@nextclaw/channel-plugin-feishu 0.2.16 → 0.2.18

package/src/calendar-shared.ts

@@ -0,0 +1,33 @@
+import type { createToolContext } from "./user-tool-helpers.js";
+import { assertLarkOk, unixTimestampToISO8601 } from "./user-tool-helpers.js";
+
+export function normalizeEventTimes<T extends Record<string, unknown> | undefined>(event: T): T {
+  if (!event) return event;
+  const typed = event as Record<string, unknown>;
+  const start = typed.start_time as { timestamp?: string | number } | undefined;
+  const end = typed.end_time as { timestamp?: string | number } | undefined;
+  return {
+    ...typed,
+    start_time_iso8601: unixTimestampToISO8601(start?.timestamp),
+    end_time_iso8601: unixTimestampToISO8601(end?.timestamp),
+  } as T;
+}
+
+export async function resolveCalendarId(
+  client: ReturnType<typeof createToolContext>["toolClient"] extends () => infer T ? T : never,
+  calendarId?: string,
+) {
+  if (calendarId) return calendarId;
+  const response = await client.invoke(
+    "feishu_calendar_calendar.primary",
+    (sdk, opts) => sdk.calendar.calendar.primary({}, opts),
+    { as: "user" },
+  );
+  assertLarkOk(response);
+  const calendars = (response.data as { calendars?: Array<{ calendar_id?: string }> } | undefined)?.calendars;
+  const primaryId = calendars?.[0]?.calendar_id;
+  if (!primaryId) {
+    throw new Error("No primary calendar found for current user.");
+  }
+  return primaryId;
+}

package/src/calendar.ts

@@ -0,0 +1,18 @@
+import type { OpenClawPluginApi } from "./nextclaw-sdk/feishu.js";
+import { listEnabledFeishuAccounts } from "./accounts.js";
+import { registerFeishuCalendarCalendarTool } from "./calendar-calendar.js";
+import { registerFeishuCalendarEventTool } from "./calendar-event.js";
+import { registerFeishuCalendarEventAttendeeTool } from "./calendar-event-attendee.js";
+import { registerFeishuCalendarFreebusyTool } from "./calendar-freebusy.js";
+import { resolveAnyEnabledFeishuToolsConfig } from "./tool-account.js";
+
+export function registerFeishuCalendarTools(api: OpenClawPluginApi) {
+  if (!api.config) return;
+  const accounts = listEnabledFeishuAccounts(api.config);
+  if (accounts.length === 0) return;
+  if (!resolveAnyEnabledFeishuToolsConfig(accounts).calendar) return;
+  registerFeishuCalendarCalendarTool(api);
+  registerFeishuCalendarEventTool(api);
+  registerFeishuCalendarEventAttendeeTool(api);
+  registerFeishuCalendarFreebusyTool(api);
+}

package/src/card-action.ts

@@ -1,6 +1,7 @@
 import type { ClawdbotConfig, RuntimeEnv } from "./nextclaw-sdk/feishu.js";
 import { resolveFeishuAccount } from "./accounts.js";
 import { handleFeishuMessage, type FeishuMessageEvent } from "./bot.js";
+import { withTicket } from "./lark-ticket.js";
 
 export type FeishuCardActionEvent = {
   operator: {
@@ -69,11 +70,22 @@ export async function handleFeishuCardAction(params: {
   );
 
   // Dispatch as normal message
-  await handleFeishuMessage({
-    cfg,
-    event: messageEvent,
-    botOpenId: params.botOpenId,
-    runtime,
-    accountId,
-  });
+  await withTicket(
+    {
+      accountId: account.accountId,
+      messageId: messageEvent.message.message_id,
+      chatId: messageEvent.message.chat_id,
+      senderOpenId: event.operator.open_id,
+      chatType: messageEvent.message.chat_type,
+      startTime: Date.now(),
+    },
+    () =>
+      handleFeishuMessage({
+        cfg,
+        event: messageEvent,
+        botOpenId: params.botOpenId,
+        runtime,
+        accountId,
+      }),
+  );
 }

