@lark-project/openclaw-lark-project 2026.3.131

package/dist/src/tools/onboarding-auth.js

@@ -0,0 +1,101 @@
+import { getLarkAccount } from "../core/accounts";
+import { LarkClient } from "../core/lark-client";
+import { getAppGrantedScopes } from "../core/app-scope-checker";
+import { getAppOwnerFallback } from "../core/app-owner-fallback";
+import { executeAuthorize } from "./oauth";
+import { larkLogger } from "../core/lark-logger";
+import { filterSensitiveScopes } from "../core/tool-scopes";
+const log = larkLogger("tools/onboarding-auth");
+const MAX_SCOPES_PER_BATCH = 100;
+async function triggerOnboarding(params) {
+  const { cfg, userOpenId, accountId } = params;
+  const acct = getLarkAccount(cfg, accountId);
+  if (!acct.configured) {
+    log.warn(`account ${accountId} not configured, skipping`);
+    return;
+  }
+  const sdk = LarkClient.fromAccount(acct).sdk;
+  const { appId } = acct;
+  const ownerOpenId = await getAppOwnerFallback(acct, sdk);
+  if (!ownerOpenId) {
+    log.info(`app ${appId} has no owner info, skipping`);
+    return;
+  }
+  if (userOpenId !== ownerOpenId) {
+    log.info(`user ${userOpenId} is not app owner (${ownerOpenId}), skipping`);
+    return;
+  }
+  log.info(`user ${userOpenId} is app owner, starting OAuth`);
+  let allUserScopes;
+  try {
+    allUserScopes = await getAppGrantedScopes(sdk, appId, "user");
+  } catch (err) {
+    log.warn(`failed to get app granted scopes: ${err}`);
+    return;
+  }
+  allUserScopes = filterSensitiveScopes(allUserScopes);
+  if (allUserScopes.length === 0) {
+    log.info("no user scopes configured, skipping");
+    return;
+  }
+  const batches = [];
+  for (let i = 0; i < allUserScopes.length; i += MAX_SCOPES_PER_BATCH) {
+    batches.push(allUserScopes.slice(i, i + MAX_SCOPES_PER_BATCH));
+  }
+  log.info(`${allUserScopes.length} user scopes, ${batches.length} batch(es)`);
+  const startBatch = async (batchIndex) => {
+    if (batchIndex >= batches.length) {
+      log.info("all batches completed");
+      return;
+    }
+    const batch = batches[batchIndex];
+    const scope = batch.join(" ");
+    let batchInfo = "";
+    if (batches.length > 1) {
+      batchInfo = `
+
+\u{1F4CB} \u6388\u6743\u8FDB\u5EA6\uFF1A\u7B2C ${batchIndex + 1}/${batches.length} \u6279\uFF08\u672C\u6279 ${batch.length} \u4E2A\u6743\u9650\uFF0C\u5171 ${allUserScopes.length} \u4E2A\uFF09`;
+      if (batchIndex < batches.length - 1) {
+        batchInfo += `
+\u6388\u6743\u5B8C\u6210\u540E\u5C06\u81EA\u52A8\u53D1\u8D77\u4E0B\u4E00\u6279\u3002`;
+      } else {
+        batchInfo += `
+\u8FD9\u662F\u6700\u540E\u4E00\u6279\uFF0C\u6388\u6743\u5B8C\u6210\u540E\u5373\u53EF\u4F7F\u7528\u6240\u6709\u529F\u80FD\u3002`;
+      }
+    }
+    const ticket = {
+      messageId: `onboarding:${Date.now()}`,
+      chatId: userOpenId,
+      accountId,
+      startTime: Date.now(),
+      senderOpenId: userOpenId,
+      chatType: "p2p"
+    };
+    log.info(`starting batch ${batchIndex + 1}/${batches.length}, scopes=${batch.length}`);
+    try {
+      await executeAuthorize({
+        account: acct,
+        senderOpenId: userOpenId,
+        scope,
+        isBatchAuth: true,
+        totalAppScopes: allUserScopes.length,
+        alreadyGranted: batchIndex * MAX_SCOPES_PER_BATCH,
+        batchInfo,
+        skipSyntheticMessage: true,
+        cfg,
+        ticket,
+        onAuthComplete: async () => {
+          log.info(`batch ${batchIndex + 1}/${batches.length} auth completed`);
+          await startBatch(batchIndex + 1);
+        }
+      });
+    } catch (err) {
+      log.error(`batch ${batchIndex + 1} failed: ${err}`);
+    }
+  };
+  await startBatch(0);
+}
+export {
+  triggerOnboarding
+};
+//# sourceMappingURL=onboarding-auth.js.map

package/dist/src/tools/onboarding-auth.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/tools/onboarding-auth.ts"],
+  "sourcesContent": ["/**\n * Copyright (c) 2026 ByteDance Ltd. and/or its affiliates\n * SPDX-License-Identifier: MIT\n *\n * Onboarding \u9884\u6388\u6743\u6A21\u5757\u3002\n *\n * \u914D\u5BF9\u540E\u81EA\u52A8\u53D1\u8D77 OAuth Device Flow\uFF0C\u5F15\u5BFC\u5E94\u7528 owner \u5B8C\u6210\u7528\u6237\u6388\u6743\u3002\n * \u4EC5\u5F53\u914D\u5BF9\u7528\u6237 === \u5E94\u7528 owner \u65F6\u89E6\u53D1\u3002\n *\n * \u98DE\u4E66\u9650\u5236\uFF1A\u5355\u6B21 OAuth \u6700\u591A 50 \u4E2A scope\u3002\n * \u8D85\u8FC7 50 \u4E2A\u65F6\u81EA\u52A8\u5206\u6279\u5904\u7406\uFF0C\u6BCF\u6279\u6388\u6743\u5B8C\u6210\u540E\u81EA\u52A8\u53D1\u8D77\u4E0B\u4E00\u6279\uFF08\u94FE\u5F0F\u89E6\u53D1\uFF09\u3002\n */\n\nimport type { ClawdbotConfig } from 'openclaw/plugin-sdk';\nimport { getLarkAccount } from '../core/accounts';\nimport { LarkClient } from '../core/lark-client';\nimport { getAppGrantedScopes } from '../core/app-scope-checker';\nimport { getAppOwnerFallback } from '../core/app-owner-fallback';\nimport { executeAuthorize } from './oauth';\nimport { larkLogger } from '../core/lark-logger';\nimport { filterSensitiveScopes } from '../core/tool-scopes';\n\nconst log = larkLogger('tools/onboarding-auth');\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst MAX_SCOPES_PER_BATCH = 100;\n\n// ---------------------------------------------------------------------------\n// Trigger onboarding\n// ---------------------------------------------------------------------------\n\n/**\n * \u914D\u5BF9\u540E\u89E6\u53D1 onboarding OAuth \u6388\u6743\u3002\n *\n * \u6D41\u7A0B\uFF1A\n *   1. \u68C0\u67E5 userOpenId === \u5E94\u7528 owner\uFF0C\u4E0D\u5339\u914D\u5219\u9759\u9ED8\u8DF3\u8FC7\n *   2. \u8BFB\u53D6 onboarding-scopes.json \u4E2D\u7684 user scope \u5217\u8868\n *   3. \u5206\u6279\u5904\u7406\uFF08\u6BCF\u6279\u6700\u591A 50 \u4E2A\uFF09\uFF0C\u7B2C\u4E00\u6279\u76F4\u63A5\u53D1\u8D77 OAuth Device Flow\n *   4. \u6BCF\u6279\u6388\u6743\u5B8C\u6210\u540E\u901A\u8FC7 onAuthComplete \u56DE\u8C03\u81EA\u52A8\u53D1\u8D77\u4E0B\u4E00\u6279\n */\nexport async function triggerOnboarding(params: {\n  cfg: ClawdbotConfig;\n  userOpenId: string;\n  accountId: string;\n}): Promise<void> {\n  const { cfg, userOpenId, accountId } = params;\n\n  const acct = getLarkAccount(cfg, accountId);\n  if (!acct.configured) {\n    log.warn(`account ${accountId} not configured, skipping`);\n    return;\n  }\n\n  const sdk = LarkClient.fromAccount(acct).sdk;\n  const { appId } = acct;\n\n  // 1. \u68C0\u67E5 userOpenId === \u5E94\u7528 owner\uFF08\u7EDF\u4E00\u8D70 getAppOwnerFallback\uFF09\n  const ownerOpenId = await getAppOwnerFallback(acct, sdk);\n  if (!ownerOpenId) {\n    log.info(`app ${appId} has no owner info, skipping`);\n    return;\n  }\n  if (userOpenId !