@larksuite/openclaw-lark 2026.3.15 → 2026.3.17-beta.0

package/bin/openclaw-lark.js

@@ -0,0 +1,48 @@
+#!/usr/bin/env node
+
+import { execFileSync } from "node:child_process";
+import { dirname, join } from "node:path";
+
+// --tools-version <ver> lets the user pin a specific version
+const args = process.argv.slice(2);
+let version = "latest";
+
+const vIdx = args.indexOf("--tools-version");
+if (vIdx !== -1) {
+  version = args[vIdx + 1];
+  // Remove --tools-version <ver> from forwarded args
+  args.splice(vIdx, 2);
+}
+
+const allArgs = ["--yes", `@larksuite/openclaw-lark-tools@${version}`, ...args];
+
+try {
+  if (process.platform === "win32") {
+    // On Windows, npx is a .cmd shim that can be broken or trigger
+    // DEP0190. Bypass it entirely: run node with the npx-cli.js
+    // script located next to the running node binary.
+    const npxCli = join(
+      dirname(process.execPath),
+      "node_modules",
+      "npm",
+      "bin",
+      "npx-cli.js",
+    );
+    execFileSync(process.execPath, [npxCli, ...allArgs], {
+      stdio: "inherit",
+      env: {
+        ...process.env,
+        NODE_OPTIONS: [
+          process.env.NODE_OPTIONS,
+          "--disable-warning=DEP0190",
+        ]
+          .filter(Boolean)
+          .join(" "),
+      },
+    });
+  } else {
+    execFileSync("npx", allArgs, { stdio: "inherit" });
+  }
+} catch (error) {
+  process.exit(error.status ?? 1);
+}

package/index.d.ts

@@ -30,7 +30,7 @@ declare const plugin: {
     id: string;
     name: string;
     description: string;
-    configSchema: any;
+    configSchema: import("openclaw/plugin-sdk").OpenClawPluginConfigSchema;
     register(api: OpenClawPluginApi): void;
 };
 export default plugin;

package/package.json

@@ -1,8 +1,11 @@
 {
   "name": "@larksuite/openclaw-lark",
-  "version": "2026.3.15",
+  "version": "2026.3.17-beta.0",
   "description": "OpenClaw Lark/Feishu channel plugin",
   "type": "module",
+  "bin": {
+    "openclaw-lark": "bin/openclaw-lark.js"
+  },
   "files": [
     "**/*"
   ],

package/src/commands/auth.js

@@ -13,7 +13,7 @@ import { getTicket } from '../core/lark-ticket';
 import { getLarkAccount } from '../core/accounts';
 import { LarkClient } from '../core/lark-client';
 import { getAppInfo, getAppGrantedScopes } from '../core/app-scope-checker';
-import { getStoredToken } from '../core/token-store';
+import { getStoredToken, tokenStatus } from '../core/token-store';
 import { filterSensitiveScopes } from '../core/tool-scopes';
 import { assertOwnerAccessStrict, OwnerAccessDeniedError } from '../core/owner-policy';
 import { openPlatformDomain } from '../core/domains';
@@ -124,7 +124,8 @@ async function executeFeishuAuth(config) {
         return { kind: 'no_user_scopes' };
     }
     const existing = await getStoredToken(appId, senderOpenId);
-    const grantedScopes = new Set(existing?.scope?.split(/\s+/).filter(Boolean) ?? []);
+    const tokenValid = existing && tokenStatus(existing) !== 'expired';
+    const grantedScopes = new Set(tokenValid ? (existing.scope?.split(/\s+/).filter(Boolean) ?? []) : []);
     const missingScopes = appScopes.filter((s) => !grantedScopes.has(s));
     if (missingScopes.length === 0) {
         return { kind: 'all_authorized', count: appScopes.length };

package/src/core/auth-errors.d.ts

@@ -18,22 +18,24 @@ export declare const LARK_ERROR: {
     /** access_token 无效 */
     readonly TOKEN_INVALID: 99991668;
     /** access_token 已过期 */
-    readonly TOKEN_EXPIRED: 99991669;
-    /** refresh_token 无效 */
-    readonly REFRESH_TOKEN_INVALID: 20003;
-    /** refresh_token 已过期 */
-    readonly REFRESH_TOKEN_EXPIRED: 20004;
-    /** refresh_token 缺失 */
-    readonly REFRESH_TOKEN_MISSING: 20024;
+    readonly TOKEN_EXPIRED: 99991677;
+    /** refresh_token 本身无效（格式非法或来自 v1 API） */
+    readonly REFRESH_TOKEN_INVALID: 20026;
+    /** refresh_token 已过期（超过 365 天） */
+    readonly REFRESH_TOKEN_EXPIRED: 20037;
     /** refresh_token 已被吊销 */
-    readonly REFRESH_TOKEN_REVOKED: 20063;
+    readonly REFRESH_TOKEN_REVOKED: 20064;
+    /** refresh_token 已被使用（单次消费，rotation 场景） */
+    readonly REFRESH_TOKEN_ALREADY_USED: 20073;
+    /** refresh token 端点服务端内部错误，可重试 */
+    readonly REFRESH_SERVER_ERROR: 20050;
     /** 消息已被撤回 */
     readonly MESSAGE_RECALLED: 230011;
     /** 消息已被删除 */
     readonly MESSAGE_DELETED: 231003;
 };
-/** 不可恢复的 refresh_token 错误码集合，遇到后需要重新授权。 */
-export declare const REFRESH_TOKEN_IRRECOVERABLE: ReadonlySet<number>;
+/** refresh token 端点可重试的错误码集合（服务端瞬时故障）。遇到后重试一次，仍失败则清 token。 */
+export declare const REFRESH_TOKEN_RETRYABLE: ReadonlySet<number>;
 /** 消息终止错误码集合（撤回/删除），遇到后应停止对该消息的后续操作。 */
 export declare const MESSAGE_TERMINAL_CODES: ReadonlySet<number>;
 /** access_token 失效相关的错误码集合，遇到后可尝试刷新重试。 */

