@nextclaw/channel-plugin-feishu 0.2.29-beta.0 → 0.2.29-beta.1

package/dist/src/tools-config.js

@@ -0,0 +1,30 @@
+//#region src/tools-config.ts
+/**
+* Default tool configuration.
+* - doc, chat, wiki, drive, scopes: enabled by default
+* - perm: disabled by default (sensitive operation)
+*/
+const DEFAULT_TOOLS_CONFIG = {
+	doc: true,
+	chat: true,
+	wiki: true,
+	drive: true,
+	perm: false,
+	scopes: true,
+	calendar: true,
+	task: true,
+	sheets: true,
+	oauth: true,
+	identity: true
+};
+/**
+* Resolve tools config with defaults.
+*/
+function resolveToolsConfig(cfg) {
+	return {
+		...DEFAULT_TOOLS_CONFIG,
+		...cfg
+	};
+}
+//#endregion
+export { resolveToolsConfig };

package/dist/src/types.d.ts

@@ -0,0 +1,43 @@
+import { BaseProbeResult } from "./nextclaw-sdk/types.js";
+import { FeishuConfigSchema, z } from "./config-schema.js";
+//#region src/types.d.ts
+type FeishuConfig = z.infer<typeof FeishuConfigSchema>;
+type FeishuDomain = "feishu" | "lark" | (string & {});
+type FeishuDefaultAccountSelectionSource = "explicit-default" | "mapped-default" | "fallback";
+type FeishuAccountSelectionSource = "explicit" | FeishuDefaultAccountSelectionSource;
+type ResolvedFeishuAccount = {
+  accountId: string;
+  selectionSource: FeishuAccountSelectionSource;
+  enabled: boolean;
+  configured: boolean;
+  name?: string;
+  appId?: string;
+  appSecret?: string;
+  encryptKey?: string;
+  verificationToken?: string;
+  domain: FeishuDomain; /** Merged config (top-level defaults + account-specific overrides) */
+  config: FeishuConfig;
+};
+type FeishuSendResult = {
+  messageId: string;
+  chatId: string;
+};
+type FeishuChatType = "p2p" | "group" | "private";
+type FeishuMessageInfo = {
+  messageId: string;
+  chatId: string;
+  chatType?: FeishuChatType;
+  senderId?: string;
+  senderOpenId?: string;
+  senderType?: string;
+  content: string;
+  contentType: string;
+  createTime?: number;
+};
+type FeishuProbeResult = BaseProbeResult<string> & {
+  appId?: string;
+  botName?: string;
+  botOpenId?: string;
+};
+//#endregion
+export { FeishuConfig, FeishuDomain, FeishuMessageInfo, FeishuProbeResult, FeishuSendResult, ResolvedFeishuAccount };

