@dingxiang-me/openclaw-wechat 1.4.1 → 1.7.2

package/src/wecom/bot-inbound-executor-helpers.js

@@ -4,6 +4,45 @@ function assertFunction(name, value) {
   }
 }
 
+const UNSUPPORTED_BOT_GROUP_TRIGGER_WARNED = new Set();
+
+function warnUnsupportedBotGroupTriggerOnce(triggerMode, logger) {
+  const mode = String(triggerMode ?? "").trim().toLowerCase();
+  if (!mode || UNSUPPORTED_BOT_GROUP_TRIGGER_WARNED.has(mode)) return;
+  UNSUPPORTED_BOT_GROUP_TRIGGER_WARNED.add(mode);
+  logger?.warn?.(
+    `wecom(bot): groupChat.triggerMode=${mode} is not supported by WeCom Bot group callbacks; forcing mention mode (@).`,
+  );
+}
+
+export function normalizeWecomBotGroupChatPolicy(groupChatPolicy = {}, logger) {
+  const policy = groupChatPolicy && typeof groupChatPolicy === "object" ? groupChatPolicy : {};
+  const enabled = policy.enabled !== false;
+  const mentionPatterns =
+    Array.isArray(policy.mentionPatterns) && policy.mentionPatterns.length > 0 ? policy.mentionPatterns : ["@"];
+
+  if (!enabled) {
+    return {
+      ...policy,
+      enabled: false,
+      mentionPatterns,
+    };
+  }
+
+  const triggerMode = String(policy.triggerMode ?? "").trim().toLowerCase();
+  if (triggerMode && triggerMode !== "mention") {
+    warnUnsupportedBotGroupTriggerOnce(triggerMode, logger);
+  }
+
+  return {
+    ...policy,
+    enabled: true,
+    triggerMode: "mention",
+    requireMention: true,
+    mentionPatterns,
+  };
+}
+
 export function assertWecomBotInboundFlowDeps({ api, ...deps } = {}) {
   if (!api || typeof api !== "object") {
     throw new Error("executeWecomBotInboundFlow: api is required");
@@ -23,6 +62,7 @@ export function assertWecomBotInboundFlowDeps({ api, ...deps } = {}) {
     "stripWecomGroupMentions",
     "resolveWecomCommandPolicy",
     "resolveWecomAllowFromPolicy",
+    "resolveWecomDmPolicy",
     "isWecomSenderAllowed",
     "extractLeadingSlashCommand",
     "buildWecomBotHelpText",
@@ -48,11 +88,15 @@ export function assertWecomBotInboundFlowDeps({ api, ...deps } = {}) {
 
 export function createWecomBotInboundFlowState({
   api,
+  accountId = "default",
   fromUser,
   content,
   imageUrls,
   fileUrl,
   fileName,
+  voiceUrl,
+  voiceMediaId,
+  voiceContentType,
   quote,
   buildWecomBotSessionId,
   resolveWecomBotConfig,
@@ -62,23 +106,29 @@ export function createWecomBotInboundFlowState({
 } = {}) {
   const runtime = api.runtime;
   const cfg = api.config;
-  const baseSessionId = buildWecomBotSessionId(fromUser);
+  const normalizedAccountId = String(accountId ?? "default").trim().toLowerCase() || "default";
+  const baseSessionId = buildWecomBotSessionId(fromUser, normalizedAccountId);
   const state = {
     runtime,
     cfg,
+    accountId: normalizedAccountId,
     baseSessionId,
     sessionId: baseSessionId,
     routedAgentId: "",
-    fromAddress: `wecom-bot:${fromUser}`,
+    fromAddress:
+      normalizedAccountId === "default" ? `wecom-bot:${fromUser}` : `wecom-bot:${normalizedAccountId}:${fromUser}`,
     normalizedFromUser: String(fromUser ?? "").trim().toLowerCase(),
     originalContent: String(content ?? ""),
     commandBody: String(content ?? ""),
     dispatchStartedAt: Date.now(),
     tempPathsToCleanup: [],
-    botModeConfig: resolveWecomBotConfig(api),
-    botProxyUrl: resolveWecomBotProxyConfig(api),
+    botModeConfig: resolveWecomBotConfig(api, normalizedAccountId),
+    botProxyUrl: resolveWecomBotProxyConfig(api, normalizedAccountId),
     normalizedFileUrl: String(fileUrl ?? "").trim(),
     normalizedFileName: String(fileName ?? "").trim(),
+    normalizedVoiceUrl: String(voiceUrl ?? "").trim(),
+    normalizedVoiceMediaId: String(voiceMediaId ?? "").trim(),
+    normalizedVoiceContentType: String(voiceContentType ?? "").trim(),
     normalizedQuote:
       quote && typeof quote === "object"
         ? {
@@ -93,7 +143,7 @@ export function createWecomBotInboundFlowState({
           .filter(Boolean),
       ),
     ),
-    groupChatPolicy: resolveWecomGroupChatPolicy(api),
+    groupChatPolicy: normalizeWecomBotGroupChatPolicy(resolveWecomGroupChatPolicy(api), api?.logger),
     dynamicAgentPolicy: resolveWecomDynamicAgentPolicy(api),
     isAdminUser: false,
   };
@@ -129,6 +179,7 @@ export function createWecomBotSafeReplyHelpers({
     const result = await deliverBotReplyText({
       api,
       fromUser,
+      accountId: state.accountId,
       sessionId: state.sessionId,
       streamId,
       responseUrl,

