@botcord/daemon 0.2.77 → 0.2.79

package/dist/runtime-route-options.d.ts

@@ -0,0 +1,7 @@
+export interface RuntimeSelectionOptions {
+    runtimeModel?: string;
+    reasoningEffort?: string;
+    thinking?: boolean;
+}
+export declare function buildRuntimeSelectionExtraArgs(runtime: string | undefined, selection: RuntimeSelectionOptions): string[];
+export declare function mergeRuntimeExtraArgs(inherited: string[] | undefined, selected: string[]): string[] | undefined;

package/dist/runtime-route-options.js

@@ -0,0 +1,45 @@
+export function buildRuntimeSelectionExtraArgs(runtime, selection) {
+    if (!runtime)
+        return [];
+    const out = [];
+    const model = cleanString(selection.runtimeModel);
+    const reasoningEffort = cleanString(selection.reasoningEffort);
+    if (runtime === "claude-code") {
+        if (model)
+            out.push("--model", model);
+        if (reasoningEffort)
+            out.push("--effort", reasoningEffort);
+    }
+    else if (runtime === "codex") {
+        if (model)
+            out.push("--model", model);
+        if (reasoningEffort) {
+            out.push("-c", `model_reasoning_effort=${quoteCodexConfigValue(reasoningEffort)}`);
+        }
+    }
+    else if (runtime === "deepseek-tui") {
+        if (model)
+            out.push("--model", model);
+        if (reasoningEffort)
+            out.push("--reasoning-effort", reasoningEffort);
+    }
+    else if (runtime === "kimi-cli") {
+        if (model)
+            out.push("--model", model);
+        if (typeof selection.thinking === "boolean") {
+            out.push(selection.thinking ? "--thinking" : "--no-thinking");
+        }
+    }
+    return out;
+}
+export function mergeRuntimeExtraArgs(inherited, selected) {
+    const out = [...(inherited ?? []), ...selected];
+    return out.length ? out : undefined;
+}
+function cleanString(value) {
+    const trimmed = value?.trim();
+    return trimmed ? trimmed : undefined;
+}
+function quoteCodexConfigValue(value) {
+    return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botcord/daemon",
-  "version": "0.2.77",
+  "version": "0.2.79",
   "description": "BotCord local daemon — bridges Hub inbox push to local Claude Code / Codex / Gemini CLIs",
   "type": "module",
   "bin": {
@@ -28,7 +28,7 @@
   },
   "dependencies": {
     "@botcord/cli": "^0.1.7",
-    "@botcord/protocol-core": "^0.2.9",
+    "@botcord/protocol-core": "^0.2.10",
     "@larksuiteoapi/node-sdk": "^1.63.1",
     "ws": "^8.20.1"
   },

package/src/__tests__/attention-policy-fetcher.test.ts

@@ -0,0 +1,67 @@
+import { mkdtempSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { generateKeypair } from "@botcord/protocol-core";
+import { createAttentionPolicyFetcher } from "../attention-policy-fetcher.js";
+
+function writeCredentials(agentId: string): string {
+  const dir = mkdtempSync(path.join(tmpdir(), "botcord-policy-"));
+  const file = path.join(dir, `${agentId}.json`);
+  const keys = generateKeypair();
+  writeFileSync(
+    file,
+    JSON.stringify({
+      version: 1,
+      hubUrl: "https://hub.test",
+      agentId,
+      keyId: "key_1",
+      privateKey: keys.privateKey,
+      publicKey: keys.publicKey,
+      savedAt: new Date().toISOString(),
+      token: "jwt",
+      tokenExpiresAt: Math.floor(Date.now() / 1000) + 3600,
+    }),
+  );
+  return file;
+}
+
+describe("createAttentionPolicyFetcher", () => {
+  afterEach(() => {
+    vi.unstubAllGlobals();
+  });
+
+  it("fetches effective room attention policy with agent credentials", async () => {
+    const credentialsPath = writeCredentials("ag_policy");
+    const fetchMock = vi.fn(async (url: string | URL | Request, init?: RequestInit) => {
+      expect(String(url)).toBe(
+        "https://hub.test/hub/attention-policy?room_id=rm_1",
+      );
+      expect((init?.headers as Record<string, string>).Authorization).toBe(
+        "Bearer jwt",
+      );
+      return new Response(
+        JSON.stringify({
+          mode: "mention_only",
+          keywords: [],
+          allowedSenderIds: [],
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    const fetchPolicy = createAttentionPolicyFetcher({
+      credentialPathByAgentId: new Map([["ag_policy", credentialsPath]]),
+    });
+
+    await expect(
+      fetchPolicy({ agentId: "ag_policy", roomId: "rm_1" }),
+    ).resolves.toEqual({
+      mode: "mention_only",
+      keywords: [],
+      allowedSenderIds: [],
+    });
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+  });
+});