package/dist/src/typing.js

@@ -0,0 +1,145 @@
+import { resolveFeishuAccount } from "./accounts.js";
+import { createFeishuClient } from "./client.js";
+import { getFeishuRuntime } from "./runtime.js";
+//#region src/typing.ts
+const TYPING_EMOJI = "THUMBSUP";
+/**
+* Feishu API error codes that indicate the caller should back off.
+* These must propagate to the typing circuit breaker so the keepalive loop
+* can trip and stop retrying.
+*
+* - 99991400: Rate limit (too many requests per second)
+* - 99991403: Monthly API call quota exceeded
+* - 429: Standard HTTP 429 returned as a Feishu SDK error code
+*
+* @see https://open.feishu.cn/document/server-docs/api-call-guide/generic-error-code
+*/
+const FEISHU_BACKOFF_CODES = new Set([
+	99991400,
+	99991403,
+	429
+]);
+/**
+* Custom error class for Feishu backoff conditions detected from non-throwing
+* SDK responses. Carries a numeric `.code` so that `isFeishuBackoffError()`
+* recognises it when the error is caught downstream.
+*/
+var FeishuBackoffError = class extends Error {
+	code;
+	constructor(code) {
+		super(`Feishu API backoff: code ${code}`);
+		this.name = "FeishuBackoffError";
+		this.code = code;
+	}
+};
+/**
+* Check whether an error represents a rate-limit or quota-exceeded condition
+* from the Feishu API that should stop the typing keepalive loop.
+*
+* Handles two shapes:
+* 1. AxiosError with `response.status` and `response.data.code`
+* 2. Feishu SDK error with a top-level `code` property
+*/
+function isFeishuBackoffError(err) {
+	if (typeof err !== "object" || err === null) return false;
+	const response = err.response;
+	if (response) {
+		if (response.status === 429) return true;
+		if (typeof response.data?.code === "number" && FEISHU_BACKOFF_CODES.has(response.data.code)) return true;
+	}
+	const code = err.code;
+	if (typeof code === "number" && FEISHU_BACKOFF_CODES.has(code)) return true;
+	return false;
+}
+/**
+* Check whether a Feishu SDK response object contains a backoff error code.
+*
+* The Feishu SDK sometimes returns a normal response (no throw) with an
+* API-level error code in the response body. This must be detected so the
+* circuit breaker can trip. See codex review on #28157.
+*/
+function getBackoffCodeFromResponse(response) {
+	if (typeof response !== "object" || response === null) return;
+	const code = response.code;
+	if (typeof code === "number" && FEISHU_BACKOFF_CODES.has(code)) return code;
+}
+/**
+* Add a typing indicator (reaction) to a message.
+*
+* Rate-limit and quota errors are re-thrown so the circuit breaker in
+* `createTypingCallbacks` (typing-start-guard) can trip and stop the
+* keepalive loop. See #28062.
+*
+* Also checks for backoff codes in non-throwing SDK responses (#28157).
+*/
+async function addTypingIndicator(params) {
+	const { cfg, messageId, accountId, runtime } = params;
+	const account = resolveFeishuAccount({
+		cfg,
+		accountId
+	});
+	if (!account.configured) return {
+		messageId,
+		reactionId: null
+	};
+	const client = createFeishuClient(account);
+	try {
+		const response = await client.im.messageReaction.create({
+			path: { message_id: messageId },
+			data: { reaction_type: { emoji_type: TYPING_EMOJI } }
+		});
+		const backoffCode = getBackoffCodeFromResponse(response);
+		if (backoffCode !== void 0) {
+			if (getFeishuRuntime().logging.shouldLogVerbose()) runtime?.log?.(`[feishu] typing indicator response contains backoff code ${backoffCode}, stopping keepalive`);
+			throw new FeishuBackoffError(backoffCode);
+		}
+		return {
+			messageId,
+			reactionId: response?.data?.reaction_id ?? null
+		};
+	} catch (err) {
+		if (isFeishuBackoffError(err)) {
+			if (getFeishuRuntime().logging.shouldLogVerbose()) runtime?.log?.("[feishu] typing indicator hit rate-limit/quota, stopping keepalive");
+			throw err;
+		}
+		if (getFeishuRuntime().logging.shouldLogVerbose()) runtime?.log?.(`[feishu] failed to add typing indicator: ${String(err)}`);
+		return {
+			messageId,
+			reactionId: null
+		};
+	}
+}
+/**
+* Remove a typing indicator (reaction) from a message.
+*
+* Rate-limit and quota errors are re-thrown for the same reason as above.
+*/
+async function removeTypingIndicator(params) {
+	if (TYPING_EMOJI !== "Typing") return;
+	const { cfg, state, accountId, runtime } = params;
+	if (!state.reactionId) return;
+	const account = resolveFeishuAccount({
+		cfg,
+		accountId
+	});
+	if (!account.configured) return;
+	const client = createFeishuClient(account);
+	try {
+		const backoffCode = getBackoffCodeFromResponse(await client.im.messageReaction.delete({ path: {
+			message_id: state.messageId,
+			reaction_id: state.reactionId
+		} }));
+		if (backoffCode !== void 0) {
+			if (getFeishuRuntime().logging.shouldLogVerbose()) runtime?.log?.(`[feishu] typing indicator removal response contains backoff code ${backoffCode}, stopping keepalive`);
+			throw new FeishuBackoffError(backoffCode);
+		}
+	} catch (err) {
+		if (isFeishuBackoffError(err)) {
+			if (getFeishuRuntime().logging.shouldLogVerbose()) runtime?.log?.("[feishu] typing indicator removal hit rate-limit/quota, stopping keepalive");
+			throw err;
+		}
+		if (getFeishuRuntime().logging.shouldLogVerbose()) runtime?.log?.(`[feishu] failed to remove typing indicator: ${String(err)}`);
+	}
+}
+//#endregion
+export { addTypingIndicator, removeTypingIndicator };

