@openclaw/feishu 2026.5.2 → 2026.5.3-beta.2

package/contract-api.ts

@@ -1,16 +0,0 @@
-export { createFeishuThreadBindingManager } from "./src/thread-bindings.js";
-export { __testing as feishuThreadBindingTesting } from "./src/thread-bindings.js";
-export {
-  collectRuntimeConfigAssignments,
-  secretTargetRegistryEntries,
-} from "./src/secret-contract.js";
-export { collectFeishuSecurityAuditFindings } from "./src/security-audit.js";
-export { messageActionTargetAliases } from "./src/message-action-contract.js";
-export {
-  buildFeishuConversationId,
-  parseFeishuConversationId,
-  parseFeishuDirectConversationId,
-  parseFeishuTargetId,
-} from "./src/conversation-id.js";
-
-export const feishuSessionBindingAdapterChannels = ["feishu"] as const;

package/index.ts

@@ -1,82 +0,0 @@
-import {
-  defineBundledChannelEntry,
-  loadBundledEntryExportSync,
-} from "openclaw/plugin-sdk/channel-entry-contract";
-import type { OpenClawPluginApi } from "openclaw/plugin-sdk/channel-entry-contract";
-import { registerFeishuSubagentHooks } from "./subagent-hooks-api.js";
-
-function registerFeishuDocTools(api: OpenClawPluginApi) {
-  const register = loadBundledEntryExportSync<(api: OpenClawPluginApi) => void>(import.meta.url, {
-    specifier: "./api.js",
-    exportName: "registerFeishuDocTools",
-  });
-  register(api);
-}
-
-function registerFeishuChatTools(api: OpenClawPluginApi) {
-  const register = loadBundledEntryExportSync<(api: OpenClawPluginApi) => void>(import.meta.url, {
-    specifier: "./api.js",
-    exportName: "registerFeishuChatTools",
-  });
-  register(api);
-}
-
-function registerFeishuWikiTools(api: OpenClawPluginApi) {
-  const register = loadBundledEntryExportSync<(api: OpenClawPluginApi) => void>(import.meta.url, {
-    specifier: "./api.js",
-    exportName: "registerFeishuWikiTools",
-  });
-  register(api);
-}
-
-function registerFeishuDriveTools(api: OpenClawPluginApi) {
-  const register = loadBundledEntryExportSync<(api: OpenClawPluginApi) => void>(import.meta.url, {
-    specifier: "./api.js",
-    exportName: "registerFeishuDriveTools",
-  });
-  register(api);
-}
-
-function registerFeishuPermTools(api: OpenClawPluginApi) {
-  const register = loadBundledEntryExportSync<(api: OpenClawPluginApi) => void>(import.meta.url, {
-    specifier: "./api.js",
-    exportName: "registerFeishuPermTools",
-  });
-  register(api);
-}
-
-function registerFeishuBitableTools(api: OpenClawPluginApi) {
-  const register = loadBundledEntryExportSync<(api: OpenClawPluginApi) => void>(import.meta.url, {
-    specifier: "./api.js",
-    exportName: "registerFeishuBitableTools",
-  });
-  register(api);
-}
-
-export default defineBundledChannelEntry({
-  id: "feishu",
-  name: "Feishu",
-  description: "Feishu/Lark channel plugin",
-  importMetaUrl: import.meta.url,
-  plugin: {
-    specifier: "./channel-plugin-api.js",
-    exportName: "feishuPlugin",
-  },
-  secrets: {
-    specifier: "./secret-contract-api.js",
-    exportName: "channelSecrets",
-  },
-  runtime: {
-    specifier: "./runtime-api.js",
-    exportName: "setFeishuRuntime",
-  },
-  registerFull(api) {
-    registerFeishuSubagentHooks(api);
-    registerFeishuDocTools(api);
-    registerFeishuChatTools(api);
-    registerFeishuWikiTools(api);
-    registerFeishuDriveTools(api);
-    registerFeishuPermTools(api);
-    registerFeishuBitableTools(api);
-  },
-});

