RubyGems - octo-agent - Versions diffs - 0.11.2 - Mend

octo-agent 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (319) hide show

checksums.yaml +7 -0
data/.clacky/skills/commit/SKILL.md +423 -0
data/.clacky/skills/gem-release/SKILL.md +199 -0
data/.clacky/skills/gem-release/scripts/release.sh +304 -0
data/.clacky/skills/oss-upload/SKILL.md +47 -0
data/.octorules +106 -0
data/.rspec +3 -0
data/.rubocop.yml +8 -0
data/CHANGELOG.md +76 -0
data/CODE_OF_CONDUCT.md +132 -0
data/CONTRIBUTING.md +92 -0
data/Dockerfile +28 -0
data/LICENSE.txt +22 -0
data/POSITIONING.md +46 -0
data/README.md +134 -0
data/README_CN.md +134 -0
data/Rakefile +34 -0
data/benchmark/fixtures/sample_project/Gemfile +3 -0
data/benchmark/fixtures/sample_project/lib/api_handler.rb +32 -0
data/benchmark/fixtures/sample_project/lib/order_calculator.rb +23 -0
data/benchmark/fixtures/sample_project/lib/user_renderer.rb +20 -0
data/benchmark/fixtures/sample_project/spec/order_calculator_spec.rb +20 -0
data/benchmark/results/EVALUATION_REPORT.md +165 -0
data/benchmark/results/baseline_20260511_174424.json +128 -0
data/benchmark/results/report_20260511_175256.json +271 -0
data/benchmark/results/report_20260511_175444.json +271 -0
data/benchmark/results/treatment_20260511_175103.json +130 -0
data/benchmark/runner.rb +441 -0
data/bin/octo +7 -0
data/docs/agent-first-ui-design.md +77 -0
data/docs/billing-system.md +318 -0
data/docs/channel-architecture.md +235 -0
data/docs/engineering-article.md +343 -0
data/docs/session-skill-invocation.md +69 -0
data/docs/time_machine_design.md +247 -0
data/docs/ui2-architecture.md +124 -0
data/homebrew/README.md +96 -0
data/homebrew/openocto.rb +24 -0
data/lib/octo/agent/hook_manager.rb +61 -0
data/lib/octo/agent/llm_caller.rb +800 -0
data/lib/octo/agent/memory_updater.rb +246 -0
data/lib/octo/agent/message_compressor.rb +225 -0
data/lib/octo/agent/message_compressor_helper.rb +869 -0
data/lib/octo/agent/next_message_suggester.rb +215 -0
data/lib/octo/agent/session_serializer.rb +685 -0
data/lib/octo/agent/skill_auto_creator.rb +114 -0
data/lib/octo/agent/skill_evolution.rb +61 -0
data/lib/octo/agent/skill_manager.rb +466 -0
data/lib/octo/agent/skill_reflector.rb +89 -0
data/lib/octo/agent/system_prompt_builder.rb +101 -0
data/lib/octo/agent/time_machine.rb +214 -0
data/lib/octo/agent/tool_executor.rb +454 -0
data/lib/octo/agent/tool_registry.rb +150 -0
data/lib/octo/agent.rb +2180 -0
data/lib/octo/agent_config.rb +989 -0
data/lib/octo/agent_profile.rb +112 -0
data/lib/octo/anthropic_stream_aggregator.rb +137 -0
data/lib/octo/background_task_registry.rb +324 -0
data/lib/octo/banner.rb +34 -0
data/lib/octo/bedrock_stream_aggregator.rb +137 -0
data/lib/octo/block_font.rb +331 -0
data/lib/octo/cli.rb +968 -0
data/lib/octo/client.rb +623 -0
data/lib/octo/default_agents/SOUL.md +3 -0
data/lib/octo/default_agents/USER.md +1 -0
data/lib/octo/default_agents/base_prompt.md +66 -0
data/lib/octo/default_agents/coding/profile.yml +2 -0
data/lib/octo/default_agents/coding/system_prompt.md +67 -0
data/lib/octo/default_agents/general/profile.yml +2 -0
data/lib/octo/default_agents/general/system_prompt.md +16 -0
data/lib/octo/default_parsers/doc_parser.rb +69 -0
data/lib/octo/default_parsers/docx_parser.rb +188 -0
data/lib/octo/default_parsers/pdf_parser.rb +120 -0
data/lib/octo/default_parsers/pdf_parser_ocr.py +103 -0
data/lib/octo/default_parsers/pdf_parser_plumber.py +62 -0
data/lib/octo/default_parsers/pptx_parser.rb +140 -0
data/lib/octo/default_parsers/xlsx_parser.rb +121 -0
data/lib/octo/default_skills/browser-setup/SKILL.md +426 -0
data/lib/octo/default_skills/channel-manager/SKILL.md +623 -0
data/lib/octo/default_skills/channel-manager/dingtalk_setup.rb +191 -0
data/lib/octo/default_skills/channel-manager/discord_setup.rb +199 -0
data/lib/octo/default_skills/channel-manager/feishu_setup.rb +574 -0
data/lib/octo/default_skills/channel-manager/import_lark_skills.rb +97 -0
data/lib/octo/default_skills/channel-manager/install_feishu_skills.rb +105 -0
data/lib/octo/default_skills/channel-manager/weixin_setup.rb +274 -0
data/lib/octo/default_skills/code-explorer/SKILL.md +36 -0
data/lib/octo/default_skills/cron-task-creator/SKILL.md +257 -0
data/lib/octo/default_skills/cron-task-creator/evals/evals.json +38 -0
data/lib/octo/default_skills/onboard/SKILL.md +578 -0
data/lib/octo/default_skills/onboard/scripts/import_external_skills.rb +413 -0
