npm - @lark-project/openclaw-lark-project - Versions diffs - 2026.3.131 - Mend

@lark-project/openclaw-lark-project 2026.3.131

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (368) hide show

package/LICENSE +21 -0
package/README.md +80 -0
package/README.zh.md +80 -0
package/dist/index.js +172 -0
package/dist/index.js.map +7 -0
package/dist/skills/feishu-bitable/SKILL.md +248 -0
package/dist/skills/feishu-bitable/references/examples.md +813 -0
package/dist/skills/feishu-bitable/references/field-properties.md +763 -0
package/dist/skills/feishu-bitable/references/record-values.md +911 -0
package/dist/skills/feishu-calendar/SKILL.md +244 -0
package/dist/skills/feishu-channel-rules/SKILL.md +18 -0
package/dist/skills/feishu-channel-rules/references/markdown-syntax.md +138 -0
package/dist/skills/feishu-create-doc/SKILL.md +719 -0
package/dist/skills/feishu-fetch-doc/SKILL.md +93 -0
package/dist/skills/feishu-im-read/SKILL.md +163 -0
package/dist/skills/feishu-project/SKILL.md +122 -0
package/dist/skills/feishu-task/SKILL.md +293 -0
package/dist/skills/feishu-troubleshoot/SKILL.md +70 -0
package/dist/skills/feishu-update-doc/SKILL.md +285 -0
package/dist/src/card/builder.js +293 -0
package/dist/src/card/builder.js.map +7 -0
package/dist/src/card/cardkit.js +126 -0
package/dist/src/card/cardkit.js.map +7 -0
package/dist/src/card/flush-controller.js +107 -0
package/dist/src/card/flush-controller.js.map +7 -0
package/dist/src/card/markdown-style.js +57 -0
package/dist/src/card/markdown-style.js.map +7 -0
package/dist/src/card/reply-dispatcher-types.js +39 -0
package/dist/src/card/reply-dispatcher-types.js.map +7 -0
package/dist/src/card/reply-dispatcher.js +245 -0
package/dist/src/card/reply-dispatcher.js.map +7 -0
package/dist/src/card/reply-mode.js +29 -0
package/dist/src/card/reply-mode.js.map +7 -0
package/dist/src/card/streaming-card-controller.js +653 -0
package/dist/src/card/streaming-card-controller.js.map +7 -0
package/dist/src/card/unavailable-guard.js +76 -0
package/dist/src/card/unavailable-guard.js.map +7 -0
package/dist/src/channel/abort-detect.js +79 -0
package/dist/src/channel/abort-detect.js.map +7 -0
package/dist/src/channel/chat-queue.js +50 -0
package/dist/src/channel/chat-queue.js.map +7 -0
package/dist/src/channel/config-adapter.js +89 -0
package/dist/src/channel/config-adapter.js.map +7 -0
package/dist/src/channel/directory.js +133 -0
package/dist/src/channel/directory.js.map +7 -0
package/dist/src/channel/event-handlers.js +175 -0
package/dist/src/channel/event-handlers.js.map +7 -0
package/dist/src/channel/monitor.js +108 -0
package/dist/src/channel/monitor.js.map +7 -0
package/dist/src/channel/onboarding-config.js +76 -0
package/dist/src/channel/onboarding-config.js.map +7 -0
package/dist/src/channel/onboarding-migrate.js +55 -0
package/dist/src/channel/onboarding-migrate.js.map +7 -0
package/dist/src/channel/onboarding.js +285 -0
package/dist/src/channel/onboarding.js.map +7 -0
package/dist/src/channel/plugin.js +260 -0
package/dist/src/channel/plugin.js.map +7 -0
package/dist/src/channel/probe.js +14 -0
package/dist/src/channel/probe.js.map +7 -0
package/dist/src/channel/types.js +1 -0
package/dist/src/channel/types.js.map +7 -0
package/dist/src/commands/auth.js +73 -0
package/dist/src/commands/auth.js.map +7 -0
package/dist/src/commands/diagnose.js +658 -0
package/dist/src/commands/diagnose.js.map +7 -0
package/dist/src/commands/doctor.js +327 -0
package/dist/src/commands/doctor.js.map +7 -0
package/dist/src/commands/index.js +124 -0
package/dist/src/commands/index.js.map +7 -0
package/dist/src/core/accounts.js +129 -0
package/dist/src/core/accounts.js.map +7 -0
package/dist/src/core/agent-config.js +60 -0
package/dist/src/core/agent-config.js.map +7 -0
package/dist/src/core/api-error.js +55 -0
package/dist/src/core/api-error.js.map +7 -0
package/dist/src/core/app-owner-fallback.js +17 -0
package/dist/src/core/app-owner-fallback.js.map +7 -0
package/dist/src/core/app-scope-checker.js +95 -0
package/dist/src/core/app-scope-checker.js.map +7 -0
package/dist/src/core/auth-errors.js +120 -0
package/dist/src/core/auth-errors.js.map +7 -0
package/dist/src/core/chat-info-cache.js +102 -0
package/dist/src/core/chat-info-cache.js.map +7 -0
package/dist/src/core/config-schema.js +150 -0
package/dist/src/core/config-schema.js.map +7 -0
package/dist/src/core/device-flow.js +174 -0
package/dist/src/core/device-flow.js.map +7 -0
package/dist/src/core/feishu-fetch.js +12 -0
package/dist/src/core/feishu-fetch.js.map +7 -0
package/dist/src/core/footer-config.js +16 -0
package/dist/src/core/footer-config.js.map +7 -0
package/dist/src/core/lark-client.js +322 -0
package/dist/src/core/lark-client.js.map +7 -0
package/dist/src/core/lark-logger.js +92 -0
package/dist/src/core/lark-logger.js.map +7 -0
package/dist/src/core/lark-ticket.js +18 -0
package/dist/src/core/lark-ticket.js.map +7 -0
package/dist/src/core/message-unavailable.js +119 -0
package/dist/src/core/message-unavailable.js.map +7 -0
package/dist/src/core/owner-policy.js +25 -0
package/dist/src/core/owner-policy.js.map +7 -0
package/dist/src/core/permission-url.js +37 -0
package/dist/src/core/permission-url.js.map +7 -0
package/dist/src/core/project-auth.js +177 -0
package/dist/src/core/project-auth.js.map +7 -0
package/dist/src/core/project-oauth-flow.js +124 -0
package/dist/src/core/project-oauth-flow.js.map +7 -0
package/dist/src/core/project-token-store.js +172 -0
package/dist/src/core/project-token-store.js.map +7 -0
package/dist/src/core/raw-request.js +45 -0
package/dist/src/core/raw-request.js.map +7 -0
package/dist/src/core/scope-manager.js +62 -0
package/dist/src/core/scope-manager.js.map +7 -0
package/dist/src/core/security-check.js +118 -0
package/dist/src/core/security-check.js.map +7 -0
package/dist/src/core/shutdown-hooks.js +37 -0
package/dist/src/core/shutdown-hooks.js.map +7 -0
package/dist/src/core/targets.js +55 -0
package/dist/src/core/targets.js.map +7 -0
package/dist/src/core/token-store.js +215 -0
package/dist/src/core/token-store.js.map +7 -0
package/dist/src/core/tool-client.js +335 -0
package/dist/src/core/tool-client.js.map +7 -0
package/dist/src/core/tool-scopes.js +207 -0