package/dist/src/uat-client.js

@@ -0,0 +1,102 @@
+import { NeedAuthorizationError, REFRESH_TOKEN_RETRYABLE, TOKEN_RETRY_CODES } from "./auth-errors.js";
+import { feishuFetch } from "./feishu-fetch.js";
+import { resolveOAuthEndpoints } from "./device-flow.js";
+import { getStoredToken, removeStoredToken, setStoredToken, tokenStatus } from "./token-store.js";
+//#region src/uat-client.ts
+const refreshLocks = /* @__PURE__ */ new Map();
+async function doRefreshToken(opts, stored) {
+	if (Date.now() >= stored.refreshExpiresAt) {
+		await removeStoredToken(opts.appId, opts.userOpenId);
+		return null;
+	}
+	const endpoints = resolveOAuthEndpoints(opts.domain);
+	const requestBody = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: stored.refreshToken,
+		client_id: opts.appId,
+		client_secret: opts.appSecret
+	}).toString();
+	const callEndpoint = async () => {
+		return await (await feishuFetch(endpoints.token, {
+			method: "POST",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: requestBody
+		})).json();
+	};
+	let data = await callEndpoint();
+	const code = typeof data.code === "number" ? data.code : void 0;
+	const error = typeof data.error === "string" ? data.error : void 0;
+	if (code !== void 0 && code !== 0 || error) if (code !== void 0 && REFRESH_TOKEN_RETRYABLE.has(code)) {
+		data = await callEndpoint();
+		const retryCode = typeof data.code === "number" ? data.code : void 0;
+		const retryError = typeof data.error === "string" ? data.error : void 0;
+		if (retryCode !== void 0 && retryCode !== 0 || retryError) {
+			await removeStoredToken(opts.appId, opts.userOpenId);
+			return null;
+		}
+	} else {
+		await removeStoredToken(opts.appId, opts.userOpenId);
+		return null;
+	}
+	if (!data.access_token) throw new Error("Token refresh returned no access_token");
+	const now = Date.now();
+	const updated = {
+		userOpenId: stored.userOpenId,
+		appId: opts.appId,
+		accessToken: String(data.access_token),
+		refreshToken: String(data.refresh_token ?? stored.refreshToken),
+		expiresAt: now + Number(data.expires_in ?? 7200) * 1e3,
+		refreshExpiresAt: data.refresh_token_expires_in ? now + Number(data.refresh_token_expires_in) * 1e3 : stored.refreshExpiresAt,
+		scope: String(data.scope ?? stored.scope),
+		grantedAt: stored.grantedAt
+	};
+	await setStoredToken(updated);
+	return updated;
+}
+async function refreshWithLock(opts, stored) {
+	const key = `${opts.appId}:${opts.userOpenId}`;
+	const existing = refreshLocks.get(key);
+	if (existing) {
+		await existing;
+		return getStoredToken(opts.appId, opts.userOpenId);
+	}
+	const promise = doRefreshToken(opts, stored);
+	refreshLocks.set(key, promise);
+	try {
+		return await promise;
+	} finally {
+		refreshLocks.delete(key);
+	}
+}
+async function getValidAccessToken(opts) {
+	const stored = await getStoredToken(opts.appId, opts.userOpenId);
+	if (!stored) throw new NeedAuthorizationError(opts.userOpenId);
+	const status = tokenStatus(stored);
+	if (status === "valid") return stored.accessToken;
+	if (status === "needs_refresh") {
+		const refreshed = await refreshWithLock(opts, stored);
+		if (!refreshed) throw new NeedAuthorizationError(opts.userOpenId);
+		return refreshed.accessToken;
+	}
+	await removeStoredToken(opts.appId, opts.userOpenId);
+	throw new NeedAuthorizationError(opts.userOpenId);
+}
+async function callWithUAT(opts, apiCall) {
+	const accessToken = await getValidAccessToken(opts);
+	try {
+		return await apiCall(accessToken);
+	} catch (error) {
+		const code = error.code ?? error.response?.data?.code;
+		if (!TOKEN_RETRY_CODES.has(Number(code))) throw error;
+		const stored = await getStoredToken(opts.appId, opts.userOpenId);
+		if (!stored) throw new NeedAuthorizationError(opts.userOpenId);
+		const refreshed = await refreshWithLock(opts, stored);
+		if (!refreshed) throw new NeedAuthorizationError(opts.userOpenId);
+		return apiCall(refreshed.accessToken);
+	}
+}
+async function revokeUAT(appId, userOpenId) {
+	await removeStoredToken(appId, userOpenId);
+}
+//#endregion
+export { callWithUAT, revokeUAT };

