@botcord/daemon 0.2.92 → 0.2.93

package/src/gateway/dispatcher.ts

@@ -1,9 +1,12 @@
 import { randomUUID } from "node:crypto";
+import { realpathSync, statSync } from "node:fs";
+import path from "node:path";
 
 import type { GatewayLogger } from "./log.js";
 import { looksLikeRuntimeAuthFailure } from "./runtime-errors.js";
 import { resolveRoute } from "./router.js";
 import { sessionKey, type SessionStore } from "./session-store.js";
+import { clearWaitMarker, consumeWaitMarker, resolveWaitMarkerPath, MAX_WAIT_MS } from "./wait-marker.js";
 import {
   truncateTextField,
   type DeliveryStatus,
@@ -50,6 +53,11 @@ const SECRET_KEY_RE = /token|secret|private.?key|api.?key|authorization|password
 /** Maximum number of buffered serial entries per queue. Excess entries drop oldest. */
 const MAX_BATCH_BUFFER_ENTRIES = 40;
 
+/** Max consecutive agent-driven `botcord wait` parks on one queue before the
+ *  next turn is forced to produce a real decision. Total accumulated wait is
+ *  separately bounded by {@link MAX_WAIT_MS}. */
+const MAX_PARKS = 3;
+
 /**
  * Soft cap on the total characters across raw.batch members in a merged
  * turn. When exceeded, oldest entries are dropped (with a warn log) so the
@@ -74,6 +82,31 @@ const TYPING_REFRESH_MS = 4000;
 
 /** LRU cap on the typing-recency map so long-running daemons don't grow unbounded. */
 const TYPING_RECENCY_CAP = 1024;
+const AUTO_ATTACHMENT_LIMIT = 10;
+const AUTO_ATTACHMENT_MAX_BYTES = 25 * 1024 * 1024;
+const AUTO_ATTACHMENT_EXTENSIONS = new Set([
+  ".avif",
+  ".bmp",
+  ".csv",
+  ".doc",
+  ".docx",
+  ".gif",
+  ".htm",
+  ".html",
+  ".jpeg",
+  ".jpg",
+  ".pdf",
+  ".png",
+  ".ppt",
+  ".pptx",
+  ".svg",
+  ".webp",
+  ".xls",
+  ".xlsx",
+  ".zip",
+]);
+const REPLY_LOCAL_PATH_RE =
+  /(^|[\s([{"'`])((?:\/|\.{1,2}\/)?(?:[\w@+.-]+\/)+[\w@+.-]+\.(?:avif|bmp|csv|docx?|gif|html?|jpe?g|pdf|png|pptx?|svg|webp|xlsx?|zip))(?=$|[\s)\]}"'`,.!?:;])/gi;
 
 function transcriptBlocksVerbose(): boolean {
   return process.env.BOTCORD_TRANSCRIPT_BLOCKS === "verbose" ||
@@ -403,6 +436,19 @@ interface QueueState {
   serialBuffer: BufferedSerialEntry[];
   /** True when the serial-drain worker is actively running (or about to). */
   serialWorkerActive: boolean;
+  /**
+   * Active re-wake timer scheduled when a group-room turn ran `botcord wait`.
+   * Null when no park is pending. An external arrival on this queue clears it
+   * (the new message supersedes the scheduled re-wake); the timer callback
+   * nulls it itself before re-dispatching.
+   */
+  park: NodeJS.Timeout | null;
+  /** Consecutive parks on this queue; reset when a turn ends without one (or
+   *  an external message arrives). Capped by {@link MAX_PARKS}. */
+  parkCount: number;
+  /** Total park time accumulated across consecutive parks (ms). Capped by
+   *  {@link MAX_WAIT_MS}. */
+  parkAccumMs: number;
 }
 