package/src/__tests__/cloud-gateway-runtime.test.ts

@@ -0,0 +1,127 @@
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { RUNTIME_FRAME_TYPES, type GatewayInboundFrame } from "@botcord/protocol-core";
+
+import { handleCloudGatewayRuntimeInbound } from "../cloud-gateway-runtime.js";
+import { Gateway, type ChannelAdapter } from "../gateway/index.js";
+
+describe("cloud gateway runtime inbound", () => {
+  let tmpDir: string;
+
+  beforeEach(() => {
+    tmpDir = mkdtempSync(path.join(os.tmpdir(), "cloud-gateway-runtime-"));
+  });
+
+  afterEach(() => {
+    rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  it("injects a gateway_inbound frame and captures the runtime reply", async () => {
+    const gateway = new Gateway({
+      config: {
+        channels: [],
+        defaultRoute: { runtime: "fake", cwd: tmpDir },
+      },
+      sessionStorePath: path.join(tmpDir, "sessions.json"),
+      createChannel: (cfg) => stubChannel(cfg.id, cfg.type, cfg.accountId),
+      createRuntime: () => ({
+        id: "fake",
+        async run() {
+          return { text: "hello from runtime", newSessionId: "sess_1" };
+        },
+      }),
+      transcriptEnabled: false,
+    });
+    await gateway.start();
+
+    const frame: GatewayInboundFrame = {
+      type: RUNTIME_FRAME_TYPES.GATEWAY_INBOUND,
+      event_id: "evt_1",
+      gateway_id: "gw_tg_1",
+      agent_id: "ag_1",
+      provider: "telegram",
+      message: {
+        id: "telegram:1:2",
+        channel: "gw_tg_1",
+        accountId: "ag_1",
+        conversation: { id: "telegram:user:1", kind: "direct" },
+        sender: { id: "telegram:user:1", kind: "user" },
+        text: "hi",
+        replyTo: null,
+        mentioned: true,
+        receivedAt: Date.now(),
+        trace: { id: "telegram:1:2", streamable: false },
+      },
+    };
+
+    const result = await handleCloudGatewayRuntimeInbound(gateway, frame);
+    await gateway.stop("test");
+
+    expect(result.accepted).toBe(true);
+    expect(result.eventId).toBe("evt_1");
+    expect(result.gatewayId).toBe("gw_tg_1");
+    expect(result.conversationId).toBe("telegram:user:1");
+    expect(result.outbound?.finalText).toBe("hello from runtime");
+  });
+
+  it("rejects frames outside the token scope", async () => {
+    const gateway = new Gateway({
+      config: {
+        channels: [],
+        defaultRoute: { runtime: "fake", cwd: tmpDir },
+      },
+      sessionStorePath: path.join(tmpDir, "sessions.json"),
+      createChannel: (cfg) => stubChannel(cfg.id, cfg.type, cfg.accountId),
+      createRuntime: () => ({
+        id: "fake",
+        async run() {
+          return { text: "unused", newSessionId: "sess_1" };
+        },
+      }),
+      transcriptEnabled: false,
+    });
+
+    const result = await handleCloudGatewayRuntimeInbound(gateway, {
+      type: RUNTIME_FRAME_TYPES.GATEWAY_INBOUND,
+      event_id: "evt_bad",
+      gateway_id: "gw_tg_1",
+      agent_id: "ag_1",
+      provider: "telegram",
+      message: {
+        id: "telegram:1:2",
+        channel: "gw_other",
+        accountId: "ag_1",
+        conversation: { id: "telegram:user:1", kind: "direct" },
+        sender: { id: "telegram:user:1", kind: "user" },
+        text: "hi",
+        replyTo: null,
+        mentioned: true,
+        receivedAt: Date.now(),
+      },
+    });
+
+    expect(result.accepted).toBe(false);
+    expect(result.error?.code).toBe("channel_mismatch");
+  });
+});
+
+function stubChannel(id: string, type: string, accountId: string): ChannelAdapter {
+  return {
+    id,
+    type,
+    async start() {
+      return undefined;
+    },
+    async stop() {
+      return undefined;
+    },
+    async send() {
+      return {};
+    },
+    status() {
+      return { channel: id, accountId, running: true };
+    },
+  };
+}

