@sunnoy/wecom 1.2.0 → 1.4.0

package/wecom/commands.js

@@ -0,0 +1,90 @@
+import {
+  DEFAULT_COMMAND_ALLOWLIST,
+  DEFAULT_COMMAND_BLOCK_MESSAGE,
+  HIGH_PRIORITY_COMMANDS,
+} from "./constants.js";
+
+/**
+ * Read command allowlist settings from config.
+ *
+ * Accepts either the full openclaw config or a per-account wecom config block.
+ */
+export function getCommandConfig(config) {
+  const wecom = config?.channels?.wecom ?? config ?? {};
+  const commands = wecom.commands || {};
+  return {
+    allowlist: commands.allowlist || DEFAULT_COMMAND_ALLOWLIST,
+    blockMessage: commands.blockMessage || DEFAULT_COMMAND_BLOCK_MESSAGE,
+    enabled: commands.enabled !== false,
+  };
+}
+
+/**
+ * Check whether a slash command is allowed.
+ * @param {string} message - User message
+ * @param {Object} config - OpenClaw config
+ * @returns {{ isCommand: boolean, allowed: boolean, command: string | null }}
+ */
+export function checkCommandAllowlist(message, config) {
+  const trimmed = String(message || "").trim();
+
+  // Not a slash command.
+  if (!trimmed.startsWith("/")) {
+    return { isCommand: false, allowed: true, command: null };
+  }
+
+  // Use the first token as the command.
+  const command = trimmed.split(/\s+/)[0].toLowerCase();
+
+  const cmdConfig = getCommandConfig(config);
+
+  // Allow all commands when command gating is disabled.
+  if (!cmdConfig.enabled) {
+    return { isCommand: true, allowed: true, command };
+  }
+
+  // Require explicit allowlist match.
+  const allowed = cmdConfig.allowlist.some((cmd) => cmd.toLowerCase() === command);
+
+  return { isCommand: true, allowed, command };
+}
+
+/**
+ * Read admin user list from wecom config.
+ * Admins bypass the command allowlist, but still keep dynamic agent routing.
+ *
+ * Accepts either the full openclaw config or a per-account wecom config block.
+ */
+export function getWecomAdminUsers(config) {
+  const wecom = config?.channels?.wecom ?? config ?? {};
+  const raw = wecom.adminUsers;
+  if (!Array.isArray(raw)) {
+    return [];
+  }
+  return raw
+    .map((u) => String(u ?? "").trim().toLowerCase())
+    .filter(Boolean);
+}
+
+export function isWecomAdmin(userId, config) {
+  if (!userId) {
+    return false;
+  }
+  const admins = getWecomAdminUsers(config);
+  return admins.length > 0 && admins.includes(String(userId).trim().toLowerCase());
+}
+
+export function extractLeadingSlashCommand(content) {
+  const trimmed = String(content || "").trim();
+  if (!trimmed.startsWith("/")) {
+    return null;
+  }
+  return trimmed.split(/\s+/)[0].toLowerCase();
+}
+
+export function isHighPriorityCommand(command) {
+  if (!command) {
+    return false;
+  }
+  return HIGH_PRIORITY_COMMANDS.has(command.toLowerCase());
+}

package/wecom/constants.js

@@ -0,0 +1,58 @@
+import { join } from "node:path";
+
+export const DEFAULT_ACCOUNT_ID = "default";
+
+// Placeholder shown while the LLM is processing or the message is queued.
+export const THINKING_PLACEHOLDER = "思考中...";
+
+// Image cache directory.
+export const MEDIA_CACHE_DIR = join(process.env.HOME || "/tmp", ".openclaw", "media", "wecom");
+
+// Slash commands that are allowed by default.
+export const DEFAULT_COMMAND_ALLOWLIST = ["/new", "/compact", "/help", "/status"];
+export const HIGH_PRIORITY_COMMANDS = new Set(["/stop", "/new"]);
+
+// Default message shown when a command is blocked.
+export const DEFAULT_COMMAND_BLOCK_MESSAGE = `⚠️ 该命令不可用。
+
+支持的命令：
+• **/new** - 新建会话
+• **/compact** - 压缩会话（保留上下文摘要）
+• **/help** - 查看帮助
+• **/status** - 查看状态`;
+
+// Files recognised by openclaw core as bootstrap files.
