plugin.config.listAccountIds(cfg);
+      const defaultAccountId = resolveProviderDefaultAccountId({
+        plugin,
+        cfg,
+        accountIds,
+      });
+      const accounts: ProviderAccountSnapshot[] = [];
+      const resolvedAccounts: Record<string, unknown> = {};
+      for (const accountId of accountIds) {
+        const account = plugin.config.resolveAccount(cfg, accountId);
+        const enabled = isAccountEnabled(plugin, account);
+        resolvedAccounts[accountId] = account;
+        let probeResult: unknown;
        let lastProbeAt: number | null = null;
-        const groups =
-          cfg.telegram?.accounts?.[account.accountId]?.groups ??
-          cfg.telegram?.groups;
-        const { groupIds, unresolvedGroups, hasWildcardUnmentionedGroups } =
-          collectTelegramUnmentionedGroupIds(
-            groups as Record<string, TelegramGroupConfig> | undefined,
-          );
-        let audit:
-          | Awaited<ReturnType<typeof auditTelegramGroupMembership>>
-          | undefined;
-        if (probe && configured && account.enabled) {
-          telegramProbe = await probeTelegram(
-            account.token,
-            timeoutMs,
-            account.config.proxy,
-          );
-          lastProbeAt = Date.now();
-          const botId =
-            telegramProbe.ok && telegramProbe.bot?.id != null
-              ? telegramProbe.bot.id
-              : null;
-          if (botId && (groupIds.length > 0 || unresolvedGroups > 0)) {
-            const auditRes = await auditTelegramGroupMembership({
-              token: account.token,
-              botId,
-              groupIds,
-              proxyUrl: account.config.proxy,
+        if (probe && enabled && plugin.status?.probeAccount) {
+          let configured = true;
+          if (plugin.config.isConfigured) {
+            configured = await plugin.config.isConfigured(account, cfg);
+          }
+          if (configured) {
+            probeResult = await plugin.status.probeAccount({
+              account,
              timeoutMs,
+              cfg,
            });
-            audit = {
-              ...auditRes,
-              unresolvedGroups,
-              hasWildcardUnmentionedGroups,
-            };
-          } else if (unresolvedGroups > 0 || hasWildcardUnmentionedGroups) {
-            audit = {
-              ok: unresolvedGroups === 0 && !hasWildcardUnmentionedGroups,
-              checkedGroups: 0,
-              unresolvedGroups,
-              hasWildcardUnmentionedGroups,
-              groups: [],
-              elapsedMs: 0,
-            };
+            lastProbeAt = Date.now();
          }
        }
-        const allowUnmentionedGroups =
-          Boolean(
-            groups?.["*"] &&
-              (groups["*"] as { requireMention?: boolean }).requireMention ===
-                false,
-          ) ||
-          Object.entries(groups ?? {}).some(
-            ([key, value]) =>
-              key !== "*" &&
-              Boolean(value) &&
-              typeof value === "object" &&
-              (value as { requireMention?: boolean }).requireMention === false,
-          );
-        return {
-          accountId: account.accountId,
-          name: account.name,
-          enabled: account.enabled,
-          configured,
-          tokenSource: account.tokenSource,
-          running: rt?.running ?? false,
-          mode: rt?.mode ?? (account.config.webhookUrl ? "webhook" : "polling"),
-          lastStartAt: rt?.lastStartAt ?? null,
-          lastStopAt: rt?.lastStopAt ?? null,
-          lastError: rt?.lastError ?? null,
-          probe: telegramProbe,
-          lastProbeAt,
-          audit,
-          allowUnmentionedGroups,
-          lastInboundAt: getProviderActivity({
-            provider: "telegram",
-            accountId: account.accountId,
-          }).inboundAt,
-          lastOutboundAt: getProviderActivity({
-            provider: "telegram",
-            accountId: account.accountId,
-          }).outboundAt,
-        };
-      }),
-    );
-    const defaultTelegramAccount =
-      telegramAccounts.find(
-        (account) => account.accountId === defaultTelegramAccountId,
-      ) ?? telegramAccounts[0];
-
-    const discordAccounts = await Promise.all(
-      listDiscordAccountIds(cfg).map(async (accountId) => {
-        const account = resolveDiscordAccount({ cfg, accountId });
-        const rt =
-          runtime.discordAccounts?.[account.accountId] ??