data/lib/octo/default_skills/onboard/scripts/install_builtin_skills.rb +97 -0
data/lib/octo/default_skills/persist-memory/SKILL.md +59 -0
data/lib/octo/default_skills/personal-website/SKILL.md +113 -0
data/lib/octo/default_skills/personal-website/publish.rb +235 -0
data/lib/octo/default_skills/product-help/SKILL.md +123 -0
data/lib/octo/default_skills/product-help/docs/agent-config.md +74 -0
data/lib/octo/default_skills/product-help/docs/best-practices.md +49 -0
data/lib/octo/default_skills/product-help/docs/browser-tool.md +53 -0
data/lib/octo/default_skills/product-help/docs/built-in-skills.md +43 -0
data/lib/octo/default_skills/product-help/docs/cli-reference.md +82 -0
data/lib/octo/default_skills/product-help/docs/create-your-first-skill.md +47 -0
data/lib/octo/default_skills/product-help/docs/faq.md +98 -0
data/lib/octo/default_skills/product-help/docs/how-to-use-a-skill.md +58 -0
data/lib/octo/default_skills/product-help/docs/installation.md +59 -0
data/lib/octo/default_skills/product-help/docs/memory-system.md +61 -0
data/lib/octo/default_skills/product-help/docs/octorules.md +62 -0
data/lib/octo/default_skills/product-help/docs/session-management.md +63 -0
data/lib/octo/default_skills/product-help/docs/skill-basics.md +55 -0
data/lib/octo/default_skills/product-help/docs/skill-frontmatter.md +61 -0
data/lib/octo/default_skills/product-help/docs/web-server.md +49 -0
data/lib/octo/default_skills/product-help/docs/what-is-octo.md +37 -0
data/lib/octo/default_skills/product-help/docs/windows-installation.md +36 -0
data/lib/octo/default_skills/product-help/docs/writing-tips.md +53 -0
data/lib/octo/default_skills/recall-memory/SKILL.md +65 -0
data/lib/octo/default_skills/skill-add/SKILL.md +59 -0
data/lib/octo/default_skills/skill-add/scripts/install_from_zip.rb +295 -0
data/lib/octo/default_skills/skill-creator/SKILL.md +602 -0
data/lib/octo/default_skills/skill-creator/agents/analyzer.md +274 -0
data/lib/octo/default_skills/skill-creator/agents/comparator.md +202 -0
data/lib/octo/default_skills/skill-creator/agents/grader.md +223 -0
data/lib/octo/default_skills/skill-creator/eval-viewer/generate_review.py +471 -0
data/lib/octo/default_skills/skill-creator/eval-viewer/viewer.html +1325 -0
data/lib/octo/default_skills/skill-creator/references/schemas.md +430 -0
data/lib/octo/default_skills/skill-creator/scripts/__init__.py +0 -0
data/lib/octo/default_skills/skill-creator/scripts/aggregate_benchmark.py +401 -0
data/lib/octo/default_skills/skill-creator/scripts/generate_report.py +326 -0
data/lib/octo/default_skills/skill-creator/scripts/improve_description.py +310 -0
data/lib/octo/default_skills/skill-creator/scripts/quick_validate.py +103 -0
data/lib/octo/default_skills/skill-creator/scripts/run_eval.py +317 -0
data/lib/octo/default_skills/skill-creator/scripts/run_loop.py +331 -0
data/lib/octo/default_skills/skill-creator/scripts/utils.py +47 -0
data/lib/octo/default_skills/skill-creator/scripts/validate_skill_frontmatter.rb +143 -0
data/lib/octo/idle_compression_timer.rb +115 -0
data/lib/octo/json_ui_controller.rb +204 -0
data/lib/octo/message_format/anthropic.rb +409 -0
data/lib/octo/message_format/bedrock.rb +361 -0
data/lib/octo/message_format/open_ai.rb +222 -0
data/lib/octo/message_history.rb +373 -0
data/lib/octo/openai_stream_aggregator.rb +130 -0
data/lib/octo/plain_ui_controller.rb +166 -0
data/lib/octo/providers.rb +534 -0
data/lib/octo/server/browser_manager.rb +397 -0
data/lib/octo/server/channel/adapters/base.rb +82 -0
data/lib/octo/server/channel/adapters/dingtalk/adapter.rb +314 -0
data/lib/octo/server/channel/adapters/dingtalk/api_client.rb +391 -0
data/lib/octo/server/channel/adapters/dingtalk/stream_client.rb +203 -0
data/lib/octo/server/channel/adapters/discord/adapter.rb +229 -0
data/lib/octo/server/channel/adapters/discord/api_client.rb +107 -0
data/lib/octo/server/channel/adapters/discord/gateway_client.rb +270 -0
data/lib/octo/server/channel/adapters/feishu/adapter.rb +320 -0
data/lib/octo/server/channel/adapters/feishu/bot.rb +478 -0
data/lib/octo/server/channel/adapters/feishu/file_processor.rb +36 -0
data/lib/octo/server/channel/adapters/feishu/message_parser.rb +129 -0
data/lib/octo/server/channel/adapters/feishu/ws_client.rb +423 -0
data/lib/octo/server/channel/adapters/telegram/adapter.rb +375 -0
data/lib/octo/server/channel/adapters/telegram/api_client.rb +205 -0
data/lib/octo/server/channel/adapters/wecom/adapter.rb +148 -0
