@openclaw-china/wecom 0.1.13 → 0.1.15

package/dist/index.js

@@ -1,4 +1,6 @@
 import crypto from 'crypto';
+import * as path from 'path';
+import * as fsPromises from 'fs/promises';
 
 var __defProp = Object.defineProperty;
 var __export = (target, all) => {
@@ -484,8 +486,8 @@ function getErrorMap() {
 
 // ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/helpers/parseUtil.js
 var makeIssue = (params) => {
-  const { data, path, errorMaps, issueData } = params;
-  const fullPath = [...path, ...issueData.path || []];
+  const { data, path: path2, errorMaps, issueData } = params;
+  const fullPath = [...path2, ...issueData.path || []];
   const fullIssue = {
     ...issueData,
     path: fullPath
@@ -601,11 +603,11 @@ var errorUtil;
 
 // ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/types.js
 var ParseInputLazyPath = class {
-  constructor(parent, value, path, key) {
+  constructor(parent, value, path2, key) {
     this._cachedPath = [];
     this.parent = parent;
     this.data = value;
-    this._path = path;
+    this._path = path2;
     this._key = key;
   }
   get path() {
@@ -4229,6 +4231,70 @@ function checkGroupPolicy(params) {
   return { allowed: true };
 }
 
+// ../../packages/shared/src/file/file-utils.ts
+var MIME_TO_EXTENSION = {
+  // Images
+  "image/jpeg": ".jpg",
+  "image/png": ".png",
+  "image/gif": ".gif",
+  "image/webp": ".webp",
+  "image/bmp": ".bmp",
+  // Audio
+  "audio/mpeg": ".mp3",
+  "audio/wav": ".wav",
+  "audio/ogg": ".ogg",
+  "audio/amr": ".amr",
+  "audio/x-m4a": ".m4a",
+  // Video
+  "video/mp4": ".mp4",
+  "video/quicktime": ".mov",
+  "video/x-msvideo": ".avi",
+  "video/webm": ".webm",
+  // Documents
+  "application/pdf": ".pdf",
+  "application/msword": ".doc",
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document": ".docx",
+  "application/vnd.ms-excel": ".xls",
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": ".xlsx",
+  "application/vnd.ms-powerpoint": ".ppt",
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation": ".pptx",
+  "application/rtf": ".rtf",
+  "application/vnd.oasis.opendocument.text": ".odt",
+  "application/vnd.oasis.opendocument.spreadsheet": ".ods",
+  "text/plain": ".txt",
+  "text/markdown": ".md",
+  "text/csv": ".csv",
+  // Archives
+  "application/zip": ".zip",
+  "application/x-rar-compressed": ".rar",
+  "application/vnd.rar": ".rar",
+  "application/x-7z-compressed": ".7z",
+  "application/x-tar": ".tar",
+  "application/gzip": ".gz",
+  "application/x-gzip": ".gz",
+  "application/x-bzip2": ".bz2",
+  // Code
+  "application/json": ".json",
+  "application/xml": ".xml",
+  "text/xml": ".xml",
+  "text/html": ".html",
+  "text/css": ".css",
+  "text/javascript": ".js",
+  "application/javascript": ".js",
+  "text/x-python": ".py",
+  "text/x-java-source": ".java",
+  "text/x-c": ".c",
+  "text/x-yaml": ".yaml",
+  "application/x-yaml": ".yaml"
+};
+function resolveExtension(contentType, fileName) {
+  const mimeType = contentType.split(";")[0].trim().toLowerCase();
+  if (mimeType in MIME_TO_EXTENSION) {
+    return MIME_TO_EXTENSION[mimeType];
+  }
+  return ".bin";
+}
+
 // ../../packages/shared/src/media/media-parser.ts
 var AUDIO_EXTENSIONS = /* @__PURE__ */ new Set([
   "mp3",
@@ -4373,22 +4439,29 @@ function encryptWecomPlaintext(params) {
   const encrypted = Buffer.concat([cipher.update(padded), cipher.final()]);
   return encrypted.toString("base64");
 }
-
-// src/bot.ts
