npm - @modelzen/feishu-codex-bridge - Versions diffs - 0.1.0 → 0.1.2 - Mend

@modelzen/feishu-codex-bridge 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -32,33 +32,17 @@
 ---
-## ⚠️ 安全须知（务必先读）
-本机器人调用 Codex 时固定使用 **`approvalPolicy: "never"` + `sandbox: "danger-full-access"`** —— 即 **无任何人工审批、对磁盘完全访问**。这意味着：
-> **任何能在项目群里给机器人发消息的人，都能在你这台机器上、以你的身份、在该项目目录里执行任意命令（读写文件、联网、运行脚本）。**
-因此：
-- 只把**你信任的人**拉进项目群；
-- 在**你自己掌控的机器/账号**上运行，最好是隔离的开发机或容器；
-- 绑定的项目目录里不要放你不愿被读写的敏感数据；
-- 它不是多租户托管服务，是给你（和你信任的小团队）自用的桥。
----
 ## 📦 前置条件
 | 依赖 | 说明 | 获取方式 |
 |------|------|----------|
 | **Node.js ≥ 20** | 运行时 | <https://nodejs.org> 或 `nvm install 20` |
-| **Codex CLI** | 后端，bridge 会 spawn `codex app-server` | `npm i -g @openai/codex`，或安装 Codex.app，或用环境变量 `CODEX_BIN` 指向已有二进制 |
-| **Codex 已登录** | app-server 需要 `~/.codex/auth.json` | 运行 `codex login` |
-| **飞书 / Lark 账号** | 且该租户允许「扫码创建应用」（个人/开发者租户一般可以；部分企业租户由管理员限制） | 首次 `run` 时扫码即可创建 |
-| **lark-cli**（可选，但用「文档评论回复」**强烈建议装**） | 仅「文档评论回复」用到：要回答「总结本文 / 这段写得对吗」这类**需要读文档正文**的问题时，Codex 靠 `lark-cli` 去读文档（回复本身由桥用 SDK 以机器人身份发，不依赖它）。不装也能跑，但机器人只能凭评论里给到的上下文作答，读不到正文。 | 安装并 `lark-cli auth login` 登录（与本机 lark-* 技能同款的那个 lark-cli），确保 Codex 能在 PATH 上直接调用 |
+| **Codex CLI** | 后端，bridge 会 spawn `codex app-server` | `npm i -g @openai/codex`，或装 Codex.app，或用 `CODEX_BIN` 指向已有二进制 |
+| **Codex 已登录** | app-server 需要 `~/.codex/auth.json` | `codex login` |
+| **飞书 / Lark 账号** | 租户需允许「扫码创建应用」（个人/开发者租户一般可以） | 首次 `run` 时扫码创建 |
+| **lark-cli**（可选） | 仅「文档评论回复」需读文档正文时用到；不装也能跑，只是读不到正文 | `lark-cli auth login`，确保在 PATH 上 |
-> 机器人**收发消息、回卡片、发评论回复**全部走 `@larksuiteoapi/node-sdk` 长连接，核心功能**不依赖** `lark-cli`。`lark-cli` 只是「文档评论回复」里让 Codex **读文档正文**的途径——见上表。
-> ⚠️ `lark-cli` 以**你的用户身份**登录，所以 Codex 只应用它来**读**；prompt 已明确禁止 Codex 用它发评论（否则评论会署成你本人，而不是机器人）。
+> 收发消息、回卡片、发评论回复均走 `@larksuiteoapi/node-sdk` 长连接，**不依赖** `lark-cli`。⚠️ `lark-cli` 以**你的身份**登录，仅供 Codex **读**文档；prompt 已禁止用它发评论（否则评论会署你本人）。
 ---
@@ -239,6 +223,21 @@ src/
 ---
+## ⚠️ 安全须知
+本机器人调用 Codex 时固定使用 **`approvalPolicy: "never"` + `sandbox: "danger-full-access"`** —— 即 **无任何人工审批、对磁盘完全访问**。这意味着：
+> **任何能在项目群里给机器人发消息的人，都能在你这台机器上、以你的身份、在该项目目录里执行任意命令（读写文件、联网、运行脚本）。**
+因此：
+- 只把**你信任的人**拉进项目群；
+- 在**你自己掌控的机器/账号**上运行，最好是隔离的开发机或容器；
+- 绑定的项目目录里不要放你不愿被读写的敏感数据；
+- 它不是多租户托管服务，是给你（和你信任的小团队）自用的桥。
+---
 ## ❓ 故障排查
 | 现象 | 排查 |

package/dist/cli.js CHANGED Viewed

@@ -1,4 +1,7 @@
 // src/cli/index.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { dirname as dirname8, resolve as resolve3 } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
 import { Command } from "commander";
 // src/cli/commands/doctor.ts
@@ -525,7 +528,7 @@ async function spawnExecProvider(pc, ref) {
   const timeoutMs = pc.noOutputTimeoutMs ?? DEFAULT_EXEC_TIMEOUT_MS;
   const maxOutput = pc.maxOutputBytes ?? DEFAULT_EXEC_MAX_OUTPUT;
   const providerName = ref.provider ?? DEFAULT_PROVIDER;
-  return new Promise((resolve3, reject) => {
+  return new Promise((resolve4, reject) => {
     const env = {};
     if (pc.passEnv) for (const k of pc.passEnv) {
       const v = process.env[k];
@@ -570,7 +573,7 @@ async function spawnExecProvider(pc, ref) {
       try {
         const parsed = JSON.parse(stdout);
         const value = parsed.values?.[ref.id];