package/src/wecom/bot-inbound-executor.js

@@ -13,6 +13,7 @@ export async function executeWecomBotInboundFlow(payload = {}) {
   const {
     api,
     streamId,
+    accountId = "default",
     fromUser,
     content,
     msgType = "text",
@@ -22,6 +23,9 @@ export async function executeWecomBotInboundFlow(payload = {}) {
     imageUrls = [],
     fileUrl = "",
     fileName = "",
+    voiceUrl = "",
+    voiceMediaId = "",
+    voiceContentType = "",
     quote = null,
     responseUrl = "",
     buildWecomBotSessionId,
@@ -38,6 +42,7 @@ export async function executeWecomBotInboundFlow(payload = {}) {
     stripWecomGroupMentions,
     resolveWecomCommandPolicy,
     resolveWecomAllowFromPolicy,
+    resolveWecomDmPolicy,
     isWecomSenderAllowed,
     extractLeadingSlashCommand,
     buildWecomBotHelpText,
@@ -65,11 +70,15 @@ export async function executeWecomBotInboundFlow(payload = {}) {
 
   const state = createWecomBotInboundFlowState({
     api,
+    accountId,
     fromUser,
     content,
     imageUrls,
     fileUrl,
     fileName,
+    voiceUrl,
+    voiceMediaId,
+    voiceContentType,
     quote,
     buildWecomBotSessionId,
     resolveWecomBotConfig,
@@ -111,12 +120,15 @@ export async function executeWecomBotInboundFlow(payload = {}) {
 
     const commandGuardResult = applyWecomBotCommandAndSenderGuard({
       api,
+      accountId: state.accountId,
       fromUser,
+      isGroupChat,
       msgType,
       commandBody: state.commandBody,
       normalizedFromUser: state.normalizedFromUser,
       resolveWecomCommandPolicy,
       resolveWecomAllowFromPolicy,
+      resolveWecomDmPolicy,
       isWecomSenderAllowed,
       extractLeadingSlashCommand,
       buildWecomBotHelpText,
@@ -138,6 +150,10 @@ export async function executeWecomBotInboundFlow(payload = {}) {
       normalizedImageUrls: state.normalizedImageUrls,
       normalizedFileUrl: state.normalizedFileUrl,
       normalizedFileName: state.normalizedFileName,
+      normalizedVoiceUrl: state.normalizedVoiceUrl,
+      normalizedVoiceMediaId: state.normalizedVoiceMediaId,
+      normalizedVoiceContentType: state.normalizedVoiceContentType,
+      voiceInputMessageId: msgId,
       normalizedQuote: state.normalizedQuote,
     });
     if (Array.isArray(inboundContentResult.tempPathsToCleanup)) {
@@ -166,6 +182,7 @@ export async function executeWecomBotInboundFlow(payload = {}) {
       commandBody: state.commandBody,
       originalContent: state.originalContent,
       fromAddress: state.fromAddress,
+      accountId: state.accountId,
       groupChatPolicy: state.groupChatPolicy,
       dynamicAgentPolicy: state.dynamicAgentPolicy,
       isAdminUser: state.isAdminUser,
@@ -186,6 +203,7 @@ export async function executeWecomBotInboundFlow(payload = {}) {
       cfg,
       ctxPayload,
       streamId,
+      accountId: state.accountId,
       sessionId: state.sessionId,
       routedAgentId: state.routedAgentId,
       storePath,
@@ -225,6 +243,7 @@ export async function executeWecomBotInboundFlow(payload = {}) {
       readTranscriptFallbackResult,
       safeDeliverReply,
       markTranscriptReplyDelivered,
+      accountId: state.accountId,
     });
     if (shouldReturnFromError) return;
   } finally {