== ownerOpenId) {\n    log.info(`user ${userOpenId} is not app owner (${ownerOpenId}), skipping`);\n    return;\n  }\n\n  log.info(`user ${userOpenId} is app owner, starting OAuth`);\n\n  // 3. \u52A8\u6001\u83B7\u53D6\u5E94\u7528\u5DF2\u5F00\u901A\u7684 user scope \u5217\u8868\n  let allUserScopes: string[];\n  try {\n    allUserScopes = await getAppGrantedScopes(sdk, appId, 'user');\n  } catch (err) {\n    log.warn(`failed to get app granted scopes: ${err}`);\n    return;\n  }\n\n  // \u8FC7\u6EE4\u6389\u654F\u611F scope\n  allUserScopes = filterSensitiveScopes(allUserScopes);\n\n  if (allUserScopes.length === 0) {\n    log.info('no user scopes configured, skipping');\n    return;\n  }\n\n  // 4. \u5206\u6279\n  const batches: string[][] = [];\n  for (let i = 0; i < allUserScopes.length; i += MAX_SCOPES_PER_BATCH) {\n    batches.push(allUserScopes.slice(i, i + MAX_SCOPES_PER_BATCH));\n  }\n\n  log.info(`${allUserScopes.length} user scopes, ${batches.length} batch(es)`);\n\n  // 5. \u94FE\u5F0F\u53D1\u8D77\u6388\u6743\uFF08\u7B2C\u4E00\u6279\u540C\u6B65\u53D1\u8D77\uFF0C\u540E\u7EED\u6279\u6B21\u7531 onAuthComplete \u56DE\u8C03\u89E6\u53D1\uFF09\n  const startBatch = async (batchIndex: number): Promise<void> => {\n    if (batchIndex >= batches.length) {\n      log.info('all batches completed');\n      return;\n    }\n\n    const batch = batches[batchIndex];\n    const scope = batch.join(' ');\n\n    let batchInfo = '';\n    if (batches.length > 1) {\n      batchInfo =\n        `\\n\\n\uD83D\uDCCB \u6388\u6743\u8FDB\u5EA6\uFF1A\u7B2C ${batchIndex + 1}/${batches.length} \u6279` +\n        `\uFF08\u672C\u6279 ${batch.length} \u4E2A\u6743\u9650\uFF0C\u5171 ${allUserScopes.length} \u4E2A\uFF09`;\n      if (batchIndex < batches.length - 1) {\n        batchInfo += `\\n\u6388\u6743\u5B8C\u6210\u540E\u5C06\u81EA\u52A8\u53D1\u8D77\u4E0B\u4E00\u6279\u3002`;\n      } else {\n        batchInfo += `\\n\u8FD9\u662F\u6700\u540E\u4E00\u6279\uFF0C\u6388\u6743\u5B8C\u6210\u540E\u5373\u53EF\u4F7F\u7528\u6240\u6709\u529F\u80FD\u3002`;\n      }\n    }\n\n    const ticket = {\n      messageId: `onboarding:${Date.now()}`,\n      chatId: userOpenId,\n      accountId,\n      startTime: Date.now(),\n      senderOpenId: userOpenId,\n      chatType: 'p2p' as const,\n    };\n\n    log.info(`starting batch ${batchIndex + 1}/${batches.length}, scopes=${batch.length}`);\n\n    try {\n      await executeAuthorize({\n        account: acct,\n        senderOpenId: userOpenId,\n        scope,\n        isBatchAuth: true,\n        totalAppScopes: allUserScopes.length,\n        alreadyGranted: batchIndex * MAX_SCOPES_PER_BATCH,\n        batchInfo,\n        skipSyntheticMessage: true,\n        cfg,\n        ticket,\n        onAuthComplete: async () => {\n          log.info(`batch ${batchIndex + 1}/${batches.length} auth completed`);\n          await startBatch(batchIndex + 1);\n        },\n      });\n    } catch (err) {\n      log.error(`batch ${batchIndex + 1} failed: ${err}`);\n    }\n  };\n\n  await startBatch(0);\n}\n"],
+  "mappings": "AAcA,SAAS,sBAAsB;AAC/B,SAAS,kBAAkB;AAC3B,SAAS,2BAA2B;AACpC,SAAS,2BAA2B;AACpC,SAAS,wBAAwB;AACjC,SAAS,kBAAkB;AAC3B,SAAS,6BAA6B;AAEtC,MAAM,MAAM,WAAW,uBAAuB;AAM9C,MAAM,uBAAuB;AAe7B,eAAsB,kBAAkB,QAItB;AAChB,QAAM,EAAE,KAAK,YAAY,UAAU,IAAI;AAEvC,QAAM,OAAO,eAAe,KAAK,SAAS;AAC1C,MAAI,CAAC,KAAK,YAAY;AACpB,QAAI,KAAK,WAAW,SAAS,2BAA2B;AACxD;AAAA,EACF;AAEA,QAAM,MAAM,WAAW,YAAY,IAAI,EAAE;AACzC,QAAM,EAAE,MAAM,IAAI;AAGlB,QAAM,cAAc,MAAM,oBAAoB,MAAM,GAAG;AACvD,MAAI,CAAC,aAAa;AAChB,QAAI,KAAK,OAAO,KAAK,8BAA8B;AACnD;AAAA,EACF;AACA,MAAI,eAAe,aAAa;AAC9B,QAAI,KAAK,QAAQ,UAAU,sBAAsB,WAAW,aAAa;AACzE;AAAA,EACF;AAEA,MAAI,KAAK,QAAQ,UAAU,+BAA+B;AAG1D,MAAI;AACJ,MAAI;AACF,oBAAgB,MAAM,oBAAoB,KAAK,OAAO,MAAM;AAAA,EAC9D,SAAS,KAAK;AACZ,QAAI,KAAK,qCAAqC,GAAG,EAAE;AACnD;AAAA,EACF;AAGA,kBAAgB,sBAAsB,aAAa;AAEnD,MAAI,cAAc,WAAW,GAAG;AAC9B,QAAI,KAAK,qCAAqC;AAC9C;AAAA,EACF;AAGA,QAAM,UAAsB,CAAC;AAC7B,WAAS,IAAI,GAAG,IAAI,cAAc,QAAQ,KAAK,sBAAsB;AACnE,YAAQ,KAAK,cAAc,MAAM,GAAG,IAAI,oBAAoB,CAAC;AAAA,EAC/D;AAEA,MAAI,KAAK,GAAG,cAAc,MAAM,iBAAiB,QAAQ,MAAM,YAAY;AAG3E,QAAM,aAAa,OAAO,eAAsC;AAC9D,QAAI,cAAc,QAAQ,QAAQ;AAChC,UAAI,KAAK,uBAAuB;AAChC;AAAA,IACF;AAEA,UAAM,QAAQ,QAAQ,UAAU;AAChC,UAAM,QAAQ,MAAM,KAAK,GAAG;AAE5B,QAAI,YAAY;AAChB,QAAI,QAAQ,SAAS,GAAG;AACtB,kBACE;AAAA;AAAA,iDAAiB,aAAa,CAAC,IAAI,QAAQ,MAAM,6BAC1C,MAAM,MAAM,mCAAU,cAAc,MAAM;AACnD,UAAI,aAAa,QAAQ,SAAS,GAAG;AACnC,qBAAa;AAAA;AAAA,MACf,OAAO;AACL,qBAAa;AAAA;AAAA,MACf;AAAA,IACF;AAEA,UAAM,SAAS;AAAA,MACb,WAAW,cAAc,KAAK,IAAI,CAAC;AAAA,MACnC,QAAQ;AAAA,MACR;AAAA,MACA,WAAW,KAAK,IAAI;AAAA,MACpB,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAEA,QAAI,KAAK,kBAAkB,aAAa,CAAC,IAAI,QAAQ,MAAM,YAAY,MAAM,MAAM,EAAE;AAErF,QAAI;AACF,YAAM,iBAAiB;AAAA,QACrB,SAAS;AAAA,QACT,cAAc;AAAA,QACd;AAAA,QACA,aAAa;AAAA,QACb,gBAAgB,cAAc;AAAA,QAC9B,gBAAgB,aAAa;AAAA,QAC7B;AAAA,QACA,sBAAsB;AAAA,QACtB;AAAA,QACA;AAAA,QACA,gBAAgB,YAAY;AAC1B,cAAI,KAAK,SAAS,aAAa,CAAC,IAAI,QAAQ,MAAM,iBAAiB;AACnE,gBAAM,WAAW,aAAa,CAAC;AAAA,QACjC;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,MAAM,SAAS,aAAa,CAAC,YAAY,GAAG,EAAE;AAAA,IACpD;AAAA,EACF;AAEA,QAAM,WAAW,CAAC;AACpB;",
+  "names": []
+}

package/dist/src/tools/project-oauth.js

@@ -0,0 +1,305 @@
+import { Type } from "@sinclair/typebox";
+import { getTicket } from "../core/lark-ticket";
+import { larkLogger } from "../core/lark-logger";
+import { formatLarkError } from "../core/api-error";
+import {
+  startLocalAuthFlow,
+  prepareRemoteAuth,
+  completeRemoteAuth
+} from "../core/project-auth";
+import {
+  getProjectStoredToken,
+  setProjectStoredToken,
+  removeProjectStoredToken,
+  projectTokenStatus,
+  getProjectClientId
+} from "../core/project-token-store";
+import { getProjectMcpEndpoint } from "../tools/mcp/project/endpoint";
+import { createCardEntity, sendCardByCardId, updateCardKitCardForAuth } from "../card/cardkit";
+import { buildAuthCard, buildAuthSuccessCard, buildAuthFailedCard } from "./oauth-cards";
+import { json } from "./oapi/helpers";
+const log = larkLogger("tools/project-oauth");
+const FeishuProjectOAuthSchema = Type.Object(
+  {
+    action: Type.Union(
+      [
+        Type.Literal("authorize"),
+        Type.Literal("complete_auth"),
+        Type.Literal("status"),
+        Type.Literal("revoke")
+      ],
+      {
+        description: "authorize: \u53D1\u8D77\u98DE\u4E66\u9879\u76EE\u6388\u6743; complete_auth: \u8FDC\u7A0B\u6A21\u5F0F\u4E0B\u56DE\u4F20 callback URL \u5B8C\u6210\u6388\u6743; status: \u68C0\u67E5\u6388\u6743\u72B6\u6001; revoke: \u64A4\u9500\u6388\u6743"
+      }
+    ),
+    callback_url: Type.Optional(
+      Type.String({
+        description: "\u4EC5 complete_auth \u65F6\u9700\u8981\uFF1A\u7528\u6237\u4ECE\u6D4F\u89C8\u5668\u5730\u5740\u680F\u590D\u5236\u7684\u5B8C\u6574\u56DE\u8C03 URL"
+      })
+    )
+  },
+  {
+    description: "\u98DE\u4E66\u9879\u76EE\uFF08Meego\uFF09\u72EC\u7ACB\u6388\u6743\u5DE5\u5177\u3002\u98DE\u4E66\u9879\u76EE\u7684\u6388\u6743\u4E0E\u98DE\u4E66 IM/\u6587\u6863\u7684\u6388\u6743\u4E0D\u5171\u4EAB\uFF0C\u9996\u6B21\u4F7F\u7528\u9700\u5355\u72EC\u6388\u6743\u3002"
+  }
+);
+const pendingLocalFlows = /* @__PURE__ */ new Map();
+const pendingRemoteSessions = /* @__PURE__ */ new Map();
+function fk(userOpenId) {
+  return `project:${userOpenId}`;
+}
+function buildTokenFromOAuth(userOpenId, clientId, tokens) {
+  const now = Date.now();
+  const expiresIn = tokens.expires_in ?? 7200;
+  const refreshExpiresIn = 30 * 24 * 3600;
+  return {
+    userOpenId,
+    appId: clientId,
+    accessToken: tokens.access_token,
+    refreshToken: tokens.refresh_token ?? "",
+    expiresAt: now + expiresIn * 1e3,
+    refreshExpiresAt: now + refreshExpiresIn * 1e3,
+    scope: tokens.scope ?? "",
