@fineorg/mcp 1.0.0

package/dist/index-http.js

@@ -0,0 +1,2425 @@
+#!/usr/bin/env node
+import { randomUUID, timingSafeEqual } from 'crypto';
+import http from 'http';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
+import { readFileSync, createWriteStream } from 'fs';
+import path, { join } from 'path';
+import { config as config$1 } from 'dotenv';
+import { z } from 'zod';
+import { readdir, stat, unlink, mkdir } from 'fs/promises';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import axios2 from 'axios';
+import axiosRetry from 'axios-retry';
+import * as lark from '@larksuiteoapi/node-sdk';
+
+config$1({ path: path.resolve(process.cwd(), ".env") });
+var packageJsonPath = path.resolve(process.cwd(), "package.json");
+var packageVersion = "0.0.0";
+try {
+  const pkg = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
+  packageVersion = pkg.version || packageVersion;
+} catch {
+}
+var rawConfig = {
+  version: packageVersion,
+  mcp: {
+    authEnabled: process.env.MCP_AUTH_ENABLED !== "false",
+    authToken: process.env.MCP_AUTH_TOKEN,
+    allowedClients: process.env.MCP_ALLOWED_CLIENTS,
+    http: {
+      port: Number.parseInt(process.env.MCP_HTTP_PORT || "3040", 10),
+      host: process.env.MCP_HTTP_HOST || "127.0.0.1"
+    },
+    sse: {
+      port: Number.parseInt(process.env.MCP_SSE_PORT || "3041", 10),
+      host: process.env.MCP_SSE_HOST || "127.0.0.1"
+    },
+    maxSessions: Number.parseInt(process.env.MCP_MAX_SESSIONS || "100", 10),
+    sessionTimeoutMs: Number.parseInt(process.env.MCP_SESSION_TIMEOUT || String(30 * 60 * 1e3), 10),
+    maxBodySize: Number.parseInt(process.env.MCP_MAX_BODY_SIZE || String(1 * 1024 * 1024), 10),
+    maxDiffSize: Number.parseInt(process.env.MCP_MAX_DIFF_SIZE || String(2 * 1024 * 1024), 10),
+    rateLimitWindowMs: Number.parseInt(process.env.MCP_RATE_LIMIT_WINDOW || "60000", 10),
+    rateLimitMax: Number.parseInt(process.env.MCP_RATE_LIMIT_MAX || "60", 10),
+    trustProxy: process.env.MCP_TRUST_PROXY === "true"
+  },
+  jira: {
+    host: process.env.JIRA_HOST,
+    username: process.env.JIRA_USERNAME,
+    token: process.env.JIRA_TOKEN
+  },
+  bitbucket: {
+    host: process.env.BITBUCKET_HOST,
+    username: process.env.BITBUCKET_USERNAME,
+    password: process.env.BITBUCKET_PASSWORD,
+    token: process.env.BITBUCKET_TOKEN
+  },
+  feishuProject: {
+    projectKey: process.env.FEISHU_PROJECT_KEY,
+    pluginId: process.env.FEISHU_PROJECT_PLUGIN_ID,
+    pluginSecret: process.env.FEISHU_PROJECT_PLUGIN_SECRET,
+    useVirtualToken: process.env.FEISHU_PROJECT_USE_VIRTUAL_TOKEN === "true",
+    userKey: process.env.FEISHU_PROJECT_USER_KEY
+  },
+  feishuOpen: {
+    appId: process.env.FEISHU_OPEN_APP_ID,
+    appSecret: process.env.FEISHU_OPEN_APP_SECRET
+  },
+  confluence: {
+    host: process.env.CONFLUENCE_HOST,
+    token: process.env.CONFLUENCE_TOKEN
+  },
+  server: {
+    logDir: process.env.LOG_DIR || "./logs",
+    logLevel: process.env.LOG_LEVEL || "INFO"
+  }
+};
+var configSchema = z.object({
+  version: z.string(),
+  mcp: z.object({
+    authEnabled: z.boolean(),
+    authToken: z.string().optional(),
+    allowedClients: z.string().optional(),
+    http: z.object({
+      port: z.number().int().min(1).max(65535),
+      host: z.string()
+    }),
+    sse: z.object({
+      port: z.number().int().min(1).max(65535),
+      host: z.string()
+    }),
+    maxSessions: z.number().int().min(1),
+    sessionTimeoutMs: z.number().int().min(1),
+    maxBodySize: z.number().int().min(1),
+    maxDiffSize: z.number().int().min(1),
+    rateLimitWindowMs: z.number().int().min(1e3),
+    rateLimitMax: z.number().int().min(1),
+    trustProxy: z.boolean()
+  }),
+  jira: z.object({
+    host: z.string().optional(),
+    username: z.string().optional(),
+    token: z.string().optional()
+  }),
+  bitbucket: z.object({
+    host: z.string().optional(),
+    username: z.string().optional(),
+    password: z.string().optional(),
+    token: z.string().optional()
+  }),
+  feishuProject: z.object({
+    projectKey: z.string().optional(),
+    pluginId: z.string().optional(),
+    pluginSecret: z.string().optional(),
+    useVirtualToken: z.boolean(),
+    userKey: z.string().optional()
+  }),
+  feishuOpen: z.object({
+    appId: z.string().optional(),
+    appSecret: z.string().optional()
+  }),
+  confluence: z.object({
+    host: z.string().optional(),
+    token: z.string().optional()
+  }),
+  server: z.object({
+    logDir: z.string(),
+    logLevel: z.string()
+  })
+});
+var config = configSchema.parse(rawConfig);
+var hasJiraConfig = () => !!(config.jira.host && config.jira.username && config.jira.token);
+var hasBitbucketAuth = () => !!(config.bitbucket.token || config.bitbucket.username && config.bitbucket.password);
+var hasConfluenceConfig = () => !!(config.confluence.host && config.confluence.token);
+var hasFeishuProjectAuth = () => !!(config.feishuProject.pluginId && config.feishuProject.pluginSecret);
+var hasFeishuOpenAuth = () => !!(config.feishuOpen.appId && config.feishuOpen.appSecret);
+function validateConfig() {
+  const errors = [];
+  const jiraFields = [config.jira.host, config.jira.username, config.jira.token];
+  const jiraCount = jiraFields.filter(Boolean).length;
+  if (jiraCount > 0 && jiraCount < jiraFields.length) {
+    errors.push("Jira \u914D\u7F6E\u4E0D\u5B8C\u6574\uFF1A\u9700\u8981\u540C\u65F6\u914D\u7F6E JIRA_HOST, JIRA_USERNAME, JIRA_TOKEN");
+  }
+  if (config.bitbucket.host && !hasBitbucketAuth()) {
+    errors.push(
+      "Bitbucket \u9700\u8981\u914D\u7F6E\u8BA4\u8BC1\u65B9\u5F0F\uFF1ABITBUCKET_TOKEN \u6216 (BITBUCKET_USERNAME + BITBUCKET_PASSWORD)"
+    );
+  }
+  if (config.confluence.host && !config.confluence.token) {
+    errors.push(
+      "Confluence \u914D\u7F6E\u4E0D\u5B8C\u6574\uFF1A\u9700\u8981\u540C\u65F6\u914D\u7F6E CONFLUENCE_HOST \u548C CONFLUENCE_TOKEN"
+    );
+  }
+  if (config.feishuProject.projectKey) {
+    if (!hasFeishuProjectAuth()) {
+      errors.push(
+        "\u98DE\u4E66\u9879\u76EE\u914D\u7F6E\u4E0D\u5B8C\u6574\uFF1A\u9700\u8981\u914D\u7F6E FEISHU_PROJECT_PLUGIN_ID + FEISHU_PROJECT_PLUGIN_SECRET"
+      );
+    }
+    if (config.feishuProject.useVirtualToken && !config.feishuProject.userKey) {
+      errors.push(
+        "\u98DE\u4E66\u9879\u76EE\u4F7F\u7528\u865A\u62DF Token (FEISHU_PROJECT_USE_VIRTUAL_TOKEN=true) \u4F46\u672A\u914D\u7F6E FEISHU_PROJECT_USER_KEY"
+      );
+    }
+  }
+  const feishuOpenFields = [config.feishuOpen.appId, config.feishuOpen.appSecret];
+  const feishuOpenCount = feishuOpenFields.filter(Boolean).length;
+  if (feishuOpenCount > 0 && feishuOpenCount < feishuOpenFields.length) {
+    errors.push(
+      "\u98DE\u4E66\u5F00\u653E\u5E73\u53F0\u914D\u7F6E\u4E0D\u5B8C\u6574\uFF1A\u9700\u8981\u540C\u65F6\u914D\u7F6E FEISHU_OPEN_APP_ID + FEISHU_OPEN_APP_SECRET"
+    );
+  }
+  if (errors.length > 0) {
+    throw new Error(`\u914D\u7F6E\u9A8C\u8BC1\u5931\u8D25:
+${errors.map((e) => `  - ${e}`).join("\n")}`);
+  }
+}
+var platformAvailability = {
+  bitbucket: Boolean(config.bitbucket.host && hasBitbucketAuth()),
+  jira: hasJiraConfig(),
+  confluence: hasConfluenceConfig(),
+  feishu: Boolean(config.feishuProject.projectKey && hasFeishuProjectAuth()),
+  feishuOpen: hasFeishuOpenAuth()
+};
+var LOG_LEVEL_PRIORITY = {
+  DEBUG: 0,
+  INFO: 1,
+  WARN: 2,
+  ERROR: 3
+};
+var currentLogLevel = (() => {
+  const envLevel = config.server.logLevel?.toUpperCase();
+  if (envLevel && envLevel in LOG_LEVEL_PRIORITY) {
+    return envLevel;
+  }
+  return "INFO";
+})();
+var shouldLog = (level) => {
+  return LOG_LEVEL_PRIORITY[level] >= LOG_LEVEL_PRIORITY[currentLogLevel];
+};
+var LOG_DIR = config.server.logDir;
+var LOG_RETENTION_DAYS = 90;
+var timestampFormatter = new Intl.DateTimeFormat("zh-CN", {
+  timeZone: "Asia/Shanghai",
+  year: "numeric",
+  month: "2-digit",
+  day: "2-digit",
+  hour: "2-digit",
+  minute: "2-digit",
+  second: "2-digit",
+  hour12: false
+});
+var dateFormatter = new Intl.DateTimeFormat("zh-CN", {
+  timeZone: "Asia/Shanghai",
+  year: "numeric",
+  month: "2-digit",
+  day: "2-digit"
+});
+var formatTimestamp = () => {
+  const now = /* @__PURE__ */ new Date();
+  const timeString = timestampFormatter.format(now).replace(/\//g, "-");
+  const ms = String(now.getMilliseconds()).padStart(3, "0");
+  return `${timeString}.${ms}`;
+};
+var getCurrentDateString = () => {
+  const now = /* @__PURE__ */ new Date();
+  const parts = dateFormatter.formatToParts(now);
+  const year = parts.find((p) => p.type === "year")?.value;
+  const month = parts.find((p) => p.type === "month")?.value;
+  const day = parts.find((p) => p.type === "day")?.value;
+  return `${year}-${month}-${day}`;
+};
+var EXACT_SENSITIVE_KEYS = /* @__PURE__ */ new Set([
+  "password",
+  "token",
+  "secret",
+  "authorization",
+  "cookie",
+  "credential",
+  "credentials",
+  "bearer"
+]);
+var SENSITIVE_SUFFIXES = [
+  "password",
+  "token",
+  "secret",
+  "apikey",
+  "api_key",
+  "privatekey",
+  "private_key",
+  "databaseurl",
+  "database_url",
+  "connectionstring",
+  "connection_string"
+];
+var MAX_SANITIZE_DEPTH = 5;
+var sanitizeSensitiveData = (data, depth = 0) => {
+  if (data === null || data === void 0) {
+    return data;
+  }
+  if (depth > MAX_SANITIZE_DEPTH) {
+    return "[MAX_DEPTH_REACHED]";
+  }
+  if (typeof data === "string") {
+    if (data.startsWith("Bearer ")) {
+      return "Bearer [REDACTED]";
+    }
+    if (data.startsWith("Basic ")) {
+      return "Basic [REDACTED]";
+    }
+    if (data.includes("://") && data.includes("@")) {
+      try {
+        const url = new URL(data);
+        if (url.password) {
+          url.password = "***REDACTED***";
+        }
+        return url.toString();
+      } catch {
+        return data.replace(/:([^:@]+)@/, ":***REDACTED***@");
+      }
+    }
+    return data;
+  }
+  if (Array.isArray(data)) {
+    return data.map((item) => sanitizeSensitiveData(item, depth + 1));
+  }
+  if (typeof data === "object") {
+    if (data instanceof Error) {
+      return {
+        message: sanitizeSensitiveData(data.message, depth + 1),
+        stack: data.stack,
+        name: data.name
+      };
+    }
+    const sanitized = {};
+    for (const [key, value] of Object.entries(data)) {
+      const keyLower = key.toLowerCase();
+      const isSensitive = EXACT_SENSITIVE_KEYS.has(keyLower) || SENSITIVE_SUFFIXES.some((suffix) => keyLower.endsWith(suffix));