package/dist/src/user-tool-client.js

@@ -0,0 +1,132 @@
+import { AppScopeMissingError, LARK_ERROR, NeedAuthorizationError, UserAuthRequiredError, UserScopeInsufficientError } from "./auth-errors.js";
+import { getRequiredScopes } from "./tool-scopes.js";
+import { listEnabledFeishuAccounts, resolveFeishuAccount } from "./accounts.js";
+import { getAppGrantedScopes, invalidateAppScopeCache, missingScopes } from "./app-scope-checker.js";
+import { createFeishuClient } from "./client.js";
+import { getTicket } from "./lark-ticket.js";
+import { rawLarkRequest } from "./raw-request.js";
+import { getStoredToken } from "./token-store.js";
+import { callWithUAT } from "./uat-client.js";
+import * as Lark from "@larksuiteoapi/node-sdk";
+//#region src/user-tool-client.ts
+function assertConfiguredAccount(account) {
+	if (!account.enabled) throw new Error(`Feishu account "${account.accountId}" is disabled.`);
+	if (!account.configured || !account.appId || !account.appSecret) throw new Error(`Feishu account "${account.accountId}" is not configured.`);
+	return account;
+}
+function resolveConfiguredAccount(config, accountIndex = 0) {
+	const ticket = getTicket();
+	if (ticket?.accountId) return assertConfiguredAccount(resolveFeishuAccount({
+		cfg: config,
+		accountId: ticket.accountId
+	}));
+	const accounts = listEnabledFeishuAccounts(config);
+	if (accounts.length === 0) throw new Error("No enabled Feishu accounts configured.");
+	return assertConfiguredAccount(accounts[Math.min(accountIndex, accounts.length - 1)]);
+}
+var UserToolClient = class {
+	account;
+	senderOpenId;
+	sdk;
+	constructor(config, accountIndex = 0) {
+		this.config = config;
+		this.account = resolveConfiguredAccount(config, accountIndex);
+		this.senderOpenId = getTicket()?.senderOpenId;
+		this.sdk = createFeishuClient(this.account);
+	}
+	async invoke(toolAction, fn, options) {
+		const requiredScopes = getRequiredScopes(toolAction);
+		const tokenType = options?.as ?? "user";
+		const appScopeVerified = await this.verifyAppScopes(requiredScopes, tokenType, toolAction);
+		if (tokenType === "tenant") try {
+			return await fn(this.sdk);
+		} catch (error) {
+			this.rethrowStructuredError(error, toolAction, requiredScopes);
+			throw error;
+		}
+		const userOpenId = options?.userOpenId ?? this.senderOpenId;
+		if (!userOpenId) throw new UserAuthRequiredError("unknown", {
+			apiName: toolAction,
+			scopes: requiredScopes,
+			appScopeVerified,
+			appId: this.account.appId
+		});
+		const stored = await getStoredToken(this.account.appId, userOpenId);
+		if (!stored) throw new UserAuthRequiredError(userOpenId, {
+			apiName: toolAction,
+			scopes: requiredScopes,
+			appScopeVerified,
