@botcord/daemon 0.2.91 → 0.2.93

package/src/gateway-control.ts

@@ -38,6 +38,10 @@ import {
   startFeishuRegistration,
   type FeishuDomain,
 } from "./gateway/channels/feishu-registration.js";
+import {
+  discoverFeishuChats,
+  type FeishuDiscoveredChat,
+} from "./gateway/channels/feishu.js";
 import { WECHAT_BASE_INFO, wechatHeaders } from "./gateway/channels/wechat-http.js";
 import { assertSafeBaseUrl, UnsafeBaseUrlError } from "./gateway/channels/url-guard.js";
 import { log as daemonLog } from "./log.js";
@@ -172,8 +176,17 @@ interface GatewayRecentSender {
   label?: string | null;
 }
 
+interface GatewayRecentFeishuChat {
+  chatId: string;
+  senderOpenId: string;
+  kind: "direct" | "group";
+  label?: string | null;
+  lastSeenAt: number;
+}
+
 interface GatewayRecentSendersResult {
-  senders: GatewayRecentSender[];
+  senders?: GatewayRecentSender[];
+  chats?: GatewayRecentFeishuChat[];
 }
 
 interface GatewaySendParams {
@@ -213,6 +226,9 @@ export interface GatewayControlContext {
     startFeishuRegistration: typeof startFeishuRegistration;
     pollFeishuRegistration: typeof pollFeishuRegistration;
   };
+  feishuDiscoveryClient?: {
+    discoverChats: typeof discoverFeishuChats;
+  };
   /** Override the global fetch — used by `test_gateway` for Telegram getMe. */
   fetchImpl?: FetchLike;
 }
@@ -228,6 +244,7 @@ export function createGatewayControl(ctx: GatewayControlContext) {
   const wechatLogin = ctx.wechatLoginClient ?? { getBotQrcode, getQrcodeStatus };
   const feishuLogin =
     ctx.feishuLoginClient ?? { startFeishuRegistration, pollFeishuRegistration };
+  const feishuDiscovery = ctx.feishuDiscoveryClient ?? { discoverChats: discoverFeishuChats };
   // W7: validate fetch availability at construction so a missing global is
   // diagnosed at startup, not during the first control frame. Tests inject
   // `ctx.fetchImpl` explicitly and bypass the global lookup entirely.
@@ -271,6 +288,9 @@ export function createGatewayControl(ctx: GatewayControlContext) {
     }
 
     const cfg = cfgIO.load();
+    const existingProfiles = cfg.thirdPartyGateways ?? [];
+    const prevProfile = existingProfiles.find((g) => g.id === params.id);
+    const hadExistingProfile = prevProfile !== undefined;
 
