@oyasmi/pipiclaw 0.5.8 → 0.6.0

package/dist/runtime/delivery.js

@@ -1,5 +1,6 @@
 import * as log from "../log.js";
 const MIN_UPDATE_INTERVAL_MS = 800;
+const NO_CONTENT = "";
 class ChannelDeliveryController {
     constructor(event, bot, store) {
         this.event = event;
@@ -12,9 +13,12 @@ class ChannelDeliveryController {
         this.running = false;
         this.closed = false;
         this.finalResponseDelivered = false;
+        this.cardWarmupScheduled = false;
+        this.cardWarmupTriggered = false;
         this.progressWindowStartedAt = 0;
         this.lastDeliveredAt = 0;
         this.timer = null;
+        this.cardWarmupTimer = null;
         this.flushWaiters = [];
     }
     buildContext() {
@@ -37,19 +41,57 @@ class ChannelDeliveryController {
             setTyping: async (_isTyping) => { },
             setWorking: async (_working) => { },
             deleteMessage: async () => this.silence(),
+            primeCard: (delayMs) => this.primeCard(delayMs),
             flush: async () => this.flush(),
             close: async () => this.close(),
         };
     }
+    primeCard(delayMs) {
+        if (this.closed || this.finalResponseDelivered || this.cardWarmupScheduled || this.cardWarmupTriggered) {
+            return;
+        }
+        this.cardWarmupScheduled = true;
+        this.cardWarmupTimer = setTimeout(() => {
+            this.cardWarmupScheduled = false;
+            this.cardWarmupTimer = null;
+            void this.triggerCardWarmup();
+        }, Math.max(0, delayMs));
+    }
+    async triggerCardWarmup() {
+        if (this.closed || this.finalResponseDelivered || this.desiredRevision > 0) {
+            return;
+        }
+        this.cardWarmupTriggered = true;
+        try {
+            await this.bot.ensureCard(this.event.channelId);
+        }
+        catch (err) {
+            log.logWarning(`[${this.event.channelId}] Failed to warm AI card`, err instanceof Error ? err.message : String(err));
+            this.bot.discardCard(this.event.channelId);
+        }
+    }
+    clearCardWarmup() {
+        this.cardWarmupScheduled = false;
+        if (this.cardWarmupTimer) {
+            clearTimeout(this.cardWarmupTimer);
+            this.cardWarmupTimer = null;
+        }
+    }
+    archiveBotResponse(text) {
+        void this.store.logBotResponse(this.event.channelId, text, Date.now().toString()).catch((err) => {
+            log.logWarning(`[${this.event.channelId}] Failed to archive bot response`, err instanceof Error ? err.message : String(err));
+        });
+    }
     async appendProgress(text, shouldLog) {
         if (this.closed || this.finalResponseDelivered || !text.trim())
             return;
+        this.clearCardWarmup();
         this.progressText = this.progressText ? `${this.progressText}\n\n${text}` : text;
         if (this.progressWindowStartedAt === 0) {
             this.progressWindowStartedAt = Date.now();
         }
         if (shouldLog) {
-            await this.store.logBotResponse(this.event.channelId, text, Date.now().toString());
+            this.archiveBotResponse(text);
         }
         this.mode = "progress";
         this.bumpRevision(false);
@@ -57,8 +99,9 @@ class ChannelDeliveryController {
     async sendFinal(text, shouldLog) {
         if (this.closed || this.finalResponseDelivered)
             return this.finalResponseDelivered;
+        this.clearCardWarmup();
         if (shouldLog) {
-            await this.store.logBotResponse(this.event.channelId, text, Date.now().toString());
+            this.archiveBotResponse(text);
         }
         const delivered = await this.bot.sendPlain(this.event.channelId, text);
         if (!delivered) {
@@ -72,6 +115,7 @@ class ChannelDeliveryController {
     async replaceWithFinal(text) {
         if (this.closed || this.finalResponseDelivered)
             return;
+        this.clearCardWarmup();
         this.progressText = text;
         this.mode = "finalize-with-fallback";
         this.bumpRevision(true);
@@ -79,6 +123,7 @@ class ChannelDeliveryController {
     async silence() {
         if (this.closed)
             return;
+        this.clearCardWarmup();
         this.finalResponseDelivered = true;
         this.mode = "silent";
         this.bumpRevision(true);
@@ -138,8 +183,8 @@ class ChannelDeliveryController {
                         }
                     }
                     else if (mode === "finalize-existing") {
-                        if (content) {
-                            touchedRemote = await this.bot.finalizeExistingCard(this.event.channelId, this.progressText);
+                        if (content || this.cardWarmupTriggered) {
+                            touchedRemote = await this.bot.finalizeExistingCard(this.event.channelId, content ? this.progressText : NO_CONTENT);
                             if (!touchedRemote) {
                                 this.bot.discardCard(this.event.channelId);
                             }
@@ -160,7 +205,12 @@ class ChannelDeliveryController {
                         }
                     }
                     else if (mode === "silent") {
-                        this.bot.discardCard(this.event.channelId);
+                        if (this.cardWarmupTriggered) {
+                            touchedRemote = await this.bot.finalizeExistingCard(this.event.channelId, NO_CONTENT);
+                        }
+                        if (!touchedRemote) {
+                            this.bot.discardCard(this.event.channelId);
+                        }
                     }
                 }
                 catch (err) {
@@ -209,6 +259,7 @@ class ChannelDeliveryController {
             return;
         }
         this.closed = true;
+        this.clearCardWarmup();
         await this.flush();
     }
 }

