@nextclaw/channel-plugin-feishu 0.2.14 → 0.2.16

package/src/nextclaw-sdk/secrets-prompt.ts

@@ -0,0 +1,305 @@
+import fs from "node:fs";
+import {
+  DEFAULT_SECRET_PROVIDER_ALIAS,
+  ENV_SECRET_REF_ID_RE,
+  formatExecSecretRefIdValidationMessage,
+  isValidExecSecretRefId,
+  isValidFileSecretRefId,
+} from "./secrets-core.js";
+import type { ClawdbotConfig, SecretInput, SecretRefSource, WizardPrompter } from "./types.js";
+
+type SecretPromptResult =
+  | { action: "keep" }
+  | { action: "use-env" }
+  | { action: "set"; value: SecretInput; resolvedValue: string };
+
+function resolveDefaultSecretProviderAlias(
+  cfg: ClawdbotConfig,
+  source: SecretRefSource,
+): string {
+  const configured =
+    source === "env"
+      ? cfg.secrets?.defaults?.env
+      : source === "file"
+        ? cfg.secrets?.defaults?.file
+        : cfg.secrets?.defaults?.exec;
+  if (configured?.trim()) {
+    return configured.trim();
+  }
+  const providers = cfg.secrets?.providers;
+  if (providers) {
+    for (const [name, provider] of Object.entries(providers)) {
+      if (provider?.source === source) {
+        return name;
+      }
+    }
+  }
+  return DEFAULT_SECRET_PROVIDER_ALIAS;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+
+function readJsonPointerValue(payload: unknown, pointer: string): string | null {
+  if (pointer === "value") {
+    return typeof payload === "string" ? payload : null;
+  }
+  const segments = pointer
+    .slice(1)
+    .split("/")
+    .map((segment) => segment.replace(/~1/g, "/").replace(/~0/g, "~"));
+  let cursor: unknown = payload;
+  for (const segment of segments) {
+    if (!isRecord(cursor) && !Array.isArray(cursor)) {
+      return null;
+    }
+    cursor = (cursor as Record<string, unknown>)[segment];
+  }
+  return typeof cursor === "string" ? cursor : null;
+}
+
+function tryResolveFileProviderValue(cfg: ClawdbotConfig, provider: string, id: string): string | null {
+  const providerConfig = cfg.secrets?.providers?.[provider];
+  if (!providerConfig || providerConfig.source !== "file" || !providerConfig.path) {
+    return null;
+  }
+  try {
+    const raw = fs.readFileSync(providerConfig.path, "utf-8");
+    if (providerConfig.mode === "singleValue") {
+      return raw.trim();
+    }
+    const parsed = JSON.parse(raw) as unknown;
+    return readJsonPointerValue(parsed, id);
+  } catch {
+    return null;
+  }
+}
+
+function promptSingleChannelToken(params: {
+  prompter: Pick<WizardPrompter, "confirm" | "text">;
+  accountConfigured: boolean;
+  canUseEnv: boolean;
+  hasConfigToken: boolean;
+  envPrompt: string;
+  keepPrompt: string;
+  inputPrompt: string;
+}): Promise<{ useEnv: boolean; token: string | null }> {
+  const promptToken = async (): Promise<string> =>
+    String(
+      await params.prompter.text({
+        message: params.inputPrompt,
+        validate: (value) => (value?.trim() ? undefined : "Required"),
+      }),
+    ).trim();
+
+  return (async () => {
+    if (params.canUseEnv) {
+      const keepEnv = await params.prompter.confirm({
+        message: params.envPrompt,
+        initialValue: true,
+      });
+      if (keepEnv) {
+        return { useEnv: true, token: null };
+      }
+      return { useEnv: false, token: await promptToken() };
+    }
+
+    if (params.hasConfigToken && params.accountConfigured) {
+      const keep = await params.prompter.confirm({
+        message: params.keepPrompt,
+        initialValue: true,
+      });
+      if (keep) {
+        return { useEnv: false, token: null };
+      }
+    }
+
+    return { useEnv: false, token: await promptToken() };
+  })();
+}
+
+async function resolveSecretInputMode(params: {
+  prompter: Pick<WizardPrompter, "select">;
+  explicitMode?: "plaintext" | "ref";
+  credentialLabel: string;
+}): Promise<"plaintext" | "ref"> {
+  if (params.explicitMode) {
+    return params.explicitMode;
+  }
+  return await params.prompter.select({
+    message: `How do you want to provide this ${params.credentialLabel}?`,
+    initialValue: "plaintext",
+    options: [
+      {
+        value: "plaintext",
+        label: `Enter ${params.credentialLabel}`,
+        hint: "Stores the credential directly in NextClaw config",
+      },
+      {
+        value: "ref",
+        label: "Use secret reference",
+        hint: "Stores a reference to env or configured secret providers",
+      },
+    ],
+  });
+}
+
+async function promptSecretRefForSetup(params: {
+  cfg: ClawdbotConfig;
+  prompter: Pick<WizardPrompter, "note" | "select" | "text">;
+  preferredEnvVar?: string;
+}): Promise<{ value: SecretInput; resolvedValue: string }> {
+  const providers = Object.entries(params.cfg.secrets?.providers ?? {}).filter(
+    ([, provider]) => provider?.source === "file" || provider?.source === "exec",
+  );
+  const source = await params.prompter.select({