package/dist/src/core/tool-scopes.js.map +7 -0
package/dist/src/core/tools-config.js +57 -0
package/dist/src/core/tools-config.js.map +7 -0
package/dist/src/core/types.js +1 -0
package/dist/src/core/types.js.map +7 -0
package/dist/src/core/uat-client.js +124 -0
package/dist/src/core/uat-client.js.map +7 -0
package/dist/src/core/version.js +27 -0
package/dist/src/core/version.js.map +7 -0
package/dist/src/messaging/converters/audio.js +19 -0
package/dist/src/messaging/converters/audio.js.map +7 -0
package/dist/src/messaging/converters/calendar.js +46 -0
package/dist/src/messaging/converters/calendar.js.map +7 -0
package/dist/src/messaging/converters/content-converter.js +61 -0
package/dist/src/messaging/converters/content-converter.js.map +7 -0
package/dist/src/messaging/converters/file.js +18 -0
package/dist/src/messaging/converters/file.js.map +7 -0
package/dist/src/messaging/converters/folder.js +18 -0
package/dist/src/messaging/converters/folder.js.map +7 -0
package/dist/src/messaging/converters/hongbao.js +14 -0
package/dist/src/messaging/converters/hongbao.js.map +7 -0
package/dist/src/messaging/converters/image.js +16 -0
package/dist/src/messaging/converters/image.js.map +7 -0
package/dist/src/messaging/converters/index.js +48 -0
package/dist/src/messaging/converters/index.js.map +7 -0
package/dist/src/messaging/converters/interactive/card-converter.js +1040 -0
package/dist/src/messaging/converters/interactive/card-converter.js.map +7 -0
package/dist/src/messaging/converters/interactive/card-utils.js +36 -0
package/dist/src/messaging/converters/interactive/card-utils.js.map +7 -0
package/dist/src/messaging/converters/interactive/index.js +19 -0
package/dist/src/messaging/converters/interactive/index.js.map +7 -0
package/dist/src/messaging/converters/interactive/legacy.js +53 -0
package/dist/src/messaging/converters/interactive/legacy.js.map +7 -0
package/dist/src/messaging/converters/interactive/types.js +23 -0
package/dist/src/messaging/converters/interactive/types.js.map +7 -0
package/dist/src/messaging/converters/location.js +17 -0
package/dist/src/messaging/converters/location.js.map +7 -0
package/dist/src/messaging/converters/merge-forward.js +143 -0
package/dist/src/messaging/converters/merge-forward.js.map +7 -0
package/dist/src/messaging/converters/post.js +113 -0
package/dist/src/messaging/converters/post.js.map +7 -0
package/dist/src/messaging/converters/share.js +22 -0
package/dist/src/messaging/converters/share.js.map +7 -0
package/dist/src/messaging/converters/sticker.js +16 -0
package/dist/src/messaging/converters/sticker.js.map +7 -0
package/dist/src/messaging/converters/system.js +25 -0
package/dist/src/messaging/converters/system.js.map +7 -0
package/dist/src/messaging/converters/text.js +12 -0
package/dist/src/messaging/converters/text.js.map +7 -0
package/dist/src/messaging/converters/todo.js +37 -0
package/dist/src/messaging/converters/todo.js.map +7 -0
package/dist/src/messaging/converters/types.js +1 -0
package/dist/src/messaging/converters/types.js.map +7 -0
package/dist/src/messaging/converters/unknown.js +13 -0
package/dist/src/messaging/converters/unknown.js.map +7 -0
package/dist/src/messaging/converters/utils.js +35 -0
package/dist/src/messaging/converters/utils.js.map +7 -0
package/dist/src/messaging/converters/video-chat.js +21 -0
package/dist/src/messaging/converters/video-chat.js.map +7 -0
package/dist/src/messaging/converters/video.js +30 -0
package/dist/src/messaging/converters/video.js.map +7 -0
package/dist/src/messaging/converters/vote.js +24 -0
package/dist/src/messaging/converters/vote.js.map +7 -0
package/dist/src/messaging/inbound/dedup.js +82 -0
package/dist/src/messaging/inbound/dedup.js.map +7 -0
package/dist/src/messaging/inbound/dispatch-builders.js +98 -0
package/dist/src/messaging/inbound/dispatch-builders.js.map +7 -0
package/dist/src/messaging/inbound/dispatch-commands.js +94 -0
package/dist/src/messaging/inbound/dispatch-commands.js.map +7 -0
package/dist/src/messaging/inbound/dispatch-context.js +96 -0
package/dist/src/messaging/inbound/dispatch-context.js.map +7 -0
package/dist/src/messaging/inbound/dispatch.js +150 -0
package/dist/src/messaging/inbound/dispatch.js.map +7 -0
package/dist/src/messaging/inbound/enrich.js +137 -0
package/dist/src/messaging/inbound/enrich.js.map +7 -0
package/dist/src/messaging/inbound/gate-effects.js +28 -0
package/dist/src/messaging/inbound/gate-effects.js.map +7 -0
package/dist/src/messaging/inbound/gate.js +163 -0
package/dist/src/messaging/inbound/gate.js.map +7 -0
package/dist/src/messaging/inbound/handler.js +132 -0
package/dist/src/messaging/inbound/handler.js.map +7 -0
package/dist/src/messaging/inbound/media-resolver.js +70 -0
package/dist/src/messaging/inbound/media-resolver.js.map +7 -0
package/dist/src/messaging/inbound/mention.js +50 -0
package/dist/src/messaging/inbound/mention.js.map +7 -0
package/dist/src/messaging/inbound/parse-io.js +41 -0
package/dist/src/messaging/inbound/parse-io.js.map +7 -0
package/dist/src/messaging/inbound/parse.js +79 -0
package/dist/src/messaging/inbound/parse.js.map +7 -0
package/dist/src/messaging/inbound/permission.js +30 -0
package/dist/src/messaging/inbound/permission.js.map +7 -0
package/dist/src/messaging/inbound/policy.js +83 -0
package/dist/src/messaging/inbound/policy.js.map +7 -0
package/dist/src/messaging/inbound/reaction-handler.js +162 -0
package/dist/src/messaging/inbound/reaction-handler.js.map +7 -0
package/dist/src/messaging/inbound/user-name-cache.js +172 -0
package/dist/src/messaging/inbound/user-name-cache.js.map +7 -0
package/dist/src/messaging/outbound/actions.js +239 -0
package/dist/src/messaging/outbound/actions.js.map +7 -0
package/dist/src/messaging/outbound/chat-manage.js +74 -0
package/dist/src/messaging/outbound/chat-manage.js.map +7 -0
package/dist/src/messaging/outbound/deliver.js +162 -0
package/dist/src/messaging/outbound/deliver.js.map +7 -0
package/dist/src/messaging/outbound/fetch.js +7 -0
package/dist/src/messaging/outbound/fetch.js.map +7 -0
package/dist/src/messaging/outbound/forward.js +31 -0
package/dist/src/messaging/outbound/forward.js.map +7 -0
package/dist/src/messaging/outbound/media-url-utils.js +101 -0
