@sunnoy/wecom 1.6.0 → 1.6.2

package/README.md

@@ -21,7 +21,7 @@
 ### 动态 Agent 与隔离
 - **动态 Agent 管理**: 默认按"每个私聊用户 / 每个群聊"自动创建独立 Agent。每个 Agent 拥有独立的工作区与对话上下文，实现更强的数据隔离。
 - **群聊深度集成**: 支持群聊消息解析，可通过 @提及（At-mention）精准触发机器人响应。
-- **管理员用户**: 可配置管理员列表，绕过指令白名单和动态 Agent 路由限制。
+- **管理员用户**: 可配置管理员列表，默认绕过指令白名单；可选开启“绕过动态 Agent 路由”。
 - **指令白名单**: 内置常用指令支持（如 `/new`、`/status`），并提供指令白名单配置功能。
 
 ### 多媒体支持
@@ -152,7 +152,7 @@ npm run test:e2e
 | `plugins.entries.wecom.enabled` | boolean | 是 | 启用插件 |
 | `channels.wecom.token` | string | 是* | 企业微信机器人 Token (*Bot 模式必填) |
 | `channels.wecom.encodingAesKey` | string | 是* | 消息加密密钥（43 位）(*Bot 模式必填) |
-| `channels.wecom.adminUsers` | array | 否 | 管理员用户 ID 列表（绕过指令白名单和动态路由） |
+| `channels.wecom.adminUsers` | array | 否 | 管理员用户 ID 列表（绕过指令白名单） |
 | `channels.wecom.commands.enabled` | boolean | 否 | 是否启用指令白名单过滤（默认 true） |
 | `channels.wecom.commands.allowlist` | array | 否 | 允许的指令白名单 |
 
@@ -163,6 +163,7 @@ npm run test:e2e
 | 配置项 | 类型 | 必填 | 说明 |
 |--------|------|------|------|
 | `channels.wecom.dynamicAgents.enabled` | boolean | 否 | 是否启用动态 Agent（默认 true） |
+| `channels.wecom.dynamicAgents.adminBypass` | boolean | 否 | 管理员是否跳过动态 Agent 路由（默认 false） |
 | `channels.wecom.dm.createAgentOnFirstMessage` | boolean | 否 | 私聊时为每个用户创建独立 Agent（默认 true） |
 | `channels.wecom.groupChat.enabled` | boolean | 否 | 是否启用群聊处理（默认 true） |
 | `channels.wecom.groupChat.requireMention` | boolean | 否 | 群聊是否必须 @ 提及才响应（默认 true） |
@@ -295,13 +296,16 @@ Webhook Bot 用于向群聊发送通知消息。
 
 ## 管理员用户
 
-管理员用户可以绕过指令白名单限制，并跳过动态 Agent 路由（直接路由到主 Agent）。
+管理员用户默认可以绕过指令白名单限制。若希望管理员用户同时跳过动态 Agent 路由（直接路由到主 Agent），可开启 `dynamicAgents.adminBypass`。
 
 ```json
 {
   "channels": {
     "wecom": {
-      "adminUsers": ["user1", "user2"]
+      "adminUsers": ["user1", "user2"],
+      "dynamicAgents": {
+        "adminBypass": true
+      }
     }
   }
 }
@@ -322,7 +326,7 @@ Webhook Bot 用于向群聊发送通知消息。
    - **多账号群聊**: `wecom-<accountId>-group-<chatId>`
 2. OpenClaw 自动创建/复用对应的 Agent 工作区
 3. 每个用户/群聊拥有独立的对话历史和上下文
-4. **管理员用户**跳过动态路由，直接使用主 Agent
+4. 管理员用户默认参与动态路由；当 `dynamicAgents.adminBypass=true` 时跳过动态路由，直接使用主 Agent
 
 ### 高级配置
 
@@ -350,6 +354,7 @@ Webhook Bot 用于向群聊发送通知消息。
 | 配置项 | 类型 | 默认值 | 说明 |
 |--------|------|--------|------|
 | `dynamicAgents.enabled` | boolean | `true` | 是否启用动态 Agent |
+| `dynamicAgents.adminBypass` | boolean | `false` | 管理员是否跳过动态 Agent 路由 |
 | `dm.createAgentOnFirstMessage` | boolean | `true` | 私聊使用动态 Agent |
 | `groupChat.enabled` | boolean | `true` | 启用群聊处理 |
 | `groupChat.requireMention` | boolean | `true` | 群聊必须 @ 提及才响应 |
@@ -384,6 +389,7 @@ Webhook Bot 用于向群聊发送通知消息。
         "token": "Bot1 的 Token",
         "encodingAesKey": "Bot1 的 EncodingAESKey",
         "adminUsers": ["admin1"],
+        "workspaceTemplate": "/path/to/bot1-template",
         "agent": {
           "corpId": "企业 CorpID",
           "corpSecret": "Bot1 应用 Secret",
@@ -417,6 +423,7 @@ Webhook Bot 用于向群聊发送通知消息。