-          (account.accountId === defaultDiscordAccountId
-            ? runtime.discord
-            : undefined);
-        const configured = Boolean(account.token);
-        let discordProbe: DiscordProbe | undefined;
-        let lastProbeAt: number | null = null;
-        const { channelIds: auditChannelIds, unresolvedChannels } =
-          collectDiscordAuditChannelIds({ cfg, accountId: account.accountId });
-        let audit:
-          | Awaited<ReturnType<typeof auditDiscordChannelPermissions>>
-          | undefined;
-        if (probe && configured && account.enabled) {
-          discordProbe = await probeDiscord(account.token, timeoutMs, {
-            includeApplication: true,
-          });
-          lastProbeAt = Date.now();
-          if (auditChannelIds.length > 0 || unresolvedChannels > 0) {
-            const auditRes = await auditDiscordChannelPermissions({
-              token: account.token,
-              accountId: account.accountId,
-              channelIds: auditChannelIds,
+        let auditResult: unknown;
+        if (probe && enabled && plugin.status?.auditAccount) {
+          let configured = true;
+          if (plugin.config.isConfigured) {
+            configured = await plugin.config.isConfigured(account, cfg);
+          }
+          if (configured) {
+            auditResult = await plugin.status.auditAccount({
+              account,
              timeoutMs,
+              cfg,
+              probe: probeResult,
            });
-            audit = { ...auditRes, unresolvedChannels };
          }
        }
-        return {
-          accountId: account.accountId,
-          name: account.name,
-          enabled: account.enabled,
-          configured,
-          tokenSource: account.tokenSource,
-          bot: rt?.bot ?? null,
-          application: rt?.application ?? null,
-          running: rt?.running ?? false,
-          lastStartAt: rt?.lastStartAt ?? null,
-          lastStopAt: rt?.lastStopAt ?? null,
-          lastError: rt?.lastError ?? null,
-          probe: discordProbe,
-          lastProbeAt,
-          audit,
-          lastInboundAt: getProviderActivity({
-            provider: "discord",
-            accountId: account.accountId,
-          }).inboundAt,
-          lastOutboundAt: getProviderActivity({
-            provider: "discord",
-            accountId: account.accountId,
-          }).outboundAt,
-        };
-      }),
-    );
-    const defaultDiscordAccount =
-      discordAccounts.find(
-        (account) => account.accountId === defaultDiscordAccountId,
-      ) ?? discordAccounts[0];
-
-    const slackAccounts = await Promise.all(
-      listSlackAccountIds(cfg).map(async (accountId) => {
-        const account = resolveSlackAccount({ cfg, accountId });
-        const rt =
-          runtime.slackAccounts?.[account.accountId] ??
-          (account.accountId === defaultSlackAccountId
-            ? runtime.slack
-            : undefined);
-        const configured = Boolean(account.botToken && account.appToken);
-        let slackProbe: SlackProbe | undefined;
-        let lastProbeAt: number | null = null;
-        if (probe && configured && account.enabled && account.botToken) {
-          slackProbe = await probeSlack(account.botToken, timeoutMs);
-          lastProbeAt = Date.now();
-        }
-        return {
-          accountId: account.accountId,
-          name: account.name,
-          enabled: account.enabled,
-          configured,
-          botTokenSource: account.botTokenSource,
-          appTokenSource: account.appTokenSource,
-          running: rt?.running ?? false,
-          lastStartAt: rt?.lastStartAt ?? null,
-          lastStopAt: rt?.lastStopAt ?? null,
-          lastError: rt?.lastError ?? null,
-          probe: slackProbe,
-          lastProbeAt,
-        };
-      }),
-    );
-    const defaultSlackAccount =
-      slackAccounts.find(
-        (account) => account.accountId === defaultSlackAccountId,
-      ) ?? slackAccounts[0];
-
-    const signalAccounts = await Promise.all(
-      listSignalAccountIds(cfg).map(async (accountId) => {
-        const account = resolveSignalAccount({ cfg, accountId });
-        const rt =
-          runtime.signalAccounts?.[account.accountId] ??