 interface CloudRunBudgetCaps {
@@ -774,6 +820,9 @@ export class Dispatcher {
         cancelGen: 0,
         serialBuffer: [],
         serialWorkerActive: false,
+        park: null,
+        parkCount: 0,
+        parkAccumMs: 0,
       };
       this.queues.set(key, q);
     }
@@ -981,6 +1030,7 @@ export class Dispatcher {
     mergedFromTurnIds: string[] = [],
   ): Promise<void> {
     const q = this.getQueue(queueKey);
+    this.supersedePendingPark(q);
     // Bump the generation on every arrival. Older arrivals still awaiting
     // the prior turn's teardown will observe `myGen !== q.cancelGen` when
     // they resume and drop out, so only the newest message reaches runTurn.
@@ -1069,6 +1119,7 @@ export class Dispatcher {
     mergedFromTurnIds: string[] = [],
   ): Promise<void> {
     const q = this.getQueue(queueKey);
+    this.supersedePendingPark(q);
     q.serialBuffer.push({ route, msg, channel, turnId });
     while (q.serialBuffer.length > MAX_BATCH_BUFFER_ENTRIES) {
       const dropped = q.serialBuffer.shift()!;
@@ -1282,6 +1333,21 @@ export class Dispatcher {
     };
     q.current = slot;
 
+    // Agent-driven `botcord wait` is offered only in non-owner BotCord group
+    // rooms (kind === "group"). When eligible, scope the park marker per queue
+    // (concurrent group-room turns share one agent workspace) and expose its
+    // path to the CLI subprocess via `BOTCORD_WAIT_FILE`.
+    const parkEligible =
+      isBotCordChannel(channel) &&
+      !isOwnerChatRoom(msg) &&
+      msg.conversation.kind === "group";
+    const waitMarkerFile = parkEligible
+      ? resolveWaitMarkerPath(route.cwd, queueKey)
+      : undefined;
+    // Drop any stale marker so that whatever `botcord wait` writes during this
+    // turn is unambiguously from this turn (read back in `finally`).
+    if (waitMarkerFile) clearWaitMarker(waitMarkerFile);
+
     // Dispatched record — marks "this turn entered runtime".
     {
       const composedField = truncateTextField(text);
@@ -1673,6 +1739,7 @@ export class Dispatcher {
             cwd: route.cwd,
             accountId: msg.accountId,
             hubUrl: this.resolveHubUrl?.(msg.accountId),
+            ...(waitMarkerFile ? { waitMarkerFile } : {}),
             extraArgs: route.extraArgs,
             signal: controller.signal,
             trustLevel,
@@ -2083,12 +2150,27 @@ export class Dispatcher {
         return;
       }
 
+      const attachments =
+        (isOwnerChat && isBotCordChannel(channel)
+          ? collectOwnerChatReplyAttachments(replyText, route.cwd)
+          : undefined) ?? [];
+      if (attachments.length > 0) {
+        this.log.info("dispatcher: attaching owner-chat reply artifacts", {
+          agentId: msg.accountId,
+          roomId: msg.conversation.id,
+          topicId: msg.conversation.threadId ?? null,
+          turnId,
+          count: attachments.length,
+        });
+      }
+
       const sendResult = await this.sendReply(channel, {
         channel: msg.channel,
         accountId: msg.accountId,
         conversationId: msg.conversation.id,
         threadId: msg.conversation.threadId ?? null,
         text: replyText,
+        attachments: attachments.length > 0 ? attachments : undefined,
         replyTo: this.providerReplyTo(msg),
         traceId: msg.trace?.id ?? null,
       }, turnId);
@@ -2117,10 +2199,126 @@ export class Dispatcher {
       // newer arrival should find `q.current === slot`, call `abort()`, and
       // let our abort-checks above drop this turn silently.
       if (q.current === slot) q.current = null;
+      // Agent-driven defer: a group-room turn may have run `botcord wait` to
+      // park its decision. Honor it now (timer lives here, not in the runtime).
+      this.maybeSchedulePark(queueKey, route, msg, channel, slot, controller, waitMarkerFile);
       resolveDone();
     }
   }
 