+			appId: this.account.appId
+		});
+		if (appScopeVerified && stored.scope && requiredScopes.length > 0) {
+			const granted = new Set(stored.scope.split(/\s+/).filter(Boolean));
+			const missingUserScopes = requiredScopes.filter((scope) => !granted.has(scope));
+			if (missingUserScopes.length > 0) throw new UserAuthRequiredError(userOpenId, {
+				apiName: toolAction,
+				scopes: missingUserScopes,
+				appScopeVerified,
+				appId: this.account.appId
+			});
+		}
+		try {
+			return await callWithUAT({
+				userOpenId,
+				appId: this.account.appId,
+				appSecret: this.account.appSecret,
+				domain: this.account.domain
+			}, (accessToken) => fn(this.sdk, Lark.withUserAccessToken(accessToken), accessToken));
+		} catch (error) {
+			if (error instanceof NeedAuthorizationError) throw new UserAuthRequiredError(userOpenId, {
+				apiName: toolAction,
+				scopes: requiredScopes,
+				appScopeVerified,
+				appId: this.account.appId
+			});
+			this.rethrowStructuredError(error, toolAction, requiredScopes, userOpenId);
+			throw error;
+		}
+	}
+	async invokeByPath(toolAction, path, options) {
+		return this.invoke(toolAction, async (_sdk, _opts, uat) => rawLarkRequest({
+			domain: this.account.domain,
+			path,
+			method: options?.method,
+			body: options?.body,
+			query: options?.query,
+			headers: options?.headers,
+			accessToken: uat
+		}), options);
+	}
+	async verifyAppScopes(requiredScopes, tokenType, toolAction) {
+		if (requiredScopes.length === 0) return true;
+		const appGrantedScopes = await getAppGrantedScopes(this.sdk, this.account.appId, tokenType);
+		if (appGrantedScopes.length === 0) return false;
+		const missingAppScopes = missingScopes(appGrantedScopes, tokenType === "user" ? [...new Set([...requiredScopes, "offline_access"])] : requiredScopes);
+		if (missingAppScopes.length > 0) throw new AppScopeMissingError({
+			apiName: toolAction,
+			scopes: missingAppScopes,
+			appId: this.account.appId
+		});
+		return true;
+	}
+	rethrowStructuredError(error, toolAction, requiredScopes, userOpenId) {
+		const code = error.code ?? error.response?.data?.code;
+		if (code === LARK_ERROR.APP_SCOPE_MISSING) {
+			invalidateAppScopeCache(this.account.appId);
+			throw new AppScopeMissingError({
+				apiName: toolAction,
+				scopes: requiredScopes,
+				appId: this.account.appId
+			});
+		}
+		if (code === LARK_ERROR.USER_SCOPE_INSUFFICIENT && userOpenId) throw new UserScopeInsufficientError(userOpenId, {
+			apiName: toolAction,
+			scopes: requiredScopes
+		});
+	}
+};
+function createUserToolClient(config, accountIndex = 0) {
+	return new UserToolClient(config, accountIndex);
+}
+//#endregion
+export { createUserToolClient };