+    grantedAt: now
+  };
+}
+async function isAlreadyAuthorized(senderOpenId) {
+  const clientId = await getProjectClientId(senderOpenId);
+  if (!clientId) return false;
+  const existing = await getProjectStoredToken(clientId, senderOpenId);
+  return !!existing && projectTokenStatus(existing) !== "expired";
+}
+async function tryLocalAuth(mcpEndpoint) {
+  try {
+    return await startLocalAuthFlow(mcpEndpoint);
+  } catch (err) {
+    log.info(`local auth unavailable, falling back to remote: ${err instanceof Error ? err.message : err}`);
+    return null;
+  }
+}
+function registerFeishuProjectOAuthTool(api) {
+  if (!api.config) return;
+  const cfg = api.config;
+  api.registerTool(
+    {
+      name: "feishu_project_oauth",
+      label: "Feishu Project OAuth",
+      description: "\u98DE\u4E66\u9879\u76EE\uFF08Meego\uFF09\u72EC\u7ACB\u6388\u6743\u5DE5\u5177\u3002\u98DE\u4E66\u9879\u76EE\u7684\u6388\u6743\u4E0E\u98DE\u4E66 IM/\u6587\u6863\u7684\u6388\u6743\u4E0D\u5171\u4EAB\uFF0C\u9996\u6B21\u4F7F\u7528\u98DE\u4E66\u9879\u76EE\u529F\u80FD\u65F6\u9700\u8981\u5355\u72EC\u6388\u6743\u3002\u8C03\u7528 authorize \u81EA\u52A8\u53D1\u8D77\u6388\u6743\u6D41\u7A0B\u3002\u5982\u679C\u63D0\u793A\u9700\u8981\u624B\u52A8\u56DE\u4F20 URL\uFF0C\u518D\u8C03\u7528 complete_auth\u3002",
+      parameters: FeishuProjectOAuthSchema,
+      async execute(_toolCallId, params) {
+        const p = params;
+        const ticket = getTicket();
+        const senderOpenId = ticket?.senderOpenId;
+        if (!senderOpenId) {
+          return json({
+            error: "\u65E0\u6CD5\u83B7\u53D6\u5F53\u524D\u7528\u6237\u8EAB\u4EFD\uFF08senderOpenId\uFF09\uFF0C\u8BF7\u5728\u98DE\u4E66\u5BF9\u8BDD\u4E2D\u4F7F\u7528\u6B64\u5DE5\u5177\u3002"
+          });
+        }
+        const accountId = ticket.accountId;
+        const mcpEndpoint = getProjectMcpEndpoint(cfg);
+        try {
+          switch (p.action) {
+            // ---------------------------------------------------------------
+            // STATUS
+            // ---------------------------------------------------------------
+            case "status": {
+              const clientId = await getProjectClientId(senderOpenId);
+              if (!clientId) {
+                return json({
+                  authorized: false,
+                  message: "\u98DE\u4E66\u9879\u76EE\u672A\u6388\u6743\u3002\u8BF7\u8C03\u7528 authorize \u53D1\u8D77\u6388\u6743\u3002"
+                });
+              }
+              const existing = await getProjectStoredToken(clientId, senderOpenId);
+              if (!existing) {
+                return json({
+                  authorized: false,
+                  message: "\u98DE\u4E66\u9879\u76EE\u672A\u6388\u6743\u3002\u8BF7\u8C03\u7528 authorize \u53D1\u8D77\u6388\u6743\u3002"
+                });
+              }
+              const status = projectTokenStatus(existing);
+              return json({
+                authorized: status !== "expired",
+                token_status: status,
+                scope: existing.scope,
+                granted_at: existing.grantedAt ? new Date(existing.grantedAt).toISOString() : void 0,
+                expires_at: existing.expiresAt ? new Date(existing.expiresAt).toISOString() : void 0
+              });
+            }
+            // ---------------------------------------------------------------
+            // AUTHORIZE（自动选择本地/远程）
+            // ---------------------------------------------------------------
+            case "authorize": {
+              if (await isAlreadyAuthorized(senderOpenId)) {
+                return json({
+                  success: true,
+                  message: "\u98DE\u4E66\u9879\u76EE\u5DF2\u6388\u6743\uFF0C\u65E0\u9700\u91CD\u590D\u6388\u6743\u3002",
+                  authorized: true
+                });
+              }
+              const chatId = ticket.chatId;
+              if (!chatId) {
+                return json({ error: "\u65E0\u6CD5\u786E\u5B9A\u53D1\u9001\u76EE\u6807" });
+              }
+              const key = fk(senderOpenId);
+              const oldLocal = pendingLocalFlows.get(key);
+              if (oldLocal) {
+                oldLocal.superseded = true;
+                oldLocal.controller.abort();
+                await oldLocal.close().catch(() => {
+                });
+                pendingLocalFlows.delete(key);
+              }
+              pendingRemoteSessions.delete(key);
+              const local = await tryLocalAuth(mcpEndpoint);
+              if (local) {
+                const { session: session2, waitForCode, port, close } = local;
+                const authCard2 = buildAuthCard({
+                  verificationUriComplete: session2.authorizationUrl,
+                  expiresMin: 5
+                });
+                const cardId2 = await createCardEntity({ cfg, card: authCard2, accountId });
+                if (!cardId2) {
+                  await close();
+                  return json({ error: "\u521B\u5EFA\u6388\u6743\u5361\u7247\u5931\u8D25" });
+                }
+                await sendCardByCardId({
+                  cfg,
+                  to: chatId,
+                  cardId: cardId2,
+                  replyToMessageId: ticket.messageId?.startsWith("om_") ? ticket.messageId : void 0,
+                  replyInThread: Boolean(ticket.threadId),
+                  accountId
+                });
+                const abortController = new AbortController();
+                let seq = 1;
+                const currentFlow = {
+                  controller: abortController,
+                  cardId: cardId2,
+                  sequence: seq,
+                  superseded: false,
+                  close
+                };
+                pendingLocalFlows.set(key, currentFlow);
+                waitForCode().then(async (result) => {
+                  if (currentFlow.superseded) return;
+                  const storedToken = buildTokenFromOAuth(senderOpenId, result.clientId, result.tokens);
+                  await setProjectStoredToken(storedToken);
+                  try {
+                    await updateCardKitCardForAuth({
+                      cfg,
+                      cardId: cardId2,
+                      card: buildAuthSuccessCard(),
+                      sequence: ++seq,
+                      accountId
+                    });
+                  } catch (e) {
+                    log.warn(`failed to update project auth card to success: ${e}`);
+                  }
+                }).catch(async (err) => {
+                  if (currentFlow.superseded) return;
+                  log.error(`project local auth failed: ${err}`);
+                  try {
+                    const msg = err instanceof Error ? err.message : String(err);
+                    await updateCardKitCardForAuth({
+                      cfg,
+                      cardId: cardId2,
+                      card: buildAuthFailedCard(msg),
+                      sequence: ++seq,
+                      accountId
+                    });
+                  } catch (e) {
+                    log.warn(`failed to update project auth card to failure: ${e}`);
