@nextclaw/channel-plugin-feishu 0.2.29-beta.0 → 0.2.29-beta.1

package/dist/src/monitor.transport.js

@@ -0,0 +1,167 @@
+import { applyBasicWebhookRequestGuards } from "./nextclaw-sdk/network-webhook.js";
+import { installRequestBodyLimitGuard, readJsonBodyWithLimit } from "./nextclaw-sdk/network-body.js";
+import "./nextclaw-sdk/feishu.js";
+import { createFeishuWSClient } from "./client.js";
+import { FEISHU_WEBHOOK_BODY_TIMEOUT_MS, FEISHU_WEBHOOK_MAX_BODY_BYTES, botNames, botOpenIds, feishuWebhookRateLimiter, httpServers, recordWebhookStatus, wsClients } from "./monitor.state.js";
+import * as Lark from "@larksuiteoapi/node-sdk";
+import crypto from "node:crypto";
+import * as http from "http";
+//#region src/monitor.transport.ts
+function isFeishuWebhookPayload(value) {
+	return !!value && typeof value === "object" && !Array.isArray(value);
+}
+function buildFeishuWebhookEnvelope(req, payload) {
+	return Object.assign(Object.create({ headers: req.headers }), payload);
+}
+function isFeishuWebhookSignatureValid(params) {
+	const encryptKey = params.encryptKey?.trim();
+	if (!encryptKey) return true;
+	const timestampHeader = params.headers["x-lark-request-timestamp"];
+	const nonceHeader = params.headers["x-lark-request-nonce"];
+	const signatureHeader = params.headers["x-lark-signature"];
+	const timestamp = Array.isArray(timestampHeader) ? timestampHeader[0] : timestampHeader;
+	const nonce = Array.isArray(nonceHeader) ? nonceHeader[0] : nonceHeader;
+	const signature = Array.isArray(signatureHeader) ? signatureHeader[0] : signatureHeader;
+	if (!timestamp || !nonce || !signature) return false;
+	return crypto.createHash("sha256").update(timestamp + nonce + encryptKey + JSON.stringify(params.payload)).digest("hex") === signature;
+}
+function respondText(res, statusCode, body) {
+	res.statusCode = statusCode;
+	res.setHeader("Content-Type", "text/plain; charset=utf-8");
+	res.end(body);
+}
+async function monitorWebSocket({ account, accountId, runtime, abortSignal, eventDispatcher }) {
+	const log = runtime?.log ?? console.log;
+	log(`feishu[${accountId}]: starting WebSocket connection...`);
+	const wsClient = createFeishuWSClient(account);
+	wsClients.set(accountId, wsClient);
+	return new Promise((resolve, reject) => {
+		const cleanup = () => {
+			wsClients.delete(accountId);
+			botOpenIds.delete(accountId);
+			botNames.delete(accountId);
+		};
+		const handleAbort = () => {
+			log(`feishu[${accountId}]: abort signal received, stopping`);
+			cleanup();
+			resolve();
+		};
+		if (abortSignal?.aborted) {
+			cleanup();
+			resolve();
+			return;
+		}
+		abortSignal?.addEventListener("abort", handleAbort, { once: true });
+		try {
+			wsClient.start({ eventDispatcher });
+			log(`feishu[${accountId}]: WebSocket client started`);
+		} catch (err) {
+			cleanup();
+			abortSignal?.removeEventListener("abort", handleAbort);
+			reject(err);
+		}
+	});
+}
+async function monitorWebhook({ account, accountId, runtime, abortSignal, eventDispatcher }) {
+	const log = runtime?.log ?? console.log;
+	const error = runtime?.error ?? console.error;
+	const port = account.config.webhookPort ?? 3e3;
+	const path = account.config.webhookPath ?? "/feishu/events";
+	const host = account.config.webhookHost ?? "127.0.0.1";