package/dist/runtime/dingtalk.d.ts

@@ -34,6 +34,7 @@ export interface DingTalkContext {
     setTyping: (isTyping: boolean) => Promise<void>;
     setWorking: (working: boolean) => Promise<void>;
     deleteMessage: () => Promise<void>;
+    primeCard: (delayMs: number) => void;
     flush: () => Promise<void>;
     close: () => Promise<void>;
 }
@@ -61,6 +62,7 @@ export declare class DingTalkBot {
     private isReconnecting;
     private isStopped;
     private reconnectAttempts;
+    private hasReportedReady;
     private processedIds;
     private processedIdsOrder;
     constructor(handler: DingTalkHandler, config: DingTalkConfig);

package/dist/runtime/dingtalk.js

@@ -78,6 +78,7 @@ export class DingTalkBot {
         this.isReconnecting = false;
         this.isStopped = false;
         this.reconnectAttempts = 0;
+        this.hasReportedReady = false;
         // Deduplication cache (Set for O(1) lookup, order array for FIFO eviction)
         this.processedIds = new Set();
         this.processedIdsOrder = [];
@@ -171,9 +172,6 @@ export class DingTalkBot {
             log.logWarning("DingTalk: cardTemplateId not configured — AI Card streaming will not work");
         }
         log.logInfo(`DingTalk: initializing stream (clientId=${this.config.clientId.substring(0, 8)}…)`);
-        if (process.env.DINGTALK_FORCE_PROXY !== "true") {
-            axios.defaults.proxy = false;
-        }
         this.clearAllTimers();
         this.client = new DWClient({
             clientId: this.config.clientId,
@@ -183,8 +181,10 @@ export class DingTalkBot {
         this.client.registerCallbackListener(TOPIC_ROBOT, (msg) => {
             return this.handleRawMessage(msg);
         });
-        log.logConnected();
-        await this.doReconnect(true); // Initial connection
+        const connected = await this.doReconnect(true); // Initial connection
+        if (!connected) {
+            log.logWarning("DingTalk: initial stream connection not ready yet; retrying in background");
+        }
     }
     handleRawMessage(msg) {
         // 1. Immediate ACK
@@ -216,16 +216,17 @@ export class DingTalkBot {
     }
     async doReconnect(immediate = false) {
         if (this.isReconnecting || this.isStopped || !this.client)
-            return;
+            return false;
         this.isReconnecting = true;
         let connectionFailed = false;
+        let connected = false;
         if (!immediate && this.reconnectAttempts > 0) {
             const delay = Math.min(1000 * 2 ** this.reconnectAttempts + Math.random() * 1000, 30000);
             log.logInfo(`DingTalk: waiting ${Math.round(delay / 1000)}s before reconnecting...`);
             await this.waitForDelay(delay);
             if (this.isStopped || !this.client) {
                 this.isReconnecting = false;
-                return;
+                return false;
             }
         }
         try {
@@ -237,6 +238,11 @@ export class DingTalkBot {
             this.lastSocketAvailableTime = Date.now();
             this.reconnectAttempts = 0; // Success, reset backoff
             log.logInfo("DingTalk: connected to stream.");
+            if (!this.hasReportedReady) {
+                log.logConnected();
+                this.hasReportedReady = true;
+            }
+            connected = true;
             // Setup keep alive
             this.clearKeepAliveTimer();
             this.keepAliveTimer = this.setTrackedInterval(() => {
@@ -294,6 +300,7 @@ export class DingTalkBot {
         if (connectionFailed && !this.isStopped) {
             this.scheduleReconnect(0, false);
         }
+        return connected;
     }
     async stop() {
         log.logInfo("DingTalk: stopping bot");

