Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

LINE

ZeroClaw supports LINE via the Messaging API, receiving messages through an embedded webhook server and replying via the Reply API (with Push API fallback when the reply token has expired).

Who can talk to the agent

Inbound senders are gated against the peer set resolved for the bound agent, drawn from the peer_groups config the agent belongs to. Matching strips a leading @ and is case-insensitive against the channel’s native sender identifier. An empty set denies everyone; a set containing "*" accepts anyone; otherwise only the listed external peers (and peer agents) are accepted. This is separate from gateway pairing (gateway.require_pairing), which authenticates HTTP/WebSocket clients, not chat-channel senders.

A peer group for line sets channel to line, lists the allowed senders in external_peers (for line, the LINE user ID; ["*"] accepts anyone), optionally names peer agents for cross-agent dispatch, an ignore blocklist, and an output_modality (mirror, voice, or text). See Peer Groups for the field reference.

Where to set this:

Gateway dashboard

Open /config/peer_groups in the web dashboard.

zerocode

In the Config pane, under Peer groups.

LINE layers dm_policy and group_policy on top of the peer set, see Access Policies below. When a policy is set to allowlist, the peer set is the allowlist.

Prerequisites

  1. A LINE Developers Console account.
  2. A public HTTPS endpoint reachable from LINE’s servers (or ngrok for local development).
  3. ZeroClaw built with LINE channel support enabled (the channel-line feature on the zeroclaw-channels crate).

1. Create a LINE Bot

  1. Log in to the LINE Developers Console.
  2. Create a Provider (or use an existing one).
  3. Create a new Messaging API channel under that Provider.
  4. From the channel settings, collect two values:
    • Channel Access Token: Messaging API tab → Issue a long-lived token.
    • Channel Secret: Basic settings tab.

2. Configure ZeroClaw

channel_access_token 🔑 secret · default ""

Long-lived channel access token (from LINE Developers Console). Used for both the Reply API and the Push API fallback. Falls back to the LINE_CHANNEL_ACCESS_TOKEN environment variable if empty.

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.channel_access_token field.

zerocode

In the Config pane, set the channels.line.<alias>.channel_access_token field.

zeroclaw config

zeroclaw config set channels.line.<alias>.channel_access_token    # masked input, stored encrypted

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__channel_access_token=
channel_secret 🔑 secret · default ""

Channel secret (from LINE Developers Console). Used to verify the X-Line-Signature header on incoming webhooks. Falls back to the LINE_CHANNEL_SECRET environment variable if empty.

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.channel_secret field.

zerocode

In the Config pane, set the channels.line.<alias>.channel_secret field.

zeroclaw config

zeroclaw config set channels.line.<alias>.channel_secret    # masked input, stored encrypted

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__channel_secret=
dm_policy LineDmPolicy · default "pairing"

DM (1:1 chat) access policy. Default: pairing. - open: respond to everyone - pairing: require one-time /bind <code> handshake on first contact - allowlist: respond only to user IDs listed in allowed_users

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.dm_policy field.

zerocode

In the Config pane, set the channels.line.<alias>.dm_policy field.

zeroclaw config

zeroclaw config set channels.line.<alias>.dm_policy <value>

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__dm_policy=
excluded_tools string[] · default []

Tools excluded from this channel’s tool spec. When set, these tools are not exposed to the model when responding via this channel.

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.excluded_tools field.

zerocode

In the Config pane, set the channels.line.<alias>.excluded_tools field.

zeroclaw config

zeroclaw config set channels.line.<alias>.excluded_tools <value>

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__excluded_tools=
group_policy LineGroupPolicy · default "mention"

Group / multi-person chat policy. Default: mention. - open: respond to every message - mention: respond only when @mentioned - disabled: ignore all group messages

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.group_policy field.

zerocode

In the Config pane, set the channels.line.<alias>.group_policy field.

zeroclaw config

zeroclaw config set channels.line.<alias>.group_policy <value>

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__group_policy=
proxy_url string? · default null

Per-channel proxy URL (http, https, socks5, socks5h). Overrides the global [proxy] setting for this channel only.