+	log(`feishu[${accountId}]: starting Webhook server on ${host}:${port}, path ${path}...`);
+	const server = http.createServer();
+	server.on("request", (req, res) => {
+		res.on("finish", () => {
+			recordWebhookStatus(runtime, accountId, path, res.statusCode);
+		});
+		if (!applyBasicWebhookRequestGuards({
+			req,
+			res,
+			rateLimiter: feishuWebhookRateLimiter,
+			rateLimitKey: `${accountId}:${path}:${req.socket.remoteAddress ?? "unknown"}`,
+			nowMs: Date.now(),
+			requireJsonContentType: true
+		})) return;
+		const guard = installRequestBodyLimitGuard(req, res, {
+			maxBytes: FEISHU_WEBHOOK_MAX_BODY_BYTES,
+			timeoutMs: FEISHU_WEBHOOK_BODY_TIMEOUT_MS,
+			responseFormat: "text"
+		});
+		if (guard.isTripped()) return;
+		(async () => {
+			try {
+				const bodyResult = await readJsonBodyWithLimit(req, {
+					maxBytes: FEISHU_WEBHOOK_MAX_BODY_BYTES,
+					timeoutMs: FEISHU_WEBHOOK_BODY_TIMEOUT_MS
+				});
+				if (guard.isTripped() || res.writableEnded) return;
+				if (!bodyResult.ok) {
+					if (bodyResult.code === "INVALID_JSON") respondText(res, 400, "Invalid JSON");
+					return;
+				}
+				if (!isFeishuWebhookPayload(bodyResult.value)) {
+					respondText(res, 400, "Invalid JSON");
+					return;
+				}
+				if (!isFeishuWebhookSignatureValid({
+					headers: req.headers,
+					payload: bodyResult.value,
+					encryptKey: account.encryptKey
+				})) {
+					respondText(res, 401, "Invalid signature");
+					return;
+				}
+				const { isChallenge, challenge } = Lark.generateChallenge(bodyResult.value, { encryptKey: account.encryptKey ?? "" });
+				if (isChallenge) {
+					res.statusCode = 200;
+					res.setHeader("Content-Type", "application/json; charset=utf-8");
+					res.end(JSON.stringify(challenge));
+					return;
+				}
+				const value = await eventDispatcher.invoke(buildFeishuWebhookEnvelope(req, bodyResult.value), { needCheck: false });
+				if (!res.headersSent) {
+					res.statusCode = 200;
+					res.setHeader("Content-Type", "application/json; charset=utf-8");
+					res.end(JSON.stringify(value));
+				}
+			} catch (err) {
+				if (!guard.isTripped()) {
+					error(`feishu[${accountId}]: webhook handler error: ${String(err)}`);
+					if (!res.headersSent) respondText(res, 500, "Internal Server Error");
+				}
+			} finally {
+				guard.dispose();
+			}
+		})();
+	});
+	httpServers.set(accountId, server);
+	return new Promise((resolve, reject) => {
+		const cleanup = () => {
+			server.close();
+			httpServers.delete(accountId);
+			botOpenIds.delete(accountId);
+			botNames.delete(accountId);
+		};
+		const handleAbort = () => {
+			log(`feishu[${accountId}]: abort signal received, stopping Webhook server`);
+			cleanup();
+			resolve();
+		};
+		if (abortSignal?.aborted) {
+			cleanup();
+			resolve();
+			return;
+		}
+		abortSignal?.addEventListener("abort", handleAbort, { once: true });
+		server.listen(port, host, () => {
+			log(`feishu[${accountId}]: Webhook server listening on ${host}:${port}`);
+		});
+		server.on("error", (err) => {
+			error(`feishu[${accountId}]: Webhook server error: ${err}`);
+			abortSignal?.removeEventListener("abort", handleAbort);
+			reject(err);
+		});
+	});
+}
+//#endregion
+export { monitorWebSocket, monitorWebhook };

