@controlflow-ai/daemon 0.1.0 → 0.1.2

package/src/lark/event-router.ts

@@ -1,4 +1,5 @@
 import type { MessageStore, CreateMessageInput } from '../db.js';
+import { ALL_AGENTS_MENTION } from '../db.js';
 import type { Message } from '../types.js';
 import { palIdentityHandle } from '../provider-identity.js';
 
@@ -82,6 +83,22 @@ export function extractMentionOpenIds(envelope: LarkMessageEnvelope): string[] {
   return ids;
 }
 
+function isAllMention(mention: NonNullable<NonNullable<LarkMessageEnvelope['message']>['mentions']>[number]): boolean {
+  const key = mention.key?.trim().toLowerCase();
+  const name = mention.name?.trim().toLowerCase();
+  const openId = mention.id?.open_id?.trim().toLowerCase();
+  return key === '@all' || key === 'all' || name === 'all' || name === '所有人' || openId === 'all';
+}
+
+export function mentionsAllAgents(envelope: LarkMessageEnvelope): boolean {
+  const mentions = envelope.message?.mentions ?? [];
+  for (const mention of mentions) {
+    if (isAllMention(mention)) return true;
+  }
+  const raw = parseLarkTextContent(envelope.message?.content, envelope.message?.message_type).toLowerCase();
+  return /(^|\s)@(_all|all|所有人)(\s|$)/u.test(raw);
+}
+
 function normalizeMappedMentions(values: Array<string | null>): string[] {
   const out: string[] = [];
   const seen = new Set<string>();
@@ -124,8 +141,11 @@ export function mapLarkMessageToCreateInput(input: MapLarkMessageInput): MapLark
   const text = parseLarkTextContent(msg.content, msg.message_type);
   if (!text.trim()) return { status: 'skipped', reason: 'empty_text' };
 
-  const firstMention = msg.mentions?.find((m) => m.id?.open_id)?.id?.open_id;
-  const mappedMentions = normalizeMappedMentions(msg.mentions?.map((m) => m.id?.open_id ? input.recipientByMentionOpenId?.get(m.id.open_id) ?? null : null) ?? []);
+  const firstMention = msg.mentions?.find((m) => m.id?.open_id && !isAllMention(m))?.id?.open_id;
+  const mappedMentions = normalizeMappedMentions([
+    ...(mentionsAllAgents(envelope) ? [ALL_AGENTS_MENTION] : []),
+    ...(msg.mentions?.map((m) => m.id?.open_id ? input.recipientByMentionOpenId?.get(m.id.open_id) ?? null : null) ?? []),
+  ]);
   const recipient = input.recipientOverride !== undefined
     ? input.recipientOverride
     : firstMention ? input.recipientByMentionOpenId?.get(firstMention) ?? firstMention : null;

package/src/lark/server-integration.ts

@@ -52,10 +52,6 @@ function mentionsBotLabel(envelope: LarkMessageEnvelope, bot: LarkCredential): b
 }
 
 
-function configuredOwnerUnionId(): string | null {
-  return process.env.PAL_OWNER_LARK_UNION_ID?.trim() || process.env.PAL_LARK_OWNER_UNION_ID?.trim() || null;
-}
-
 function senderUnionId(envelope: LarkMessageEnvelope): string | null {
   return envelope.sender?.sender_id?.union_id?.trim() || null;
 }
@@ -261,18 +257,15 @@ export function startLarkOnServer(options: LarkServerIntegrationOptions): LarkSe
       if (envelope === 'im.message.receive_v1') {
         try {
           const larkEnvelope = data as LarkMessageEnvelope;
-          const ownerUnionId = configuredOwnerUnionId();
-          if (ownerUnionId) {
-            const identity = await resolveSenderUnionId({ bot, envelope: larkEnvelope, store: msgStore });
-            if (identity.status === 'pending') {
-              msgStore.recordPendingInboundEvent({ rawEventId: storeResult.event_id, provider: 'lark', reason: 'missing_union_id', error: identity.reason });
-              log.warn(`[lark/${bot.appId}] sender union_id lookup pending: ${identity.reason}`);
-              return;
-            }
-            if (identity.status !== 'resolved' || identity.unionId !== ownerUnionId) {
-              log.log(`[lark/${bot.appId}] business ingest skipped sender_union=${identity.status === 'resolved' ? identity.unionId : '-'} owner_configured=true`);
-              return;
-            }
+          const identity = await resolveSenderUnionId({ bot, envelope: larkEnvelope, store: msgStore });
+          if (identity.status === 'pending') {
+            msgStore.recordPendingInboundEvent({ rawEventId: storeResult.event_id, provider: 'lark', reason: 'missing_lark_sender_user_id', error: identity.reason });
+            log.warn(`[lark/${bot.appId}] sender union_id lookup pending: ${identity.reason}`);
+            return;
+          }
+          if (identity.status !== 'resolved' || !msgStore.isLarkAuthorizedUser(identity.unionId)) {
+            log.log(`[lark/${bot.appId}] business ingest skipped sender_union=${identity.status === 'resolved' ? identity.unionId : '-'} authorized=false`);
+            return;
           }
           const agents = boundAgents(bot);
           const mentionOpenIds = extractMentionOpenIds(larkEnvelope);