 | 完全兼容 | 旧的单账号配置（`token` 直接写在 `wecom` 下）自动识别为 `default` 账号，无需修改 |
 | Webhook 路径 | 自动按账号分配：`/webhooks/wecom/bot1`、`/webhooks/wecom/bot2` |
 | Agent 回调路径 | 自动按账号分配：`/webhooks/app/bot1`、`/webhooks/app/bot2` |
+| 工作区模板 | 支持按账号自定义：`channels.wecom.<accountId>.workspaceTemplate`（覆盖全局配置） |
 | 动态 Agent ID | 按账号隔离：`wecom-bot1-dm-{userId}`、`wecom-bot2-group-{chatId}` |
 | 冲突检测 | 启动时自动检测重复的 Token 或 Agent ID，避免消息路由错乱 |
 

package/dynamic-agent.js

@@ -47,17 +47,21 @@ export function getDynamicAgentConfig(config) {
     groupEnabled: wecom.groupChat?.enabled !== false,
     groupRequireMention: wecom.groupChat?.requireMention !== false,
     groupMentionPatterns: wecom.groupChat?.mentionPatterns || ["@"],
+    adminBypass: wecom.dynamicAgents?.adminBypass === true,
   };
 }
 
 /**
  * Decide whether this message context should route to a dynamic agent.
  */
-export function shouldUseDynamicAgent({ chatType, config }) {
+export function shouldUseDynamicAgent({ chatType, config, senderIsAdmin = false }) {
   const dynamicConfig = getDynamicAgentConfig(config);
   if (!dynamicConfig.enabled) {
     return false;
   }
+  if (senderIsAdmin && dynamicConfig.adminBypass) {
+    return false;
+  }
   if (chatType === "group") {
     return dynamicConfig.groupEnabled;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@sunnoy/wecom",
-    "version": "1.6.0",
+    "version": "1.6.2",
     "description": "Enterprise WeChat AI Bot channel plugin for OpenClaw",
     "type": "module",
     "main": "index.js",

package/wecom/accounts.js

@@ -79,16 +79,17 @@ function buildAccount(accountId, accountCfg) {
     agent?.corpId && agent?.corpSecret && agent?.agentId && agent?.token && agent?.encodingAesKey,
   );
 
+  const hasBotTokens = Boolean(accountCfg?.token && accountCfg?.encodingAesKey);
+  const defaultPath = accountId === DEFAULT_ACCOUNT_ID ? "/webhooks/wecom" : `/webhooks/wecom/${accountId}`;
+
   return {
     accountId,
     name: accountCfg?.name || accountId,
     enabled: accountCfg?.enabled !== false,
-    configured: Boolean(accountCfg?.token && accountCfg?.encodingAesKey) || agentConfigured,
+    configured: hasBotTokens || agentConfigured,
     token: accountCfg?.token || "",
     encodingAesKey: accountCfg?.encodingAesKey || "",
-    webhookPath:
-      accountCfg?.webhookPath ||
-      (accountId === DEFAULT_ACCOUNT_ID ? "/webhooks/wecom" : `/webhooks/wecom/${accountId}`),
+    webhookPath: accountCfg?.webhookPath || (hasBotTokens ? defaultPath : ""),
     config: accountCfg || {},
     agentConfigured,
     agentInboundConfigured,

package/wecom/agent-inbound.js

@@ -292,12 +292,18 @@ async function processAgentMessage({
 
   const dynamicConfig = getDynamicAgentConfig(accountCfg);
   const targetAgentId =
-    dynamicConfig.enabled && shouldUseDynamicAgent({ chatType: peerKind, config: accountCfg })
+    dynamicConfig.enabled
+    && shouldUseDynamicAgent({
+      chatType: peerKind,
+      config: accountCfg,