-function resolveSenderId(msg) {
-  const userid = msg.from?.userid?.trim();
-  return userid || "unknown";
-}
-function resolveChatType(msg) {
-  return msg.chattype === "group" ? "group" : "direct";
-}
-function resolveChatId(msg, senderId, chatType) {
-  if (chatType === "group") {
-    return msg.chatid?.trim() || "unknown";
+function decryptWecomMedia(params) {
+  const { encryptedBuffer, encodingAESKey } = params;
+  if (!encryptedBuffer || encryptedBuffer.length === 0) {
+    throw new Error("encryptedBuffer cannot be empty");
+  }
+  const aesKey = decodeEncodingAESKey(encodingAESKey);
+  const iv = aesKey.subarray(0, 16);
+  const decipher = crypto.createDecipheriv("aes-256-cbc", aesKey, iv);
+  decipher.setAutoPadding(false);
+  try {
+    const decryptedPadded = Buffer.concat([
+      decipher.update(encryptedBuffer),
+      decipher.final()
+    ]);
+    const decrypted = pkcs7Unpad(decryptedPadded, WECOM_PKCS7_BLOCK_SIZE);
+    return decrypted;
+  } catch (err) {
+    throw new Error(
+      `Failed to decrypt media: ${err instanceof Error ? err.message : String(err)}`
+    );
   }
-  return senderId;
 }
-function buildInboundBody(msg) {
+function extractWecomContent(msg) {
   const msgtype = String(msg.msgtype ?? "").toLowerCase();
   if (msgtype === "text") {
     const content = msg.text?.content;
@@ -4430,6 +4503,19 @@ function buildInboundBody(msg) {
   }
   return msgtype ? `[${msgtype}]` : "";
 }
+function resolveSenderId(msg) {
+  const userid = msg.from?.userid?.trim();
+  return userid || "unknown";
+}
+function resolveChatType(msg) {
+  return msg.chattype === "group" ? "group" : "direct";
+}
+function resolveChatId(msg, senderId, chatType) {
+  if (chatType === "group") {
+    return msg.chatid?.trim() || "unknown";
+  }
+  return senderId;
+}
 async function dispatchWecomMessage(params) {
   const { cfg, account, msg, core, hooks } = params;
   const safeCfg = cfg ?? {};
@@ -4477,85 +4563,311 @@ async function dispatchWecomMessage(params) {
     channel: "wecom",
     peer: { kind: chatType === "group" ? "group" : "dm", id: chatId }
   });
-  const rawBody = buildInboundBody(msg);
-  const fromLabel = chatType === "group" ? `group:${chatId}` : `user:${senderId}`;
-  const storePath = channel.session?.resolveStorePath?.(safeCfg.session?.store, {
-    agentId: route.agentId
+  const mediaResult = await processMediaInMessage({
+    msg,
+    encodingAESKey: account.encodingAESKey,
+    log: logger
   });
-  const previousTimestamp = channel.session?.readSessionUpdatedAt ? channel.session.readSessionUpdatedAt({
-    storePath,
-    sessionKey: route.sessionKey
-  }) ?? void 0 : void 0;
-  const envelopeOptions = channel.reply?.resolveEnvelopeFormatOptions ? channel.reply.resolveEnvelopeFormatOptions(safeCfg) : void 0;
-  const body = channel.reply?.formatAgentEnvelope ? channel.reply.formatAgentEnvelope({
-    channel: "WeCom",
-    from: fromLabel,
-    previousTimestamp,
-    envelope: envelopeOptions,
-    body: rawBody
-  }) : rawBody;
-  const ctxPayload = channel.reply?.finalizeInboundContext ? channel.reply.finalizeInboundContext({
-    Body: body,
-    RawBody: rawBody,
-    CommandBody: rawBody,
-    From: chatType === "group" ? `wecom:group:${chatId}` : `wecom:${senderId}`,
-    To: `wecom:${chatId}`,
-    SessionKey: route.sessionKey,
-    AccountId: route.accountId,
-    ChatType: chatType,
-    ConversationLabel: fromLabel,
-    SenderName: senderId,
-    SenderId: senderId,
