@openclaw-china/wecom 0.1.1

package/dist/index.js

@@ -0,0 +1,1086 @@
+import { z } from 'zod';
+import crypto from 'crypto';
+
+// src/config.ts
+var DEFAULT_ACCOUNT_ID = "default";
+var WecomAccountSchema = z.object({
+  name: z.string().optional(),
+  enabled: z.boolean().optional(),
+  webhookPath: z.string().optional(),
+  token: z.string().optional(),
+  encodingAESKey: z.string().optional(),
+  receiveId: z.string().optional(),
+  welcomeText: z.string().optional(),
+  dmPolicy: z.enum(["open", "pairing", "allowlist", "disabled"]).optional(),
+  allowFrom: z.array(z.string()).optional(),
+  groupPolicy: z.enum(["open", "allowlist", "disabled"]).optional(),
+  groupAllowFrom: z.array(z.string()).optional(),
+  requireMention: z.boolean().optional()
+});
+WecomAccountSchema.extend({
+  defaultAccount: z.string().optional(),
+  accounts: z.record(WecomAccountSchema).optional()
+});
+var WecomConfigJsonSchema = {
+  schema: {
+    type: "object",
+    additionalProperties: false,
+    properties: {
+      name: { type: "string" },
+      enabled: { type: "boolean" },
+      webhookPath: { type: "string" },
+      token: { type: "string" },
+      encodingAESKey: { type: "string" },
+      receiveId: { type: "string" },
+      welcomeText: { type: "string" },
+      dmPolicy: { type: "string", enum: ["open", "pairing", "allowlist", "disabled"] },
+      allowFrom: { type: "array", items: { type: "string" } },
+      groupPolicy: { type: "string", enum: ["open", "allowlist", "disabled"] },
+      groupAllowFrom: { type: "array", items: { type: "string" } },
+      requireMention: { type: "boolean" },
+      defaultAccount: { type: "string" },
+      accounts: {
+        type: "object",
+        additionalProperties: {
+          type: "object",
+          additionalProperties: false,
+          properties: {
+            name: { type: "string" },
+            enabled: { type: "boolean" },
+            webhookPath: { type: "string" },
+            token: { type: "string" },
+            encodingAESKey: { type: "string" },
+            receiveId: { type: "string" },
+            welcomeText: { type: "string" },
+            dmPolicy: { type: "string", enum: ["open", "pairing", "allowlist", "disabled"] },
+            allowFrom: { type: "array", items: { type: "string" } },
+            groupPolicy: { type: "string", enum: ["open", "allowlist", "disabled"] },
+            groupAllowFrom: { type: "array", items: { type: "string" } },
+            requireMention: { type: "boolean" }
+          }
+        }
+      }
+    }
+  }
+};
+function normalizeAccountId(raw) {
+  const trimmed = String(raw ?? "").trim();
+  return trimmed || DEFAULT_ACCOUNT_ID;
+}
+function listConfiguredAccountIds(cfg) {
+  const accounts = cfg.channels?.wecom?.accounts;
+  if (!accounts || typeof accounts !== "object") return [];
+  return Object.keys(accounts).filter(Boolean);
+}
+function listWecomAccountIds(cfg) {
+  const ids = listConfiguredAccountIds(cfg);
+  if (ids.length === 0) return [DEFAULT_ACCOUNT_ID];
+  return ids.sort((a, b) => a.localeCompare(b));
+}
+function resolveDefaultWecomAccountId(cfg) {
+  const wecomConfig = cfg.channels?.wecom;
+  if (wecomConfig?.defaultAccount?.trim()) return wecomConfig.defaultAccount.trim();
+  const ids = listWecomAccountIds(cfg);
+  if (ids.includes(DEFAULT_ACCOUNT_ID)) return DEFAULT_ACCOUNT_ID;
+  return ids[0] ?? DEFAULT_ACCOUNT_ID;
+}
+function resolveAccountConfig(cfg, accountId) {
+  const accounts = cfg.channels?.wecom?.accounts;
+  if (!accounts || typeof accounts !== "object") return void 0;
+  return accounts[accountId];
+}
+function mergeWecomAccountConfig(cfg, accountId) {
+  const base = cfg.channels?.wecom ?? {};
+  const { accounts: _ignored, defaultAccount: _ignored2, ...baseConfig } = base;
+  const account = resolveAccountConfig(cfg, accountId) ?? {};
+  return { ...baseConfig, ...account };
+}
+function resolveWecomAccount(params) {
+  const accountId = normalizeAccountId(params.accountId);
+  const baseEnabled = params.cfg.channels?.wecom?.enabled !== false;
+  const merged = mergeWecomAccountConfig(params.cfg, accountId);
+  const enabled = baseEnabled && merged.enabled !== false;
+  const isDefaultAccount = accountId === DEFAULT_ACCOUNT_ID;
+  const token = merged.token?.trim() || (isDefaultAccount ? process.env.WECOM_TOKEN?.trim() : void 0) || void 0;
+  const encodingAESKey = merged.encodingAESKey?.trim() || (isDefaultAccount ? process.env.WECOM_ENCODING_AES_KEY?.trim() : void 0) || void 0;
+  const receiveId = merged.receiveId?.trim() ?? "";
+  const configured = Boolean(token && encodingAESKey);