+    message: "Where is this secret stored?",
+    initialValue: "env",
+    options: [
+      { value: "env", label: "Environment variable", hint: "Reference an env var" },
+      ...(providers.length > 0
+        ? [{ value: "provider", label: "Configured provider", hint: "Reference file/exec provider" }]
+        : []),
+    ],
+  });
+
+  if (source === "env") {
+    const envVar = String(
+      await params.prompter.text({
+        message: "Environment variable name",
+        initialValue: params.preferredEnvVar,
+        placeholder: params.preferredEnvVar ?? "NEXTCLAW_SECRET",
+        validate: (value) => {
+          const candidate = value.trim();
+          if (!ENV_SECRET_REF_ID_RE.test(candidate)) {
+            return 'Use an env var name like "OPENAI_API_KEY".';
+          }
+          if (!process.env[candidate]?.trim()) {
+            return `Environment variable "${candidate}" is missing or empty in this session.`;
+          }
+          return undefined;
+        },
+      }),
+    ).trim();
+    return {
+      value: {
+        source: "env",
+        provider: resolveDefaultSecretProviderAlias(params.cfg, "env"),
+        id: envVar,
+      },
+      resolvedValue: process.env[envVar]?.trim() ?? "",
+    };
+  }
+
+  const provider = await params.prompter.select({
+    message: "Select secret provider",
+    initialValue: providers[0]?.[0],
+    options: providers.map(([name, providerConfig]) => ({
+      value: name,
+      label: name,
+      hint: providerConfig?.source === "exec" ? "Exec provider" : "File provider",
+    })),
+  });
+  const providerConfig = params.cfg.secrets?.providers?.[provider];
+  const id = String(
+    await params.prompter.text({
+      message:
+        providerConfig?.source === "file"
+          ? "Secret id (JSON pointer, or 'value' for singleValue mode)"
+          : "Secret id for the exec provider",
+      initialValue: providerConfig?.source === "file" ? "/providers/feishu/appSecret" : undefined,
+      validate: (value) => {
+        const candidate = value.trim();
+        if (!candidate) {
+          return "Required";
+        }
+        if (providerConfig?.source === "file") {
+          return isValidFileSecretRefId(candidate) ? undefined : "Invalid file secret reference id.";
+        }
+        return isValidExecSecretRefId(candidate)
+          ? undefined
+          : formatExecSecretRefIdValidationMessage();
+      },
+    }),
+  ).trim();
+
+  const resolvedValue =
+    providerConfig?.source === "file" ? (tryResolveFileProviderValue(params.cfg, provider, id) ?? "") : "";
+  if (!resolvedValue && providerConfig?.source === "exec") {
+    await params.prompter.note(
+      "Exec provider reference saved. Connection probe will rely on runtime secret resolution later.",
+      "Secret reference saved",
+    );
+  }
+
+  return {
+    value: {
+      source: providerConfig?.source === "exec" ? "exec" : "file",
+      provider,
+      id,
+    },
+    resolvedValue,
+  };
+}
+
+export async function promptSingleChannelSecretInput(params: {
+  cfg: ClawdbotConfig;
+  prompter: Pick<WizardPrompter, "confirm" | "note" | "select" | "text">;
+  providerHint: string;
+  credentialLabel: string;
+  secretInputMode?: "plaintext" | "ref";
+  accountConfigured: boolean;
+  canUseEnv: boolean;
+  hasConfigToken: boolean;
+  envPrompt: string;
+  keepPrompt: string;
+  inputPrompt: string;
+  preferredEnvVar?: string;
+}): Promise<SecretPromptResult> {
+  const selectedMode = await resolveSecretInputMode({
+    prompter: params.prompter,
+    explicitMode: params.secretInputMode,
+    credentialLabel: params.credentialLabel,
+  });
+
+  if (selectedMode === "plaintext") {
+    const plainResult = await promptSingleChannelToken({
+      prompter: params.prompter,
+      accountConfigured: params.accountConfigured,
+      canUseEnv: params.canUseEnv,
+      hasConfigToken: params.hasConfigToken,
+      envPrompt: params.envPrompt,
+      keepPrompt: params.keepPrompt,
+      inputPrompt: params.inputPrompt,
+    });
+    if (plainResult.useEnv) {
+      return { action: "use-env" };
+    }
+    if (plainResult.token) {
+      return { action: "set", value: plainResult.token, resolvedValue: plainResult.token };
+    }
+    return { action: "keep" };
+  }
+
+  if (params.hasConfigToken && params.accountConfigured) {
+    const keep = await params.prompter.confirm({
+      message: params.keepPrompt,
+      initialValue: true,
+    });
+    if (keep) {
+      return { action: "keep" };
+    }
+  }
+
+  const refResult = await promptSecretRefForSetup({
+    cfg: params.cfg,
+    prompter: params.prompter,
+    preferredEnvVar: params.preferredEnvVar,
+  });
+  return {
+    action: "set",
+    value: refResult.value,
+    resolvedValue: refResult.resolvedValue,
+  };
+}