-    Provider: "wecom",
-    Surface: "wecom",
-    MessageSid: msg.msgid,
-    OriginatingChannel: "wecom",
-    OriginatingTo: `wecom:${chatId}`
-  }) : {
-    Body: body,
-    RawBody: rawBody,
-    CommandBody: rawBody,
-    From: chatType === "group" ? `wecom:group:${chatId}` : `wecom:${senderId}`,
-    To: `wecom:${chatId}`,
-    SessionKey: route.sessionKey,
-    AccountId: route.accountId,
-    ChatType: chatType,
-    ConversationLabel: fromLabel,
-    SenderName: senderId,
-    SenderId: senderId,
-    Provider: "wecom",
-    Surface: "wecom",
-    MessageSid: msg.msgid,
-    OriginatingChannel: "wecom",
-    OriginatingTo: `wecom:${chatId}`
-  };
-  if (channel.session?.recordInboundSession && storePath) {
-    await channel.session.recordInboundSession({
+  const rawBody = mediaResult.text;
+  const fromLabel = chatType === "group" ? `group:${chatId}` : `user:${senderId}`;
+  try {
+    const storePath = channel.session?.resolveStorePath?.(safeCfg.session?.store, {
+      agentId: route.agentId
+    });
+    const previousTimestamp = channel.session?.readSessionUpdatedAt ? channel.session.readSessionUpdatedAt({
       storePath,
-      sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+      sessionKey: route.sessionKey
+    }) ?? void 0 : void 0;
+    const envelopeOptions = channel.reply?.resolveEnvelopeFormatOptions ? channel.reply.resolveEnvelopeFormatOptions(safeCfg) : void 0;
+    const body = channel.reply?.formatAgentEnvelope ? channel.reply.formatAgentEnvelope({
+      channel: "WeCom",
+      from: fromLabel,
+      previousTimestamp,
+      envelope: envelopeOptions,
+      body: rawBody
+    }) : rawBody;
+    const ctxPayload = channel.reply?.finalizeInboundContext ? channel.reply.finalizeInboundContext({
+      Body: body,
+      RawBody: rawBody,
+      CommandBody: rawBody,
+      From: chatType === "group" ? `wecom:group:${chatId}` : `wecom:${senderId}`,
+      To: `wecom:${chatId}`,
+      SessionKey: route.sessionKey,
+      AccountId: route.accountId,
+      ChatType: chatType,
+      ConversationLabel: fromLabel,
+      SenderName: senderId,
+      SenderId: senderId,
+      Provider: "wecom",
+      Surface: "wecom",
+      MessageSid: msg.msgid,
+      OriginatingChannel: "wecom",
+      OriginatingTo: `wecom:${chatId}`
+    }) : {
+      Body: body,
+      RawBody: rawBody,
+      CommandBody: rawBody,
+      From: chatType === "group" ? `wecom:group:${chatId}` : `wecom:${senderId}`,
+      To: `wecom:${chatId}`,
+      SessionKey: route.sessionKey,
+      AccountId: route.accountId,
+      ChatType: chatType,
+      ConversationLabel: fromLabel,
+      SenderName: senderId,
+      SenderId: senderId,
+      Provider: "wecom",
+      Surface: "wecom",
+      MessageSid: msg.msgid,
+      OriginatingChannel: "wecom",
+      OriginatingTo: `wecom:${chatId}`
+    };
+    if (channel.session?.recordInboundSession && storePath) {
+      await channel.session.recordInboundSession({
+        storePath,
+        sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+        ctx: ctxPayload,
+        onRecordError: (err) => {
+          logger.error(`wecom: failed updating session meta: ${String(err)}`);
+        }
+      });
+    }
+    const tableMode = channel.text?.resolveMarkdownTableMode ? channel.text.resolveMarkdownTableMode({ cfg: safeCfg, channel: "wecom", accountId: account.accountId }) : void 0;
+    await channel.reply.dispatchReplyWithBufferedBlockDispatcher({