package/dist/runtime/events.d.ts

@@ -42,6 +42,9 @@ export declare class EventsWatcher {
     private handlePeriodic;
     private execute;
     private deleteFile;
+    private getInvalidMarkerPath;
+    private markInvalid;
+    private clearInvalidMarker;
     private sleep;
 }
 /**

package/dist/runtime/events.js

@@ -1,5 +1,5 @@
 import { Cron } from "croner";
-import { existsSync, mkdirSync, readdirSync, statSync, unlinkSync, watch } from "fs";
+import { existsSync, mkdirSync, readdirSync, statSync, unlinkSync, watch, writeFileSync } from "fs";
 import { readFile } from "fs/promises";
 import { join } from "path";
 import * as log from "../log.js";
@@ -128,10 +128,11 @@ export class EventsWatcher {
         }
         if (!event) {
             log.logWarning(`Failed to parse event file after ${MAX_RETRIES} retries: ${filename}`, lastError?.message);
-            this.deleteFile(filename);
+            this.markInvalid(filename, lastError?.message ?? "Unknown event parse error");
             return;
         }
         this.knownFiles.add(filename);
+        this.clearInvalidMarker(filename);
         switch (event.type) {
             case "immediate":
                 this.handleImmediate(filename, event);
@@ -196,7 +197,7 @@ export class EventsWatcher {
         const now = Date.now();
         if (!Number.isFinite(atTime)) {
             log.logWarning(`Invalid one-shot time for ${filename}: ${event.at}`);
-            this.deleteFile(filename);
+            this.markInvalid(filename, `Invalid one-shot time: ${event.at}`);
             return;
         }
         if (atTime <= now) {
@@ -207,7 +208,7 @@ export class EventsWatcher {
         const delay = atTime - now;
         if (delay > MAX_TIMEOUT_MS) {
             log.logWarning(`One-shot event exceeds maximum supported delay for ${filename}: ${event.at}. Use a periodic cron event instead.`);
-            this.deleteFile(filename);
+            this.markInvalid(filename, `One-shot event exceeds maximum supported delay: ${event.at}`);
             return;
         }
         log.logInfo(`Scheduling one-shot event: ${filename} in ${Math.round(delay / 1000)}s`);
@@ -230,7 +231,7 @@ export class EventsWatcher {
         }
         catch (err) {
             log.logWarning(`Invalid cron schedule for ${filename}: ${event.schedule}`, String(err));
-            this.deleteFile(filename);
+            this.markInvalid(filename, `Invalid cron schedule: ${event.schedule}\n${String(err)}`);
         }
     }
     execute(filename, event, deleteAfter = true) {
@@ -279,8 +280,32 @@ export class EventsWatcher {
                 log.logWarning(`Failed to delete event file: ${filename}`, String(err));
             }
         }
+        this.clearInvalidMarker(filename);
         this.knownFiles.delete(filename);
     }
+    getInvalidMarkerPath(filename) {
+        return join(this.eventsDir, `${filename}.error.txt`);
+    }
+    markInvalid(filename, message) {
+        try {
+            writeFileSync(this.getInvalidMarkerPath(filename), [`timestamp: ${new Date().toISOString()}`, `file: ${filename}`, "", message.trim()].join("\n"), "utf-8");
+        }
+        catch (err) {
+            log.logWarning(`Failed to write event error marker: ${filename}`, String(err));
+        }
+        this.knownFiles.add(filename);
+    }
+    clearInvalidMarker(filename) {
+        const markerPath = this.getInvalidMarkerPath(filename);
+        try {
+            unlinkSync(markerPath);
+        }
+        catch (err) {
+            if (err instanceof Error && "code" in err && err.code !== "ENOENT") {
+                log.logWarning(`Failed to delete event error marker: ${filename}`, String(err));
+            }
+        }
+    }
     sleep(ms) {
         return new Promise((resolve) => setTimeout(resolve, ms));
     }