+  /**
+   * Clear a pending re-wake timer because an external message just arrived on
+   * the queue (it supersedes the scheduled re-wake and restarts the dithering
+   * budget). No-op when the timer-fire path already nulled `q.park` — so a
+   * re-wake does NOT reset the consecutive-park counters, keeping the caps
+   * effective across re-wakes.
+   */
+  private supersedePendingPark(q: QueueState): void {
+    if (!q.park) return;
+    clearTimeout(q.park);
+    q.park = null;
+    q.parkCount = 0;
+    q.parkAccumMs = 0;
+  }
+
+  /**
+   * Read the park marker a group-room turn may have written via `botcord wait`
+   * and, if present and within the per-queue caps ({@link MAX_PARKS} /
+   * {@link MAX_WAIT_MS} total), schedule a re-wake that re-dispatches the same
+   * message after the (clamped) wait. A turn that ends without a marker — or in
+   * a non-deferrable room (`waitMarkerFile` unset), or aborted/timed-out —
+   * resets the consecutive-park counters. New messages arriving during the wait
+   * cancel it via {@link supersedePendingPark} (the agent then re-decides with
+   * fresh context). `waitMarkerFile` is the per-queue marker path resolved at
+   * dispatch (undefined when the room is not park-eligible).
+   */
+  private maybeSchedulePark(
+    queueKey: string,
+    route: GatewayRoute,
+    msg: GatewayInboundEnvelope["message"],
+    channel: ChannelAdapter,
+    slot: TurnSlot,
+    controller: AbortController,
+    waitMarkerFile: string | undefined,
+  ): void {
+    const q = this.queues.get(queueKey);
+    if (!q) return;
+
+    if (!waitMarkerFile || slot.timedOut || controller.signal.aborted) {
+      // Not eligible / unclean completion — never honor a marker here.
+      if (waitMarkerFile) clearWaitMarker(waitMarkerFile);
+      q.parkCount = 0;
+      q.parkAccumMs = 0;
+      return;
+    }
+
+    const marker = consumeWaitMarker(waitMarkerFile);
+    if (!marker) {
+      q.parkCount = 0;
+      q.parkAccumMs = 0;
+      return;
+    }
+
+    if (q.parkCount >= MAX_PARKS || q.parkAccumMs >= MAX_WAIT_MS) {
+      this.log.info("dispatcher: park request ignored — cap reached", {
+        agentId: msg.accountId,
+        roomId: msg.conversation.id,
+        topicId: msg.conversation.threadId ?? null,
+        queueKey,
+        parkCount: q.parkCount,
+        parkAccumMs: q.parkAccumMs,
+      });
+      q.parkCount = 0;
+      q.parkAccumMs = 0;
+      return;
+    }
+
+    const remainingBudget = MAX_WAIT_MS - q.parkAccumMs;
+    const waitMs = Math.max(0, Math.min(marker.deadlineMs - Date.now(), remainingBudget));
+    if (waitMs <= 0) {
+      q.parkCount = 0;
+      q.parkAccumMs = 0;
+      return;
+    }
+
+    q.parkCount += 1;
+    q.parkAccumMs += waitMs;
+    this.log.info("dispatcher: parking group-room turn (botcord wait)", {
+      agentId: msg.accountId,
+      roomId: msg.conversation.id,
+      topicId: msg.conversation.threadId ?? null,
+      queueKey,
+      waitMs,
+      parkCount: q.parkCount,
+      reason: marker.reason ?? null,
+    });
+
+    const timer = setTimeout(() => {
+      q.park = null;
+      this.log.info("dispatcher: park elapsed — re-waking", {
+        agentId: msg.accountId,
+        roomId: msg.conversation.id,
+        topicId: msg.conversation.threadId ?? null,
+        queueKey,
+      });
+      void this.runSerial(
+        queueKey,
+        route,
+        this.recomposeUserTurn(msg),
+        msg,
+        channel,
+        randomUUID(),
+      ).catch((err) => {
+        this.log.warn("dispatcher: park re-wake failed", {
+          queueKey,
+          error: err instanceof Error ? err.message : String(err),
+        });
+      });
+    }, waitMs);
+    if (typeof timer.unref === "function") timer.unref();
+    q.park = timer;
+  }
+
   private async sendReply(
     channel: ChannelAdapter,
     outbound: GatewayOutboundMessage,
@@ -2239,6 +2437,100 @@ function nowIso(): string {
   return new Date().toISOString();
 }
 
