@openclaw/feishu 2026.2.25 → 2026.3.2

package/index.ts

@@ -2,6 +2,7 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
 import { emptyPluginConfigSchema } from "openclaw/plugin-sdk";
 import { registerFeishuBitableTools } from "./src/bitable.js";
 import { feishuPlugin } from "./src/channel.js";
+import { registerFeishuChatTools } from "./src/chat.js";
 import { registerFeishuDocTools } from "./src/docx.js";
 import { registerFeishuDriveTools } from "./src/drive.js";
 import { registerFeishuPermTools } from "./src/perm.js";
@@ -53,6 +54,7 @@ const plugin = {
     setFeishuRuntime(api.runtime);
     api.registerChannel({ plugin: feishuPlugin });
     registerFeishuDocTools(api);
+    registerFeishuChatTools(api);
     registerFeishuWikiTools(api);
     registerFeishuDriveTools(api);
     registerFeishuPermTools(api);

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@openclaw/feishu",
-  "version": "2026.2.25",
+  "version": "2026.3.2",
   "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)",
   "type": "module",
   "dependencies": {
     "@larksuiteoapi/node-sdk": "^1.59.0",
     "@sinclair/typebox": "0.34.48",
+    "https-proxy-agent": "^7.0.6",
     "zod": "^4.3.6"
   },
   "openclaw": {

package/skills/feishu-doc/SKILL.md

@@ -6,7 +6,7 @@ description: |
 
 # Feishu Document Tool
 
-Single tool `feishu_doc` with action parameter for all document operations.
+Single tool `feishu_doc` with action parameter for all document operations, including table creation for Docx.
 
 ## Token Extraction
 
@@ -43,15 +43,22 @@ Appends markdown to end of document.
 ### Create Document
 
 ```json
-{ "action": "create", "title": "New Document" }
+{ "action": "create", "title": "New Document", "owner_open_id": "ou_xxx" }
 ```
 
 With folder:
 
 ```json
-{ "action": "create", "title": "New Document", "folder_token": "fldcnXXX" }
+{
+  "action": "create",
+  "title": "New Document",
+  "folder_token": "fldcnXXX",
+  "owner_open_id": "ou_xxx"
+}
 ```
 
+**Important:** Always pass `owner_open_id` with the requesting user's `open_id` (from inbound metadata `sender_id`) so the user automatically gets `full_access` permission on the created document. Without this, only the bot app has access.
+
 ### List Blocks
 
 ```json
@@ -83,6 +90,105 @@ Returns full block data including tables, images. Use this to read structured co
 { "action": "delete_block", "doc_token": "ABC123def", "block_id": "doxcnXXX" }
 ```
 
+### Create Table (Docx Table Block)
+
+```json
+{
+  "action": "create_table",
+  "doc_token": "ABC123def",
+  "row_size": 2,
+  "column_size": 2,
+  "column_width": [200, 200]
+}
+```
+
+Optional: `parent_block_id` to insert under a specific block.
+
+### Write Table Cells
+
+```json
+{
+  "action": "write_table_cells",
+  "doc_token": "ABC123def",
+  "table_block_id": "doxcnTABLE",
+  "values": [
+    ["A1", "B1"],
+    ["A2", "B2"]
+  ]
+}
+```
+
+### Create Table With Values (One-step)
+
+```json
+{
+  "action": "create_table_with_values",
+  "doc_token": "ABC123def",
+  "row_size": 2,
+  "column_size": 2,
+  "column_width": [200, 200],
+  "values": [
+    ["A1", "B1"],
+    ["A2", "B2"]
+  ]
+}
+```
+
+Optional: `parent_block_id` to insert under a specific block.
+
+### Upload Image to Docx (from URL or local file)
+
+```json
+{
+  "action": "upload_image",
+  "doc_token": "ABC123def",
+  "url": "https://example.com/image.png"
+}
+```
+
+Or local path with position control:
+
+```json
+{
+  "action": "upload_image",
+  "doc_token": "ABC123def",
+  "file_path": "/tmp/image.png",
+  "parent_block_id": "doxcnParent",
+  "index": 5
+}
+```
+
+Optional `index` (0-based) inserts the image at a specific position among sibling blocks. Omit to append at end.
+
+**Note:** Image display size is determined by the uploaded image's pixel dimensions. For small images (e.g. 480x270 GIFs), scale to 800px+ width before uploading to ensure proper display.
+
+### Upload File Attachment to Docx (from URL or local file)
+
+```json
+{
+  "action": "upload_file",
+  "doc_token": "ABC123def",
+  "url": "https://example.com/report.pdf"
+}
+```
+
+Or local path:
+
+```json
+{
+  "action": "upload_file",
+  "doc_token": "ABC123def",
+  "file_path": "/tmp/report.pdf",
+  "filename": "Q1-report.pdf"
+}
+```
+
+Rules:
+
+- exactly one of `url` / `file_path`
+- optional `filename` override
+- optional `parent_block_id`
+
 ## Reading Workflow
 