package/dist/security/command-guard.js

@@ -1,4 +1,5 @@
 import { basename } from "node:path";
+import { isWindowsPlatform } from "./platform.js";
 const WHITESPACE = /\s+/;
 function stripNullAndNormalize(text) {
     return text.replace(/\0/g, "").normalize("NFKC");
@@ -402,6 +403,9 @@ export function guardCommand(command, config) {
     if (!config.enabled) {
         return { allowed: true };
     }
+    if (isWindowsPlatform()) {
+        return { allowed: true };
+    }
     const atoms = splitCommandChain(command);
     const normalizedWhole = stripNullAndNormalize(command);
     for (const allowPattern of config.allowPatterns) {

package/dist/security/config.d.ts

@@ -1,4 +1,10 @@
+import type { ConfigDiagnostic } from "../shared/config-diagnostics.js";
 import type { SecurityConfig } from "./types.js";
+export interface LoadedSecurityConfig {
+    config: SecurityConfig;
+    diagnostics: ConfigDiagnostic[];
+}
 export declare const DEFAULT_SECURITY_CONFIG: SecurityConfig;
 export declare function getSecurityConfigPath(appHomeDir?: string): string;
+export declare function loadSecurityConfigWithDiagnostics(appHomeDir?: string): LoadedSecurityConfig;
 export declare function loadSecurityConfig(appHomeDir?: string): SecurityConfig;