+function collectOwnerChatReplyAttachments(text: string, cwd: string): GatewayOutboundMessage["attachments"] {
+  const baseDir = safeRealpath(cwd);
+  if (!baseDir) return undefined;
+
+  const out: NonNullable<GatewayOutboundMessage["attachments"]> = [];
+  const seen = new Set<string>();
+  REPLY_LOCAL_PATH_RE.lastIndex = 0;
+
+  for (const match of text.matchAll(REPLY_LOCAL_PATH_RE)) {
+    const rawPath = match[2];
+    if (!rawPath || looksLikeUrl(rawPath)) continue;
+
+    const resolved = path.isAbsolute(rawPath)
+      ? path.resolve(rawPath)
+      : path.resolve(baseDir, rawPath);
+    const realPath = safeRealpath(resolved);
+    if (!realPath || seen.has(realPath) || !isPathInside(baseDir, realPath)) continue;
+
+    const ext = path.extname(realPath).toLowerCase();
+    if (!AUTO_ATTACHMENT_EXTENSIONS.has(ext)) continue;
+
+    let size = 0;
+    try {
+      const stat = statSync(realPath);
+      if (!stat.isFile()) continue;
+      size = stat.size;
+    } catch {
+      continue;
+    }
+    if (size <= 0 || size > AUTO_ATTACHMENT_MAX_BYTES) continue;
+
+    const contentType = contentTypeForExtension(ext);
+    out.push({
+      filePath: realPath,
+      filename: path.basename(realPath),
+      sourcePath: rawPath,
+      ...(contentType ? { contentType } : {}),
+      ...(contentType?.startsWith("image/") ? { kind: "image" as const } : { kind: "file" as const }),
+    });
+    seen.add(realPath);
+    if (out.length >= AUTO_ATTACHMENT_LIMIT) break;
+  }
+
+  return out.length > 0 ? out : undefined;
+}
+
+function safeRealpath(input: string): string | null {
+  try {
+    return realpathSync(input);
+  } catch {
+    return null;
+  }
+}
+
+function isPathInside(baseDir: string, candidate: string): boolean {
+  const rel = path.relative(baseDir, candidate);
+  return rel === "" || (!rel.startsWith("..") && !path.isAbsolute(rel));
+}
+
+function looksLikeUrl(value: string): boolean {
+  return /^[a-z][a-z0-9+.-]*:/i.test(value) || value.startsWith("//");
+}
+
+function contentTypeForExtension(ext: string): string | undefined {
+  switch (ext) {
+    case ".avif":
+      return "image/avif";
+    case ".bmp":
+      return "image/bmp";
+    case ".csv":
+      return "text/csv";
+    case ".gif":
+      return "image/gif";
+    case ".htm":
+    case ".html":
+      return "text/html";
+    case ".jpeg":
+    case ".jpg":
+      return "image/jpeg";
+    case ".pdf":
+      return "application/pdf";
+    case ".png":
+      return "image/png";
+    case ".svg":
+      return "image/svg+xml";
+    case ".webp":
+      return "image/webp";
+    case ".zip":
+      return "application/zip";
+    default:
+      return undefined;
+  }
+}
+
 function buildQueueKey(msg: GatewayInboundEnvelope["message"]): string {
   const thread = msg.conversation.threadId ?? "";
   return `${msg.channel}:${msg.accountId}:${msg.conversation.id}:${thread}`;

package/src/gateway/runtimes/codex.ts

@@ -269,6 +269,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
       hubUrl: opts.hubUrl,
       accountId: opts.accountId,
       basePath: process.env.PATH,
+      waitMarkerFile: opts.waitMarkerFile,
     });
     const env: NodeJS.ProcessEnv = {
       ...process.env,

package/src/gateway/runtimes/deepseek-tui.ts

@@ -237,6 +237,7 @@ export class DeepseekTuiAdapter implements RuntimeAdapter {
         hubUrl: opts.hubUrl,
         accountId: opts.accountId,
         basePath: process.env.PATH,
+        waitMarkerFile: opts.waitMarkerFile,
       }),
       FORCE_COLOR: "0",
       NO_COLOR: "1",

package/src/gateway/runtimes/hermes-agent.ts

@@ -267,6 +267,7 @@ export class HermesAgentAdapter extends AcpRuntimeAdapter {
       hubUrl: opts.hubUrl,
       accountId: opts.accountId,
       basePath: process.env.PATH,
+      waitMarkerFile: opts.waitMarkerFile,
     });
     const env: NodeJS.ProcessEnv = {
       ...process.env,