package/dist/src/nextclaw-sdk/account-id.js

@@ -0,0 +1,15 @@
+//#region src/nextclaw-sdk/account-id.ts
+const DEFAULT_ACCOUNT_ID = "default";
+function normalizeAccountId(accountId) {
+	return accountId?.trim() || "default";
+}
+const VALID_AGENT_ID_RE = /^[a-z0-9][a-z0-9_-]{0,63}$/i;
+const INVALID_AGENT_CHARS_RE = /[^a-z0-9_-]+/g;
+function normalizeAgentId(value) {
+	const trimmed = value?.trim();
+	if (!trimmed) return "main";
+	if (VALID_AGENT_ID_RE.test(trimmed)) return trimmed.toLowerCase();
+	return trimmed.toLowerCase().replace(INVALID_AGENT_CHARS_RE, "-").replace(/^-+/, "").replace(/-+$/, "").slice(0, 64) || "main";
+}
+//#endregion
+export { DEFAULT_ACCOUNT_ID, normalizeAccountId, normalizeAgentId };

package/dist/src/nextclaw-sdk/core-channel.js

@@ -0,0 +1,150 @@
+//#region src/nextclaw-sdk/core-channel.ts
+function emptyPluginConfigSchema() {
+	return {
+		type: "object",
+		additionalProperties: false,
+		properties: {}
+	};
+}
+const warnedMissingProviderGroupPolicy = /* @__PURE__ */ new Set();
+function resolveDefaultGroupPolicy(cfg) {
+	return cfg.channels?.defaults?.groupPolicy;
+}
+function resolveOpenProviderRuntimeGroupPolicy(params) {
+	return {
+		groupPolicy: params.providerConfigPresent ? params.groupPolicy ?? params.defaultGroupPolicy ?? "open" : params.groupPolicy ?? "allowlist",
+		providerMissingFallbackApplied: !params.providerConfigPresent && params.groupPolicy === void 0
+	};
+}
+function warnMissingProviderGroupPolicyFallbackOnce(params) {
+	if (!params.providerMissingFallbackApplied) return false;
+	const key = `${params.providerKey}:${params.accountId ?? "*"}`;
+	if (warnedMissingProviderGroupPolicy.has(key)) return false;
+	warnedMissingProviderGroupPolicy.add(key);
+	const blockedLabel = params.blockedLabel?.trim() || "group messages";
+	params.log(`${params.providerKey}: channels.${params.providerKey} is missing; defaulting groupPolicy to "allowlist" (${blockedLabel} blocked until explicitly configured).`);
+	return true;
+}
+function evaluateSenderGroupAccessForPolicy(params) {
+	if (params.groupPolicy === "disabled") return {
+		allowed: false,
+		groupPolicy: params.groupPolicy,
+		providerMissingFallbackApplied: Boolean(params.providerMissingFallbackApplied),
+		reason: "disabled"
+	};
+	if (params.groupPolicy === "allowlist") {
+		if (params.groupAllowFrom.length === 0) return {
+			allowed: false,
+			groupPolicy: params.groupPolicy,
+			providerMissingFallbackApplied: Boolean(params.providerMissingFallbackApplied),
+			reason: "empty_allowlist"
+		};
+		if (!params.isSenderAllowed(params.senderId, params.groupAllowFrom)) return {
+			allowed: false,
+			groupPolicy: params.groupPolicy,
+			providerMissingFallbackApplied: Boolean(params.providerMissingFallbackApplied),
+			reason: "sender_not_allowlisted"
+		};
+	}
+	return {
+		allowed: true,
+		groupPolicy: params.groupPolicy,
+		providerMissingFallbackApplied: Boolean(params.providerMissingFallbackApplied),
+		reason: "allowed"
+	};
+}
+function createDefaultChannelRuntimeState(accountId, extra) {
+	return {
+		accountId,
+		running: false,
+		lastStartAt: null,
+		lastStopAt: null,
+		lastError: null,
+		...extra ?? {}
+	};
+}
+function buildProbeChannelStatusSummary(snapshot, extra) {
+	return {
+		configured: snapshot.configured ?? false,
+		running: snapshot.running ?? false,
+		lastStartAt: snapshot.lastStartAt ?? null,
+		lastStopAt: snapshot.lastStopAt ?? null,
+		lastError: snapshot.lastError ?? null,
+		...extra ?? {},
+		probe: snapshot.probe,