package/runtime-api.ts

@@ -1,55 +0,0 @@
-// Private runtime barrel for the bundled Feishu extension.
-// Keep this barrel thin and generic-only.
-
-export type {
-  AllowlistMatch,
-  AnyAgentTool,
-  BaseProbeResult,
-  ChannelGroupContext,
-  ChannelMessageActionName,
-  ChannelMeta,
-  ChannelOutboundAdapter,
-  ChannelPlugin,
-  HistoryEntry,
-  OpenClawConfig,
-  OpenClawPluginApi,
-  OutboundIdentity,
-  PluginRuntime,
-  ReplyPayload,
-} from "openclaw/plugin-sdk/core";
-export type { OpenClawConfig as ClawdbotConfig } from "openclaw/plugin-sdk/core";
-export type { RuntimeEnv } from "openclaw/plugin-sdk/runtime";
-export type { GroupToolPolicyConfig } from "openclaw/plugin-sdk/config-types";
-export {
-  DEFAULT_ACCOUNT_ID,
-  buildChannelConfigSchema,
-  createActionGate,
-  createDedupeCache,
-} from "openclaw/plugin-sdk/core";
-export {
-  PAIRING_APPROVED_MESSAGE,
-  buildProbeChannelStatusSummary,
-  createDefaultChannelRuntimeState,
-} from "openclaw/plugin-sdk/channel-status";
-export { buildAgentMediaPayload } from "openclaw/plugin-sdk/agent-media-payload";
-export { createChannelPairingController } from "openclaw/plugin-sdk/channel-pairing";
-export { createReplyPrefixContext } from "openclaw/plugin-sdk/channel-reply-pipeline";
-export {
-  evaluateSupplementalContextVisibility,
-  filterSupplementalContextItems,
-  resolveChannelContextVisibilityMode,
-} from "openclaw/plugin-sdk/context-visibility-runtime";
-export {
-  loadSessionStore,
-  resolveSessionStoreEntry,
-} from "openclaw/plugin-sdk/session-store-runtime";
-export { readJsonFileWithFallback } from "openclaw/plugin-sdk/json-store";
-export { createPersistentDedupe } from "openclaw/plugin-sdk/persistent-dedupe";
-export { normalizeAgentId } from "openclaw/plugin-sdk/routing";
-export { chunkTextForOutbound } from "openclaw/plugin-sdk/text-chunking";
-export {
-  isRequestBodyLimitError,
-  readRequestBodyWithLimit,
-  requestBodyErrorToText,
-} from "openclaw/plugin-sdk/webhook-ingress";
-export { setFeishuRuntime } from "./src/runtime.js";

package/secret-contract-api.ts

@@ -1,5 +0,0 @@
-export {
-  channelSecrets,
-  collectRuntimeConfigAssignments,
-  secretTargetRegistryEntries,
-} from "./src/secret-contract.js";

package/security-contract-api.ts

@@ -1 +0,0 @@
-export { collectFeishuSecurityAuditFindings } from "./src/security-audit-shared.js";

package/session-key-api.ts

@@ -1 +0,0 @@
-export { resolveFeishuSessionConversation as resolveSessionConversation } from "./src/session-conversation.js";

package/setup-api.ts

@@ -1,3 +0,0 @@
-export { feishuPlugin } from "./src/channel.js";
-export { feishuSetupAdapter } from "./src/setup-core.js";
-export { feishuSetupWizard } from "./src/setup-surface.js";

package/setup-entry.test.ts

@@ -1,14 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-
-vi.mock("@larksuiteoapi/node-sdk", () => {
-  throw new Error("setup entry must not load the Feishu SDK");
-});
-
-describe("feishu setup entry", () => {
-  it("declares the setup entry without importing Feishu runtime dependencies", async () => {
-    const { default: setupEntry } = await import("./setup-entry.js");
-
-    expect(setupEntry.kind).toBe("bundled-channel-setup-entry");
-    expect(typeof setupEntry.loadSetupPlugin).toBe("function");
-  });
-});

package/setup-entry.ts

@@ -1,13 +0,0 @@
-import { defineBundledChannelSetupEntry } from "openclaw/plugin-sdk/channel-entry-contract";
-
-export default defineBundledChannelSetupEntry({
-  importMetaUrl: import.meta.url,
-  plugin: {
-    specifier: "./setup-api.js",
-    exportName: "feishuPlugin",
-  },
-  secrets: {
-    specifier: "./secret-contract-api.js",
-    exportName: "channelSecrets",
-  },
-});