package/src/config-schema.ts

@@ -92,6 +92,11 @@ const FeishuToolsConfigSchema = z
     drive: z.boolean().optional(), // Cloud storage operations (default: true)
     perm: z.boolean().optional(), // Permission management (default: false, sensitive)
     scopes: z.boolean().optional(), // App scopes diagnostic (default: true)
+    calendar: z.boolean().optional(), // Calendar operations (default: true)
+    task: z.boolean().optional(), // Task operations (default: true)
+    sheets: z.boolean().optional(), // Sheets operations (default: true)
+    oauth: z.boolean().optional(), // OAuth operations (default: true)
+    identity: z.boolean().optional(), // Identity lookup operations (default: true)
   })
   .strict()
   .optional();

package/src/device-flow.ts

@@ -0,0 +1,188 @@
+import { feishuFetch } from "./feishu-fetch.js";
+import type { FeishuDomain } from "./types.js";
+
+export type DeviceAuthResponse = {
+  deviceCode: string;
+  userCode: string;
+  verificationUri: string;
+  verificationUriComplete: string;
+  expiresIn: number;
+  interval: number;
+};
+
+export type DeviceFlowTokenData = {
+  accessToken: string;
+  refreshToken: string;
+  expiresIn: number;
+  refreshExpiresIn: number;
+  scope: string;
+};
+
+export type DeviceFlowResult =
+  | { ok: true; token: DeviceFlowTokenData }
+  | {
+      ok: false;
+      error: "authorization_pending" | "slow_down" | "access_denied" | "expired_token";
+      message: string;
+    };
+
+export function resolveOAuthEndpoints(domain: FeishuDomain): {
+  deviceAuthorization: string;
+  token: string;
+} {
+  if (!domain || domain === "feishu") {
+    return {
+      deviceAuthorization: "https://accounts.feishu.cn/oauth/v1/device_authorization",
+      token: "https://open.feishu.cn/open-apis/authen/v2/oauth/token",
+    };
+  }
+  if (domain === "lark") {
+    return {
+      deviceAuthorization: "https://accounts.larksuite.com/oauth/v1/device_authorization",
+      token: "https://open.larksuite.com/open-apis/authen/v2/oauth/token",
+    };
+  }
+
+  const base = domain.replace(/\/+$/, "");
+  let accountsBase = base;
+  try {
+    const parsed = new URL(base);
+    if (parsed.hostname.startsWith("open.")) {
+      accountsBase = `${parsed.protocol}//${parsed.hostname.replace(/^open\./, "accounts.")}`;
+    }
+  } catch {
+    // ignore
+  }
+
+  return {
+    deviceAuthorization: `${accountsBase}/oauth/v1/device_authorization`,
+    token: `${base}/open-apis/authen/v2/oauth/token`,
+  };
+}
+
+export async function requestDeviceAuthorization(params: {
+  appId: string;
+  appSecret: string;
+  domain: FeishuDomain;
+  scope?: string;
+}): Promise<DeviceAuthResponse> {
+  const endpoints = resolveOAuthEndpoints(params.domain);
+  let scope = params.scope?.trim() ?? "";
+  if (!scope.includes("offline_access")) {
+    scope = scope ? `${scope} offline_access` : "offline_access";
+  }
+
+  const basicAuth = Buffer.from(`${params.appId}:${params.appSecret}`).toString("base64");
+  const body = new URLSearchParams();
+  body.set("client_id", params.appId);
+  body.set("scope", scope);
+
