@junjiezhang/openclaw-wecom-plugin 1.0.0 → 1.0.2

package/src/channel.ts

@@ -1,278 +0,0 @@
-import type { ChannelMeta, ChannelPlugin, ClawdbotConfig } from "openclaw/plugin-sdk";
-import {
-  buildBaseChannelStatusSummary,
-  createDefaultChannelRuntimeState,
-  DEFAULT_ACCOUNT_ID,
-  PAIRING_APPROVED_MESSAGE,
-} from "openclaw/plugin-sdk";
-import {
-  resolveWeComAccount,
-  listWeComAccountIds,
-  resolveDefaultWeComAccountId,
-} from "./accounts.js";
-import { wecomOutbound } from "./outbound.js";
-import { resolveWeComGroupToolPolicy } from "./policy.js";
-import { probeWeCom } from "./probe.js";
-import { sendMessageWeCom } from "./send.js";
-import { normalizeWeComTarget, looksLikeWeComId } from "./targets.js";
-import type { ResolvedWeComAccount, WeComConfig } from "./types.js";
-
-const meta: ChannelMeta = {
-  id: "wecom",
-  label: "WeCom",
-  selectionLabel: "WeCom (企业微信)",
-  docsPath: "/channels/wecom",
-  docsLabel: "wecom",
-  blurb: "企业微信 enterprise messaging.",
-  aliases: ["wechat-work"],
-  order: 75,
-};
-
-export const wecomPlugin: ChannelPlugin<ResolvedWeComAccount> = {
-  id: "wecom",
-  meta: {
-    ...meta,
-  },
-  pairing: {
-    idLabel: "wecomUserId",
-    normalizeAllowEntry: (entry) => entry.replace(/^(wecom|user):/i, ""),
-    notifyApproval: async ({ cfg, id }) => {
-      await sendMessageWeCom({
-        cfg,
-        to: id,
-        text: PAIRING_APPROVED_MESSAGE,
-      });
-    },
-  },
-  capabilities: {
-    chatTypes: ["direct", "channel"],
-    polls: false,
-    threads: false,
-    media: true,
-    reactions: false,
-    edit: false,
-    reply: false,
-  },
-  agentPrompt: {
-    messageToolHints: () => [
-      "- WeCom targeting: omit `target` to reply to the current conversation (auto-inferred). Explicit targets: `user:userid`.",
-    ],
-  },
-  groups: {
-    resolveToolPolicy: resolveWeComGroupToolPolicy,
-  },
-  reload: { configPrefixes: ["channels.wecom"] },
-  configSchema: {
-    schema: {
-      type: "object",
-      additionalProperties: false,
-      properties: {
-        enabled: { type: "boolean" },
-        corpId: { type: "string" },
-        agentId: { type: "string" },
-        secret: { type: "string" },
-        token: { type: "string" },
-        encodingAESKey: { type: "string" },
-        webhookPath: { type: "string" },
-        webhookHost: { type: "string" },
-        webhookPort: { type: "integer", minimum: 1 },
-        dmPolicy: { type: "string", enum: ["open", "pairing", "allowlist"] },
-        allowFrom: { type: "array", items: { oneOf: [{ type: "string" }, { type: "number" }] } },
-        groupPolicy: { type: "string", enum: ["open", "allowlist", "disabled"] },
-        groupAllowFrom: {
-          type: "array",
-          items: { oneOf: [{ type: "string" }, { type: "number" }] },
-        },
-        requireMention: { type: "boolean" },
-        historyLimit: { type: "integer", minimum: 0 },
-        dmHistoryLimit: { type: "integer", minimum: 0 },
-        textChunkLimit: { type: "integer", minimum: 1 },
-        mediaMaxMb: { type: "number", minimum: 0 },
-      },
-    },
-  },
-  config: {
-    listAccountIds: (cfg) => listWeComAccountIds(cfg),
-    resolveAccount: (cfg, accountId) =>
-      resolveWeComAccount({ cfg, accountId: accountId ?? undefined }),
-    defaultAccountId: (cfg) => resolveDefaultWeComAccountId(cfg),
-    setAccountEnabled: ({ cfg, accountId, enabled }) => {
-      return {
-        ...cfg,
-        channels: {
-          ...cfg.channels,
-          wecom: {
-            ...cfg.channels?.wecom,
-            enabled,
-          },
-        },
-      };
-    },
-    deleteAccount: ({ cfg }) => {
-      const next = { ...cfg } as ClawdbotConfig;
-      const nextChannels = { ...cfg.channels };
-      delete (nextChannels as Record<string, unknown>).wecom;
-      if (Object.keys(nextChannels).length > 0) {
-        next.channels = nextChannels;
-      } else {
-        delete next.channels;
-      }
-      return next;
-    },
-    isConfigured: (account) => account.configured,
-    describeAccount: (account) => ({
-      accountId: account.accountId,
-      enabled: account.enabled,
-      configured: account.configured,
-      name: account.name,
-      corpId: account.corpId,
-      agentId: account.agentId,
-    }),
-    resolveAllowFrom: ({ cfg }) => {
-      const account = resolveWeComAccount({ cfg });