package/dist/src/messaging/outbound/media-url-utils.js.map +7 -0
package/dist/src/messaging/outbound/media.js +463 -0
package/dist/src/messaging/outbound/media.js.map +7 -0
package/dist/src/messaging/outbound/outbound.js +95 -0
package/dist/src/messaging/outbound/outbound.js.map +7 -0
package/dist/src/messaging/outbound/reactions.js +312 -0
package/dist/src/messaging/outbound/reactions.js.map +7 -0
package/dist/src/messaging/outbound/send.js +194 -0
package/dist/src/messaging/outbound/send.js.map +7 -0
package/dist/src/messaging/outbound/typing.js +77 -0
package/dist/src/messaging/outbound/typing.js.map +7 -0
package/dist/src/messaging/shared/message-lookup.js +84 -0
package/dist/src/messaging/shared/message-lookup.js.map +7 -0
package/dist/src/messaging/types.js +1 -0
package/dist/src/messaging/types.js.map +7 -0
package/dist/src/tools/auto-auth.js +714 -0
package/dist/src/tools/auto-auth.js.map +7 -0
package/dist/src/tools/helpers.js +133 -0
package/dist/src/tools/helpers.js.map +7 -0
package/dist/src/tools/mcp/doc/create.js +35 -0
package/dist/src/tools/mcp/doc/create.js.map +7 -0
package/dist/src/tools/mcp/doc/fetch.js +33 -0
package/dist/src/tools/mcp/doc/fetch.js.map +7 -0
package/dist/src/tools/mcp/doc/index.js +32 -0
package/dist/src/tools/mcp/doc/index.js.map +7 -0
package/dist/src/tools/mcp/doc/update.js +61 -0
package/dist/src/tools/mcp/doc/update.js.map +7 -0
package/dist/src/tools/mcp/project/endpoint.js +25 -0
package/dist/src/tools/mcp/project/endpoint.js.map +7 -0
package/dist/src/tools/mcp/project/index.js +27 -0
package/dist/src/tools/mcp/project/index.js.map +7 -0
package/dist/src/tools/mcp/project/tools.js +579 -0
package/dist/src/tools/mcp/project/tools.js.map +7 -0
package/dist/src/tools/mcp/shared.js +170 -0
package/dist/src/tools/mcp/shared.js.map +7 -0
package/dist/src/tools/oapi/bitable/app-table-field.js +244 -0
package/dist/src/tools/oapi/bitable/app-table-field.js.map +7 -0
package/dist/src/tools/oapi/bitable/app-table-record.js +501 -0
package/dist/src/tools/oapi/bitable/app-table-record.js.map +7 -0
package/dist/src/tools/oapi/bitable/app-table-view.js +226 -0
package/dist/src/tools/oapi/bitable/app-table-view.js.map +7 -0
package/dist/src/tools/oapi/bitable/app-table.js +278 -0
package/dist/src/tools/oapi/bitable/app-table.js.map +7 -0
package/dist/src/tools/oapi/bitable/app.js +200 -0
package/dist/src/tools/oapi/bitable/app.js.map +7 -0
package/dist/src/tools/oapi/bitable/index.js +13 -0
package/dist/src/tools/oapi/bitable/index.js.map +7 -0
package/dist/src/tools/oapi/calendar/calendar.js +131 -0
package/dist/src/tools/oapi/calendar/calendar.js.map +7 -0
package/dist/src/tools/oapi/calendar/event-attendee.js +301 -0
package/dist/src/tools/oapi/calendar/event-attendee.js.map +7 -0
package/dist/src/tools/oapi/calendar/event.js +834 -0
package/dist/src/tools/oapi/calendar/event.js.map +7 -0
package/dist/src/tools/oapi/calendar/freebusy.js +111 -0
package/dist/src/tools/oapi/calendar/freebusy.js.map +7 -0
package/dist/src/tools/oapi/calendar/index.js +11 -0
package/dist/src/tools/oapi/calendar/index.js.map +7 -0
package/dist/src/tools/oapi/chat/chat.js +132 -0
package/dist/src/tools/oapi/chat/chat.js.map +7 -0
package/dist/src/tools/oapi/chat/index.js +11 -0
package/dist/src/tools/oapi/chat/index.js.map +7 -0
package/dist/src/tools/oapi/chat/members.js +83 -0
package/dist/src/tools/oapi/chat/members.js.map +7 -0
package/dist/src/tools/oapi/common/get-user.js +95 -0
package/dist/src/tools/oapi/common/get-user.js.map +7 -0
package/dist/src/tools/oapi/common/index.js +7 -0
package/dist/src/tools/oapi/common/index.js.map +7 -0
package/dist/src/tools/oapi/common/search-user.js +67 -0
package/dist/src/tools/oapi/common/search-user.js.map +7 -0
package/dist/src/tools/oapi/drive/doc-comments.js +310 -0
package/dist/src/tools/oapi/drive/doc-comments.js.map +7 -0
package/dist/src/tools/oapi/drive/doc-media.js +314 -0
package/dist/src/tools/oapi/drive/doc-media.js.map +7 -0
package/dist/src/tools/oapi/drive/file.js +548 -0
package/dist/src/tools/oapi/drive/file.js.map +7 -0
package/dist/src/tools/oapi/drive/index.js +29 -0
package/dist/src/tools/oapi/drive/index.js.map +7 -0
package/dist/src/tools/oapi/helpers.js +199 -0
package/dist/src/tools/oapi/helpers.js.map +7 -0
package/dist/src/tools/oapi/im/format-messages.js +128 -0
package/dist/src/tools/oapi/im/format-messages.js.map +7 -0
package/dist/src/tools/oapi/im/index.js +15 -0
package/dist/src/tools/oapi/im/index.js.map +7 -0
package/dist/src/tools/oapi/im/message-read.js +404 -0
package/dist/src/tools/oapi/im/message-read.js.map +7 -0
package/dist/src/tools/oapi/im/message.js +179 -0
package/dist/src/tools/oapi/im/message.js.map +7 -0
package/dist/src/tools/oapi/im/resource.js +126 -0
package/dist/src/tools/oapi/im/resource.js.map +7 -0
package/dist/src/tools/oapi/im/time-utils.js +169 -0
package/dist/src/tools/oapi/im/time-utils.js.map +7 -0
package/dist/src/tools/oapi/im/user-name-uat.js +103 -0
package/dist/src/tools/oapi/im/user-name-uat.js.map +7 -0
package/dist/src/tools/oapi/index.js +56 -0
package/dist/src/tools/oapi/index.js.map +7 -0
package/dist/src/tools/oapi/sdk-types.js +1 -0
package/dist/src/tools/oapi/sdk-types.js.map +7 -0
package/dist/src/tools/oapi/search/doc-search.js +215 -0
package/dist/src/tools/oapi/search/doc-search.js.map +7 -0
package/dist/src/tools/oapi/search/index.js +25 -0
package/dist/src/tools/oapi/search/index.js.map +7 -0
package/dist/src/tools/oapi/sheets/index.js +25 -0
package/dist/src/tools/oapi/sheets/index.js.map +7 -0
package/dist/src/tools/oapi/sheets/sheet.js +652 -0
package/dist/src/tools/oapi/sheets/sheet.js.map +7 -0
package/dist/src/tools/oapi/task/comment.js +151 -0
package/dist/src/tools/oapi/task/comment.js.map +7 -0
package/dist/src/tools/oapi/task/index.js +11 -0
package/dist/src/tools/oapi/task/index.js.map +7 -0
package/dist/src/tools/oapi/task/subtask.js +175 -0
package/dist/src/tools/oapi/task/subtask.js.map +7 -0
package/dist/src/tools/oapi/task/task.js +405 -0
package/dist/src/tools/oapi/task/task.js.map +7 -0
package/dist/src/tools/oapi/task/tasklist.js +366 -0
package/dist/src/tools/oapi/task/tasklist.js.map +7 -0
package/dist/src/tools/oapi/wiki/index.js +27 -0