+  return {
+    accountId,
+    name: merged.name?.trim() || void 0,
+    enabled,
+    configured,
+    token,
+    encodingAESKey,
+    receiveId,
+    config: merged
+  };
+}
+function resolveGroupPolicy(config) {
+  return config.groupPolicy ?? "open";
+}
+function resolveRequireMention(config) {
+  if (typeof config.requireMention === "boolean") return config.requireMention;
+  return true;
+}
+function resolveAllowFrom(config) {
+  return config.allowFrom ?? [];
+}
+function resolveGroupAllowFrom(config) {
+  return config.groupAllowFrom ?? [];
+}
+
+// ../../node_modules/.pnpm/@openclaw-china+shared@0.1.5/node_modules/@openclaw-china/shared/src/logger/logger.ts
+function createLogger(prefix, opts) {
+  const logFn = opts?.log ?? console.log;
+  const errorFn = opts?.error ?? console.error;
+  return {
+    debug: (msg) => logFn(`[${prefix}] [DEBUG] ${msg}`),
+    info: (msg) => logFn(`[${prefix}] ${msg}`),
+    warn: (msg) => logFn(`[${prefix}] [WARN] ${msg}`),
+    error: (msg) => errorFn(`[${prefix}] [ERROR] ${msg}`)
+  };
+}
+
+// ../../node_modules/.pnpm/@openclaw-china+shared@0.1.5/node_modules/@openclaw-china/shared/src/policy/dm-policy.ts
+function checkDmPolicy(params) {
+  const { dmPolicy, senderId, allowFrom = [] } = params;
+  switch (dmPolicy) {
+    case "open":
+      return { allowed: true };
+    case "pairing":
+      return { allowed: true };
+    case "allowlist":
+      if (allowFrom.includes(senderId)) {
+        return { allowed: true };
+      }
+      return {
+        allowed: false,
+        reason: `sender ${senderId} not in DM allowlist`
+      };
+    default:
+      return { allowed: true };
+  }
+}
+
+// ../../node_modules/.pnpm/@openclaw-china+shared@0.1.5/node_modules/@openclaw-china/shared/src/policy/group-policy.ts
+function checkGroupPolicy(params) {
+  const { groupPolicy, conversationId, groupAllowFrom = []} = params;
+  switch (groupPolicy) {
+    case "disabled":
+      return {
+        allowed: false,
+        reason: "group messages disabled"
+      };
+    case "allowlist":
+      if (!groupAllowFrom.includes(conversationId)) {
+        return {
+          allowed: false,
+          reason: `group ${conversationId} not in allowlist`
+        };
+      }
+      break;
+  }
+  return { allowed: true };
+}
+function decodeEncodingAESKey(encodingAESKey) {
+  const trimmed = encodingAESKey.trim();
+  if (!trimmed) throw new Error("encodingAESKey missing");
+  const withPadding = trimmed.endsWith("=") ? trimmed : `${trimmed}=`;
+  const key = Buffer.from(withPadding, "base64");
+  if (key.length !== 32) {
+    throw new Error(`invalid encodingAESKey (expected 32 bytes after base64 decode, got ${key.length})`);
+  }
+  return key;
+}
+var WECOM_PKCS7_BLOCK_SIZE = 32;
+function pkcs7Pad(buf, blockSize) {
+  const mod = buf.length % blockSize;
+  const pad = mod === 0 ? blockSize : blockSize - mod;
+  return Buffer.concat([buf, Buffer.alloc(pad, pad)]);
+}
+function pkcs7Unpad(buf, blockSize) {
+  if (buf.length === 0) throw new Error("invalid pkcs7 payload");
+  const pad = buf[buf.length - 1];
+  if (!pad || pad < 1 || pad > blockSize || pad > buf.length) {
+    throw new Error("invalid pkcs7 padding");
+  }
+  for (let i = 1; i <= pad; i += 1) {
+    if (buf[buf.length - i] !== pad) {
+      throw new Error("invalid pkcs7 padding");
+    }
+  }
+  return buf.subarray(0, buf.length - pad);
+}
+function sha1Hex(input) {
+  return crypto.createHash("sha1").update(input).digest("hex");
+}
+function computeWecomMsgSignature(params) {
+  const parts = [params.token, params.timestamp, params.nonce, params.encrypt].map((value) => String(value ?? "")).sort();
+  return sha1Hex(parts.join(""));
+}
+function verifyWecomSignature(params) {
+  const expected = computeWecomMsgSignature({
+    token: params.token,
+    timestamp: params.timestamp,
+    nonce: params.nonce,
+    encrypt: params.encrypt
+  });
+  return expected === params.signature;
+}
+function decryptWecomEncrypted(params) {
+  const aesKey = decodeEncodingAESKey(params.encodingAESKey);
+  const iv = aesKey.subarray(0, 16);
+  const decipher = crypto.createDecipheriv("aes-256-cbc", aesKey, iv);
+  decipher.setAutoPadding(false);
+  const decryptedPadded = Buffer.concat([
+    decipher.update(Buffer.from(params.encrypt, "base64")),
+    decipher.final()
+  ]);
+  const decrypted = pkcs7Unpad(decryptedPadded, WECOM_PKCS7_BLOCK_SIZE);
+  if (decrypted.length < 20) {
+    throw new Error(`invalid decrypted payload (expected at least 20 bytes, got ${decrypted.length})`);
+  }
+  const msgLen = decrypted.readUInt32BE(16);