+      senderIsAdmin,
+    })
       ? generateAgentId(peerKind, peerId, accountId)
       : null;
 
+  const templateDir = accountCfg?.workspaceTemplate || config?.channels?.wecom?.workspaceTemplate;
   if (targetAgentId) {
-    await ensureDynamicAgentListed(targetAgentId);
+    await ensureDynamicAgentListed(targetAgentId, templateDir);
     logger.debug("[agent-inbound] dynamic agent", { agentId: targetAgentId, peerId });
   }
 

package/wecom/channel-plugin.js

@@ -92,6 +92,11 @@ export const wecomChannelPlugin = {
               description: "Enable per-user/per-group agent isolation",
               default: true,
             },
+            adminBypass: {
+              type: "boolean",
+              description: "When true, adminUsers bypass dynamic agent routing and use the default route",
+              default: false,
+            },
           },
         },
         dm: {
@@ -720,18 +725,18 @@ export const wecomChannelPlugin = {
         });
       }
 
-      const unregister = registerWebhookTarget({
-        path: account.webhookPath || "/webhooks/wecom",
-        account,
-        config: ctx.cfg,
-      });
-
-      // HTTP routing is handled by the wildcard handler registered in
-      // index.js via api.registerHttpHandler. That handler bypasses gateway
-      // auth, which is required for WeCom webhook callbacks (they carry
-      // msg_signature, not Bearer tokens).
-      const botPath = account.webhookPath || "/webhooks/wecom";
-      logger.info("WeCom Bot webhook path active", { path: botPath });
+      let unregister;
+      const botPath = account.webhookPath;
+      if (botPath) {
+        unregister = registerWebhookTarget({
+          path: botPath,
+          account,
+          config: ctx.cfg,
+        });
+        logger.info("WeCom Bot webhook path active", { path: botPath });
+      } else {
+        logger.debug("No Bot webhook path for this account, skipping", { accountId: account.accountId });
+      }
 
       // Register Agent inbound webhook if agent inbound is fully configured.
       let unregisterAgent;
@@ -773,7 +778,7 @@ export const wecomChannelPlugin = {
           clearTimeout(buf.timer);
         }
         messageBuffers.clear();
-        unregister();
+        if (unregister) unregister();
         if (unregisterAgent) unregisterAgent();
       };
 

package/wecom/inbound-processor.js

@@ -241,12 +241,19 @@ export async function processInboundMessage({
 
   // Compute deterministic agent target for this conversation.
   const targetAgentId =
-    dynamicConfig.enabled && shouldUseDynamicAgent({ chatType: peerKind, config: account.config })
+    dynamicConfig.enabled
+    && shouldUseDynamicAgent({
+      chatType: peerKind,
+      config: account.config,
+      senderIsAdmin,
+    })
       ? generateAgentId(peerKind, peerId, account.accountId)
       : null;
 
+  // Resolve template directory: per-account or global.