package/src/nextclaw-sdk/secrets.ts

@@ -0,0 +1,18 @@
+export {
+  buildSecretInputSchema,
+  formatExecSecretRefIdValidationMessage,
+  hasConfiguredSecretInput,
+  isValidExecSecretRefId,
+  isValidFileSecretRefId,
+  normalizeResolvedSecretInputString,
+  normalizeSecretInputString,
+} from "./secrets-core.js";
+export {
+  buildSingleChannelSecretPromptState,
+  mergeAllowFromEntries,
+  setTopLevelChannelAllowFrom,
+  setTopLevelChannelDmPolicyWithAllowFrom,
+  setTopLevelChannelGroupPolicy,
+  splitOnboardingEntries,
+} from "./secrets-config.js";
+export { promptSingleChannelSecretInput } from "./secrets-prompt.js";

package/src/nextclaw-sdk/types.ts

@@ -0,0 +1,300 @@
+export type LogFn = (message: string) => void;
+
+export type SecretRefSource = "env" | "file" | "exec";
+
+export type SecretRef = {
+  source: SecretRefSource;
+  provider: string;
+  id: string;
+};
+
+export type SecretInput = string | SecretRef;
+
+export type DmPolicy = "open" | "pairing" | "allowlist";
+export type GroupPolicy = "open" | "allowlist" | "disabled";
+
+export type AllowlistMatch<TSource extends string = string> = {
+  allowed: boolean;
+  matchKey?: string;
+  matchSource?: TSource;
+};
+
+export type BaseProbeResult<TTarget = string> = {
+  ok: boolean;
+  target?: TTarget;
+  error?: string;
+  [key: string]: unknown;
+};
+
+export type ReplyPayload = {
+  text?: string;
+  mediaUrl?: string;
+  mediaUrls?: string[];
+  [key: string]: unknown;
+};
+
+export type HistoryEntry = {
+  sender: string;
+  body: string;
+  timestamp?: number;
+  messageId?: string;
+};
+
+export type GroupToolPolicyConfig = Record<string, unknown>;
+
+export type ChannelGroupContext = {
+  cfg: ClawdbotConfig;
+  groupId?: string | null;
+  [key: string]: unknown;
+};
+
+export type ChannelMeta = {
+  id: string;
+  label: string;
+  selectionLabel?: string;
+  docsPath?: string;
+  docsLabel?: string;
+  blurb?: string;
+  aliases?: string[];
+  order?: number;
+  [key: string]: unknown;
+};
+
+export type ChannelPlugin<ResolvedAccount = unknown> = {
+  id: string;
+  meta: ChannelMeta;
+  config?: Record<string, unknown>;
+  onboarding?: ChannelOnboardingAdapter;
+  [key: string]: unknown;
+  __resolvedAccountType__?: ResolvedAccount;
+};
+
+export type ChannelOutboundAdapter = Record<string, unknown>;
+
+export type AnyAgentTool = {
+  name?: string;
+  description?: string;
+  parameters?: Record<string, unknown>;
+  execute?: (toolCallId: string, params: unknown) => Promise<unknown> | unknown;
+  [key: string]: unknown;
+};
+
+export type ResolvedAgentRoute = {
+  agentId?: string;
+  sessionKey?: string;
+  [key: string]: unknown;
+};
+
+export type InboundDebouncer<T> = {
+  run: (key: string, value: T, task: (value: T) => Promise<void>) => void;
+  clear: () => void;
+};
+
+export type PluginRuntime = {
+  version?: string;
+  config: {
+    loadConfig?: () => OpenClawConfig;
+    writeConfigFile: (next: OpenClawConfig) => Promise<void>;
+  };
+  logging: {
+    shouldLogVerbose: () => boolean;
+  };
+  media: {