package/src/core/auth-errors.js

@@ -22,26 +22,25 @@ export const LARK_ERROR = {
     /** access_token 无效 */
     TOKEN_INVALID: 99991668,
     /** access_token 已过期 */
-    TOKEN_EXPIRED: 99991669,
-    /** refresh_token 无效 */
-    REFRESH_TOKEN_INVALID: 20003,
-    /** refresh_token 已过期 */
-    REFRESH_TOKEN_EXPIRED: 20004,
-    /** refresh_token 缺失 */
-    REFRESH_TOKEN_MISSING: 20024,
+    TOKEN_EXPIRED: 99991677,
+    /** refresh_token 本身无效（格式非法或来自 v1 API） */
+    REFRESH_TOKEN_INVALID: 20026,
+    /** refresh_token 已过期（超过 365 天） */
+    REFRESH_TOKEN_EXPIRED: 20037,
     /** refresh_token 已被吊销 */
-    REFRESH_TOKEN_REVOKED: 20063,
+    REFRESH_TOKEN_REVOKED: 20064,
+    /** refresh_token 已被使用（单次消费，rotation 场景） */
+    REFRESH_TOKEN_ALREADY_USED: 20073,
+    /** refresh token 端点服务端内部错误，可重试 */
+    REFRESH_SERVER_ERROR: 20050,
     /** 消息已被撤回 */
     MESSAGE_RECALLED: 230011,
     /** 消息已被删除 */
     MESSAGE_DELETED: 231003,
 };
-/** 不可恢复的 refresh_token 错误码集合，遇到后需要重新授权。 */
-export const REFRESH_TOKEN_IRRECOVERABLE = new Set([
-    LARK_ERROR.REFRESH_TOKEN_INVALID,
-    LARK_ERROR.REFRESH_TOKEN_EXPIRED,
-    LARK_ERROR.REFRESH_TOKEN_MISSING,
-    LARK_ERROR.REFRESH_TOKEN_REVOKED,
+/** refresh token 端点可重试的错误码集合（服务端瞬时故障）。遇到后重试一次，仍失败则清 token。 */
+export const REFRESH_TOKEN_RETRYABLE = new Set([
+    LARK_ERROR.REFRESH_SERVER_ERROR,
 ]);
 /** 消息终止错误码集合（撤回/删除），遇到后应停止对该消息的后续操作。 */
 export const MESSAGE_TERMINAL_CODES = new Set([