package/src/lark/setup.ts

@@ -1,6 +1,8 @@
 import { createInterface } from 'node:readline';
+import QRCode from 'qrcode';
 import type { LarkCredential } from './credentials.js';
 import { loadLarkCredentials, saveLarkCredentials, upsertCredential } from './credentials.js';
+import { beginLarkAppRegistration, pollLarkAppRegistration, type LarkRegistrationComplete } from './app-registration.js';
 
 export interface CredentialValidationOk {
   ok: true;
@@ -62,6 +64,7 @@ export interface InteractiveSetupOptions {
   listAgents?: () => Promise<LarkSetupAgentOption[]>;
   validateCredentials?: typeof validateLarkCredentials;
   resolveBotInfo?: typeof resolveLarkBotInfo;
+  registerApp?: typeof registerLarkAppFromDeviceFlow;
 }
 
 function clean(value: string | undefined): string | undefined {
@@ -69,6 +72,41 @@ function clean(value: string | undefined): string | undefined {
   return trimmed ? trimmed : undefined;
 }
 
+export async function registerLarkAppFromDeviceFlow(options: {
+  log: Pick<Console, 'log' | 'warn' | 'error'>;
+  qrCode?: (url: string) => Promise<string>;
+  fetchImpl?: FetchLike;
+}): Promise<LarkRegistrationComplete | null> {
+  const begin = await beginLarkAppRegistration({ fetchImpl: options.fetchImpl, source: 'pal' });
+  options.log.log('Create a Feishu app by scanning this QR code or opening the link:');
+  options.log.log('');
+  const terminalQr = options.qrCode
+    ? await options.qrCode(begin.url)
+    : await QRCode.toString(begin.url, { type: 'terminal', small: true });
+  options.log.log(terminalQr);
+  options.log.log(begin.url);
+  options.log.log('');
+  options.log.log(`Waiting for confirmation. The code expires in about ${Math.max(1, Math.round(begin.expiresIn / 60))} minutes.`);
+
+  let intervalMs = Math.max(1, begin.interval) * 1000;
+  const deadline = Date.now() + begin.expiresIn * 1000;
+  while (Date.now() < deadline) {
+    await new Promise((resolve) => setTimeout(resolve, intervalMs));
+    const result = await pollLarkAppRegistration({ deviceCode: begin.deviceCode, fetchImpl: options.fetchImpl });
+    if (result.status === 'pending') continue;
+    if (result.status === 'slow_down') {
+      intervalMs = Math.max(intervalMs + 5000, result.interval * 1000);
+      options.log.warn(`Feishu asked us to slow polling; retrying every ${Math.round(intervalMs / 1000)}s.`);
+      continue;
+    }
+    if (result.status === 'complete') return result.registration;
+    options.log.warn(`App registration did not complete (${result.status}): ${result.message}`);
+    return null;
+  }
+  options.log.warn('App registration expired before it completed.');
+  return null;
+}
+
 async function chooseAgent(options: InteractiveSetupOptions, ask: (question: string) => Promise<string>): Promise<string | null> {
   if (!options.listAgents) {
     return clean(await ask('Bind to agent key [codex]: ')) ?? 'codex';
@@ -79,7 +117,7 @@ async function chooseAgent(options: InteractiveSetupOptions, ask: (question: str
     agents = await options.listAgents();
   } catch (error) {
     options.log.error(`Could not load agent list: ${error instanceof Error ? error.message : String(error)}`);
-    options.log.error('Set up an agent first, then rerun lark setup.');
+    options.log.error('Set up an agent first, then bind the bot from agent settings.');
     return null;
   }
 