+      if (isSensitive) {
+        sanitized[key] = "***REDACTED***";
+      } else {
+        sanitized[key] = sanitizeSensitiveData(value, depth + 1);
+      }
+    }
+    return sanitized;
+  }
+  return data;
+};
+var ensureLogDir = async () => {
+  try {
+    await mkdir(LOG_DIR, { recursive: true });
+  } catch {
+  }
+};
+var logDirReady = false;
+var makeStreamFactory = (prefix) => {
+  let stream = null;
+  let date = "";
+  return (dateStr) => {
+    try {
+      if (stream && date === dateStr) return stream;
+      stream?.end();
+      stream = createWriteStream(join(LOG_DIR, `${prefix}-${dateStr}.log`), {
+        flags: "a",
+        encoding: "utf-8"
+      });
+      stream.on("error", (err) => {
+        console.error(`[logger] write stream error: ${err.message}`);
+      });
+      date = dateStr;
+      return stream;
+    } catch {
+      return null;
+    }
+  };
+};
+var getOrCreateLogStream = makeStreamFactory("mcp");
+var getOrCreateErrorStream = makeStreamFactory("error");
+var writeToFile = async (logMessage) => {
+  try {
+    if (!logDirReady) {
+      await ensureLogDir();
+      logDirReady = true;
+    }
+    const dateStr = getCurrentDateString();
+    const stream = getOrCreateLogStream(dateStr);
+    stream?.write(`${logMessage}
+`);
+  } catch {
+  }
+};
+var writeToErrorFile = async (logMessage) => {
+  try {
+    if (!logDirReady) {
+      await ensureLogDir();
+      logDirReady = true;
+    }
+    const dateStr = getCurrentDateString();
+    const stream = getOrCreateErrorStream(dateStr);
+    stream?.write(`${logMessage}
+`);
+  } catch {
+  }
+};
+var cleanupOldLogs = async () => {
+  try {
+    await ensureLogDir();
+    const files = await readdir(LOG_DIR);
+    const now = Date.now();
+    const retentionMs = LOG_RETENTION_DAYS * 24 * 60 * 60 * 1e3;
+    for (const file of files) {
+      if (!file.startsWith("mcp-") && !file.startsWith("error-") || !file.endsWith(".log")) {
+        continue;
+      }
+      const filePath = join(LOG_DIR, file);
+      const fileStat = await stat(filePath);
+      const fileAge = now - fileStat.mtime.getTime();
+      if (fileAge > retentionMs) {
+        await unlink(filePath);
+      }
+    }
+  } catch {
+  }
+};
+var log = (level, message, data) => {
+  if (!shouldLog(level)) {
+    return;
+  }
+  const timestamp = formatTimestamp();
+  let logMessage = `[${timestamp}] [${level}] ${message}`;
+  if (data !== void 0) {
+    try {
+      const sanitizedData = sanitizeSensitiveData(data);
+      let dataStr = "";
+      if (sanitizedData instanceof Error) {
+        const errorObj = {
+          message: sanitizedData.message,
+          stack: sanitizedData.stack?.replace(/\n/g, "\\n"),
+          name: sanitizedData.name
+        };
+        if ("code" in sanitizedData) {
+          errorObj.code = sanitizedData.code;
+        }
+        dataStr = JSON.stringify(errorObj);
+      } else if (typeof sanitizedData === "object" && sanitizedData !== null) {
+        const dataObj = {};
+        for (const [key, value] of Object.entries(sanitizedData)) {
+          try {
+            if (typeof value === "function" || value === void 0) {
+              continue;
+            }
+            if (value instanceof Error) {
+              dataObj[key] = {
+                message: value.message,
+                stack: value.stack?.replace(/\n/g, "\\n"),
+                name: value.name
+              };
+            } else if (typeof value === "string") {
+              dataObj[key] = value.replace(/\n/g, "\\n");
+            } else {
+              dataObj[key] = value;
+            }
+          } catch {
+            dataObj[key] = `[Unserializable: ${typeof value}]`;
+          }
+        }
+        dataStr = JSON.stringify(dataObj);
+      } else {
+        dataStr = String(sanitizedData);
+      }
+      logMessage += ` ${dataStr}`;
+    } catch {
+      logMessage += ` [Data type: ${typeof data}, Message: ${String(data).substring(0, 100)}]`;
+    }
+  }
+  console.error(logMessage);
+  writeToFile(logMessage).catch(() => {
+  });
+  if (level === "ERROR") {
+    writeToErrorFile(logMessage).catch(() => {
+    });
+  }
+};
+function initLogger() {
+  cleanupOldLogs().catch(() => {
+  });
+  scheduleCleanup();
+}
+var CLEANUP_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+var cleanupTimer;
+var scheduleCleanup = () => {
+  cleanupTimer = setInterval(() => {
+    cleanupOldLogs().catch(() => {
+    });
+  }, CLEANUP_INTERVAL_MS);
+  cleanupTimer.unref();
+};
+var logRequestError = (message, context) => {
+  const enhancedData = {
+    type: "HTTP_REQUEST_ERROR",
+    ...context
+  };
+  log("ERROR", message, enhancedData);
+};
+var logger = {
+  debug: (message, data) => log("DEBUG", message, data),
+  info: (message, data) => log("INFO", message, data),
+  warn: (message, data) => log("WARN", message, data),
+  error: (message, data) => log("ERROR", message, data),
+  requestError: logRequestError
+};
+
+// src/mcp/mcpAuth.ts
+var cachedAllowedClients;
+var cachedAllowedClientsSource;
+function getParsedAllowedClients() {
+  const source = config.mcp.allowedClients;
+  if (cachedAllowedClientsSource === source && cachedAllowedClients !== void 0) {
+    return cachedAllowedClients;
+  }
+  cachedAllowedClientsSource = source;
+  cachedAllowedClients = source ? source.split(",").map((c) => c.trim().toLowerCase()).filter((c) => c.length > 0) : null;
+  return cachedAllowedClients;
+}
+var McpAuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "McpAuthError";
+  }
+};
+function validateMcpStartup() {
+  if (!config.mcp.authEnabled) {
+    logger.info("MCP Server \u8BA4\u8BC1\u672A\u542F\u7528\uFF0C\u5141\u8BB8\u6240\u6709\u5BA2\u6237\u7AEF\u8BBF\u95EE");
+    return;
+  }
+  if (!config.mcp.authToken) {
+    throw new McpAuthError(
+      "MCP_AUTH_TOKEN \u672A\u914D\u7F6E\u3002\u8BF7\u4F7F\u7528 'openssl rand -hex 32' \u751F\u6210\u4EE4\u724C\u5E76\u6DFB\u52A0\u5230 .env \u6587\u4EF6\u4E2D"
+    );
+  }
+  if (config.mcp.authToken.length < 32) {
+    throw new McpAuthError(
+      `MCP_AUTH_TOKEN \u957F\u5EA6\u4E0D\u8DB3\uFF08\u81F3\u5C11\u9700\u8981 32 \u5B57\u7B26\uFF09\u3002\u8BF7\u4F7F\u7528 'openssl rand -hex 32' \u751F\u6210\u65B0\u4EE4\u724C`
+    );
+  }
+  logger.info("MCP Server \u8BA4\u8BC1\u5DF2\u542F\u7528", {
+    hasValidToken: true,
+    hasAllowedClients: !!config.mcp.allowedClients
+  });
+}
+function validateAuthToken(authToken) {
+  if (!config.mcp.authEnabled) {
+    return true;
+  }
+  if (!authToken) {
+    logger.warn("MCP \u5DE5\u5177\u8C03\u7528\u672A\u63D0\u4F9B\u8BA4\u8BC1\u4EE4\u724C");
+    return false;
+  }
+  if (!config.mcp.authToken) {
+    logger.warn("MCP \u5DE5\u5177\u8C03\u7528\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25");
+    return false;
+  }
+  const expected = Buffer.from(config.mcp.authToken);
+  const received = Buffer.from(authToken);
+  if (expected.length !== received.length) {
+    logger.warn("MCP \u5DE5\u5177\u8C03\u7528\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25");
+    return false;
+  }
+  if (!timingSafeEqual(expected, received)) {
+    logger.warn("MCP \u5DE5\u5177\u8C03\u7528\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25");
+    return false;
+  }
+  return true;
+}
+function validateClient(clientName) {
+  if (!config.mcp.authEnabled) {
+    return true;
+  }
+  const allowedClients = getParsedAllowedClients();
+  if (!allowedClients) {
+    return true;
+  }
+  if (!clientName) {
+    logger.warn("MCP \u5DE5\u5177\u8C03\u7528\u672A\u63D0\u4F9B\u5BA2\u6237\u7AEF\u540D\u79F0");
+    return false;
+  }
+  const isAllowed = allowedClients.includes(clientName.toLowerCase());
+  if (!isAllowed) {
+    logger.warn("MCP \u5BA2\u6237\u7AEF\u4E0D\u5728\u767D\u540D\u5355\u4E2D", {
+      clientName
+    });
+  }
+  return isAllowed;
+}
+function validateHttpAuth(req) {
+  if (!config.mcp.authEnabled) return true;
+  const authHeader = req.headers.authorization;
+  const token = typeof authHeader === "string" ? authHeader.replace(/^Bearer\s+/i, "") : void 0;
+  if (!validateAuthToken(token)) {
+    logger.warn("HTTP \u8FDE\u63A5\u8BA4\u8BC1\u5931\u8D25", {
+      ip: req.socket.remoteAddress,
+      authHeader: authHeader ? "present" : "missing"
+    });
+    return false;
+  }
+  const clientHeader = req.headers["x-mcp-client"];
+  const clientName = typeof clientHeader === "string" ? clientHeader : void 0;
+  if (!validateClient(clientName)) {
+    logger.warn("HTTP \u8FDE\u63A5\u5BA2\u6237\u7AEF\u9A8C\u8BC1\u5931\u8D25", {
+      ip: req.socket.remoteAddress,
+      clientName: clientName || "missing"
+    });
+    return false;
+  }
+  return true;
+}
+function getMcpAuthStatus() {
+  return {
+    authEnabled: config.mcp.authEnabled,
+    hasAuthToken: !!config.mcp.authToken,
+    tokenLengthSufficient: (config.mcp.authToken?.length || 0) >= 32,
+    hasAllowedClients: !!config.mcp.allowedClients
+  };
+}
+
+// src/mcp/rate-limiter.ts
+var RateLimiter = class {
+  windowMs;
+  maxRequests;
+  entries = /* @__PURE__ */ new Map();
+  cleanupTimer;
+  constructor(windowMs, maxRequests) {
+    this.windowMs = windowMs;
+    this.maxRequests = maxRequests;
+    this.cleanupTimer = setInterval(() => this.cleanup(), windowMs * 2);
+    this.cleanupTimer.unref();
+  }
+  isAllowed(key) {
+    const now = Date.now();
+    const entry = this.entries.get(key);
+    if (!entry || now - entry.windowStart >= this.windowMs) {
+      this.entries.set(key, { count: 1, windowStart: now });
+      return true;
+    }
+    entry.count++;
+    if (entry.count > this.maxRequests) {
+      logger.warn("\u901F\u7387\u9650\u5236\u89E6\u53D1", {
+        key,
+        count: entry.count,
+        maxRequests: this.maxRequests,
+        windowMs: this.windowMs
+      });
+      return false;
+    }
+    return true;
+  }
+  cleanup() {
+    const now = Date.now();
+    for (const [key, entry] of this.entries) {
+      if (now - entry.windowStart >= this.windowMs) {
+        this.entries.delete(key);
+      }
+    }
+  }
+  destroy() {
+    if (this.cleanupTimer) {
+      clearInterval(this.cleanupTimer);
+      this.cleanupTimer = void 0;
+    }
+    this.entries.clear();
+  }
+};
+
+// src/types/result.ts
+function success(data) {
+  return { success: true, data };
+}
+function failure(error) {
+  return { success: false, error };
+}
+function extractHttpErrorDetail(error) {
+  const detail = {};
+  if (!(error instanceof Error)) {
+    detail.raw = String(error);