+		lastProbeAt: snapshot.lastProbeAt ?? null
+	};
+}
+function buildRuntimeAccountStatusSnapshot(params) {
+	return {
+		running: params.runtime?.running ?? false,
+		lastStartAt: params.runtime?.lastStartAt ?? null,
+		lastStopAt: params.runtime?.lastStopAt ?? null,
+		lastError: params.runtime?.lastError ?? null,
+		probe: params.probe
+	};
+}
+function mapAllowFromEntries(allowFrom) {
+	return (allowFrom ?? []).map((entry) => String(entry));
+}
+function formatAllowFromLowercase(params) {
+	return params.allowFrom.map((entry) => String(entry).trim()).filter(Boolean).map((entry) => params.stripPrefixRe ? entry.replace(params.stripPrefixRe, "") : entry).map((entry) => entry.toLowerCase());
+}
+function applyDirectoryQueryAndLimit(ids, params) {
+	const query = params.query?.trim().toLowerCase() || "";
+	const limit = typeof params.limit === "number" && params.limit > 0 ? params.limit : void 0;
+	const filtered = ids.filter((id) => query ? id.toLowerCase().includes(query) : true);
+	return typeof limit === "number" ? filtered.slice(0, limit) : filtered;
+}
+function dedupeIds(ids) {
+	return Array.from(new Set(ids));
+}
+function collectEntryIds(params) {
+	return (params.entries ?? []).map((entry) => String(entry).trim()).filter((entry) => Boolean(entry) && entry !== "*").map((entry) => {
+		const normalized = params.normalizeId ? params.normalizeId(entry) : entry;
+		return typeof normalized === "string" ? normalized.trim() : "";
+	}).filter(Boolean);
+}
+function collectMapIds(params) {
+	return collectEntryIds({
+		entries: Object.keys(params.map ?? {}),
+		normalizeId: params.normalizeId
+	});
+}
+function listDirectoryUserEntriesFromAllowFromAndMapKeys(params) {
+	return applyDirectoryQueryAndLimit(dedupeIds([...collectEntryIds({
+		entries: params.allowFrom,
+		normalizeId: params.normalizeAllowFromId
+	}), ...collectMapIds({
+		map: params.map,
+		normalizeId: params.normalizeMapKeyId
+	})]), params).map((id) => ({
+		kind: "user",
+		id
+	}));
+}
+function listDirectoryGroupEntriesFromMapKeysAndAllowFrom(params) {
+	return applyDirectoryQueryAndLimit(dedupeIds([...collectMapIds({
+		map: params.groups,
+		normalizeId: params.normalizeMapKeyId
+	}), ...collectEntryIds({
+		entries: params.allowFrom,
+		normalizeId: params.normalizeAllowFromId
+	})]), params).map((id) => ({
+		kind: "group",
+		id
+	}));
+}
+function collectAllowlistProviderRestrictSendersWarnings(params) {
+	const defaultGroupPolicy = resolveDefaultGroupPolicy(params.cfg);
+	const { groupPolicy } = resolveOpenProviderRuntimeGroupPolicy({
+		providerConfigPresent: params.providerConfigPresent,
+		groupPolicy: params.configuredGroupPolicy ?? void 0,
+		defaultGroupPolicy
+	});
+	if (groupPolicy !== "open") return [];
+	const mentionSuffix = params.mentionGated === false ? "" : " (mention-gated)";
+	return [`- ${params.surface}: groupPolicy="open" allows ${params.openScope} to trigger${mentionSuffix}. Set ${params.groupPolicyPath}="allowlist" + ${params.groupAllowFromPath} to restrict senders.`];
+}
+//#endregion
+export { buildProbeChannelStatusSummary, buildRuntimeAccountStatusSnapshot, collectAllowlistProviderRestrictSendersWarnings, createDefaultChannelRuntimeState, emptyPluginConfigSchema, evaluateSenderGroupAccessForPolicy, formatAllowFromLowercase, listDirectoryGroupEntriesFromMapKeysAndAllowFrom, listDirectoryUserEntriesFromAllowFromAndMapKeys, mapAllowFromEntries, resolveDefaultGroupPolicy, resolveOpenProviderRuntimeGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce };

package/dist/src/nextclaw-sdk/core-pairing.js

@@ -0,0 +1,151 @@
+import { normalizeAccountId } from "./account-id.js";
+//#region src/nextclaw-sdk/core-pairing.ts
+const PAIRING_APPROVED_MESSAGE = "NextClaw access approved. Send a message to start chatting.";
+const NEXTCLAW_DOCS_ROOT = "https://docs.nextclaw.io";
+function buildAgentMediaPayload(mediaList) {
+	const first = mediaList[0];
+	const mediaPaths = mediaList.map((media) => media.path);
+	const mediaTypes = mediaList.map((media) => media.contentType).filter(Boolean);
+	return {
+		MediaPath: first?.path,
+		MediaType: first?.contentType ?? void 0,
+		MediaUrl: first?.path,
+		MediaPaths: mediaPaths.length > 0 ? mediaPaths : void 0,
+		MediaUrls: mediaPaths.length > 0 ? mediaPaths : void 0,
+		MediaTypes: mediaTypes.length > 0 ? mediaTypes : void 0
+	};
+}
+function formatDocsLink(path, label) {
+	const trimmed = path.trim();
+	const url = trimmed.startsWith("http") ? trimmed : `${NEXTCLAW_DOCS_ROOT}${trimmed.startsWith("/") ? trimmed : `/${trimmed}`}`;
+	return label ? `${label} (${url})` : url;
+}
+function buildPairingReply(params) {
+	return [
+		"NextClaw: access not configured.",
+		"",
+		params.idLine,
+		"",
+		`Pairing code: ${params.code}`,
+		"",
+		"Ask the bot owner to approve with:",
+		`nextclaw pairing approve ${params.channel} ${params.code}`
+	].join("\n");
+}
+async function issuePairingChallenge(params) {
+	const { code, created } = await params.upsertPairingRequest({
+		id: params.senderId,
+		meta: params.meta
+	});
+	if (!created) return { created: false };
+	params.onCreated?.({ code });
+	const replyText = params.buildReplyText?.({
+		code,
+		senderIdLine: params.senderIdLine
+	}) ?? buildPairingReply({
+		channel: params.channel,
+		idLine: params.senderIdLine,
+		code
+	});
+	try {
+		await params.sendPairingReply(replyText);
+	} catch (error) {
+		params.onReplyError?.(error);
+	}
+	return {
+		created: true,
+		code
+	};
+}
+function createScopedPairingAccess(params) {
+	const accountId = normalizeAccountId(params.accountId);
+	return {
+		accountId,
+		readAllowFromStore: () => params.core.channel.pairing.readAllowFromStore({
+			channel: params.channel,
+			accountId
+		}),
+		readStoreForDmPolicy: (provider, providerAccountId) => params.core.channel.pairing.readAllowFromStore({
+			channel: provider,
+			accountId: normalizeAccountId(providerAccountId)
+		}),
+		upsertPairingRequest: (input) => params.core.channel.pairing.upsertPairingRequest({
+			channel: params.channel,
+			accountId,
+			...input
+		})
+	};
+}
+function createReplyPrefixContext() {
+	const prefixContext = {};
+	return {
+		prefixContext,
+		responsePrefix: void 0,
+		enableSlackInteractiveReplies: void 0,
+		responsePrefixContextProvider: () => prefixContext,
+		onModelSelected: (_ctx) => {}
+	};
+}
+function logTypingFailure(params) {
+	const target = params.target ? ` target=${params.target}` : "";
+	const action = params.action ? ` action=${params.action}` : "";
+	params.log(`${params.channel} typing${action} failed${target}: ${String(params.error)}`);
+}
+function createTypingCallbacks(params) {
+	const keepaliveIntervalMs = params.keepaliveIntervalMs ?? 3e3;
+	const maxConsecutiveFailures = Math.max(1, params.maxConsecutiveFailures ?? 2);
+	const maxDurationMs = params.maxDurationMs ?? 6e4;
+	let interval;
+	let timeout;
+	let closed = false;
+	let stopSent = false;
+	let consecutiveFailures = 0;
+	const cleanupTimers = () => {
+		if (interval) {
+			clearInterval(interval);
+			interval = void 0;
+		}
+		if (timeout) {
+			clearTimeout(timeout);
+			timeout = void 0;
+		}
+	};
+	const fireStop = () => {
+		cleanupTimers();
+		closed = true;
+		if (!params.stop || stopSent) return;
+		stopSent = true;
+		params.stop().catch((error) => (params.onStopError ?? params.onStartError)(error));
+	};
+	const fireStart = async () => {
+		if (closed) return;
+		try {
+			await params.start();
+			consecutiveFailures = 0;
+		} catch (error) {
+			consecutiveFailures += 1;
+			params.onStartError(error);
+			if (consecutiveFailures >= maxConsecutiveFailures) fireStop();
+		}
+	};
+	return {
+		onReplyStart: async () => {
+			closed = false;
+			stopSent = false;
+			consecutiveFailures = 0;
+			cleanupTimers();
+			await fireStart();
+			if (closed) return;
+			interval = setInterval(() => {
+				fireStart();
+			}, keepaliveIntervalMs);
+			if (maxDurationMs > 0) timeout = setTimeout(() => {
+				fireStop();
+			}, maxDurationMs);
+		},
+		onIdle: fireStop,
+		onCleanup: fireStop
+	};
+}
+//#endregion
+export { PAIRING_APPROVED_MESSAGE, buildAgentMediaPayload, createReplyPrefixContext, createScopedPairingAccess, createTypingCallbacks, formatDocsLink, issuePairingChallenge, logTypingFailure };