+  const response = await feishuFetch(endpoints.deviceAuthorization, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Authorization: `Basic ${basicAuth}`,
+    },
+    body: body.toString(),
+  });
+
+  const data = (await response.json()) as Record<string, unknown>;
+  if (!response.ok || data.error) {
+    throw new Error(
+      String(data.error_description ?? data.error ?? `HTTP ${response.status}`),
+    );
+  }
+
+  return {
+    deviceCode: String(data.device_code ?? ""),
+    userCode: String(data.user_code ?? ""),
+    verificationUri: String(data.verification_uri ?? ""),
+    verificationUriComplete: String(data.verification_uri_complete ?? data.verification_uri ?? ""),
+    expiresIn: Number(data.expires_in ?? 240),
+    interval: Number(data.interval ?? 5),
+  };
+}
+
+function sleep(ms: number, signal?: AbortSignal): Promise<void> {
+  return new Promise((resolve, reject) => {
+    const timer = setTimeout(resolve, ms);
+    signal?.addEventListener(
+      "abort",
+      () => {
+        clearTimeout(timer);
+        reject(new DOMException("Aborted", "AbortError"));
+      },
+      { once: true },
+    );
+  });
+}
+
+export async function pollDeviceToken(params: {
+  appId: string;
+  appSecret: string;
+  domain: FeishuDomain;
+  deviceCode: string;
+  interval: number;
+  expiresIn: number;
+  signal?: AbortSignal;
+}): Promise<DeviceFlowResult> {
+  const endpoints = resolveOAuthEndpoints(params.domain);
+  const deadline = Date.now() + params.expiresIn * 1000;
+  let interval = params.interval;
+
+  while (Date.now() < deadline) {
+    if (params.signal?.aborted) {
+      return { ok: false, error: "expired_token", message: "Polling was cancelled" };
+    }
+
+    await sleep(interval * 1000, params.signal);
+
+    const response = await feishuFetch(endpoints.token, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        device_code: params.deviceCode,
+        client_id: params.appId,
+        client_secret: params.appSecret,
+      }).toString(),
+    });
+
+    const data = (await response.json()) as Record<string, unknown>;
+    const error = typeof data.error === "string" ? data.error : undefined;
+
+    if (!error && data.access_token) {
+      return {
+        ok: true,
+        token: {
+          accessToken: String(data.access_token),
+          refreshToken: String(data.refresh_token ?? ""),
+          expiresIn: Number(data.expires_in ?? 7200),
+          refreshExpiresIn: Number(data.refresh_token_expires_in ?? data.expires_in ?? 7200),
+          scope: String(data.scope ?? ""),
+        },
+      };
+    }
+
+    if (error === "authorization_pending") {
+      continue;
+    }
+    if (error === "slow_down") {
+      interval = Math.min(interval + 5, 60);
+      continue;
+    }
+    if (error === "access_denied" || error === "expired_token") {
+      return {
+        ok: false,
+        error,
+        message: String(data.error_description ?? error),
+      };
+    }
+  }
+
+  return {
+    ok: false,
+    error: "expired_token",
+    message: "Device authorization expired before approval finished.",
+  };
+}