+    return detail;
+  }
+  detail.message = error.message;
+  if (axios2.isAxiosError(error)) {
+    detail.axiosCode = error.code;
+    if (error.config) {
+      detail.requestMethod = error.config.method;
+      detail.requestUrl = error.config.url;
+      detail.requestBaseURL = error.config.baseURL;
+    }
+    if (error.response) {
+      detail.httpStatus = error.response.status;
+      detail.httpStatusText = error.response.statusText;
+      extractResponseBody(error.response.data, detail);
+    }
+    return detail;
+  }
+  const err = error;
+  if (err.response && typeof err.response === "object") {
+    const resp = err.response;
+    detail.httpStatus = resp.status;
+    if (resp.data && typeof resp.data === "object") {
+      extractResponseBody(resp.data, detail);
+    }
+  }
+  if (err.config && typeof err.config === "object") {
+    const cfg = err.config;
+    detail.requestUrl = cfg.url;
+    detail.requestMethod = cfg.method;
+  }
+  if (err.code) detail.axiosCode = err.code;
+  return detail;
+}
+function extractResponseBody(data, detail) {
+  if (typeof data === "string") {
+    detail.responseBody = data.slice(0, 500);
+    return;
+  }
+  if (typeof data === "object" && data !== null) {
+    const d = data;
+    const body = {};
+    for (const key of ["message", "error", "errors", "code", "msg", "log_id", "troubleshooter"]) {
+      if (d[key] !== void 0) body[key] = d[key];
+    }
+    if (Object.keys(body).length > 0) {
+      detail.responseBody = body;
+    }
+  }
+}
+
+// src/services/platforms/BasePlatformClient.ts
+var RETRY_ERROR_CODES = ["ECONNREFUSED", "ETIMEDOUT", "ENOTFOUND", "ENETUNREACH"];
+var BasePlatformClient = class {
+  api;
+  platformName;
+  constructor(platformName, config2) {
+    this.platformName = platformName;
+    this.api = this.buildAxiosInstance(config2);
+    logger.debug(`${platformName} \u5BA2\u6237\u7AEF\u5DF2\u521D\u59CB\u5316`, { baseURL: config2.baseURL });
+  }
+  /**
+   * 构建 axios 实例（含认证和重试配置）
+   */
+  buildAxiosInstance(config2) {
+    const { baseURL, auth, timeout = 3e4, retries = 3 } = config2;
+    const headers = {};
+    let axiosAuth;
+    if (auth.type === "bearer") {
+      headers.Authorization = `Bearer ${auth.token}`;
+    } else if (auth.type === "basic") {
+      axiosAuth = {
+        username: auth.username,
+        password: auth.password
+      };
+    }
+    const instance = axios2.create({
+      baseURL,
+      headers,
+      auth: axiosAuth,
+      timeout
+    });
+    this.setupRetry(instance, retries);
+    return instance;
+  }
+  /**
+   * 配置自动重试机制
+   */
+  setupRetry(instance, retries) {
+    axiosRetry(instance, {
+      retries,
+      retryCondition: (error) => {
+        return axios2.isAxiosError(error) && (!error.response || error.response.status >= 500 || RETRY_ERROR_CODES.includes(error.code || ""));
+      },
+      onRetry: (retryCount, error) => {
+        logger.warn(`${this.platformName} API \u8BF7\u6C42\u91CD\u8BD5`, {
+          retryCount,
+          ...extractHttpErrorDetail(error)
+        });
+      }
+    });
+  }
+  /**
+   * 创建额外的 API 实例（共享相同的认证和重试配置）
+   */
+  createApiInstance(config2) {
+    return this.buildAxiosInstance(config2);
+  }
+  /**
+   * 包装 API 调用，统一错误处理
+   */
+  async wrapApiCall(operation, apiCall) {
+    const startTime = Date.now();
+    try {
+      logger.debug(`${this.platformName}: ${operation}`);
+      const data = await apiCall();
+      logger.debug(`${this.platformName}: ${operation} \u6210\u529F`, {
+        durationMs: Date.now() - startTime
+      });
+      return success(data);
+    } catch (error) {
+      const durationMs = Date.now() - startTime;
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logger.error(`${this.platformName}: ${operation} \u5931\u8D25`, {
+        durationMs,
+        ...extractHttpErrorDetail(error)
+      });
+      return failure(
+        new Error(`${this.platformName} ${operation} \u5931\u8D25: ${errorMessage}`)
+      );
+    }
+  }
+  /**
+   * 获取平台名称
+   */
+  getPlatformName() {
+    return this.platformName;
+  }
+};
+
+// src/services/platforms/BitbucketClient.ts
+var BitbucketClient = class extends BasePlatformClient {
+  /**
+   * Patch API 使用独立实例，因为 Bitbucket Server 的 REST API 和 Patch API
+   * 使用不同的路径前缀（/rest/api/latest vs /rest/patch/1.0）。
+   * 合并为单实例需要在每次调用时传入完整路径，增加出错风险，故保持分离。
+   */
+  patchApi;
+  constructor(config2) {
+    if (!config2.baseUrl) {
+      throw new Error("Bitbucket baseUrl is required");
+    }
+    if (!config2.token && !(config2.username && config2.password)) {
+      throw new Error("Either token or username/password is required for Bitbucket authentication");
+    }
+    const auth = config2.token ? { type: "bearer", token: config2.token } : { type: "basic", username: config2.username, password: config2.password };
+    super("Bitbucket", {
+      baseURL: `${config2.baseUrl}/rest/api/latest`,
+      auth,
+      timeout: 3e4
+    });
+    this.patchApi = this.createApiInstance({
+      baseURL: `${config2.baseUrl}/rest/patch/1.0`,
+      auth,
+      timeout: 3e4
+    });
+  }
+  async getPullRequestDiff(params, contextLines = 10) {
+    const { project, repository, prId } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR diff (${project}/${repository}#${prId})`, async () => {
+      const response = await this.api.get(
+        `/projects/${project}/repos/${repository}/pull-requests/${prId}/diff`,
+        {
+          params: { contextLines },
+          headers: { Accept: "text/plain" }
+        }
+      );
+      return response.data;
+    });
+  }
+  async getPullRequestPatch(params) {
+    const { project, repository, prId } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR patch (${project}/${repository}#${prId})`, async () => {
+      const response = await this.patchApi.get(
+        `/projects/${project}/repos/${repository}/pull-requests/${prId}/patch`
+      );
+      return response.data;
+    });
+  }
+  async getPullRequest(params) {
+    const { project, repository, prId } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR \u8BE6\u60C5 (${project}/${repository}#${prId})`, async () => {
+      const response = await this.api.get(
+        `/projects/${project}/repos/${repository}/pull-requests/${prId}`
+      );
+      return response.data;
+    });
+  }
+  async getPullRequests(params) {
+    const { project, repository, state = "OPEN", limit = 100 } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR \u5217\u8868 (${project}/${repository})`, async () => {
+      const response = await this.api.get(`/projects/${project}/repos/${repository}/pull-requests`, {
+        params: { state, limit }
+      });
+      return response.data.values;
+    });
+  }
+  async getPullRequestChanges(params) {
+    const { project, repository, prId } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR \u53D8\u66F4\u6587\u4EF6 (${project}/${repository}#${prId})`, async () => {
+      const response = await this.api.get(
+        `/projects/${project}/repos/${repository}/pull-requests/${prId}/changes`,
+        {
+          params: { limit: 1e3 }
+        }
+      );
+      const files = response.data.values.map((change) => {
+        return change.path?.toString || "";
+      }).filter(Boolean);
+      return files;
+    });
+  }
+  async getPullRequestCommitsCount(params) {
+    const { project, repository, prId } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR \u63D0\u4EA4\u6570\u91CF (${project}/${repository}#${prId})`, async () => {
+      const response = await this.api.get(
+        `/projects/${project}/repos/${repository}/pull-requests/${prId}/commits`,
+        {
+          params: { limit: 1 }
+        }
+      );
+      return response.data.size || 0;
+    });
+  }
+  async createInlineComment(project, repository, prId, file, line, text) {
+    return this.wrapApiCall(`\u521B\u5EFA\u884C\u5185\u8BC4\u8BBA (${project}/${repository}#${prId})`, async () => {
+      const url = `/projects/${project}/repos/${repository}/pull-requests/${prId}/comments`;
+      const requestBody = {
+        text,
+        anchor: {
+          diffType: "EFFECTIVE",
+          path: file,
+          line,
+          lineType: "ADDED"
+        }
+      };
+      const response = await this.api.post(url, requestBody);
+      return response.status === 201;
+    });
+  }
+  async getPullRequestComments(params) {
+    const { project, repository, prId } = params;
+    return this.wrapApiCall(`\u83B7\u53D6 PR \u8BC4\u8BBA (${project}/${repository}#${prId})`, async () => {
+      const url = `/projects/${project}/repos/${repository}/pull-requests/${prId}/activities`;
+      const response = await this.api.get(url, {
+        params: { limit: 100 }
+      });
+      if (response.data && response.data.values) {
+        const comments = response.data.values.filter((activity) => activity.action === "COMMENTED" && activity.comment).map((activity) => activity.comment);
+        return comments;
+      }
+      return [];
+    });
+  }
+  async createPullRequest(params) {
+    const { title, description, from, to } = params;
+    return this.wrapApiCall(`\u521B\u5EFA Pull Request (${to.project}/${to.repository})`, async () => {
+      const response = await this.api.post(
+        `/projects/${to.project}/repos/${to.repository}/pull-requests`,
+        {
+          title,
+          description: description || "",
+          fromRef: {
+            id: `refs/heads/${from.branch}`,
+            repository: {
+              slug: from.repository,
+              project: {
+                key: from.project
+              }
+            }
+          },
+          toRef: {
+            id: `refs/heads/${to.branch}`,
+            repository: {
+              slug: to.repository,
+              project: {
+                key: to.project
+              }
+            }
+          }
+        }
+      );
+      return response.data;
+    });
+  }
+};
+function createBitbucketClient() {
+  if (!config.bitbucket.host) return null;
+  const hasToken = !!config.bitbucket.token;
+  const hasBasicAuth = !!(config.bitbucket.username && config.bitbucket.password);
+  if (!hasToken && !hasBasicAuth) return null;
+  return new BitbucketClient({
+    baseUrl: config.bitbucket.host,
+    token: config.bitbucket.token,
+    username: config.bitbucket.username,
+    password: config.bitbucket.password
+  });
+}
+
+// src/services/platforms/ConfluenceClient.ts