+                  }
+                }).finally(async () => {
+                  await close().catch(() => {
+                  });
+                  if (pendingLocalFlows.get(key) === currentFlow) {
+                    pendingLocalFlows.delete(key);
+                  }
+                });
+                return json({
+                  success: true,
+                  mode: "local",
+                  message: "\u5DF2\u53D1\u9001\u98DE\u4E66\u9879\u76EE\u6388\u6743\u5361\u7247\uFF0C\u8BF7\u70B9\u51FB\u94FE\u63A5\u5B8C\u6210\u6388\u6743\u3002\u6388\u6743\u5B8C\u6210\u540E\u5C06\u81EA\u52A8\u751F\u6548\u3002",
+                  awaiting_authorization: true,
+                  callback_port: port
+                });
+              }
+              const session = await prepareRemoteAuth(mcpEndpoint);
+              pendingRemoteSessions.set(key, session);
+              const authCard = buildAuthCard({
+                verificationUriComplete: session.authorizationUrl,
+                expiresMin: 10
+              });
+              const cardId = await createCardEntity({ cfg, card: authCard, accountId });
+              if (cardId) {
+                await sendCardByCardId({
+                  cfg,
+                  to: chatId,
+                  cardId,
+                  replyToMessageId: ticket.messageId?.startsWith("om_") ? ticket.messageId : void 0,
+                  replyInThread: Boolean(ticket.threadId),
+                  accountId
+                });
+              }
+              return json({
+                success: true,
+                mode: "remote",
+                message: "\u5DF2\u53D1\u9001\u98DE\u4E66\u9879\u76EE\u6388\u6743\u5361\u7247\u3002\u8BF7\u70B9\u51FB\u94FE\u63A5\u5728\u6D4F\u89C8\u5668\u4E2D\u5B8C\u6210\u6388\u6743\u3002\u6388\u6743\u540E\u6D4F\u89C8\u5668\u4F1A\u8DF3\u8F6C\u5230\u4E00\u4E2A\u65E0\u6CD5\u8BBF\u95EE\u7684\u5730\u5740\uFF08http://127.0.0.1:...\uFF09\uFF0C\u8BF7\u4ECE\u6D4F\u89C8\u5668\u5730\u5740\u680F\u590D\u5236\u5B8C\u6574 URL\uFF0C\u7136\u540E\u8C03\u7528 complete_auth \u5E76\u4F20\u5165 callback_url \u53C2\u6570\u3002",
+                authorization_url: session.authorizationUrl,
+                awaiting_callback_url: true
+              });
+            }
+            // ---------------------------------------------------------------
+            // COMPLETE_AUTH（远程模式下用户回传 callback URL）
+            // ---------------------------------------------------------------
+            case "complete_auth": {
+              if (!p.callback_url) {
+                return json({
+                  error: "\u8BF7\u63D0\u4F9B callback_url \u53C2\u6570\uFF08\u4ECE\u6D4F\u89C8\u5668\u5730\u5740\u680F\u590D\u5236\u7684\u5B8C\u6574 URL\uFF09\u3002"
+                });
+              }
+              const key = fk(senderOpenId);
+              const session = pendingRemoteSessions.get(key);
+              if (!session) {
+                return json({
+                  error: "\u6CA1\u6709\u5F85\u5B8C\u6210\u7684\u6388\u6743\u6D41\u7A0B\u3002\u8BF7\u5148\u8C03\u7528 authorize \u53D1\u8D77\u6388\u6743\u3002"
+                });
+              }
+              const result = await completeRemoteAuth(session, p.callback_url);
+              pendingRemoteSessions.delete(key);
+              const storedToken = buildTokenFromOAuth(senderOpenId, result.clientId, result.tokens);
+              await setProjectStoredToken(storedToken);
+              return json({
+                success: true,
+                message: "\u98DE\u4E66\u9879\u76EE\u6388\u6743\u6210\u529F\uFF01",
+                authorized: true
+              });
+            }
+            // ---------------------------------------------------------------
+            // REVOKE
+            // ---------------------------------------------------------------
+            case "revoke": {
+              const clientId = await getProjectClientId(senderOpenId);
+              if (clientId) {
+                await removeProjectStoredToken(clientId, senderOpenId);
+              }
+              return json({ success: true, message: "\u98DE\u4E66\u9879\u76EE\u6388\u6743\u5DF2\u64A4\u9500\u3002" });
+            }
+            default:
+              return json({ error: `\u672A\u77E5\u64CD\u4F5C: ${p.action}` });
+          }
+        } catch (err) {
+          log.error(`project oauth ${p.action} failed: ${err}`);
+          return json({ error: formatLarkError(err) });
+        }
+      }
+    },
+    { name: "feishu_project_oauth" }
+  );
+  api.logger.info?.("feishu_project_oauth: Registered feishu_project_oauth tool");
+}
+export {
+  registerFeishuProjectOAuthTool
+};
+//# sourceMappingURL=project-oauth.js.map

package/dist/src/tools/project-oauth.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/tools/project-oauth.ts"],
+  "sourcesContent": ["/**\n * Copyright (c) 2026 ByteDance Ltd. and/or its affiliates\n * SPDX-License-Identifier: MIT\n *\n * feishu_project_oauth \u2014 \u98DE\u4E66\u9879\u76EE\uFF08Meego\uFF09\u72EC\u7ACB OAuth \u6388\u6743\u5DE5\u5177\u3002\n *\n * \u57FA\u4E8E MCP \u6807\u51C6 OAuth\uFF08Authorization Code + PKCE + \u52A8\u6001\u5BA2\u6237\u7AEF\u6CE8\u518C\uFF09\uFF0C\n * \u4E0D\u9700\u8981 appId/appSecret\u3002\n *\n * \u5355\u4E00 authorize action \u81EA\u52A8\u5224\u65AD\u8FD0\u884C\u73AF\u5883\uFF1A\n *   - \u672C\u5730\uFF08\u80FD\u7ED1\u7AEF\u53E3\uFF09\uFF1A\u542F\u52A8\u56DE\u8C03\u670D\u52A1\u5668\uFF0C\u6D4F\u89C8\u5668\u91CD\u5B9A\u5411\u81EA\u52A8\u5B8C\u6210\n *   - \u8FDC\u7A0B\uFF08\u7ED1\u7AEF\u53E3\u5931\u8D25 / headless\uFF09\uFF1A\u964D\u7EA7\u4E3A\u53D1\u9001\u6388\u6743\u94FE\u63A5\uFF0C\u7B49\u7528\u6237\u56DE\u4F20 callback URL\n *\n * Actions:\n *   - authorize      : \u53D1\u8D77\u6388\u6743\uFF08\u81EA\u52A8\u9009\u62E9\u672C\u5730/\u8FDC\u7A0B\u6A21\u5F0F\uFF09\n *   - complete_auth  : \u8FDC\u7A0B\u6A21\u5F0F\u4E0B\uFF0C\u7528\u6237\u56DE\u4F20 callback URL \u5B8C\u6210\u6388\u6743\n *   - status         : \u68C0\u67E5\u98DE\u4E66\u9879\u76EE\u6388\u6743\u72B6\u6001\n *   - revoke         : \u64A4\u9500\u98DE\u4E66\u9879\u76EE\u6388\u6743\n */\n\nimport type { OpenClawPluginApi } from 'openclaw/plugin-sdk';\nimport { Type } from '@sinclair/typebox';\nimport { getTicket } from '../core/lark-ticket';\nimport { larkLogger } from '../core/lark-logger';\nimport { formatLarkError } from '../core/api-error';\nimport {\n  startLocalAuthFlow,\n  prepareRemoteAuth,\n  completeRemoteAuth,\n  type ProjectAuthSession,\n} from '../core/project-auth';\nimport {\n  getProjectStoredToken,\n  setProjectStoredToken,\n  removeProjectStoredToken,\n  projectTokenStatus,\n  getProjectClientId,\n} from '../core/project-token-store';\nimport type { StoredUAToken } from '../core/token-store';\nimport { getProjectMcpEndpoint } from '../tools/mcp/project/endpoint';\nimport { createCardEntity, sendCardByCardId, updateCardKitCardForAuth } from '../card/cardkit';\nimport { buildAuthCard, buildAuthSuccessCard, buildAuthFailedCard } from './oauth-cards';\nimport { json } from './oapi/helpers';\n\nconst log = larkLogger('tools/project-oauth');\n\n// ---------------------------------------------------------------------------\n// Schema\n// ---------------------------------------------------------------------------\n\nconst FeishuProjectOAuthSchema = Type.Object(\n  {\n    action: Type.Union(\n      [\n        Type.Literal('authorize'),\n        Type.Literal('complete_auth'),\n        Type.Literal('status'),\n        Type.Literal('revoke'),\n      ],\n      {\n        description:\n          'authorize: \u53D1\u8D77\u98DE\u4E66\u9879\u76EE\u6388\u6743; ' +\n          'complete_auth: \u8FDC\u7A0B\u6A21\u5F0F\u4E0B\u56DE\u4F20 callback URL \u5B8C\u6210\u6388\u6743; ' +\n          'status: \u68C0\u67E5\u6388\u6743\u72B6\u6001; revoke: \u64A4\u9500\u6388\u6743',\n      },\n    ),\n    callback_url: Type.Optional(\n      Type.String({\n        description: '\u4EC5 complete_auth \u65F6\u9700\u8981\uFF1A\u7528\u6237\u4ECE\u6D4F\u89C8\u5668\u5730\u5740\u680F\u590D\u5236\u7684\u5B8C\u6574\u56DE\u8C03 URL',\n      }),\n    ),\n  },\n  {\n    description:\n      '\u98DE\u4E66\u9879\u76EE\uFF08Meego\uFF09\u72EC\u7ACB\u6388\u6743\u5DE5\u5177\u3002\u98DE\u4E66\u9879\u76EE\u7684\u6388\u6743\u4E0E\u98DE\u4E66 IM/\u6587\u6863\u7684\u6388\u6743\u4E0D\u5171\u4EAB\uFF0C\u9996\u6B21\u4F7F\u7528\u9700\u5355\u72EC\u6388\u6743\u3002',\n  },\n);\n\ninterface FeishuProjectOAuthParams {\n  action: 'authorize' | 'complete_auth' | 'status' | 'revoke';\n  callback_url?: string;\n}\n\n// ---------------------------------------------------------------------------\n// In-flight state\n// ---------------------------------------------------------------------------\n\ninterface PendingLocalFlow {\n  controller: AbortController;\n  cardId: string;\n  sequence: number;\n  superseded: boolean;\n  close: () => Promise<void>;\n}\n\nconst pendingLocalFlows = new Map<string, PendingLocalFlow>();\nconst pendingRemoteSessions = new Map<string, ProjectAuthSession>();\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\nfunction fk(userOpenId: string): string {\n  return `project:${userOpenId}`;\n}\n\nfunction buildTokenFromOAuth(\n  userOpenId: string,\n  clientId: string,\n  tokens: { access_token: string; refresh_token?: string; expires_in?: number; scope?: string },\n): StoredUAToken {\n  const now = Date.now();\n  const expiresIn = tokens.expires_in ?? 7200;\n  const refreshExpiresIn = 30 * 24 * 3600;\n  return {\n    userOpenId,\n    appId: clientId,\n    accessToken: tokens.access_token,\n    refreshToken: tokens.refresh_token ?? '',\n    expiresAt: now + expiresIn * 1000,\n    refreshExpiresAt: now + refreshExpiresIn * 1000,\n    scope: tokens.scope ?? '',\n    grantedAt: now,\n  };\n}\n\nasync function isAlreadyAuthorized(senderOpenId: string): Promise<boolean> {\n  const clientId = await getProjectClientId(senderOpenId);\n  if (!clientId) return false;\n  const existing = await getProjectStoredToken(clientId, senderOpenId);\n  return !!existing && projectTokenStatus(existing) !== 'expired';\n}\n\n/**\n * \u5C1D\u8BD5\u542F\u52A8\u672C\u5730\u56DE\u8C03\u670D\u52A1\u5668\u3002\n * \u6210\u529F\u8FD4\u56DE flow \u5BF9\u8C61\uFF1B\u5931\u8D25\uFF08\u7AEF\u53E3\u7ED1\u5B9A\u5931\u8D25\u7B49\uFF09\u8FD4\u56DE null\uFF0C\u8C03\u7528\u65B9\u964D\u7EA7\u4E3A\u8FDC\u7A0B\u6A21\u5F0F\u3002\n */\nasync function tryLocalAuth(mcpEndpoint: string) {\n  try {\n    return await startLocalAuthFlow(mcpEndpoint);\n  } catch (err) {\n    log.info(`local auth unavailable, falling back to remote: ${err instanceof Error ? err.message : err}`);\n    return null;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Registration\n// ---------------------------------------------------------------------------\n\nexport function registerFeishuProjectOAuthTool(api: OpenClawPluginApi) {\n  if (!api.config) return;\n\n  const cfg = api.config;\n\n  api.registerTool(\n    {\n      name: 'feishu_project_oauth',\n      label: 'Feishu Project OAuth',\n      description:\n        '\u98DE\u4E66\u9879\u76EE\uFF08Meego\uFF09\u72EC\u7ACB\u6388\u6743\u5DE5\u5177\u3002' +\n        '\u98DE\u4E66\u9879\u76EE\u7684\u6388\u6743\u4E0E\u98DE\u4E66 IM/\u6587\u6863\u7684\u6388\u6743\u4E0D\u5171\u4EAB\uFF0C\u9996\u6B21\u4F7F\u7528\u98DE\u4E66\u9879\u76EE\u529F\u80FD\u65F6\u9700\u8981\u5355\u72EC\u6388\u6743\u3002' +\n        '\u8C03\u7528 authorize \u81EA\u52A8\u53D1\u8D77\u6388\u6743\u6D41\u7A0B\u3002\u5982\u679C\u63D0\u793A\u9700\u8981\u624B\u52A8\u56DE\u4F20 URL\uFF0C\u518D\u8C03\u7528 complete_auth\u3002',\n      parameters: FeishuProjectOAuthSchema,\n\n      async execute(_toolCallId: string, params: unknown) {\n        const p = params as FeishuProjectOAuthParams;\n\n        const ticket = getTicket();\n        const senderOpenId = ticket?.senderOpenId;\n        if (!senderOpenId) {\n          return json({\n            error: '\u65E0\u6CD5\u83B7\u53D6\u5F53\u524D\u7528\u6237\u8EAB\u4EFD\uFF08senderOpenId\uFF09\uFF0C\u8BF7\u5728\u98DE\u4E66\u5BF9\u8BDD\u4E2D\u4F7F\u7528\u6B64\u5DE5\u5177\u3002',\n          });\n        }\n\n        const accountId = ticket.accountId;\n        const mcpEndpoint = getProjectMcpEndpoint(cfg);\n\n        try {\n          switch (p.action) {\n            // ---------------------------------------------------------------\n            // STATUS\n            // ---------------------------------------------------------------\n            case 'status': {\n              const clientId = await getProjectClientId(senderOpenId);\n              if (!clientId) {\n                return json({\n                  authorized: false,\n                  message: '\u98DE\u4E66\u9879\u76EE\u672A\u6388\u6743\u3002\u8BF7\u8C03\u7528 authorize \u53D1\u8D77\u6388\u6743\u3002',\n                });\n              }\n              const existing = await getProjectStoredToken(clientId, senderOpenId);\n              if (!existing) {\n                return json({\n                  authorized: false,\n                  message: '\u98DE\u4E66\u9879\u76EE\u672A\u6388\u6743\u3002\u8BF7\u8C03\u7528 authorize \u53D1\u8D77\u6388\u6743\u3002',\n                });\n              }\n              const status = projectTokenStatus(existing);\n              return json({\n                authorized: status !