-      return (account.config?.allowFrom ?? []).map((entry) => String(entry));
-    },
-    formatAllowFrom: ({ allowFrom }) =>
-      allowFrom
-        .map((entry) => String(entry).trim())
-        .filter(Boolean)
-        .map((entry) => entry.toLowerCase()),
-  },
-  security: {
-    collectWarnings: () => [],
-  },
-  setup: {
-    resolveAccountId: () => DEFAULT_ACCOUNT_ID,
-    applyAccountConfig: ({ cfg }) => {
-      return {
-        ...cfg,
-        channels: {
-          ...cfg.channels,
-          wecom: {
-            ...cfg.channels?.wecom,
-            enabled: true,
-          },
-        },
-      };
-    },
-  },
-  messaging: {
-    normalizeTarget: (raw) => normalizeWeComTarget(raw) ?? undefined,
-    targetResolver: {
-      looksLikeId: looksLikeWeComId,
-      hint: "<userId|user:userId>",
-    },
-  },
-  directory: {
-    self: async () => null,
-    listPeers: async ({ cfg, query, limit, accountId }) => {
-      const { getDepartmentUsersWeCom } = await import("./directory.js");
-      try {
-        // Get users from root department (1)
-        const users = await getDepartmentUsersWeCom({
-          cfg,
-          departmentId: "1",
-          fetchChild: true,
-          accountId: accountId ?? undefined,
-        });
-
-        let filtered = users;
-        if (query) {
-          const lowerQuery = query.toLowerCase();
-          filtered = users.filter(
-            (u) =>
-              u.name.toLowerCase().includes(lowerQuery) ||
-              u.userid.toLowerCase().includes(lowerQuery),
-          );
-        }
-
-        if (limit && limit > 0) {
-          filtered = filtered.slice(0, limit);
-        }
-
-        return filtered.map((u) => ({
-          kind: "user" as const,
-          id: u.userid,
-          name: u.name,
-        }));
-      } catch {
-        return [];
-      }
-    },
-    listGroups: async () => [],
-    listPeersLive: async ({ cfg, query, limit, accountId }) => {
-      const { getDepartmentUsersWeCom } = await import("./directory.js");
-      try {
-        const users = await getDepartmentUsersWeCom({
-          cfg,
-          departmentId: "1",
-          fetchChild: true,
-          accountId: accountId ?? undefined,
-        });
-
-        let filtered = users;
-        if (query) {
-          const lowerQuery = query.toLowerCase();
-          filtered = users.filter(
-            (u) =>
-              u.name.toLowerCase().includes(lowerQuery) ||
-              u.userid.toLowerCase().includes(lowerQuery),
-          );
-        }
-
-        if (limit && limit > 0) {
-          filtered = filtered.slice(0, limit);
-        }
-
-        return filtered.map((u) => ({
-          kind: "user" as const,
-          id: u.userid,
-          name: u.name,
-        }));
-      } catch {
-        return [];
-      }
-    },
-    listGroupsLive: async () => [],
-  },
-  outbound: wecomOutbound,
-  status: {
-    defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID, { port: null }),
-    buildChannelSummary: ({ snapshot }) => ({
-      ...buildBaseChannelStatusSummary(snapshot),
-      port: snapshot.port ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
-    probeAccount: async ({ account }) => await probeWeCom(account),
-    buildAccountSnapshot: ({ account, runtime, probe }) => ({
-      accountId: account.accountId,
-      enabled: account.enabled,
-      configured: account.configured,
-      name: account.name,
-      corpId: account.corpId,
-      agentId: account.agentId,
-      running: runtime?.running ?? false,
-      lastStartAt: runtime?.lastStartAt ?? null,
-      lastStopAt: runtime?.lastStopAt ?? null,
-      lastError: runtime?.lastError ?? null,
-      port: runtime?.port ?? null,
-      probe,
-    }),
-  },
-  gateway: {
-    startAccount: async (ctx) => {
-      const { monitorWeComProvider } = await import("./monitor.js");
-      const account = resolveWeComAccount({ cfg: ctx.cfg, accountId: ctx.accountId });
-      const port = account.config?.webhookPort ?? null;
-      ctx.setStatus({ accountId: ctx.accountId, port });
-      ctx.log?.info(`starting wecom[${ctx.accountId}]`);
-      return monitorWeComProvider({
-        config: ctx.cfg,
-        runtime: ctx.runtime,
-        abortSignal: ctx.abortSignal,
-        accountId: ctx.accountId,
-      });
-    },
-  },
-};