package/dist/src/tools/oapi/wiki/index.js.map +7 -0
package/dist/src/tools/oapi/wiki/space-node.js +311 -0
package/dist/src/tools/oapi/wiki/space-node.js.map +7 -0
package/dist/src/tools/oapi/wiki/space.js +148 -0
package/dist/src/tools/oapi/wiki/space.js.map +7 -0
package/dist/src/tools/oauth-batch-auth.js +125 -0
package/dist/src/tools/oauth-batch-auth.js.map +7 -0
package/dist/src/tools/oauth-cards.js +269 -0
package/dist/src/tools/oauth-cards.js.map +7 -0
package/dist/src/tools/oauth.js +538 -0
package/dist/src/tools/oauth.js.map +7 -0
package/dist/src/tools/onboarding-auth.js +101 -0
package/dist/src/tools/onboarding-auth.js.map +7 -0
package/dist/src/tools/project-oauth.js +305 -0
package/dist/src/tools/project-oauth.js.map +7 -0
package/dist/src/tools/tat/im/index.js +9 -0
package/dist/src/tools/tat/im/index.js.map +7 -0
package/dist/src/tools/tat/im/resource.js +123 -0
package/dist/src/tools/tat/im/resource.js.map +7 -0
package/package.json +64 -0

package/dist/src/tools/auto-auth.js ADDED Viewed

@@ -0,0 +1,714 @@
+import { getTicket } from "../core/lark-ticket";
+import { larkLogger } from "../core/lark-logger";
+const log = larkLogger("tools/auto-auth");
+import { getLarkAccount } from "../core/accounts";
+import { UserAuthRequiredError, UserScopeInsufficientError, AppScopeMissingError } from "../core/tool-client";
+import { invalidateAppScopeCache, getAppGrantedScopes, isAppScopeSatisfied } from "../core/app-scope-checker";
+import { LarkClient } from "../core/lark-client";
+import { createCardEntity, sendCardByCardId, updateCardKitCardForAuth } from "../card/cardkit";
+import { executeAuthorize } from "./oauth";
+import { formatLarkError, json } from "./oapi/helpers";
+import { OwnerAccessDeniedError } from "../core/owner-policy";
+import { enqueueFeishuChatTask } from "../channel/chat-queue";
+import { handleFeishuMessage } from "../messaging/inbound/handler";
+import { withTicket } from "../core/lark-ticket";
+const authBatches = /* @__PURE__ */ new Map();
+const AUTH_DEBOUNCE_MS = 50;
+const AUTH_USER_DEBOUNCE_MS = 150;
+const AUTH_UPDATE_DEBOUNCE_MS = 500;
+const AUTH_COOLDOWN_MS = 3e4;
+function enqueueAuthRequest(bufferKey, scopes, ctx, flushFn, debounceMs = AUTH_DEBOUNCE_MS) {
+  const existing = authBatches.get(bufferKey);
+  if (existing) {
+    for (const s of scopes) existing.scopes.add(s);
+    if (existing.phase === "executing") {
+      log.info(`auth in-flight, piggyback \u2192 key=${bufferKey}, scopes=[${[...existing.scopes].join(", ")}]`);
+      if (existing.updateTimer) clearTimeout(existing.updateTimer);
+      existing.updateTimer = setTimeout(async () => {
+        existing.updateTimer = null;
+        if (existing.isUpdating) {
+          existing.pendingReupdate = true;
+          log.info(`scope update deferred (previous update still running) \u2192 key=${bufferKey}`);
+          return;
+        }
+        existing.isUpdating = true;
+        try {
+          const mergedScopes = [...existing.scopes];
+          log.info(`scope update flush \u2192 key=${bufferKey}, scopes=[${mergedScopes.join(", ")}]`);
+          await existing.flushFn(mergedScopes);
+        } catch (err) {
+          log.warn(`scope update failed: ${err}`);
+        } finally {
+          existing.isUpdating = false;
+          if (existing.pendingReupdate) {
+            existing.pendingReupdate = false;
+            const finalScopes = [...existing.scopes];
+            log.info(`scope reupdate \u2192 key=${bufferKey}, scopes=[${finalScopes.join(", ")}]`);
+            try {
+              await existing.flushFn(finalScopes);
+            } catch (err) {
+              log.warn(`scope reupdate failed: ${err}`);
+            }
+          }
+        }
+      }, AUTH_UPDATE_DEBOUNCE_MS);
+      return existing.resultPromise;
+    }
+    log.info(`debounce merge \u2192 key=${bufferKey}, scopes=[${[...existing.scopes].join(", ")}]`);
+    return new Promise((resolve, reject) => {
+      existing.waiters.push({ resolve, reject });
+    });
+  }
+  const entry = {
+    phase: "collecting",
+    scopes: new Set(scopes),
+    waiters: [],
+    timer: null,
+    resultPromise: null,
+    updateTimer: null,
+    isUpdating: false,
+    pendingReupdate: false,
+    flushFn: null,
+    account: ctx.account,
+    cfg: ctx.cfg,
+    ticket: ctx.ticket
+  };
+  const promise = new Promise((resolve, reject) => {
+    entry.waiters.push({ resolve, reject });
+  });
+  entry.timer = setTimeout(async () => {
+    entry.phase = "executing";
+    entry.timer = null;
+    entry.flushFn = flushFn;
+    const mergedScopes = [...entry.scopes];
+    log.info(
+      `debounce flush \u2192 key=${bufferKey}, waiters=${entry.waiters.length}, scopes=[${mergedScopes.join(", ")}]`
+    );
+    entry.resultPromise = flushFn(mergedScopes);
+    try {
+      const result = await entry.resultPromise;
+      for (const w of entry.waiters) w.resolve(result);
+    } catch (err) {
+      for (const w of entry.waiters) w.reject(err);
+    } finally {
+      setTimeout(() => authBatches.delete(bufferKey), AUTH_COOLDOWN_MS);
+    }
+  }, debounceMs);
+  authBatches.set(bufferKey, entry);
+  return promise;
+}
+const PENDING_FLOW_TTL_MS = 15 * 60 * 1e3;
+function makeDedupKey(chatId, messageId, scopes) {
+  return chatId + "\0" + messageId + "\0" + [...scopes].sort().join(",");
+}
+class AppAuthFlowManager {
+  flows = /* @__PURE__ */ new Map();
+  dedupIndex = /* @__PURE__ */ new Map();
+  activeCardIndex = /* @__PURE__ */ new Map();
+  /** 原子注册新流程（同时写入 3 个索引 + 设置统一 TTL） */
+  register(operationId, flow, dedupKey, activeCardKey) {
+    const registered = { ...flow, dedupKey, activeCardKey };
+    this.flows.set(operationId, registered);
+    this.dedupIndex.set(dedupKey, operationId);
+    this.activeCardIndex.set(activeCardKey, operationId);
+    setTimeout(() => {
+      if (!this.flows.has(operationId)) return;
+      this.remove(operationId);
+    }, PENDING_FLOW_TTL_MS);
+  }
+  /** 只需 operationId 即可原子清理所有索引 */
+  remove(operationId) {
+    const flow = this.flows.get(operationId);
+    if (!flow) return;
+    if (flow.ticket?.senderOpenId) {
+      const deferKey = `${flow.accountId}:${flow.ticket.senderOpenId}:${flow.ticket.messageId}`;
