@bamdra/bamdra-user-bind 0.1.4 → 0.1.6

package/dist/index.js

@@ -425,6 +425,7 @@ var UserBindRuntime = class {
   bindingCache = /* @__PURE__ */ new Map();
   feishuScopeStatus = null;
   bitableMirror = null;
+  feishuTokenCache = /* @__PURE__ */ new Map();
   close() {
     this.store.close();
   }
@@ -707,77 +708,162 @@ var UserBindRuntime = class {
     return identity;
   }
   async tryResolveFeishuUser(openId) {
-    const executor = this.host.callTool ?? this.host.invokeTool;
-    if (typeof executor !== "function") {
-      logUserBindEvent("feishu-resolution-skipped", { reason: "tool-executor-unavailable" });
+    logUserBindEvent("feishu-resolution-start", { openId });
+    const accounts = readFeishuAccountsFromOpenClawConfig();
+    if (accounts.length === 0) {
+      logUserBindEvent("feishu-resolution-skipped", { reason: "no-feishu-accounts-configured" });
       return null;
     }
-    try {
-      logUserBindEvent("feishu-resolution-start", { openId });
-      const result = await executor.call(this.host, "feishu_user_get", {
-        user_id_type: "open_id",
-        user_id: openId
-      });
-      const candidate = extractDeepString(result, [
-        ["data", "user", "user_id"],
-        ["user", "user_id"],
-        ["data", "user_id"]
-      ]);
-      if (!candidate) {
-        logUserBindEvent("feishu-resolution-empty", { openId });
-        return null;
+    for (const account of accounts) {
+      try {
+        const token = await this.getFeishuAppAccessToken(account);
+        const result = await feishuJsonRequest(
+          account,
+          `/open-apis/contact/v3/users/${encodeURIComponent(openId)}?user_id_type=open_id`,
+          token
+        );
+        const candidate = extractDeepString(result, [
+          ["data", "user", "user_id"],
+          ["user", "user_id"],
+          ["data", "user_id"]
+        ]);
+        if (!candidate) {
+          continue;
+        }
+        logUserBindEvent("feishu-resolution-success", {
+          accountId: account.accountId,
+          openId,
+          userId: candidate
+        });
+        return {
+          userId: candidate,
+          source: `feishu-api:${account.accountId}`,
+          profilePatch: {
+            name: extractDeepString(result, [["data", "user", "name"], ["user", "name"]]),
+            email: extractDeepString(result, [["data", "user", "email"], ["user", "email"]]),
+            avatar: extractDeepString(result, [["data", "user", "avatar", "avatar_origin"], ["user", "avatar", "avatar_origin"]])
+          }
+        };
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        logUserBindEvent("feishu-resolution-attempt-failed", {
+          accountId: account.accountId,
+          openId,
+          message
+        });
       }
-      logUserBindEvent("feishu-resolution-success", { openId, userId: candidate });
-      return {
-        userId: candidate,
-        source: "feishu-api",
-        profilePatch: {
-          name: extractDeepString(result, [["data", "user", "name"], ["user", "name"]]),
-          email: extractDeepString(result, [["data", "user", "email"], ["user", "email"]]),
-          avatar: extractDeepString(result, [["data", "user", "avatar", "avatar_origin"], ["user", "avatar", "avatar_origin"]])
+    }
+    const executor = this.host.callTool ?? this.host.invokeTool;
+    if (typeof executor === "function") {
+      try {
+        const result = await executor.call(this.host, "feishu_user_get", {
+          user_id_type: "open_id",
+          user_id: openId
+        });
+        const candidate = extractDeepString(result, [
+          ["data", "user", "user_id"],
+          ["user", "user_id"],
+          ["data", "user_id"]
+        ]);
+        if (candidate) {
+          return {
+            userId: candidate,
+            source: "feishu-tool-fallback",
+            profilePatch: {
+              name: extractDeepString(result, [["data", "user", "name"], ["user", "name"]])
+            }