@@ -275,9 +313,37 @@ export async function runInteractiveLarkSetup(options: InteractiveSetupOptions):
     const agent = await chooseAgent(options, ask);
     if (!agent) return null;
     options.log.log('');
-    options.log.log('Paste an existing Feishu app credential. Pal will validate it before writing lark.json.');
-    const appId = clean(await ask('App ID (cli_xxx): '));
-    const appSecret = clean(await ask('App Secret: '));
+    options.log.log('Create a Feishu app by scan/link, or paste an existing credential.');
+    options.log.log('  1. Scan or open link to create app');
+    options.log.log('  2. Paste App ID / App Secret');
+    const method = clean(await ask('Setup method [1]: ')) ?? '1';
+    let appId: string | undefined;
+    let appSecret: string | undefined;
+    let scannedUserOpenId: string | undefined;
+    if (method !== '2') {
+      const registerApp = options.registerApp ?? registerLarkAppFromDeviceFlow;
+      const registration = await registerApp({ log: options.log }).catch((error) => {
+        options.log.warn(`App registration failed: ${error instanceof Error ? error.message : String(error)}`);
+        return null;
+      });
+      if (!registration) {
+        options.log.warn('Falling back to manual App ID / App Secret entry.');
+      } else if (registration.tenantBrand === 'lark') {
+        options.log.error('Lark international tenants are not supported yet; Pal currently expects Feishu (feishu.cn) credentials.');
+        options.log.error('No config was written.');
+        return null;
+      } else {
+        appId = registration.appId;
+        appSecret = registration.appSecret;
+        scannedUserOpenId = registration.userOpenId;
+        options.log.log(`App created: ${appId}`);
+        if (scannedUserOpenId) options.log.log(`Scanner open_id: ${scannedUserOpenId}`);
+      }
+    }
+    if (!appId || !appSecret) {
+      appId = clean(await ask('App ID (cli_xxx): '));
+      appSecret = clean(await ask('App Secret: '));
+    }
     if (!appId || !appSecret) {
       options.log.error('App ID and App Secret are required; no config was written.');
       return null;
@@ -315,8 +381,11 @@ export async function runInteractiveLarkSetup(options: InteractiveSetupOptions):
       agent,
       configPath: options.configPath,
     });
+    if (scannedUserOpenId) {
+      options.log.log(`Scanner open_id ${scannedUserOpenId} was detected; add it under Lark authorized users if this user should operate Pal.`);
+    }
     if (result.replaced) {
-      options.log.warn(`[lark setup] overwrote existing credential for appId=${appId} in ${options.configPath}`);
+      options.log.warn(`[lark] overwrote existing credential for appId=${appId} in ${options.configPath}`);
     }
     options.log.log(formatLarkSetupNextSteps(result));
     return result;

package/src/local-api.ts

@@ -1,11 +1,15 @@
 import { LockClient } from './client.js';
 import { assertLocalRequest, assertLoopbackBindHost } from './local-auth.js';
 import { failure, HttpError, json, numberParam, readJson, stringParam } from './http.js';
-import type { RunAction } from './types.js';
+import { readdir, stat } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { dirname, isAbsolute, join, normalize } from 'node:path';
+import type { RemoteFileEntry, RemoteFileList, RunAction } from './types.js';
 
 interface LocalApiOptions {
   serverUrl: string;
   token?: string;
+  controlToken?: string;
   daemonAuth?: ConstructorParameters<typeof LockClient>[1];
 }
 
@@ -38,9 +42,64 @@ function routeNotFound(): Response {
   return Response.json({ ok: false, code: 'NOT_FOUND', message: 'not found' }, { status: 404 });
 }
 