package/src/wecom/bot-inbound-guards.js

@@ -52,12 +52,15 @@ export function applyWecomBotGroupChatGuard({
 
 export function applyWecomBotCommandAndSenderGuard({
   api,
+  accountId = "default",
   fromUser,
+  isGroupChat = false,
   msgType = "text",
   commandBody = "",
   normalizedFromUser = "",
   resolveWecomCommandPolicy,
   resolveWecomAllowFromPolicy,
+  resolveWecomDmPolicy,
   isWecomSenderAllowed,
   extractLeadingSlashCommand,
   buildWecomBotHelpText,
@@ -65,6 +68,7 @@ export function applyWecomBotCommandAndSenderGuard({
 } = {}) {
   assertFunction("resolveWecomCommandPolicy", resolveWecomCommandPolicy);
   assertFunction("resolveWecomAllowFromPolicy", resolveWecomAllowFromPolicy);
+  assertFunction("resolveWecomDmPolicy", resolveWecomDmPolicy);
   assertFunction("isWecomSenderAllowed", isWecomSenderAllowed);
   assertFunction("extractLeadingSlashCommand", extractLeadingSlashCommand);
   assertFunction("buildWecomBotHelpText", buildWecomBotHelpText);
@@ -72,7 +76,34 @@ export function applyWecomBotCommandAndSenderGuard({
 
   const commandPolicy = resolveWecomCommandPolicy(api);
   const isAdminUser = commandPolicy.adminUsers.includes(String(normalizedFromUser ?? "").trim().toLowerCase());
-  const allowFromPolicy = resolveWecomAllowFromPolicy(api, "default", {});
+  const dmPolicy = resolveWecomDmPolicy(api, accountId, {});
+  if (!isGroupChat) {
+    if (dmPolicy.mode === "deny") {
+      return {
+        ok: false,
+        finishText: dmPolicy.rejectMessage || "当前渠道私聊已关闭，请联系管理员。",
+        commandBody: String(commandBody ?? ""),
+        isAdminUser,
+        commandPolicy,
+      };
+    }
+    if (dmPolicy.mode === "allowlist") {
+      const dmSenderAllowed = isAdminUser || isWecomSenderAllowed({
+        senderId: normalizedFromUser,
+        allowFrom: dmPolicy.allowFrom,
+      });
+      if (!dmSenderAllowed) {
+        return {
+          ok: false,
+          finishText: dmPolicy.rejectMessage || "当前私聊账号未授权，请联系管理员。",
+          commandBody: String(commandBody ?? ""),
+          isAdminUser,
+          commandPolicy,
+        };
+      }
+    }
+  }
+  const allowFromPolicy = resolveWecomAllowFromPolicy(api, accountId, {});
   const senderAllowed = isAdminUser || isWecomSenderAllowed({
     senderId: normalizedFromUser,
     allowFrom: allowFromPolicy.allowFrom,
@@ -90,14 +121,15 @@ export function applyWecomBotCommandAndSenderGuard({
   let nextCommandBody = String(commandBody ?? "");
   if (msgType === "text") {
     let commandKey = extractLeadingSlashCommand(nextCommandBody);
-    if (commandKey === "/clear") {
-      nextCommandBody = nextCommandBody.replace(/^\/clear\b/i, "/reset");
+    if (commandKey === "/clear" || commandKey === "/new") {
+      nextCommandBody = nextCommandBody.replace(/^\/(?:clear|new)\b/i, "/reset");
       commandKey = "/reset";
     }
     if (commandKey) {
       const commandAllowed =
         commandPolicy.allowlist.includes(commandKey) ||
-        (commandKey === "/reset" && commandPolicy.allowlist.includes("/clear"));
+        (commandKey === "/reset" &&
+          (commandPolicy.allowlist.includes("/clear") || commandPolicy.allowlist.includes("/new")));
       if (commandPolicy.enabled && !isAdminUser && !commandAllowed) {
         return {
           ok: false,