data/lib/octo/server/channel/adapters/wecom/media_downloader.rb +115 -0
data/lib/octo/server/channel/adapters/wecom/ws_client.rb +395 -0
data/lib/octo/server/channel/adapters/weixin/adapter.rb +692 -0
data/lib/octo/server/channel/adapters/weixin/api_client.rb +402 -0
data/lib/octo/server/channel/channel_config.rb +178 -0
data/lib/octo/server/channel/channel_manager.rb +468 -0
data/lib/octo/server/channel/channel_ui_controller.rb +224 -0
data/lib/octo/server/channel.rb +33 -0
data/lib/octo/server/discover.rb +77 -0
data/lib/octo/server/epipe_safe_io.rb +105 -0
data/lib/octo/server/http_server.rb +3554 -0
data/lib/octo/server/scheduler.rb +317 -0
data/lib/octo/server/server_master.rb +325 -0
data/lib/octo/server/session_registry.rb +431 -0
data/lib/octo/server/web_ui_controller.rb +487 -0
data/lib/octo/session_manager.rb +385 -0
data/lib/octo/skill.rb +466 -0
data/lib/octo/skill_loader.rb +328 -0
data/lib/octo/tools/base.rb +118 -0
data/lib/octo/tools/browser.rb +625 -0
data/lib/octo/tools/edit.rb +165 -0
data/lib/octo/tools/file_reader.rb +549 -0
data/lib/octo/tools/glob.rb +162 -0
data/lib/octo/tools/grep.rb +356 -0
data/lib/octo/tools/invoke_skill.rb +96 -0
data/lib/octo/tools/list_tasks.rb +54 -0
data/lib/octo/tools/redo_task.rb +41 -0
data/lib/octo/tools/request_user_feedback.rb +84 -0
data/lib/octo/tools/security.rb +333 -0
data/lib/octo/tools/terminal/output_cleaner.rb +63 -0
data/lib/octo/tools/terminal/persistent_session.rb +268 -0
data/lib/octo/tools/terminal/safe_rm.sh +106 -0
data/lib/octo/tools/terminal/session_manager.rb +213 -0
data/lib/octo/tools/terminal.rb +1828 -0
data/lib/octo/tools/todo_manager.rb +374 -0
data/lib/octo/tools/trash_manager.rb +388 -0
data/lib/octo/tools/undo_task.rb +35 -0
data/lib/octo/tools/web_fetch.rb +242 -0
data/lib/octo/tools/web_search.rb +260 -0
data/lib/octo/tools/write.rb +77 -0
data/lib/octo/ui2/block_font.rb +10 -0
data/lib/octo/ui2/components/base_component.rb +163 -0
data/lib/octo/ui2/components/command_suggestions.rb +290 -0
data/lib/octo/ui2/components/common_component.rb +96 -0
data/lib/octo/ui2/components/inline_input.rb +226 -0
data/lib/octo/ui2/components/input_area.rb +1338 -0
data/lib/octo/ui2/components/message_component.rb +99 -0
data/lib/octo/ui2/components/modal_component.rb +419 -0
data/lib/octo/ui2/components/todo_area.rb +149 -0
data/lib/octo/ui2/components/tool_component.rb +107 -0
data/lib/octo/ui2/components/welcome_banner.rb +139 -0
data/lib/octo/ui2/layout_manager.rb +807 -0
data/lib/octo/ui2/line_editor.rb +363 -0
data/lib/octo/ui2/markdown_renderer.rb +100 -0
data/lib/octo/ui2/output_buffer.rb +370 -0
data/lib/octo/ui2/progress_handle.rb +362 -0
data/lib/octo/ui2/progress_indicator.rb +55 -0
data/lib/octo/ui2/screen_buffer.rb +273 -0
data/lib/octo/ui2/terminal_detector.rb +119 -0
data/lib/octo/ui2/theme_manager.rb +85 -0
data/lib/octo/ui2/themes/base_theme.rb +105 -0
data/lib/octo/ui2/themes/hacker_theme.rb +62 -0
data/lib/octo/ui2/themes/minimal_theme.rb +56 -0
data/lib/octo/ui2/thinking_verbs.rb +26 -0
data/lib/octo/ui2/ui_controller.rb +1625 -0
data/lib/octo/ui2/view_renderer.rb +177 -0
data/lib/octo/ui2.rb +40 -0
data/lib/octo/ui_interface.rb +154 -0
data/lib/octo/utils/arguments_parser.rb +191 -0
data/lib/octo/utils/browser_detector.rb +195 -0
data/lib/octo/utils/encoding.rb +92 -0
data/lib/octo/utils/environment_detector.rb +140 -0
data/lib/octo/utils/file_ignore_helper.rb +170 -0
data/lib/octo/utils/file_processor.rb +601 -0
data/lib/octo/utils/gitignore_parser.rb +154 -0
data/lib/octo/utils/limit_stack.rb +152 -0
data/lib/octo/utils/logger.rb +124 -0
data/lib/octo/utils/login_shell.rb +72 -0
data/lib/octo/utils/model_pricing.rb +646 -0
data/lib/octo/utils/parser_manager.rb +165 -0
data/lib/octo/utils/path_helper.rb +15 -0
data/lib/octo/utils/scripts_manager.rb +59 -0
data/lib/octo/utils/string_matcher.rb +158 -0
data/lib/octo/utils/trash_directory.rb +112 -0
data/lib/octo/utils/workspace_rules.rb +46 -0
data/lib/octo/version.rb +5 -0
data/lib/octo/web/app.css +7141 -0
data/lib/octo/web/app.js +543 -0
data/lib/octo/web/apple-touch-icon.png +0 -0
data/lib/octo/web/auth.js +150 -0
data/lib/octo/web/channels.js +276 -0
data/lib/octo/web/datepicker.js +205 -0
data/lib/octo/web/favicon.png +0 -0
data/lib/octo/web/i18n.js +1073 -0
data/lib/octo/web/icon-512.png +0 -0
data/lib/octo/web/icon-dark.svg +25 -0
data/lib/octo/web/icon.svg +29 -0