-          (account.accountId === defaultSignalAccountId
-            ? runtime.signal
-            : undefined);
-        const configured = account.configured;
-        let signalProbe: SignalProbe | undefined;
-        let lastProbeAt: number | null = null;
-        if (probe && configured && account.enabled) {
-          signalProbe = await probeSignal(account.baseUrl, timeoutMs);
-          lastProbeAt = Date.now();
-        }
-        return {
-          accountId: account.accountId,
-          name: account.name,
-          enabled: account.enabled,
-          configured,
-          baseUrl: account.baseUrl,
-          running: rt?.running ?? false,
-          lastStartAt: rt?.lastStartAt ?? null,
-          lastStopAt: rt?.lastStopAt ?? null,
-          lastError: rt?.lastError ?? null,
-          probe: signalProbe,
-          lastProbeAt,
-        };
-      }),
-    );
-    const defaultSignalAccount =
-      signalAccounts.find(
-        (account) => account.accountId === defaultSignalAccountId,
-      ) ?? signalAccounts[0];
-
-    const imessageBaseConfigured = Boolean(cfg.imessage);
-    let imessageProbe: IMessageProbe | undefined;
-    let imessageLastProbeAt: number | null = null;
-    if (probe && imessageBaseConfigured) {
-      imessageProbe = await probeIMessage(timeoutMs);
-      imessageLastProbeAt = Date.now();
-    }
-    const imessageAccounts = listIMessageAccountIds(cfg).map((accountId) => {
-      const account = resolveIMessageAccount({ cfg, accountId });
-      const rt =
-        runtime.imessageAccounts?.[account.accountId] ??
-        (account.accountId === defaultIMessageAccountId
-          ? runtime.imessage
-          : undefined);
-      return {
-        accountId: account.accountId,
-        name: account.name,
-        enabled: account.enabled,
-        configured: imessageBaseConfigured,
-        running: rt?.running ?? false,
-        lastStartAt: rt?.lastStartAt ?? null,
-        lastStopAt: rt?.lastStopAt ?? null,
-        lastError: rt?.lastError ?? null,
-        cliPath: rt?.cliPath ?? account.config.cliPath ?? null,
-        dbPath: rt?.dbPath ?? account.config.dbPath ?? null,
-        probe: imessageProbe,
-        lastProbeAt: imessageLastProbeAt,
-      };
-    });
-    const defaultIMessageAccount =
-      imessageAccounts.find(
-        (account) => account.accountId === defaultIMessageAccountId,
-      ) ?? imessageAccounts[0];
-    const defaultWhatsAppAccountId = resolveDefaultWhatsAppAccountId(cfg);
-    const enabledWhatsAppAccounts = listEnabledWhatsAppAccounts(cfg);
-    const defaultWhatsAppAccount =
-      enabledWhatsAppAccounts.find(
-        (account) => account.accountId === defaultWhatsAppAccountId,
-      ) ?? enabledWhatsAppAccounts[0];
-    const linked = defaultWhatsAppAccount
-      ? await webAuthExists(defaultWhatsAppAccount.authDir)
-      : false;
-    const authAgeMs = defaultWhatsAppAccount
-      ? getWebAuthAgeMs(defaultWhatsAppAccount.authDir)
-      : null;
-    const self = defaultWhatsAppAccount
-      ? readWebSelfId(defaultWhatsAppAccount.authDir)
-      : { e164: null, jid: null };
-
-    const defaultWhatsAppStatus = {
-      running: false,
-      connected: false,
-      reconnectAttempts: 0,
-      lastConnectedAt: null,
-      lastDisconnect: null,
-      lastMessageAt: null,
-      lastEventAt: null,
-      lastError: null,
-    } as const;
-    const whatsappAccounts = await Promise.all(
-      enabledWhatsAppAccounts.map(async (account) => {
-        const rt =
-          runtime.whatsappAccounts?.[account.accountId] ??