package/src/__tests__/daemon-config-map.test.ts

@@ -416,6 +416,32 @@ describe("buildManagedRoutes", () => {
     expect(map.get("ag_one")?.extraArgs).not.toBe(withExtraArgs.extraArgs);
   });
 
+  it("appends per-agent model and reasoning selections to inherited extraArgs", () => {
+    const withExtraArgs: GatewayRoute = {
+      runtime: "codex",
+      cwd: "/home/default",
+      extraArgs: ["--skip-git-repo-check"],
+    };
+    const map = buildManagedRoutes(
+      ["ag_one"],
+      {
+        ag_one: {
+          runtime: "codex",
+          runtimeModel: "gpt-5.2",
+          reasoningEffort: "high",
+        },
+      },
+      withExtraArgs,
+    );
+    expect(map.get("ag_one")?.extraArgs).toEqual([
+      "--skip-git-repo-check",
+      "--model",
+      "gpt-5.2",
+      "-c",
+      'model_reasoning_effort="high"',
+    ]);
+  });
+
   it("omits extraArgs when defaultRoute has none", () => {
     const map = buildManagedRoutes(["ag_one"], {}, defaultRoute);
     expect(map.get("ag_one")).not.toHaveProperty("extraArgs");
@@ -492,4 +518,3 @@ describe("openclawGateways resolution", () => {
     expect(gw.managedRoutes).toEqual([]);
   });
 });
-