+  const templateDir = account.config?.workspaceTemplate || config?.channels?.wecom?.workspaceTemplate;
   if (targetAgentId) {
-    await ensureDynamicAgentListed(targetAgentId);
+    await ensureDynamicAgentListed(targetAgentId, templateDir);
     logger.debug("Using dynamic agent", { agentId: targetAgentId, chatType: peerKind, peerId });
   } else if (senderIsAdmin) {
     logger.debug("Admin user, dynamic agent disabled for this chat type; falling back to default route", {

package/wecom/outbound-delivery.js

@@ -1,5 +1,5 @@
-import { readFile, access, stat } from "node:fs/promises";
-import { basename, join } from "node:path";
+import { readFile, stat } from "node:fs/promises";
+import { basename, isAbsolute, relative, resolve, sep } from "node:path";
 import { logger } from "../logger.js";
 import { streamManager } from "../stream-manager.js";
 import { agentSendText, agentUploadMedia, agentSendMedia } from "./agent-api.js";
@@ -19,10 +19,36 @@ const WECOM_MIN_FILE_SIZE = 5;
  * ~/.openclaw/workspace-{agentId} on the host.  Any path starting with
  * /workspace/ is transparently rewritten when an agentId is available.
  */
+export function resolveWorkspaceHostPathSafe({ workspaceDir, workspacePath }) {
+  const relativePath = String(workspacePath || "").replace(/^\/workspace\/?/, "");
+  if (!relativePath) {
+    return null;
+  }
+
+  const hostPath = resolve(workspaceDir, relativePath);
+  const rel = relative(workspaceDir, hostPath);
+  const escapesWorkspace = rel === ".." || rel.startsWith(`..${sep}`) || isAbsolute(rel);
+  if (escapesWorkspace) {
+    return null;
+  }
+  return hostPath;
+}
+
 function resolveHostPath(filePath, effectiveAgentId) {
   if (effectiveAgentId && filePath.startsWith("/workspace/")) {
-    const relative = filePath.slice("/workspace/".length);
-    const hostPath = join(resolveAgentWorkspaceDirLocal(effectiveAgentId), relative);
+    const workspaceDir = resolveAgentWorkspaceDirLocal(effectiveAgentId);
+    const hostPath = resolveWorkspaceHostPathSafe({
+      workspaceDir,
+      workspacePath: filePath,
+    });
+    if (!hostPath) {
+      logger.warn("Rejected unsafe /workspace/ path outside workspace", {
+        sandbox: filePath,
+        workspaceDir,
+        agentId: effectiveAgentId,
+      });
+      return null;
+    }
     logger.debug("Resolved sandbox path to host path", { sandbox: filePath, host: hostPath });
     return hostPath;
   }
@@ -110,6 +136,12 @@ export async function deliverWecomReply({ payload, senderId, streamId, agentId }
     for (const media of mediaMatches) {
       // Resolve /workspace/ sandbox paths to host-side paths.
       const resolvedMediaPath = resolveHostPath(media.path, effectiveAgentId);
+      if (!resolvedMediaPath) {
+        processedText = processedText
+          .replace(media.fullMatch, "⚠️ 检测到不安全的 /workspace/ 路径，已拒绝发送")
+          .trim();
+        continue;
+      }
       const mediaExt = resolvedMediaPath.split(".").pop()?.toLowerCase() || "";
       if (mediaImageExts.has(mediaExt)) {
         // Image: queue for delivery when stream finishes.