+          };
         }
-      };
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      logUserBindEvent("feishu-resolution-failed", { openId, message });
-      this.store.recordIssue("feishu-resolution", message);
-      return null;
+      } catch {
+      }
     }
+    logUserBindEvent("feishu-resolution-empty", { openId });
+    return null;
   }
   async ensureFeishuScopeStatus() {
     if (this.feishuScopeStatus) {
       return this.feishuScopeStatus;
     }
+    const accounts = readFeishuAccountsFromOpenClawConfig();
+    for (const account of accounts) {
+      try {
+        const token = await this.getFeishuAppAccessToken(account);
+        const result = await feishuJsonRequest(
+          account,
+          "/open-apis/application/v6/scopes",
+          token
+        );
+        const scopes = extractScopes(result);
+        this.feishuScopeStatus = {
+          scopes,
+          missingIdentityScopes: REQUIRED_FEISHU_IDENTITY_SCOPES.filter((scope) => !scopes.includes(scope)),
+          hasDocumentAccess: scopes.some((scope) => scope.startsWith("bitable:") || scope.startsWith("drive:") || scope.startsWith("docx:") || scope.startsWith("docs:"))
+        };
+        logUserBindEvent("feishu-scopes-read", {
+          accountId: account.accountId,
+          ...this.feishuScopeStatus
+        });
+        return this.feishuScopeStatus;
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        logUserBindEvent("feishu-scopes-attempt-failed", { accountId: account.accountId, message });
+      }
+    }
     const executor = this.host.callTool ?? this.host.invokeTool;
-    if (typeof executor !== "function") {
-      this.feishuScopeStatus = {
-        scopes: [],
-        missingIdentityScopes: [...REQUIRED_FEISHU_IDENTITY_SCOPES],
-        hasDocumentAccess: false
-      };
-      return this.feishuScopeStatus;
+    if (typeof executor === "function") {
+      try {
+        const result = await executor.call(this.host, "feishu_app_scopes", {});
+        const scopes = extractScopes(result);
+        this.feishuScopeStatus = {
+          scopes,
+          missingIdentityScopes: REQUIRED_FEISHU_IDENTITY_SCOPES.filter((scope) => !scopes.includes(scope)),
+          hasDocumentAccess: scopes.some((scope) => scope.startsWith("bitable:") || scope.startsWith("drive:") || scope.startsWith("docx:") || scope.startsWith("docs:"))
+        };
+        logUserBindEvent("feishu-scopes-read", this.feishuScopeStatus);
+        return this.feishuScopeStatus;
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        logUserBindEvent("feishu-scopes-failed", { message });
+        this.store.recordIssue("feishu-scope-read", message);
+      }
     }
-    try {
-      const result = await executor.call(this.host, "feishu_app_scopes", {});
-      const scopes = extractScopes(result);
-      this.feishuScopeStatus = {
-        scopes,
-        missingIdentityScopes: REQUIRED_FEISHU_IDENTITY_SCOPES.filter((scope) => !scopes.includes(scope)),
-        hasDocumentAccess: scopes.some((scope) => scope.startsWith("bitable:") || scope.startsWith("drive:") || scope.startsWith("docx:") || scope.startsWith("docs:"))
-      };
-      logUserBindEvent("feishu-scopes-read", this.feishuScopeStatus);
-      return this.feishuScopeStatus;
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      logUserBindEvent("feishu-scopes-failed", { message });
-      this.store.recordIssue("feishu-scope-read", message);
-      this.feishuScopeStatus = {
-        scopes: [],
-        missingIdentityScopes: [...REQUIRED_FEISHU_IDENTITY_SCOPES],
-        hasDocumentAccess: false
-      };
-      return this.feishuScopeStatus;
+    this.feishuScopeStatus = {
+      scopes: [],
+      missingIdentityScopes: [...REQUIRED_FEISHU_IDENTITY_SCOPES],
+      hasDocumentAccess: false
+    };
+    return this.feishuScopeStatus;
+  }
+  async getFeishuAppAccessToken(account) {
+    const cached = this.feishuTokenCache.get(account.accountId);
+    if (cached && cached.expiresAt > Date.now()) {