-          defaultWhatsAppStatus;
-        return {
-          accountId: account.accountId,
-          enabled: account.enabled,
-          linked: await webAuthExists(account.authDir),
-          authAgeMs: getWebAuthAgeMs(account.authDir),
-          self: readWebSelfId(account.authDir),
-          running: rt.running,
-          connected: rt.connected,
-          lastConnectedAt: rt.lastConnectedAt ?? null,
-          lastDisconnect: rt.lastDisconnect ?? null,
-          reconnectAttempts: rt.reconnectAttempts,
-          lastMessageAt: rt.lastMessageAt ?? null,
-          lastEventAt: rt.lastEventAt ?? null,
-          lastError: rt.lastError ?? null,
-          lastInboundAt: getProviderActivity({
-            provider: "whatsapp",
-            accountId: account.accountId,
-          }).inboundAt,
-          lastOutboundAt: getProviderActivity({
-            provider: "whatsapp",
-            accountId: account.accountId,
-          }).outboundAt,
-        };
-      }),
-    );
-
-    respond(
-      true,
-      {
-        ts: Date.now(),
-        whatsapp: {
-          configured: linked,
-          linked,
-          authAgeMs,
-          self,
-          running: runtime.whatsapp.running,
-          connected: runtime.whatsapp.connected,
-          lastConnectedAt: runtime.whatsapp.lastConnectedAt ?? null,
-          lastDisconnect: runtime.whatsapp.lastDisconnect ?? null,
-          reconnectAttempts: runtime.whatsapp.reconnectAttempts,
-          lastMessageAt: runtime.whatsapp.lastMessageAt ?? null,
-          lastEventAt: runtime.whatsapp.lastEventAt ?? null,
-          lastError: runtime.whatsapp.lastError ?? null,
-        },
-        whatsappAccounts,
-        whatsappDefaultAccountId: defaultWhatsAppAccountId,
-        telegram: {
-          configured: defaultTelegramAccount?.configured ?? false,
-          tokenSource: defaultTelegramAccount?.tokenSource ?? "none",
-          running: defaultTelegramAccount?.running ?? false,
-          mode: defaultTelegramAccount?.mode ?? null,
-          lastStartAt: defaultTelegramAccount?.lastStartAt ?? null,
-          lastStopAt: defaultTelegramAccount?.lastStopAt ?? null,
-          lastError: defaultTelegramAccount?.lastError ?? null,
-          probe: defaultTelegramAccount?.probe,
-          lastProbeAt: defaultTelegramAccount?.lastProbeAt ?? null,
-        },
-        telegramAccounts,
-        telegramDefaultAccountId: defaultTelegramAccountId,
-        discord: {
-          configured: defaultDiscordAccount?.configured ?? false,
-          tokenSource: defaultDiscordAccount?.tokenSource ?? "none",
-          running: defaultDiscordAccount?.running ?? false,
-          lastStartAt: defaultDiscordAccount?.lastStartAt ?? null,
-          lastStopAt: defaultDiscordAccount?.lastStopAt ?? null,
-          lastError: defaultDiscordAccount?.lastError ?? null,
-          probe: defaultDiscordAccount?.probe,
-          lastProbeAt: defaultDiscordAccount?.lastProbeAt ?? null,
-        },
-        discordAccounts,
-        discordDefaultAccountId: defaultDiscordAccountId,
-        slack: {
-          configured: defaultSlackAccount?.configured ?? false,
-          botTokenSource: defaultSlackAccount?.botTokenSource ?? "none",
-          appTokenSource: defaultSlackAccount?.appTokenSource ?? "none",
-          running: defaultSlackAccount?.running ?? false,
-          lastStartAt: defaultSlackAccount?.lastStartAt ?? null,
-          lastStopAt: defaultSlackAccount?.lastStopAt ?? null,