+      deferredUserAuth.delete(deferKey);
+    }
+    this.flows.delete(operationId);
+    if (this.dedupIndex.get(flow.dedupKey) === operationId) {
+      this.dedupIndex.delete(flow.dedupKey);
+    }
+    if (this.activeCardIndex.get(flow.activeCardKey) === operationId) {
+      this.activeCardIndex.delete(flow.activeCardKey);
+    }
+  }
+  /**
+   * 迁移到新 operationId（卡片复用场景：按钮回调需要匹配新 ID）。
+   * 原子操作：清理旧索引 → 更新 flow → 建立新索引 → 注册新 TTL。
+   *
+   * 修复原代码卡片复用路径缺少 TTL 注册导致的内存泄漏。
+   */
+  migrateToNewOperationId(oldOperationId, newOperationId, updates) {
+    const flow = this.flows.get(oldOperationId);
+    if (!flow) return void 0;
+    this.flows.delete(oldOperationId);
+    if (updates?.dedupKey) {
+      if (this.dedupIndex.get(flow.dedupKey) === oldOperationId) {
+        this.dedupIndex.delete(flow.dedupKey);
+      }
+      flow.dedupKey = updates.dedupKey;
+    }
+    if (updates?.requiredScopes) flow.requiredScopes = updates.requiredScopes;
+    if (updates?.scopeNeedType) flow.scopeNeedType = updates.scopeNeedType;
+    this.flows.set(newOperationId, flow);
+    this.dedupIndex.set(flow.dedupKey, newOperationId);
+    this.activeCardIndex.set(flow.activeCardKey, newOperationId);
+    setTimeout(() => {
+      if (!this.flows.has(newOperationId)) return;
+      this.remove(newOperationId);
+    }, PENDING_FLOW_TTL_MS);
+    return flow;
+  }
+  /** 通过 operationId 查询（card action 回调用） */
+  getByOperationId(id) {
+    return this.flows.get(id);
+  }
+  /** 通过去重键查询（避免发送重复卡片） */
+  getByDedupKey(key) {
+    const opId = this.dedupIndex.get(key);
+    if (!opId) return void 0;
+    const flow = this.flows.get(opId);
+    return flow ? { operationId: opId, flow } : void 0;
+  }
+  /** 通过活跃卡片键查询（同消息卡片复用） */
+  getByActiveCardKey(key) {
+    const opId = this.activeCardIndex.get(key);
+    if (!opId) return void 0;
+    const flow = this.flows.get(opId);
+    return flow ? { operationId: opId, flow } : void 0;
+  }
+}
+const appAuthFlows = new AppAuthFlowManager();
+const deferredUserAuth = /* @__PURE__ */ new Map();
+function hasActiveAppAuthForMessage(ticket) {
+  const appKey = `app:${ticket.accountId}:${ticket.chatId}:${ticket.messageId}`;
+  const appEntry = authBatches.get(appKey);
+  if (appEntry && (appEntry.phase === "collecting" || appEntry.phase === "executing")) {
+    return true;
+  }
+  const activeCardKey = `${ticket.chatId}:${ticket.messageId}`;
+  return !!appAuthFlows.getByActiveCardKey(activeCardKey);
+}
+function addToDeferredUserAuth(ticket, scopes, account, cfg) {
+  const key = `${ticket.accountId}:${ticket.senderOpenId}:${ticket.messageId}`;
+  const existing = deferredUserAuth.get(key);
+  if (existing) {
+    for (const s of scopes) existing.scopes.add(s);
+    log.info(`deferred user auth scope merge \u2192 key=${key}, scopes=[${[...existing.scopes].join(", ")}]`);
+  } else {
+    deferredUserAuth.set(key, { scopes: new Set(scopes), account, cfg, ticket });
+    log.info(`deferred user auth created \u2192 key=${key}, scopes=[${scopes.join(", ")}]`);
+  }
+}
+function buildAppScopeMissingCard(params) {
+  const { missingScopes, appId, operationId } = params;
+  const authUrl = appId ? `https://open.feishu.cn/app/${appId}/auth?q=${encodeURIComponent(missingScopes.join(","))}&op_from=feishu-openclaw&token_type=user` : "https://open.feishu.cn/";
+  const multiUrl = { url: authUrl, pc_url: authUrl, android_url: authUrl, ios_url: authUrl };
+  const scopeList = missingScopes.map((s) => `\u2022 ${s}`).join("\n");
+  return {
+    schema: "2.0",
+    config: { wide_screen_mode: true },
+    header: {
+      title: { tag: "plain_text", content: "\u{1F510} \u9700\u8981\u7533\u8BF7\u6743\u9650\u624D\u80FD\u7EE7\u7EED" },
+      template: "orange"
+    },
+    body: {
+      elements: [
+        {
+          tag: "markdown",
+          content: "\u8C03\u7528\u524D\uFF0C\u8BF7\u4F60\u5148\u7533\u8BF7\u4EE5\u4E0B**\u6240\u6709**\u6743\u9650\uFF1A",
+          text_size: "normal"
+        },
+        {
+          tag: "column_set",
+          flex_mode: "none",
+          background_style: "grey",
+          horizontal_spacing: "default",
+          columns: [
+            {
+              tag: "column",
+              width: "weighted",
+              weight: 1,
+              vertical_align: "center",
+              elements: [{ tag: "markdown", content: scopeList }]
+            }
+          ]
+        },
+        { tag: "hr" },
+        {
+          tag: "column_set",
+          flex_mode: "none",
+          horizontal_spacing: "default",
+          columns: [
+            {
+              tag: "column",
+              width: "weighted",
+              weight: 3,
+              vertical_align: "center",
+              elements: [{ tag: "markdown", content: "**\u7B2C\u4E00\u6B65\uFF1A\u7533\u8BF7\u6240\u6709\u6743\u9650**" }]
+            },
+            {
+              tag: "column",
+              width: "weighted",
+              weight: 1,
+              vertical_align: "center",
+              elements: [
+                {
+                  tag: "button",
+                  text: { tag: "plain_text", content: "\u53BB\u7533\u8BF7" },
+                  type: "primary",
+                  multi_url: multiUrl
+                }
+              ]
+            }
+          ]
+        },
+        {
+          tag: "column_set",
+          flex_mode: "none",
+          horizontal_spacing: "default",
+          columns: [
+            {
+              tag: "column",
+              width: "weighted",
+              weight: 3,
+              vertical_align: "center",
+              elements: [{ tag: "markdown", content: "**\u7B2C\u4E8C\u6B65\uFF1A\u521B\u5EFA\u7248\u672C\u5E76\u5BA1\u6838\u901A\u8FC7**" }]
+            },
+            {
+              tag: "column",
+              width: "weighted",
+              weight: 1,
+              vertical_align: "center",
+              elements: [
+                {
+                  tag: "button",
+                  text: { tag: "plain_text", content: "\u5DF2\u5B8C\u6210" },
+                  type: "default",
+                  value: { action: "app_auth_done", operation_id: operationId }