package/src/gateway/runtimes/kimi.ts

@@ -210,6 +210,7 @@ export class KimiAdapter extends NdjsonStreamAdapter {
       hubUrl: opts.hubUrl,
       accountId: opts.accountId,
       basePath: process.env.PATH,
+      waitMarkerFile: opts.waitMarkerFile,
     });
     return {
       ...process.env,

package/src/gateway/runtimes/ndjson-stream.ts

@@ -95,6 +95,7 @@ export abstract class NdjsonStreamAdapter implements RuntimeAdapter {
         hubUrl: opts.hubUrl,
         accountId: opts.accountId,
         basePath: process.env.PATH,
+        waitMarkerFile: opts.waitMarkerFile,
       }),
     };
   }

package/src/gateway/types.ts

@@ -364,6 +364,14 @@ export interface RuntimeRunOptions {
    * unspecified and the bundled CLI falls back to its own default.
    */
   hubUrl?: string;
+  /**
+   * Absolute path the spawned CLI should write a `botcord wait` park marker to,
+   * exposed to the subprocess as `BOTCORD_WAIT_FILE`. Scoped per queue by the
+   * dispatcher so concurrent group-room turns sharing one workspace don't
+   * clobber each other. Unset for non-deferrable rooms (owner-chat / DM /
+   * non-group), in which case `botcord wait` is a harmless no-op.
+   */
+  waitMarkerFile?: string;
   signal: AbortSignal;
   extraArgs?: string[];
   trustLevel: TrustLevel;

package/src/gateway/wait-marker.ts

@@ -0,0 +1,101 @@
+/**
+ * Workspace park-marker transport for the agent-driven `botcord wait` defer.
+ *
+ * In non-owner BotCord group rooms the dispatcher discards the runtime's final
+ * text (the agent replies out-of-band via the `botcord send` CLI → Hub), so a
+ * "please re-wake me later" signal cannot ride back on the turn result. Instead
+ * the bundled `botcord wait <seconds>` CLI drops a tiny JSON marker into the
+ * agent's workspace; the dispatcher reads it at the turn boundary and schedules
+ * a re-wake. This keeps the *decision* to wait in the agent (it judges
+ * relevance/urgency) while the *timer* lives cheaply in the daemon — no runtime
+ * session is held open during the wait.
+ *
+ * The marker path is scoped per **queue** (channel:agent:room:thread): the
+ * dispatcher serializes turns within a queue but NOT across queues that share
+ * one agent workspace (`route.cwd`), so two concurrent group-room turns for the
+ * same agent would otherwise clobber each other's marker. The dispatcher passes
+ * the resolved path to the CLI subprocess via `BOTCORD_WAIT_FILE`.
+ *
+ * Local daemon-hosted agents only: the marker rides the shared filesystem of
+ * `route.cwd`. Cloud (sandboxed) agents need a networked transport — out of
+ * scope here.
+ */
+import fs from "node:fs";
+import path from "node:path";
+
+/** Filename stem for park markers. */
+export const WAIT_MARKER_PREFIX = ".botcord-wait";
+/** Legacy unscoped marker name — the CLI's fallback when `BOTCORD_WAIT_FILE`
+ *  is unset. Never consumed by the dispatcher (which always scopes per queue),
+ *  so an unscoped write is a harmless no-op. */
+export const WAIT_MARKER_FILENAME = `${WAIT_MARKER_PREFIX}.json`;
+
+/** Hard ceiling on a single park request (mirrors the CLI clamp). Also used by
+ *  the dispatcher as the total accumulated-park budget across consecutive
+ *  re-wakes on one queue. */
+export const MAX_WAIT_MS = 30_000;
+
+export interface WaitMarker {
+  /** Absolute unix millis the agent wants to be re-woken by (already clamped). */
+  deadlineMs: number;
+  reason?: string;
+}
+
+/** Legacy unscoped path under `cwd` (CLI fallback / tests). */
+export function waitMarkerPath(cwd: string): string {
+  return path.join(cwd, WAIT_MARKER_FILENAME);
+}
+
+/** Per-queue marker path under the agent workspace. */
+export function resolveWaitMarkerPath(cwd: string, queueKey: string): string {
+  const safe = queueKey.replace(/[^a-zA-Z0-9._-]/g, "_");
+  return path.join(cwd, `${WAIT_MARKER_PREFIX}.${safe}.json`);
+}
+
+/** Best-effort delete of any pre-existing marker at `markerPath`. Called before
+ *  a turn runs so that whatever `botcord wait` writes during this turn is
+ *  unambiguously from this turn. */
+export function clearWaitMarker(markerPath: string): void {
+  try {
+    fs.rmSync(markerPath, { force: true });
+  } catch {
+    // A leftover marker only costs one wasted park-check next turn — never
+    // let cleanup failure abort the dispatch path.
+  }
+}
+
+/**
+ * Read + delete the marker a turn may have written via `botcord wait`, and
+ * return the validated request (or null). Always removes the file so the next
+ * turn starts clean. `now` is injectable for tests.
+ *
+ * A deadline in the past — or beyond {@link MAX_WAIT_MS} — is clamped; a
+ * non-positive remaining wait yields null (treated as "no wait").
+ */
+export function consumeWaitMarker(markerPath: string, now: number = Date.now()): WaitMarker | null {
+  let raw: string;
+  try {
+    raw = fs.readFileSync(markerPath, "utf8");
+  } catch {
+    return null; // no marker (ENOENT) or unreadable
+  }
+  try {
+    fs.rmSync(markerPath, { force: true });
+  } catch {
+    // ignore — the pre-turn clear will catch it next time
+  }
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return null;
+  }
+  if (!parsed || typeof parsed !== "object") return null;
+  const obj = parsed as Record<string, unknown>;
+  const deadlineMs = typeof obj.deadlineMs === "number" ? obj.deadlineMs : NaN;
+  if (!Number.isFinite(deadlineMs)) return null;
+  const clamped = Math.min(deadlineMs, now + MAX_WAIT_MS);
+  if (clamped <= now) return null;
+  const reason = typeof obj.reason === "string" ? obj.reason : undefined;
+  return reason !== undefined ? { deadlineMs: clamped, reason } : { deadlineMs: clamped };
+}