package/src/__tests__/gateway-control.test.ts

@@ -733,3 +733,139 @@ describe("W4: handleLoginStatus accountId ownership check", () => {
     expect(ack.error?.code).toBe("bad_params");
   });
 });
+
+describe("login_missing vs login_expired", () => {
+  it("wechat upsert with an unknown loginId returns login_missing", async () => {
+    const gw = makeFakeGateway();
+    const { io } = makeConfigIO(baseCfg());
+    const sessions = new LoginSessionStore();
+    const ctrl = createGatewayControl({
+      gateway: gw as any,
+      configIO: io,
+      loginSessions: sessions,
+    });
+
+    const ack = await ctrl.handleUpsert({
+      id: uniqId("wx_missing"),
+      type: "wechat",
+      accountId: "ag_alice",
+      enabled: true,
+      loginId: "wxl_never_created",
+    });
+
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("login_missing");
+    expect(gw.addChannel).not.toHaveBeenCalled();
+  });
+
+  it("feishu upsert with an unknown loginId returns login_missing", async () => {
+    const gw = makeFakeGateway();
+    const { io } = makeConfigIO(baseCfg());
+    const sessions = new LoginSessionStore();
+    const ctrl = createGatewayControl({
+      gateway: gw as any,
+      configIO: io,
+      loginSessions: sessions,
+    });
+
+    const ack = await ctrl.handleUpsert({
+      id: uniqId("fs_missing"),
+      type: "feishu",
+      accountId: "ag_alice",
+      enabled: true,
+      loginId: "fsl_never_created",
+    });
+
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("login_missing");
+    expect(gw.addChannel).not.toHaveBeenCalled();
+  });
+
+  it("recent_senders with an unknown loginId returns login_missing", async () => {
+    const gw = makeFakeGateway();
+    const { io } = makeConfigIO(baseCfg());
+    const sessions = new LoginSessionStore();
+    const ctrl = createGatewayControl({
+      gateway: gw as any,
+      configIO: io,
+      loginSessions: sessions,
+    });
+
+    const ack = await ctrl.handleRecentSenders({
+      provider: "wechat",
+      loginId: "wxl_never_created",
+      accountId: "ag_alice",
+    });
+
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("login_missing");
+  });
+
+  it("wechat upsert with a TTL-expired loginId returns login_expired", async () => {
+    const gw = makeFakeGateway();
+    const { io } = makeConfigIO(baseCfg());
+    let nowMs = 1_000_000;
+    const sessions = new LoginSessionStore({ now: () => nowMs, ttlMs: 60_000 });
+    sessions.create({
+      loginId: "wxl_aged",
+      accountId: "ag_alice",
+      provider: "wechat",
+      qrcode: "QR",
+      baseUrl: "https://ilinkai.weixin.qq.com",
+      botToken: "wechat-bot-token-aged",
+    });
+    nowMs += 120_000;
+
+    const ctrl = createGatewayControl({
+      gateway: gw as any,
+      configIO: io,
+      loginSessions: sessions,
+    });
+
+    const ack = await ctrl.handleUpsert({
+      id: uniqId("wx_expired"),
+      type: "wechat",
+      accountId: "ag_alice",
+      enabled: true,
+      loginId: "wxl_aged",
+    });
+
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("login_expired");
+    // resolve() also evicts — a follow-up call should now report missing.
+    expect(sessions.resolve("wxl_aged").state).toBe("missing");
+  });
+
+  it("feishu upsert with a TTL-expired loginId returns login_expired", async () => {
+    const gw = makeFakeGateway();
+    const { io } = makeConfigIO(baseCfg());
+    let nowMs = 2_000_000;
+    const sessions = new LoginSessionStore({ now: () => nowMs, ttlMs: 60_000 });
+    sessions.create({
+      loginId: "fsl_aged",
+      accountId: "ag_alice",
+      provider: "feishu",
+      appId: "cli_xxx",
+      appSecret: "feishu-secret-aged",
+      domain: "feishu",
+    });
+    nowMs += 120_000;
+
+    const ctrl = createGatewayControl({
+      gateway: gw as any,
+      configIO: io,
+      loginSessions: sessions,
+    });
+
+    const ack = await ctrl.handleUpsert({
+      id: uniqId("fs_expired"),
+      type: "feishu",
+      accountId: "ag_alice",
+      enabled: true,
+      loginId: "fsl_aged",
+    });
+
+    expect(ack.ok).toBe(false);
+    expect(ack.error?.code).toBe("login_expired");
+  });
+});

package/src/__tests__/policy-resolver.test.ts

@@ -65,6 +65,26 @@ describe("PolicyResolver", () => {
     expect(p.mode).toBe("always");
   });
 
+  it.each(["telegram:user:42", "wechat:user:alice", "feishu:user:ou_alice"])(
+    "forces third-party direct chat %s to mode=always",
+    async (conversationId) => {
+      const resolver = new PolicyResolver({ fetchGlobal: async () => undefined });
+      resolver.put("ag_a", null, { mode: "mention_only", keywords: [] });
+      const p = await resolver.resolve("ag_a", conversationId);
+      expect(p.mode).toBe("always");
+    },
+  );
+
+  it.each(["telegram:group:-1001", "feishu:chat:oc_team"])(
+    "does not force third-party group chat %s to mode=always",
+    async (conversationId) => {
+      const resolver = new PolicyResolver({ fetchGlobal: async () => undefined });
+      resolver.put("ag_a", null, { mode: "mention_only", keywords: [] });
+      const p = await resolver.resolve("ag_a", conversationId);
+      expect(p.mode).toBe("mention_only");
+    },
+  );
+
   it("falls back to defaults when fetch throws", async () => {
     const resolver = new PolicyResolver({
       fetchGlobal: async () => {

package/src/__tests__/provision.test.ts

@@ -660,6 +660,65 @@ describe("provision_agent handler writes runtime + cwd", () => {
     }
   });
 