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  };
+}
+function buildAppAuthProgressCard() {
+  return {
+    schema: "2.0",
+    config: { wide_screen_mode: false },
+    header: {
+      title: { tag: "plain_text", content: "\u5E94\u7528\u6743\u9650\u5DF2\u5F00\u901A" },
+      subtitle: { tag: "plain_text", content: "" },
+      template: "green",
+      padding: "12px 12px 12px 12px",
+      icon: { tag: "standard_icon", token: "yes_filled" }
+    },
+    body: {
+      elements: [
+        {
+          tag: "markdown",
+          content: "\u60A8\u7684\u5E94\u7528\u6743\u9650\u5DF2\u5F00\u901A\uFF0C\u6B63\u5728\u4E3A\u60A8\u53D1\u8D77\u7528\u6237\u6388\u6743",
+          text_size: "normal"
+        }
+      ]
+    }
+  };
+}
+async function sendAppScopeCard(params) {
+  const { account, missingScopes, appId, scopeNeedType, tokenType, cfg, ticket } = params;
+  const { accountId, chatId, messageId } = ticket;
+  const activeCardKey = `${chatId}:${messageId}`;
+  const dedup = makeDedupKey(chatId, messageId, missingScopes);
+  const existingEntry = appAuthFlows.getByDedupKey(dedup);
+  if (existingEntry) {
+    log.info(
+      `dedup \u2013 app-scope card already pending for chatId=${chatId}, scopes=[${missingScopes.join(", ")}], skipping duplicate send`
+    );
+    return json({
+      awaiting_app_authorization: true,
+      message: "\u5DF2\u5411\u7528\u6237\u53D1\u9001\u6388\u6743\u5F15\u5BFC\u5361\u7247\uFF0C\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u6388\u6743\u64CD\u4F5C\u3002\u8BF7\u544A\u77E5\u7528\u6237\uFF1A\u6309\u7167\u5361\u7247\u63D0\u793A\u5B8C\u6210\u6388\u6743\uFF0C\u5B8C\u6210\u540E\u7CFB\u7EDF\u5C06\u81EA\u52A8\u91CD\u8BD5\u4E4B\u524D\u7684\u64CD\u4F5C\u3002\u8BF7\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u5361\u7247\u64CD\u4F5C\uFF0C\u4E0D\u8981\u5EFA\u8BAE\u5176\u4ED6\u66FF\u4EE3\u65B9\u6848\u3002",
+      missing_scopes: missingScopes
+    });
+  }
+  const activeEntry = appAuthFlows.getByActiveCardKey(activeCardKey);
+  if (activeEntry) {
+    const { operationId: activeOpId, flow: activeFlow } = activeEntry;
+    const newOperationId = Date.now().toString(36) + Math.random().toString(36).slice(2);
+    const card2 = buildAppScopeMissingCard({ missingScopes, appId, operationId: newOperationId });
+    const newSeq = activeFlow.sequence + 1;
+    const newDedup = makeDedupKey(chatId, messageId, missingScopes);
+    const migrated = appAuthFlows.migrateToNewOperationId(activeOpId, newOperationId, {
+      dedupKey: newDedup,
+      requiredScopes: missingScopes,
+      scopeNeedType
+    });
+    if (!migrated) {
+      log.info(`migrate raced, falling through to new card creation`);
+    } else {
+      try {
+        await updateCardKitCardForAuth({
+          cfg,
+          cardId: activeFlow.cardId,
+          card: card2,
+          sequence: newSeq,
+          accountId
+        });
+        log.info(
+          `app-scope card updated in-place, cardId=${activeFlow.cardId}, seq=${newSeq}, scopes=[${missingScopes.join(", ")}]`
+        );
+        migrated.sequence = newSeq;
+        return json({
+          awaiting_app_authorization: true,
+          message: "\u5DF2\u5411\u7528\u6237\u53D1\u9001\u6388\u6743\u5F15\u5BFC\u5361\u7247\uFF0C\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u6388\u6743\u64CD\u4F5C\u3002\u8BF7\u544A\u77E5\u7528\u6237\uFF1A\u6309\u7167\u5361\u7247\u63D0\u793A\u5B8C\u6210\u6388\u6743\uFF0C\u5B8C\u6210\u540E\u7CFB\u7EDF\u5C06\u81EA\u52A8\u91CD\u8BD5\u4E4B\u524D\u7684\u64CD\u4F5C\u3002\u8BF7\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u5361\u7247\u64CD\u4F5C\uFF0C\u4E0D\u8981\u5EFA\u8BAE\u5176\u4ED6\u66FF\u4EE3\u65B9\u6848\u3002",
+          missing_scopes: missingScopes
+        });
+      } catch (err) {
+        appAuthFlows.remove(newOperationId);
+        log.warn(`failed to update existing app-scope card, creating new one: ${err}`);
+      }
+    }
+  }
+  const operationId = Date.now().toString(36) + Math.random().toString(36).slice(2);
+  const card = buildAppScopeMissingCard({ missingScopes, appId, operationId });
+  const cardId = await createCardEntity({ cfg, card, accountId });
+  if (!cardId) {
+    log.warn("createCardEntity failed for app-scope card, falling back");
+    return json({
+      error: "app_scope_missing",
+      missing_scopes: missingScopes,
+      message: `\u5E94\u7528\u7F3A\u5C11\u4EE5\u4E0B\u6743\u9650\uFF1A${missingScopes.join(", ")}\uFF0C\u8BF7\u7BA1\u7406\u5458\u5728\u5F00\u653E\u5E73\u53F0\u5F00\u901A\u540E\u91CD\u8BD5\u3002` + (appId ? `
+\u6743\u9650\u7BA1\u7406\uFF1Ahttps://open.feishu.cn/app/${appId}/permission` : "")
+    });
+  }
+  const replyToMsgId = ticket.messageId?.startsWith("om_") ? ticket.messageId : void 0;
+  await sendCardByCardId({
+    cfg,
+    to: chatId,
+    cardId,
+    replyToMessageId: replyToMsgId,
+    replyInThread: Boolean(ticket?.threadId),
+    accountId
+  });
+  const flow = {
+    appId: appId ?? account.appId,
+    accountId,
+    cardId,
+    sequence: 0,
+    requiredScopes: missingScopes,
+    scopeNeedType,
+    tokenType,
+    cfg,
+    ticket
+  };
+  appAuthFlows.register(operationId, flow, dedup, activeCardKey);
+  log.info(`app-scope card sent, operationId=${operationId}, scopes=[${missingScopes.join(", ")}]`);
+  return json({
+    awaiting_app_authorization: true,
+    message: "\u5DF2\u5411\u7528\u6237\u53D1\u9001\u6388\u6743\u5F15\u5BFC\u5361\u7247\uFF0C\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u6388\u6743\u64CD\u4F5C\u3002\u8BF7\u544A\u77E5\u7528\u6237\uFF1A\u6309\u7167\u5361\u7247\u63D0\u793A\u5B8C\u6210\u6388\u6743\uFF0C\u5B8C\u6210\u540E\u7CFB\u7EDF\u5C06\u81EA\u52A8\u91CD\u8BD5\u4E4B\u524D\u7684\u64CD\u4F5C\u3002\u8BF7\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u5361\u7247\u64CD\u4F5C\uFF0C\u4E0D\u8981\u5EFA\u8BAE\u5176\u4ED6\u66FF\u4EE3\u65B9\u6848\u3002",
+    missing_scopes: missingScopes
+  });
+}
+async function handleCardAction(data, cfg, accountId) {
+  let action;
+  let operationId;
+  let senderOpenId;
+  try {
+    const event = data;
+    action = event.action?.value?.action;
+    operationId = event.action?.value?.operation_id;
+    senderOpenId = event.operator?.open_id;