data/lib/octo/web/index.html +871 -0
data/lib/octo/web/marked.min.js +69 -0
data/lib/octo/web/onboard.js +491 -0
data/lib/octo/web/profile.js +442 -0
data/lib/octo/web/sessions.js +4421 -0
data/lib/octo/web/settings.js +913 -0
data/lib/octo/web/sidebar.js +32 -0
data/lib/octo/web/skills.js +885 -0
data/lib/octo/web/tasks.js +297 -0
data/lib/octo/web/theme.js +105 -0
data/lib/octo/web/trash.js +343 -0
data/lib/octo/web/vendor/hljs/highlight.min.js +1244 -0
data/lib/octo/web/vendor/hljs/hljs-theme.css +95 -0
data/lib/octo/web/vendor/katex/auto-render.min.js +1 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_AMS-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Caligraphic-Bold.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Caligraphic-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Fraktur-Bold.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Fraktur-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Main-Bold.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Main-BoldItalic.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Main-Italic.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Main-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Math-BoldItalic.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Math-Italic.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_SansSerif-Bold.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_SansSerif-Italic.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_SansSerif-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Script-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Size1-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Size2-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Size3-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Size4-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/fonts/KaTeX_Typewriter-Regular.woff2 +0 -0
data/lib/octo/web/vendor/katex/katex.min.css +1 -0
data/lib/octo/web/vendor/katex/katex.min.js +1 -0
data/lib/octo/web/version.js +449 -0
data/lib/octo/web/weixin-qr.html +209 -0
data/lib/octo/web/ws-dispatcher.js +357 -0
data/lib/octo/web/ws.js +128 -0
data/lib/octo.rb +145 -0
data/scripts/build/build.sh +329 -0
data/scripts/build/lib/apt.sh +56 -0
data/scripts/build/lib/brew.sh +89 -0
data/scripts/build/lib/colors.sh +17 -0
data/scripts/build/lib/gem.sh +95 -0
data/scripts/build/lib/mise.sh +125 -0
data/scripts/build/lib/network.sh +157 -0
data/scripts/build/lib/os.sh +57 -0
data/scripts/build/lib/shell.sh +37 -0
data/scripts/build/src/install.sh.cc +174 -0
data/scripts/build/src/install_browser.sh.cc +101 -0
data/scripts/build/src/install_full.sh.cc +290 -0
data/scripts/build/src/install_rails_deps.sh.cc +145 -0
data/scripts/build/src/install_system_deps.sh.cc +123 -0
data/scripts/build/src/uninstall.sh.cc +101 -0
data/scripts/install.ps1 +532 -0
data/scripts/install.sh +567 -0
data/scripts/install_browser.sh +479 -0
data/scripts/install_full.sh +838 -0
data/scripts/install_rails_deps.sh +746 -0
data/scripts/install_system_deps.sh +518 -0
data/scripts/uninstall.sh +287 -0
data/sig/octo.rbs +4 -0
metadata +614 -0

data/lib/octo/server/channel/adapters/weixin/api_client.rb ADDED Viewed

@@ -0,0 +1,402 @@
+# frozen_string_literal: true
+require "net/http"
+require "json"
+require "openssl"
+require "securerandom"
+require "base64"
+require "digest"
+require "tempfile"
+module Octo
+  module Channel
+    module Adapters
+      module Weixin
+        # HTTP API client for Weixin iLink bot protocol.
+        #
+        # All requests POST JSON to <base_url>/<endpoint>.
+        # Required headers per request:
+        #   Content-Type:      application/json
+        #   AuthorizationType: ilink_bot_token
+        #   Authorization:     Bearer <token>
+        #   X-WECHAT-UIN:      base64(random uint32 as decimal string)
+        class ApiClient
+          DEFAULT_BASE_URL     = "https://ilinkai.weixin.qq.com"
+          CDN_BASE_URL         = "https://novac2c.cdn.weixin.qq.com/c2c"
+          API_PATH_PREFIX      = "ilink/bot"
+          CHANNEL_VERSION      = "1.0.2"
+          LONG_POLL_TIMEOUT_S  = 40   # slightly above the server's 35s
+          API_TIMEOUT_S        = 15
+          # media_type values for getuploadurl
+          MEDIA_TYPE_IMAGE = 1
+          MEDIA_TYPE_VIDEO = 2
+          MEDIA_TYPE_FILE  = 3
+          MEDIA_TYPE_VOICE = 4
+          # Raised for non-zero API return codes or HTTP errors.