       ctx: ctxPayload,
-      onRecordError: (err) => {
-        logger.error(`wecom: failed updating session meta: ${String(err)}`);
+      cfg: safeCfg,
+      dispatcherOptions: {
+        deliver: async (payload) => {
+          const rawText = payload.text ?? "";
+          if (!rawText.trim()) return;
+          const converted = channel.text?.convertMarkdownTables && tableMode ? channel.text.convertMarkdownTables(rawText, tableMode) : rawText;
+          hooks.onChunk(converted);
+        },
+        onError: (err, info) => {
+          hooks.onError?.(err);
+          logger.error(`${info.kind} reply failed: ${String(err)}`);
+        }
       }
     });
+  } finally {
   }
-  const tableMode = channel.text?.resolveMarkdownTableMode ? channel.text.resolveMarkdownTableMode({ cfg: safeCfg, channel: "wecom", accountId: account.accountId }) : void 0;
-  await channel.reply.dispatchReplyWithBufferedBlockDispatcher({
-    ctx: ctxPayload,
-    cfg: safeCfg,
-    dispatcherOptions: {
-      deliver: async (payload) => {
-        const rawText = payload.text ?? "";
-        if (!rawText.trim()) return;
-        const converted = channel.text?.convertMarkdownTables && tableMode ? channel.text.convertMarkdownTables(rawText, tableMode) : rawText;
-        hooks.onChunk(converted);
-      },
-      onError: (err, info) => {
-        hooks.onError?.(err);
-        logger.error(`${info.kind} reply failed: ${String(err)}`);
+}
+var MEDIA_DOWNLOAD_TIMEOUT = 6e4;
+async function downloadAndDecryptMedia(params) {
+  const { mediaUrl, encodingAESKey, fileName, log } = params;
+  if (!mediaUrl) {
+    throw new Error("mediaUrl is required");
+  }
+  if (!encodingAESKey) {
+    throw new Error("encodingAESKey is required");
+  }
+  log?.debug?.(`[wecom] \u4E0B\u8F7D\u52A0\u5BC6\u5A92\u4F53\u6587\u4EF6: ${mediaUrl.slice(0, 100)}...`);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), MEDIA_DOWNLOAD_TIMEOUT);
+  let encryptedBuffer;
+  let contentType = "application/octet-stream";
+  let contentDisposition = null;
+  try {
+    const response = await fetch(mediaUrl, { signal: controller.signal });
+    if (!response.ok) {
+      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+    }
+    contentType = response.headers.get("content-type") || "application/octet-stream";
+    contentDisposition = response.headers.get("content-disposition");
+    const arrayBuffer = await response.arrayBuffer();
+    encryptedBuffer = Buffer.from(arrayBuffer);
+    log?.debug?.(`[wecom] \u4E0B\u8F7D\u5B8C\u6210: ${encryptedBuffer.length} \u5B57\u8282`);
+  } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      throw new Error(`\u5A92\u4F53\u4E0B\u8F7D\u8D85\u65F6\uFF08${MEDIA_DOWNLOAD_TIMEOUT}ms\uFF09`);
+    }
+    throw err;
+  } finally {
+    clearTimeout(timeoutId);
+  }
+  log?.debug?.(`[wecom] \u89E3\u5BC6\u5A92\u4F53\u6587\u4EF6...`);
+  let decryptedBuffer;
+  try {
+    decryptedBuffer = decryptWecomMedia({
+      encryptedBuffer,
+      encodingAESKey
+    });
+    log?.debug?.(`[wecom] \u89E3\u5BC6\u5B8C\u6210: ${decryptedBuffer.length} \u5B57\u8282`);
+  } catch (err) {
+    throw new Error(`\u89E3\u5BC6\u5931\u8D25: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  const sanitizeFileName = (input) => {
+    if (!input) return void 0;
+    const base = path.basename(input);
+    const cleaned = base.replace(/[\\\/]+/g, "_").replace(/[\x00-\x1f\x7f]/g, "").trim();