-          lastError: defaultSlackAccount?.lastError ?? null,
-          probe: defaultSlackAccount?.probe,
-          lastProbeAt: defaultSlackAccount?.lastProbeAt ?? null,
-        },
-        slackAccounts,
-        slackDefaultAccountId: defaultSlackAccountId,
-        signal: {
-          configured: defaultSignalAccount?.configured ?? false,
-          baseUrl: defaultSignalAccount?.baseUrl ?? null,
-          running: defaultSignalAccount?.running ?? false,
-          lastStartAt: defaultSignalAccount?.lastStartAt ?? null,
-          lastStopAt: defaultSignalAccount?.lastStopAt ?? null,
-          lastError: defaultSignalAccount?.lastError ?? null,
-          probe: defaultSignalAccount?.probe,
-          lastProbeAt: defaultSignalAccount?.lastProbeAt ?? null,
-        },
-        signalAccounts,
-        signalDefaultAccountId: defaultSignalAccountId,
-        imessage: {
-          configured: defaultIMessageAccount?.configured ?? false,
-          running: defaultIMessageAccount?.running ?? false,
-          lastStartAt: defaultIMessageAccount?.lastStartAt ?? null,
-          lastStopAt: defaultIMessageAccount?.lastStopAt ?? null,
-          lastError: defaultIMessageAccount?.lastError ?? null,
-          cliPath: defaultIMessageAccount?.cliPath ?? null,
-          dbPath: defaultIMessageAccount?.dbPath ?? null,
-          probe: defaultIMessageAccount?.probe,
-          lastProbeAt: defaultIMessageAccount?.lastProbeAt ?? null,
-        },
-        imessageAccounts,
-        imessageDefaultAccountId: defaultIMessageAccountId,
-      },
-      undefined,
-    );
-  },
-  "telegram.logout": async ({ respond, context }) => {
-    try {
-      await context.stopTelegramProvider();
-      const snapshot = await readConfigFileSnapshot();
-      if (!snapshot.valid) {
-        respond(
-          false,
-          undefined,
-          errorShape(
-            ErrorCodes.INVALID_REQUEST,
-            "config invalid; fix it before logging out",
-          ),
+        const runtimeSnapshot = resolveRuntimeSnapshot(
+          providerId,
+          accountId,
+          defaultAccountId,
        );
-        return;
+        const snapshot = await buildProviderAccountSnapshot({
+          plugin,
+          cfg,
+          accountId,
+          runtime: runtimeSnapshot,
+          probe: probeResult,
+          audit: auditResult,
+        });
+        if (lastProbeAt) snapshot.lastProbeAt = lastProbeAt;
+        const activity = getProviderActivity({
+          provider: providerId as never,
+          accountId,
+        });
+        if (snapshot.lastInboundAt == null) {
+          snapshot.lastInboundAt = activity.inboundAt;
+        }
+        if (snapshot.lastOutboundAt == null) {
+          snapshot.lastOutboundAt = activity.outboundAt;
+        }
+        accounts.push(snapshot);
      }
-      const cfg = snapshot.config ?? {};
-      const envToken = process.env.TELEGRAM_BOT_TOKEN?.trim() ?? "";
-      const hadToken = Boolean(cfg.telegram?.botToken);
-      const nextTelegram = cfg.telegram ? { ...cfg.telegram } : undefined;
-      if (nextTelegram) {
-        delete nextTelegram.botToken;
-      }
-      const nextCfg = { ...cfg } as ClawdbotConfig;
-      if (nextTelegram && Object.keys(nextTelegram).length > 0) {
-        nextCfg.telegram = nextTelegram;
-      } else {
-        delete nextCfg.telegram;
-      }
-      await writeConfigFile(nextCfg);
+      const defaultAccount =
+        accounts.find((entry) => entry.accountId === defaultAccountId) ??