+var ConfluenceClient = class extends BasePlatformClient {
+  host;
+  constructor(host, token) {
+    super("Confluence", {
+      baseURL: `${host}/rest/api`,
+      auth: { type: "bearer", token },
+      timeout: 3e4
+    });
+    this.host = host;
+    this.api.defaults.headers.common["Content-Type"] = "application/json";
+  }
+  async getPage(pageId) {
+    return this.wrapApiCall(`\u83B7\u53D6\u9875\u9762 ${pageId}`, async () => {
+      const response = await this.api.get(`/content/${pageId}`, {
+        params: {
+          expand: "body.storage,version,history,space"
+        }
+      });
+      const page = response.data;
+      return {
+        id: page.id,
+        type: page.type,
+        title: page.title,
+        space: {
+          key: page.space?.key,
+          name: page.space?.name
+        },
+        version: {
+          number: page.version?.number,
+          when: page.version?.when,
+          by: page.version?.by?.displayName
+        },
+        body: {
+          storage: page.body?.storage?.value
+        },
+        history: {
+          createdBy: page.history?.createdBy?.displayName,
+          createdDate: page.history?.createdDate
+        },
+        webUrl: new URL(page._links?.webui ?? "", this.host).toString()
+      };
+    });
+  }
+  async getChildPages(pageId, options = {}) {
+    const { limit = 50, expand = "version,space" } = options;
+    return this.wrapApiCall(`\u83B7\u53D6\u9875\u9762 ${pageId} \u7684\u5B50\u9875\u9762`, async () => {
+      const response = await this.api.get(
+        `/content/${pageId}/child/page`,
+        {
+          params: {
+            limit,
+            expand
+          }
+        }
+      );
+      const childPages = response.data.results.map((child) => ({
+        id: child.id,
+        type: child.type,
+        title: child.title,
+        status: child.status,
+        space: {
+          key: child.space?.key,
+          name: child.space?.name
+        },
+        version: {
+          number: child.version?.number,
+          when: child.version?.when,
+          by: child.version?.by?.displayName
+        },
+        webUrl: new URL(child._links?.webui ?? "", this.host).toString(),
+        position: child.extensions?.position
+      }));
+      return {
+        parentPageId: pageId,
+        totalChildren: response.data.size,
+        start: response.data.start,
+        limit: response.data.limit,
+        children: childPages
+      };
+    });
+  }
+  async getPageComments(pageId, options = {}) {
+    const { limit = 50 } = options;
+    return this.wrapApiCall(`\u83B7\u53D6\u9875\u9762 ${pageId} \u7684\u8BC4\u8BBA`, async () => {
+      const response = await this.api.get(
+        `/content/${pageId}/child/comment`,
+        {
+          params: {
+            limit,
+            expand: "body.storage,version,extensions.inlineProperties"
+          }
+        }
+      );
+      const comments = response.data.results.map((comment) => ({
+        id: comment.id,
+        body: comment.body?.storage?.value,
+        author: comment.version?.by?.displayName,
+        createdAt: comment.version?.when,
+        location: comment.extensions?.location
+      }));
+      return {
+        pageId,
+        totalComments: response.data.size,
+        start: response.data.start,
+        limit: response.data.limit,
+        comments
+      };
+    });
+  }
+};
+function createConfluenceClient() {
+  const { host, token } = config.confluence;
+  if (!host || !token) return null;
+  return new ConfluenceClient(host, token);
+}
+var FEISHU_PREFIX_MAP = {
+  m: "story",
+  f: "issue",
+  g: "assignment"
+};
+function parseFeishuWorkItemId(workItemId) {
+  const urlMatch = workItemId.match(/project\.feishu\.cn\/[^/]+\/([^/]+)\/detail\/(\d+)/);
+  if (urlMatch) {
+    return { type: urlMatch[1], id: urlMatch[2] };
+  }
+  const prefixMatch = workItemId.match(/^([a-zA-Z]+)-(\d+)$/);
+  if (prefixMatch) {
+    const prefix = prefixMatch[1].toLowerCase();
+    return { type: FEISHU_PREFIX_MAP[prefix] || prefix, id: prefixMatch[2] };
+  }
+  if (/^\d+$/.test(workItemId)) {
+    return { type: "issue", id: workItemId };
+  }
+  throw new Error(`\u65E0\u6548\u7684\u98DE\u4E66\u5DE5\u4F5C\u9879 ID: ${workItemId.slice(0, 100)}`);
+}
+var FeishuClient = class extends BasePlatformClient {
+  projectKey;
+  pluginId;
+  pluginSecret;
+  useVirtualToken;
+  userKey;
+  pluginToken = "";
+  pluginTokenExpireTimestamp = 0;
+  tokenRefreshPromise = null;
+  tokenApi;
+  constructor(cfg = {}) {
+    super("Feishu", {
+      baseURL: "https://project.feishu.cn/open_api",
+      auth: { type: "none" },
+      timeout: 3e4
+    });
+    this.projectKey = cfg.projectKey;
+    this.pluginId = cfg.pluginId;
+    this.pluginSecret = cfg.pluginSecret;
+    this.useVirtualToken = cfg.useVirtualToken ?? false;
+    this.userKey = cfg.userKey;
+    this.tokenApi = axios2.create({ timeout: 3e4 });
+    this.api.interceptors.request.use(async (reqConfig) => {
+      const token = await this.getPluginToken();
+      if (token) {
+        reqConfig.headers["X-PLUGIN-TOKEN"] = token;
+      }
+      if (this.userKey) {
+        reqConfig.headers["X-USER-KEY"] = this.userKey;
+      }
+      reqConfig.headers["Content-Type"] = "application/json; charset=utf-8";
+      return reqConfig;
+    });
+    this.api.interceptors.response.use(
+      (response) => response,
+      async (error) => {
+        const { response, config: reqConfig } = error;
+        if ((response?.status === 401 || response?.status === 403) && reqConfig && !reqConfig._retried) {
+          this.pluginToken = "";
+          this.pluginTokenExpireTimestamp = 0;
+          reqConfig._retried = true;
+          logger.warn("\u98DE\u4E66 API \u8BA4\u8BC1\u5931\u8D25\uFF0C\u5237\u65B0 token \u540E\u91CD\u8BD5", { status: response?.status });
+          return this.api.request(reqConfig);
+        }
+        return Promise.reject(error);
+      }
+    );
+  }
+  async getPluginToken() {
+    if (!this.pluginId || !this.pluginSecret) {
+      logger.warn("\u98DE\u4E66\u9879\u76EE\u8BA4\u8BC1\u51ED\u8BC1\u7F3A\u5931 (\u9700\u8981 Plugin ID/Secret \u6216 User Token)");
+      return "";
+    }
+    if (this.pluginToken && Date.now() < this.pluginTokenExpireTimestamp) {
+      return this.pluginToken;
+    }
+    if (this.tokenRefreshPromise) {
+      return this.tokenRefreshPromise;
+    }
+    this.tokenRefreshPromise = this.refreshPluginToken();
+    try {
+      return await this.tokenRefreshPromise;
+    } finally {
+      this.tokenRefreshPromise = null;
+    }
+  }
+  async refreshPluginToken() {
+    try {
+      const url = "https://project.feishu.cn/open_api/authen/plugin_token";
+      const tokenType = this.useVirtualToken ? 1 : 0;
+      const tokenTypeName = this.useVirtualToken ? "virtual_plugin_token" : "plugin_access_token";
+      logger.debug(`\u8BF7\u6C42\u98DE\u4E66 Plugin Token (type=${tokenType}, ${tokenTypeName})`);
+      const response = await this.tokenApi.post(url, {
+        plugin_id: this.pluginId,
+        plugin_secret: this.pluginSecret,
+        type: tokenType
+      });
+      const { error: errorInfo, data: authData } = response.data;
+      if (errorInfo && errorInfo.code !== 0) {
+        logger.error("\u83B7\u53D6 Plugin Token \u5931\u8D25", {
+          code: errorInfo.code,
+          msg: errorInfo.msg,
+          tokenType: tokenTypeName
+        });
+        return "";
+      }
+      this.pluginToken = authData?.token || "";
+      if (!this.pluginToken) {
+        logger.error("Plugin Token \u4E0D\u5B58\u5728\u4E8E\u54CD\u5E94\u4E2D");
+        return "";
+      }
+      const expiresIn = authData?.expire_time || 7200;
+      this.pluginTokenExpireTimestamp = Date.now() + (expiresIn - 60) * 1e3;
+      logger.info("\u6210\u529F\u83B7\u53D6\u98DE\u4E66\u9879\u76EE Plugin Token", {
+        tokenType: tokenTypeName,
+        expiresIn
+      });
+      return this.pluginToken;
+    } catch (error) {
+      logger.error("\u83B7\u53D6\u98DE\u4E66\u9879\u76EE Plugin Token \u5931\u8D25", { error });
+      return "";
+    }
+  }
+  async getWorkItemComments(workItemTypeKey, workItemId) {
+    if (!this.projectKey || !this.userKey) {
+      return [];
+    }
+    try {
+      logger.debug(`\u5C1D\u8BD5\u83B7\u53D6\u98DE\u4E66\u5DE5\u4F5C\u9879\u8BC4\u8BBA`, {
+        workItemId,
+        workItemTypeKey
+      });
+      const response = await this.api.get(
+        `/${this.projectKey}/work_item/${workItemTypeKey}/${workItemId}/comments`
+      );
+      if (response.data.err_code !== 0) {
+        logger.warn(`\u83B7\u53D6\u98DE\u4E66\u5DE5\u4F5C\u9879\u8BC4\u8BBA\u5931\u8D25`, {
+          err_code: response.data.err_code,
+          err_msg: response.data.err_msg,
+          workItemId
+        });
+        return [];
+      }
+      const comments = response.data.data || [];
+      const { pagination } = response.data;
+      logger.info(`\u6210\u529F\u83B7\u53D6\u98DE\u4E66\u5DE5\u4F5C\u9879\u8BC4\u8BBA`, {
+        workItemId,
+        commentCount: comments.length,
+        total: pagination?.total,
+        pageNum: pagination?.page_num,
+        pageSize: pagination?.page_size
+      });
+      return comments.map((comment) => ({
+        id: String(comment.id),
+        content: comment.content,
+        workItemId: String(comment.work_item_id),
+        workItemTypeKey: comment.work_item_type_key,
+        createdAt: comment.created_at,
+        operator: comment.operator
+      }));
+    } catch (error) {
+      const errorMsg = error instanceof Error ? error.message : String(error);
+      const axiosError = error;
+      logger.error(`\u83B7\u53D6\u98DE\u4E66\u5DE5\u4F5C\u9879\u8BC4\u8BBA\u5931\u8D25 (\u53EF\u80FD\u4E0D\u652F\u6301\u8BE5 API)`, {
+        workItemId,
+        error: errorMsg,
+        status: axiosError.response?.status
+      });
+      return [];
+    }
+  }
+  async getWorkItem(workItemId) {
+    if (!this.projectKey) {
+      return failure(new Error("\u98DE\u4E66\u9879\u76EE\u914D\u7F6E\u7F3A\u5931 (\u9700\u8981 FEISHU_PROJECT_KEY)"));
+    }
+    if (!this.userKey) {
+      return failure(new Error("\u98DE\u4E66\u9879\u76EE\u914D\u7F6E\u7F3A\u5931 (\u9700\u8981 FEISHU_PROJECT_USER_KEY)"));
+    }
+    const { type: workItemTypeKey, id: actualId } = parseFeishuWorkItemId(workItemId);
+    logger.debug("\u89E3\u6790\u98DE\u4E66\u5DE5\u4F5C\u9879 ID", {
+      input: workItemId,
+      type: workItemTypeKey,
+      id: actualId