+async function canReadDirectory(path: string): Promise<boolean> {
+  try {
+    await readdir(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function listLocalFiles(input: { path?: string; showHidden?: boolean }): Promise<RemoteFileList> {
+  const home = homedir();
+  const rawPath = input.path?.trim() || home;
+  if (!isAbsolute(rawPath)) throw new HttpError(400, 'PATH_NOT_ABSOLUTE', 'path must be absolute');
+  const targetPath = normalize(rawPath);
+  const targetStat = await stat(targetPath).catch(() => null);
+  if (!targetStat) throw new HttpError(404, 'PATH_NOT_FOUND', 'path was not found');
+  if (!targetStat.isDirectory()) throw new HttpError(400, 'PATH_NOT_DIRECTORY', 'path is not a directory');
+
+  let dirents: Array<{ name: string; isDirectory(): boolean; isFile(): boolean }>;
+  try {
+    dirents = await readdir(targetPath, { withFileTypes: true }) as Array<{ name: string; isDirectory(): boolean; isFile(): boolean }>;
+  } catch {
+    throw new HttpError(403, 'PATH_NOT_READABLE', 'directory is not readable');
+  }
+
+  const entries = await Promise.all(dirents
+    .filter((entry) => input.showHidden || !entry.name.startsWith('.'))
+    .map(async (entry): Promise<RemoteFileEntry> => {
+      const entryPath = join(targetPath, entry.name);
+      const type = entry.isDirectory() ? 'directory' : entry.isFile() ? 'file' : 'other';
+      const readable = type === 'directory' ? await canReadDirectory(entryPath) : false;
+      return {
+        name: entry.name,
+        path: entryPath,
+        type,
+        hidden: entry.name.startsWith('.'),
+        readable,
+        selectable: type === 'directory' && readable,
+      };
+    }));
+
+  entries.sort((left, right) => {
+    if (left.type === 'directory' && right.type !== 'directory') return -1;
+    if (left.type !== 'directory' && right.type === 'directory') return 1;
+    return left.name.localeCompare(right.name);
+  });
+
+  return {
+    path: targetPath,
+    parent: targetPath === dirname(targetPath) ? null : dirname(targetPath),
+    home,
+    entries,
+  };
+}
+
 export async function localRoute(request: Request, options: LocalApiOptions): Promise<Response> {
   try {
-    assertLocalRequest(request, options.token);
+    assertLocalRequest(request, [options.token, options.controlToken].filter((item): item is string => Boolean(item)));
     const client = new LockClient(options.serverUrl, options.daemonAuth ?? null);
     const url = new URL(request.url);
     const { pathname } = url;
@@ -49,6 +108,14 @@ export async function localRoute(request: Request, options: LocalApiOptions): Pr
       return json({ status: 'ok', mode: 'daemon' });
     }
 
+    if (request.method === 'GET' && pathname === '/local/files') {
+      const files = await listLocalFiles({
+        path: stringParam(url, 'path'),
+        showHidden: url.searchParams.get('show_hidden') === 'true',
+      });
+      return json(files);
+    }
+
     if (request.method === 'GET' && pathname === '/local/chats') {
       return json({ chats: await client.listChats() });
     }

package/src/local-auth.ts

@@ -9,7 +9,7 @@ function hostName(value: string | null): string {
   return withoutPort.toLowerCase();
 }
 
-export function assertLocalRequest(request: Request, token: string | undefined): void {
+export function assertLocalRequest(request: Request, token: string | string[] | undefined): void {
   const host = hostName(request.headers.get('host'));
   if (!ALLOWED_HOSTS.has(host)) {
     throw new HttpError(403, 'BAD_HOST', 'local daemon host is not allowed');
@@ -24,12 +24,13 @@ export function assertLocalRequest(request: Request, token: string | undefined):
     throw new HttpError(403, 'CORS_DENIED', 'CORS preflight is not allowed');
   }
 
-  if (!token) {
+  const tokens = Array.isArray(token) ? token.filter(Boolean) : token ? [token] : [];
+  if (tokens.length === 0) {
     throw new HttpError(401, 'UNAUTHORIZED', 'local daemon token is required');
   }
 
   const header = request.headers.get('authorization');
-  if (header !== `Bearer ${token}`) {
+  if (!tokens.some((item) => header === `Bearer ${item}`)) {
     throw new HttpError(401, 'UNAUTHORIZED', 'invalid local daemon token');
   }
 }

package/src/migrations/022_lark_authorized_users.ts

@@ -0,0 +1,16 @@
+import type { Database } from 'bun:sqlite';
+
+export const version = 22;
+export const name = 'lark_authorized_users';
+
+export function up(db: Database): void {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS lark_authorized_users (
+      id TEXT PRIMARY KEY,
+      user_id TEXT NOT NULL UNIQUE,
+      display_name TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+  `);
+}