+export const BOOTSTRAP_FILENAMES = new Set([
+  "AGENTS.md",
+  "SOUL.md",
+  "TOOLS.md",
+  "IDENTITY.md",
+  "USER.md",
+  "HEARTBEAT.md",
+  "BOOTSTRAP.md",
+]);
+
+// Per-user message debounce buffer.
+// Collects messages arriving within DEBOUNCE_MS into a single dispatch.
+export const DEBOUNCE_MS = 2000;
+
+export const MAIN_RESPONSE_IDLE_CLOSE_MS = 30 * 1000;
+export const SAFETY_NET_IDLE_CLOSE_MS = 90 * 1000;
+export const RESPONSE_URL_ERROR_BODY_PREVIEW_MAX = 300;
+
+// Agent API endpoints (self-built application mode).
+export const AGENT_API_ENDPOINTS = {
+  GET_TOKEN: "https://qyapi.weixin.qq.com/cgi-bin/gettoken",
+  SEND_MESSAGE: "https://qyapi.weixin.qq.com/cgi-bin/message/send",
+  SEND_APPCHAT: "https://qyapi.weixin.qq.com/cgi-bin/appchat/send",
+  UPLOAD_MEDIA: "https://qyapi.weixin.qq.com/cgi-bin/media/upload",
+  DOWNLOAD_MEDIA: "https://qyapi.weixin.qq.com/cgi-bin/media/get",
+};
+
+export const TOKEN_REFRESH_BUFFER_MS = 60 * 1000;
+export const AGENT_API_REQUEST_TIMEOUT_MS = 15 * 1000;
+export const MAX_REQUEST_BODY_SIZE = 1024 * 1024; // 1 MB
+
+// Webhook Bot endpoints (group robot notifications).
+export const WEBHOOK_BOT_SEND_URL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send";
+export const WEBHOOK_BOT_UPLOAD_URL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/upload_media";

package/wecom/http-handler.js

@@ -0,0 +1,315 @@
+import * as crypto from "node:crypto";
+import { logger } from "../logger.js";
+import { streamManager } from "../stream-manager.js";
+import { WecomWebhook } from "../webhook.js";
+import { handleAgentInbound } from "./agent-inbound.js";
+import { extractLeadingSlashCommand, isHighPriorityCommand } from "./commands.js";
+import { DEBOUNCE_MS, MAIN_RESPONSE_IDLE_CLOSE_MS, THINKING_PLACEHOLDER } from "./constants.js";
+import { flushMessageBuffer, processInboundMessage } from "./inbound-processor.js";
+import { messageBuffers, streamMeta, webhookTargets } from "./state.js";
+import {
+  clearBufferedMessagesForStream,
+  getMessageStreamKey,
+  handleStreamError,
+} from "./stream-utils.js";
+import { normalizeWebhookPath } from "./webhook-targets.js";
+
+export async function wecomHttpHandler(req, res) {
+  const url = new URL(req.url || "", "http://localhost");
+  const path = normalizeWebhookPath(url.pathname);
+  const targets = webhookTargets.get(path);
+
+  if (!targets || targets.length === 0) {
+    return false; // Not handled by this plugin
+  }
+
+  const query = Object.fromEntries(url.searchParams);
+  logger.debug("WeCom HTTP request", { method: req.method, path });
+
+  // ── Agent inbound: route to dedicated handler when target has agentInbound config ──
+  const agentTarget = targets.find((t) => t.account?.agentInbound);
+  if (agentTarget) {
+    return handleAgentInbound({
+      req,
+      res,
+      agentAccount: agentTarget.account.agentInbound,
+      config: agentTarget.config,
+    });
+  }
+
+  // ── Bot mode: JSON-based stream handling ──
+
+  // GET: URL Verification
+  if (req.method === "GET") {
+    const target = targets[0]; // Use first target for verification
+    if (!target) {
+      res.writeHead(503, { "Content-Type": "text/plain" });
+      res.end("No webhook target configured");
+      return true;
+    }
+
+    const webhook = new WecomWebhook({
+      token: target.account.token,
+      encodingAesKey: target.account.encodingAesKey,
+    });
+
+    const echo = webhook.handleVerify(query);
+    if (echo) {
+      res.writeHead(200, { "Content-Type": "text/plain" });
+      res.end(echo);
+      logger.info("WeCom URL verification successful");
+      return true;
+    }
+
+    res.writeHead(403, { "Content-Type": "text/plain" });
+    res.end("Verification failed");
+    logger.warn("WeCom URL verification failed");
+    return true;
+  }
+
+  // POST: Message handling
+  if (req.method === "POST") {
+    const target = targets[0];