+    });
+    return this.wrapApiCall(`\u83B7\u53D6\u5DE5\u4F5C\u9879 ${actualId}`, async () => {
+      const response = await this.api.post(
+        `/${this.projectKey}/work_item/${workItemTypeKey}/query`,
+        {
+          work_item_ids: [Number.parseInt(actualId)]
+        }
+      );
+      if (response.data.err_code !== 0) {
+        throw new Error(
+          `\u98DE\u4E66 API \u9519\u8BEF (err_code=${response.data.err_code}): ${response.data.err_msg}`
+        );
+      }
+      const items = response.data.data;
+      if (!items || items.length === 0) {
+        throw new Error(`\u98DE\u4E66\u5DE5\u4F5C\u9879\u4E0D\u5B58\u5728 (${actualId})`);
+      }
+      const workItem = items[0];
+      let description = "";
+      const descField = workItem.fields?.find((f) => f.field_key === "description");
+      if (descField && "field_value" in descField) {
+        description = String(descField.field_value || "");
+      }
+      const comments = await this.getWorkItemComments(workItemTypeKey, actualId);
+      return {
+        projectKey: this.projectKey,
+        id: String(workItem.id),
+        name: workItem.name || "",
+        description,
+        work_item_type_key: workItem.work_item_type_key || workItemTypeKey,
+        work_item_type_name: workItem.work_item_type_name || workItem.work_item_type_key || workItemTypeKey,
+        comments
+      };
+    });
+  }
+};
+function createFeishuClient() {
+  const { projectKey, pluginId, pluginSecret } = config.feishuProject;
+  if (!projectKey || !pluginId || !pluginSecret) return null;
+  return new FeishuClient({
+    projectKey,
+    pluginId,
+    pluginSecret,
+    useVirtualToken: config.feishuProject.useVirtualToken,
+    userKey: config.feishuProject.userKey
+  });
+}
+var FEISHU_OPEN_DOC_TYPE_MAP = {
+  docx: "docx",
+  doc: "doc",
+  sheet: "sheet",
+  sheets: "sheet",
+  wiki: "docx",
+  base: "file",
+  slides: "slides"
+};
+function parseFeishuDocumentId(input) {
+  const urlMatch = input.match(/\.feishu\.cn\/([a-z]+)\/([A-Za-z0-9]+)/);
+  if (urlMatch) {
+    const rawType = urlMatch[1];
+    const fileType = FEISHU_OPEN_DOC_TYPE_MAP[rawType] || "docx";
+    return { documentId: urlMatch[2], fileType, isWiki: rawType === "wiki" };
+  }
+  if (/^[A-Za-z0-9]{6,}$/.test(input)) {
+    return { documentId: input, fileType: "docx", isWiki: false };
+  }
+  throw new Error(`\u65E0\u6548\u7684\u98DE\u4E66\u6587\u6863\u6807\u8BC6: ${input.slice(0, 100)}`);
+}
+function extractReplyText(reply) {
+  return (reply.content?.elements || []).filter((el) => el.type === "text_run" && el.text_run?.text).map((el) => el.text_run.text).join("");
+}
+var PARAGRAPH_BLOCK_TYPE = 2;
+var sdkLogger = {
+  error: (...msg) => logger.error("FeishuSDK", { detail: msg.length === 1 ? msg[0] : msg }),
+  warn: (...msg) => logger.warn("FeishuSDK", { detail: msg.length === 1 ? msg[0] : msg }),
+  info: (...msg) => logger.info("FeishuSDK", { detail: msg.length === 1 ? msg[0] : msg }),
+  debug: (...msg) => logger.debug("FeishuSDK", { detail: msg.length === 1 ? msg[0] : msg }),
+  trace: (...msg) => logger.debug("FeishuSDK:trace", { detail: msg.length === 1 ? msg[0] : msg })
+};
+var FeishuOpenClient = class {
+  client;
+  constructor(cfg) {
+    this.client = new lark.Client({
+      appId: cfg.appId,
+      appSecret: cfg.appSecret,
+      loggerLevel: lark.LoggerLevel.warn,
+      logger: sdkLogger
+    });
+    logger.info("FeishuOpen \u5BA2\u6237\u7AEF\u5DF2\u521D\u59CB\u5316", { appId: cfg.appId });
+  }
+  /**
+   * 通过 wiki token 获取实际的 document_id 和文档类型
+   * wiki 页面的 token 与 document_id 不同，需要先解析
+   */
+  async resolveWikiToken(wikiToken) {
+    const res = await this.client.wiki.space.getNode({
+      params: { token: wikiToken }
+    });
+    if (res.code !== 0) {
+      throw new Error(`\u89E3\u6790 Wiki token \u5931\u8D25 (code=${res.code}): ${res.msg}`);
+    }
+    const node = res.data?.node;
+    if (!node?.obj_token) {
+      throw new Error("\u89E3\u6790 Wiki token \u6210\u529F\u4F46\u672A\u8FD4\u56DE obj_token");
+    }
+    return { objToken: node.obj_token, objType: node.obj_type ?? "docx" };
+  }
+  async getDocumentContent(documentId) {
+    const res = await this.client.docx.document.rawContent({
+      path: { document_id: documentId }
+    });
+    if (res.code !== 0) {
+      throw new Error(`\u83B7\u53D6\u6587\u6863\u5185\u5BB9\u5931\u8D25 (code=${res.code}): ${res.msg}`);
+    }
+    return res.data?.content ?? "";
+  }
+  async getDocumentComments(fileToken, fileType) {
+    const comments = [];
+    let pageToken;
+    for (let page = 0; page < 5; page++) {
+      try {
+        const res = await this.client.drive.fileComment.list({
+          path: { file_token: fileToken },
+          params: {
+            file_type: fileType,
+            page_size: 50,
+            ...pageToken ? { page_token: pageToken } : {}
+          }
+        });
+        if (res.code !== 0) {
+          logger.warn("\u83B7\u53D6\u6587\u6863\u8BC4\u8BBA\u5931\u8D25", { code: res.code, msg: res.msg, fileToken });
+          break;
+        }
+        for (const item of res.data?.items ?? []) {
+          const replies = item.reply_list?.replies ?? [];
+          const content = replies.map(extractReplyText).filter(Boolean).join("\n");
+          if (content && item.comment_id) {
+            comments.push({
+              commentId: item.comment_id,
+              content,
+              userId: item.user_id ?? "unknown",
+              createTime: item.create_time ?? 0,
+              isSolved: item.is_solved ?? false
+            });
+          }
+        }
+        if (!res.data?.has_more) break;
+        pageToken = res.data.page_token;
+      } catch (error) {
+        logger.warn("\u83B7\u53D6\u6587\u6863\u8BC4\u8BBA\u5931\u8D25\uFF08\u53EF\u80FD\u65E0\u6743\u9650\uFF09", {
+          fileToken,
+          ...extractHttpErrorDetail(error)
+        });
+        break;
+      }
+    }
+    return comments;
+  }
+  /**
+   * 将纯文本按段落拆分为飞书文档 block 结构
+   */
+  textToBlocks(content) {
+    return content.split("\n").map((line) => ({
+      block_type: PARAGRAPH_BLOCK_TYPE,
+      paragraph: {
+        elements: [{ text_run: { content: line } }]
+      }
+    }));
+  }
+  async createDocument(title, content, folderToken) {
+    try {
+      const createRes = await this.client.docx.document.create({
+        data: {
+          title,
+          ...folderToken ? { folder_token: folderToken } : {}
+        }
+      });
+      if (createRes.code !== 0) {
+        throw new Error(`\u521B\u5EFA\u6587\u6863\u5931\u8D25 (code=${createRes.code}): ${createRes.msg}`);
+      }
+      const documentId = createRes.data?.document?.document_id;
+      if (!documentId) {
+        throw new Error("\u521B\u5EFA\u6587\u6863\u6210\u529F\u4F46\u672A\u8FD4\u56DE document_id");
+      }
+      if (content.trim()) {
+        const blocks = this.textToBlocks(content);
+        const writeRes = await this.client.docx.documentBlockChildren.create({
+          path: { document_id: documentId, block_id: documentId },
+          data: { children: blocks, index: 0 }
+        });
+        if (writeRes.code !== 0) {
+          logger.warn("\u6587\u6863\u5DF2\u521B\u5EFA\u4F46\u5199\u5165\u5185\u5BB9\u5931\u8D25", {
+            documentId,
+            code: writeRes.code,
+            msg: writeRes.msg
+          });
+        }
+      }
+      const url = `https://feishu.cn/docx/${documentId}`;
+      logger.info("\u6210\u529F\u521B\u5EFA\u98DE\u4E66\u6587\u6863", { documentId, title });
+      return success({ documentId, title, url });
+    } catch (error) {
+      const detail = extractHttpErrorDetail(error);
+      logger.error("FeishuOpen: \u521B\u5EFA\u6587\u6863\u5931\u8D25", { ...detail, title });
+      const msg = error instanceof Error ? error.message : String(error);
+      return failure(new Error(`FeishuOpen \u521B\u5EFA\u6587\u6863\u5931\u8D25: ${msg}`));
+    }
+  }
+  async updateDocument(documentInput, content) {
+    const parsed = parseFeishuDocumentId(documentInput);
+    let { documentId } = parsed;
+    try {
+      if (parsed.isWiki) {
+        const wiki = await this.resolveWikiToken(documentId);
+        documentId = wiki.objToken;
+      }
+      const childrenRes = await this.client.docx.documentBlockChildren.get({
+        path: { document_id: documentId, block_id: documentId },
+        params: { page_size: 500 }
+      });
+      if (childrenRes.code !== 0) {
+        throw new Error(`\u83B7\u53D6\u6587\u6863\u5B50\u5757\u5931\u8D25 (code=${childrenRes.code}): ${childrenRes.msg}`);
+      }
+      const items = childrenRes.data?.items ?? [];
+      if (items.length > 0) {
+        const deleteRes = await this.client.docx.documentBlockChildren.batchDelete({
+          path: { document_id: documentId, block_id: documentId },
+          data: { start_index: 0, end_index: items.length }
+        });
+        if (deleteRes.code !== 0) {
+          throw new Error(`\u5220\u9664\u6587\u6863\u5B50\u5757\u5931\u8D25 (code=${deleteRes.code}): ${deleteRes.msg}`);
+        }
+      }
+      if (content.trim()) {
+        const blocks = this.textToBlocks(content);
+        const writeRes = await this.client.docx.documentBlockChildren.create({
+          path: { document_id: documentId, block_id: documentId },
+          data: { children: blocks, index: 0 }
+        });
+        if (writeRes.code !== 0) {
+          throw new Error(`\u5199\u5165\u6587\u6863\u5185\u5BB9\u5931\u8D25 (code=${writeRes.code}): ${writeRes.msg}`);
+        }
+      }
+      const url = `https://feishu.cn/docx/${documentId}`;
+      logger.info("\u6210\u529F\u66F4\u65B0\u98DE\u4E66\u6587\u6863", { documentId });
+      return success({ documentId, url });
+    } catch (error) {
+      const detail = extractHttpErrorDetail(error);
+      logger.error(`FeishuOpen: \u66F4\u65B0\u6587\u6863 ${documentId} \u5931\u8D25`, detail);
+      const msg = error instanceof Error ? error.message : String(error);
+      return failure(new Error(`FeishuOpen \u66F4\u65B0\u6587\u6863 ${documentId} \u5931\u8D25: ${msg}`));
+    }
+  }
+  async getDocument(documentInput) {
+    const parsed = parseFeishuDocumentId(documentInput);
+    let { documentId } = parsed;
+    let { fileType } = parsed;
+    logger.debug("\u89E3\u6790\u98DE\u4E66\u6587\u6863\u6807\u8BC6", { input: documentInput, documentId, fileType });
+    try {
+      if (parsed.isWiki) {
+        const wiki = await this.resolveWikiToken(documentId);