+    detectMime: (params: { buffer: Buffer }) => Promise<string | undefined>;
+    loadWebMedia: (
+      url: string,
+      options?: Record<string, unknown>,
+    ) => Promise<Record<string, unknown>>;
+  };
+  channel: {
+    media: {
+      fetchRemoteMedia: (params: {
+        url: string;
+        maxBytes?: number;
+      }) => Promise<Record<string, unknown>>;
+      saveMediaBuffer: (
+        buffer: Buffer,
+        contentType?: string,
+        direction?: string,
+        maxBytes?: number,
+      ) => Promise<{ path: string; contentType?: string }>;
+    };
+    text: {
+      chunkMarkdownText: (text: string, limit: number) => string[];
+      resolveMarkdownTableMode: (params: Record<string, unknown>) => unknown;
+      convertMarkdownTables: (text: string, mode?: unknown) => string;
+      resolveTextChunkLimit: (
+        cfg: OpenClawConfig,
+        channel: string,
+        accountId?: string,
+        options?: Record<string, unknown>,
+      ) => number;
+      resolveChunkMode: (cfg: OpenClawConfig, channel: string) => string;
+      chunkTextWithMode: (text: string, limit: number, mode?: unknown) => string[];
+      hasControlCommand: (text: string, cfg: OpenClawConfig) => boolean;
+    };
+    reply: {
+      resolveEnvelopeFormatOptions: (cfg: OpenClawConfig) => Record<string, unknown>;
+      formatAgentEnvelope: (params: Record<string, unknown>) => string;
+      finalizeInboundContext: (params: Record<string, unknown>) => Record<string, unknown>;
+      withReplyDispatcher: (params: Record<string, unknown>) => Promise<Record<string, unknown>>;
+      dispatchReplyFromConfig: (params: Record<string, unknown>) => Promise<Record<string, unknown>>;
+      createReplyDispatcherWithTyping: (params: Record<string, unknown>) => {
+        dispatcher: unknown;
+        replyOptions: Record<string, unknown>;
+        markDispatchIdle: () => void;
+      };
+      resolveHumanDelayConfig: (cfg: OpenClawConfig, agentId: string) => unknown;
+      dispatchReplyWithBufferedBlockDispatcher?: (
+        params: Record<string, unknown>,
+      ) => Promise<void>;
+    };
+    routing: {
+      resolveAgentRoute: (params: Record<string, unknown>) => ResolvedAgentRoute | null;
+    };
+    pairing: {
+      readAllowFromStore: (params: { channel: string; accountId?: string }) => unknown;
+      upsertPairingRequest: (params: Record<string, unknown>) => Promise<{
+        code: string;
+        created: boolean;
+      }>;
+    };
+    commands: {
+      shouldComputeCommandAuthorized: (text: string) => boolean;
+      resolveCommandAuthorizedFromAuthorizers: (
+        params: Record<string, unknown>,
+      ) => Promise<boolean> | boolean;
+    };
+    debounce: {
+      resolveInboundDebounceMs: (params: Record<string, unknown>) => number;
+      createInboundDebouncer: <T>(params: Record<string, unknown>) => InboundDebouncer<T>;
+    };
+  };
+  [key: string]: unknown;
+};
+
+export type RuntimeEnv = {
+  log?: (message: string) => void;
+  error?: (message: string) => void;
+  warn?: (message: string) => void;
+  debug?: (message: string) => void;