== 'expired',\n                token_status: status,\n                scope: existing.scope,\n                granted_at: existing.grantedAt ? new Date(existing.grantedAt).toISOString() : undefined,\n                expires_at: existing.expiresAt ? new Date(existing.expiresAt).toISOString() : undefined,\n              });\n            }\n\n            // ---------------------------------------------------------------\n            // AUTHORIZE\uFF08\u81EA\u52A8\u9009\u62E9\u672C\u5730/\u8FDC\u7A0B\uFF09\n            // ---------------------------------------------------------------\n            case 'authorize': {\n              if (await isAlreadyAuthorized(senderOpenId)) {\n                return json({\n                  success: true,\n                  message: '\u98DE\u4E66\u9879\u76EE\u5DF2\u6388\u6743\uFF0C\u65E0\u9700\u91CD\u590D\u6388\u6743\u3002',\n                  authorized: true,\n                });\n              }\n\n              const chatId = ticket.chatId;\n              if (!chatId) {\n                return json({ error: '\u65E0\u6CD5\u786E\u5B9A\u53D1\u9001\u76EE\u6807' });\n              }\n\n              // Cancel any existing local flow\n              const key = fk(senderOpenId);\n              const oldLocal = pendingLocalFlows.get(key);\n              if (oldLocal) {\n                oldLocal.superseded = true;\n                oldLocal.controller.abort();\n                await oldLocal.close().catch(() => {});\n                pendingLocalFlows.delete(key);\n              }\n              pendingRemoteSessions.delete(key);\n\n              // --- \u5C1D\u8BD5\u672C\u5730\u6A21\u5F0F ---\n              const local = await tryLocalAuth(mcpEndpoint);\n\n              if (local) {\n                // \u672C\u5730\u6A21\u5F0F\uFF1A\u542F\u52A8\u56DE\u8C03\u670D\u52A1\u5668\u6210\u529F\n                const { session, waitForCode, port, close } = local;\n\n                const authCard = buildAuthCard({\n                  verificationUriComplete: session.authorizationUrl,\n                  expiresMin: 5,\n                });\n                const cardId = await createCardEntity({ cfg, card: authCard, accountId });\n                if (!cardId) {\n                  await close();\n                  return json({ error: '\u521B\u5EFA\u6388\u6743\u5361\u7247\u5931\u8D25' });\n                }\n\n                await sendCardByCardId({\n                  cfg,\n                  to: chatId,\n                  cardId,\n                  replyToMessageId: ticket.messageId?.startsWith('om_') ? ticket.messageId : undefined,\n                  replyInThread: Boolean(ticket.threadId),\n                  accountId,\n                });\n\n                const abortController = new AbortController();\n                let seq = 1;\n                const currentFlow: PendingLocalFlow = {\n                  controller: abortController,\n                  cardId,\n                  sequence: seq,\n                  superseded: false,\n                  close,\n                };\n                pendingLocalFlows.set(key, currentFlow);\n\n                waitForCode()\n                  .then(async (result) => {\n                    if (currentFlow.superseded) return;\n                    const storedToken = buildTokenFromOAuth(senderOpenId, result.clientId, result.tokens);\n                    await setProjectStoredToken(storedToken);\n                    try {\n                      await updateCardKitCardForAuth({\n                        cfg, cardId, card: buildAuthSuccessCard(), sequence: ++seq, accountId,\n                      });\n                    } catch (e) {\n                      log.warn(`failed to update project auth card to success: ${e}`);\n                    }\n                  })\n                  .catch(async (err) => {\n                    if (currentFlow.superseded) return;\n                    log.error(`project local auth failed: ${err}`);\n                    try {\n                      const msg = err instanceof Error ? err.message : String(err);\n                      await updateCardKitCardForAuth({\n                        cfg, cardId, card: buildAuthFailedCard(msg), sequence: ++seq, accountId,\n                      });\n                    } catch (e) {\n                      log.warn(`failed to update project auth card to failure: ${e}`);\n                    }\n                  })\n                  .finally(async () => {\n                    await close().catch(() => {});\n                    if (pendingLocalFlows.get(key) === currentFlow) {\n                      pendingLocalFlows.delete(key);\n                    }\n                  });\n\n                return json({\n                  success: true,\n                  mode: 'local',\n                  message: '\u5DF2\u53D1\u9001\u98DE\u4E66\u9879\u76EE\u6388\u6743\u5361\u7247\uFF0C\u8BF7\u70B9\u51FB\u94FE\u63A5\u5B8C\u6210\u6388\u6743\u3002\u6388\u6743\u5B8C\u6210\u540E\u5C06\u81EA\u52A8\u751F\u6548\u3002',\n                  awaiting_authorization: true,\n                  callback_port: port,\n                });\n              }\n\n              // --- \u964D\u7EA7\u4E3A\u8FDC\u7A0B\u6A21\u5F0F ---\n              const session = await prepareRemoteAuth(mcpEndpoint);\n              pendingRemoteSessions.set(key, session);\n\n              const authCard = buildAuthCard({\n                verificationUriComplete: session.authorizationUrl,\n                expiresMin: 10,\n              });\n              const cardId = await createCardEntity({ cfg, card: authCard, accountId });\n              if (cardId) {\n                await sendCardByCardId({\n                  cfg,\n                  to: chatId,\n                  cardId,\n                  replyToMessageId: ticket.messageId?.startsWith('om_') ? ticket.messageId : undefined,\n                  replyInThread: Boolean(ticket.threadId),\n                  accountId,\n                });\n              }\n\n              return json({\n                success: true,\n                mode: 'remote',\n                message:\n                  '\u5DF2\u53D1\u9001\u98DE\u4E66\u9879\u76EE\u6388\u6743\u5361\u7247\u3002\u8BF7\u70B9\u51FB\u94FE\u63A5\u5728\u6D4F\u89C8\u5668\u4E2D\u5B8C\u6210\u6388\u6743\u3002' +\n                  '\u6388\u6743\u540E\u6D4F\u89C8\u5668\u4F1A\u8DF3\u8F6C\u5230\u4E00\u4E2A\u65E0\u6CD5\u8BBF\u95EE\u7684\u5730\u5740\uFF08http://127.0.0.1:...\uFF09\uFF0C' +\n                  '\u8BF7\u4ECE\u6D4F\u89C8\u5668\u5730\u5740\u680F\u590D\u5236\u5B8C\u6574 URL\uFF0C\u7136\u540E\u8C03\u7528 complete_auth \u5E76\u4F20\u5165 callback_url \u53C2\u6570\u3002',\n                authorization_url: session.authorizationUrl,\n                awaiting_callback_url: true,\n              });\n            }\n\n            // ---------------------------------------------------------------\n            // COMPLETE_AUTH\uFF08\u8FDC\u7A0B\u6A21\u5F0F\u4E0B\u7528\u6237\u56DE\u4F20 callback URL\uFF09\n            // ---------------------------------------------------------------\n            case 'complete_auth': {\n              if (!p.callback_url) {\n                return json({\n                  error: '\u8BF7\u63D0\u4F9B callback_url \u53C2\u6570\uFF08\u4ECE\u6D4F\u89C8\u5668\u5730\u5740\u680F\u590D\u5236\u7684\u5B8C\u6574 URL\uFF09\u3002',\n                });\n              }\n\n              const key = fk(senderOpenId);\n              const session = pendingRemoteSessions.get(key);\n              if (!session) {\n                return json({\n                  error: '\u6CA1\u6709\u5F85\u5B8C\u6210\u7684\u6388\u6743\u6D41\u7A0B\u3002\u8BF7\u5148\u8C03\u7528 authorize \u53D1\u8D77\u6388\u6743\u3002',\n                });\n              }\n\n              const result = await completeRemoteAuth(session, p.callback_url);\n              pendingRemoteSessions.delete(key);\n\n              const storedToken = buildTokenFromOAuth(senderOpenId, result.clientId, result.tokens);\n              await setProjectStoredToken(storedToken);\n\n              return json({\n                success: true,\n                message: '\u98DE\u4E66\u9879\u76EE\u6388\u6743\u6210\u529F\uFF01',\n                authorized: true,\n              });\n            }\n\n            // ---------------------------------------------------------------\n            // REVOKE\n            // ---------------------------------------------------------------\n            case 'revoke': {\n              const clientId = await getProjectClientId(senderOpenId);\n              if (clientId) {\n                await removeProjectStoredToken(clientId, senderOpenId);\n              }\n              return json({ success: true, message: '\u98DE\u4E66\u9879\u76EE\u6388\u6743\u5DF2\u64A4\u9500\u3002' });\n            }\n\n            default:\n              return json({ error: `\u672A\u77E5\u64CD\u4F5C: ${(p as { action: string }).action}` });\n          }\n        } catch (err) {\n          log.error(`project oauth ${p.action} failed: ${err}`);\n          return json({ error: formatLarkError(err) });\n        }\n      },\n    },\n    { name: 'feishu_project_oauth' },\n  );\n\n  api.logger.info?.('feishu_project_oauth: Registered feishu_project_oauth tool');\n}\n"],