-        if (typeof value === "string") return resolve3(value);
+        if (typeof value === "string") return resolve4(value);
         const err = parsed.errors?.[ref.id]?.message;
         reject(new Error(`exec provider did not return secret for ${ref.id}${err ? `: ${err}` : ""}`));
       } catch (err) {
@@ -1097,7 +1100,7 @@ var AsyncQueue = class {
         continue;
       }
       if (this.closed) return;
-      const next = await new Promise((resolve3) => this.waiters.push(resolve3));
+      const next = await new Promise((resolve4) => this.waiters.push(resolve4));
       if (next.done) return;
       yield next.value;
     }
@@ -1148,8 +1151,8 @@ var AppServerClient = class {
     const id = ++this.nextId;
     const payload = `${JSON.stringify({ jsonrpc: "2.0", id, method, params: params ?? {} })}
 `;
-    return new Promise((resolve3, reject) => {
-      this.pending.set(id, { resolve: resolve3, reject });
+    return new Promise((resolve4, reject) => {
+      this.pending.set(id, { resolve: resolve4, reject });
       this.child.stdin.write(payload, (err) => {
         if (err) {
           this.pending.delete(id);
@@ -1173,14 +1176,14 @@ var AppServerClient = class {
     const child = this.child;
     if (!child || child.exitCode !== null) return;
     child.kill("SIGTERM");
-    await new Promise((resolve3) => {
+    await new Promise((resolve4) => {
       const t = setTimeout(() => {
         if (child.exitCode === null) child.kill("SIGKILL");
-        resolve3();
+        resolve4();
       }, graceMs);
       child.once("exit", () => {
         clearTimeout(t);
-        resolve3();
+        resolve4();
       });
     });
   }
@@ -1299,12 +1302,12 @@ var APPROVAL_POLICY = "never";
 var SANDBOX = "danger-full-access";
 var READ_HISTORY_TIMEOUT_MS = 2e4;
 function withDeadline(p, ms, label) {
-  return new Promise((resolve3, reject) => {
+  return new Promise((resolve4, reject) => {
     const t = setTimeout(() => reject(new Error(`${label} timed out after ${ms}ms`)), ms);
     p.then(
       (v) => {
         clearTimeout(t);
-        resolve3(v);
+        resolve4(v);
       },
       (e) => {
         clearTimeout(t);
@@ -1344,11 +1347,11 @@ var CodexThread = class {
       if (self.model) params.model = self.model;
       if (self.effort) params.effort = self.effort;
       let startError;
-      const startFailed = new Promise((resolve3) => {
+      const startFailed = new Promise((resolve4) => {
         self.client.request("turn/start", params).then(void 0, (err) => {
           startError = err instanceof Error ? err : new Error(String(err));
           log.fail("agent", startError, { phase: "turn/start" });
-          resolve3("start-failed");
+          resolve4("start-failed");
         });
       });
       const stream2 = self.client.stream()[Symbol.asyncIterator]();
@@ -2358,9 +2361,14 @@ var RC = {
 };
 var REASONING_MAX = 1500;
 var COLLAPSE_TOOL_THRESHOLD = 3;
+var PROCESS_BODY_BUDGET = 22e3;
 function buildRunCard(rc) {
   const state = rc.rs;
   const running = state.terminal === "running";
+  const elements = running ? renderRunning(state, rc) : renderTerminal(state, rc);
+  return card(elements, { streaming: running, summary: summaryText(state) });