package/src/core/config-schema.d.ts

@@ -9,10 +9,435 @@
  */
 import { z } from 'zod';
 export { z };
-export declare const UATConfigSchema: any;
-export declare const FeishuGroupSchema: any;
-export declare const FeishuAccountConfigSchema: any;
-export declare const FeishuConfigSchema: any;
+export declare const UATConfigSchema: z.ZodOptional<z.ZodObject<{
+    enabled: z.ZodOptional<z.ZodBoolean>;
+    allowedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    blockedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>>;
+export declare const FeishuGroupSchema: z.ZodObject<{
+    groupPolicy: z.ZodOptional<z.ZodEnum<{
+        allowlist: "allowlist";
+        open: "open";
+        disabled: "disabled";
+    }>>;
+    requireMention: z.ZodOptional<z.ZodBoolean>;
+    tools: z.ZodOptional<z.ZodObject<{
+        allow: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        deny: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+    skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    enabled: z.ZodOptional<z.ZodBoolean>;
+    allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+    systemPrompt: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const FeishuAccountConfigSchema: z.ZodObject<{
+    appId: z.ZodOptional<z.ZodString>;
+    appSecret: z.ZodOptional<z.ZodString>;
+    encryptKey: z.ZodOptional<z.ZodString>;
+    verificationToken: z.ZodOptional<z.ZodString>;
+    name: z.ZodOptional<z.ZodString>;
+    enabled: z.ZodOptional<z.ZodBoolean>;
+    domain: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"feishu">, z.ZodLiteral<"lark">, z.ZodString]>>;
+    connectionMode: z.ZodOptional<z.ZodEnum<{
+        websocket: "websocket";
+        webhook: "webhook";
+    }>>;
+    webhookPath: z.ZodOptional<z.ZodString>;
+    webhookPort: z.ZodOptional<z.ZodNumber>;
+    dmPolicy: z.ZodOptional<z.ZodEnum<{
+        allowlist: "allowlist";
+        open: "open";
+        pairing: "pairing";
+        disabled: "disabled";
+    }>>;
+    allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+    groupPolicy: z.ZodOptional<z.ZodEnum<{
+        allowlist: "allowlist";
+        open: "open";
+        disabled: "disabled";
+    }>>;
+    groupAllowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+    requireMention: z.ZodOptional<z.ZodBoolean>;
+    groups: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        groupPolicy: z.ZodOptional<z.ZodEnum<{
+            allowlist: "allowlist";
+            open: "open";
+            disabled: "disabled";
+        }>>;
+        requireMention: z.ZodOptional<z.ZodBoolean>;
+        tools: z.ZodOptional<z.ZodObject<{
+            allow: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            deny: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>;
+        skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+        systemPrompt: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    historyLimit: z.ZodOptional<z.ZodNumber>;
+    dmHistoryLimit: z.ZodOptional<z.ZodNumber>;
+    dms: z.ZodOptional<z.ZodObject<{
+        historyLimit: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    textChunkLimit: z.ZodOptional<z.ZodNumber>;
+    chunkMode: z.ZodOptional<z.ZodEnum<{
+        newline: "newline";
+        paragraph: "paragraph";
+        none: "none";
+    }>>;
+    blockStreamingCoalesce: z.ZodOptional<z.ZodObject<{
+        minChars: z.ZodOptional<z.ZodNumber>;
+        maxChars: z.ZodOptional<z.ZodNumber>;
+        idleMs: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    mediaMaxMb: z.ZodOptional<z.ZodNumber>;
+    heartbeat: z.ZodOptional<z.ZodObject<{
+        every: z.ZodOptional<z.ZodString>;
+        activeHours: z.ZodOptional<z.ZodObject<{
+            start: z.ZodOptional<z.ZodString>;
+            end: z.ZodOptional<z.ZodString>;
+            timezone: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        target: z.ZodOptional<z.ZodString>;
+        to: z.ZodOptional<z.ZodString>;
+        prompt: z.ZodOptional<z.ZodString>;
+        accountId: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    replyMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+        streaming: "streaming";
+        auto: "auto";
+        static: "static";
+    }>, z.ZodObject<{
+        default: z.ZodOptional<z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>>;
+        group: z.ZodOptional<z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>>;
+        direct: z.ZodOptional<z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>>;
+    }, z.core.$strip>]>>;
+    streaming: z.ZodOptional<z.ZodBoolean>;
+    blockStreaming: z.ZodOptional<z.ZodBoolean>;
+    tools: z.ZodOptional<z.ZodObject<{
+        doc: z.ZodOptional<z.ZodBoolean>;
+        wiki: z.ZodOptional<z.ZodBoolean>;
+        drive: z.ZodOptional<z.ZodBoolean>;
+        perm: z.ZodOptional<z.ZodBoolean>;
+        scopes: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    footer: z.ZodOptional<z.ZodObject<{
+        status: z.ZodOptional<z.ZodBoolean>;
+        elapsed: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    markdown: z.ZodOptional<z.ZodObject<{
+        tables: z.ZodOptional<z.ZodEnum<{
+            code: "code";
+            off: "off";
+            bullets: "bullets";
+        }>>;
+    }, z.core.$strip>>;
+    configWrites: z.ZodOptional<z.ZodBoolean>;
+    capabilities: z.ZodOptional<z.ZodObject<{
+        image: z.ZodOptional<z.ZodBoolean>;
+        audio: z.ZodOptional<z.ZodBoolean>;
+        video: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    dedup: z.ZodOptional<z.ZodObject<{