+          class ApiError < StandardError
+            attr_reader :code
+            def initialize(code, msg)
+              @code = code
+              super("WeixinApiError(#{code}): #{msg.to_s.slice(0, 200)}")
+            end
+          end
+          # Raised on network/read timeouts.
+          class TimeoutError < StandardError; end
+          # Server errcode for expired sessions.
+          SESSION_EXPIRED_ERRCODE = -14
+          def initialize(base_url:, token:)
+            @base_url = base_url.to_s.chomp("/")
+            @token    = token.to_s
+          end
+          # Long-poll for new messages.
+          # @param get_updates_buf [String] cursor from last response ("" for first call)
+          # @return [Hash] { ret:, msgs: [], get_updates_buf:, longpolling_timeout_ms: }
+          def get_updates(get_updates_buf:)
+            post("getupdates", { get_updates_buf: get_updates_buf }, timeout: LONG_POLL_TIMEOUT_S)
+          end
+          # Retrieve a typing_ticket for the given user.
+          # context_token is optional but recommended per protocol spec.
+          # @return [String] typing_ticket
+          def get_typing_ticket(ilink_user_id:, context_token: nil)
+            body = { ilink_user_id: ilink_user_id }
+            body[:context_token] = context_token if context_token
+            resp = post("getconfig", body)
+            resp["typing_ticket"].to_s
+          end
+          # Send/keep/cancel typing indicator.
+          # @param status [Integer] 1 = typing, 2 = cancel
+          def send_typing(ilink_user_id:, typing_ticket:, status:)
+            post("sendtyping", {
+              ilink_user_id: ilink_user_id,
+              typing_ticket: typing_ticket,
+              status:        status
+            })
+          end
+          # Send a plain text message.
+          # context_token is required by the Weixin protocol for conversation association.
+          def send_text(to_user_id:, text:, context_token:)
+            body = {
+              msg: {
+                from_user_id: "",
+                to_user_id:   to_user_id,
+                client_id:    "octo-#{SecureRandom.hex(8)}",
+                message_type: 2,   # BOT
+                message_state: 2,  # FINISH
+                item_list:     [{ type: 1, text_item: { text: text } }],
+                context_token: context_token
+              }
+            }
+            post("sendmessage", body)
+          end
+          # Send a file (any type) to a user.
+          #
+          # @param to_user_id [String]
+          # @param file_path  [String] local path to the file
+          # @param file_name  [String] display name (defaults to basename)
+          # @param context_token [String]
+          # @param media_type [Integer] MEDIA_TYPE_* constant (default: auto-detect)
+          # @return [Hash] API response
+          def send_file(to_user_id:, file_path:, context_token:, file_name: nil, media_type: nil)
+            file_name  ||= File.basename(file_path)
+            media_type ||= detect_media_type(file_name)
+            raw_bytes    = File.binread(file_path)
+            cdn_media = upload_media(
+              raw_bytes:    raw_bytes,
+              file_name:    file_name,
+              media_type:   media_type,
+              to_user_id:   to_user_id
+            )
+            item = build_media_item(media_type, cdn_media, raw_bytes, file_name)
+            body = {
+              msg: {
+                from_user_id:  "",
+                to_user_id:    to_user_id,
+                client_id:     "octo-#{SecureRandom.hex(8)}",
+                message_type:  2,  # BOT
+                message_state: 2,  # FINISH
+                item_list:     [item],
+                context_token: context_token
+              }
+            }
+            Octo::Logger.debug("[WeixinApiClient] send_file item: #{item.to_json}")
+            post("sendmessage", body)
+          end
+          # Download and decrypt a media file from the Weixin CDN.
+          #
+          # @param cdn_media  [Hash]    { "encrypt_query_param" => String, "aes_key" => String }
+          #                            Keys may be Symbol or String.
+          # @param media_type [Integer] MEDIA_TYPE_* constant — controls aeskey decoding.
+          # @return [String] raw (decrypted) file bytes.
+          def download_media(cdn_media, media_type)
+            encrypted_param = cdn_media[:encrypt_query_param] || cdn_media["encrypt_query_param"]
+            aeskey_b64      = cdn_media[:aes_key]             || cdn_media["aes_key"]
+            raise ApiError.new(0, "download_media: missing encrypt_query_param") unless encrypted_param
+            raise ApiError.new(0, "download_media: missing aes_key")             unless aeskey_b64
+            # Decode aes_key. The encoding depends on who generated the key:
+            #
+            # Outbound (we upload): image → base64(raw 16 bytes), others → base64(hex 32 chars)
+            # Inbound (WeChat client uploaded): aes_key is a plain hex string (32 hex chars, no base64)
+            #
+            # Detection strategy — try to figure out the actual key by checking decoded size:
+            #   decoded 16 bytes → raw AES key (our outbound image encoding)
+            #   decoded 24 bytes → aes_key was a plain hex string (32 chars) passed as-is,
+            #                      meaning aeskey_b64 IS the hex string, not base64 at all.