package/src/client.ts

@@ -1,55 +0,0 @@
-import type { ClawdbotConfig } from "openclaw/plugin-sdk";
-import { fetchWithSsrFGuard } from "openclaw/plugin-sdk";
-import { resolveWeComCredentials } from "./accounts.js";
-
-const accessTokenCache = new Map<string, { token: string; expiresAt: number }>();
-
-const WECOM_API_POLICY = { allowedHostnames: ["qyapi.weixin.qq.com"] };
-
-export async function getWeComAccessToken({
-  cfg,
-  accountId,
-}: {
-  cfg: ClawdbotConfig;
-  accountId?: string;
-}): Promise<string> {
-  const { corpId, secret } = resolveWeComCredentials({ cfg, accountId });
-
-  const cached = accessTokenCache.get(corpId);
-  if (cached && cached.expiresAt > Date.now()) {
-    return cached.token;
-  }
-
-  const url = `https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=${corpId}&corpsecret=${secret}`;
-  const { response, release } = await fetchWithSsrFGuard({
-    url,
-    policy: WECOM_API_POLICY,
-    auditContext: "wecom-get-token",
-  });
-  let data: { errcode: number; errmsg: string; access_token: string };
-  try {
-    data = await response.json();
-  } finally {
-    await release();
-  }
-
-  if (data.errcode !== 0) {
-    throw new Error(`Failed to get WeCom access token: ${data.errmsg}`);
-  }
-
-  // Cache token (expires in 7200 seconds, cache for 7000 to be safe)
-  accessTokenCache.set(corpId, {
-    token: data.access_token,
-    expiresAt: Date.now() + 7000 * 1000,
-  });
-
-  return data.access_token;
-}
-
-export function clearWeComAccessTokenCache(corpId?: string): void {
-  if (corpId) {
-    accessTokenCache.delete(corpId);
-  } else {
-    accessTokenCache.clear();
-  }
-}

package/src/config-schema.ts

@@ -1,102 +0,0 @@
-import { z } from "zod";
-
-const DmPolicySchema = z.enum(["open", "pairing", "allowlist"]);
-const GroupPolicySchema = z.enum(["open", "allowlist", "disabled"]);
-
-const ToolPolicySchema = z
-  .object({
-    allow: z.array(z.string()).optional(),
-    deny: z.array(z.string()).optional(),
-  })
-  .strict()
-  .optional();
-
-const DmConfigSchema = z
-  .object({
-    enabled: z.boolean().optional(),
-    systemPrompt: z.string().optional(),
-  })
-  .strict()
-  .optional();
-
-export const WeComGroupSchema = z
-  .object({
-    requireMention: z.boolean().optional(),
-    tools: ToolPolicySchema,
-    skills: z.array(z.string()).optional(),
-    enabled: z.boolean().optional(),
-    allowFrom: z.array(z.union([z.string(), z.number()])).optional(),
-    systemPrompt: z.string().optional(),
-  })
-  .strict();
-
-const WeComSharedConfigShape = {
-  webhookHost: z.string().optional(),
-  webhookPort: z.number().int().positive().optional(),
-  dmPolicy: DmPolicySchema.optional(),
-  allowFrom: z.array(z.union([z.string(), z.number()])).optional(),
-  groupPolicy: GroupPolicySchema.optional(),
-  groupAllowFrom: z.array(z.union([z.string(), z.number()])).optional(),
-  requireMention: z.boolean().optional(),
-  groups: z.record(z.string(), WeComGroupSchema.optional()).optional(),
-  historyLimit: z.number().int().min(0).optional(),
-  dmHistoryLimit: z.number().int().min(0).optional(),
-  dms: z.record(z.string(), DmConfigSchema).optional(),
-  textChunkLimit: z.number().int().positive().optional(),
-  chunkMode: z.enum(["length", "newline"]).optional(),
-  mediaMaxMb: z.number().positive().optional(),
-};
-
-export const WeComConfigSchema = z
-  .object({
-    enabled: z.boolean().optional(),
-    corpId: z.string().optional(),
-    agentId: z.string().optional(),
-    secret: z.string().optional(),
-    token: z.string().optional(),
-    encodingAESKey: z.string().optional(),
-    webhookPath: z.string().optional().default("/wecom/events"),
-    ...WeComSharedConfigShape,
-    dmPolicy: DmPolicySchema.optional().default("pairing"),
-    groupPolicy: GroupPolicySchema.optional().default("allowlist"),
-    requireMention: z.boolean().optional().default(false),
-  })
-  .strict()
-  .superRefine((value, ctx) => {
-    // Validate that token and encodingAESKey are present if enabled
-    if (value.enabled && (!value.token?.trim() || !value.encodingAESKey?.trim())) {
-      ctx.addIssue({
-        code: z.ZodIssueCode.custom,
-        path: ["token"],
-        message: "channels.wecom requires token and encodingAESKey when enabled",
-      });
-    }
-
-    if (value.dmPolicy === "open") {
-      const allowFrom = value.allowFrom ?? [];
-      const hasWildcard = allowFrom.some((entry) => String(entry).trim() === "*");
-      if (!hasWildcard) {
-        ctx.addIssue({
-          code: z.ZodIssueCode.custom,
-          path: ["allowFrom"],
-          message:
-            'channels.wecom.dmPolicy="open" requires channels.wecom.allowFrom to include "*"',
-        });
-      }
-    }
-  });
-
-export type WeComConfig = z.infer<typeof WeComConfigSchema>;
-export type WeComGroupConfig = z.infer<typeof WeComGroupSchema>;
-
-export interface ResolvedWeComAccount {
-  accountId: string;
-  enabled: boolean;
-  configured: boolean;
-  name: string;
-  corpId?: string;
-  agentId?: string;
-  config?: WeComConfig;
-  token?: string;
-  encodingAESKey?: string;
-}