+        ttlMs: z.ZodOptional<z.ZodNumber>;
+        maxEntries: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    reactionNotifications: z.ZodOptional<z.ZodEnum<{
+        all: "all";
+        off: "off";
+        own: "own";
+    }>>;
+    threadSession: z.ZodOptional<z.ZodBoolean>;
+    uat: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        allowedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        blockedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export declare const FeishuConfigSchema: z.ZodObject<{
+    appId: z.ZodOptional<z.ZodString>;
+    appSecret: z.ZodOptional<z.ZodString>;
+    encryptKey: z.ZodOptional<z.ZodString>;
+    verificationToken: z.ZodOptional<z.ZodString>;
+    name: z.ZodOptional<z.ZodString>;
+    enabled: z.ZodOptional<z.ZodBoolean>;
+    domain: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"feishu">, z.ZodLiteral<"lark">, z.ZodString]>>;
+    connectionMode: z.ZodOptional<z.ZodEnum<{
+        websocket: "websocket";
+        webhook: "webhook";
+    }>>;
+    webhookPath: z.ZodOptional<z.ZodString>;
+    webhookPort: z.ZodOptional<z.ZodNumber>;
+    dmPolicy: z.ZodOptional<z.ZodEnum<{
+        allowlist: "allowlist";
+        open: "open";
+        pairing: "pairing";
+        disabled: "disabled";
+    }>>;
+    allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+    groupPolicy: z.ZodOptional<z.ZodEnum<{
+        allowlist: "allowlist";
+        open: "open";
+        disabled: "disabled";
+    }>>;
+    groupAllowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+    requireMention: z.ZodOptional<z.ZodBoolean>;
+    groups: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        groupPolicy: z.ZodOptional<z.ZodEnum<{
+            allowlist: "allowlist";
+            open: "open";
+            disabled: "disabled";
+        }>>;
+        requireMention: z.ZodOptional<z.ZodBoolean>;
+        tools: z.ZodOptional<z.ZodObject<{
+            allow: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            deny: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>;
+        skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+        systemPrompt: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    historyLimit: z.ZodOptional<z.ZodNumber>;
+    dmHistoryLimit: z.ZodOptional<z.ZodNumber>;
+    dms: z.ZodOptional<z.ZodObject<{
+        historyLimit: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    textChunkLimit: z.ZodOptional<z.ZodNumber>;
+    chunkMode: z.ZodOptional<z.ZodEnum<{
+        newline: "newline";
+        paragraph: "paragraph";
+        none: "none";
+    }>>;
+    blockStreamingCoalesce: z.ZodOptional<z.ZodObject<{
+        minChars: z.ZodOptional<z.ZodNumber>;
+        maxChars: z.ZodOptional<z.ZodNumber>;
+        idleMs: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    mediaMaxMb: z.ZodOptional<z.ZodNumber>;
+    heartbeat: z.ZodOptional<z.ZodObject<{
+        every: z.ZodOptional<z.ZodString>;
+        activeHours: z.ZodOptional<z.ZodObject<{
+            start: z.ZodOptional<z.ZodString>;
+            end: z.ZodOptional<z.ZodString>;
+            timezone: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        target: z.ZodOptional<z.ZodString>;
+        to: z.ZodOptional<z.ZodString>;
+        prompt: z.ZodOptional<z.ZodString>;
+        accountId: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    replyMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+        streaming: "streaming";
+        auto: "auto";
+        static: "static";
+    }>, z.ZodObject<{
+        default: z.ZodOptional<z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>>;
+        group: z.ZodOptional<z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>>;
+        direct: z.ZodOptional<z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>>;
+    }, z.core.$strip>]>>;
+    streaming: z.ZodOptional<z.ZodBoolean>;
+    blockStreaming: z.ZodOptional<z.ZodBoolean>;
+    tools: z.ZodOptional<z.ZodObject<{
+        doc: z.ZodOptional<z.ZodBoolean>;
+        wiki: z.ZodOptional<z.ZodBoolean>;
+        drive: z.ZodOptional<z.ZodBoolean>;
+        perm: z.ZodOptional<z.ZodBoolean>;
+        scopes: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    footer: z.ZodOptional<z.ZodObject<{
+        status: z.ZodOptional<z.ZodBoolean>;
+        elapsed: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    markdown: z.ZodOptional<z.ZodObject<{
+        tables: z.ZodOptional<z.ZodEnum<{
+            code: "code";
+            off: "off";
+            bullets: "bullets";
+        }>>;
+    }, z.core.$strip>>;
+    configWrites: z.ZodOptional<z.ZodBoolean>;
+    capabilities: z.ZodOptional<z.ZodObject<{
+        image: z.ZodOptional<z.ZodBoolean>;
+        audio: z.ZodOptional<z.ZodBoolean>;
+        video: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    dedup: z.ZodOptional<z.ZodObject<{
+        ttlMs: z.ZodOptional<z.ZodNumber>;
+        maxEntries: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    reactionNotifications: z.ZodOptional<z.ZodEnum<{
+        all: "all";
+        off: "off";
+        own: "own";
+    }>>;
+    threadSession: z.ZodOptional<z.ZodBoolean>;
+    uat: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        allowedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        blockedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+    accounts: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+        appId: z.ZodOptional<z.ZodString>;
+        appSecret: z.ZodOptional<z.ZodString>;
+        encryptKey: z.ZodOptional<z.ZodString>;