package/src/gateway-control.ts

@@ -38,6 +38,10 @@ import {
   startFeishuRegistration,
   type FeishuDomain,
 } from "./gateway/channels/feishu-registration.js";
+import {
+  discoverFeishuChats,
+  type FeishuDiscoveredChat,
+} from "./gateway/channels/feishu.js";
 import { WECHAT_BASE_INFO, wechatHeaders } from "./gateway/channels/wechat-http.js";
 import { assertSafeBaseUrl, UnsafeBaseUrlError } from "./gateway/channels/url-guard.js";
 import { log as daemonLog } from "./log.js";
@@ -172,8 +176,17 @@ interface GatewayRecentSender {
   label?: string | null;
 }
 
+interface GatewayRecentFeishuChat {
+  chatId: string;
+  senderOpenId: string;
+  kind: "direct" | "group";
+  label?: string | null;
+  lastSeenAt: number;
+}
+
 interface GatewayRecentSendersResult {
-  senders: GatewayRecentSender[];
+  senders?: GatewayRecentSender[];
+  chats?: GatewayRecentFeishuChat[];
 }
 
 interface GatewaySendParams {
@@ -213,6 +226,9 @@ export interface GatewayControlContext {
     startFeishuRegistration: typeof startFeishuRegistration;
     pollFeishuRegistration: typeof pollFeishuRegistration;
   };
+  feishuDiscoveryClient?: {
+    discoverChats: typeof discoverFeishuChats;
+  };
   /** Override the global fetch — used by `test_gateway` for Telegram getMe. */
   fetchImpl?: FetchLike;
 }
@@ -228,6 +244,7 @@ export function createGatewayControl(ctx: GatewayControlContext) {
   const wechatLogin = ctx.wechatLoginClient ?? { getBotQrcode, getQrcodeStatus };
   const feishuLogin =
     ctx.feishuLoginClient ?? { startFeishuRegistration, pollFeishuRegistration };
+  const feishuDiscovery = ctx.feishuDiscoveryClient ?? { discoverChats: discoverFeishuChats };
   // W7: validate fetch availability at construction so a missing global is
   // diagnosed at startup, not during the first control frame. Tests inject
   // `ctx.fetchImpl` explicitly and bypass the global lookup entirely.
@@ -898,7 +915,7 @@ export function createGatewayControl(ctx: GatewayControlContext) {
     if (!isProvider(params.provider)) {
       return badParams(`gateway_recent_senders: unknown provider "${String(params.provider)}"`);
     }
-    if (params.provider !== "wechat") {
+    if (params.provider !== "wechat" && params.provider !== "feishu") {
       return badParams(`gateway_recent_senders: provider "${params.provider}" not supported`);
     }
     if (!params.loginId) {
@@ -913,12 +930,12 @@ export function createGatewayControl(ctx: GatewayControlContext) {
         ok: false,
         error:
           resolved.state === "missing"
-            ? { code: "login_missing", message: `wechat login session "${params.loginId}" not found` }
-            : { code: "login_expired", message: `wechat login session "${params.loginId}" expired` },
+            ? { code: "login_missing", message: `${params.provider} login session "${params.loginId}" not found` }
+            : { code: "login_expired", message: `${params.provider} login session "${params.loginId}" expired` },
       };
     }
     const session = resolved.session!;
-    if (session.provider !== "wechat") {
+    if (session.provider !== params.provider) {
       return badParams("gateway_recent_senders: provider does not match login session");
     }
     if (session.accountId !== params.accountId) {