package/src/wecom/bot-runtime-context.js

@@ -8,6 +8,7 @@ export async function prepareWecomBotRuntimeContext({
   api,
   runtime,
   cfg,
+  accountId = "default",
   baseSessionId,
   fromUser,
   chatId,
@@ -34,7 +35,7 @@ export async function prepareWecomBotRuntimeContext({
     runtime,
     cfg,
     channel: "wecom",
-    accountId: "bot",
+    accountId,
     sessionKey: baseSessionId,
     fromUser,
     chatId,
@@ -83,6 +84,7 @@ export async function prepareWecomBotRuntimeContext({
       commandBody,
       fromAddress,
       sessionId,
+      accountId,
       isGroupChat,
       chatId,
       fromUser,
@@ -100,7 +102,7 @@ export async function prepareWecomBotRuntimeContext({
       sessionKey: sessionId,
       channel: "wecom",
       to: fromUser,
-      accountId: "bot",
+      accountId,
     },
     onRecordError: (err) => {
       api?.logger?.warn?.(`wecom(bot): failed to record session: ${err}`);
@@ -109,7 +111,7 @@ export async function prepareWecomBotRuntimeContext({
 
   runtime.channel.activity.record({
     channel: "wecom",
-    accountId: "bot",
+    accountId,
     direction: "inbound",
   });
 

package/src/wecom/bot-webhook-dispatch.js

@@ -52,7 +52,6 @@ function buildEncryptedStreamPayload({
 
 export function createWecomBotParsedDispatcher({
   api,
-  botConfig,
   cleanupExpiredBotStreams,
   getBotStream,
   buildWecomBotEncryptedResponse,
@@ -65,6 +64,8 @@ export function createWecomBotParsedDispatcher({
   processBotInboundMessage,
   deliverBotReplyText,
   finishBotStream,
+  recordInboundMetric = () => {},
+  recordRuntimeErrorMetric = () => {},
   randomUuid = () => "",
 } = {}) {
   assertFunction("cleanupExpiredBotStreams", cleanupExpiredBotStreams);
@@ -83,20 +84,29 @@ export function createWecomBotParsedDispatcher({
   assertFunction("finishBotStream", finishBotStream);
   assertFunction("randomUuid", randomUuid);
 
-  function buildStreamId() {
+  function buildStreamId(accountId = "default") {
     const normalized = String(randomUuid() || "").trim();
+    const accountSlug = String(accountId ?? "default")
+      .trim()
+      .toLowerCase()
+      .replace(/[^a-z0-9_-]/g, "_") || "default";
     if (normalized) return `stream_${normalized}`;
-    return `stream_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
+    return `stream_${accountSlug}_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
   }
 
   function respondStreamRefresh({ parsed, res, timestamp, nonce }) {
-    cleanupExpiredBotStreams(botConfig.streamExpireMs);
+    const activeBotConfig = parsed?._botConfig;
+    if (!activeBotConfig?.token || !activeBotConfig?.encodingAesKey) {
+      sendPlainText(res, 401, "Invalid bot account config");
+      return;
+    }
+    cleanupExpiredBotStreams(activeBotConfig.streamExpireMs);
     const streamId = parsed.streamId || `stream-${Date.now()}`;
     const stream = getBotStream(streamId);
     const feedbackId = String(parsed.feedbackId || stream?.feedbackId || "").trim();
     const encryptedResponse = buildEncryptedStreamPayload({
       buildWecomBotEncryptedResponse,
-      botConfig,
+      botConfig: activeBotConfig,
       timestamp,
       nonce,
       streamId,
@@ -130,17 +140,27 @@ export function createWecomBotParsedDispatcher({
               fileName: parsed.fileName,
               quote: parsed.quote,
               responseUrl: parsed.responseUrl,
+              accountId: parsed.accountId,
+              voiceUrl: parsed.voiceUrl,
+              voiceMediaId: parsed.voiceMediaId,
+              voiceContentType: parsed.voiceContentType,
             }),
         }),
       )
       .catch((err) => {
         api.logger.error?.(`wecom(bot): async message processing failed: ${String(err?.message || err)}`);
+        recordRuntimeErrorMetric({
+          scope: "bot-dispatch",
+          reason: String(err?.message || err),
+          accountId: parsed.accountId,
+        });
         deliverBotReplyText({
           api,
           fromUser: parsed.fromUser,
           sessionId: botSessionId,
           streamId,
           responseUrl: parsed.responseUrl,
+          accountId: parsed.accountId,
           text: `抱歉，当前模型请求失败，请稍后重试。\n故障信息: ${String(err?.message || err).slice(0, 160)}`,
           reason: "bot-async-processing-error",
         }).catch((deliveryErr) => {
@@ -154,6 +174,17 @@ export function createWecomBotParsedDispatcher({
   }
 