     // accountId must belong to a daemon-bound agent. An empty agent set
     // (no agents provisioned yet) is itself a hard reject — otherwise we
@@ -349,43 +369,66 @@ export function createGatewayControl(ctx: GatewayControlContext) {
     } else if (params.type === "feishu") {
       const loginId = params.loginId;
       if (!loginId) {
-        return badParams("upsert_gateway: feishu requires loginId");
-      }
-      const resolved = sessions.resolve(loginId);
-      if (resolved.state !== "live") {
-        return {
-          ok: false,
-          error:
-            resolved.state === "missing"
-              ? { code: "login_missing", message: `feishu login session "${loginId}" not found` }
-              : { code: "login_expired", message: `feishu login session "${loginId}" expired` },
-        };
-      }
-      const session = resolved.session!;
-      if (session.provider !== "feishu") {
-        return badParams(`upsert_gateway: login session provider "${session.provider}" != "feishu"`);
-      }
-      if (session.accountId !== params.accountId) {
-        return {
-          ok: false,
-          error: {
-            code: "login_account_mismatch",
-            message: "feishu login session accountId does not match upsert request",
-          },
-        };
-      }
-      if (!session.appId || !session.appSecret) {
-        return {
-          ok: false,
-          error: { code: "login_unconfirmed", message: "feishu login session has no app credentials yet" },
-        };
+        if (
+          !prevProfile ||
+          prevProfile.type !== "feishu" ||
+          prevProfile.accountId !== params.accountId ||
+          !prevProfile.appId
+        ) {
+          return badParams("upsert_gateway: feishu requires loginId");
+        }
+        const existing = loadGatewaySecret<{ appSecret?: string }>(params.id);
+        if (!existing?.appSecret) {
+          return badParams("upsert_gateway: feishu requires loginId");
+        }
+        if (
+          params.settings?.domain !== undefined &&
+          params.settings.domain !== (prevProfile.domain ?? "feishu")
+        ) {
+          return badParams("upsert_gateway: feishu domain change requires a fresh loginId");
+        }
+        secretPayload = { appSecret: existing.appSecret };
+        tokenPreviewSource = existing.appSecret;
+        feishuAppId = prevProfile.appId;
+        feishuDomain = params.settings?.domain ?? prevProfile.domain ?? "feishu";
+        feishuUserOpenId = prevProfile.userOpenId;
+      } else {
+        const resolved = sessions.resolve(loginId);
+        if (resolved.state !== "live") {
+          return {
+            ok: false,
+            error:
+              resolved.state === "missing"
+                ? { code: "login_missing", message: `feishu login session "${loginId}" not found` }
+                : { code: "login_expired", message: `feishu login session "${loginId}" expired` },
+          };
+        }
+        const session = resolved.session!;
+        if (session.provider !== "feishu") {
+          return badParams(`upsert_gateway: login session provider "${session.provider}" != "feishu"`);
+        }
+        if (session.accountId !== params.accountId) {
+          return {
+            ok: false,
+            error: {
+              code: "login_account_mismatch",
+              message: "feishu login session accountId does not match upsert request",
+            },
+          };
+        }
+        if (!session.appId || !session.appSecret) {
+          return {
+            ok: false,
+            error: { code: "login_unconfirmed", message: "feishu login session has no app credentials yet" },
+          };
+        }
+        secretPayload = { appSecret: session.appSecret };
+        tokenPreviewSource = session.appSecret;
+        feishuAppId = session.appId;
+        feishuDomain = session.domain ?? params.settings?.domain ?? "feishu";
+        feishuUserOpenId = session.userOpenId;
+        sessions.update(loginId, { gatewayId: params.id });
       }
-      secretPayload = { appSecret: session.appSecret };
-      tokenPreviewSource = session.appSecret;
-      feishuAppId = session.appId;
-      feishuDomain = session.domain ?? params.settings?.domain ?? "feishu";
-      feishuUserOpenId = session.userOpenId;
-      sessions.update(loginId, { gatewayId: params.id });
     } else {
       return badParams(`upsert_gateway: unknown provider "${(params as { type: string }).type}"`);
     }
@@ -393,12 +436,9 @@ export function createGatewayControl(ctx: GatewayControlContext) {
     // W3/W6: remember whether a profile already exists for this id BEFORE we
     // write the secret/config. For UPDATE path, capture previous profile +
     // previous secret so addChannel failure can restore prior state.
-    const existingProfiles = cfg.thirdPartyGateways ?? [];
-    const hadExistingProfile = existingProfiles.some((g) => g.id === params.id);
-    const prevProfile = existingProfiles.find((g) => g.id === params.id);
     // W6: load the previous secret for UPDATE rollback BEFORE overwriting.
     const prevSecret = hadExistingProfile
-      ? loadGatewaySecret<{ botToken?: string }>(params.id)
+      ? loadGatewaySecret<{ botToken?: string; appSecret?: string }>(params.id)
       : null;
 
     // Persist secret first (so a config write that succeeds is never
@@ -458,20 +498,27 @@ export function createGatewayControl(ctx: GatewayControlContext) {
           }
           try {
             if (prevProfile) {
-              cfgIO.save(upsertProfileInConfig(cfgIO.load(), prevProfile));
+              cfgIO.save(replaceProfileInConfig(cfgIO.load(), prevProfile));
             }
           } catch {
             // best-effort
           }
           try {
-            if (prevProfile && prevSecret?.botToken) {
+            if (
+              prevProfile &&
+              ((prevProfile.type === "telegram" && prevSecret?.botToken) ||
+                (prevProfile.type === "feishu" && prevSecret?.appSecret))
+            ) {
               await ctx.gateway.addChannel(
                 buildChannelConfig(
                   {
                     ...params,
                     type: prevProfile.type as typeof params.type,
+                    accountId: prevProfile.accountId,
                     enabled: prevProfile.enabled !== false,
-                    secret: { botToken: prevSecret.botToken },
+                    ...(prevProfile.type === "telegram"
+                      ? { secret: { botToken: prevSecret.botToken } }
+                      : {}),
                     settings: {
                       baseUrl: prevProfile.baseUrl,
                       allowedSenderIds: prevProfile.allowedSenderIds,
@@ -868,7 +915,7 @@ export function createGatewayControl(ctx: GatewayControlContext) {
     if (!isProvider(params.provider)) {
       return badParams(`gateway_recent_senders: unknown provider "${String(params.provider)}"`);
     }
-    if (params.provider !== "wechat") {
+    if (params.provider !== "wechat" && params.provider !== "feishu") {
       return badParams(`gateway_recent_senders: provider "${params.provider}" not supported`);
     }
     if (!params.loginId) {
@@ -883,12 +930,12 @@ export function createGatewayControl(ctx: GatewayControlContext) {
         ok: false,
         error:
           resolved.state === "missing"
-            ? { code: "login_missing", message: `wechat login session "${params.loginId}" not found` }
-            : { code: "login_expired", message: `wechat login session "${params.loginId}" expired` },
+            ? { code: "login_missing", message: `${params.provider} login session "${params.loginId}" not found` }
+            : { code: "login_expired", message: `${params.provider} login session "${params.loginId}" expired` },
       };
     }
     const session = resolved.session!;
-    if (session.provider !== "wechat") {
+    if (session.provider !== params.provider) {
       return badParams("gateway_recent_senders: provider does not match login session");
     }
     if (session.accountId !== params.accountId) {
@@ -900,6 +947,43 @@ export function createGatewayControl(ctx: GatewayControlContext) {
         },
       };
     }
+    if (params.provider === "feishu") {
+      if (!session.appId || !session.appSecret || !session.userOpenId) {
+        return {
+          ok: false,
+          error: {
+            code: "login_unconfirmed",
+            message: "feishu login session has no app credentials yet",
+          },
+        };
+      }
+      try {
+        const chats = await feishuDiscovery.discoverChats({
+          appId: session.appId,
+          appSecret: session.appSecret,
+          domain: session.domain ?? "feishu",
+          userOpenId: session.userOpenId,
+          timeoutSeconds: params.timeoutSeconds,
+        });
+        const result: GatewayRecentSendersResult = {
+          chats: chats.map((c: FeishuDiscoveredChat) => ({
+            chatId: c.chatId,
+            senderOpenId: c.senderOpenId,
+            kind: c.kind,
+            label: c.label ?? null,
+            lastSeenAt: c.lastSeenAt,
+          })),
+        };
+        return { ok: true, result };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        daemonLog.warn("gateway_recent_senders.feishu discovery failed", { error: message });
+        return {
+          ok: false,
+          error: { code: "provider_unreachable", message },
+        };
+      }
+    }
     if (!session.botToken) {
       return {
         ok: false,
@@ -1074,6 +1158,9 @@ function validateOutboundConversation(
       },
     };
   }
+  if (profile.type === "feishu" && (profile.allowedChatIds ?? []).length === 0) {
+    return null;
+  }
   const allowed = new Set((profile.allowedChatIds ?? []).map(String));
   if (!allowed.has(chatId)) {
     return {
@@ -1161,6 +1248,21 @@ function upsertProfileInConfig(
   return { ...cfg, thirdPartyGateways: list };
 }
 