+        accounts[0];
+      return { accounts, defaultAccountId, defaultAccount, resolvedAccounts };
+    };
+
+    const payload: Record<string, unknown> = {
+      ts: Date.now(),
+      providerOrder: plugins.map((plugin) => plugin.id),
+      providerLabels: Object.fromEntries(
+        plugins.map((plugin) => [plugin.id, plugin.meta.label]),
+      ),
+      providers: {} as Record<string, unknown>,
+      providerAccounts: {} as Record<string, unknown>,
+      providerDefaultAccountId: {} as Record<string, unknown>,
+    };
+    const providersMap = payload.providers as Record<string, unknown>;
+    const accountsMap = payload.providerAccounts as Record<string, unknown>;
+    const defaultAccountIdMap = payload.providerDefaultAccountId as Record<
+      string,
+      unknown
+    >;
+    for (const plugin of plugins) {
+      const { accounts, defaultAccountId, defaultAccount, resolvedAccounts } =
+        await buildProviderAccounts(plugin.id);
+      const fallbackAccount =
+        resolvedAccounts[defaultAccountId] ??
+        plugin.config.resolveAccount(cfg, defaultAccountId);
+      const summary = plugin.status?.buildProviderSummary
+        ? await plugin.status.buildProviderSummary({
+            account: fallbackAccount,
+            cfg,
+            defaultAccountId,
+            snapshot:
+              defaultAccount ??
+              ({
+                accountId: defaultAccountId,
+              } as ProviderAccountSnapshot),
+          })
+        : {
+            configured: defaultAccount?.configured ?? false,
+          };
+      providersMap[plugin.id] = summary;
+      accountsMap[plugin.id] = accounts;
+      defaultAccountIdMap[plugin.id] = defaultAccountId;
+    }
+
+    respond(true, payload, undefined);
+  },
+  "providers.logout": async ({ params, respond, context }) => {
+    if (!validateProvidersLogoutParams(params)) {
      respond(
-        true,
-        { cleared: hadToken, envToken: Boolean(envToken) },
+        false,
        undefined,
+        errorShape(
+          ErrorCodes.INVALID_REQUEST,
+          `invalid providers.logout params: ${formatValidationErrors(validateProvidersLogoutParams.errors)}`,
+        ),
      );
+      return;
+    }
+    const rawProvider = (params as { provider?: unknown }).provider;
+    const providerId =
+      typeof rawProvider === "string" ? normalizeProviderId(rawProvider) : null;
+    if (!providerId) {
+      respond(
+        false,
+        undefined,
+        errorShape(
+          ErrorCodes.INVALID_REQUEST,
+          "invalid providers.logout provider",
+        ),
+      );
+      return;
+    }
+    const plugin = getProviderPlugin(providerId);
+    if (!plugin?.gateway?.logoutAccount) {
+      respond(
+        false,
+        undefined,
+        errorShape(
+          ErrorCodes.INVALID_REQUEST,
+          `provider ${providerId} does not support logout`,
+        ),
+      );
+      return;
+    }
+    const accountIdRaw = (params as { accountId?: unknown }).accountId;
+    const accountId =
+      typeof accountIdRaw === "string" ? accountIdRaw.trim() : undefined;
+    const snapshot = await readConfigFileSnapshot();
+    if (!snapshot.valid) {
+      respond(
+        false,
+        undefined,
+        errorShape(
+          ErrorCodes.INVALID_REQUEST,
+          "config invalid; fix it before logging out",
+        ),
+      );
+      return;
+    }
+    try {
+      const payload = await logoutProviderAccount({
+        providerId,
+        accountId,
+        cfg: snapshot.config ?? {},
+        context,
+        plugin,
+      });
+      respond(true, payload, undefined);
    } catch (err) {
      respond(
        false,