+  const msgStart = 20;
+  const msgEnd = msgStart + msgLen;
+  if (msgEnd > decrypted.length) {
+    throw new Error(`invalid decrypted msg length (msgEnd=${msgEnd}, payloadLength=${decrypted.length})`);
+  }
+  const msg = decrypted.subarray(msgStart, msgEnd).toString("utf8");
+  const receiveId = params.receiveId ?? "";
+  if (receiveId) {
+    const trailing = decrypted.subarray(msgEnd).toString("utf8");
+    if (trailing !== receiveId) {
+      throw new Error(`receiveId mismatch (expected "${receiveId}", got "${trailing}")`);
+    }
+  }
+  return msg;
+}
+function encryptWecomPlaintext(params) {
+  const aesKey = decodeEncodingAESKey(params.encodingAESKey);
+  const iv = aesKey.subarray(0, 16);
+  const random16 = crypto.randomBytes(16);
+  const msg = Buffer.from(params.plaintext ?? "", "utf8");
+  const msgLen = Buffer.alloc(4);
+  msgLen.writeUInt32BE(msg.length, 0);
+  const receiveId = Buffer.from(params.receiveId ?? "", "utf8");
+  const raw = Buffer.concat([random16, msgLen, msg, receiveId]);
+  const padded = pkcs7Pad(raw, WECOM_PKCS7_BLOCK_SIZE);
+  const cipher = crypto.createCipheriv("aes-256-cbc", aesKey, iv);
+  cipher.setAutoPadding(false);
+  const encrypted = Buffer.concat([cipher.update(padded), cipher.final()]);
+  return encrypted.toString("base64");
+}
+
+// src/bot.ts
+function resolveSenderId(msg) {
+  const userid = msg.from?.userid?.trim();
+  return userid || "unknown";
+}
+function resolveChatType(msg) {
+  return msg.chattype === "group" ? "group" : "direct";
+}
+function resolveChatId(msg, senderId, chatType) {
+  if (chatType === "group") {
+    return msg.chatid?.trim() || "unknown";
+  }
+  return senderId;
+}
+function buildInboundBody(msg) {
+  const msgtype = String(msg.msgtype ?? "").toLowerCase();
+  if (msgtype === "text") {
+    const content = msg.text?.content;
+    return typeof content === "string" ? content : "";
+  }
+  if (msgtype === "voice") {
+    const content = msg.voice?.content;
+    return typeof content === "string" ? content : "[voice]";
+  }
+  if (msgtype === "mixed") {
+    const items = msg.mixed?.msg_item;
+    if (Array.isArray(items)) {
+      return items.map((item) => {
+        if (!item || typeof item !== "object") return "";
+        const typed = item;
+        const t = String(typed.msgtype ?? "").toLowerCase();
+        if (t === "text") return String(typed.text?.content ?? "");
+        if (t === "image") return `[image] ${String(typed.image?.url ?? "").trim()}`.trim();
+        return t ? `[${t}]` : "";
+      }).filter((part) => Boolean(part && part.trim())).join("\n");
+    }
+    return "[mixed]";
+  }
+  if (msgtype === "image") {
+    const url = String(msg.image?.url ?? "").trim();
+    return url ? `[image] ${url}` : "[image]";
+  }
+  if (msgtype === "file") {
+    const url = String(msg.file?.url ?? "").trim();
+    return url ? `[file] ${url}` : "[file]";
+  }
+  if (msgtype === "event") {
+    const eventtype = String(msg.event?.eventtype ?? "").trim();
+    return eventtype ? `[event] ${eventtype}` : "[event]";
+  }
+  if (msgtype === "stream") {
+    const id = String(msg.stream?.id ?? "").trim();
+    return id ? `[stream_refresh] ${id}` : "[stream_refresh]";
+  }
+  return msgtype ? `[${msgtype}]` : "";
+}
+async function dispatchWecomMessage(params) {
+  const { cfg, account, msg, core, hooks } = params;
+  const safeCfg = cfg ?? {};
+  const logger = createLogger("wecom", { log: params.log, error: params.error });
+  const chatType = resolveChatType(msg);
+  const senderId = resolveSenderId(msg);
+  const chatId = resolveChatId(msg, senderId, chatType);
+  const accountConfig = account?.config ?? {};
+  if (chatType === "group") {
+    const groupPolicy = resolveGroupPolicy(accountConfig);
+    const groupAllowFrom = resolveGroupAllowFrom(accountConfig);
+    resolveRequireMention(accountConfig);
+    const policyResult = checkGroupPolicy({
+      groupPolicy,
+      conversationId: chatId,
+      groupAllowFrom});
+    if (!policyResult.allowed) {
+      logger.debug(`policy rejected: ${policyResult.reason}`);
+      return;
+    }
+  } else {
+    const dmPolicyRaw = accountConfig.dmPolicy ?? "pairing";
+    if (dmPolicyRaw === "disabled") {
+      logger.debug("dmPolicy=disabled, skipping dispatch");
+      return;
+    }
+    const allowFrom = resolveAllowFrom(accountConfig);
+    const policyResult = checkDmPolicy({
+      dmPolicy: dmPolicyRaw,
+      senderId,
+      allowFrom
+    });
+    if (!policyResult.allowed) {
+      logger.debug(`policy rejected: ${policyResult.reason}`);
+      return;
+    }
+  }