package/dist/src/user-tool-helpers.js

@@ -0,0 +1,110 @@
+import { AppScopeMissingError, UserAuthRequiredError, UserScopeInsufficientError } from "./auth-errors.js";
+import { openPlatformDomain } from "./domains.js";
+import { formatLarkError } from "./user-tool-result.js";
+import { getAllKnownScopes } from "./tool-scopes.js";
+import { createUserToolClient } from "./user-tool-client.js";
+import { jsonToolResult } from "./tool-result.js";
+import { Type } from "@sinclair/typebox";
+//#region src/user-tool-helpers.ts
+function json(data) {
+	return jsonToolResult(data);
+}
+function createToolContext(api, toolName, accountIndex = 0) {
+	const logPrefix = `${toolName}:`;
+	return {
+		toolClient: () => createUserToolClient(api.config, accountIndex),
+		log: {
+			info: (message) => api.logger.info?.(`${logPrefix} ${message}`),
+			warn: (message) => api.logger.warn?.(`${logPrefix} ${message}`),
+			error: (message) => api.logger.error?.(`${logPrefix} ${message}`),
+			debug: (message) => api.logger.debug?.(`${logPrefix} ${message}`)
+		}
+	};
+}
+function registerTool(api, tool, opts) {
+	api.registerTool(tool, opts);
+}
+function assertLarkOk(res) {
+	if (!res.code || res.code === 0) return;
+	throw new Error(res.msg ?? `Feishu API error (code=${res.code})`);
+}
+function StringEnum(values, options) {
+	return Type.Union(values.map((value) => Type.Literal(value)), options);
+}
+function parseTimeToTimestamp(input) {
+	const date = parseDateLike(input);
+	return date ? Math.floor(date.getTime() / 1e3).toString() : null;
+}
+function parseTimeToTimestampMs(input) {
+	const date = parseDateLike(input);
+	return date ? date.getTime().toString() : null;
+}
+function parseTimeToRFC3339(input) {
+	const trimmed = input.trim();
+	if (/[Zz]$|[+-]\d{2}:\d{2}$/.test(trimmed)) return new Date(trimmed).toString() === "Invalid Date" ? null : trimmed;
+	const match = trimmed.replace(" ", "T").match(/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2})(?::(\d{2}))?$/);
+	if (!match) {
+		const date = new Date(trimmed);
+		return Number.isNaN(date.getTime()) ? null : date.toISOString();
+	}
+	const [, y, m, d, hh, mm, ss] = match;
+	return `${y}-${m}-${d}T${hh}:${mm}:${ss ?? "00"}+08:00`;
+}
+function unixTimestampToISO8601(raw) {
+	if (raw === void 0 || raw === null || raw === "") return null;
+	const value = Number(raw);
+	if (!Number.isFinite(value)) return null;
+	const ms = value > 0xe8d4a51000 ? value : value * 1e3;
+	return new Date(ms).toISOString();
+}
+function parseDateLike(input) {
+	const trimmed = input.trim();
+	if (/[Zz]$|[+-]\d{2}:\d{2}$/.test(trimmed)) {
+		const date = new Date(trimmed);
+		return Number.isNaN(date.getTime()) ? null : date;
+	}
+	const match = trimmed.replace("T", " ").match(/^(\d{4})-(\d{2})-(\d{2})\s+(\d{2}):(\d{2})(?::(\d{2}))?$/);
+	if (!match) {
+		const date = new Date(trimmed);
+		return Number.isNaN(date.getTime()) ? null : date;
+	}
+	const [, year, month, day, hour, minute, second] = match;
+	return new Date(Date.UTC(Number(year), Number(month) - 1, Number(day), Number(hour) - 8, Number(minute), Number(second ?? "0")));
+}
+async function handleInvokeError(error, _api) {
+	if (error instanceof AppScopeMissingError) return json({
+		error: "app_scope_missing",
+		message: error.message,
+		missing_scopes: error.missingScopes,
+		app_id: error.appId,
+		open_platform: openPlatformDomain("feishu")
+	});
+	if (error instanceof UserAuthRequiredError) return json({
+		error: "need_user_authorization",
+		message: "当前用户尚未完成飞书 OAuth 授权，或授权范围不足。",
+		required_scopes: error.requiredScopes,
+		next_tool_call: {
+			tool: "feishu_oauth",
+			params: {
+				action: "authorize",
+				scope: error.requiredScopes.join(" ")
+			}
+		},
+		default_scope_suggestion: getAllKnownScopes().join(" ")
+	});
+	if (error instanceof UserScopeInsufficientError) return json({
+		error: "user_scope_insufficient",
+		message: "当前用户授权范围不足，请重新授权补齐缺失 scope。",
+		missing_scopes: error.missingScopes,
+		next_tool_call: {
+			tool: "feishu_oauth",
+			params: {
+				action: "authorize",
+				scope: error.missingScopes.join(" ")
+			}
+		}
+	});
+	return json({ error: formatLarkError(error) });
+}
+//#endregion
+export { StringEnum, assertLarkOk, createToolContext, handleInvokeError, json, parseTimeToRFC3339, parseTimeToTimestamp, parseTimeToTimestampMs, registerTool, unixTimestampToISO8601 };