   function respondMessage({ parsed, res, timestamp, nonce }) {
+    const activeBotConfig = parsed?._botConfig;
+    if (!activeBotConfig?.token || !activeBotConfig?.encodingAesKey) {
+      sendPlainText(res, 401, "Invalid bot account config");
+      return;
+    }
+    const accountId = String(parsed?.accountId ?? "default").trim().toLowerCase() || "default";
+    recordInboundMetric({
+      mode: "bot",
+      msgType: parsed.msgType || parsed.kind || "unknown",
+      accountId,
+    });
     const dedupeStub = {
       MsgId: parsed.msgId,
       FromUserName: parsed.fromUser,
@@ -161,17 +192,18 @@ export function createWecomBotParsedDispatcher({
       Content: parsed.content,
       CreateTime: String(Math.floor(Date.now() / 1000)),
     };
-    if (!markInboundMessageSeen(dedupeStub, "bot")) {
+    if (!markInboundMessageSeen(dedupeStub, `bot:${accountId}`)) {
       sendPlainText(res, 200, "success");
       return;
     }
 
-    const botSessionId = buildWecomBotSessionId(parsed.fromUser);
-    const streamId = buildStreamId();
+    const botSessionId = buildWecomBotSessionId(parsed.fromUser, accountId);
+    const streamId = buildStreamId(accountId);
     const feedbackId = String(parsed.feedbackId ?? "").trim();
-    createBotStream(streamId, botConfig.placeholderText, {
+    createBotStream(streamId, activeBotConfig.placeholderText, {
       feedbackId,
       sessionId: botSessionId,
+      accountId,
     });
     if (parsed.responseUrl) {
       upsertBotResponseUrlCache({
@@ -181,11 +213,11 @@ export function createWecomBotParsedDispatcher({
     }
     const encryptedResponse = buildEncryptedStreamPayload({
       buildWecomBotEncryptedResponse,
-      botConfig,
+      botConfig: activeBotConfig,
       timestamp,
       nonce,
       streamId,
-      content: botConfig.placeholderText,
+      content: activeBotConfig.placeholderText,
       finish: false,
       feedbackId,
     });
@@ -197,11 +229,12 @@ export function createWecomBotParsedDispatcher({
     });
   }
 
-  return async function dispatchParsed({ parsed, res, timestamp, nonce } = {}) {
+  return async function dispatchParsed({ parsed, res, timestamp, nonce, botConfig } = {}) {
     if (!parsed || typeof parsed !== "object") {
       sendPlainText(res, 200, "success");
       return true;
     }
+    parsed._botConfig = botConfig;
     if (parsed.kind === "stream-refresh") {
       respondStreamRefresh({ parsed, res, timestamp, nonce });
       return true;

package/src/wecom/bot-webhook-handler.js

@@ -4,6 +4,7 @@ import { createWecomBotParsedDispatcher } from "./bot-webhook-dispatch.js";
 export function createWecomBotWebhookHandler({
   api,
   botConfig,
+  botConfigs,
   normalizedPath,
   readRequestBody,
   parseIncomingJson,
@@ -23,10 +24,27 @@ export function createWecomBotWebhookHandler({
   processBotInboundMessage,
   deliverBotReplyText,
   finishBotStream,
+  recordInboundMetric = () => {},
+  recordRuntimeErrorMetric = () => {},
 } = {}) {
+  const configuredBotConfigs = Array.isArray(botConfigs) && botConfigs.length > 0 ? botConfigs : [botConfig];
+  const signedBotConfigs = configuredBotConfigs.filter((item) => item?.token && item?.encodingAesKey);
+  function pickBotConfigBySignature({ msgSignature, timestamp, nonce, encrypt }) {
+    if (!msgSignature || !encrypt) return null;
+    for (const cfg of signedBotConfigs) {
+      const expected = computeMsgSignature({
+        token: cfg.token,
+        timestamp,
+        nonce,
+        encrypt,
+      });
+      if (expected === msgSignature) return cfg;
+    }
+    return null;
+  }
+
   const dispatchParsed = createWecomBotParsedDispatcher({
     api,
-    botConfig,
     cleanupExpiredBotStreams,
     getBotStream,
     buildWecomBotEncryptedResponse,
@@ -39,6 +57,8 @@ export function createWecomBotWebhookHandler({
     processBotInboundMessage,
     deliverBotReplyText,
     finishBotStream,
+    recordInboundMetric,
+    recordRuntimeErrorMetric,
     randomUuid: () => crypto.randomUUID?.(),
   });
 