+  const channel = core.channel;
+  if (!channel?.routing?.resolveAgentRoute || !channel.reply?.dispatchReplyWithBufferedBlockDispatcher) {
+    logger.debug("core routing or buffered dispatcher missing, skipping dispatch");
+    return;
+  }
+  const route = channel.routing.resolveAgentRoute({
+    cfg: safeCfg,
+    channel: "wecom",
+    peer: { kind: chatType === "group" ? "group" : "dm", id: chatId }
+  });
+  const rawBody = buildInboundBody(msg);
+  const fromLabel = chatType === "group" ? `group:${chatId}` : `user:${senderId}`;
+  const storePath = channel.session?.resolveStorePath?.(safeCfg.session?.store, {
+    agentId: route.agentId
+  });
+  const previousTimestamp = channel.session?.readSessionUpdatedAt ? channel.session.readSessionUpdatedAt({
+    storePath,
+    sessionKey: route.sessionKey
+  }) ?? void 0 : void 0;
+  const envelopeOptions = channel.reply?.resolveEnvelopeFormatOptions ? channel.reply.resolveEnvelopeFormatOptions(safeCfg) : void 0;
+  const body = channel.reply?.formatAgentEnvelope ? channel.reply.formatAgentEnvelope({
+    channel: "WeCom",
+    from: fromLabel,
+    previousTimestamp,
+    envelope: envelopeOptions,
+    body: rawBody
+  }) : rawBody;
+  const ctxPayload = channel.reply?.finalizeInboundContext ? channel.reply.finalizeInboundContext({
+    Body: body,
+    RawBody: rawBody,
+    CommandBody: rawBody,
+    From: chatType === "group" ? `wecom:group:${chatId}` : `wecom:${senderId}`,
+    To: `wecom:${chatId}`,
+    SessionKey: route.sessionKey,
+    AccountId: route.accountId,
+    ChatType: chatType,
+    ConversationLabel: fromLabel,
+    SenderName: senderId,
+    SenderId: senderId,
+    Provider: "wecom",
+    Surface: "wecom",
+    MessageSid: msg.msgid,
+    OriginatingChannel: "wecom",
+    OriginatingTo: `wecom:${chatId}`
+  }) : {
+    Body: body,
+    RawBody: rawBody,
+    CommandBody: rawBody,
+    From: chatType === "group" ? `wecom:group:${chatId}` : `wecom:${senderId}`,
+    To: `wecom:${chatId}`,
+    SessionKey: route.sessionKey,
+    AccountId: route.accountId,
+    ChatType: chatType,
+    ConversationLabel: fromLabel,
+    SenderName: senderId,
+    SenderId: senderId,
+    Provider: "wecom",
+    Surface: "wecom",
+    MessageSid: msg.msgid,
+    OriginatingChannel: "wecom",
+    OriginatingTo: `wecom:${chatId}`
+  };
+  if (channel.session?.recordInboundSession && storePath) {
+    await channel.session.recordInboundSession({
+      storePath,
+      sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+      ctx: ctxPayload,
+      onRecordError: (err) => {
+        logger.error(`wecom: failed updating session meta: ${String(err)}`);
+      }
+    });
+  }
+  const tableMode = channel.text?.resolveMarkdownTableMode ? channel.text.resolveMarkdownTableMode({ cfg: safeCfg, channel: "wecom", accountId: account.accountId }) : void 0;
+  await channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+    ctx: ctxPayload,
+    cfg: safeCfg,
+    dispatcherOptions: {
+      deliver: async (payload) => {
+        const rawText = payload.text ?? "";
+        if (!rawText.trim()) return;
+        const converted = channel.text?.convertMarkdownTables && tableMode ? channel.text.convertMarkdownTables(rawText, tableMode) : rawText;
+        hooks.onChunk(converted);
+      },
+      onError: (err, info) => {
+        hooks.onError?.(err);
+        logger.error(`${info.kind} reply failed: ${String(err)}`);
+      }
+    }
+  });
+}
+
+// src/runtime.ts
+var runtime = null;
+function setWecomRuntime(next) {
+  runtime = next;
+}
+function getWecomRuntime() {
+  if (!runtime) {
+    throw new Error("WeCom runtime not initialized. Make sure the plugin is properly registered with Moltbot.");
+  }
+  return runtime;
+}
+function tryGetWecomRuntime() {
+  return runtime;
+}
+
+// src/monitor.ts
+var webhookTargets = /* @__PURE__ */ new Map();
+var streams = /* @__PURE__ */ new Map();
+var msgidToStreamId = /* @__PURE__ */ new Map();
+var STREAM_TTL_MS = 10 * 60 * 1e3;
+var STREAM_MAX_BYTES = 20480;
+var INITIAL_STREAM_WAIT_MS = 800;
+function normalizeWebhookPath(raw) {
+  const trimmed = raw.trim();
+  if (!trimmed) return "/";
+  const withSlash = trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+  if (withSlash.length > 1 && withSlash.endsWith("/")) return withSlash.slice(0, -1);
+  return withSlash;
+}
+function pruneStreams() {
+  const cutoff = Date.now() - STREAM_TTL_MS;
+  for (const [id, state] of streams.entries()) {
+    if (state.updatedAt < cutoff) {
+      streams.delete(id);
+    }
+  }
+  for (const [msgid, id] of msgidToStreamId.entries()) {
+    if (!streams.has(id)) {