package/dist/src/nextclaw-sdk/dedupe.js

@@ -0,0 +1,164 @@
+import fs from "node:fs";
+import path from "node:path";
+//#region src/nextclaw-sdk/dedupe.ts
+function pruneMapToMaxSize(map, maxSize) {
+	while (map.size > maxSize) {
+		const firstKey = map.keys().next().value;
+		if (firstKey === void 0) break;
+		map.delete(firstKey);
+	}
+}
+function createDedupeCache(options) {
+	const ttlMs = Math.max(0, options.ttlMs);
+	const maxSize = Math.max(0, Math.floor(options.maxSize));
+	const cache = /* @__PURE__ */ new Map();
+	const touch = (key, now) => {
+		cache.delete(key);
+		cache.set(key, now);
+	};
+	const prune = (now) => {
+		const cutoff = ttlMs > 0 ? now - ttlMs : void 0;
+		if (cutoff !== void 0) {
+			for (const [key, seenAt] of cache) if (seenAt < cutoff) cache.delete(key);
+		}
+		if (maxSize <= 0) {
+			cache.clear();
+			return;
+		}
+		pruneMapToMaxSize(cache, maxSize);
+	};
+	const hasUnexpired = (key, now, touchOnRead) => {
+		const seenAt = cache.get(key);
+		if (seenAt === void 0) return false;
+		if (ttlMs > 0 && now - seenAt >= ttlMs) {
+			cache.delete(key);
+			return false;
+		}
+		if (touchOnRead) touch(key, now);
+		return true;
+	};
+	return {
+		check: (key, now = Date.now()) => {
+			if (!key) return false;
+			if (hasUnexpired(key, now, true)) return true;
+			touch(key, now);
+			prune(now);
+			return false;
+		},
+		peek: (key, now = Date.now()) => {
+			if (!key) return false;
+			return hasUnexpired(key, now, false);
+		},
+		delete: (key) => {
+			if (key) cache.delete(key);
+		},
+		clear: () => cache.clear(),
+		size: () => cache.size
+	};
+}
+async function readJsonFileWithFallback(filePath, fallback) {
+	try {
+		const raw = await fs.promises.readFile(filePath, "utf-8");
+		return {
+			value: JSON.parse(raw),
+			exists: true
+		};
+	} catch (error) {
+		if (error.code === "ENOENT") return {
+			value: fallback,
+			exists: false
+		};
+		return {
+			value: fallback,
+			exists: false
+		};
+	}
+}
+async function writeJsonFileAtomically(filePath, value) {
+	await fs.promises.mkdir(path.dirname(filePath), {
+		recursive: true,
+		mode: 448
+	});
+	const tempPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+	await fs.promises.writeFile(tempPath, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
+	await fs.promises.rename(tempPath, filePath);
+}
+function createPersistentDedupe(options) {
+	const ttlMs = Math.max(0, Math.floor(options.ttlMs));
+	const fileMaxEntries = Math.max(1, Math.floor(options.fileMaxEntries));
+	const memory = createDedupeCache({
+		ttlMs,
+		maxSize: Math.max(0, Math.floor(options.memoryMaxSize))
+	});
+	const inflight = /* @__PURE__ */ new Map();
+	const sanitize = (value) => {
+		if (!value || typeof value !== "object") return {};
+		const out = {};
+		for (const [key, timestamp] of Object.entries(value)) if (typeof timestamp === "number" && Number.isFinite(timestamp) && timestamp > 0) out[key] = timestamp;
+		return out;
+	};
+	const pruneData = (data, now) => {