+    if (!cleaned || cleaned === "." || cleaned === "..") return void 0;
+    return cleaned.length > 200 ? cleaned.slice(0, 200) : cleaned;
+  };
+  let originalFileName = sanitizeFileName(fileName);
+  if (contentDisposition && !originalFileName) {
+    const filenameMatch = contentDisposition.match(/filename[^;=\n]*=((['"]).*?\2|[^;\n]*)/);
+    if (filenameMatch && filenameMatch[1]) {
+      let headerFileName = filenameMatch[1].replace(/['"]/g, "");
+      try {
+        headerFileName = decodeURIComponent(headerFileName);
+      } catch {
+      }
+      originalFileName = sanitizeFileName(headerFileName);
+    }
+  }
+  let extension = "";
+  if (originalFileName) {
+    const lastDotIndex = originalFileName.lastIndexOf(".");
+    if (lastDotIndex > 0) {
+      extension = originalFileName.slice(lastDotIndex);
+    }
+  }
+  if (!extension) {
+    extension = resolveExtension(contentType);
+  }
+  const now = /* @__PURE__ */ new Date();
+  const yearMonth = now.toISOString().slice(0, 7).replace("-", "");
+  const wecomDir = path.join("/tmp", "wecom", yearMonth);
+  await fsPromises.mkdir(wecomDir, { recursive: true });
+  const baseFileName = originalFileName || `wecom-media`;
+  const baseNameWithoutExt = baseFileName.replace(/\.[-.\w]+$/, "");
+  const timestamp = Date.now();
+  const safeFileName = `${baseNameWithoutExt}-${timestamp}${extension}`;
+  const resolvedDir = path.resolve(wecomDir);
+  const resolvedPath = path.resolve(wecomDir, safeFileName);
+  if (!resolvedPath.startsWith(`${resolvedDir}${path.sep}`) && resolvedPath !== resolvedDir) {
+    throw new Error("Invalid media file path");
+  }
+  await fsPromises.writeFile(resolvedPath, decryptedBuffer);
+  log?.debug?.(`[wecom] \u6587\u4EF6\u5DF2\u4FDD\u5B58: ${resolvedPath}`);
+  return {
+    path: resolvedPath,
+    contentType,
+    size: decryptedBuffer.length,
+    fileName
+  };
+}
+async function processMediaInMessage(params) {
+  const { msg, encodingAESKey, log } = params;
+  if (!encodingAESKey) {
+    log?.debug?.(`[wecom] \u672A\u914D\u7F6E encodingAESKey\uFF0C\u8DF3\u8FC7\u5A92\u4F53\u89E3\u5BC6`);
+    return { text: extractWecomContent(msg) };
+  }
+  const msgtype = String(msg.msgtype ?? "").toLowerCase();
+  if (msgtype === "mixed") {
+    const items = msg.mixed?.msg_item;
+    if (Array.isArray(items)) {
+      const processedParts = [];
+      for (const item of items) {
+        if (!item || typeof item !== "object") continue;
+        const typed = item;
+        const t = String(typed.msgtype ?? "").toLowerCase();
+        if (t === "text") {
+          const content = String(typed.text?.content ?? "");
+          processedParts.push(content);
+        } else if (t === "image") {
+          const url = String(typed.image?.url ?? "").trim();
+          if (url) {
+            try {
+              const mediaFile = await downloadAndDecryptMedia({
+                mediaUrl: url,
+                encodingAESKey,
+                fileName: "image.jpg",
+                log
+              });
+              processedParts.push(`[image] ${mediaFile.path}`);
+            } catch (err) {
+              log?.error?.(`[wecom] mixed\u6D88\u606F\u4E2D\u56FE\u7247\u4E0B\u8F7D\u89E3\u5BC6\u5931\u8D25: ${err}`);
+              processedParts.push(`[image] ${url}`);
+            }
+          }
+        } else if (t === "file") {
+          const url = String(typed.file?.url ?? "").trim();
+          const fileName = String(typed.file?.filename ?? "file.bin").trim();