+      msgidToStreamId.delete(msgid);
+    }
+  }
+}
+function truncateUtf8Bytes(text, maxBytes) {
+  const buf = Buffer.from(text, "utf8");
+  if (buf.length <= maxBytes) return text;
+  const slice = buf.subarray(buf.length - maxBytes);
+  return slice.toString("utf8");
+}
+function jsonOk(res, body) {
+  res.statusCode = 200;
+  res.setHeader("Content-Type", "text/plain; charset=utf-8");
+  res.end(JSON.stringify(body));
+}
+async function readJsonBody(req, maxBytes) {
+  const chunks = [];
+  let total = 0;
+  return await new Promise((resolve) => {
+    req.on("data", (chunk) => {
+      total += chunk.length;
+      if (total > maxBytes) {
+        resolve({ ok: false, error: "payload too large" });
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      try {
+        const raw = Buffer.concat(chunks).toString("utf8");
+        if (!raw.trim()) {
+          resolve({ ok: false, error: "empty payload" });
+          return;
+        }
+        resolve({ ok: true, value: JSON.parse(raw) });
+      } catch (err) {
+        resolve({ ok: false, error: err instanceof Error ? err.message : String(err) });
+      }
+    });
+    req.on("error", (err) => {
+      resolve({ ok: false, error: err instanceof Error ? err.message : String(err) });
+    });
+  });
+}
+function buildEncryptedJsonReply(params) {
+  const plaintext = JSON.stringify(params.plaintextJson ?? {});
+  const encrypt = encryptWecomPlaintext({
+    encodingAESKey: params.account.encodingAESKey ?? "",
+    receiveId: params.account.receiveId ?? "",
+    plaintext
+  });
+  const msgsignature = computeWecomMsgSignature({
+    token: params.account.token ?? "",
+    timestamp: params.timestamp,
+    nonce: params.nonce,
+    encrypt
+  });
+  return {
+    encrypt,
+    msgsignature,
+    timestamp: params.timestamp,
+    nonce: params.nonce
+  };
+}
+function resolveQueryParams(req) {
+  const url = new URL(req.url ?? "/", "http://localhost");
+  return url.searchParams;
+}
+function resolvePath(req) {
+  const url = new URL(req.url ?? "/", "http://localhost");
+  return normalizeWebhookPath(url.pathname || "/");
+}
+function resolveSignatureParam(params) {
+  return params.get("msg_signature") ?? params.get("msgsignature") ?? params.get("signature") ?? "";
+}
+function buildStreamPlaceholderReply(streamId) {
+  return {
+    msgtype: "stream",
+    stream: {
+      id: streamId,
+      finish: false,
+      content: "\u7A0D\u7B49~"
+    }
+  };
+}
+function buildStreamReplyFromState(state) {
+  const content = truncateUtf8Bytes(state.content, STREAM_MAX_BYTES);
+  return {
+    msgtype: "stream",
+    stream: {
+      id: state.streamId,
+      finish: state.finished,
+      content
+    }
+  };
+}
+function createStreamId() {
+  return crypto.randomBytes(16).toString("hex");
+}
+function parseWecomPlainMessage(raw) {
+  const parsed = JSON.parse(raw);
+  if (!parsed || typeof parsed !== "object") {
+    return {};
+  }
+  return parsed;
+}
+async function waitForStreamContent(streamId, maxWaitMs) {
+  const startedAt = Date.now();
+  await new Promise((resolve) => {
+    const tick = () => {
+      const state = streams.get(streamId);
+      if (!state) return resolve();
+      if (state.error || state.finished || state.content.trim()) return resolve();
+      if (Date.now() - startedAt >= maxWaitMs) return resolve();
+      setTimeout(tick, 25);
+    };
+    tick();
+  });
+}
+function appendStreamContent(state, nextText) {
+  const content = state.content ? `${state.content}
+
+${nextText}`.trim() : nextText.trim();
+  state.content = truncateUtf8Bytes(content, STREAM_MAX_BYTES);
+  state.updatedAt = Date.now();
+}
+function buildLogger(target) {
+  return createLogger("wecom", {
+    log: target.runtime.log,
+    error: target.runtime.error
+  });
+}
+function registerWecomWebhookTarget(target) {
+  const key = normalizeWebhookPath(target.path);
+  const normalizedTarget = { ...target, path: key };
+  const existing = webhookTargets.get(key) ?? [];
+  const next = [...existing, normalizedTarget];
+  webhookTargets.set(key, next);
+  return () => {
+    const updated = (webhookTargets.get(key) ?? []).filter((entry) => entry !== normalizedTarget);
+    if (updated.length > 0) webhookTargets.set(key, updated);
+    else webhookTargets.delete(key);
+  };
+}
+async function handleWecomWebhookRequest(req, res) {
+  pruneStreams();
+  const path = resolvePath(req);
+  const targets = webhookTargets.get(path);
+  if (!targets || targets.length === 0) return false;
+  const query = resolveQueryParams(req);
+  const timestamp = query.get("timestamp") ?? "";