package/src/dedup.ts

@@ -1,60 +0,0 @@
-import { homedir } from "node:os";
-import path from "node:path";
-import {
-  createDedupeCache,
-  createPersistentDedupe,
-  resolvePreferredOpenClawTmpDir,
-} from "openclaw/plugin-sdk";
-
-// Persistent TTL: 24 hours — survives restarts
-const DEDUP_TTL_MS = 24 * 60 * 60 * 1000;
-const MEMORY_MAX_SIZE = 1_000;
-const FILE_MAX_ENTRIES = 10_000;
-
-const memoryDedupe = createDedupeCache({ ttlMs: DEDUP_TTL_MS, maxSize: MEMORY_MAX_SIZE });
-
-function resolveStateDirFromEnv(env: NodeJS.ProcessEnv = process.env): string {
-  const stateOverride = env.OPENCLAW_STATE_DIR?.trim() || env.CLAWDBOT_STATE_DIR?.trim();
-  if (stateOverride) {
-    return stateOverride;
-  }
-  if (env.VITEST || env.NODE_ENV === "test") {
-    return path.join(
-      resolvePreferredOpenClawTmpDir(),
-      ["openclaw-vitest", String(process.pid)].join("-"),
-    );
-  }
-  return path.join(homedir(), ".openclaw");
-}
-
-function resolveNamespaceFilePath(namespace: string): string {
-  const safe = namespace.replace(/[^a-zA-Z0-9_-]/g, "_");
-  return path.join(resolveStateDirFromEnv(), "wecom", "dedup", `${safe}.json`);
-}
-
-const persistentDedupe = createPersistentDedupe({
-  ttlMs: DEDUP_TTL_MS,
-  memoryMaxSize: MEMORY_MAX_SIZE,
-  fileMaxEntries: FILE_MAX_ENTRIES,
-  resolveFilePath: resolveNamespaceFilePath,
-});
-
-/**
- * Synchronous dedup — memory only.
- */
-export function tryRecordMessage(messageId: string): boolean {
-  return !memoryDedupe.check(messageId);
-}
-
-export async function tryRecordMessagePersistent(
-  messageId: string,
-  namespace = "global",
-  log?: (...args: unknown[]) => void,
-): Promise<boolean> {
-  return persistentDedupe.checkAndRecord(messageId, {
-    namespace,
-    onDiskError: (error) => {
-      log?.(`wecom-dedup: disk error, falling back to memory: ${String(error)}`);
-    },
-  });
-}