@@ -51,9 +71,9 @@ export function createWecomBotWebhookHandler({
       const echostr = url.searchParams.get("echostr") ?? "";
 
       if (req.method === "GET" && !echostr) {
-        res.statusCode = 200;
+        res.statusCode = signedBotConfigs.length > 0 ? 200 : 500;
         res.setHeader("Content-Type", "text/plain; charset=utf-8");
-        res.end("wecom bot webhook ok");
+        res.end(signedBotConfigs.length > 0 ? "wecom bot webhook ok" : "wecom bot webhook not configured");
         return;
       }
 
@@ -64,26 +84,28 @@ export function createWecomBotWebhookHandler({
           res.end("Missing query params");
           return;
         }
-        const expected = computeMsgSignature({
-          token: botConfig.token,
+        const matchedBotConfig = pickBotConfigBySignature({
+          msgSignature: msg_signature,
           timestamp,
           nonce,
           encrypt: echostr,
         });
-        if (expected !== msg_signature) {
+        if (!matchedBotConfig) {
           res.statusCode = 401;
           res.setHeader("Content-Type", "text/plain; charset=utf-8");
           res.end("Invalid signature");
           return;
         }
         const { msg: plainEchostr } = decryptWecom({
-          aesKey: botConfig.encodingAesKey,
+          aesKey: matchedBotConfig.encodingAesKey,
           cipherTextBase64: echostr,
         });
         res.statusCode = 200;
         res.setHeader("Content-Type", "text/plain; charset=utf-8");
         res.end(plainEchostr);
-        api.logger.info?.(`wecom(bot): verified callback URL at ${normalizedPath}`);
+        api.logger.info?.(
+          `wecom(bot): verified callback URL at ${normalizedPath} (account=${matchedBotConfig.accountId || "default"})`,
+        );
         return;
       }
 
@@ -114,13 +136,13 @@ export function createWecomBotWebhookHandler({
         return;
       }
 
-      const expected = computeMsgSignature({
-        token: botConfig.token,
+      const matchedBotConfig = pickBotConfigBySignature({
+        msgSignature: msg_signature,
         timestamp,
         nonce,
         encrypt: encryptedBody,
       });
-      if (expected !== msg_signature) {
+      if (!matchedBotConfig) {
         res.statusCode = 401;
         res.setHeader("Content-Type", "text/plain; charset=utf-8");
         res.end("Invalid signature");
@@ -130,7 +152,7 @@ export function createWecomBotWebhookHandler({
       let incomingPayload = null;
       try {
         const { msg: decryptedPayload } = decryptWecom({
-          aesKey: botConfig.encodingAesKey,
+          aesKey: matchedBotConfig.encodingAesKey,
           cipherTextBase64: encryptedBody,
         });
         incomingPayload = parseIncomingJson(decryptedPayload);
@@ -143,12 +165,18 @@ export function createWecomBotWebhookHandler({
       }
 
       const parsed = parseWecomBotInboundMessage(incomingPayload);
-      api.logger.info?.(`wecom(bot): inbound ${describeWecomBotParsedMessage(parsed)}`);
+      if (parsed && typeof parsed === "object") {
+        parsed.accountId = String(matchedBotConfig.accountId ?? "default").trim().toLowerCase() || "default";
+      }
+      api.logger.info?.(
+        `wecom(bot): inbound ${describeWecomBotParsedMessage(parsed)} account=${matchedBotConfig.accountId || "default"}`,
+      );
       const handled = await dispatchParsed({
         parsed,
         res,
         timestamp,
         nonce,
+        botConfig: matchedBotConfig,
       });
       if (handled) {
         return;
@@ -159,6 +187,10 @@ export function createWecomBotWebhookHandler({
       res.end("success");
     } catch (err) {
       api.logger.error?.(`wecom(bot): webhook handler failed: ${String(err?.message || err)}`);
+      recordRuntimeErrorMetric({
+        scope: "bot-webhook",
+        reason: String(err?.message || err),
+      });
       if (!res.writableEnded) {
         res.statusCode = 500;
         res.setHeader("Content-Type", "text/plain; charset=utf-8");