+          if (url) {
+            try {
+              const mediaFile = await downloadAndDecryptMedia({
+                mediaUrl: url,
+                encodingAESKey,
+                fileName,
+                log
+              });
+              processedParts.push(`[file] ${mediaFile.path}`);
+            } catch (err) {
+              log?.error?.(`[wecom] mixed\u6D88\u606F\u4E2D\u6587\u4EF6\u4E0B\u8F7D\u89E3\u5BC6\u5931\u8D25: ${err}`);
+              processedParts.push(`[file] ${url}`);
+            }
+          }
+        } else {
+          processedParts.push(t ? `[${t}]` : "");
+        }
       }
+      return {
+        text: processedParts.filter((p) => Boolean(p && p.trim())).join("\n")
+      };
     }
-  });
+    return { text: extractWecomContent(msg) };
+  }
+  if (msgtype === "image") {
+    const url = String(msg.image?.url ?? "").trim();
+    if (url) {
+      try {
+        const mediaFile = await downloadAndDecryptMedia({
+          mediaUrl: url,
+          encodingAESKey,
+          fileName: "image.jpg",
+          // 默认文件名
+          log
+        });
+        return {
+          text: `[image] ${mediaFile.path}`
+        };
+      } catch (err) {
+        log?.error?.(`[wecom] \u56FE\u7247\u4E0B\u8F7D\u89E3\u5BC6\u5931\u8D25: ${err}`);
+        return { text: extractWecomContent(msg) };
+      }
+    }
+  }
+  if (msgtype === "file") {
+    const url = String(msg.file?.url ?? "").trim();
+    const fileName = msg.file?.filename;
+    if (url) {
+      try {
+        const mediaFile = await downloadAndDecryptMedia({
+          mediaUrl: url,
+          encodingAESKey,
+          fileName,
+          log
+        });
+        return {
+          text: `[file] ${mediaFile.path}`
+        };
+      } catch (err) {
+        log?.error?.(`[wecom] \u6587\u4EF6\u4E0B\u8F7D\u89E3\u5BC6\u5931\u8D25: ${err}`);
+        return { text: extractWecomContent(msg) };
+      }
+    }
+  }
+  if (msgtype === "voice") {
+    const url = String(msg.voice?.url ?? "").trim();
+    if (url) {
+      try {
+        const mediaFile = await downloadAndDecryptMedia({
+          mediaUrl: url,
+          encodingAESKey,
+          fileName: "voice.amr",
+          // 默认文件名
+          log
+        });
+        return {
+          text: `[voice] ${mediaFile.path}`
+        };
+      } catch (err) {
+        log?.error?.(`[wecom] \u8BED\u97F3\u4E0B\u8F7D\u89E3\u5BC6\u5931\u8D25: ${err}`);
+        return { text: extractWecomContent(msg) };
+      }
+    }
+  }
+  return { text: extractWecomContent(msg) };
 }
 
 // src/runtime.ts
@@ -4614,11 +4926,11 @@ function jsonOk(res, body) {
 async function readJsonBody(req, maxBytes) {
   const chunks = [];
   let total = 0;
-  return await new Promise((resolve) => {
+  return await new Promise((resolve2) => {
     req.on("data", (chunk) => {
       total += chunk.length;
       if (total > maxBytes) {
-        resolve({ ok: false, error: "payload too large" });
+        resolve2({ ok: false, error: "payload too large" });
         req.destroy();
         return;
       }
@@ -4628,16 +4940,16 @@ async function readJsonBody(req, maxBytes) {
       try {
         const raw = Buffer.concat(chunks).toString("utf8");
         if (!raw.trim()) {
-          resolve({ ok: false, error: "empty payload" });
+          resolve2({ ok: false, error: "empty payload" });
           return;
         }
-        resolve({ ok: true, value: JSON.parse(raw) });