package/dist/security/config.js

@@ -18,6 +18,12 @@ export const DEFAULT_SECURITY_CONFIG = {
         writeDeny: [],
         resolveSymlinks: true,
     },
+    networkGuard: {
+        enabled: true,
+        allowedCidrs: [],
+        allowedHosts: [],
+        maxRedirects: 5,
+    },
     audit: {
         logBlocked: true,
     },
@@ -28,13 +34,30 @@ function asStringArray(value) {
 function asOptionalString(value) {
     return typeof value === "string" && value.trim() ? value : undefined;
 }
-function mergeSecurityConfig(source) {
+function pushInvalidSecurityDiagnostic(diagnostics, configPath, field, message) {
+    diagnostics.push({
+        source: "security",
+        path: configPath,
+        severity: "warning",
+        message: `${field}: ${message}`,
+    });
+}
+function mergeSecurityConfig(source, configPath, diagnostics) {
     if (!isRecord(source)) {
+        pushInvalidSecurityDiagnostic(diagnostics, configPath, "root", "expected a JSON object; using defaults");
         return DEFAULT_SECURITY_CONFIG;
     }
     const commandGuard = isRecord(source.commandGuard) ? source.commandGuard : {};
     const pathGuard = isRecord(source.pathGuard) ? source.pathGuard : {};
+    const networkGuard = isRecord(source.networkGuard) ? source.networkGuard : {};
     const audit = isRecord(source.audit) ? source.audit : {};
+    if (networkGuard.maxRedirects !== undefined) {
+        const maxRedirects = networkGuard.maxRedirects;
+        const isValidMaxRedirects = typeof maxRedirects === "number" && Number.isFinite(maxRedirects) && maxRedirects > 0;
+        if (!isValidMaxRedirects) {
+            pushInvalidSecurityDiagnostic(diagnostics, configPath, "networkGuard.maxRedirects", "expected a positive integer; using default");
+        }
+    }
     return {
         enabled: typeof source.enabled === "boolean" ? source.enabled : DEFAULT_SECURITY_CONFIG.enabled,
         commandGuard: {
@@ -57,6 +80,18 @@ function mergeSecurityConfig(source) {
                 ? pathGuard.resolveSymlinks
                 : DEFAULT_SECURITY_CONFIG.pathGuard.resolveSymlinks,
         },
+        networkGuard: {
+            enabled: typeof networkGuard.enabled === "boolean"
+                ? networkGuard.enabled
+                : DEFAULT_SECURITY_CONFIG.networkGuard.enabled,
+            allowedCidrs: asStringArray(networkGuard.allowedCidrs),
+            allowedHosts: asStringArray(networkGuard.allowedHosts),
+            maxRedirects: typeof networkGuard.maxRedirects === "number" &&
+                Number.isFinite(networkGuard.maxRedirects) &&
+                networkGuard.maxRedirects > 0
+                ? Math.floor(networkGuard.maxRedirects)
+                : DEFAULT_SECURITY_CONFIG.networkGuard.maxRedirects,
+        },
         audit: {
             logBlocked: typeof audit.logBlocked === "boolean" ? audit.logBlocked : DEFAULT_SECURITY_CONFIG.audit.logBlocked,
             logFile: asOptionalString(audit.logFile),
@@ -66,17 +101,33 @@ function mergeSecurityConfig(source) {
 export function getSecurityConfigPath(appHomeDir = APP_HOME_DIR) {
     return join(appHomeDir, "security.json");
 }
-export function loadSecurityConfig(appHomeDir = APP_HOME_DIR) {
+export function loadSecurityConfigWithDiagnostics(appHomeDir = APP_HOME_DIR) {
     const configPath = getSecurityConfigPath(appHomeDir);
     if (!existsSync(configPath)) {
-        return DEFAULT_SECURITY_CONFIG;
+        return { config: DEFAULT_SECURITY_CONFIG, diagnostics: [] };
     }
     try {
         const raw = JSON.parse(readFileSync(configPath, "utf-8"));
-        return mergeSecurityConfig(raw);
+        const diagnostics = [];
+        return {
+            config: mergeSecurityConfig(raw, configPath, diagnostics),
+            diagnostics,
+        };
     }
     catch (error) {
-        console.warn(`Failed to load security config from ${configPath}: ${error}`);
-        return DEFAULT_SECURITY_CONFIG;
+        return {
+            config: DEFAULT_SECURITY_CONFIG,
+            diagnostics: [
+                {
+                    source: "security",
+                    path: configPath,
+                    severity: "error",
+                    message: error instanceof Error ? error.message : String(error),
+                },
+            ],
+        };
     }
 }
+export function loadSecurityConfig(appHomeDir = APP_HOME_DIR) {
+    return loadSecurityConfigWithDiagnostics(appHomeDir).config;
+}

package/dist/security/network.d.ts

@@ -0,0 +1,28 @@
+import type { SecurityConfig } from "./types.js";
+type ValidationStage = "request" | "redirect";
+export interface NetworkGuardContext {
+    config: SecurityConfig;
+}
+export interface ValidatedNetworkTarget {
+    url: string;
+    hostname: string;
+    resolvedAddress?: string;
+}
+export declare class NetworkGuardError extends Error {
+    readonly url: string;
+    readonly stage: ValidationStage;
+    readonly category: string;
+    readonly resolvedHost?: string;
+    readonly resolvedAddress?: string;
+    constructor(options: {
+        url: string;
+        stage: ValidationStage;
+        category: string;
+        message: string;
+        resolvedHost?: string;
+        resolvedAddress?: string;
+    });
+}
+export declare function validateNetworkTarget(url: string, context: NetworkGuardContext): Promise<ValidatedNetworkTarget>;
+export declare function validateRedirectTarget(url: string, context: NetworkGuardContext): Promise<ValidatedNetworkTarget>;
+export {};