package/src/directory.ts

@@ -1,150 +0,0 @@
-import type { ClawdbotConfig } from "openclaw/plugin-sdk";
-import { fetchWithSsrFGuard } from "openclaw/plugin-sdk";
-import { getWeComAccessToken } from "./client.js";
-
-const WECOM_API_POLICY = { allowedHostnames: ["qyapi.weixin.qq.com"] };
-
-/**
- * Get user info from WeCom
- */
-export async function getUserInfoWeCom({
-  cfg,
-  userId,
-  accountId,
-}: {
-  cfg: ClawdbotConfig;
-  userId: string;
-  accountId?: string;
-}): Promise<{
-  userid: string;
-  name: string;
-  department: number[];
-  position?: string;
-  mobile?: string;
-  email?: string;
-  avatar?: string;
-}> {
-  const accessToken = await getWeComAccessToken({ cfg, accountId });
-  const url = `https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token=${accessToken}&userid=${userId}`;
-
-  const { response, release } = await fetchWithSsrFGuard({
-    url,
-    policy: WECOM_API_POLICY,
-    auditContext: "wecom-get-user-info",
-  });
-  let data: {
-    errcode: number;
-    errmsg: string;
-    userid: string;
-    name: string;
-    department: number[];
-    position?: string;
-    mobile?: string;
-    email?: string;
-    avatar?: string;
-  };
-  try {
-    data = await response.json();
-  } finally {
-    await release();
-  }
-
-  if (data.errcode !== 0) {
-    throw new Error(`Failed to get user info: ${data.errmsg}`);
-  }
-
-  return data;
-}
-
-/**
- * Get department list from WeCom
- */
-export async function getDepartmentListWeCom({
-  cfg,
-  departmentId,
-  accountId,
-}: {
-  cfg: ClawdbotConfig;
-  departmentId?: string;
-  accountId?: string;
-}): Promise<
-  Array<{
-    id: number;
-    name: string;
-    parentid: number;
-    order: number;
-  }>
-> {
-  const accessToken = await getWeComAccessToken({ cfg, accountId });
-  const url = departmentId
-    ? `https://qyapi.weixin.qq.com/cgi-bin/department/list?access_token=${accessToken}&id=${departmentId}`
-    : `https://qyapi.weixin.qq.com/cgi-bin/department/list?access_token=${accessToken}`;
-
-  const { response, release } = await fetchWithSsrFGuard({
-    url,
-    policy: WECOM_API_POLICY,
-    auditContext: "wecom-get-department-list",
-  });
-  let data: { errcode: number; errmsg: string; department?: unknown[] };
-  try {
-    data = await response.json();
-  } finally {
-    await release();
-  }
-
-  if (data.errcode !== 0) {
-    throw new Error(`Failed to get department list: ${data.errmsg}`);
-  }
-
-  return (data.department ?? []) as Array<{
-    id: number;
-    name: string;
-    parentid: number;
-    order: number;
-  }>;
-}
-
-/**
- * Get department users from WeCom
- */
-export async function getDepartmentUsersWeCom({
-  cfg,
-  departmentId,
-  fetchChild,
-  accountId,
-}: {
-  cfg: ClawdbotConfig;
-  departmentId: string;
-  fetchChild?: boolean;
-  accountId?: string;
-}): Promise<
-  Array<{
-    userid: string;
-    name: string;
-    department: number[];
-    position?: string;
-    mobile?: string;
-    email?: string;
-  }>
-> {
-  const accessToken = await getWeComAccessToken({ cfg, accountId });
-  const url = `https://qyapi.weixin.qq.com/cgi-bin/user/simplelist?access_token=${accessToken}&department_id=${departmentId}&fetch_child=${fetchChild ? 1 : 0}`;
-
-  const { response, release } = await fetchWithSsrFGuard({
-    url,
-    policy: WECOM_API_POLICY,
-    auditContext: "wecom-get-department-users",
-  });
-  let data: { errcode: number; errmsg: string; userlist?: unknown[] };
-  try {
-    data = await response.json();
-  } finally {
-    await release();
-  }
-
-  if (data.errcode !== 0) {
-    throw new Error(`Failed to get department users: ${data.errmsg}`);
-  }
-
-  return (data.userlist ?? []) as Array<{ userid: string; name: string; department: number[] }>;
-}

package/src/index.ts

@@ -1,20 +0,0 @@
-import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
-import { wecomPlugin } from "./channel.js";
-import { setWeComRuntime } from "./runtime.js";
-
-export { wecomPlugin } from "./channel.js";
-
-const plugin = {
-  id: "wecom",
-  name: "WeCom",
-  description: "WeCom (企业微信) channel plugin for OpenClaw",
-  version: "1.0.0",
-
-  register(api: OpenClawPluginApi) {
-    setWeComRuntime(api.runtime);
-    api.registerChannel({ plugin: wecomPlugin });
-    api.logger.info("wecom: plugin registered successfully");
-  },
-};
-
-export default plugin;