+  const nonce = query.get("nonce") ?? "";
+  const signature = resolveSignatureParam(query);
+  const primary = targets[0];
+  const logger = buildLogger(primary);
+  logger.debug(`incoming ${req.method} request on ${path} (timestamp=${timestamp}, nonce=${nonce})`);
+  if (req.method === "GET") {
+    const echostr = query.get("echostr") ?? "";
+    if (!timestamp || !nonce || !signature || !echostr) {
+      res.statusCode = 400;
+      res.end("missing query params");
+      return true;
+    }
+    const target2 = targets.find((candidate) => {
+      if (!candidate.account.configured || !candidate.account.token) return false;
+      return verifyWecomSignature({
+        token: candidate.account.token,
+        timestamp,
+        nonce,
+        encrypt: echostr,
+        signature
+      });
+    });
+    if (!target2 || !target2.account.encodingAESKey) {
+      res.statusCode = 401;
+      res.end("unauthorized");
+      return true;
+    }
+    try {
+      const plain2 = decryptWecomEncrypted({
+        encodingAESKey: target2.account.encodingAESKey,
+        receiveId: target2.account.receiveId,
+        encrypt: echostr
+      });
+      res.statusCode = 200;
+      res.setHeader("Content-Type", "text/plain; charset=utf-8");
+      res.end(plain2);
+      return true;
+    } catch (err) {
+      const msg2 = err instanceof Error ? err.message : String(err);
+      res.statusCode = 400;
+      res.end(msg2 || "decrypt failed");
+      return true;
+    }
+  }
+  if (req.method !== "POST") {
+    res.statusCode = 405;
+    res.setHeader("Allow", "GET, POST");
+    res.end("Method Not Allowed");
+    return true;
+  }
+  if (!timestamp || !nonce || !signature) {
+    res.statusCode = 400;
+    res.end("missing query params");
+    return true;
+  }
+  const body = await readJsonBody(req, 1024 * 1024);
+  if (!body.ok) {
+    res.statusCode = body.error === "payload too large" ? 413 : 400;
+    res.end(body.error ?? "invalid payload");
+    return true;
+  }
+  const record = body.value && typeof body.value === "object" ? body.value : null;
+  const encrypt = record ? String(record.encrypt ?? record.Encrypt ?? "") : "";
+  if (!encrypt) {
+    res.statusCode = 400;
+    res.end("missing encrypt");
+    return true;
+  }
+  const target = targets.find((candidate) => {
+    if (!candidate.account.token) return false;
+    return verifyWecomSignature({
+      token: candidate.account.token,
+      timestamp,
+      nonce,
+      encrypt,
+      signature
+    });
+  });
+  if (!target) {
+    res.statusCode = 401;
+    res.end("unauthorized");
+    return true;
+  }
+  if (!target.account.configured || !target.account.token || !target.account.encodingAESKey) {
+    res.statusCode = 500;
+    res.end("wecom not configured");
+    return true;
+  }
+  let plain;
+  try {
+    plain = decryptWecomEncrypted({
+      encodingAESKey: target.account.encodingAESKey,
+      receiveId: target.account.receiveId,
+      encrypt
+    });
+  } catch (err) {
+    const msg2 = err instanceof Error ? err.message : String(err);
+    res.statusCode = 400;
+    res.end(msg2 || "decrypt failed");
+    return true;
+  }
+  const msg = parseWecomPlainMessage(plain);
+  target.statusSink?.({ lastInboundAt: Date.now() });
+  const msgtype = String(msg.msgtype ?? "").toLowerCase();
+  const msgid = msg.msgid ? String(msg.msgid) : void 0;
+  if (msgtype === "stream") {
+    const streamId2 = String(msg.stream?.id ?? "").trim();
+    const state2 = streamId2 ? streams.get(streamId2) : void 0;
+    const reply = state2 ? buildStreamReplyFromState(state2) : buildStreamReplyFromState({
+      streamId: streamId2 || "unknown",
+      finished: true,
+      content: ""
+    });
+    jsonOk(
+      res,
+      buildEncryptedJsonReply({
+        account: target.account,
+        plaintextJson: reply,
+        nonce,
+        timestamp
+      })
+    );
+    return true;
+  }
+  if (msgid && msgidToStreamId.has(msgid)) {
+    const streamId2 = msgidToStreamId.get(msgid) ?? "";
+    const reply = buildStreamPlaceholderReply(streamId2);
+    jsonOk(
+      res,
+      buildEncryptedJsonReply({
+        account: target.account,
+        plaintextJson: reply,
+        nonce,
+        timestamp
+      })
+    );
+    return true;
+  }
+  if (msgtype === "event") {
+    const eventtype = String(msg.event?.eventtype ?? "").toLowerCase();
+    if (eventtype === "enter_chat") {
+      const welcome = target.account.config.welcomeText?.trim();
+      const reply = welcome ? { msgtype: "text", text: { content: welcome } } : {};
+      jsonOk(
+        res,