+  "mappings": "AAqBA,SAAS,YAAY;AACrB,SAAS,iBAAiB;AAC1B,SAAS,kBAAkB;AAC3B,SAAS,uBAAuB;AAChC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,6BAA6B;AACtC,SAAS,kBAAkB,kBAAkB,gCAAgC;AAC7E,SAAS,eAAe,sBAAsB,2BAA2B;AACzE,SAAS,YAAY;AAErB,MAAM,MAAM,WAAW,qBAAqB;AAM5C,MAAM,2BAA2B,KAAK;AAAA,EACpC;AAAA,IACE,QAAQ,KAAK;AAAA,MACX;AAAA,QACE,KAAK,QAAQ,WAAW;AAAA,QACxB,KAAK,QAAQ,eAAe;AAAA,QAC5B,KAAK,QAAQ,QAAQ;AAAA,QACrB,KAAK,QAAQ,QAAQ;AAAA,MACvB;AAAA,MACA;AAAA,QACE,aACE;AAAA,MAGJ;AAAA,IACF;AAAA,IACA,cAAc,KAAK;AAAA,MACjB,KAAK,OAAO;AAAA,QACV,aAAa;AAAA,MACf,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EACA;AAAA,IACE,aACE;AAAA,EACJ;AACF;AAmBA,MAAM,oBAAoB,oBAAI,IAA8B;AAC5D,MAAM,wBAAwB,oBAAI,IAAgC;AAMlE,SAAS,GAAG,YAA4B;AACtC,SAAO,WAAW,UAAU;AAC9B;AAEA,SAAS,oBACP,YACA,UACA,QACe;AACf,QAAM,MAAM,KAAK,IAAI;AACrB,QAAM,YAAY,OAAO,cAAc;AACvC,QAAM,mBAAmB,KAAK,KAAK;AACnC,SAAO;AAAA,IACL;AAAA,IACA,OAAO;AAAA,IACP,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO,iBAAiB;AAAA,IACtC,WAAW,MAAM,YAAY;AAAA,IAC7B,kBAAkB,MAAM,mBAAmB;AAAA,IAC3C,OAAO,OAAO,SAAS;AAAA,IACvB,WAAW;AAAA,EACb;AACF;AAEA,eAAe,oBAAoB,cAAwC;AACzE,QAAM,WAAW,MAAM,mBAAmB,YAAY;AACtD,MAAI,CAAC,SAAU,QAAO;AACtB,QAAM,WAAW,MAAM,sBAAsB,UAAU,YAAY;AACnE,SAAO,CAAC,CAAC,YAAY,mBAAmB,QAAQ,MAAM;AACxD;AAMA,eAAe,aAAa,aAAqB;AAC/C,MAAI;AACF,WAAO,MAAM,mBAAmB,WAAW;AAAA,EAC7C,SAAS,KAAK;AACZ,QAAI,KAAK,mDAAmD,eAAe,QAAQ,IAAI,UAAU,GAAG,EAAE;AACtG,WAAO;AAAA,EACT;AACF;AAMO,SAAS,+BAA+B,KAAwB;AACrE,MAAI,CAAC,IAAI,OAAQ;AAEjB,QAAM,MAAM,IAAI;AAEhB,MAAI;AAAA,IACF;AAAA,MACE,MAAM;AAAA,MACN,OAAO;AAAA,MACP,aACE;AAAA,MAGF,YAAY;AAAA,MAEZ,MAAM,QAAQ,aAAqB,QAAiB;AAClD,cAAM,IAAI;AAEV,cAAM,SAAS,UAAU;AACzB,cAAM,eAAe,QAAQ;AAC7B,YAAI,CAAC,cAAc;AACjB,iBAAO,KAAK;AAAA,YACV,OAAO;AAAA,UACT,CAAC;AAAA,QACH;AAEA,cAAM,YAAY,OAAO;AACzB,cAAM,cAAc,sBAAsB,GAAG;AAE7C,YAAI;AACF,kBAAQ,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA,YAIhB,KAAK,UAAU;AACb,oBAAM,WAAW,MAAM,mBAAmB,YAAY;AACtD,kBAAI,CAAC,UAAU;AACb,uBAAO,KAAK;AAAA,kBACV,YAAY;AAAA,kBACZ,SAAS;AAAA,gBACX,CAAC;AAAA,cACH;AACA,oBAAM,WAAW,MAAM,sBAAsB,UAAU,YAAY;AACnE,kBAAI,CAAC,UAAU;AACb,uBAAO,KAAK;AAAA,kBACV,YAAY;AAAA,kBACZ,SAAS;AAAA,gBACX,CAAC;AAAA,cACH;AACA,oBAAM,SAAS,mBAAmB,QAAQ;AAC1C,qBAAO,KAAK;AAAA,gBACV,YAAY,WAAW;AAAA,gBACvB,cAAc;AAAA,gBACd,OAAO,SAAS;AAAA,gBAChB,YAAY,SAAS,YAAY,IAAI,KAAK,SAAS,SAAS,EAAE,YAAY,IAAI;AAAA,gBAC9E,YAAY,SAAS,YAAY,IAAI,KAAK,SAAS,SAAS,EAAE,YAAY,IAAI;AAAA,cAChF,CAAC;AAAA,YACH;AAAA;AAAA;AAAA;AAAA,YAKA,KAAK,aAAa;AAChB,kBAAI,MAAM,oBAAoB,YAAY,GAAG;AAC3C,uBAAO,KAAK;AAAA,kBACV,SAAS;AAAA,kBACT,SAAS;AAAA,kBACT,YAAY;AAAA,gBACd,CAAC;AAAA,cACH;AAEA,oBAAM,SAAS,OAAO;AACtB,kBAAI,CAAC,QAAQ;AACX,uBAAO,KAAK,EAAE,OAAO,mDAAW,CAAC;AAAA,cACnC;AAGA,oBAAM,MAAM,GAAG,YAAY;AAC3B,oBAAM,WAAW,kBAAkB,IAAI,GAAG;AAC1C,kBAAI,UAAU;AACZ,yBAAS,aAAa;AACtB,yBAAS,WAAW,MAAM;AAC1B,sBAAM,SAAS,MAAM,EAAE,MAAM,MAAM;AAAA,gBAAC,CAAC;AACrC,kCAAkB,OAAO,GAAG;AAAA,cAC9B;AACA,oCAAsB,OAAO,GAAG;AAGhC,oBAAM,QAAQ,MAAM,aAAa,WAAW;AAE5C,kBAAI,OAAO;AAET,sBAAM,EAAE,SAAAA,UAAS,aAAa,MAAM,MAAM,IAAI;AAE9C,sBAAMC,YAAW,cAAc;AAAA,kBAC7B,yBAAyBD,SAAQ;AAAA,kBACjC,YAAY;AAAA,gBACd,CAAC;AACD,sBAAME,UAAS,MAAM,iBAAiB,EAAE,KAAK,MAAMD,WAAU,UAAU,CAAC;AACxE,oBAAI,CAACC,SAAQ;AACX,wBAAM,MAAM;AACZ,yBAAO,KAAK,EAAE,OAAO,mDAAW,CAAC;AAAA,gBACnC;AAEA,sBAAM,iBAAiB;AAAA,kBACrB;AAAA,kBACA,IAAI;AAAA,kBACJ,QAAAA;AAAA,kBACA,kBAAkB,OAAO,WAAW,WAAW,KAAK,IAAI,OAAO,YAAY;AAAA,kBAC3E,eAAe,QAAQ,OAAO,QAAQ;AAAA,kBACtC;AAAA,gBACF,CAAC;AAED,sBAAM,kBAAkB,IAAI,gBAAgB;AAC5C,oBAAI,MAAM;AACV,sBAAM,cAAgC;AAAA,kBACpC,YAAY;AAAA,kBACZ,QAAAA;AAAA,kBACA,UAAU;AAAA,kBACV,YAAY;AAAA,kBACZ;AAAA,gBACF;AACA,kCAAkB,IAAI,KAAK,WAAW;AAEtC,4BAAY,EACT,KAAK,OAAO,WAAW;AACtB,sBAAI,YAAY,WAAY;AAC5B,wBAAM,cAAc,oBAAoB,cAAc,OAAO,UAAU,OAAO,MAAM;AACpF,wBAAM,sBAAsB,WAAW;AACvC,sBAAI;AACF,0BAAM,yBAAyB;AAAA,sBAC7B;AAAA,sBAAK,QAAAA;AAAA,sBAAQ,MAAM,qBAAqB;AAAA,sBAAG,UAAU,EAAE;AAAA,sBAAK;AAAA,oBAC9D,CAAC;AAAA,kBACH,SAAS,GAAG;AACV,wBAAI,KAAK,kDAAkD,CAAC,EAAE;AAAA,kBAChE;AAAA,gBACF,CAAC,EACA,MAAM,OAAO,QAAQ;AACpB,sBAAI,YAAY,WAAY;AAC5B,sBAAI,MAAM,8BAA8B,GAAG,EAAE;AAC7C,sBAAI;AACF,0BAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC3D,0BAAM,yBAAyB;AAAA,sBAC7B;AAAA,sBAAK,QAAAA;AAAA,sBAAQ,MAAM,oBAAoB,GAAG;AAAA,sBAAG,UAAU,EAAE;AAAA,sBAAK;AAAA,oBAChE,CAAC;AAAA,kBACH,SAAS,GAAG;AACV,wBAAI,KAAK,kDAAkD,CAAC,EAAE;AAAA,kBAChE;AAAA,gBACF,CAAC,EACA,QAAQ,YAAY;AACnB,wBAAM,MAAM,EAAE,MAAM,MAAM;AAAA,kBAAC,CAAC;AAC5B,sBAAI,kBAAkB,IAAI,GAAG,MAAM,aAAa;AAC9C,sCAAkB,OAAO,GAAG;AAAA,kBAC9B;AAAA,gBACF,CAAC;AAEH,uBAAO,KAAK;AAAA,kBACV,SAAS;AAAA,kBACT,MAAM;AAAA,kBACN,SAAS;AAAA,kBACT,wBAAwB;AAAA,kBACxB,eAAe;AAAA,gBACjB,CAAC;AAAA,cACH;AAGA,oBAAM,UAAU,MAAM,kBAAkB,WAAW;AACnD,oCAAsB,IAAI,KAAK,OAAO;AAEtC,oBAAM,WAAW,cAAc;AAAA,gBAC7B,yBAAyB,QAAQ;AAAA,gBACjC,YAAY;AAAA,cACd,CAAC;AACD,oBAAM,SAAS,MAAM,iBAAiB,EAAE,KAAK,MAAM,UAAU,UAAU,CAAC;AACxE,kBAAI,QAAQ;AACV,sBAAM,iBAAiB;AAAA,kBACrB;AAAA,kBACA,IAAI;AAAA,kBACJ;AAAA,kBACA,kBAAkB,OAAO,WAAW,WAAW,KAAK,IAAI,OAAO,YAAY;AAAA,kBAC3E,eAAe,QAAQ,OAAO,QAAQ;AAAA,kBACtC;AAAA,gBACF,CAAC;AAAA,cACH;AAEA,qBAAO,KAAK;AAAA,gBACV,SAAS;AAAA,gBACT,MAAM;AAAA,gBACN,SACE;AAAA,gBAGF,mBAAmB,QAAQ;AAAA,gBAC3B,uBAAuB;AAAA,cACzB,CAAC;AAAA,YACH;AAAA;AAAA;AAAA;AAAA,YAKA,KAAK,iBAAiB;AACpB,kBAAI,CAAC,EAAE,cAAc;AACnB,uBAAO,KAAK;AAAA,kBACV,OAAO;AAAA,gBACT,CAAC;AAAA,cACH;AAEA,oBAAM,MAAM,GAAG,YAAY;AAC3B,oBAAM,UAAU,sBAAsB,IAAI,GAAG;AAC7C,kBAAI,CAAC,SAAS;AACZ,uBAAO,KAAK;AAAA,kBACV,OAAO;AAAA,gBACT,CAAC;AAAA,cACH;AAEA,oBAAM,SAAS,MAAM,mBAAmB,SAAS,EAAE,YAAY;AAC/D,oCAAsB,OAAO,GAAG;AAEhC,oBAAM,cAAc,oBAAoB,cAAc,OAAO,UAAU,OAAO,MAAM;AACpF,oBAAM,sBAAsB,WAAW;AAEvC,qBAAO,KAAK;AAAA,gBACV,SAAS;AAAA,gBACT,SAAS;AAAA,gBACT,YAAY;AAAA,cACd,CAAC;AAAA,YACH;AAAA;AAAA;AAAA;AAAA,YAKA,KAAK,UAAU;AACb,oBAAM,WAAW,MAAM,mBAAmB,YAAY;AACtD,kBAAI,UAAU;AACZ,sBAAM,yBAAyB,UAAU,YAAY;AAAA,cACvD;AACA,qBAAO,KAAK,EAAE,SAAS,MAAM,SAAS,+DAAa,CAAC;AAAA,YACtD;AAAA,YAEA;AACE,qBAAO,KAAK,EAAE,OAAO,6BAAU,EAAyB,MAAM,GAAG,CAAC;AAAA,UACtE;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,MAAM,iBAAiB,EAAE,MAAM,YAAY,GAAG,EAAE;AACpD,iBAAO,KAAK,EAAE,OAAO,gBAAgB,GAAG,EAAE,CAAC;AAAA,QAC7C;AAAA,MACF;AAAA,IACF;AAAA,IACA,EAAE,MAAM,uBAAuB;AAAA,EACjC;AAEA,MAAI,OAAO,OAAO,4DAA4D;AAChF;",
+  "names": ["session", "authCard", "cardId"]
+}

package/dist/src/tools/tat/im/index.js