+		if (ttlMs > 0) {
+			for (const [key, timestamp] of Object.entries(data)) if (now - timestamp >= ttlMs) delete data[key];
+		}
+		const keys = Object.keys(data);
+		if (keys.length > fileMaxEntries) keys.toSorted((left, right) => data[left] - data[right]).slice(0, keys.length - fileMaxEntries).forEach((key) => {
+			delete data[key];
+		});
+	};
+	const checkAndRecordInner = async (key, namespace, scopedKey, now, onDiskError) => {
+		if (memory.check(scopedKey, now)) return false;
+		const filePath = options.resolveFilePath(namespace);
+		try {
+			const { value } = await readJsonFileWithFallback(filePath, {});
+			const data = sanitize(value);
+			const seenAt = data[key];
+			if (seenAt != null && (ttlMs <= 0 || now - seenAt < ttlMs)) return false;
+			data[key] = now;
+			pruneData(data, now);
+			await writeJsonFileAtomically(filePath, data);
+			return true;
+		} catch (error) {
+			onDiskError?.(error);
+			memory.check(scopedKey, now);
+			return true;
+		}
+	};
+	return {
+		async checkAndRecord(key, dedupeOptions) {
+			const trimmed = key.trim();
+			if (!trimmed) return true;
+			const namespace = dedupeOptions?.namespace?.trim() || "global";
+			const scopedKey = `${namespace}:${trimmed}`;
+			if (inflight.has(scopedKey)) return false;
+			const work = checkAndRecordInner(trimmed, namespace, scopedKey, dedupeOptions?.now ?? Date.now(), dedupeOptions?.onDiskError ?? options.onDiskError);
+			inflight.set(scopedKey, work);
+			try {
+				return await work;
+			} finally {
+				inflight.delete(scopedKey);
+			}
+		},
+		async warmup(namespace = "global", onError) {
+			const filePath = options.resolveFilePath(namespace);
+			try {
+				const { value } = await readJsonFileWithFallback(filePath, {});
+				const now = Date.now();
+				let loaded = 0;
+				for (const [key, timestamp] of Object.entries(sanitize(value))) {
+					if (ttlMs > 0 && now - timestamp >= ttlMs) continue;
+					memory.check(`${namespace}:${key}`, timestamp);
+					loaded += 1;
+				}
+				return loaded;
+			} catch (error) {
+				onError?.(error);
+				return 0;
+			}
+		},
+		clearMemory: () => memory.clear(),
+		memorySize: () => memory.size()
+	};
+}
+//#endregion
+export { createDedupeCache, createPersistentDedupe, readJsonFileWithFallback };

package/dist/src/nextclaw-sdk/feishu.d.ts

@@ -0,0 +1 @@
+import { AnyAgentTool, BaseProbeResult, ChannelMeta, ChannelOnboardingAdapter, ChannelOnboardingDmPolicy, ChannelPlugin, ClawdbotConfig, DmPolicy, OpenClawConfig, OpenClawPluginApi, PluginRuntime, RuntimeEnv, WizardPrompter } from "./types.js";

package/dist/src/nextclaw-sdk/feishu.js

@@ -0,0 +1,14 @@
+import "./account-id.js";
+import "./core-channel.js";
+import "./core-pairing.js";
+import "./dedupe.js";
+import "./history.js";
+import "./network-fetch.js";
+import "./network-webhook.js";
+import "./network-body.js";
+import "./network.js";
+import "./secrets-core.js";
+import "./secrets-config.js";
+import "./secrets-prompt.js";
+import "./secrets.js";
+export {};