+        buildEncryptedJsonReply({
+          account: target.account,
+          plaintextJson: reply,
+          nonce,
+          timestamp
+        })
+      );
+      return true;
+    }
+    jsonOk(
+      res,
+      buildEncryptedJsonReply({
+        account: target.account,
+        plaintextJson: {},
+        nonce,
+        timestamp
+      })
+    );
+    return true;
+  }
+  const streamId = createStreamId();
+  if (msgid) msgidToStreamId.set(msgid, streamId);
+  streams.set(streamId, {
+    streamId,
+    msgid,
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+    started: false,
+    finished: false,
+    content: ""
+  });
+  const core = tryGetWecomRuntime();
+  if (core) {
+    const state2 = streams.get(streamId);
+    if (state2) state2.started = true;
+    const hooks = {
+      onChunk: (text) => {
+        const current = streams.get(streamId);
+        if (!current) return;
+        appendStreamContent(current, text);
+        target.statusSink?.({ lastOutboundAt: Date.now() });
+      },
+      onError: (err) => {
+        const current = streams.get(streamId);
+        if (current) {
+          current.error = err instanceof Error ? err.message : String(err);
+          current.content = current.content || `Error: ${current.error}`;
+          current.finished = true;
+          current.updatedAt = Date.now();
+        }
+        logger.error(`wecom agent failed: ${String(err)}`);
+      }
+    };
+    dispatchWecomMessage({
+      cfg: target.config,
+      account: target.account,
+      msg,
+      core,
+      hooks,
+      log: target.runtime.log,
+      error: target.runtime.error
+    }).then(() => {
+      const current = streams.get(streamId);
+      if (current) {
+        current.finished = true;
+        current.updatedAt = Date.now();
+      }
+    }).catch((err) => {
+      const current = streams.get(streamId);
+      if (current) {
+        current.error = err instanceof Error ? err.message : String(err);
+        current.content = current.content || `Error: ${current.error}`;
+        current.finished = true;
+        current.updatedAt = Date.now();
+      }
+      logger.error(`wecom agent failed: ${String(err)}`);
+    });
+  } else {
+    const state2 = streams.get(streamId);
+    if (state2) {
+      state2.finished = true;
+      state2.updatedAt = Date.now();
+    }
+  }
+  await waitForStreamContent(streamId, INITIAL_STREAM_WAIT_MS);
+  const state = streams.get(streamId);
+  const initialReply = state && (state.content.trim() || state.error) ? buildStreamReplyFromState(state) : buildStreamPlaceholderReply(streamId);
+  jsonOk(
+    res,
+    buildEncryptedJsonReply({
+      account: target.account,
+      plaintextJson: initialReply,
+      nonce,
+      timestamp
+    })
+  );
+  return true;
+}
+
+// src/channel.ts
+var meta = {
+  id: "wecom",
+  label: "WeCom",
+  selectionLabel: "WeCom (\u4F01\u4E1A\u5FAE\u4FE1)",
+  docsPath: "/channels/wecom",
+  docsLabel: "wecom",
+  blurb: "\u4F01\u4E1A\u5FAE\u4FE1\u667A\u80FD\u673A\u5668\u4EBA\u56DE\u8C03",
+  aliases: ["wechatwork", "wework", "qywx", "\u4F01\u5FAE", "\u4F01\u4E1A\u5FAE\u4FE1"],
+  order: 85
+};
+var unregisterHooks = /* @__PURE__ */ new Map();
+var wecomPlugin = {
+  id: "wecom",
+  meta: {
+    ...meta
+  },
+  capabilities: {
+    chatTypes: ["direct", "group"],
+    media: false,
+    reactions: false,
+    threads: false,
+    edit: false,
+    reply: true,
+    polls: false
+  },
+  configSchema: WecomConfigJsonSchema,
+  reload: { configPrefixes: ["channels.wecom"] },
+  config: {
+    listAccountIds: (cfg) => listWecomAccountIds(cfg),
+    resolveAccount: (cfg, accountId) => resolveWecomAccount({ cfg, accountId }),
+    defaultAccountId: (cfg) => resolveDefaultWecomAccountId(cfg),
+    setAccountEnabled: (params) => {
+      const accountId = params.accountId ?? DEFAULT_ACCOUNT_ID;
+      const useAccount = Boolean(params.cfg.channels?.wecom?.accounts?.[accountId]);
+      if (!useAccount) {
+        return {
+          ...params.cfg,
+          channels: {
+            ...params.cfg.channels,
+            wecom: {
+              ...params.cfg.channels?.wecom ?? {},
+              enabled: params.enabled
+            }
+          }
+        };
+      }
+      return {
+        ...params.cfg,
+        channels: {
+          ...params.cfg.channels,
+          wecom: {
+            ...params.cfg.channels?.wecom ?? {},
+            accounts: {
+              ...params.cfg.channels?.wecom?.accounts ?? {},
+              [accountId]: {
+                ...params.cfg.channels?.wecom?.accounts?.[accountId] ?? {},