+        verificationToken: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        domain: z.ZodOptional<z.ZodUnion<readonly [z.ZodLiteral<"feishu">, z.ZodLiteral<"lark">, z.ZodString]>>;
+        connectionMode: z.ZodOptional<z.ZodEnum<{
+            websocket: "websocket";
+            webhook: "webhook";
+        }>>;
+        webhookPath: z.ZodOptional<z.ZodString>;
+        webhookPort: z.ZodOptional<z.ZodNumber>;
+        dmPolicy: z.ZodOptional<z.ZodEnum<{
+            allowlist: "allowlist";
+            open: "open";
+            pairing: "pairing";
+            disabled: "disabled";
+        }>>;
+        allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+        groupPolicy: z.ZodOptional<z.ZodEnum<{
+            allowlist: "allowlist";
+            open: "open";
+            disabled: "disabled";
+        }>>;
+        groupAllowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+        requireMention: z.ZodOptional<z.ZodBoolean>;
+        groups: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
+            groupPolicy: z.ZodOptional<z.ZodEnum<{
+                allowlist: "allowlist";
+                open: "open";
+                disabled: "disabled";
+            }>>;
+            requireMention: z.ZodOptional<z.ZodBoolean>;
+            tools: z.ZodOptional<z.ZodObject<{
+                allow: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                deny: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            }, z.core.$strip>>;
+            skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            enabled: z.ZodOptional<z.ZodBoolean>;
+            allowFrom: z.ZodPipe<z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>, z.ZodTransform<string[] | undefined, string | string[] | undefined>>;
+            systemPrompt: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        historyLimit: z.ZodOptional<z.ZodNumber>;
+        dmHistoryLimit: z.ZodOptional<z.ZodNumber>;
+        dms: z.ZodOptional<z.ZodObject<{
+            historyLimit: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        textChunkLimit: z.ZodOptional<z.ZodNumber>;
+        chunkMode: z.ZodOptional<z.ZodEnum<{
+            newline: "newline";
+            paragraph: "paragraph";
+            none: "none";
+        }>>;
+        blockStreamingCoalesce: z.ZodOptional<z.ZodObject<{
+            minChars: z.ZodOptional<z.ZodNumber>;
+            maxChars: z.ZodOptional<z.ZodNumber>;
+            idleMs: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        mediaMaxMb: z.ZodOptional<z.ZodNumber>;
+        heartbeat: z.ZodOptional<z.ZodObject<{
+            every: z.ZodOptional<z.ZodString>;
+            activeHours: z.ZodOptional<z.ZodObject<{
+                start: z.ZodOptional<z.ZodString>;
+                end: z.ZodOptional<z.ZodString>;
+                timezone: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            target: z.ZodOptional<z.ZodString>;
+            to: z.ZodOptional<z.ZodString>;
+            prompt: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        replyMode: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            streaming: "streaming";
+            auto: "auto";
+            static: "static";
+        }>, z.ZodObject<{
+            default: z.ZodOptional<z.ZodEnum<{
+                streaming: "streaming";
+                auto: "auto";
+                static: "static";
+            }>>;
+            group: z.ZodOptional<z.ZodEnum<{
+                streaming: "streaming";
+                auto: "auto";
+                static: "static";
+            }>>;
+            direct: z.ZodOptional<z.ZodEnum<{
+                streaming: "streaming";
+                auto: "auto";
+                static: "static";
+            }>>;
+        }, z.core.$strip>]>>;
+        streaming: z.ZodOptional<z.ZodBoolean>;
+        blockStreaming: z.ZodOptional<z.ZodBoolean>;
+        tools: z.ZodOptional<z.ZodObject<{
+            doc: z.ZodOptional<z.ZodBoolean>;
+            wiki: z.ZodOptional<z.ZodBoolean>;
+            drive: z.ZodOptional<z.ZodBoolean>;
+            perm: z.ZodOptional<z.ZodBoolean>;
+            scopes: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strip>>;
+        footer: z.ZodOptional<z.ZodObject<{
+            status: z.ZodOptional<z.ZodBoolean>;
+            elapsed: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strip>>;
+        markdown: z.ZodOptional<z.ZodObject<{
+            tables: z.ZodOptional<z.ZodEnum<{
+                code: "code";
+                off: "off";
+                bullets: "bullets";
+            }>>;
+        }, z.core.$strip>>;
+        configWrites: z.ZodOptional<z.ZodBoolean>;
+        capabilities: z.ZodOptional<z.ZodObject<{
+            image: z.ZodOptional<z.ZodBoolean>;
+            audio: z.ZodOptional<z.ZodBoolean>;
+            video: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strip>>;
+        dedup: z.ZodOptional<z.ZodObject<{
+            ttlMs: z.ZodOptional<z.ZodNumber>;
+            maxEntries: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        reactionNotifications: z.ZodOptional<z.ZodEnum<{
+            all: "all";
+            off: "off";
+            own: "own";
+        }>>;
+        threadSession: z.ZodOptional<z.ZodBoolean>;
+        uat: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodOptional<z.ZodBoolean>;
+            allowedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            blockedScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
 /**
  * JSON Schema derived from FeishuConfigSchema.
  *