@@ -930,6 +947,43 @@ export function createGatewayControl(ctx: GatewayControlContext) {
         },
       };
     }
+    if (params.provider === "feishu") {
+      if (!session.appId || !session.appSecret || !session.userOpenId) {
+        return {
+          ok: false,
+          error: {
+            code: "login_unconfirmed",
+            message: "feishu login session has no app credentials yet",
+          },
+        };
+      }
+      try {
+        const chats = await feishuDiscovery.discoverChats({
+          appId: session.appId,
+          appSecret: session.appSecret,
+          domain: session.domain ?? "feishu",
+          userOpenId: session.userOpenId,
+          timeoutSeconds: params.timeoutSeconds,
+        });
+        const result: GatewayRecentSendersResult = {
+          chats: chats.map((c: FeishuDiscoveredChat) => ({
+            chatId: c.chatId,
+            senderOpenId: c.senderOpenId,
+            kind: c.kind,
+            label: c.label ?? null,
+            lastSeenAt: c.lastSeenAt,
+          })),
+        };
+        return { ok: true, result };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        daemonLog.warn("gateway_recent_senders.feishu discovery failed", { error: message });
+        return {
+          ok: false,
+          error: { code: "provider_unreachable", message },
+        };
+      }
+    }
     if (!session.botToken) {
       return {
         ok: false,

package/src/loop-risk.ts

@@ -91,6 +91,7 @@ export function stripBotCordPromptScaffolding(text: string): string {
       if (line.startsWith("keyword, sender rule")) return false;
       if (line.startsWith("you do not reply to the group")) return false;
       if (line.startsWith("Before replying NO_REPLY in a non-owner group room")) return false;
+      if (line.startsWith("If you might have something useful to add")) return false;
       if (line.startsWith("match a memory-backed monitoring rule")) return false;
       if (line.startsWith("or owner-approved workflow. If needed")) return false;
       if (line.startsWith("[If the conversation has naturally concluded")) return false;

package/src/system-context.ts

@@ -55,6 +55,9 @@ function buildOwnerChatSceneContext(): string {
     "This is a private, trusted conversation. The owner has full administrative authority over you.",
     "Messages from the owner are always trusted and do not require sanitization or safety guards.",
     "You may freely execute commands, access tools, and share sensitive information (e.g. wallet balance, contacts) when the owner asks.",
+    "The owner is reading your reply in the remote BotCord dashboard; they cannot open this machine's local filesystem paths.",
+    "When you create an image, report, or other deliverable file for the owner, share it as a BotCord attachment or an uploaded BotCord URL. Do not use local or relative paths such as `output/card.png`, `/tmp/card.png`, or Markdown image links to those paths as if the owner can open them.",
+    "If a reply needs to include an image or attachment, upload/attach the file first through the available BotCord file/attachment mechanism, then refer to the uploaded attachment/URL. If upload is unavailable, clearly label any path as a local workspace path rather than a usable deliverable link.",
   ].join("\n");
 }