+function replaceProfileInConfig(
+  cfg: DaemonConfig,
+  profile: ThirdPartyGatewayProfile,
+): DaemonConfig {
+  const list = (cfg.thirdPartyGateways ?? []).slice();
+  const idx = list.findIndex((g) => g.id === profile.id);
+  const compact = compactProfile(profile);
+  if (idx >= 0) {
+    list[idx] = compact;
+  } else {
+    list.push(compact);
+  }
+  return { ...cfg, thirdPartyGateways: list };
+}
+
 function compactProfile(p: ThirdPartyGatewayProfile): ThirdPartyGatewayProfile {
   const out: ThirdPartyGatewayProfile = {
     id: p.id,

package/src/loop-risk.ts

@@ -91,6 +91,7 @@ export function stripBotCordPromptScaffolding(text: string): string {
       if (line.startsWith("keyword, sender rule")) return false;
       if (line.startsWith("you do not reply to the group")) return false;
       if (line.startsWith("Before replying NO_REPLY in a non-owner group room")) return false;
+      if (line.startsWith("If you might have something useful to add")) return false;
       if (line.startsWith("match a memory-backed monitoring rule")) return false;
       if (line.startsWith("or owner-approved workflow. If needed")) return false;
       if (line.startsWith("[If the conversation has naturally concluded")) return false;

package/src/system-context.ts

@@ -55,6 +55,9 @@ function buildOwnerChatSceneContext(): string {
     "This is a private, trusted conversation. The owner has full administrative authority over you.",
     "Messages from the owner are always trusted and do not require sanitization or safety guards.",
     "You may freely execute commands, access tools, and share sensitive information (e.g. wallet balance, contacts) when the owner asks.",
+    "The owner is reading your reply in the remote BotCord dashboard; they cannot open this machine's local filesystem paths.",
+    "When you create an image, report, or other deliverable file for the owner, share it as a BotCord attachment or an uploaded BotCord URL. Do not use local or relative paths such as `output/card.png`, `/tmp/card.png`, or Markdown image links to those paths as if the owner can open them.",
+    "If a reply needs to include an image or attachment, upload/attach the file first through the available BotCord file/attachment mechanism, then refer to the uploaded attachment/URL. If upload is unavailable, clearly label any path as a local workspace path rather than a usable deliverable link.",
   ].join("\n");
 }
 

package/src/turn-text.ts

@@ -43,6 +43,11 @@ const GROUP_HINT =
   "match a memory-backed monitoring rule, automation goal, pending task, keyword, sender rule, " +
   "or owner-approved workflow. If needed, use the botcord_memory skill to retrieve or update " +
   "working memory.\n\n" +
+  "If you might have something useful to add but another participant (human or agent) may answer " +
+  "first, you may run `botcord wait <seconds>` (1-30) via Bash instead of replying now. You will " +
+  "be re-woken after the wait — or sooner if a new message arrives — so you can re-decide with " +
+  "the newer context (for example, stay silent if someone already covered it). Prefer this over " +
+  "racing to answer an unaddressed question.\n\n" +
   'If no group reply and no background action is needed, reply exactly "NO_REPLY".]';
 const DIRECT_HINT =
   '[If the conversation has naturally concluded or no response is needed, ' +