package/src/core/tool-scopes.d.ts

@@ -53,7 +53,7 @@
  *
  * 总计：98 个工具动作
  */
-export type ToolActionKey = 'feishu_bitable_app.copy' | 'feishu_bitable_app.create' | 'feishu_bitable_app.get' | 'feishu_bitable_app.list' | 'feishu_bitable_app.patch' | 'feishu_bitable_app_table.batch_create' | 'feishu_bitable_app_table.batch_delete' | 'feishu_bitable_app_table.create' | 'feishu_bitable_app_table.delete' | 'feishu_bitable_app_table.list' | 'feishu_bitable_app_table.patch' | 'feishu_bitable_app_table_field.create' | 'feishu_bitable_app_table_field.delete' | 'feishu_bitable_app_table_field.list' | 'feishu_bitable_app_table_field.update' | 'feishu_bitable_app_table_record.batch_create' | 'feishu_bitable_app_table_record.batch_delete' | 'feishu_bitable_app_table_record.batch_update' | 'feishu_bitable_app_table_record.create' | 'feishu_bitable_app_table_record.delete' | 'feishu_bitable_app_table_record.list' | 'feishu_bitable_app_table_record.update' | 'feishu_bitable_app_table_view.create' | 'feishu_bitable_app_table_view.delete' | 'feishu_bitable_app_table_view.get' | 'feishu_bitable_app_table_view.list' | 'feishu_bitable_app_table_view.patch' | 'feishu_calendar_calendar.get' | 'feishu_calendar_calendar.list' | 'feishu_calendar_calendar.primary' | 'feishu_calendar_event.create' | 'feishu_calendar_event.delete' | 'feishu_calendar_event.get' | 'feishu_calendar_event.instance_view' | 'feishu_calendar_event.instances' | 'feishu_calendar_event.list' | 'feishu_calendar_event.patch' | 'feishu_calendar_event.reply' | 'feishu_calendar_event.search' | 'feishu_calendar_event_attendee.batch_delete' | 'feishu_calendar_event_attendee.create' | 'feishu_calendar_event_attendee.list' | 'feishu_calendar_freebusy.list' | 'feishu_chat.get' | 'feishu_chat.search' | 'feishu_chat_members.default' | 'feishu_create_doc.default' | 'feishu_doc_comments.create' | 'feishu_doc_comments.list' | 'feishu_doc_comments.patch' | 'feishu_doc_media.download' | 'feishu_doc_media.insert' | 'feishu_drive_file.copy' | 'feishu_drive_file.delete' | 'feishu_drive_file.download' | 'feishu_drive_file.get_meta' | 'feishu_drive_file.list' | 'feishu_drive_file.move' | 'feishu_drive_file.upload' | 'feishu_fetch_doc.default' | 'feishu_get_user.default' | 'feishu_im_user_fetch_resource.default' | 'feishu_im_user_get_messages.default' | 'feishu_im_user_message.reply' | 'feishu_im_user_message.send' | 'feishu_im_user_search_messages.default' | 'feishu_search_doc_wiki.search' | 'feishu_search_user.default' | 'feishu_task_comment.create' | 'feishu_task_comment.get' | 'feishu_task_comment.list' | 'feishu_task_subtask.create' | 'feishu_task_subtask.list' | 'feishu_task_task.create' | 'feishu_task_task.get' | 'feishu_task_task.list' | 'feishu_task_task.patch' | 'feishu_task_tasklist.add_members' | 'feishu_task_tasklist.create' | 'feishu_task_tasklist.delete' | 'feishu_task_tasklist.get' | 'feishu_task_tasklist.list' | 'feishu_task_tasklist.patch' | 'feishu_task_tasklist.remove_members' | 'feishu_task_tasklist.tasks' | 'feishu_update_doc.default' | 'feishu_wiki_space.create' | 'feishu_wiki_space.get' | 'feishu_wiki_space.list' | 'feishu_wiki_space_node.copy' | 'feishu_wiki_space_node.create' | 'feishu_wiki_space_node.get' | 'feishu_wiki_space_node.list' | 'feishu_wiki_space_node.move' | 'feishu_sheet.info' | 'feishu_sheet.read' | 'feishu_sheet.write' | 'feishu_sheet.append' | 'feishu_sheet.find' | 'feishu_sheet.create' | 'feishu_sheet.export';
+export type ToolActionKey = 'feishu_bitable_app.copy' | 'feishu_bitable_app.create' | 'feishu_bitable_app.get' | 'feishu_bitable_app.list' | 'feishu_bitable_app.patch' | 'feishu_bitable_app_table.batch_create' | 'feishu_bitable_app_table.batch_delete' | 'feishu_bitable_app_table.create' | 'feishu_bitable_app_table.delete' | 'feishu_bitable_app_table.list' | 'feishu_bitable_app_table.patch' | 'feishu_bitable_app_table_field.create' | 'feishu_bitable_app_table_field.delete' | 'feishu_bitable_app_table_field.list' | 'feishu_bitable_app_table_field.update' | 'feishu_bitable_app_table_record.batch_create' | 'feishu_bitable_app_table_record.batch_delete' | 'feishu_bitable_app_table_record.batch_update' | 'feishu_bitable_app_table_record.create' | 'feishu_bitable_app_table_record.delete' | 'feishu_bitable_app_table_record.list' | 'feishu_bitable_app_table_record.update' | 'feishu_bitable_app_table_view.create' | 'feishu_bitable_app_table_view.delete' | 'feishu_bitable_app_table_view.get' | 'feishu_bitable_app_table_view.list' | 'feishu_bitable_app_table_view.patch' | 'feishu_calendar_calendar.get' | 'feishu_calendar_calendar.list' | 'feishu_calendar_calendar.primary' | 'feishu_calendar_event.create' | 'feishu_calendar_event.delete' | 'feishu_calendar_event.get' | 'feishu_calendar_event.instance_view' | 'feishu_calendar_event.instances' | 'feishu_calendar_event.list' | 'feishu_calendar_event.patch' | 'feishu_calendar_event.reply' | 'feishu_calendar_event.search' | 'feishu_calendar_event_attendee.batch_delete' | 'feishu_calendar_event_attendee.create' | 'feishu_calendar_event_attendee.list' | 'feishu_calendar_freebusy.list' | 'feishu_chat.get' | 'feishu_chat.search' | 'feishu_chat_members.default' | 'feishu_create_doc.default' | 'feishu_doc_comments.create' | 'feishu_doc_comments.list' | 'feishu_doc_comments.patch' | 'feishu_doc_media.download' | 'feishu_doc_media.insert' | 'feishu_drive_file.copy' | 'feishu_drive_file.delete' | 'feishu_drive_file.download' | 'feishu_drive_file.get_meta' | 'feishu_drive_file.list' | 'feishu_drive_file.move' | 'feishu_drive_file.upload' | 'feishu_fetch_doc.default' | 'feishu_get_user.basic_batch' | 'feishu_get_user.default' | 'feishu_im_user_fetch_resource.default' | 'feishu_im_user_get_messages.default' | 'feishu_im_user_message.reply' | 'feishu_im_user_message.send' | 'feishu_im_user_search_messages.default' | 'feishu_search_doc_wiki.search' | 'feishu_search_user.default' | 'feishu_task_comment.create' | 'feishu_task_comment.get' | 'feishu_task_comment.list' | 'feishu_task_subtask.create' | 'feishu_task_subtask.list' | 'feishu_task_task.create' | 'feishu_task_task.get' | 'feishu_task_task.list' | 'feishu_task_task.patch' | 'feishu_task_tasklist.add_members' | 'feishu_task_tasklist.create' | 'feishu_task_tasklist.delete' | 'feishu_task_tasklist.get' | 'feishu_task_tasklist.list' | 'feishu_task_tasklist.patch' | 'feishu_task_tasklist.remove_members' | 'feishu_task_tasklist.tasks' | 'feishu_update_doc.default' | 'feishu_wiki_space.create' | 'feishu_wiki_space.get' | 'feishu_wiki_space.list' | 'feishu_wiki_space_node.copy' | 'feishu_wiki_space_node.create' | 'feishu_wiki_space_node.get' | 'feishu_wiki_space_node.list' | 'feishu_wiki_space_node.move' | 'feishu_sheet.info' | 'feishu_sheet.read' | 'feishu_sheet.write' | 'feishu_sheet.append' | 'feishu_sheet.find' | 'feishu_sheet.create' | 'feishu_sheet.export';
 /**
  * Tool Scope 映射类型
  *
@@ -146,8 +146,8 @@ export type SensitiveScope = (typeof SENSITIVE_SCOPES)[number];
  */
 export declare function filterSensitiveScopes(scopes: string[]): string[];
 /**
- * 工具动作总数: 98
- * 唯一 scope 总数: 66
+ * 工具动作总数: 99
+ * 唯一 scope 总数: 67
  * 必需应用权限总数: 20
  * 高敏感权限总数: 1
  */