+                enabled: params.enabled
+              }
+            }
+          }
+        }
+      };
+    },
+    deleteAccount: (params) => {
+      const accountId = params.accountId ?? DEFAULT_ACCOUNT_ID;
+      const next = { ...params.cfg };
+      const current = next.channels?.wecom;
+      if (!current) return next;
+      if (accountId === DEFAULT_ACCOUNT_ID) {
+        const { accounts: _ignored, defaultAccount: _ignored2, ...rest } = current;
+        next.channels = {
+          ...next.channels,
+          wecom: { ...rest, enabled: false }
+        };
+        return next;
+      }
+      const accounts = { ...current.accounts ?? {} };
+      delete accounts[accountId];
+      next.channels = {
+        ...next.channels,
+        wecom: {
+          ...current,
+          accounts: Object.keys(accounts).length > 0 ? accounts : void 0
+        }
+      };
+      return next;
+    },
+    isConfigured: (account) => account.configured,
+    describeAccount: (account) => ({
+      accountId: account.accountId,
+      name: account.name,
+      enabled: account.enabled,
+      configured: account.configured,
+      webhookPath: account.config.webhookPath ?? "/wecom"
+    }),
+    resolveAllowFrom: (params) => {
+      const account = resolveWecomAccount({ cfg: params.cfg, accountId: params.accountId });
+      return resolveAllowFrom(account.config);
+    },
+    formatAllowFrom: (params) => params.allowFrom.map((entry) => String(entry).trim()).filter(Boolean).map((entry) => entry.toLowerCase())
+  },
+  groups: {
+    resolveRequireMention: (params) => {
+      const account = params.account ?? resolveWecomAccount({ cfg: params.cfg ?? {}, accountId: params.accountId });
+      return resolveRequireMention(account.config);
+    }
+  },
+  outbound: {
+    deliveryMode: "direct",
+    sendText: async () => {
+      return {
+        channel: "wecom",
+        ok: false,
+        messageId: "",
+        error: new Error("WeCom intelligent bot only supports replying within callbacks (no standalone sendText).")
+      };
+    }
+  },
+  gateway: {
+    startAccount: async (ctx) => {
+      ctx.setStatus?.({ accountId: ctx.accountId });
+      if (ctx.runtime) {
+        const candidate = ctx.runtime;
+        if (candidate.channel?.routing?.resolveAgentRoute && candidate.channel?.reply?.dispatchReplyFromConfig) {
+          setWecomRuntime(ctx.runtime);
+        }
+      }
+      const account = resolveWecomAccount({ cfg: ctx.cfg, accountId: ctx.accountId });
+      if (!account.configured) {
+        ctx.log?.info(`[wecom] account ${ctx.accountId} not configured; webhook not registered`);
+        ctx.setStatus?.({ accountId: ctx.accountId, running: false, configured: false });
+        return;
+      }
+      const path = (account.config.webhookPath ?? "/wecom").trim();
+      const unregister = registerWecomWebhookTarget({
+        account,
+        config: ctx.cfg ?? {},
+        runtime: {
+          log: ctx.log?.info ?? console.log,
+          error: ctx.log?.error ?? console.error
+        },
+        path,
+        statusSink: (patch) => ctx.setStatus?.({ accountId: ctx.accountId, ...patch })
+      });
+      const existing = unregisterHooks.get(ctx.accountId);
+      if (existing) existing();
+      unregisterHooks.set(ctx.accountId, unregister);
+      ctx.log?.info(`[wecom] webhook registered at ${path} for account ${ctx.accountId}`);
+      ctx.setStatus?.({
+        accountId: ctx.accountId,
+        running: true,
+        configured: true,
+        webhookPath: path,
+        lastStartAt: Date.now()
+      });
+    },
+    stopAccount: async (ctx) => {
+      const unregister = unregisterHooks.get(ctx.accountId);
+      if (unregister) {
+        unregister();
+        unregisterHooks.delete(ctx.accountId);
+      }
+      ctx.setStatus?.({ accountId: ctx.accountId, running: false, lastStopAt: Date.now() });
+    }
+  }
+};
+
+// index.ts
+var plugin = {
+  id: "wecom",
+  name: "WeCom",
+  description: "\u4F01\u4E1A\u5FAE\u4FE1\u667A\u80FD\u673A\u5668\u4EBA\u56DE\u8C03\u63D2\u4EF6",
+  configSchema: {
+    type: "object",
+    additionalProperties: false,
+    properties: {}
+  },
+  register(api) {
+    if (api.runtime) {
+      setWecomRuntime(api.runtime);
+    }
+    api.registerChannel({ plugin: wecomPlugin });
+    if (api.registerHttpHandler) {
+      api.registerHttpHandler(handleWecomWebhookRequest);
+    }
+  }
+};
+var index_default = plugin;
+
+export { DEFAULT_ACCOUNT_ID, index_default as default, getWecomRuntime, setWecomRuntime, wecomPlugin };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map