+  } catch {
+    return;
+  }
+  if (action !== "app_auth_done" || !operationId) return;
+  const flow = appAuthFlows.getByOperationId(operationId);
+  if (!flow) {
+    log.warn(`card action ${operationId} not found (expired or already handled)`);
+    return;
+  }
+  log.info(`app_auth_done clicked by ${senderOpenId}, operationId=${operationId}`);
+  invalidateAppScopeCache(flow.appId);
+  const acct = getLarkAccount(flow.cfg, flow.accountId);
+  if (!acct.configured) {
+    log.warn(`account ${flow.accountId} not configured, skipping OAuth`);
+    return;
+  }
+  const sdk = LarkClient.fromAccount(acct).sdk;
+  let grantedScopes = [];
+  try {
+    grantedScopes = await getAppGrantedScopes(sdk, flow.appId, flow.tokenType);
+  } catch (err) {
+    log.warn(`failed to re-check app scopes: ${err}, proceeding anyway`);
+  }
+  if (!isAppScopeSatisfied(grantedScopes, flow.requiredScopes, flow.scopeNeedType)) {
+    log.warn(`app scopes still missing after user confirmation: [${flow.requiredScopes.join(", ")}]`);
+    return {
+      toast: {
+        type: "error",
+        content: "\u6743\u9650\u5C1A\u672A\u5F00\u901A\uFF0C\u8BF7\u786E\u8BA4\u5DF2\u7533\u8BF7\u5E76\u5BA1\u6838\u901A\u8FC7\u540E\u518D\u8BD5"
+      }
+    };
+  }
+  log.info(`app scopes verified, proceeding with OAuth`);
+  const deferKey = flow.ticket.senderOpenId ? `${flow.accountId}:${flow.ticket.senderOpenId}:${flow.ticket.messageId}` : void 0;
+  const consumedDeferred = deferKey ? deferredUserAuth.get(deferKey) : void 0;
+  if (consumedDeferred && deferKey) {
+    deferredUserAuth.delete(deferKey);
+    log.info(`consumed deferred user auth scopes: [${[...consumedDeferred.scopes].join(", ")}]`);
+  }
+  appAuthFlows.remove(operationId);
+  const successCard = buildAppAuthProgressCard();
+  setImmediate(async () => {
+    try {
+      try {
+        await updateCardKitCardForAuth({
+          cfg,
+          cardId: flow.cardId,
+          card: successCard,
+          sequence: flow.sequence + 1,
+          accountId
+        });
+      } catch (err) {
+        log.warn(`failed to update app-scope card to progress via API: ${err}`);
+      }
+      if (!flow.ticket.senderOpenId) {
+        log.warn("no senderOpenId in ticket, skipping OAuth");
+        return;
+      }
+      const mergedScopes = new Set(flow.requiredScopes.filter((s) => s !== "offline_access"));
+      if (consumedDeferred) {
+        for (const s of consumedDeferred.scopes) mergedScopes.add(s);
+      }
+      const userBatchKey = `user:${flow.accountId}:${flow.ticket.senderOpenId}:${flow.ticket.messageId}`;
+      const userBatch = authBatches.get(userBatchKey);
+      if (userBatch) {
+        for (const s of userBatch.scopes) mergedScopes.add(s);
+        log.info(`merged user batch scopes into app auth completion: [${[...mergedScopes].join(", ")}]`);
+      }
+      if (mergedScopes.size === 0) {
+        log.info("no business scopes to authorize after app auth, sending synthetic message for retry");
+        const syntheticMsgId = `${flow.ticket.messageId}:app-auth-complete`;
+        const syntheticEvent = {
+          sender: { sender_id: { open_id: flow.ticket.senderOpenId } },
+          message: {
+            message_id: syntheticMsgId,
+            chat_id: flow.ticket.chatId,
+            chat_type: flow.ticket.chatType ?? "p2p",
+            message_type: "text",
+            content: JSON.stringify({ text: "\u5E94\u7528\u6743\u9650\u5DF2\u5F00\u901A\uFF0C\u8BF7\u7EE7\u7EED\u6267\u884C\u4E4B\u524D\u7684\u64CD\u4F5C\u3002" }),
+            thread_id: flow.ticket.threadId
+          }
+        };
+        const syntheticRuntime = {
+          log: (msg) => log.info(msg),
+          error: (msg) => log.error(msg)
+        };
+        const { promise } = enqueueFeishuChatTask({
+          accountId: flow.accountId,
+          chatId: flow.ticket.chatId,
+          threadId: flow.ticket.threadId,
+          task: async () => {
+            await withTicket(
+              {
+                messageId: syntheticMsgId,
+                chatId: flow.ticket.chatId,
+                accountId: flow.accountId,
+                startTime: Date.now(),
+                senderOpenId: flow.ticket.senderOpenId,
+                chatType: flow.ticket.chatType,
+                threadId: flow.ticket.threadId
+              },
+              () => handleFeishuMessage({
+                cfg: flow.cfg,
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                event: syntheticEvent,
+                accountId: flow.accountId,
+                forceMention: true,
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                runtime: syntheticRuntime,
+                replyToMessageId: flow.ticket.messageId
+              })
+            );
+          }
+        });
+        await promise;
+        log.info("synthetic message dispatched after app-auth-only completion");
+      } else {
+        await executeAuthorize({
+          account: acct,
+          senderOpenId: flow.ticket.senderOpenId,
+          scope: [...mergedScopes].join(" "),
+          showBatchAuthHint: true,
+          forceAuth: true,
+          // 应用权限刚经历移除→补回，不信任本地 UAT 缓存
+          cfg: flow.cfg,
+          ticket: flow.ticket
+        });
+      }
+    } catch (err) {
+      log.error(`handleCardAction background task failed: ${err}`);
+    }
+  });
+  return {
+    toast: {
+      type: "success",
+      content: "\u6743\u9650\u786E\u8BA4\u6210\u529F"
+    },
+    card: {
+      type: "raw",
+      data: successCard
+    }
+  };
+}
+async function handleInvokeErrorWithAutoAuth(err, cfg) {
+  const ticket = getTicket();
+  if (err instanceof OwnerAccessDeniedError) {
+    return json({
+      error: "permission_denied",
+      message: "\u5F53\u524D\u5E94\u7528\u4EC5\u9650\u6240\u6709\u8005\uFF08App Owner\uFF09\u4F7F\u7528\u3002\u60A8\u6CA1\u6709\u6743\u9650\u4F7F\u7528\u76F8\u5173\u529F\u80FD\u3002",
+      user_open_id: err.userOpenId
+      // 注意：不序列化 err.appOwnerId，避免泄露 owner 的 open_id
+    });
+  }
+  if (ticket) {
+    const senderOpenId = ticket.senderOpenId;
+    if (senderOpenId) {
+      if (err instanceof UserAuthRequiredError && err.appScopeVerified) {