package/src/migrations/023_projects.ts

@@ -0,0 +1,65 @@
+import type { Database } from 'bun:sqlite';
+
+export const version = 23;
+export const name = 'projects';
+
+function hasColumn(db: Database, table: string, column: string): boolean {
+  const rows = db.query(`PRAGMA table_info(${table})`).all() as Array<{ name: string }>;
+  return rows.some((row) => row.name === column);
+}
+
+function addColumnIfMissing(db: Database, table: string, column: string, ddl: string): void {
+  if (!hasColumn(db, table, column)) {
+    db.exec(`ALTER TABLE ${table} ADD COLUMN ${ddl}`);
+  }
+}
+
+export function up(db: Database): void {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS projects (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      computer_id TEXT NOT NULL REFERENCES computers(id) ON DELETE RESTRICT,
+      root_path TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_projects_computer
+      ON projects(computer_id, name);
+  `);
+
+  addColumnIfMissing(db, 'chats', 'project_id', 'project_id TEXT REFERENCES projects(id) ON DELETE SET NULL');
+  addColumnIfMissing(db, 'computer_connections', 'local_control_token', 'local_control_token TEXT');
+
+  db.exec(`
+    CREATE INDEX IF NOT EXISTS idx_chats_project
+      ON chats(project_id, provider, kind);
+
+    DROP VIEW IF EXISTS chat_stats;
+    CREATE VIEW chat_stats AS
+    SELECT
+      c.id,
+      c.name,
+      c.display_name,
+      c.kind,
+      c.server_id,
+      c.provider,
+      c.dm_type,
+      c.capabilities_json,
+      c.audit_visibility,
+      c.project_id,
+      p.name AS project_name,
+      p.root_path AS project_root_path,
+      p.computer_id AS project_computer_id,
+      pc.name AS project_computer_name,
+      c.created_at,
+      COUNT(m.id) AS message_count,
+      MAX(m.created_at) AS last_message_at
+    FROM chats c
+    LEFT JOIN projects p ON p.id = c.project_id
+    LEFT JOIN computers pc ON pc.id = p.computer_id
+    LEFT JOIN messages m ON m.chat_id = c.id
+    GROUP BY c.id;
+  `);
+}

package/src/migrations.ts

@@ -20,6 +20,8 @@ import * as roomDisplayNames from './migrations/018_room_display_names.js';
 import * as computerConnections from './migrations/019_computer_connections.js';
 import * as computerAgentAssignments from './migrations/020_computer_agent_assignments.js';
 import * as providerIdentityBindings from './migrations/021_provider_identity_bindings.js';
+import * as larkAuthorizedUsers from './migrations/022_lark_authorized_users.js';
+import * as projects from './migrations/023_projects.js';
 
 interface Migration {
   version: number;
@@ -27,7 +29,7 @@ interface Migration {
   up(db: Database): void;
 }
 
-const migrations: Migration[] = [initial, daemonDeliveries, sessionsRuns, messageIdempotency, artifacts, larkChannelFoundation, agentsA0, b0ChatHistory, b0TranscriptIngestSeq, b0TranscriptShadowExternalIds, b0ChannelConversationAuditOnly, b0CrossConversationInvariant, b10EngInboundRawEvents, agentsRuntime, agentRuntimeSessions, roomParticipants, unifiedRoomDelivery, roomDisplayNames, computerConnections, computerAgentAssignments, providerIdentityBindings].sort((a, b) => a.version - b.version);
+const migrations: Migration[] = [initial, daemonDeliveries, sessionsRuns, messageIdempotency, artifacts, larkChannelFoundation, agentsA0, b0ChatHistory, b0TranscriptIngestSeq, b0TranscriptShadowExternalIds, b0ChannelConversationAuditOnly, b0CrossConversationInvariant, b10EngInboundRawEvents, agentsRuntime, agentRuntimeSessions, roomParticipants, unifiedRoomDelivery, roomDisplayNames, computerConnections, computerAgentAssignments, providerIdentityBindings, larkAuthorizedUsers, projects].sort((a, b) => a.version - b.version);
 
 function assertContiguousMigrations(): void {
   for (let index = 0; index < migrations.length; index += 1) {