+      return cached.token;
+    }
+    const base = resolveFeishuOpenApiBase(account.domain);
+    const response = await fetch(`${base}/open-apis/auth/v3/app_access_token/internal`, {
+      method: "POST",
+      headers: {
+        "content-type": "application/json; charset=utf-8"
+      },
+      body: JSON.stringify({
+        app_id: account.appId,
+        app_secret: account.appSecret
+      })
+    });
+    const payload = await response.json();
+    if (!response.ok || Number(payload.code ?? 0) !== 0) {
+      throw new Error(`Failed to get Feishu app access token for ${account.accountId}: ${JSON.stringify(payload)}`);
     }
+    const token = asNullableString(payload.app_access_token);
+    if (!token) {
+      throw new Error(`Feishu app access token missing for ${account.accountId}`);
+    }
+    const expire = Number(payload.expire ?? 7200);
+    this.feishuTokenCache.set(account.accountId, {
+      token,
+      expiresAt: Date.now() + Math.max(60, expire - 120) * 1e3
+    });
+    return token;
   }
   async syncFeishuMirror(identity) {
     const scopeStatus = await this.ensureFeishuScopeStatus();
@@ -1070,14 +1156,17 @@ function parseIdentityContext(context) {
   const message = findNestedRecord(record, ["message"], ["event", "message"], ["payload", "message"]);
   const session = findNestedRecord(record, ["session"], ["context", "session"]);
   const channel = findNestedRecord(record, ["channel"], ["message", "channel"], ["event", "channel"], ["payload", "channel"]);
-  const metadataText = asNullableString(record.text) ?? asNullableString(message.text) ?? asNullableString(record.content) ?? asNullableString(findNestedValue(record, ["message", "content", "text"]));
+  const metadata = findNestedRecord(record, ["metadata"]);
+  const input = findNestedRecord(record, ["input"]);
+  const conversation = findNestedRecord(record, ["conversation"]);
+  const metadataText = asNullableString(record.text) ?? asNullableString(message.text) ?? asNullableString(record.content) ?? asNullableString(metadata.text) ?? asNullableString(input.text) ?? asNullableString(findNestedValue(record, ["message", "content", "text"]));
   const conversationInfo = metadataText ? extractTaggedJsonBlock(metadataText, "Conversation info (untrusted metadata)") : null;
   const senderInfo = metadataText ? extractTaggedJsonBlock(metadataText, "Sender (untrusted metadata)") : null;
   const senderIdFromText = metadataText ? extractRegexValue(metadataText, /"sender_id"\s*:\s*"([^"]+)"/) : null;
   const senderNameFromText = metadataText ? extractRegexValue(metadataText, /"sender"\s*:\s*"([^"]+)"/) : null;
   const senderNameFromMessageLine = metadataText ? extractRegexValue(metadataText, /\]\s*([^\n:：]{1,40})\s*[:：]/) : null;
-  const sessionId = asNullableString(record.sessionId) ?? asNullableString(record.sessionKey) ?? asNullableString(session.id) ?? asNullableString(record.context?.sessionId) ?? asNullableString(conversationInfo?.session_id) ?? asNullableString(conversationInfo?.message_id);
-  const channelType = asNullableString(record.channelType) ?? asNullableString(channel.type) ?? asNullableString(record.provider) ?? asNullableString(conversationInfo?.provider) ?? inferChannelTypeFromSessionId(sessionId);
+  const sessionId = asNullableString(record.sessionKey) ?? asNullableString(record.sessionId) ?? asNullableString(session.id) ?? asNullableString(conversation.id) ?? asNullableString(metadata.sessionId) ?? asNullableString(input.sessionId) ?? asNullableString(input.session?.id) ?? asNullableString(record.context?.sessionId) ?? asNullableString(conversationInfo?.session_id) ?? asNullableString(conversationInfo?.message_id);
+  const channelType = asNullableString(record.channelType) ?? asNullableString(channel.type) ?? asNullableString(metadata.channelType) ?? asNullableString(conversation?.provider) ?? asNullableString(record.provider) ?? asNullableString(conversationInfo?.provider) ?? inferChannelTypeFromSessionId(sessionId);