package/dist/src/user-tool-result.js

@@ -0,0 +1,10 @@
+//#region src/user-tool-result.ts
+function formatLarkError(error) {
+	if (!error || typeof error !== "object") return String(error);
+	const typed = error;
+	if (typeof typed.code === "number" && typed.msg) return typed.msg;
+	if (typed.response?.data?.msg) return typed.response.data.msg;
+	return typed.message ?? String(error);
+}
+//#endregion
+export { formatLarkError };

package/dist/src/wiki-schema.js

@@ -0,0 +1,45 @@
+import { Type } from "@sinclair/typebox";
+//#region src/wiki-schema.ts
+const FeishuWikiSchema = Type.Union([
+	Type.Object({ action: Type.Literal("spaces") }),
+	Type.Object({
+		action: Type.Literal("nodes"),
+		space_id: Type.String({ description: "Knowledge space ID" }),
+		parent_node_token: Type.Optional(Type.String({ description: "Parent node token (optional, omit for root)" }))
+	}),
+	Type.Object({
+		action: Type.Literal("get"),
+		token: Type.String({ description: "Wiki node token (from URL /wiki/XXX)" })
+	}),
+	Type.Object({
+		action: Type.Literal("search"),
+		query: Type.String({ description: "Search query" }),
+		space_id: Type.Optional(Type.String({ description: "Limit search to this space (optional)" }))
+	}),
+	Type.Object({
+		action: Type.Literal("create"),
+		space_id: Type.String({ description: "Knowledge space ID" }),
+		title: Type.String({ description: "Node title" }),
+		obj_type: Type.Optional(Type.Union([
+			Type.Literal("docx"),
+			Type.Literal("sheet"),
+			Type.Literal("bitable")
+		], { description: "Object type (default: docx)" })),
+		parent_node_token: Type.Optional(Type.String({ description: "Parent node token (optional, omit for root)" }))
+	}),
+	Type.Object({
+		action: Type.Literal("move"),
+		space_id: Type.String({ description: "Source knowledge space ID" }),
+		node_token: Type.String({ description: "Node token to move" }),
+		target_space_id: Type.Optional(Type.String({ description: "Target space ID (optional, same space if omitted)" })),
+		target_parent_token: Type.Optional(Type.String({ description: "Target parent node token (optional, root if omitted)" }))
+	}),
+	Type.Object({
+		action: Type.Literal("rename"),
+		space_id: Type.String({ description: "Knowledge space ID" }),
+		node_token: Type.String({ description: "Node token to rename" }),
+		title: Type.String({ description: "New title" })
+	})
+]);
+//#endregion
+export { FeishuWikiSchema };