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.proxy_url field.

zerocode

In the Config pane, set the channels.line.<alias>.proxy_url field.

zeroclaw config

zeroclaw config set channels.line.<alias>.proxy_url <value>

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__proxy_url=
webhook_port integer · default 8443

TCP port the embedded webhook server listens on. Default: 8443.

Set it on any surface:

Gateway dashboard

Open /config/channels/line and set the channels.line.<alias>.webhook_port field.

zerocode

In the Config pane, set the channels.line.<alias>.webhook_port field.

zeroclaw config

zeroclaw config set channels.line.<alias>.webhook_port <value>

Environment variable

Export the override (POSIX shells; drop into ~/.bashrc, ~/.zshrc, .env, or a Dockerfile). Replace <alias> with the literal alias:

export ZEROCLAW_channels__line__<alias>__webhook_port=

Configure the LINE channel under [channels.line.<alias>] with at minimum channel_access_token and channel_secret. The dm_policy / group_policy user-facing semantics are covered in §6 below.

Using environment variables instead of config file

If you prefer not to store credentials in the config file, omit the token fields and export them as environment variables instead:

sh

export LINE_CHANNEL_ACCESS_TOKEN="your-channel-access-token"
export LINE_CHANNEL_SECRET="your-channel-secret"

Environment variables take precedence over empty config fields.

3. Expose the Webhook Endpoint

LINE delivers messages by posting to your webhook URL. The embedded server listens on the configured webhook_port.

For local development (ngrok):

sh

ngrok http 8443

Copy the https:// URL ngrok provides (e.g. https://abc123.ngrok.io).

For production: expose port 8443 (or the port you configured) behind an HTTPS reverse proxy (nginx, Caddy, etc.) or deploy directly on a server with a TLS certificate.

4. Register the Webhook in LINE Developers Console

  1. Go to your channel → Messaging API tab → Webhook settings.
  2. Set Webhook URL to https://your-domain.com/line/webhook.
  3. Toggle Use webhook to on.
  4. Click Verify, LINE will send a test request. ZeroClaw must be running for verification to succeed.

5. Start ZeroClaw

sh

zeroclaw daemon

Startup log signal:

LINE: webhook server listening on http://0.0.0.0:8443/line/webhook

6. Access Policies

DM (1:1 chat): dm_policy

ValueBehaviour
pairing (default)The bot ignores all DMs until the user sends /bind <code>. A pairing code is displayed in the ZeroClaw log at startup.
openThe bot responds to every DM immediately.
allowlistThe bot responds only to LINE user IDs in the agent’s peer set (see Who can talk to the agent).

Pairing workflow:

  1. ZeroClaw prints a pairing code in the log at startup.
  2. The user opens a LINE DM with the bot and sends /bind <code>.
  3. ZeroClaw confirms the pairing; subsequent DMs are accepted.

Group / multi-person chat: group_policy

ValueBehaviour
mention (default)The bot responds only when explicitly @mentioned.
openThe bot responds to every message in the group.
disabledThe bot ignores all group messages entirely.

7. Audio / Voice Message Transcription (optional)

When transcription is enabled (via the global [transcription] config, see Config reference), LINE audio message events are automatically downloaded from the LINE Content API and transcribed before being passed to the model.

The maximum accepted audio size is 25 MB. Larger files are silently skipped with a log warning.

8. Troubleshooting

SymptomLikely causeAction
LINE Verify failsZeroClaw not running, or port not reachableConfirm the process is up and the port is accessible from the internet
Bot does not reply to DMsdm_policy = pairing and user has not run /bindUser must send /bind <code> first, or switch to dm_policy = open
Bot does not reply in groupsgroup_policy = mention and message has no @mention@mention the bot, or switch to group_policy = open
Reply arrives as a push messageReply token expired (~30 s window)Expected fallback behaviour, no action required
Audio messages ignored[transcription] not configuredAdd [transcription] block with enabled = true

Log keywords

SignalLog message
Startup healthyLINE: webhook server listening on http://0.0.0.0:<port>/line/webhook
Signature rejectedLINE: invalid X-Line-Signature
Unauthorized DMLINE: DM from <userId> rejected by policy
Pairing requiredLINE: unpaired user <userId>; ignoring until /bind
Audio ignored (no transcription)LINE: audio message ignored (transcription not configured)
Audio transcription failedLINE: transcription failed for <messageId>:

See also