 1. Start with `action: "read"` - get plain text + statistics

package/src/accounts.test.ts

@@ -0,0 +1,161 @@
+import { describe, expect, it } from "vitest";
+import {
+  resolveDefaultFeishuAccountId,
+  resolveDefaultFeishuAccountSelection,
+  resolveFeishuAccount,
+} from "./accounts.js";
+
+describe("resolveDefaultFeishuAccountId", () => {
+  it("prefers channels.feishu.defaultAccount when configured", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "router-d",
+          accounts: {
+            default: { appId: "cli_default", appSecret: "secret_default" },
+            "router-d": { appId: "cli_router", appSecret: "secret_router" },
+          },
+        },
+      },
+    };
+
+    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("router-d");
+  });
+
+  it("normalizes configured defaultAccount before lookup", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "Router D",
+          accounts: {
+            "router-d": { appId: "cli_router", appSecret: "secret_router" },
+          },
+        },
+      },
+    };
+
+    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("router-d");
+  });
+
+  it("keeps configured defaultAccount even when not present in accounts map", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "router-d",
+          accounts: {
+            default: { appId: "cli_default", appSecret: "secret_default" },
+            zeta: { appId: "cli_zeta", appSecret: "secret_zeta" },
+          },
+        },
+      },
+    };
+
+    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("router-d");
+  });
+
+  it("falls back to literal default account id when present", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          accounts: {
+            default: { appId: "cli_default", appSecret: "secret_default" },
+            zeta: { appId: "cli_zeta", appSecret: "secret_zeta" },
+          },
+        },
+      },
+    };
+
+    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("default");
+  });
+
+  it("reports selection source for configured defaults and mapped defaults", () => {
+    const explicitDefaultCfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "router-d",
+          accounts: {},
+        },
+      },
+    };
+    expect(resolveDefaultFeishuAccountSelection(explicitDefaultCfg as never)).toEqual({
+      accountId: "router-d",
+      source: "explicit-default",
+    });
+
+    const mappedDefaultCfg = {
+      channels: {
+        feishu: {
+          accounts: {
+            default: { appId: "cli_default", appSecret: "secret_default" },
+          },
+        },
+      },
+    };
+    expect(resolveDefaultFeishuAccountSelection(mappedDefaultCfg as never)).toEqual({
+      accountId: "default",
+      source: "mapped-default",
+    });
+  });
+});
+
+describe("resolveFeishuAccount", () => {
+  it("uses top-level credentials with configured default account id even without account map entry", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "router-d",
+          appId: "top_level_app",
+          appSecret: "top_level_secret",
+          accounts: {
+            default: { appId: "cli_default", appSecret: "secret_default" },
+          },
+        },
+      },
+    };
+
+    const account = resolveFeishuAccount({ cfg: cfg as never, accountId: undefined });
+    expect(account.accountId).toBe("router-d");
+    expect(account.selectionSource).toBe("explicit-default");
+    expect(account.configured).toBe(true);
+    expect(account.appId).toBe("top_level_app");
+  });
+
+  it("uses configured default account when accountId is omitted", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "router-d",
+          accounts: {
+            default: { enabled: true },
+            "router-d": { appId: "cli_router", appSecret: "secret_router", enabled: true },
+          },
+        },
+      },
+    };
+
+    const account = resolveFeishuAccount({ cfg: cfg as never, accountId: undefined });
+    expect(account.accountId).toBe("router-d");
+    expect(account.selectionSource).toBe("explicit-default");
+    expect(account.configured).toBe(true);
+    expect(account.appId).toBe("cli_router");
+  });
+
+  it("keeps explicit accountId selection", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          defaultAccount: "router-d",
+          accounts: {
+            default: { appId: "cli_default", appSecret: "secret_default" },
+            "router-d": { appId: "cli_router", appSecret: "secret_router" },
+          },
+        },
+      },
+    };
+
+    const account = resolveFeishuAccount({ cfg: cfg as never, accountId: "default" });
+    expect(account.accountId).toBe("default");
+    expect(account.selectionSource).toBe("explicit");
+    expect(account.appId).toBe("cli_default");
+  });
+});