+        resolve2({ ok: true, value: JSON.parse(raw) });
       } catch (err) {
-        resolve({ ok: false, error: err instanceof Error ? err.message : String(err) });
+        resolve2({ ok: false, error: err instanceof Error ? err.message : String(err) });
       }
     });
     req.on("error", (err) => {
-      resolve({ ok: false, error: err instanceof Error ? err.message : String(err) });
+      resolve2({ ok: false, error: err instanceof Error ? err.message : String(err) });
     });
   });
 }
@@ -4705,12 +5017,12 @@ function parseWecomPlainMessage(raw) {
 }
 async function waitForStreamContent(streamId, maxWaitMs) {
   const startedAt = Date.now();
-  await new Promise((resolve) => {
+  await new Promise((resolve2) => {
     const tick = () => {
       const state = streams.get(streamId);
-      if (!state) return resolve();
-      if (state.error || state.finished || state.content.trim()) return resolve();
-      if (Date.now() - startedAt >= maxWaitMs) return resolve();
+      if (!state) return resolve2();
+      if (state.error || state.finished || state.content.trim()) return resolve2();
+      if (Date.now() - startedAt >= maxWaitMs) return resolve2();
       setTimeout(tick, 25);
     };
     tick();
@@ -4743,8 +5055,8 @@ function registerWecomWebhookTarget(target) {
 }
 async function handleWecomWebhookRequest(req, res) {
   pruneStreams();
-  const path = resolvePath(req);
-  const targets = webhookTargets.get(path);
+  const path2 = resolvePath(req);
+  const targets = webhookTargets.get(path2);
   if (!targets || targets.length === 0) return false;
   const query = resolveQueryParams(req);
   const timestamp = query.get("timestamp") ?? "";
@@ -4752,7 +5064,7 @@ async function handleWecomWebhookRequest(req, res) {
   const signature = resolveSignatureParam(query);
   const primary = targets[0];
   const logger = buildLogger(primary);
-  logger.debug(`incoming ${req.method} request on ${path} (timestamp=${timestamp}, nonce=${nonce})`);
+  logger.debug(`incoming ${req.method} request on ${path2} (timestamp=${timestamp}, nonce=${nonce})`);
   if (req.method === "GET") {
     const echostr = query.get("echostr") ?? "";
     if (!timestamp || !nonce || !signature || !echostr) {
@@ -5126,7 +5438,7 @@ var wecomPlugin = {
         ctx.setStatus?.({ accountId: ctx.accountId, running: false, configured: false });
         return;
       }
-      const path = (account.config.webhookPath ?? "/wecom").trim();
+      const path2 = (account.config.webhookPath ?? "/wecom").trim();
       const unregister = registerWecomWebhookTarget({
         account,
         config: ctx.cfg ?? {},
@@ -5134,18 +5446,18 @@ var wecomPlugin = {
           log: ctx.log?.info ?? console.log,
           error: ctx.log?.error ?? console.error
         },
-        path,
+        path: path2,
         statusSink: (patch) => ctx.setStatus?.({ accountId: ctx.accountId, ...patch })
       });
       const existing = unregisterHooks.get(ctx.accountId);
       if (existing) existing();
       unregisterHooks.set(ctx.accountId, unregister);
-      ctx.log?.info(`[wecom] webhook registered at ${path} for account ${ctx.accountId}`);
+      ctx.log?.info(`[wecom] webhook registered at ${path2} for account ${ctx.accountId}`);
       ctx.setStatus?.({
         accountId: ctx.accountId,
         running: true,
         configured: true,
-        webhookPath: path,
+        webhookPath: path2,
         lastStartAt: Date.now()
       });
     },