+  it("persists model options and hot-adds them to the managed route", async () => {
+    const os = await import("node:os");
+    const fs = await import("node:fs");
+    const nodePath = await import("node:path");
+
+    const tmp = fs.mkdtempSync(nodePath.join(os.tmpdir(), "daemon-provision-"));
+    const prevHome = process.env.HOME;
+    process.env.HOME = tmp;
+    try {
+      mockState.cfg = {
+        defaultRoute: {
+          adapter: "codex",
+          cwd: tmp,
+          extraArgs: ["--skip-git-repo-check"],
+        },
+        routes: [],
+        streamBlocks: true,
+      };
+      const gw = makeFakeGateway();
+      const provisioner = createProvisioner({
+        gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+      });
+      const privateKey = Buffer.alloc(32, 8).toString("base64");
+
+      const ack = await provisioner({
+        id: "req_model",
+        type: CONTROL_FRAME_TYPES.PROVISION_AGENT,
+        params: {
+          runtime: "codex",
+          runtimeModel: "gpt-5.2",
+          reasoningEffort: "high",
+          credentials: {
+            agentId: "ag_model",
+            keyId: "k_model",
+            privateKey,
+            hubUrl: "https://hub.example",
+          },
+        },
+      });
+
+      expect(ack.ok).toBe(true);
+      const credFile = nodePath.join(tmp, ".botcord", "credentials", "ag_model.json");
+      const saved = JSON.parse(fs.readFileSync(credFile, "utf8")) as Record<string, unknown>;
+      expect(saved.runtimeModel).toBe("gpt-5.2");
+      expect(saved.reasoningEffort).toBe("high");
+      expect(gw.listManagedRoutes()[0].extraArgs).toEqual([
+        "--skip-git-repo-check",
+        "--model",
+        "gpt-5.2",
+        "-c",
+        'model_reasoning_effort="high"',
+      ]);
+    } finally {
+      if (prevHome === undefined) delete process.env.HOME;
+      else process.env.HOME = prevHome;
+      fs.rmSync(tmp, { recursive: true, force: true });
+    }
+  });
+
   it("rejects unknown runtime ids before touching disk", async () => {
     const gw = makeFakeGateway();
     const provisioner = createProvisioner({
@@ -1677,6 +1736,71 @@ describe("update_agent handler", () => {
     });
   });
 
+  it("updates runtime selectors in credentials and managed route", async () => {
+    await withSandboxHome(async ({ tmp, fs, path: nodePath }) => {
+      mockState.cfg = {
+        defaultRoute: {
+          adapter: "codex",
+          cwd: tmp,
+          extraArgs: ["--skip-git-repo-check"],
+        },
+        routes: [],
+        streamBlocks: true,
+      };
+      const credDir = nodePath.join(tmp, ".botcord", "credentials");
+      fs.mkdirSync(credDir, { recursive: true });
+      fs.writeFileSync(
+        nodePath.join(credDir, "ag_runtime.json"),
+        JSON.stringify({
+          version: 1,
+          hubUrl: "https://hub.example",
+          agentId: "ag_runtime",
+          keyId: "k_runtime",
+          privateKey: Buffer.alloc(32, 24).toString("base64"),
+          savedAt: new Date().toISOString(),
+        }),
+      );
+
+      const gw = makeFakeGateway();
+      const provisioner = createProvisioner({
+        gateway: gw as unknown as Parameters<typeof createProvisioner>[0]["gateway"],
+      });
+      const ack = await provisioner({
+        id: "req_update_runtime",
+        type: CONTROL_FRAME_TYPES.UPDATE_AGENT,
+        params: {
+          agentId: "ag_runtime",
+          runtime: "codex",
+          runtimeModel: "gpt-5.2",
+          reasoningEffort: "high",
+          thinking: true,
+        },
+      });
+
+      expect(ack.ok).toBe(true);
+      expect((ack.result as { changed: boolean }).changed).toBe(true);
+
+      const saved = JSON.parse(
+        fs.readFileSync(nodePath.join(credDir, "ag_runtime.json"), "utf8"),
+      ) as Record<string, unknown>;
+      expect(saved.runtime).toBe("codex");
+      expect(saved.runtimeModel).toBe("gpt-5.2");
+      expect(saved.reasoningEffort).toBe("high");
+      expect(saved.thinking).toBe(true);
+      expect(gw.listManagedRoutes()[0]).toMatchObject({
+        match: { accountId: "ag_runtime" },
+        runtime: "codex",
+        extraArgs: [
+          "--skip-git-repo-check",
+          "--model",
+          "gpt-5.2",
+          "-c",
+          'model_reasoning_effort="high"',
+        ],
+      });
+    });
+  });
+
   it("rejects update_agent without agentId", async () => {
     const gw = makeFakeGateway();
     const provisioner = createProvisioner({