package/src/accounts.ts

@@ -1,8 +1,10 @@
 import type { ClawdbotConfig } from "openclaw/plugin-sdk";
 import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk/account-id";
+import { normalizeResolvedSecretInputString, normalizeSecretInputString } from "./secret-input.js";
 import type {
   FeishuConfig,
   FeishuAccountConfig,
+  FeishuDefaultAccountSelectionSource,
   FeishuDomain,
   ResolvedFeishuAccount,
 } from "./types.js";
@@ -32,14 +34,38 @@ export function listFeishuAccountIds(cfg: ClawdbotConfig): string[] {
 }
 
 /**
- * Resolve the default account ID.
+ * Resolve the default account selection and its source.
  */
-export function resolveDefaultFeishuAccountId(cfg: ClawdbotConfig): string {
+export function resolveDefaultFeishuAccountSelection(cfg: ClawdbotConfig): {
+  accountId: string;
+  source: FeishuDefaultAccountSelectionSource;
+} {
+  const preferredRaw = (cfg.channels?.feishu as FeishuConfig | undefined)?.defaultAccount?.trim();
+  const preferred = preferredRaw ? normalizeAccountId(preferredRaw) : undefined;
+  if (preferred) {
+    return {
+      accountId: preferred,
+      source: "explicit-default",
+    };
+  }
   const ids = listFeishuAccountIds(cfg);
   if (ids.includes(DEFAULT_ACCOUNT_ID)) {
-    return DEFAULT_ACCOUNT_ID;
+    return {
+      accountId: DEFAULT_ACCOUNT_ID,
+      source: "mapped-default",
+    };
   }
-  return ids[0] ?? DEFAULT_ACCOUNT_ID;
+  return {
+    accountId: ids[0] ?? DEFAULT_ACCOUNT_ID,
+    source: "fallback",
+  };
+}
+
+/**
+ * Resolve the default account ID.
+ */
+export function resolveDefaultFeishuAccountId(cfg: ClawdbotConfig): string {
+  return resolveDefaultFeishuAccountSelection(cfg).accountId;
 }
 
 /**
@@ -64,7 +90,7 @@ function mergeFeishuAccountConfig(cfg: ClawdbotConfig, accountId: string): Feish
   const feishuCfg = cfg.channels?.feishu as FeishuConfig | undefined;
 
   // Extract base config (exclude accounts field to avoid recursion)
-  const { accounts: _ignored, ...base } = feishuCfg ?? {};
+  const { accounts: _ignored, defaultAccount: _ignoredDefaultAccount, ...base } = feishuCfg ?? {};
 