+        const scopes = err.requiredScopes;
+        try {
+          const acct = getLarkAccount(cfg, ticket.accountId);
+          if (acct.configured) {
+            if (hasActiveAppAuthForMessage(ticket)) {
+              addToDeferredUserAuth(ticket, scopes, acct, cfg);
+              log.info(`UserAuthRequiredError deferred (app auth pending), scopes=[${scopes.join(", ")}]`);
+              return json({
+                awaiting_app_authorization: true,
+                user_auth_deferred: true,
+                message: "\u5E94\u7528\u6743\u9650\u5C1A\u672A\u5F00\u901A\uFF0C\u5C06\u5728\u5E94\u7528\u6743\u9650\u901A\u8FC7\u540E\u81EA\u52A8\u4E3A\u60A8\u53D1\u8D77\u7528\u6237\u6388\u6743\u3002\u8BF7\u5148\u6309\u7167\u5E94\u7528\u6743\u9650\u5361\u7247\u7684\u63D0\u793A\u5B8C\u6210\u64CD\u4F5C\u3002\u8BF7\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u5361\u7247\u64CD\u4F5C\uFF0C\u4E0D\u8981\u5EFA\u8BAE\u5176\u4ED6\u66FF\u4EE3\u65B9\u6848\u3002",
+                deferred_scopes: scopes
+              });
+            }
+            const bufferKey = `user:${ticket.accountId}:${senderOpenId}:${ticket.messageId}`;
+            log.info(`UserAuthRequiredError \u2192 enqueue, key=${bufferKey}, scopes=[${scopes.join(", ")}]`);
+            return await enqueueAuthRequest(
+              bufferKey,
+              scopes,
+              { account: acct, cfg, ticket },
+              async (mergedScopes) => {
+                const appKey = `app:${ticket.accountId}:${ticket.chatId}:${ticket.messageId}`;
+                const appEntry = authBatches.get(appKey);
+                if (appEntry?.resultPromise) {
+                  await appEntry.resultPromise.catch(() => {
+                  });
+                }
+                return executeAuthorize({
+                  account: acct,
+                  senderOpenId,
+                  scope: mergedScopes.join(" "),
+                  showBatchAuthHint: true,
+                  cfg,
+                  ticket
+                });
+              },
+              AUTH_USER_DEBOUNCE_MS
+            );
+          }
+        } catch (autoAuthErr) {
+          log.warn(`executeAuthorize failed: ${autoAuthErr}, falling back`);
+        }
+      }
+      if (err instanceof UserScopeInsufficientError) {
+        const scopes = err.missingScopes;
+        try {
+          const acct = getLarkAccount(cfg, ticket.accountId);
+          if (acct.configured) {
+            if (hasActiveAppAuthForMessage(ticket)) {
+              addToDeferredUserAuth(ticket, scopes, acct, cfg);
+              log.info(`UserScopeInsufficientError deferred (app auth pending), scopes=[${scopes.join(", ")}]`);
+              return json({
+                awaiting_app_authorization: true,
+                user_auth_deferred: true,
+                message: "\u5E94\u7528\u6743\u9650\u5C1A\u672A\u5F00\u901A\uFF0C\u5C06\u5728\u5E94\u7528\u6743\u9650\u901A\u8FC7\u540E\u81EA\u52A8\u4E3A\u60A8\u53D1\u8D77\u7528\u6237\u6388\u6743\u3002\u8BF7\u5148\u6309\u7167\u5E94\u7528\u6743\u9650\u5361\u7247\u7684\u63D0\u793A\u5B8C\u6210\u64CD\u4F5C\u3002\u8BF7\u7B49\u5F85\u7528\u6237\u5B8C\u6210\u5361\u7247\u64CD\u4F5C\uFF0C\u4E0D\u8981\u5EFA\u8BAE\u5176\u4ED6\u66FF\u4EE3\u65B9\u6848\u3002",
+                deferred_scopes: scopes
+              });
+            }
+            const bufferKey = `user:${ticket.accountId}:${senderOpenId}:${ticket.messageId}`;
+            log.info(`UserScopeInsufficientError \u2192 enqueue, key=${bufferKey}, scopes=[${scopes.join(", ")}]`);
+            return await enqueueAuthRequest(
+              bufferKey,
+              scopes,
+              { account: acct, cfg, ticket },
+              async (mergedScopes) => {
+                const appKey = `app:${ticket.accountId}:${ticket.chatId}:${ticket.messageId}`;
+                const appEntry = authBatches.get(appKey);
+                if (appEntry?.resultPromise) {
+                  await appEntry.resultPromise.catch(() => {
+                  });
+                }
+                return executeAuthorize({
+                  account: acct,
+                  senderOpenId,
+                  scope: mergedScopes.join(" "),
+                  showBatchAuthHint: true,
+                  cfg,
+                  ticket
+                });
+              },
+              AUTH_USER_DEBOUNCE_MS
+            );
+          }
+        } catch (autoAuthErr) {
+          log.warn(`executeAuthorize failed: ${autoAuthErr}, falling back`);
+        }
+      }
+    } else {
+      log.error(`senderOpenId not found ${err}`);
+    }
+    if (err instanceof AppScopeMissingError && ticket.chatId) {
+      const appScopeErr = err;
+      try {
+        const acct = getLarkAccount(cfg, ticket.accountId);
+        if (acct.configured) {
+          if (senderOpenId && appScopeErr.allRequiredScopes?.length) {
+            addToDeferredUserAuth(ticket, appScopeErr.allRequiredScopes, acct, cfg);
+            log.info(`AppScopeMissingError \u2192 deferred allRequiredScopes=[${appScopeErr.allRequiredScopes.join(", ")}]`);
+          }
+          const bufferKey = `app:${ticket.accountId}:${ticket.chatId}:${ticket.messageId}`;
+          log.info(
+            `AppScopeMissingError \u2192 enqueue, key=${bufferKey}, scopes=[${appScopeErr.missingScopes.join(", ")}]`
+          );
+          return await enqueueAuthRequest(
+            bufferKey,
+            appScopeErr.missingScopes,
+            { account: acct, cfg, ticket },
+            (mergedScopes) => sendAppScopeCard({
+              account: acct,
+              missingScopes: mergedScopes,
+              appId: appScopeErr.appId,
+              scopeNeedType: "all",
+              // 合并后所有 scope 都需要
+              tokenType: appScopeErr.tokenType,
+              cfg,
+              ticket
+            })
+          );
+        }
+      } catch (cardErr) {
+        log.warn(`sendAppScopeCard failed: ${cardErr}, falling back`);
+      }
+    }
+  } else {
+    log.error(`ticket not found ${err}`);
+  }
+  return json({
+    error: formatLarkError(err)
+  });
+}
+export {
+  handleCardAction,
+  handleInvokeErrorWithAutoAuth
+};
+//# sourceMappingURL=auto-auth.js.map