package/src/core/tool-scopes.js

@@ -173,6 +173,7 @@ export const TOOL_SCOPES = {
         'search:message',
     ],
     'feishu_search_doc_wiki.search': ['search:docs:read'],
+    'feishu_get_user.basic_batch': ['contact:user.basic_profile:readonly'],
     'feishu_get_user.default': ['contact:contact.base:readonly', 'contact:user.base:readonly'],
     'feishu_search_user.default': ['contact:user:search'],
     'feishu_create_doc.default': [
@@ -319,8 +320,8 @@ export function filterSensitiveScopes(scopes) {
 }
 // ===== 统计信息 =====
 /**
- * 工具动作总数: 98
- * 唯一 scope 总数: 66
+ * 工具动作总数: 99
+ * 唯一 scope 总数: 67
  * 必需应用权限总数: 20
  * 高敏感权限总数: 1
  */

package/src/core/uat-client.js

@@ -14,7 +14,7 @@ import { resolveOAuthEndpoints } from './device-flow';
 import { larkLogger } from './lark-logger';
 const log = larkLogger('core/uat-client');
 import { feishuFetch } from './feishu-fetch';
-import { REFRESH_TOKEN_IRRECOVERABLE, TOKEN_RETRY_CODES, NeedAuthorizationError } from './auth-errors';
+import { REFRESH_TOKEN_RETRYABLE, TOKEN_RETRY_CODES, NeedAuthorizationError } from './auth-errors';
 // Re-export for backward compatibility
 export { NeedAuthorizationError };
 // ---------------------------------------------------------------------------
@@ -39,31 +39,46 @@ async function doRefreshToken(opts, stored) {
         return null;
     }
     const endpoints = resolveOAuthEndpoints(opts.domain);
-    const resp = await feishuFetch(endpoints.token, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-        body: new URLSearchParams({
-            grant_type: 'refresh_token',
-            refresh_token: stored.refreshToken,
-            client_id: opts.appId,
-            client_secret: opts.appSecret,
-        }).toString(),
-    });
-    const data = (await resp.json());
+    const requestBody = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: stored.refreshToken,
+        client_id: opts.appId,
+        client_secret: opts.appSecret,
+    }).toString();
+    const callEndpoint = async () => {
+        const resp = await feishuFetch(endpoints.token, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: requestBody,
+        });
+        return (await resp.json());
+    };
+    let data = await callEndpoint();
     // Feishu v2 token endpoint returns `code: 0` on success.
     // Some responses use `error` field instead (standard OAuth).
     const code = data.code;
     const error = data.error;
     if ((code !== undefined && code !== 0) || error) {
         const errCode = code ?? error;
-        const errMsg = data.error_description ?? data.msg ?? 'unknown';
-        // Known irrecoverable codes: invalid/expired/missing refresh_token
-        if (REFRESH_TOKEN_IRRECOVERABLE.has(code)) {
+        // Transient server error: retry once, then clear.
+        if (REFRESH_TOKEN_RETRYABLE.has(code)) {
+            log.warn(`refresh transient error (code=${errCode}) for ${opts.userOpenId}, retrying once`);
+            data = await callEndpoint();
+            const retryCode = data.code;
+            const retryError = data.error;
+            if ((retryCode !== undefined && retryCode !== 0) || retryError) {
+                const retryErrCode = retryCode ?? retryError;
+                log.warn(`refresh failed after retry (code=${retryErrCode}), clearing token for ${opts.userOpenId}`);
+                await removeStoredToken(opts.appId, opts.userOpenId);
+                return null;
+            }
+        }
+        else {
+            // Any other error (invalid/expired/revoked token, or unknown): clear and force re-auth.
             log.warn(`refresh failed (code=${errCode}), clearing token for ${opts.userOpenId}`);
             await removeStoredToken(opts.appId, opts.userOpenId);
             return null;
         }
-        throw new Error(`Token refresh failed (code=${errCode}): ${errMsg}`);
     }
     if (!data.access_token) {
         throw new Error('Token refresh returned no access_token');

package/src/messaging/inbound/reaction-handler.js

@@ -75,11 +75,12 @@ export async function resolveReactionContext(params) {
         log(`feishu[${accountId}]: reacted message ${messageId} not found or timed out, skipping`);
         return null;
     }
-    // The mget API returns app_id (cli_xxx) as sender.id for bot messages,
-    // not the bot's open_id (ou_xxx). Match against the account's appId.
+    // mget API returns app_id (cli_xxx) as sender.id for bot messages.
     const isBotMessage = msg.senderType === 'app' && msg.senderId === account.appId;
-    if (reactionMode === 'own' && !isBotMessage) {
-        log(`feishu[${accountId}]: reaction on non-bot message ${messageId}, skipping (senderId=${msg.senderId}, senderType=${msg.senderType}, botOpenId=${botOpenId}, appId=${account.appId})`);
+    const isOtherBotMessage = msg.senderType === 'app' && account.appId && msg.senderId !== account.appId;
+    // 'own': only react to this bot's messages; 'all': also skip other bots' messages.
+    if ((reactionMode === 'own' && !isBotMessage) || (reactionMode === 'all' && isOtherBotMessage)) {
+        log(`feishu[${accountId}]: reaction on ${isOtherBotMessage ? 'other bot' : 'non-bot'} message ${messageId}, skipping`);
         return null;
     }
     // ---- Resolve effective chatId ----

package/src/tools/oapi/helpers.d.ts

@@ -179,4 +179,4 @@ import type { SchemaOptions } from '@sinclair/typebox';
  * 本函数生成 `{ type: 'string', enum: ['a', 'b'] }` 格式，
  * 兼容性更好。
  */
-export declare function StringEnum<T extends string>(values: T[], options?: SchemaOptions): any;
+export declare function StringEnum<T extends string>(values: T[], options?: SchemaOptions): import("@sinclair/typebox").TUnsafe<T>;

package/src/tools/oapi/im/message-read.js

@@ -140,7 +140,7 @@ function registerGetMessages(api) {
                     as: 'user',
                 });
                 assertLarkOk(res);
-                return formatAndReturn(res, config, log, client);
+                return await formatAndReturn(res, config, log, client);
             }
             catch (err) {
                 return await handleInvokeErrorWithAutoAuth(err, config);
@@ -192,7 +192,7 @@ function registerGetThreadMessages(api) {
                     as: 'user',
                 });
                 assertLarkOk(res);
-                return formatAndReturn(res, config, log, client);
+                return await formatAndReturn(res, config, log, client);
             }
             catch (err) {
                 return await handleInvokeErrorWithAutoAuth(err, config);

package/src/tools/oapi/im/user-name-uat.d.ts

@@ -10,6 +10,9 @@
  * 设计动机：TAT 调用 contact/v3/users/batch 缺少权限导致返回的用户
  * 条目不含 name 字段，而工具层搜索消息等场景运行在 UAT 上下文中，
  * 用户 token 可以读取其他用户的名称。
+ *
+ * 底层使用 contact/v3/users/basic_batch 接口（scope: contact:user.basic_profile:readonly），
+ * 每次最多查询 10 个用户。
  */
 import type { ToolClient } from '../../../core/tool-client';
 /** 从 UAT 缓存中获取用户名 */