+    if (!target) {
+      res.writeHead(503, { "Content-Type": "text/plain" });
+      res.end("No webhook target configured");
+      return true;
+    }
+
+    // Read request body
+    const chunks = [];
+    for await (const chunk of req) {
+      chunks.push(chunk);
+    }
+    const body = Buffer.concat(chunks).toString("utf-8");
+    logger.debug("WeCom message received", { bodyLength: body.length });
+
+    const webhook = new WecomWebhook({
+      token: target.account.token,
+      encodingAesKey: target.account.encodingAesKey,
+    });
+
+    const result = await webhook.handleMessage(query, body);
+    if (result === WecomWebhook.DUPLICATE) {
+      // Duplicate message — ACK 200 to prevent platform retry storm.
+      res.writeHead(200, { "Content-Type": "text/plain" });
+      res.end("success");
+      return true;
+    }
+    if (!result) {
+      res.writeHead(400, { "Content-Type": "text/plain" });
+      res.end("Bad Request");
+      return true;
+    }
+
+    // Handle text message
+    if (result.message) {
+      const msg = result.message;
+      const { timestamp, nonce } = result.query;
+      const content = (msg.content || "").trim();
+
+      // Use stream responses for every inbound message, including commands.
+      // WeCom AI Bot response_url is single-use, so streaming is mandatory.
+      const streamId = `stream_${crypto.randomUUID()}`;
+      streamManager.createStream(streamId);
+      streamManager.appendStream(streamId, THINKING_PLACEHOLDER);
+
+      // Passive reply: return stream id immediately in the sync response.
+      // Include the placeholder so the client displays it right away.
+      const streamResponse = webhook.buildStreamResponse(streamId, THINKING_PLACEHOLDER, false, timestamp, nonce);
+
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(streamResponse);
+
+      logger.info("Stream initiated", {
+        streamId,
+        from: msg.fromUser,
+        isCommand: content.startsWith("/"),
+      });
+
+      const streamKey = getMessageStreamKey(msg);
+      const isCommand = content.startsWith("/");
+      const leadingCommand = extractLeadingSlashCommand(content);
+      const highPriorityCommand = isHighPriorityCommand(leadingCommand);
+
+      if (highPriorityCommand) {
+        const drained = clearBufferedMessagesForStream(streamKey, `消息已被 ${leadingCommand} 中断。`);
+        if (drained > 0) {
+          logger.info("WeCom: drained buffered messages before high-priority command", {
+            streamKey,
+            command: leadingCommand,
+            drained,
+          });
+        }
+      }
+
+      // Commands bypass debounce — process immediately.
+      if (isCommand) {
+        processInboundMessage({
+          message: msg,
+          streamId,
+          timestamp,
+          nonce,
+          account: target.account,
+          config: target.config,
+        }).catch(async (err) => {
+          logger.error("WeCom message processing failed", { error: err.message });
+          await handleStreamError(streamId, streamKey, "处理消息时出错，请稍后再试。");
+        });
+        return true;
+      }
+
+      // Debounce: buffer non-command messages per user/group.
+      // If multiple messages arrive within DEBOUNCE_MS, merge into one dispatch.
+      const existing = messageBuffers.get(streamKey);
+      if (existing) {
+        // A previous message is still buffered — merge this one in.
+        existing.messages.push(msg);
+        existing.streamIds.push(streamId);
+        clearTimeout(existing.timer);
+        existing.timer = setTimeout(() => flushMessageBuffer(streamKey, target), DEBOUNCE_MS);
+        logger.info("WeCom: message buffered for merge", {
+          streamKey,
+          streamId,
+          buffered: existing.messages.length,
+        });
+      } else {
+        // First message — start a new buffer with a debounce timer.