package/src/network.ts

@@ -0,0 +1,24 @@
+import { networkInterfaces } from 'node:os';
+
+export function tailscaleAddress(): string | null {
+  const interfaces = networkInterfaces();
+  for (const [name, entries] of Object.entries(interfaces)) {
+    for (const entry of entries ?? []) {
+      if (entry.family !== 'IPv4' || entry.internal) continue;
+      if (name.toLowerCase().startsWith('tailscale') || isTailscaleIPv4(entry.address)) {
+        return entry.address;
+      }
+    }
+  }
+  return null;
+}
+
+function isTailscaleIPv4(address: string): boolean {
+  const parts = address.split('.').map((part) => Number(part));
+  if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part) || part < 0 || part > 255)) return false;
+  return parts[0] === 100 && parts[1]! >= 64 && parts[1]! <= 127;
+}
+
+export function isLoopbackHost(host: string): boolean {
+  return host === '127.0.0.1' || host === 'localhost' || host === '::1';
+}

package/src/server.ts

@@ -3,25 +3,37 @@ import { DEFAULT_HOST, DEFAULT_PORT, defaultDbPath } from './config.js';
 import { MessageStore } from './db.js';
 import { handleRequest } from './app.js';
 import { startLarkOnServer } from './lark/server-integration.js';
+import { isLoopbackHost, tailscaleAddress } from './network.js';
 
 const dbPath = defaultDbPath();
 const store = new MessageStore(dbPath);
 const port = Number(process.env.PAL_PORT ?? DEFAULT_PORT);
 const host = process.env.PAL_HOST ?? DEFAULT_HOST;
+const tailscaleHost = process.env.PAL_TAILSCALE_HOST ?? tailscaleAddress();
+
+function fetch(request: Request): Promise<Response> | Response {
+  const url = new URL(request.url);
+  if (request.method === 'POST' && url.pathname === '/api/lark/reload') {
+    return reloadLarkIntegration();
+  }
+  return handleRequest(store, request);
+}
 
 const server = Bun.serve({
   hostname: host,
   port,
-  async fetch(request) {
-    const url = new URL(request.url);
-    if (request.method === 'POST' && url.pathname === '/api/lark/reload') {
-      return reloadLarkIntegration();
-    }
-    return handleRequest(store, request);
-  },
+  fetch,
 });
+const tailscaleServer = tailscaleHost && isLoopbackHost(host)
+  ? Bun.serve({ hostname: tailscaleHost, port, fetch })
+  : null;
 
 console.log(`pal server listening on http://${server.hostname}:${server.port}`);
+if (tailscaleServer) {
+  console.log(`pal server also listening on Tailscale http://${tailscaleServer.hostname}:${tailscaleServer.port}`);
+} else if (tailscaleHost) {
+  console.log(`pal server Tailscale address: http://${tailscaleHost}:${server.port}`);
+}
 console.log(`database: ${dbPath}`);
 
 function startLarkIntegration() {
@@ -50,11 +62,13 @@ if (larkIntegration.handles.length > 0) {
 
 process.on('SIGINT', () => {
   larkIntegration.stop();
+  tailscaleServer?.stop();
   server.stop();
   process.exit(0);
 });
 process.on('SIGTERM', () => {
   larkIntegration.stop();
+  tailscaleServer?.stop();
   server.stop();
   process.exit(0);
 });

package/src/types.ts

@@ -16,11 +16,43 @@ export interface Chat {
   dm_type: 'agent_agent' | 'user_agent' | 'user_user' | null;
   capabilities_json: string;
   audit_visibility: 'members' | 'admins';
+  project_id: string | null;
+  project_name: string | null;
+  project_root_path: string | null;
+  project_computer_id: string | null;
+  project_computer_name: string | null;
   created_at: string;
   message_count: number;
   last_message_at: string | null;
 }
 
+export interface Project {
+  id: string;
+  name: string;
+  computer_id: string;
+  computer_name: string | null;
+  root_path: string;
+  room_count: number;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface RemoteFileEntry {
+  name: string;
+  path: string;
+  type: 'directory' | 'file' | 'other';
+  hidden: boolean;
+  readable: boolean;
+  selectable: boolean;
+}
+
+export interface RemoteFileList {
+  path: string;
+  parent: string | null;
+  home: string;
+  entries: RemoteFileEntry[];
+}
+
 export type RoomParticipantKind = 'user' | 'bot' | 'agent';
 export type RoomParticipantSource = 'lark_member_api' | 'known_bot' | 'event' | 'local_agent';
 
@@ -228,6 +260,14 @@ export interface ChannelAccount {
   updated_at: string;
 }
 
+export interface LarkAuthorizedUser {
+  id: string;
+  user_id: string;
+  display_name: string | null;
+  created_at: string;
+  updated_at: string;
+}
+
 export interface PalIdentity {
   id: string;
   kind: PalIdentityKind;