package/src/__tests__/runtime-discovery.test.ts

@@ -76,15 +76,74 @@ describe("collectRuntimeSnapshot", () => {
       },
     ]);
     const snap = collectRuntimeSnapshot();
-    expect(snap.runtimes).toEqual([
-      {
-        id: "claude-code",
-        available: true,
-        version: "1.2.3",
-        path: "/usr/local/bin/claude",
-      },
-      { id: "codex", available: false },
-    ]);
+    expect(snap.runtimes[0]).toMatchObject({
+      id: "claude-code",
+      available: true,
+      version: "1.2.3",
+      path: "/usr/local/bin/claude",
+    });
+    const claudeModels = (snap.runtimes[0] as { models?: Array<{ id: string }> }).models;
+    expect(claudeModels?.map((m) => m.id)).toContain("sonnet");
+    expect(claudeModels?.map((m) => m.id)).toContain("opus");
+    expect(snap.runtimes[1]).toEqual({ id: "codex", available: false });
+  });
+
+  it("adds Kimi models from the local config file", () => {
+    const tmp = mkdtempSync(path.join(tmpdir(), "daemon-runtime-kimi-"));
+    const prevHome = process.env.HOME;
+    process.env.HOME = tmp;
+    try {
+      mkdirSync(path.join(tmp, ".kimi"), { recursive: true });
+      writeFileSync(
+        path.join(tmp, ".kimi", "config.toml"),
+        [
+          'default_model = "kimi-code/kimi-for-coding"',
+          "",
+          '[models."kimi-code/kimi-for-coding"]',
+          'provider = "managed:kimi-code"',
+          'model = "kimi-for-coding"',
+          "max_context_size = 262144",
+          'capabilities = ["thinking", "image_in"]',
+          'display_name = "Kimi-k2.6"',
+          "",
+        ].join("\n"),
+      );
+      setRuntimes([
+        {
+          id: "kimi-cli",
+          displayName: "Kimi",
+          binary: "kimi",
+          supportsRun: true,
+          result: { available: true },
+        },
+      ]);
+      const [runtime] = collectRuntimeSnapshot().runtimes;
+      expect((runtime as { models?: unknown[] }).models).toEqual([
+        {
+          id: "kimi-code/kimi-for-coding",
+          source: "config",
+          isDefault: true,
+          provider: "managed:kimi-code",
+          displayName: "Kimi-k2.6",
+          contextLength: 262144,
+          capabilities: ["thinking", "image_in"],
+          metadata: { model: "kimi-for-coding" },
+          parameters: [
+            {
+              id: "thinking",
+              displayName: "Thinking",
+              type: "boolean",
+              flag: "--thinking/--no-thinking",
+              source: "cli",
+            },
+          ],
+        },
+      ]);
+    } finally {
+      if (prevHome === undefined) delete process.env.HOME;
+      else process.env.HOME = prevHome;
+      rmSync(tmp, { recursive: true, force: true });
+    }
   });
 
   it("omits optional fields rather than emitting explicit undefineds", () => {