package/src/domains.ts

@@ -0,0 +1,19 @@
+import type { FeishuDomain } from "./types.js";
+
+export function openPlatformDomain(domain?: FeishuDomain): string {
+  return domain === "lark" ? "https://open.larksuite.com" : "https://open.feishu.cn";
+}
+
+export function wwwDomain(domain?: FeishuDomain): string {
+  return domain === "lark" ? "https://www.larksuite.com" : "https://www.feishu.cn";
+}
+
+export function resolveDomainUrl(domain: FeishuDomain): string {
+  if (domain === "feishu") {
+    return "https://open.feishu.cn";
+  }
+  if (domain === "lark") {
+    return "https://open.larksuite.com";
+  }
+  return domain.replace(/\/+$/, "");
+}

package/src/feishu-fetch.ts

@@ -0,0 +1,9 @@
+const FEISHU_USER_AGENT = "nextclaw-feishu-plugin/0.2";
+
+export function feishuFetch(url: string | URL | Request, init?: RequestInit): Promise<Response> {
+  const headers = new Headers(init?.headers);
+  if (!headers.has("User-Agent")) {
+    headers.set("User-Agent", FEISHU_USER_AGENT);
+  }
+  return fetch(url, { ...init, headers });
+}

package/src/identity.ts

@@ -0,0 +1,160 @@
+import { Type } from "@sinclair/typebox";
+import type { OpenClawPluginApi } from "./nextclaw-sdk/feishu.js";
+import { listEnabledFeishuAccounts } from "./accounts.js";
+import { resolveAnyEnabledFeishuToolsConfig } from "./tool-account.js";
+import {
+  assertLarkOk,
+  createToolContext,
+  handleInvokeError,
+  json,
+  registerTool,
+  StringEnum,
+} from "./user-tool-helpers.js";
+
+const GetUserSchema = Type.Object({
+  user_id: Type.Optional(
+    Type.String({
+      description: "用户 ID（如 ou_xxx）。不传时获取当前消息发送者本人信息。",
+    }),
+  ),
+  user_id_type: Type.Optional(StringEnum(["open_id", "union_id", "user_id"])),
+});
+
+const SearchUserSchema = Type.Object({
+  query: Type.String({
+    description: "搜索关键词，可匹配姓名、邮箱、手机号等。",
+  }),
+  page_size: Type.Optional(
+    Type.Integer({
+      description: "分页大小，默认 20，最大 200。",
+      minimum: 1,
+      maximum: 200,
+    }),
+  ),
+  page_token: Type.Optional(
+    Type.String({
+      description: "翻页 token。",
+    }),
+  ),
+});
+
+export function registerFeishuIdentityTools(api: OpenClawPluginApi) {
+  if (!api.config) {
+    return;
+  }
+
+  const accounts = listEnabledFeishuAccounts(api.config);
+  if (accounts.length === 0) {
+    return;
+  }
+
+  const toolsConfig = resolveAnyEnabledFeishuToolsConfig(accounts);
+  if (!toolsConfig.identity) {
+    return;
+  }
+
+  registerFeishuGetUserTool(api);
+  registerFeishuSearchUserTool(api);
+}
+
+function registerFeishuGetUserTool(api: OpenClawPluginApi) {
+  const { toolClient, log } = createToolContext(api, "feishu_get_user");
+
+  registerTool(
+    api,
+    {
+      name: "feishu_get_user",
+      label: "Feishu: Get User",
+      description:
+        "获取飞书用户信息。不传 user_id 时默认获取当前消息发送者本人信息；传 user_id 时获取指定用户信息。",
+      parameters: GetUserSchema,
+      async execute(_toolCallId, params) {
+        const payload = params as {
+          user_id?: string;
+          user_id_type?: "open_id" | "union_id" | "user_id";
+        };
+
+        try {
+          const client = toolClient();
+          if (!payload.user_id) {
+            log.info("fetching current user info");
+            const response = await client.invoke(
+              "feishu_get_user.default",
+              (sdk, opts) => sdk.authen.userInfo.get({}, opts),
+              { as: "user" },
+            );
+            assertLarkOk(response);
+            return json({ user: response.data });
+          }
+
+          log.info(`fetching user ${payload.user_id}`);
+          const response = await client.invoke(
+            "feishu_get_user.default",
+            (sdk, opts) =>
+              sdk.contact.user.get(
+                {
+                  path: { user_id: payload.user_id! },
+                  params: {
+                    user_id_type: payload.user_id_type ?? "open_id",
+                  },
+                },
+                opts,
+              ),
+            { as: "user" },
+          );
+          assertLarkOk(response);
+          return json({ user: response.data?.user });
+        } catch (error) {
+          return handleInvokeError(error, api);
+        }
+      },
+    },
+    { name: "feishu_get_user" },
+  );
+}
+
+function registerFeishuSearchUserTool(api: OpenClawPluginApi) {
+  const { toolClient, log } = createToolContext(api, "feishu_search_user");
+
+  registerTool(
+    api,
+    {
+      name: "feishu_search_user",
+      label: "Feishu: Search User",
+      description: "搜索飞书员工信息，返回姓名、部门、open_id 等结果。",
+      parameters: SearchUserSchema,
+      async execute(_toolCallId, params) {
+        const payload = params as {
+          query: string;
+          page_size?: number;
+          page_token?: string;
+        };
+
+        try {
+          const client = toolClient();
+          log.info(`search query="${payload.query}"`);
+          const response = await client.invokeByPath<{
+            data?: { users?: unknown[]; has_more?: boolean; page_token?: string };
+          }>("feishu_search_user.default", "/open-apis/search/v1/user", {
+            method: "GET",
+            query: {
+              query: payload.query,
+              page_size: String(payload.page_size ?? 20),
+              ...(payload.page_token ? { page_token: payload.page_token } : {}),
+            },
+            as: "user",
+          });
+          assertLarkOk(response as { code?: number; msg?: string });
+          return json({
+            users: response.data?.users ?? [],
+            has_more: response.data?.has_more ?? false,
+            page_token: response.data?.page_token,
+          });
+        } catch (error) {
+          return handleInvokeError(error, api);
+        }
+      },
+    },
+    { name: "feishu_search_user" },
+  );
+}