+        logger.debug("Wiki token \u5DF2\u89E3\u6790", { wikiToken: documentId, objToken: wiki.objToken, objType: wiki.objType });
+        documentId = wiki.objToken;
+        fileType = wiki.objType;
+      }
+      const content = await this.getDocumentContent(documentId);
+      const comments = await this.getDocumentComments(documentId, fileType);
+      return success({
+        documentId,
+        fileType,
+        content,
+        comments: comments.length > 0 ? comments : void 0
+      });
+    } catch (error) {
+      const detail = extractHttpErrorDetail(error);
+      logger.error(`FeishuOpen: \u83B7\u53D6\u6587\u6863 ${documentId} \u5931\u8D25`, detail);
+      const msg = error instanceof Error ? error.message : String(error);
+      return failure(new Error(`FeishuOpen \u83B7\u53D6\u6587\u6863 ${documentId} \u5931\u8D25: ${msg}`));
+    }
+  }
+};
+
+// src/services/platforms/JiraClient.ts
+var JiraClient = class extends BasePlatformClient {
+  constructor(host, username, token) {
+    super("Jira", {
+      baseURL: host,
+      auth: { type: "basic", username, password: token },
+      timeout: 3e4
+    });
+    this.api.defaults.headers.common["Accept"] = "application/json";
+  }
+  async getIssue(issueKey) {
+    return this.wrapApiCall(`\u83B7\u53D6\u4EFB\u52A1 ${issueKey}`, async () => {
+      const url = `/rest/api/2/issue/${issueKey}?fields=summary,description,status,issuetype,comment`;
+      const response = await this.api.get(url);
+      return response.data;
+    });
+  }
+};
+function createJiraClient() {
+  const { host, username, token } = config.jira;
+  if (!host || !username || !token) return null;
+  return new JiraClient(host, username, token);
+}
+
+// src/services/mcpService.ts
+function toToolResult(result) {
+  if (!result.success) {
+    return {
+      content: [{ type: "text", text: `Error: ${result.error.message}` }],
+      isError: true
+    };
+  }
+  const toolResult = {
+    content: [{ type: "text", text: JSON.stringify(result.data, null, 2) }]
+  };
+  if (typeof result.data === "object" && result.data !== null && !Array.isArray(result.data)) {
+    toolResult.structuredContent = result.data;
+  }
+  return toolResult;
+}
+function truncateDiff(diffContent, maxSize, context) {
+  const byteLength = Buffer.byteLength(diffContent, "utf-8");
+  if (byteLength <= maxSize) {
+    return diffContent;
+  }
+  const originalSizeMB = (byteLength / 1024 / 1024).toFixed(2);
+  const maxSizeMB = (maxSize / 1024 / 1024).toFixed(2);
+  logger.warn("Diff \u5185\u5BB9\u8FC7\u5927\uFF0C\u5DF2\u622A\u65AD", {
+    project: context.project,
+    repository: context.repository,
+    prId: context.prId,
+    originalSize: byteLength,
+    maxSize,
+    originalSizeMB,
+    maxSizeMB
+  });
+  const buf = Buffer.from(diffContent, "utf-8");
+  let cutoff = Math.min(maxSize, buf.length);
+  const truncatedBuf = buf.subarray(0, cutoff);
+  const lastNewline = truncatedBuf.lastIndexOf(10);
+  if (lastNewline !== -1) {
+    cutoff = lastNewline;
+  } else {
+    while (cutoff > 0 && (buf[cutoff] & 192) === 128) {
+      cutoff--;
+    }
+  }
+  const truncatedContent = buf.subarray(0, cutoff).toString("utf-8");
+  const warningMessage = `\u26A0\uFE0F  Diff \u5185\u5BB9\u8FC7\u5927 (${originalSizeMB}MB)\uFF0C\u5DF2\u622A\u65AD\u81F3 ${maxSizeMB}MB
+\u5B8C\u6574 diff \u5171 ${byteLength.toLocaleString()} \u5B57\u8282\uFF0C\u5F53\u524D\u663E\u793A\u524D ${cutoff.toLocaleString()} \u5B57\u8282
+\u5EFA\u8BAE\uFF1A\u4F7F\u7528\u66F4\u5C0F\u7684 contextLines \u53C2\u6570\u6216\u76F4\u63A5\u5728 Bitbucket \u4E2D\u67E5\u770B
+
+${"=".repeat(80)}
+
+`;
+  return `${warningMessage + truncatedContent}
+
+${"=".repeat(80)}
+
+\u26A0\uFE0F  \u5185\u5BB9\u5DF2\u622A\u65AD\uFF0C\u5269\u4F59 ${(byteLength - cutoff).toLocaleString()} \u5B57\u8282\u672A\u663E\u793A
+`;
+}
+var McpService = class _McpService {
+  bitbucketClient;
+  jiraClient;
+  confluenceClient;
+  feishuClient;
+  feishuOpenClient;
+  constructor(bitbucketClient = null, jiraClient = null, confluenceClient = null, feishuClient = null, feishuOpenClient = null) {
+    this.bitbucketClient = bitbucketClient;
+    this.jiraClient = jiraClient;
+    this.confluenceClient = confluenceClient;
+    this.feishuClient = feishuClient;
+    this.feishuOpenClient = feishuOpenClient;
+  }
+  requireClient(client, name) {
+    if (!client) throw new Error(`${name}\u5BA2\u6237\u7AEF\u672A\u914D\u7F6E`);
+    return client;
+  }
+  requireBitbucket() {
+    return this.requireClient(this.bitbucketClient, "Bitbucket");
+  }
+  requireJira() {
+    return this.requireClient(this.jiraClient, "Jira");
+  }
+  requireConfluence() {
+    return this.requireClient(this.confluenceClient, "Confluence");
+  }
+  requireFeishu() {
+    return this.requireClient(this.feishuClient, "\u98DE\u4E66");
+  }
+  requireFeishuOpen() {
+    return this.requireClient(this.feishuOpenClient, "\u98DE\u4E66\u5F00\u653E\u5E73\u53F0");
+  }
+  static create() {
+    const bitbucket = createBitbucketClient();
+    const jira = createJiraClient();
+    const confluence = createConfluenceClient();
+    const feishu = createFeishuClient();
+    const feishuOpen = config.feishuOpen.appId && config.feishuOpen.appSecret ? new FeishuOpenClient({ appId: config.feishuOpen.appId, appSecret: config.feishuOpen.appSecret }) : null;
+    const platforms = {
+      bitbucket: !!bitbucket,
+      jira: !!jira,
+      confluence: !!confluence,
+      feishu: !!feishu,
+      feishuOpen: !!feishuOpen
+    };
+    logger.info("\u5E73\u53F0\u5BA2\u6237\u7AEF\u521D\u59CB\u5316\u5B8C\u6210", platforms);
+    return new _McpService(bitbucket, jira, confluence, feishu, feishuOpen);
+  }
+  /**
+   * 获取 PR diff（含截断逻辑）
+   * 保留在 McpService 中因为有独立的业务逻辑
+   */
+  async getDiff(params, contextLines = 10, maxSize = config.mcp.maxDiffSize) {
+    const client = this.requireBitbucket();
+    const result = await client.getPullRequestDiff(params, contextLines);
+    if (!result.success) {
+      return toToolResult(result);
+    }
+    const diffContent = truncateDiff(result.data, maxSize, params);
+    return {
+      content: [{ type: "text", text: diffContent }]
+    };
+  }
+};
+var pullRequestSchema = z.object({
+  id: z.number(),
+  title: z.string(),
+  description: z.string().optional(),
+  state: z.string(),
+  author: z.object({ displayName: z.string().optional() }).optional(),
+  fromRef: z.object({ displayId: z.string().optional() }).optional(),
+  toRef: z.object({ displayId: z.string().optional() }).optional()
+});
+var jiraIssueSchema = z.object({
+  key: z.string(),
+  fields: z.object({
+    summary: z.string(),
+    description: z.string().optional(),
+    status: z.object({ name: z.string() }),
+    issuetype: z.object({ name: z.string() }),
+    comment: z.object({
+      comments: z.array(
+        z.object({
+          body: z.string(),
+          author: z.object({ displayName: z.string() }),
+          created: z.string()
+        })
+      )
+    }).optional()
+  })
+});
+var confluencePageSchema = z.object({
+  id: z.string(),
+  type: z.string(),
+  title: z.string(),
+  space: z.object({ key: z.string().optional(), name: z.string().optional() }),
+  version: z.object({
+    number: z.number().optional(),
+    when: z.string().optional(),
+    by: z.string().optional()
+  }),
+  body: z.object({ storage: z.string().optional() }),
+  history: z.object({
+    createdBy: z.string().optional(),
+    createdDate: z.string().optional()
+  }),
+  webUrl: z.string()
+});
+var confluenceChildPageSchema = z.object({
+  id: z.string(),
+  type: z.string(),
+  title: z.string(),
+  status: z.string(),
+  space: z.object({ key: z.string().optional(), name: z.string().optional() }),
+  version: z.object({
+    number: z.number().optional(),
+    when: z.string().optional(),
+    by: z.string().optional()
+  }),
+  webUrl: z.string(),
+  position: z.string().optional()
+});
+var confluenceChildPagesResultSchema = z.object({
+  parentPageId: z.string(),
+  totalChildren: z.number(),
+  start: z.number(),
+  limit: z.number(),
+  children: z.array(confluenceChildPageSchema)
+});
+var confluenceCommentSchema = z.object({
+  id: z.string(),
+  body: z.string().optional(),
+  author: z.string().optional(),
+  createdAt: z.string().optional(),
+  location: z.string().optional()
+});
+var confluenceCommentsResultSchema = z.object({
+  pageId: z.string(),
+  totalComments: z.number(),
+  start: z.number(),
+  limit: z.number(),
+  comments: z.array(confluenceCommentSchema)
+});
+var feishuCommentSchema = z.object({
+  id: z.string(),
+  content: z.string(),
+  workItemId: z.string(),
+  workItemTypeKey: z.string(),
+  createdAt: z.number(),
+  operator: z.string()
+});
+var feishuWorkItemSchema = z.object({
+  projectKey: z.string(),
+  id: z.string(),
+  name: z.string(),
+  description: z.string().optional(),
+  work_item_type_key: z.string(),
+  work_item_type_name: z.string().optional(),
+  comments: z.array(feishuCommentSchema).optional()
+});
+var feishuDocCommentSchema = z.object({
+  commentId: z.string(),
+  content: z.string(),
+  userId: z.string(),
+  createTime: z.number(),
+  isSolved: z.boolean()
+});
+var feishuDocumentSchema = z.object({
+  documentId: z.string(),
+  fileType: z.string(),
+  content: z.string(),
+  comments: z.array(feishuDocCommentSchema).optional()
+});
+var feishuDocumentCreateResultSchema = z.object({
+  documentId: z.string(),
+  title: z.string(),
+  url: z.string()
+});
+var feishuDocumentUpdateResultSchema = z.object({
+  documentId: z.string(),
+  url: z.string()
+});
+
+// src/mcp/tools/types.ts
+function defineTool(name, config2, handler) {
+  return { name, config: config2, handler };
+}
+
+// src/mcp/tools/bitbucket-tools.ts
+function defineBitbucketTools() {
+  return [
+    defineTool(
+      "get_pull_request",
+      {
+        description: "Get pull request details from Bitbucket",
+        inputSchema: z.object({
+          project: z.string().min(1).regex(/^[a-zA-Z0-9_~.-]+$/).describe("Bitbucket project key"),
+          repository: z.string().min(1).regex(/^[a-zA-Z0-9_~.-]+$/).describe("Repository slug"),
+          prId: z.number().int().positive().describe("Pull request ID")
+        }),
+        outputSchema: pullRequestSchema
+      },
+      async (args, service) => {
+        const client = service.requireBitbucket();
+        return toToolResult(await client.getPullRequest(args));
+      }
+    ),