@@ -0,0 +1,9 @@
+import { registerFeishuImBotImageTool } from "./resource";
+function registerFeishuImTools(api) {
+  registerFeishuImBotImageTool(api);
+  api.logger.info?.("feishu_im: Registered feishu_im_bot_image");
+}
+export {
+  registerFeishuImTools
+};
+//# sourceMappingURL=index.js.map

package/dist/src/tools/tat/im/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/tools/tat/im/index.ts"],
+  "sourcesContent": ["/**\n * Copyright (c) 2026 ByteDance Ltd. and/or its affiliates\n * SPDX-License-Identifier: MIT\n *\n * IM \u5DE5\u5177\u96C6\n * \u7EDF\u4E00\u5BFC\u51FA\u6240\u6709\u5373\u65F6\u901A\u8BAF\u76F8\u5173\u5DE5\u5177\u7684\u6CE8\u518C\u51FD\u6570\n */\n\nimport type { OpenClawPluginApi } from 'openclaw/plugin-sdk';\nimport { registerFeishuImBotImageTool } from './resource';\n\n/**\n * \u6CE8\u518C\u6240\u6709 IM \u5DE5\u5177\n *\n * Note: feishu_im_message_reaction \u548C feishu_im_message_recall \u5DF2\u79FB\u9664\uFF0C\n * \u5176\u529F\u80FD\u7531 ChannelMessageActionAdapter (actions.ts) \u7684 react/delete action \u7EDF\u4E00\u8986\u76D6\u3002\n */\nexport function registerFeishuImTools(api: OpenClawPluginApi) {\n  registerFeishuImBotImageTool(api);\n  api.logger.info?.('feishu_im: Registered feishu_im_bot_image');\n}\n"],
+  "mappings": "AASA,SAAS,oCAAoC;AAQtC,SAAS,sBAAsB,KAAwB;AAC5D,+BAA6B,GAAG;AAChC,MAAI,OAAO,OAAO,2CAA2C;AAC/D;",
+  "names": []
+}

package/dist/src/tools/tat/im/resource.js

@@ -0,0 +1,123 @@
+import { buildRandomTempFilePath } from "openclaw/plugin-sdk";
+import { Type } from "@sinclair/typebox";
+import { json, createToolContext, formatLarkError } from "../../oapi/helpers";
+import * as fsPromises from "node:fs/promises";
+import * as path from "node:path";
+const MIME_TO_EXT = {
+  "image/png": ".png",
+  "image/jpeg": ".jpg",
+  "image/jpg": ".jpg",
+  "image/gif": ".gif",
+  "image/webp": ".webp",
+  "image/svg+xml": ".svg",
+  "image/bmp": ".bmp",
+  "image/tiff": ".tiff",
+  "video/mp4": ".mp4",
+  "video/mpeg": ".mpeg",
+  "video/quicktime": ".mov",
+  "video/x-msvideo": ".avi",
+  "video/webm": ".webm",
+  "audio/mpeg": ".mp3",
+  "audio/wav": ".wav",
+  "audio/ogg": ".ogg",
+  "audio/mp4": ".m4a",
+  "application/pdf": ".pdf",
+  "application/msword": ".doc",
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document": ".docx",
+  "application/vnd.ms-excel": ".xls",
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": ".xlsx",
+  "application/vnd.ms-powerpoint": ".ppt",
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation": ".pptx",
+  "application/zip": ".zip",
+  "application/x-rar-compressed": ".rar",
+  "text/plain": ".txt",
+  "application/json": ".json"
+};
+async function extractBuffer(res) {
+  let chunks;
+  if (typeof res.getReadableStream === "function") {
+    const stream = res.getReadableStream();
+    chunks = [];
+    for await (const chunk of stream) {
+      chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    }
+  } else if (Buffer.isBuffer(res)) {
+    chunks = [res];
+  } else if (Buffer.isBuffer(res?.data)) {
+    chunks = [res.data];
+  } else {
+    throw new Error("\u65E0\u6CD5\u4ECE\u54CD\u5E94\u4E2D\u63D0\u53D6\u4E8C\u8FDB\u5236\u6570\u636E");
+  }
+  const buffer = Buffer.concat(chunks);
+  const contentType = res.headers?.["content-type"] ?? "";
+  return { buffer, contentType };
+}
+async function saveToTempFile(buffer, contentType, prefix) {
+  const mimeType = contentType ? contentType.split(";")[0].trim() : "";
+  const mimeExt = mimeType ? MIME_TO_EXT[mimeType] : void 0;
+  const filePath = buildRandomTempFilePath({
+    prefix,
+    extension: mimeExt
+  });
+  await fsPromises.mkdir(path.dirname(filePath), { recursive: true });
+  await fsPromises.writeFile(filePath, buffer);
+  return filePath;
+}
+const FeishuImBotImageSchema = Type.Object({
+  message_id: Type.String({
+    description: "\u6D88\u606F ID\uFF08om_xxx \u683C\u5F0F\uFF09\uFF0C\u5F15\u7528\u6D88\u606F\u53EF\u4ECE\u4E0A\u4E0B\u6587\u4E2D\u7684 [message_id=om_xxx] \u63D0\u53D6"
+  }),
+  file_key: Type.String({
+    description: "\u8D44\u6E90 Key\uFF0C\u56FE\u7247\u6D88\u606F\u7684 image_key\uFF08img_xxx\uFF09\u6216\u6587\u4EF6\u6D88\u606F\u7684 file_key\uFF08file_xxx\uFF09"
+  }),
+  type: Type.Union([Type.Literal("image"), Type.Literal("file")], {
+    description: "\u8D44\u6E90\u7C7B\u578B\uFF1Aimage\uFF08\u56FE\u7247\u6D88\u606F\u4E2D\u7684\u56FE\u7247\uFF09\u3001file\uFF08\u6587\u4EF6/\u97F3\u9891/\u89C6\u9891\u6D88\u606F\u4E2D\u7684\u6587\u4EF6\uFF09"
+  })
+});
+function registerFeishuImBotImageTool(api) {
+  if (!api.config) return;
+  const { getClient, log } = createToolContext(api, "feishu_im_bot_image");
+  api.registerTool(
+    {
+      name: "feishu_im_bot_image",
+      label: "Feishu: IM Bot Image Download",
+      description: "\u3010\u4EE5\u673A\u5668\u4EBA\u8EAB\u4EFD\u3011\u4E0B\u8F7D\u98DE\u4E66 IM \u6D88\u606F\u4E2D\u7684\u56FE\u7247\u6216\u6587\u4EF6\u8D44\u6E90\u5230\u672C\u5730\u3002\n\n\u9002\u7528\u573A\u666F\uFF1A\u7528\u6237\u76F4\u63A5\u53D1\u9001\u7ED9\u673A\u5668\u4EBA\u7684\u6D88\u606F\u3001\u7528\u6237\u5F15\u7528\u7684\u6D88\u606F\u3001\u673A\u5668\u4EBA\u6536\u5230\u7684\u7FA4\u804A\u6D88\u606F\u4E2D\u7684\u56FE\u7247/\u6587\u4EF6\u3002\u5373\u5F53\u524D\u5BF9\u8BDD\u4E0A\u4E0B\u6587\u4E2D\u51FA\u73B0\u7684 message_id \u548C image_key/file_key\uFF0C\u5E94\u4F7F\u7528\u672C\u5DE5\u5177\u4E0B\u8F7D\u3002\n\u5F15\u7528\u6D88\u606F\u7684 message_id \u53EF\u4ECE\u4E0A\u4E0B\u6587\u4E2D\u7684 [message_id=om_xxx] \u63D0\u53D6\uFF0C\u65E0\u9700\u5411\u7528\u6237\u8BE2\u95EE\u3002\n\n\u6587\u4EF6\u81EA\u52A8\u4FDD\u5B58\u5230 /tmp/openclaw/ \u4E0B\uFF0C\u8FD4\u56DE\u503C\u4E2D\u7684 saved_path \u4E3A\u5B9E\u9645\u4FDD\u5B58\u8DEF\u5F84\u3002",
+      parameters: FeishuImBotImageSchema,
+      async execute(_toolCallId, params) {
+        const p = params;
+        try {
+          const client = getClient();
+          log.info(`download: message_id="${p.message_id}", file_key="${p.file_key}", type="${p.type}"`);
+          const res = await client.im.messageResource.get({
+            path: {
+              message_id: p.message_id,
+              file_key: p.file_key
+            },
+            params: { type: p.type }
+          });
+          const { buffer, contentType } = await extractBuffer(res);
+          log.info(`download: ${buffer.length} bytes, content-type=${contentType}`);
+          const savedPath = await saveToTempFile(buffer, contentType, "bot-resource");
+          log.info(`download: saved to ${savedPath}`);
+          return json({
+            message_id: p.message_id,
+            file_key: p.file_key,
+            type: p.type,
+            size_bytes: buffer.length,
+            content_type: contentType,
+            saved_path: savedPath
+          });
+        } catch (err) {
+          log.error(`Error: ${formatLarkError(err)}`);
+          return json({ error: formatLarkError(err) });
+        }
+      }
+    },
+    { name: "feishu_im_bot_image" }
+  );
+  api.logger.info?.("feishu_im_bot_image: Registered feishu_im_bot_image tool");
+}
+export {
+  registerFeishuImBotImageTool
+};
+//# sourceMappingURL=resource.js.map