+            #                      Use the original string directly: [aeskey_b64].pack("H*")
+            #   decoded 32 bytes → base64(hex 32 chars) → [decoded].pack("H*") → 16 bytes
+            raw_aes_key = begin
+                            decoded = Base64.strict_decode64(aeskey_b64)
+                            case decoded.bytesize
+                            when 16
+                              # Our outbound image encoding: base64(raw 16 bytes)
+                              decoded
+                            when 32
+                              # Our outbound non-image encoding: base64(hex 32 chars)
+                              [decoded].pack("H*")
+                            else
+                              # Unexpected — fall through to hex-string path
+                              raise ArgumentError, "unexpected decoded size #{decoded.bytesize}"
+                            end
+                          rescue ArgumentError
+                            # aes_key is a plain hex string (32 hex chars), not base64.
+                            # This is the inbound format used by WeChat clients.
+                            if aeskey_b64.match?(/\A[0-9a-fA-F]{32}\z/)
+                              [aeskey_b64].pack("H*")
+                            else
+                              Octo::Logger.warn("[WeixinApiClient] unknown aeskey format: len=#{aeskey_b64.bytesize}")
+                              aeskey_b64[0, 16]  # last-resort: first 16 bytes
+                            end
+                          end
+            Octo::Logger.debug("[WeixinApiClient] download_media key_bytes=#{raw_aes_key.bytesize} media_type=#{media_type}")
+            # GET encrypted bytes from CDN.
+            cdn_url = "#{CDN_BASE_URL}/download" \
+                      "?encrypted_query_param=#{URI.encode_uri_component(encrypted_param)}"
+            encrypted_bytes = cdn_get(cdn_url)
+            # Decrypt with AES-128-ECB.
+            aes_ecb_decrypt(encrypted_bytes, raw_aes_key)
+          end
+          # Full upload pipeline: encrypt → getuploadurl → CDN PUT → return CDNMedia hash.
+          def upload_media(raw_bytes:, file_name:, media_type:, to_user_id:)
+            # Generate a random 16-byte AES key.
+            aes_key_raw = SecureRandom.bytes(16)
+            # Encrypt file bytes with AES-128-ECB + PKCS7.
+            encrypted_bytes = aes_ecb_encrypt(raw_bytes, aes_key_raw)
+            # filekey: arbitrary unique string (use hex of random bytes).
+            filekey = SecureRandom.hex(16)
+            # aeskey for getuploadurl: hex string of raw 16 bytes (32 hex chars), NOT base64.
+            # Confirmed from @tencent-weixin/openclaw-weixin source: aeskey.toString("hex")
+            aeskey_hex = aes_key_raw.unpack1("H*")
+            # aes_key for CDNMedia: base64 of the hex string as UTF-8 bytes.
+            # Confirmed: Buffer.from(aeskey_hex).toString("base64") in Node.js = base64 of hex string bytes
+            aeskey_b64 = Base64.strict_encode64(aeskey_hex)
+            raw_md5 = Digest::MD5.hexdigest(raw_bytes)
+            # Step 1: get CDN upload URL from iLink API.
+            upload_resp = post("getuploadurl", {
+              filekey:        filekey,
+              media_type:     media_type,
+              to_user_id:     to_user_id,
+              rawsize:        raw_bytes.bytesize,
+              rawfilemd5:     raw_md5,
+              filesize:       encrypted_bytes.bytesize,
+              aeskey:         aeskey_hex,
+              no_need_thumb:  true
+            })
+            upload_param = upload_resp["upload_param"]
+            Octo::Logger.debug("[WeixinApiClient] getuploadurl resp: #{upload_resp.to_json}")
+            raise ApiError.new(0, "getuploadurl: missing upload_param") unless upload_param
+            # Step 2: upload encrypted bytes to CDN.
+            download_param = cdn_upload(
+              upload_param:    upload_param,
+              filekey:         filekey,
+              encrypted_bytes: encrypted_bytes
+            )
+            # Return CDNMedia structure for use in sendmessage item_list.
+            # encrypt_type: 1 confirmed from @tencent-weixin/openclaw-weixin source.
+            {
+              encrypt_query_param: download_param,
+              aes_key:             aeskey_b64,
+              encrypt_type:        1
+            }
+          end
+          # POST encrypted bytes to CDN. Returns the x-encrypted-param header value.
+          def cdn_upload(upload_param:, filekey:, encrypted_bytes:)
+            cdn_url = "#{CDN_BASE_URL}/upload" \
+                      "?encrypted_query_param=#{URI.encode_uri_component(upload_param)}" \
+                      "&filekey=#{URI.encode_uri_component(filekey)}"
+            uri = URI(cdn_url)
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl      = true
+            http.verify_mode  = OpenSSL::SSL::VERIFY_PEER
+            http.read_timeout = API_TIMEOUT_S
+            http.open_timeout = 10
+            req = Net::HTTP::Post.new("#{uri.path}?#{uri.query}")
+            req["Content-Type"]   = "application/octet-stream"
+            req["Content-Length"] = encrypted_bytes.bytesize.to_s
+            req.body = encrypted_bytes
+            Octo::Logger.debug("[WeixinApiClient] CDN upload #{encrypted_bytes.bytesize} bytes")
+            res = http.request(req)
+            raise ApiError.new(res.code.to_i, res.body.to_s.slice(0, 200)), "CDN upload HTTP #{res.code}" \
+              unless res.is_a?(Net::HTTPSuccess)
+            download_param = res["x-encrypted-param"]
+            raise ApiError.new(0, "CDN upload: missing x-encrypted-param header") unless download_param
+            download_param
+          end
+          # GET raw bytes from a CDN URL (no iLink auth headers needed for download).