+  info?: (message: string) => void;
+  [key: string]: unknown;
+};
+
+export type OpenClawPluginApi = {
+  config: ClawdbotConfig;
+  runtime: PluginRuntime;
+  logger: {
+    info: LogFn;
+    warn: LogFn;
+    error: LogFn;
+    debug?: LogFn;
+  };
+  registerTool: (
+    tool:
+      | AnyAgentTool
+      | ((ctx: Record<string, unknown>) => AnyAgentTool | AnyAgentTool[] | null | undefined),
+    opts?: { name?: string; names?: string[]; optional?: boolean },
+  ) => void;
+  registerChannel: (registration: unknown) => void;
+  [key: string]: unknown;
+};
+
+export type WizardSelectOption<T extends string = string> = {
+  value: T;
+  label: string;
+  hint?: string;
+};
+
+export type WizardPrompter = {
+  note: (message: string, title?: string) => Promise<void>;
+  text: (params: {
+    message: string;
+    placeholder?: string;
+    initialValue?: string;
+    validate?: (value: string) => string | undefined;
+  }) => Promise<string>;
+  confirm: (params: { message: string; initialValue?: boolean }) => Promise<boolean>;
+  select: <T extends string = string>(params: {
+    message: string;
+    options: WizardSelectOption<T>[];
+    initialValue?: T | string;
+  }) => Promise<T>;
+};
+
+export type ChannelOnboardingDmPolicy = {
+  label: string;
+  channel: string;
+  policyKey: string;
+  allowFromKey: string;
+  getCurrent: (cfg: ClawdbotConfig) => DmPolicy;
+  setPolicy: (cfg: ClawdbotConfig, policy: DmPolicy) => ClawdbotConfig;
+  promptAllowFrom: (params: {
+    cfg: ClawdbotConfig;
+    prompter: WizardPrompter;
+  }) => Promise<ClawdbotConfig>;
+};
+
+export type ChannelOnboardingAdapter = {
+  channel: string;
+  getStatus: (params: { cfg: ClawdbotConfig }) => Promise<{
+    channel: string;
+    configured: boolean;
+    statusLines: string[];
+    selectionHint?: string;
+    quickstartScore?: number;
+  }>;
+  configure: (params: {
+    cfg: ClawdbotConfig;
+    prompter: WizardPrompter;
+  }) => Promise<{ cfg: ClawdbotConfig; accountId?: string }>;
+  dmPolicy?: ChannelOnboardingDmPolicy;
+  disable?: (cfg: ClawdbotConfig) => ClawdbotConfig;
+};
+
+export type OpenClawConfig = {
+  channels?: Record<string, Record<string, unknown> | undefined>;
+  bindings?: Array<{
+    agentId?: string;
+    match?: {
+      channel?: string;
+      peer?: {
+        kind?: string;
+        id?: string;
+      };
+    };
+  }>;
+  agents?: {
+    list?: Array<{
+      id: string;
+      workspace?: string;
+      agentDir?: string;
+      [key: string]: unknown;
+    }>;
+    [key: string]: unknown;
+  };
+  broadcast?: Record<string, string[]>;
+  secrets?: {
+    defaults?: {
+      env?: string;
+      file?: string;
+      exec?: string;
+    };
+    providers?: Record<
+      string,
+      {
+        source?: SecretRefSource;
+        path?: string;
+        mode?: "singleValue" | "json";
+        command?: string;
+        args?: string[];
+        [key: string]: unknown;
+      }
+    >;
+    [key: string]: unknown;
+  };
+  [key: string]: unknown;
+};
+
+export type ClawdbotConfig = OpenClawConfig;