package/src/accounts.test.ts

@@ -1,459 +0,0 @@
-import { describe, expect, it } from "vitest";
-import {
-  FeishuSecretRefUnavailableError,
-  inspectFeishuCredentials,
-  resolveDefaultFeishuAccountId,
-  resolveDefaultFeishuAccountSelection,
-  resolveFeishuAccount,
-  resolveFeishuCredentials,
-  resolveFeishuRuntimeAccount,
-} from "./accounts.js";
-import type { FeishuConfig } from "./types.js";
-
-function makeDefaultAndRouterAccounts() {
-  return {
-    default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-    "router-d": { appId: "cli_router", appSecret: "secret_router" }, // pragma: allowlist secret
-  };
-}
-
-function expectExplicitDefaultAccountSelection(
-  account: ReturnType<typeof resolveFeishuAccount>,
-  appId: string,
-) {
-  expect(account.accountId).toBe("router-d");
-  expect(account.selectionSource).toBe("explicit-default");
-  expect(account.configured).toBe(true);
-  expect(account.appId).toBe(appId);
-}
-
-function withEnvVar(key: string, value: string | undefined, run: () => void) {
-  const prev = process.env[key];
-  if (value === undefined) {
-    delete process.env[key];
-  } else {
-    process.env[key] = value;
-  }
-  try {
-    run();
-  } finally {
-    if (prev === undefined) {
-      delete process.env[key];
-    } else {
-      process.env[key] = prev;
-    }
-  }
-}
-
-function asConfig(config: Partial<FeishuConfig>): FeishuConfig {
-  return config as unknown as FeishuConfig;
-}
-
-function expectUnresolvedEnvSecretRefError(key: string) {
-  expect(() =>
-    resolveFeishuCredentials(
-      asConfig({
-        appId: "cli_123",
-        appSecret: { source: "env", provider: "default", id: key } as never,
-      }),
-    ),
-  ).toThrow(/unresolved SecretRef/i);
-}
-
-describe("resolveDefaultFeishuAccountId", () => {
-  it("prefers channels.feishu.defaultAccount when configured", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "router-d",
-          accounts: makeDefaultAndRouterAccounts(),
-        },
-      },
-    };
-
-    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("router-d");
-  });
-
-  it("normalizes configured defaultAccount before lookup", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "Router D",
-          accounts: {
-            "router-d": { appId: "cli_router", appSecret: "secret_router" }, // pragma: allowlist secret
-          },
-        },
-      },
-    };
-
-    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("router-d");
-  });
-
-  it("keeps configured defaultAccount even when not present in accounts map", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "router-d",
-          accounts: {
-            default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-            zeta: { appId: "cli_zeta", appSecret: "secret_zeta" }, // pragma: allowlist secret
-          },
-        },
-      },
-    };
-
-    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("router-d");
-  });
-
-  it("falls back to literal default account id when present", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          accounts: {
-            default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-            zeta: { appId: "cli_zeta", appSecret: "secret_zeta" }, // pragma: allowlist secret
-          },
-        },
-      },
-    };
-
-    expect(resolveDefaultFeishuAccountId(cfg as never)).toBe("default");
-  });
-
-  it("reports selection source for configured defaults and mapped defaults", () => {
-    const explicitDefaultCfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "router-d",
-          accounts: {},
-        },
-      },
-    };
-    expect(resolveDefaultFeishuAccountSelection(explicitDefaultCfg as never)).toEqual({
-      accountId: "router-d",
-      source: "explicit-default",
-    });
-
-    const mappedDefaultCfg = {
-      channels: {
-        feishu: {
-          accounts: {
-            default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-          },
-        },
-      },
-    };
-    expect(resolveDefaultFeishuAccountSelection(mappedDefaultCfg as never)).toEqual({
-      accountId: "default",
-      source: "mapped-default",
-    });
-  });
-});
-
-describe("resolveFeishuCredentials", () => {
-  it("throws unresolved SecretRef errors by default for unsupported secret sources", () => {
-    expect(() =>
-      resolveFeishuCredentials(
-        asConfig({
-          appId: "cli_123",
-          appSecret: { source: "file", provider: "default", id: "path/to/secret" } as never,