+          def cdn_get(url)
+            uri  = URI(url)
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl      = true
+            http.verify_mode  = OpenSSL::SSL::VERIFY_PEER
+            http.read_timeout = API_TIMEOUT_S
+            http.open_timeout = 10
+            req = Net::HTTP::Get.new("#{uri.path}?#{uri.query}")
+            Octo::Logger.debug("[WeixinApiClient] CDN GET #{uri.host}#{uri.path}")
+            res = http.request(req)
+            raise ApiError.new(res.code.to_i, "CDN download HTTP #{res.code}") \
+              unless res.is_a?(Net::HTTPSuccess)
+            res.body.force_encoding("BINARY")
+          end
+          # Decrypt bytes with AES-128-ECB + PKCS7 unpadding using OpenSSL.
+          def aes_ecb_decrypt(data, key)
+            cipher = OpenSSL::Cipher.new("AES-128-ECB")
+            cipher.decrypt
+            cipher.key = key
+            cipher.update(data) + cipher.final
+          end
+          # Encrypt bytes with AES-128-ECB + PKCS7 padding using OpenSSL.
+          def aes_ecb_encrypt(data, key)
+            cipher = OpenSSL::Cipher.new("AES-128-ECB")
+            cipher.encrypt
+            cipher.key = key
+            cipher.update(data) + cipher.final
+          end
+          # Guess media_type from file extension.
+          def detect_media_type(file_name)
+            ext = File.extname(file_name).downcase
+            case ext
+            when ".jpg", ".jpeg", ".png", ".gif", ".webp", ".bmp"
+              MEDIA_TYPE_IMAGE
+            when ".mp4", ".mov", ".avi", ".mkv", ".flv"
+              MEDIA_TYPE_VIDEO
+            when ".mp3", ".m4a", ".amr", ".wav", ".ogg"
+              MEDIA_TYPE_VOICE
+            else
+              MEDIA_TYPE_FILE
+            end
+          end
+          # Build the item_list entry for sendmessage based on media type.
+          def build_media_item(media_type, cdn_media, raw_bytes, file_name)
+            case media_type
+            when MEDIA_TYPE_IMAGE
+              { type: 2, image_item: { media: cdn_media } }
+            when MEDIA_TYPE_VIDEO
+              { type: 5, video_item: { media: cdn_media } }
+            when MEDIA_TYPE_VOICE
+              { type: 3, voice_item: { media: cdn_media } }
+            else
+              {
+                type: 4,
+                file_item: {
+                  media:     cdn_media,
+                  file_name: file_name,
+                  md5:       Digest::MD5.hexdigest(raw_bytes),
+                  len:       raw_bytes.bytesize.to_s
+                }
+              }
+            end
+          end
+          def post(endpoint, body_hash, timeout: API_TIMEOUT_S)
+            uri  = URI("#{@base_url}/#{API_PATH_PREFIX}/#{endpoint}")
+            # All POST bodies must include base_info per iLink protocol spec.
+            body = JSON.generate(body_hash.merge(base_info: { channel_version: CHANNEL_VERSION }))
+            http = Net::HTTP.new(uri.host, uri.port)
+            http.use_ssl      = uri.scheme == "https"
+            http.verify_mode  = OpenSSL::SSL::VERIFY_PEER
+            http.read_timeout = timeout
+            http.open_timeout = 10
+            req = Net::HTTP::Post.new(uri.path)
+            req["Content-Type"]      = "application/json"
+            req["AuthorizationType"] = "ilink_bot_token"
+            req["Content-Length"]    = body.bytesize.to_s
+            req["X-WECHAT-UIN"]      = random_wechat_uin
+            req["Authorization"]     = "Bearer #{@token}" unless @token.empty?
+            req.body = body
+            Octo::Logger.debug("[WeixinApiClient] POST #{endpoint}")
+            res = http.request(req)
+            raise ApiError.new(res.code.to_i, res.body), "HTTP #{res.code}" unless res.is_a?(Net::HTTPSuccess)
+            raw_body = res.body
+            data = JSON.parse(raw_body)
+            ret  = data["ret"] || data["errcode"]
+            if ret && ret != 0
+              # Include full response body for easier debugging (errmsg is often empty)
+              detail = data["errmsg"].to_s.strip
+              detail = raw_body.slice(0, 300) if detail.empty?
+              raise ApiError.new(ret, detail)
+            end
+            data
+          rescue Net::ReadTimeout, Net::OpenTimeout
+            raise TimeoutError, "#{endpoint} timed out"
+          rescue JSON::ParserError => e
+            raise ApiError.new(0, "Invalid JSON: #{e.message}")
+          end
+          # X-WECHAT-UIN: random uint32 → decimal string → base64
+          def random_wechat_uin
+            uint32 = SecureRandom.random_bytes(4).unpack1("N")
+            Base64.strict_encode64(uint32.to_s)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/octo/server/channel/channel_config.rb ADDED Viewed

@@ -0,0 +1,178 @@
+# frozen_string_literal: true
+require "yaml"
+require "fileutils"
+require "json"
+module Octo
+  # ChannelConfig manages IM platform credentials (Feishu, WeCom, etc.).