+    defineTool(
+      "get_diff",
+      {
+        description: "Get pull request diff from Bitbucket",
+        inputSchema: z.object({
+          project: z.string().min(1).regex(/^[a-zA-Z0-9_~.-]+$/).describe("Bitbucket project key"),
+          repository: z.string().min(1).regex(/^[a-zA-Z0-9_~.-]+$/).describe("Repository slug"),
+          prId: z.number().int().positive().describe("Pull request ID"),
+          contextLines: z.number().int().nonnegative().describe("Number of context lines").optional()
+        })
+      },
+      async ({ project, repository, prId, contextLines }, service) => {
+        return service.getDiff({ project, repository, prId }, contextLines);
+      }
+    )
+  ];
+}
+function defineConfluenceTools() {
+  return [
+    defineTool(
+      "get_confluence_page",
+      {
+        description: "Get Confluence page content by page ID",
+        inputSchema: z.object({
+          pageId: z.string().min(1).regex(/^\d+$/).describe("Confluence page ID")
+        }),
+        outputSchema: confluencePageSchema
+      },
+      async ({ pageId }, service) => {
+        const client = service.requireConfluence();
+        return toToolResult(await client.getPage(pageId));
+      }
+    ),
+    defineTool(
+      "get_confluence_child_pages",
+      {
+        description: "Get child pages of a Confluence page",
+        inputSchema: z.object({
+          pageId: z.string().min(1).regex(/^\d+$/).describe("Confluence page ID"),
+          limit: z.number().int().positive().max(200).describe("Maximum number of child pages to return (default: 50)").optional(),
+          expand: z.string().regex(/^[a-zA-Z.,]+$/).describe("Fields to expand (default: version,space)").optional()
+        }),
+        outputSchema: confluenceChildPagesResultSchema
+      },
+      async ({ pageId, limit, expand }, service) => {
+        const client = service.requireConfluence();
+        return toToolResult(await client.getChildPages(pageId, { limit, expand }));
+      }
+    ),
+    defineTool(
+      "get_confluence_page_comments",
+      {
+        description: "Get comments on a Confluence page",
+        inputSchema: z.object({
+          pageId: z.string().min(1).regex(/^\d+$/).describe("Confluence page ID"),
+          limit: z.number().int().positive().max(200).describe("Maximum number of comments to return (default: 50)").optional()
+        }),
+        outputSchema: confluenceCommentsResultSchema
+      },
+      async ({ pageId, limit }, service) => {
+        const client = service.requireConfluence();
+        return toToolResult(await client.getPageComments(pageId, { limit }));
+      }
+    )
+  ];
+}
+function defineFeishuOpenTools() {
+  return [
+    defineTool(
+      "get_feishu_document",
+      {
+        description: "Get Feishu cloud document content and comments. Supports URL or document token.",
+        inputSchema: z.object({
+          documentId: z.string().describe(
+            "Document identifier. Formats: (1) URL: https://xxx.feishu.cn/docx/ABC123DEF456; (2) Token: ABC123DEF456"
+          )
+        }),
+        outputSchema: feishuDocumentSchema
+      },
+      async ({ documentId }, service) => {
+        const client = service.requireFeishuOpen();
+        return toToolResult(await client.getDocument(documentId));
+      }
+    ),
+    defineTool(
+      "create_feishu_document",
+      {
+        description: "Create a new Feishu cloud document with title and content.",
+        inputSchema: z.object({
+          title: z.string().min(1).describe("Document title"),
+          content: z.string().describe("Document body content (plain text, one paragraph per line)"),
+          folderToken: z.string().describe("Folder token to create the document in (optional)").optional()
+        }),
+        outputSchema: feishuDocumentCreateResultSchema
+      },
+      async ({ title, content, folderToken }, service) => {
+        const client = service.requireFeishuOpen();
+        return toToolResult(await client.createDocument(title, content, folderToken));
+      }
+    ),
+    defineTool(
+      "update_feishu_document",
+      {
+        description: "Update an existing Feishu cloud document content. Replaces all existing content with new content.",
+        inputSchema: z.object({
+          documentId: z.string().describe(
+            "Document identifier. Formats: (1) URL: https://xxx.feishu.cn/docx/ABC123DEF456 or https://xxx.feishu.cn/wiki/ABC123; (2) Token: ABC123DEF456"
+          ),
+          content: z.string().describe("New document body content (plain text, one paragraph per line). Replaces all existing content.")
+        }),
+        outputSchema: feishuDocumentUpdateResultSchema
+      },
+      async ({ documentId, content }, service) => {
+        const client = service.requireFeishuOpen();
+        return toToolResult(await client.updateDocument(documentId, content));
+      }
+    )
+  ];
+}
+function defineFeishuTools() {
+  return [
+    defineTool(
+      "get_feishu_work_item",
+      {
+        description: "Get Feishu project work item details. Supports URL, prefixed ID, or pure number.",
+        inputSchema: z.object({
+          workItemId: z.string().describe(
+            "Work item identifier. Formats: (1) URL: https://project.feishu.cn/example/issue/detail/12345678; (2) Prefixed: f-12345678, m-1234567890; (3) Number: 12345678"
+          )
+        }),
+        outputSchema: feishuWorkItemSchema
+      },
+      async ({ workItemId }, service) => {
+        const client = service.requireFeishu();
+        return toToolResult(await client.getWorkItem(workItemId));
+      }
+    )
+  ];
+}
+function defineJiraTools() {
+  return [
+    defineTool(
+      "get_jira_issue",
+      {
+        description: "Get Jira issue details",
+        inputSchema: z.object({
+          issueKey: z.string().min(1).regex(/^[A-Z][A-Z0-9_]+-\d+$/).describe("Jira issue key (e.g., PROJ-123)")
+        }),
+        outputSchema: jiraIssueSchema
+      },
+      async ({ issueKey }, service) => {
+        const client = service.requireJira();
+        return toToolResult(await client.getIssue(issueKey));
+      }
+    )
+  ];
+}
+
+// src/mcp/tools/index.ts
+var cachedDefinitions = null;
+function collectToolDefinitions() {
+  if (cachedDefinitions) return cachedDefinitions;
+  const definitions = [];
+  if (platformAvailability.bitbucket) {
+    const tools = defineBitbucketTools();
+    definitions.push(...tools);
+    logger.debug("\u5DF2\u6CE8\u518C Bitbucket \u5DE5\u5177", { tools: tools.map((t) => t.name) });
+  }
+  if (platformAvailability.jira) {
+    const tools = defineJiraTools();
+    definitions.push(...tools);
+    logger.debug("\u5DF2\u6CE8\u518C Jira \u5DE5\u5177", { tools: tools.map((t) => t.name) });
+  }
+  if (platformAvailability.confluence) {
+    const tools = defineConfluenceTools();
+    definitions.push(...tools);
+    logger.debug("\u5DF2\u6CE8\u518C Confluence \u5DE5\u5177", { tools: tools.map((t) => t.name) });
+  }
+  if (platformAvailability.feishu) {
+    const tools = defineFeishuTools();
+    definitions.push(...tools);
+    logger.debug("\u5DF2\u6CE8\u518C Feishu \u5DE5\u5177", { tools: tools.map((t) => t.name) });
+  }
+  if (platformAvailability.feishuOpen) {
+    const tools = defineFeishuOpenTools();
+    definitions.push(...tools);
+    logger.debug("\u5DF2\u6CE8\u518C FeishuOpen \u5DE5\u5177", { tools: tools.map((t) => t.name) });
+  }
+  cachedDefinitions = definitions;
+  return definitions;
+}
+
+// src/mcp/server-factory.ts
+async function safeToolCall(toolName, handler) {
+  const startTime = Date.now();
+  logger.debug("MCP \u5DE5\u5177\u8C03\u7528\u5F00\u59CB", { toolName });
+  try {
+    const result = await handler();
+    const durationMs = Date.now() - startTime;
+    logger.debug("MCP \u5DE5\u5177\u8C03\u7528\u5B8C\u6210", {
+      toolName,
+      durationMs,
+      isError: result.isError ?? false
+    });
+    return result;
+  } catch (error) {
+    const durationMs = Date.now() - startTime;
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    logger.error("MCP \u5DE5\u5177\u8C03\u7528\u5F02\u5E38", { toolName, durationMs, error: errorMessage });
+    const safeMessage = errorMessage.includes("://") ? `${toolName} \u8C03\u7528\u5931\u8D25\uFF0C\u8BF7\u68C0\u67E5\u53C2\u6570\u6216\u7A0D\u540E\u91CD\u8BD5` : errorMessage;
+    return {
+      content: [{ type: "text", text: `Error: ${safeMessage}` }],
+      isError: true
+    };
+  }
+}
+function createMcpServer(mcpService) {
+  const service = mcpService ?? McpService.create();
+  const server = new McpServer(
+    {
+      name: "@fineorg/mcp-server",
+      version: config.version
+    },
+    {
+      capabilities: {
+        tools: {}
+      }
+    }
+  );
+  for (const tool of collectToolDefinitions()) {
+    server.registerTool(
+      tool.name,
+      tool.config,
+      (args) => safeToolCall(tool.name, () => tool.handler(args, service))
+    );
+  }
+  return server;
+}
+
+// src/mcp/session-manager.ts
+var sharedService;
+function getSharedService() {
+  if (!sharedService) sharedService = McpService.create();
+  return sharedService;
+}
+function isSessionLimitReached(currentSize) {
+  return currentSize >= config.mcp.maxSessions;
+}
+function jsonRpcError(code, message) {
+  return JSON.stringify({
+    jsonrpc: "2.0",
+    error: { code, message },
+    id: null
+  });
+}
+
+// src/mcp/startup.ts
+var SESSION_CLEANUP_INTERVAL_MS = 5 * 60 * 1e3;
+function bootstrapServer() {
+  try {
+    initLogger();
+    validateConfig();
+    logger.info("\u914D\u7F6E\u9A8C\u8BC1\u901A\u8FC7");
+    validateMcpStartup();
+  } catch (error) {
+    logger.error("\u542F\u52A8\u9A8C\u8BC1\u5931\u8D25", {
+      error: error instanceof Error ? error.message : String(error)
+    });
+    process.exit(1);
+  }
+}
+function logStartupInfo(transport) {
+  const authStatus = getMcpAuthStatus();
+  const baseInfo = {
+    authEnabled: authStatus.authEnabled,
+    hasAllowedClients: authStatus.hasAllowedClients
+  };
+  {
+    const transportConfig = config.mcp.http;
+    baseInfo.host = transportConfig.host;
+    baseInfo.port = transportConfig.port;
+  }
+  logger.info(`MCP Server (${transport}) \u542F\u52A8`, baseInfo);
+}
+function handleHealthCheck(res, transport) {
+  const health = {
+    status: "ok",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    transport
+  };
+  res.writeHead(200, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(health));