+        const buffer = {
+          messages: [msg],
+          streamIds: [streamId],
+          target,
+          timestamp,
+          nonce,
+          timer: setTimeout(() => flushMessageBuffer(streamKey, target), DEBOUNCE_MS),
+        };
+        messageBuffers.set(streamKey, buffer);
+        logger.info("WeCom: message buffered (first)", { streamKey, streamId });
+      }
+
+      return true;
+    }
+
+    // Handle stream refresh - return current stream state
+    if (result.stream) {
+      const { timestamp, nonce } = result.query;
+      const streamId = result.stream.id;
+
+      // Return latest stream state.
+      const stream = streamManager.getStream(streamId);
+
+      if (!stream) {
+        // Stream already expired or missing.
+        logger.warn("Stream not found for refresh", { streamId });
+        const streamResponse = webhook.buildStreamResponse(
+          streamId,
+          "会话已过期",
+          true,
+          timestamp,
+          nonce,
+        );
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(streamResponse);
+        return true;
+      }
+
+      // Check if stream should be closed (main response done + idle timeout).
+      // This is driven by WeCom client polling, so it's more reliable than setTimeout.
+      const meta = streamMeta.get(streamId);
+      if (meta?.mainResponseDone && !stream.finished) {
+        const idleMs = Date.now() - stream.updatedAt;
+        // Keep stream alive a bit longer for delayed subagent/tool follow-up messages.
+        if (idleMs > MAIN_RESPONSE_IDLE_CLOSE_MS) {
+          logger.info("WeCom: closing stream due to idle timeout", { streamId, idleMs });
+          try {
+            await streamManager.finishStream(streamId);
+          } catch (err) {
+            logger.error("WeCom: failed to finish stream", { streamId, error: err.message });
+          }
+        }
+      }
+
+      // Return current stream payload.
+      const streamResponse = webhook.buildStreamResponse(
+        streamId,
+        stream.content,
+        stream.finished,
+        timestamp,
+        nonce,
+        // Pass msgItem when stream is finished and has images
+        stream.finished && stream.msgItem.length > 0 ? { msgItem: stream.msgItem } : {},
+      );
+
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(streamResponse);
+
+      logger.debug("Stream refresh response sent", {
+        streamId,
+        contentLength: stream.content.length,
+        finished: stream.finished,
+      });
+
+      // Clean up completed streams after a short delay.
+      if (stream.finished) {
+        setTimeout(() => {
+          streamManager.deleteStream(streamId);
+          streamMeta.delete(streamId);
+        }, 30 * 1000);
+      }
+
+      return true;
+    }
+
+    // Handle event
+    if (result.event) {
+      logger.info("WeCom event received", { event: result.event });
+
+      // Handle enter_chat with an immediate welcome stream.
+      if (result.event?.event_type === "enter_chat") {
+        const { timestamp, nonce } = result.query;
+        const fromUser = result.event?.from?.userid || "";
+
+        // Welcome message body.
+        const welcomeMessage = `你好！👋 我是 AI 助手。
+
+你可以使用下面的指令管理会话：
+• **/new** - 新建会话（清空上下文）
+• **/compact** - 压缩会话（保留上下文摘要）
+• **/help** - 查看更多命令
+
+有什么我可以帮你的吗？`;
+
+        // Build and finish stream in a single pass.
+        const streamId = `welcome_${crypto.randomUUID()}`;
+        streamManager.createStream(streamId);
+        streamManager.appendStream(streamId, welcomeMessage);
+        await streamManager.finishStream(streamId);
+
+        const streamResponse = webhook.buildStreamResponse(
+          streamId,
+          welcomeMessage,
+          true,
+          timestamp,
+          nonce,
+        );
+
+        logger.info("Sending welcome message", { fromUser, streamId });
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(streamResponse);
+        return true;
+      }
+
+      res.writeHead(200, { "Content-Type": "text/plain" });
+      res.end("success");
+      return true;
+    }
+
+    res.writeHead(200, { "Content-Type": "text/plain" });
+    res.end("success");
+    return true;
+  }
+
+  res.writeHead(405, { "Content-Type": "text/plain" });
+  res.end("Method Not Allowed");
+  return true;
+}