+  #
+  # Config is stored in ~/.octo/channels.yml:
+  #
+  #   channels:
+  #     feishu:
+  #       enabled: true
+  #       app_id: cli_xxx
+  #       app_secret: xxx
+  #       domain: https://open.feishu.cn
+  #       allowed_users:
+  #         - ou_xxx
+  #     wecom:
+  #       enabled: false
+  #       bot_id: xxx
+  #       secret: xxx
+  #
+  # This class is only responsible for platform credentials.
+  # working_dir and permission_mode live in AgentConfig.
+  class ChannelConfig
+    CONFIG_DIR  = File.join(Dir.home, ".octo")
+    CONFIG_FILE = File.join(CONFIG_DIR, "channels.yml")
+    # @param channels [Hash<String, Hash>] string-keyed platform configs (raw from YAML)
+    def initialize(channels: {})
+      @channels = channels || {}
+    end
+    # Load from disk. Returns an empty instance if the file does not exist.
+    # @param config_file [String]
+    # @return [ChannelConfig]
+    def self.load(config_file = CONFIG_FILE)
+      if File.exist?(config_file)
+        data = YAMLCompat.safe_load(File.read(config_file), permitted_classes: [Symbol]) || {}
+      else
+        data = {}
+      end
+      new(channels: data["channels"] || {})
+    end
+    # Persist to disk.
+    # @param config_file [String]
+    def save(config_file = CONFIG_FILE)
+      FileUtils.mkdir_p(File.dirname(config_file))
+      File.write(config_file, to_yaml)
+      FileUtils.chmod(0o600, config_file)
+    end
+    # Serialize to YAML string.
+    # @return [String]
+    def to_yaml
+      YAML.dump({ "channels" => @channels })
+    end
+    # Returns true if at least one channel is enabled.
+    def any_enabled?
+      @channels.any? { |_, cfg| cfg["enabled"] }
+    end
+    # Returns the list of enabled platform symbols.
+    # @return [Array<Symbol>]
+    def enabled_platforms
+      @channels
+        .select { |_, cfg| cfg["enabled"] }
+        .keys
+        .map(&:to_sym)
+    end
+    # Returns true if the given platform is configured and enabled.
+    # @param platform [Symbol, String]
+    def enabled?(platform)
+      cfg = @channels[platform.to_s]
+      cfg && cfg["enabled"]
+    end
+    # Return the symbol-keyed config hash expected by each adapter's initializer.
+    # Returns nil if the platform is not configured.
+    #
+    # @param platform [Symbol, String]
+    # @return [Hash, nil]
+    def platform_config(platform)
+      raw = @channels[platform.to_s]
+      return nil unless raw
+      case platform.to_sym
+      when :feishu
+        {
+          app_id:        raw["app_id"],
+          app_secret:    raw["app_secret"],
+          domain:        raw["domain"],
+          allowed_users: raw["allowed_users"]
+        }.compact
+      when :wecom
+        {
+          bot_id: raw["bot_id"],
+          secret: raw["secret"]
+        }.compact
+      when :weixin
+        {
+          token:         raw["token"],
+          base_url:      raw["base_url"],
+          allowed_users: raw["allowed_users"]
+        }.compact
+      when :discord
+        {
+          bot_token:     raw["bot_token"]
+        }.compact
+      when :dingtalk
+        {
+          client_id:     raw["client_id"],
+          client_secret: raw["client_secret"],
+          allowed_users: raw["allowed_users"]
+        }.compact
+      when :telegram
+        {
+          bot_token:     raw["bot_token"],
+          base_url:      raw["base_url"],
+          parse_mode:    raw.key?("parse_mode") ? raw["parse_mode"] : "Markdown",
+          allowed_users: raw["allowed_users"]
+        }.compact
+      else
+        # Unknown platform — pass all non-meta keys as symbol-keyed hash
+        raw.reject { |k, _| k == "enabled" }
+           .transform_keys(&:to_sym)
+      end
+    end
+    # Set or update a platform's credentials.
+    # Merges provided fields into the existing entry.
+    # Automatically sets enabled: true unless explicitly provided.
+    #
+    # @param platform [Symbol, String]
+    # @param fields [Hash] symbol-keyed credential fields
+    def set_platform(platform, **fields)
+      key = platform.to_s
+      @channels[key] ||= {}
+      fields.each { |k, v| @channels[key][k.to_s] = v }
+      @channels[key]["enabled"] = true unless @channels[key].key?("enabled")
+    end
+    # Enable a platform (requires it to already be configured).
+    # @param platform [Symbol, String]
+    # @raise [ArgumentError] if the platform has no stored credentials yet.
+    def enable_platform(platform)
+      key = platform.to_s
+      raise ArgumentError, "Platform #{platform} is not configured" unless @channels.key?(key)
+      @channels[key]["enabled"] = true
+    end
+    # Disable a platform (keeps credentials, just sets enabled: false).
+    # @param platform [Symbol, String]
+    def disable_platform(platform)
+      key = platform.to_s
+      return unless @channels.key?(key)
+      @channels[key]["enabled"] = false
+    end
+    # Remove a platform entry entirely.
+    # @param platform [Symbol, String]
+    def remove_platform(platform)
+      @channels.delete(platform.to_s)
+    end
+    # Deep copy — prevents callers from mutating shared config state.
+    # @return [ChannelConfig]
+    def deep_copy
+      self.class.new(channels: JSON.parse(JSON.generate(@channels)))
+    end
+  end
+end