+}
+function registerGracefulShutdown(httpServer, cleanup, transport) {
+  const shutdown = async () => {
+    logger.info(`\u6B63\u5728\u5173\u95ED MCP Server (${transport})`);
+    await cleanup();
+    httpServer.close((error) => {
+      if (error) {
+        logger.error("\u5173\u95ED HTTP \u670D\u52A1\u5668\u5931\u8D25", {
+          error: error instanceof Error ? error.message : String(error)
+        });
+        process.exit(1);
+      }
+      logger.info(`MCP Server (${transport}) \u5DF2\u5173\u95ED`);
+      process.exit(0);
+    });
+    setTimeout(() => {
+      logger.warn("\u5F3A\u5236\u9000\u51FA MCP Server");
+      process.exit(1);
+    }, 1e4);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+}
+function startSessionCleanup(sessions2, transport) {
+  return setInterval(async () => {
+    const now = Date.now();
+    let cleaned = 0;
+    for (const [sessionId, session] of sessions2.entries()) {
+      if (now - session.lastActivity > config.mcp.sessionTimeoutMs) {
+        try {
+          await session.close();
+        } catch (error) {
+          logger.error("\u6E05\u7406\u8FC7\u671F\u4F1A\u8BDD\u5931\u8D25", {
+            sessionId,
+            error: error instanceof Error ? error.message : String(error)
+          });
+        }
+        sessions2.delete(sessionId);
+        cleaned++;
+      }
+    }
+    if (cleaned > 0) {
+      logger.info(`\u6E05\u7406\u8FC7\u671F ${transport} \u4F1A\u8BDD`, {
+        cleaned,
+        remaining: sessions2.size
+      });
+    }
+  }, SESSION_CLEANUP_INTERVAL_MS);
+}
+function runMain(main) {
+  bootstrapServer();
+  main().catch((error) => {
+    logger.error("MCP Server \u53D1\u751F\u672A\u6355\u83B7\u9519\u8BEF", { error });
+    process.exit(1);
+  });
+}
+
+// src/index-http.ts
+var sessions = /* @__PURE__ */ new Map();
+function getClientIp(req) {
+  if (config.mcp.trustProxy) {
+    const forwarded = req.headers["x-forwarded-for"];
+    const firstIp = (Array.isArray(forwarded) ? forwarded[0] : forwarded)?.split(",")[0]?.trim();
+    if (firstIp) return firstIp;
+  }
+  return req.socket.remoteAddress || "unknown";
+}
+function validatePostRequest(req, res) {
+  if (!validateHttpAuth(req)) {
+    res.writeHead(401, { "Content-Type": "application/json" });
+    res.end(jsonRpcError(-32e3, "Unauthorized"));
+    return false;
+  }
+  const contentType = req.headers["content-type"];
+  if (contentType && !contentType.includes("application/json")) {
+    logger.warn("\u4E0D\u652F\u6301\u7684 Content-Type", {
+      contentType,
+      ip: getClientIp(req)
+    });
+    res.writeHead(415, { "Content-Type": "application/json" });
+    res.end(jsonRpcError(-32600, "Unsupported Media Type: expected application/json"));
+    return false;
+  }
+  return true;
+}
+async function parseRequestBody(req, res) {
+  const { maxBodySize } = config.mcp;
+  try {
+    const buffers = [];
+    let totalSize = 0;
+    for await (const chunk of req) {
+      totalSize += chunk.length;
+      if (totalSize > maxBodySize) {
+        logger.warn("\u8BF7\u6C42\u4F53\u8FC7\u5927", {
+          readBytes: totalSize,
+          maxBodySize,
+          ip: getClientIp(req)
+        });
+        res.writeHead(413, { "Content-Type": "application/json" });
+        res.end(jsonRpcError(-32600, "Request body too large"));
+        return void 0;
+      }
+      buffers.push(chunk);
+    }
+    const bodyStr = Buffer.concat(buffers).toString();
+    if (bodyStr) {
+      return JSON.parse(bodyStr);
+    }
+    return void 0;
+  } catch (error) {
+    logger.error("\u89E3\u6790\u8BF7\u6C42\u4F53\u5931\u8D25", {
+      error: error instanceof Error ? error.message : String(error)
+    });
+    res.writeHead(400, { "Content-Type": "application/json" });
+    res.end(jsonRpcError(-32600, "Invalid JSON"));
+    return void 0;
+  }
+}
+async function handleExistingSession(req, res, sessionId, body) {
+  if (sessionId && sessions.has(sessionId)) {
+    const session = sessions.get(sessionId);
+    session.lastActivity = Date.now();
+    logger.debug("\u5904\u7406\u73B0\u6709\u4F1A\u8BDD\u8BF7\u6C42", { sessionId });
+    try {
+      await session.transport.handleRequest(req, res, body);
+    } catch (error) {
+      logger.error("\u5904\u7406\u4F1A\u8BDD\u8BF7\u6C42\u5931\u8D25", {
+        sessionId,
+        error: error instanceof Error ? error.message : String(error)
+      });
+      if (!res.headersSent) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(jsonRpcError(-32e3, "Internal server error"));
+      }
+    }
+    return true;
+  }
+  if (sessionId && !sessions.has(sessionId)) {
+    logger.info("\u4F1A\u8BDD\u4E0D\u5B58\u5728\u6216\u5DF2\u8FC7\u671F\uFF0C\u5BA2\u6237\u7AEF\u9700\u91CD\u65B0\u521D\u59CB\u5316", { sessionId });
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(jsonRpcError(-32e3, "Session not found. Please reinitialize."));
+    return true;
+  }
+  return false;
+}
+async function handleNewSession(req, res, sessionId, body) {
+  if (sessionId || !body || !isInitializeRequest(body)) {
+    return false;
+  }
+  if (isSessionLimitReached(sessions.size)) {
+    logger.warn("\u4F1A\u8BDD\u6570\u8FBE\u5230\u4E0A\u9650\uFF0C\u62D2\u7EDD\u65B0\u8FDE\u63A5", {
+      currentSessions: sessions.size,
+      maxSessions: config.mcp.maxSessions,
+      ip: getClientIp(req)
+    });
+    res.writeHead(503, { "Content-Type": "application/json" });
+    res.end(jsonRpcError(-32e3, "Too many sessions"));
+    return true;
+  }
+  const transport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: () => randomUUID(),
+    onsessioninitialized: (id) => {
+      sessions.set(id, {
+        transport,
+        server,
+        lastActivity: Date.now(),
+        close: () => transport.close()
+      });
+      logger.info("HTTP \u4F1A\u8BDD\u5DF2\u521D\u59CB\u5316", {
+        sessionId: id,
+        ip: getClientIp(req),
+        totalSessions: sessions.size
+      });
+    },
+    onsessionclosed: (id) => {
+      sessions.delete(id);
+      logger.info("HTTP \u4F1A\u8BDD\u5DF2\u5173\u95ED", {
+        sessionId: id,
+        totalSessions: sessions.size
+      });
+    }
+  });
+  const server = createMcpServer(getSharedService());
+  transport.onclose = () => {
+    if (transport.sessionId) {
+      sessions.delete(transport.sessionId);
+    }
+  };
+  try {
+    await server.connect(transport);
+    await transport.handleRequest(req, res, body);
+  } catch (error) {
+    logger.error("\u521D\u59CB\u5316\u4F1A\u8BDD\u5931\u8D25", {
+      error: error instanceof Error ? error.message : String(error)
+    });
+    if (!res.headersSent) {
+      res.writeHead(500, { "Content-Type": "application/json" });
+      res.end(jsonRpcError(-32e3, "Internal server error"));
+    }
+  }
+  return true;
+}
+async function handlePostRequest(req, res) {
+  if (!validatePostRequest(req, res)) {
+    return;
+  }
+  const sessionId = req.headers["mcp-session-id"];
+  const body = await parseRequestBody(req, res);
+  if (res.headersSent) {
+    return;
+  }
+  if (await handleExistingSession(req, res, sessionId, body)) {
+    return;
+  }
+  if (await handleNewSession(req, res, sessionId, body)) {
+    return;
+  }
+  logger.warn("\u65E0\u6548\u7684 HTTP \u8BF7\u6C42", { sessionId, hasBody: !!body });
+  res.writeHead(400, { "Content-Type": "application/json" });
+  res.end(jsonRpcError(-32e3, "Invalid request"));
+}
+async function handleSessionRequest(req, res, method) {
+  if (!validateHttpAuth(req)) {
+    res.writeHead(401, { "Content-Type": "text/plain" });
+    res.end("Unauthorized");
+    return;
+  }
+  const sessionId = req.headers["mcp-session-id"];
+  if (!sessionId || !sessions.has(sessionId)) {
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(jsonRpcError(-32e3, "Session not found. Please reinitialize."));
+    return;
+  }
+  const session = sessions.get(sessionId);
+  try {
+    await session.transport.handleRequest(req, res);
+  } catch (error) {
+    logger.error(`\u5904\u7406 ${method} \u8BF7\u6C42\u5931\u8D25`, {
+      sessionId,
+      error: error instanceof Error ? error.message : String(error)
+    });
+    if (!res.headersSent) {
+      res.writeHead(500, { "Content-Type": "text/plain" });
+      res.end("Internal server error");
+    }
+  }
+}
+runMain(async () => {
+  logStartupInfo("HTTP");
+  const cleanupTimer2 = startSessionCleanup(sessions, "HTTP");
+  const rateLimiter = new RateLimiter(
+    config.mcp.rateLimitWindowMs,
+    config.mcp.rateLimitMax
+  );
+  const httpServer = http.createServer(async (req, res) => {
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("X-Frame-Options", "DENY");
+    const clientIp = getClientIp(req);
+    if (!rateLimiter.isAllowed(clientIp)) {
+      res.writeHead(429, { "Content-Type": "application/json" });
+      res.end(jsonRpcError(-32e3, "Too many requests"));
+      return;
+    }
+    const url = new URL(req.url, "http://localhost");
+    if (url.pathname === "/mcp") {
+      if (req.method === "POST") {
+        await handlePostRequest(req, res);
+        return;
+      }
+      if (req.method === "GET") {
+        await handleSessionRequest(req, res, "GET");
+        return;
+      }
+      if (req.method === "DELETE") {
+        await handleSessionRequest(req, res, "DELETE");
+        return;
+      }
+    }
+    if (req.method === "GET" && url.pathname === "/health") {
+      handleHealthCheck(res, "http");
+      return;
+    }
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: "Not Found" }));
+  });
+  httpServer.requestTimeout = 3e4;
+  httpServer.headersTimeout = 1e4;
+  httpServer.keepAliveTimeout = 65e3;
+  httpServer.listen(config.mcp.http.port, config.mcp.http.host, () => {
+    logger.info("MCP Server (HTTP) \u5DF2\u542F\u52A8", {
+      url: `http://${config.mcp.http.host}:${config.mcp.http.port}`,
+      mcpEndpoint: "/mcp",
+      healthEndpoint: "/health"
+    });
+  });
+  registerGracefulShutdown(httpServer, async () => {
+    clearInterval(cleanupTimer2);
+    rateLimiter.destroy();
+    for (const [sessionId, session] of sessions.entries()) {
+      try {
+        await session.transport.close();
+        logger.debug("\u4F1A\u8BDD\u5DF2\u5173\u95ED", { sessionId });
+      } catch (error) {
+        logger.error("\u5173\u95ED\u4F1A\u8BDD\u5931\u8D25", {
+          sessionId,
+          error: error instanceof Error ? error.message : String(error)
+        });
+      }
+    }
+    sessions.clear();
+  }, "HTTP");
+});