+}
+function renderRunning(state, rc) {
   const elements = [];
   const reasoning = reasoningContent(state);
   if (reasoning) elements.push(reasoningPanel(reasoning, state.reasoningActive));
@@ -2369,23 +2377,79 @@ function buildRunCard(rc) {
     if (group.kind === "text") {
       if (group.content.trim()) elements.push(md(group.content));
     } else {
-      elements.push(...renderToolGroup(group.tools, !running));
+      elements.push(...renderToolGroup(group.tools, false));
     }
   }
+  if (state.footer) elements.push(footerStatus(state.footer));
+  if (rc.cardKey) elements.push(actions([button("\u23F9 \u7EC8\u6B62", { a: RC.stop, m: rc.cardKey }, "danger")]));
+  return elements;
+}
+function renderTerminal(state, rc) {
+  const elements = [];
+  const answerIdx = lastTextIndex(state.blocks);
+  const answer = answerIdx >= 0 ? state.blocks[answerIdx].content.trim() : "";
+  const processBlocks = state.blocks.filter((_, i) => i !== answerIdx);
+  const blocks = rc.showTools === false ? processBlocks.filter((b) => b.kind !== "tool") : processBlocks;
+  const reasoning = reasoningContent(state);
+  const processEls = buildProcessBody(reasoning, blocks);
+  if (processEls.length > 0) {
+    const toolCount = blocks.reduce((n, b) => b.kind === "tool" ? n + 1 : n, 0);
+    elements.push(
+      collapsiblePanelEl({
+        title: processTitle(Boolean(reasoning), toolCount),
+        expanded: false,
+        border: "grey",
+        elements: processEls
+      })
+    );
+  }
+  if (answer) elements.push(md(answer));
   if (state.terminal === "interrupted") {
     elements.push(noteMd("_\u23F9 \u5DF2\u88AB\u4E2D\u65AD_"));
   } else if (state.terminal === "idle_timeout") {
     elements.push(noteMd(`_\u23F1 ${state.idleTimeoutMinutes ?? 0} \u5206\u949F\u65E0\u54CD\u5E94\uFF0C\u5DF2\u81EA\u52A8\u7EC8\u6B62_`));
   } else if (state.terminal === "error" && state.errorMsg) {
     elements.push(noteMd(`\u26A0\uFE0F agent \u5931\u8D25\uFF1A${state.errorMsg}`));
-  } else if (state.terminal === "done" && elements.length === 0) {
+  } else if (state.terminal === "done" && !answer) {
     elements.push(noteMd("_\uFF08\u672A\u8FD4\u56DE\u5185\u5BB9\uFF09_"));
   }
-  if (running) {
-    if (state.footer) elements.push(footerStatus(state.footer));
-    if (rc.cardKey) elements.push(actions([button("\u23F9 \u7EC8\u6B62", { a: RC.stop, m: rc.cardKey }, "danger")]));
+  return elements;
+}
+function lastTextIndex(blocks) {
+  for (let i = blocks.length - 1; i >= 0; i--) {
+    const b = blocks[i];
+    if (b && b.kind === "text" && b.content.trim()) return i;
   }
-  return card(elements, { streaming: running, summary: summaryText(state) });
+  return -1;
+}
+function buildProcessBody(reasoning, blocks) {
+  const rich = processElements(reasoning, blocks, false);
+  if (estimateSize2(rich) <= PROCESS_BODY_BUDGET) return rich;
+  return processElements(reasoning, blocks, true);
+}
+function processElements(reasoning, blocks, compactTools) {
+  const out = [];
+  if (reasoning) out.push(reasoningPanel(reasoning, false));
+  for (const group of groupBlocks(blocks)) {
+    if (group.kind === "text") {