-        }),
-      ),
-    ).toThrow(/unresolved SecretRef/i);
-  });
-
-  it("returns null (without throwing) when unresolved SecretRef is allowed", () => {
-    const creds = resolveFeishuCredentials(
-      asConfig({
-        appId: "cli_123",
-        appSecret: { source: "file", provider: "default", id: "path/to/secret" } as never,
-      }),
-      { allowUnresolvedSecretRef: true },
-    );
-
-    expect(creds).toBeNull();
-  });
-
-  it("supports explicit inspect mode for unresolved SecretRefs", () => {
-    const creds = resolveFeishuCredentials(
-      asConfig({
-        appId: "cli_123",
-        appSecret: { source: "file", provider: "default", id: "path/to/secret" } as never,
-      }),
-      { mode: "inspect" },
-    );
-
-    expect(creds).toBeNull();
-  });
-
-  it("throws unresolved SecretRef error when env SecretRef points to missing env var", () => {
-    const key = "FEISHU_APP_SECRET_MISSING_TEST";
-    withEnvVar(key, undefined, () => {
-      expectUnresolvedEnvSecretRefError(key);
-    });
-  });
-
-  it("resolves env SecretRef objects when unresolved refs are allowed", () => {
-    const key = "FEISHU_APP_SECRET_TEST";
-    const prev = process.env[key];
-    process.env[key] = " secret_from_env ";
-
-    try {
-      const creds = resolveFeishuCredentials(
-        asConfig({
-          appId: "cli_123",
-          appSecret: { source: "env", provider: "default", id: key } as never,
-        }),
-        { allowUnresolvedSecretRef: true },
-      );
-
-      expect(creds).toEqual({
-        appId: "cli_123",
-        appSecret: "secret_from_env", // pragma: allowlist secret
-        encryptKey: undefined,
-        verificationToken: undefined,
-        domain: "feishu",
-      });
-    } finally {
-      if (prev === undefined) {
-        delete process.env[key];
-      } else {
-        process.env[key] = prev;
-      }
-    }
-  });
-
-  it("resolves env SecretRef with custom provider alias when unresolved refs are allowed", () => {
-    const key = "FEISHU_APP_SECRET_CUSTOM_PROVIDER_TEST";
-    const prev = process.env[key];
-    process.env[key] = " secret_from_env_alias ";
-
-    try {
-      const creds = resolveFeishuCredentials(
-        asConfig({
-          appId: "cli_123",
-          appSecret: { source: "env", provider: "corp-env", id: key } as never,
-        }),
-        { allowUnresolvedSecretRef: true },
-      );
-
-      expect(creds?.appSecret).toBe("secret_from_env_alias");
-    } finally {
-      if (prev === undefined) {
-        delete process.env[key];
-      } else {
-        process.env[key] = prev;
-      }
-    }
-  });
-
-  it("preserves unresolved SecretRef diagnostics for env refs in default mode", () => {
-    const key = "FEISHU_APP_SECRET_POLICY_TEST";
-    withEnvVar(key, "secret_from_env", () => {
-      expectUnresolvedEnvSecretRefError(key);
-    });
-  });
-
-  it("trims and returns credentials when values are valid strings", () => {
-    const creds = resolveFeishuCredentials(
-      asConfig({
-        appId: " cli_123 ",
-        appSecret: " secret_456 ",
-        encryptKey: " enc ",
-        verificationToken: " vt ",
-      }),
-    );
-
-    expect(creds).toEqual({
-      appId: "cli_123",
-      appSecret: "secret_456", // pragma: allowlist secret
-      encryptKey: "enc",
-      verificationToken: "vt",
-      domain: "feishu",
-    });
-  });
-
-  it("does not resolve encryptKey SecretRefs outside webhook mode", () => {
-    const creds = resolveFeishuCredentials(
-      asConfig({
-        connectionMode: "websocket",
-        appId: "cli_123",
-        appSecret: "secret_456",
-        encryptKey: { source: "file", provider: "default", id: "path/to/secret" } as never,
-      }),
-    );
-
-    expect(creds).toEqual({
-      appId: "cli_123",
-      appSecret: "secret_456", // pragma: allowlist secret
-      encryptKey: undefined,
-      verificationToken: undefined,
-      domain: "feishu",
-    });
-  });
-
-  it("keeps required credentials when optional event SecretRefs are unresolved in inspect mode", () => {
-    const creds = inspectFeishuCredentials(
-      asConfig({
-        appId: "cli_123",
-        appSecret: "secret_456",
-        verificationToken: { source: "file", provider: "default", id: "path/to/token" } as never,
-      }),
-    );
-
-    expect(creds).toEqual({
-      appId: "cli_123",
-      appSecret: "secret_456", // pragma: allowlist secret