   // Get account-specific overrides
   const account = resolveAccountConfig(cfg, accountId) ?? {};
@@ -82,9 +108,34 @@ export function resolveFeishuCredentials(cfg?: FeishuConfig): {
   encryptKey?: string;
   verificationToken?: string;
   domain: FeishuDomain;
+} | null;
+export function resolveFeishuCredentials(
+  cfg: FeishuConfig | undefined,
+  options: { allowUnresolvedSecretRef?: boolean },
+): {
+  appId: string;
+  appSecret: string;
+  encryptKey?: string;
+  verificationToken?: string;
+  domain: FeishuDomain;
+} | null;
+export function resolveFeishuCredentials(
+  cfg?: FeishuConfig,
+  options?: { allowUnresolvedSecretRef?: boolean },
+): {
+  appId: string;
+  appSecret: string;
+  encryptKey?: string;
+  verificationToken?: string;
+  domain: FeishuDomain;
 } | null {
   const appId = cfg?.appId?.trim();
-  const appSecret = cfg?.appSecret?.trim();
+  const appSecret = options?.allowUnresolvedSecretRef
+    ? normalizeSecretInputString(cfg?.appSecret)
+    : normalizeResolvedSecretInputString({
+        value: cfg?.appSecret,
+        path: "channels.feishu.appSecret",
+      });
   if (!appId || !appSecret) {
     return null;
   }
@@ -92,7 +143,13 @@ export function resolveFeishuCredentials(cfg?: FeishuConfig): {
     appId,
     appSecret,
     encryptKey: cfg?.encryptKey?.trim() || undefined,
-    verificationToken: cfg?.verificationToken?.trim() || undefined,
+    verificationToken:
+      (options?.allowUnresolvedSecretRef
+        ? normalizeSecretInputString(cfg?.verificationToken)
+        : normalizeResolvedSecretInputString({
+            value: cfg?.verificationToken,
+            path: "channels.feishu.verificationToken",
+          })) || undefined,
     domain: cfg?.domain ?? "feishu",
   };
 }
@@ -104,7 +161,17 @@ export function resolveFeishuAccount(params: {
   cfg: ClawdbotConfig;
   accountId?: string | null;
 }): ResolvedFeishuAccount {
-  const accountId = normalizeAccountId(params.accountId);
+  const hasExplicitAccountId =
+    typeof params.accountId === "string" && params.accountId.trim() !== "";
+  const defaultSelection = hasExplicitAccountId
+    ? null
+    : resolveDefaultFeishuAccountSelection(params.cfg);
+  const accountId = hasExplicitAccountId
+    ? normalizeAccountId(params.accountId)
+    : (defaultSelection?.accountId ?? DEFAULT_ACCOUNT_ID);
+  const selectionSource = hasExplicitAccountId
+    ? "explicit"
+    : (defaultSelection?.source ?? "fallback");
   const feishuCfg = params.cfg.channels?.feishu as FeishuConfig | undefined;
 
   // Base enabled state (top-level)
@@ -122,6 +189,7 @@ export function resolveFeishuAccount(params: {
 
   return {
     accountId,
+    selectionSource,
     enabled,
     configured: Boolean(creds),
     name: (merged as FeishuAccountConfig).name?.trim() || undefined,

package/src/async.ts

@@ -0,0 +1,62 @@
+const RACE_TIMEOUT = Symbol("race-timeout");
+const RACE_ABORT = Symbol("race-abort");
+
+export type RaceWithTimeoutAndAbortResult<T> =
+  | { status: "resolved"; value: T }
+  | { status: "timeout" }
+  | { status: "aborted" };
+
+export async function raceWithTimeoutAndAbort<T>(
+  promise: Promise<T>,
+  options: {
+    timeoutMs?: number;
+    abortSignal?: AbortSignal;
+  } = {},
+): Promise<RaceWithTimeoutAndAbortResult<T>> {
+  if (options.abortSignal?.aborted) {
+    return { status: "aborted" };
+  }
+
+  if (options.timeoutMs === undefined && !options.abortSignal) {
+    return { status: "resolved", value: await promise };
+  }
+
+  let timeoutHandle: ReturnType<typeof setTimeout> | undefined;
+  let abortHandler: (() => void) | undefined;
+  const contenders: Array<Promise<T | typeof RACE_TIMEOUT | typeof RACE_ABORT>> = [promise];
+
+  if (options.timeoutMs !== undefined) {
+    contenders.push(
+      new Promise((resolve) => {
+        timeoutHandle = setTimeout(() => resolve(RACE_TIMEOUT), options.timeoutMs);
+      }),
+    );
+  }
+
+  if (options.abortSignal) {
+    contenders.push(
+      new Promise((resolve) => {
+        abortHandler = () => resolve(RACE_ABORT);
+        options.abortSignal?.addEventListener("abort", abortHandler, { once: true });
+      }),
+    );
+  }
+
+  try {
+    const result = await Promise.race(contenders);
+    if (result === RACE_TIMEOUT) {
+      return { status: "timeout" };
+    }
+    if (result === RACE_ABORT) {
+      return { status: "aborted" };
+    }
+    return { status: "resolved", value: result };
+  } finally {
+    if (timeoutHandle) {
+      clearTimeout(timeoutHandle);
+    }
+    if (abortHandler) {
+      options.abortSignal?.removeEventListener("abort", abortHandler);
+    }
+  }
+}