+      if (group.content.trim()) out.push(md(group.content));
+    } else {
+      out.push(...renderToolGroup(group.tools, true, compactTools));
+    }
+  }
+  return out;
+}
+function processTitle(hasReasoning, toolCount) {
+  const parts = [];
+  if (hasReasoning) parts.push("\u{1F9E0} \u601D\u8003");
+  if (toolCount > 0) parts.push(`\u{1F9F0} ${toolCount} \u4E2A\u5DE5\u5177\u8C03\u7528`);
+  const detail = parts.length > 0 ? `\uFF1A${parts.join(" \xB7 ")}` : "";
+  return `\u{1F5C2} **\u8FC7\u7A0B${detail}**\uFF08\u70B9\u51FB\u5C55\u5F00\uFF09`;
+}
+function estimateSize2(els) {
+  let n = 0;
+  for (const el of els) n += JSON.stringify(el).length;
+  return n;
 }
 function buildRunCardPlain(rc) {
   return buildRunCard({ ...rc, cardKey: void 0 });
@@ -2405,8 +2469,9 @@ function* groupBlocks(blocks) {
   }
   if (toolBuf.length > 0) yield { kind: "tools", tools: toolBuf };
 }
-function renderToolGroup(tools, finalized) {
+function renderToolGroup(tools, finalized, compact = false) {
   if (tools.length === 0) return [];
+  if (compact) return [collapsedToolSummary(tools, true)];
   if (tools.length < COLLAPSE_TOOL_THRESHOLD) {
     return tools.map((t) => toolPanel(t, false));
   }
@@ -4553,21 +4618,29 @@ async function secretsRemove(id) {
   console.log(ok ? `\u2713 \u5DF2\u5220\u9664: ${id}` : `\u672A\u627E\u5230: ${id}`);
 }
 function readStdin() {
-  return new Promise((resolve3) => {
+  return new Promise((resolve4) => {
     let data = "";
     if (process.stdin.isTTY) {
-      resolve3("");
+      resolve4("");
       return;
     }
     process.stdin.setEncoding("utf8");
     process.stdin.on("data", (c) => data += c);
-    process.stdin.on("end", () => resolve3(data));
+    process.stdin.on("end", () => resolve4(data));
   });
 }
 // src/cli/index.ts
 var program = new Command();
-program.name("feishu-codex-bridge").description("\u628A\u98DE\u4E66/Lark \u6865\u63A5\u5230\u672C\u673A Codex\uFF08\u9879\u76EE=\u7FA4, \u8BDD\u9898=\u4F1A\u8BDD\uFF09").version("0.0.1");
+function readVersion() {
+  try {
+    const pkgPath = resolve3(dirname8(fileURLToPath2(import.meta.url)), "..", "package.json");
+    return JSON.parse(readFileSync2(pkgPath, "utf8")).version ?? "0.0.0";
+  } catch {
+    return "0.0.0";
+  }
+}
+program.name("feishu-codex-bridge").description("\u628A\u98DE\u4E66/Lark \u6865\u63A5\u5230\u672C\u673A Codex\uFF08\u9879\u76EE=\u7FA4, \u8BDD\u9898=\u4F1A\u8BDD\uFF09").version(readVersion());
 program.command("run").description("\u524D\u53F0\u542F\u52A8 bot\uFF08\u6CA1\u914D\u7F6E\u5219\u5148\u626B\u7801 init\uFF1BCtrl+C \u4F18\u96C5\u9000\u51FA\uFF09").action(async () => {
   await runRun();
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@modelzen/feishu-codex-bridge",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Bridge Feishu/Lark messenger with local Codex via app-server (project=group, thread=session)",
   "type": "module",
   "bin": {
@@ -24,7 +24,8 @@
     "typecheck": "tsc --noEmit",
     "test": "vitest run",
     "start": "node bin/feishu-codex-bridge.mjs run",
-    "prepare": "npm run build"
+    "prepare": "npm run build",
+    "release": "bash scripts/release.sh"
   },
   "dependencies": {
     "@larksuiteoapi/node-sdk": "^1.65.0",