-      encryptKey: undefined,
-      verificationToken: undefined,
-      domain: "feishu",
-    });
-  });
-});
-
-describe("resolveFeishuAccount", () => {
-  it("uses top-level credentials with configured default account id even without account map entry", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "router-d",
-          appId: "top_level_app",
-          appSecret: "top_level_secret", // pragma: allowlist secret
-          accounts: {
-            default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-          },
-        },
-      },
-    };
-
-    const account = resolveFeishuAccount({ cfg: cfg as never, accountId: undefined });
-    expectExplicitDefaultAccountSelection(account, "top_level_app");
-  });
-
-  it("uses configured default account when accountId is omitted", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "router-d",
-          accounts: {
-            default: { enabled: true },
-            "router-d": { appId: "cli_router", appSecret: "secret_router", enabled: true }, // pragma: allowlist secret
-          },
-        },
-      },
-    };
-
-    const account = resolveFeishuAccount({ cfg: cfg as never, accountId: undefined });
-    expectExplicitDefaultAccountSelection(account, "cli_router");
-  });
-
-  it("keeps explicit accountId selection", () => {
-    const cfg = {
-      channels: {
-        feishu: {
-          defaultAccount: "router-d",
-          accounts: makeDefaultAndRouterAccounts(),
-        },
-      },
-    };
-
-    const account = resolveFeishuAccount({ cfg: cfg as never, accountId: "default" });
-    expect(account.accountId).toBe("default");
-    expect(account.selectionSource).toBe("explicit");
-    expect(account.appId).toBe("cli_default");
-  });
-
-  it("treats unresolved SecretRef as not configured in account resolution", () => {
-    const account = resolveFeishuAccount({
-      cfg: {
-        channels: {
-          feishu: {
-            accounts: {
-              main: {
-                appId: "cli_123",
-                appSecret: { source: "file", provider: "default", id: "path/to/secret" },
-              } as never,
-            },
-          },
-        },
-      } as never,
-      accountId: "main",
-    });
-    expect(account.configured).toBe(false);
-    expect(account.appSecret).toBeUndefined();
-  });
-
-  it("keeps account configured when optional event SecretRefs are unresolved in inspect mode", () => {
-    const account = resolveFeishuAccount({
-      cfg: {
-        channels: {
-          feishu: {
-            accounts: {
-              main: {
-                appId: "cli_123",
-                appSecret: "secret_456",
-                verificationToken: {
-                  source: "file",
-                  provider: "default",
-                  id: "path/to/token",
-                },
-              } as never,
-            },
-          },
-        },
-      } as never,
-      accountId: "main",
-    });
-
-    expect(account.configured).toBe(true);
-    expect(account.appSecret).toBe("secret_456");
-    expect(account.verificationToken).toBeUndefined();
-  });
-
-  it("throws typed SecretRef errors in runtime account resolution", () => {
-    let caught: unknown;
-    try {
-      resolveFeishuRuntimeAccount({
-        cfg: {
-          channels: {
-            feishu: {
-              accounts: {
-                main: {
-                  appId: "cli_123",
-                  appSecret: { source: "file", provider: "default", id: "path/to/secret" },
-                } as never,
-              },
-            },
-          },
-        } as never,
-        accountId: "main",
-      });
-    } catch (error) {
-      caught = error;
-    }
-
-    expect(caught).toBeInstanceOf(FeishuSecretRefUnavailableError);
-    expect((caught as Error).message).toMatch(/channels\.feishu\.appSecret: unresolved SecretRef/i);
-  });
-
-  it("does not throw when account name is non-string", () => {
-    expect(() =>
-      resolveFeishuAccount({
-        cfg: {
-          channels: {
-            feishu: {
-              accounts: {
-                main: {
-                  name: { bad: true },
-                  appId: "cli_123",
-                  appSecret: "secret_456", // pragma: allowlist secret
-                } as never,
-              },
-            },
-          },
-        } as never,
-        accountId: "main",
-      }),
-    ).not.toThrow();
-  });
-});