package/src/onboarding.status.test.ts

@@ -1,4 +1,4 @@
-import type { OpenClawConfig } from "openclaw/plugin-sdk/feishu";
+import type { OpenClawConfig } from "./nextclaw-sdk/feishu.js";
 import { describe, expect, it } from "vitest";
 import { feishuOnboardingAdapter } from "./onboarding.js";
 

package/src/onboarding.ts

@@ -5,7 +5,7 @@ import type {
   DmPolicy,
   SecretInput,
   WizardPrompter,
-} from "openclaw/plugin-sdk/feishu";
+} from "./nextclaw-sdk/feishu.js";
 import {
   buildSingleChannelSecretPromptState,
   DEFAULT_ACCOUNT_ID,
@@ -17,7 +17,7 @@ import {
   setTopLevelChannelDmPolicyWithAllowFrom,
   setTopLevelChannelGroupPolicy,
   splitOnboardingEntries,
-} from "openclaw/plugin-sdk/feishu";
+} from "./nextclaw-sdk/feishu.js";
 import { resolveFeishuCredentials } from "./accounts.js";
 import { probeFeishu } from "./probe.js";
 import type { FeishuConfig } from "./types.js";

package/src/outbound.ts

@@ -1,6 +1,6 @@
 import fs from "fs";
 import path from "path";
-import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/feishu";
+import type { ChannelOutboundAdapter } from "./nextclaw-sdk/feishu.js";
 import { resolveFeishuAccount } from "./accounts.js";
 import { sendMediaFeishu } from "./media.js";
 import { getFeishuRuntime } from "./runtime.js";

package/src/perm.ts

@@ -1,5 +1,5 @@
 import type * as Lark from "@larksuiteoapi/node-sdk";
-import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu";
+import type { OpenClawPluginApi } from "./nextclaw-sdk/feishu.js";
 import { listEnabledFeishuAccounts } from "./accounts.js";
 import { FeishuPermSchema, type FeishuPermParams } from "./perm-schema.js";
 import { createFeishuToolClient, resolveAnyEnabledFeishuToolsConfig } from "./tool-account.js";

package/src/policy.ts

@@ -2,8 +2,8 @@ import type {
   AllowlistMatch,
   ChannelGroupContext,
   GroupToolPolicyConfig,
-} from "openclaw/plugin-sdk/feishu";
-import { evaluateSenderGroupAccessForPolicy } from "openclaw/plugin-sdk/feishu";
+} from "./nextclaw-sdk/feishu.js";
+import { evaluateSenderGroupAccessForPolicy } from "./nextclaw-sdk/feishu.js";
 import { normalizeFeishuTarget } from "./targets.js";
 import type { FeishuConfig, FeishuGroupConfig } from "./types.js";
 

package/src/reactions.ts

@@ -1,4 +1,4 @@
-import type { ClawdbotConfig } from "openclaw/plugin-sdk/feishu";
+import type { ClawdbotConfig } from "./nextclaw-sdk/feishu.js";
 import { resolveFeishuAccount } from "./accounts.js";
 import { createFeishuClient } from "./client.js";
 

package/src/reply-dispatcher.ts

@@ -5,7 +5,7 @@ import {
   type ClawdbotConfig,
   type ReplyPayload,
   type RuntimeEnv,
-} from "openclaw/plugin-sdk/feishu";
+} from "./nextclaw-sdk/feishu.js";
 import { resolveFeishuAccount } from "./accounts.js";
 import { createFeishuClient } from "./client.js";
 import { sendMediaFeishu } from "./media.js";

package/src/runtime.ts

@@ -1,5 +1,5 @@
-import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat";
-import type { PluginRuntime } from "openclaw/plugin-sdk/feishu";
+import { createPluginRuntimeStore } from "./nextclaw-sdk/compat.js";
+import type { PluginRuntime } from "./nextclaw-sdk/feishu.js";
 
 const { setRuntime: setFeishuRuntime, getRuntime: getFeishuRuntime } =
   createPluginRuntimeStore<PluginRuntime>("Feishu runtime not initialized");