package/src/tools/oapi/im/user-name-uat.js

@@ -11,6 +11,9 @@
  * 设计动机：TAT 调用 contact/v3/users/batch 缺少权限导致返回的用户
  * 条目不含 name 字段，而工具层搜索消息等场景运行在 UAT 上下文中，
  * 用户 token 可以读取其他用户的名称。
+ *
+ * 底层使用 contact/v3/users/basic_batch 接口（scope: contact:user.basic_profile:readonly），
+ * 每次最多查询 10 个用户。
  */
 import { isInvokeError } from '../helpers';
 // ---------------------------------------------------------------------------
@@ -64,7 +67,7 @@ export function setUATUserNames(accountId, entries) {
 // ---------------------------------------------------------------------------
 // 以 UAT 身份批量解析用户名
 // ---------------------------------------------------------------------------
-const BATCH_SIZE = 50;
+const BATCH_SIZE = 10; // basic_batch API 限制每次最多 10 个
 export async function batchResolveUserNamesAsUser(params) {
     const { client, openIds, log } = params;
     if (openIds.length === 0)
@@ -90,31 +93,41 @@ export async function batchResolveUserNamesAsUser(params) {
     const uniqueMissing = [...new Set(missing)];
     if (uniqueMissing.length === 0)
         return result;
-    // 2. 分批通过 SDK 调用 contact/v3/users/batch（UAT）
+    // 2. 分批通过 SDK 调用 contact/v3/users/basic_batch（UAT）
+    const totalBatches = Math.ceil(uniqueMissing.length / BATCH_SIZE);
+    log(`batchResolveUserNamesAsUser: resolving ${uniqueMissing.length} user(s) in ${totalBatches} batch(es), ${result.size} cache hit(s)`);
     for (let i = 0; i < uniqueMissing.length; i += BATCH_SIZE) {
         const chunk = uniqueMissing.slice(i, i + BATCH_SIZE);
+        const batchIndex = Math.floor(i / BATCH_SIZE) + 1;
         try {
             // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            const res = await client.invoke('feishu_get_user.default', // 注：实际调用 batch API，共享 get_user 的 scope
-            (sdk, opts) => sdk.contact.user.batch({
-                params: {
-                    user_ids: chunk,
-                    user_id_type: 'open_id',
-                },
+            const res = await client.invoke('feishu_get_user.basic_batch', (sdk, opts) => sdk.request({
+                method: 'POST',
+                url: '/open-apis/contact/v3/users/basic_batch',
+                data: { user_ids: chunk },
+                params: { user_id_type: 'open_id' },
             }, opts), {
                 as: 'user',
             });
             // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            const items = res?.data?.items ?? [];
-            for (const item of items) {
-                const openId = item.open_id;
-                const name = item.name || item.display_name || item.nickname || item.en_name;
+            const users = res?.data?.users ?? [];
+            let resolved = 0;
+            for (const user of users) {
+                const openId = user.user_id;
+                // 实际返回 name 为字符串，兼容文档中 name.value 的对象结构
+                const rawName = user.name;
+                const name = typeof rawName === 'string' ? rawName : rawName?.value;
                 if (openId && name) {
                     cache.delete(openId);
                     cache.set(openId, { name, expireAt: Date.now() + UAT_TTL_MS });
                     result.set(openId, name);
+                    resolved++;
                 }
             }
+            const unresolvedCount = chunk.length - resolved;
+            if (unresolvedCount > 0) {
+                log(`batchResolveUserNamesAsUser: batch ${batchIndex}/${totalBatches}: ${resolved} resolved, ${unresolvedCount} missing name`);
+            }
         }
         catch (err) {
             // 授权/权限错误向上冒泡，由上层 handleInvokeErrorWithAutoAuth 处理自动授权

package/src/tools/oauth.js

@@ -41,13 +41,12 @@ const FeishuOAuthSchema = Type.Object({
         // Type.Literal("authorize"),  // 已由 auto-auth 自动处理，不再对外暴露
         Type.Literal('revoke'),
     ], {
-        description: 'revoke: 撤销当前用户的授权',
+        description: 'revoke: 撤销当前用户已保存的授权凭据',
     }),
 }, {
-    description: '飞书用户授权管理工具。' +
-        '【注意】授权流程由系统自动发起，不要主动调用此工具触发授权！' +
-        '此工具仅用于撤销授权（revoke）。' +
-        '不需要传入 user_open_id，系统自动识别当前用户。',
+    description: '飞书用户撤销授权工具。' +
+        '仅在用户明确说"撤销授权"、"取消授权"、"退出登录"、"清除授权"时调用。' +
+        '【严禁调用场景】用户说"重新授权"、"发起授权"、"重新发起"、"授权失败"、"授权过期"时，绝对不要调用此工具，授权流程由系统自动处理。',
 });
 const pendingFlows = new Map();
 // ---------------------------------------------------------------------------
@@ -96,11 +95,10 @@ export function registerFeishuOAuthTool(api) {
     registerTool(api, {
         name: 'feishu_oauth',
         label: 'Feishu OAuth',
-        description: '飞书用户授权（OAuth）管理工具。' +
-            '【注意】授权流程由系统自动发起，不要主动调用此工具触发授权！' +
-            '此工具仅用于 revoke（撤销当前用户的授权）。' +
-            '不需要传入 user_open_id，系统自动从消息上下文获取当前用户。' +
-            '【Token 过期处理】当返回 token_expired 错误时，调用 revoke 撤销后，系统会自动重新发起授权流程。',
+        description: '飞书用户撤销授权工具。' +
+            '仅在用户明确说"撤销授权"、"取消授权"、"退出登录"、"清除授权"时调用 revoke。' +
+            '【严禁调用场景】用户说"重新授权"、"发起授权"、"重新发起"、"授权失败"、"授权过期"时，绝对不要调用此工具，授权流程由系统自动处理，无需人工干预。' +
+            '不需要传入 user_open_id，系统自动从消息上下文获取当前用户。',
         parameters: FeishuOAuthSchema,
         async execute(_toolCallId, params) {
             const p = params;