   const openId = asNullableString(sender.id) ?? asNullableString(sender.open_id) ?? asNullableString(sender.openId) ?? asNullableString(sender.user_id) ?? asNullableString(senderInfo?.id) ?? asNullableString(conversationInfo?.sender_id) ?? senderIdFromText ?? extractOpenIdFromSessionId(sessionId);
   const senderName = asNullableString(sender.name) ?? asNullableString(sender.display_name) ?? asNullableString(senderInfo?.name) ?? asNullableString(conversationInfo?.sender) ?? senderNameFromText ?? senderNameFromMessageLine;
   return {
@@ -1445,6 +1534,65 @@ function findBitableRecordId(result, userId) {
   }
   return null;
 }
+function readFeishuAccountsFromOpenClawConfig() {
+  const openclawConfigPath = (0, import_node_path.join)((0, import_node_os.homedir)(), ".openclaw", "openclaw.json");
+  if (!(0, import_node_fs.existsSync)(openclawConfigPath)) {
+    return [];
+  }
+  try {
+    const parsed = JSON.parse((0, import_node_fs.readFileSync)(openclawConfigPath, "utf8"));
+    const channels = parsed.channels && typeof parsed.channels === "object" ? parsed.channels : {};
+    const feishu = channels.feishu && typeof channels.feishu === "object" ? channels.feishu : {};
+    const accounts = feishu.accounts && typeof feishu.accounts === "object" ? feishu.accounts : {};
+    const topLevel = normalizeFeishuAccount("default", feishu, feishu);
+    const values = Object.entries(accounts).map(([accountId, value]) => normalizeFeishuAccount(accountId, value, feishu)).filter((item) => item != null);
+    if (topLevel && !values.some((item) => item.accountId === topLevel.accountId)) {
+      values.unshift(topLevel);
+    }
+    return values;
+  } catch (error) {
+    logUserBindEvent("feishu-config-read-failed", {
+      message: error instanceof Error ? error.message : String(error)
+    });
+    return [];
+  }
+}
+function normalizeFeishuAccount(accountId, input, fallback) {
+  const record = input && typeof input === "object" ? input : {};
+  const enabled = record.enabled !== false && fallback.enabled !== false;
+  const appId = asNullableString(record.appId) ?? asNullableString(fallback.appId);
+  const appSecret = asNullableString(record.appSecret) ?? asNullableString(fallback.appSecret);
+  const domain = asNullableString(record.domain) ?? asNullableString(fallback.domain) ?? "feishu";
+  if (!enabled || !appId || !appSecret) {
+    return null;
+  }
+  return { accountId, appId, appSecret, domain };
+}
+function resolveFeishuOpenApiBase(domain) {
+  if (domain === "lark") {
+    return "https://open.larksuite.com";
+  }
+  if (domain === "feishu") {
+    return "https://open.feishu.cn";
+  }
+  return domain.replace(/\/+$/, "");
+}
+async function feishuJsonRequest(account, path, appAccessToken, init) {
+  const base = resolveFeishuOpenApiBase(account.domain);
+  const response = await fetch(`${base}${path}`, {
+    ...init,
+    headers: {
+      authorization: `Bearer ${appAccessToken}`,
+      "content-type": "application/json; charset=utf-8",
+      ...init?.headers ?? {}
+    }
+  });
+  const payload = await response.json();
+  if (!response.ok || Number(payload.code ?? 0) !== 0) {
+    throw new Error(JSON.stringify(payload));
+  }
+  return payload;
+}
 function getConfiguredAgentId(agent) {
   return asNullableString(agent.id) ?? asNullableString(agent.name) ?? asNullableString(agent.agentId);
 }

package/openclaw.plugin.json

@@ -3,7 +3,7 @@
   "type": "tool",
   "name": "Bamdra User Bind",
   "description": "Identity resolution, user profile binding, and admin profile tools for OpenClaw channels.",
-  "version": "0.1.0",
+  "version": "0.1.6",
   "main": "./dist/index.js",
   "skills": ["./skills"],
   "configSchema": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bamdra/bamdra-user-bind",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Identity resolution, user profile binding, and admin-safe profile tools for OpenClaw channels.",
   "license": "MIT",
   "homepage": "https://www.bamdra.com",