package/src/lark-ticket.ts

@@ -0,0 +1,26 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+
+export type LarkTicket = {
+  messageId: string;
+  chatId: string;
+  accountId: string;
+  startTime: number;
+  senderOpenId?: string;
+  chatType?: "p2p" | "group" | "private";
+  threadId?: string;
+};
+
+const store = new AsyncLocalStorage<LarkTicket>();
+
+export function withTicket<T>(ticket: LarkTicket, fn: () => T | Promise<T>): T | Promise<T> {
+  return store.run(ticket, fn);
+}
+
+export function getTicket(): LarkTicket | undefined {
+  return store.getStore();
+}
+
+export function ticketElapsed(): number {
+  const ticket = getTicket();
+  return ticket ? Date.now() - ticket.startTime : 0;
+}

package/src/monitor.account.ts

@@ -1,5 +1,5 @@
 import * as crypto from "crypto";
-import * as Lark from "@larksuiteoapi/node-sdk";
+import type * as Lark from "@larksuiteoapi/node-sdk";
 import type { ClawdbotConfig, RuntimeEnv, HistoryEntry } from "./nextclaw-sdk/feishu.js";
 import { resolveFeishuAccount } from "./accounts.js";
 import { raceWithTimeoutAndAbort } from "./async.js";
@@ -24,6 +24,7 @@ import { botNames, botOpenIds } from "./monitor.state.js";
 import { monitorWebhook, monitorWebSocket } from "./monitor.transport.js";
 import { getFeishuRuntime } from "./runtime.js";
 import { getMessageFeishu } from "./send.js";
+import { withTicket } from "./lark-ticket.js";
 import type { FeishuChatType, ResolvedFeishuAccount } from "./types.js";
 
 const FEISHU_REACTION_VERIFY_TIMEOUT_MS = 1_500;
@@ -256,16 +257,28 @@ function registerEventHandlers(
   const dispatchFeishuMessage = async (event: FeishuMessageEvent) => {
     const chatId = event.message.chat_id?.trim() || "unknown";
     const task = () =>
-      handleFeishuMessage({
-        cfg,
-        event,
-        botOpenId: botOpenIds.get(accountId),
-        botName: botNames.get(accountId),
-        runtime,
-        chatHistories,
-        accountId,
-        processingClaimHeld: true,
-      });
+      withTicket(
+        {
+          accountId,
+          messageId: event.message.message_id,
+          chatId: event.message.chat_id,
+          senderOpenId: event.sender.sender_id.open_id?.trim() || undefined,
+          chatType: event.message.chat_type,
+          threadId: event.message.thread_id?.trim() || event.message.root_id?.trim() || undefined,
+          startTime: Date.now(),
+        },
+        () =>
+          handleFeishuMessage({
+            cfg,
+            event,
+            botOpenId: botOpenIds.get(accountId),
+            botName: botNames.get(accountId),
+            runtime,
+            chatHistories,
+            accountId,
+            processingClaimHeld: true,
+          }),
+      );
     await enqueue(chatId, task);
   };
   const resolveSenderDebounceId = (event: FeishuMessageEvent): string | undefined => {
@@ -441,15 +454,30 @@ function registerEventHandlers(
         if (!syntheticEvent) {
           return;
         }
-        const promise = handleFeishuMessage({
-          cfg,
-          event: syntheticEvent,
-          botOpenId: myBotId,
-          botName: botNames.get(accountId),
-          runtime,
-          chatHistories,
-          accountId,
-        });
+        const promise = withTicket(
+          {
+            accountId,
+            messageId: syntheticEvent.message.message_id,
+            chatId: syntheticEvent.message.chat_id,
+            senderOpenId: syntheticEvent.sender.sender_id.open_id?.trim() || undefined,
+            chatType: syntheticEvent.message.chat_type,
+            threadId:
+              syntheticEvent.message.thread_id?.trim() ||
+              syntheticEvent.message.root_id?.trim() ||
+              undefined,
+            startTime: Date.now(),
+          },
+          () =>
+            handleFeishuMessage({
+              cfg,
+              event: syntheticEvent,
+              botOpenId: myBotId,
+              botName: botNames.get(accountId),
+              runtime,
+              chatHistories,
+              accountId,
+            }),
+        );
         if (fireAndForget) {
           promise.catch((err) => {
             error(`feishu[${accountId}]: error handling reaction: ${String(err)}`);