@@ -177,6 +209,15 @@ export async function deliverWecomReply({ payload, senderId, streamId, agentId }
       }
       // Resolve /workspace/ sandbox paths to host-side paths.
       absPath = resolveHostPath(absPath, effectiveAgentId);
+      if (!absPath) {
+        const unsafeHint = "⚠️ 检测到不安全的 /workspace/ 路径，已拒绝发送";
+        if (streamId && streamManager.hasStream(streamId)) {
+          streamManager.appendStream(streamId, `\n\n${unsafeHint}`);
+        } else {
+          processedText = processedText ? `${processedText}\n\n${unsafeHint}` : unsafeHint;
+        }
+        continue;
+      }
 
       const isLocal = absPath.startsWith("/");
       const mediaFilename = isLocal ? basename(absPath) : (basename(new URL(mediaPath).pathname) || "file");
@@ -298,19 +339,36 @@ export async function deliverWecomReply({ payload, senderId, streamId, agentId }
       const imageExtsAuto = new Set(["jpg", "jpeg", "png", "gif", "bmp", "webp"]);
 
       for (const wsPath of detectedPaths) {
-        // /workspace/foo.pdf → hostDir/foo.pdf
-        const relativePath = wsPath.replace(/^\/workspace\/?/, "");
-        if (!relativePath) continue;
-        const hostPath = join(workspaceDir, relativePath);
+        // /workspace/foo.pdf → hostDir/foo.pdf (with traversal guard)
+        const hostPath = resolveWorkspaceHostPathSafe({
+          workspaceDir,
+          workspacePath: wsPath,
+        });
+        if (!hostPath) {
+          processedText = processedText.replace(wsPath, "⚠️ 检测到不安全的 /workspace/ 路径，已拒绝发送");
+          logger.warn("Auto-detect: rejected unsafe /workspace/ path", {
+            streamId,
+            wsPath,
+            workspaceDir,
+          });
+          continue;
+        }
         const filename = basename(hostPath);
         const ext = filename.split(".").pop()?.toLowerCase() || "";
 
         // Skip image files — they are handled by the stream msg_item mechanism.
         if (imageExtsAuto.has(ext)) continue;
 
-        // Check file existence on host.
+        // Check the path exists on host and is a regular file.
         try {
-          await access(hostPath);
+          const st = await stat(hostPath);
+          if (!st.isFile()) {
+            logger.debug("Auto-detect: path is not a regular file, skipping", {
+              wsPath,
+              hostPath,
+            });
+            continue;
+          }
         } catch {
           logger.debug("Auto-detect: workspace file not found on host, skipping", {
             wsPath,

package/wecom/workspace-template.js

@@ -36,9 +36,13 @@ export function getWorkspaceTemplateDir(config) {
  * Copy template files into a newly created agent's workspace directory.
  * Only copies files that don't already exist (writeFileIfMissing semantics).
  * Silently skips if workspaceTemplate is not configured or directory is missing.
+ *
+ * @param {string} agentId
+ * @param {object} config - OpenClaw config
+ * @param {string} [overrideTemplateDir] - Optional per-account template directory
  */
-export function seedAgentWorkspace(agentId, config) {
-  const templateDir = getWorkspaceTemplateDir(config);
+export function seedAgentWorkspace(agentId, config, overrideTemplateDir) {
+  const templateDir = overrideTemplateDir || getWorkspaceTemplateDir(config);
   if (!templateDir) {
     return;
   }
@@ -114,7 +118,7 @@ export function upsertAgentIdOnlyEntry(cfg, agentId) {
   return changed;
 }
 
-export async function ensureDynamicAgentListed(agentId) {
+export async function ensureDynamicAgentListed(agentId, templateDir) {
   const normalizedId = String(agentId || "")
     .trim()
     .toLowerCase();
@@ -128,28 +132,22 @@ export async function ensureDynamicAgentListed(agentId) {
     return;
   }
 
-  const queue = getEnsureDynamicAgentWriteQueue()
+  const queue = (getEnsureDynamicAgentWriteQueue() || Promise.resolve())
     .then(async () => {
-      const latestConfig = configRuntime.loadConfig();
-      if (!latestConfig || typeof latestConfig !== "object") {
+      const openclawConfig = getOpenclawConfig();
+      if (!openclawConfig || typeof openclawConfig !== "object") {
         return;
       }
 
-      const changed = upsertAgentIdOnlyEntry(latestConfig, normalizedId);
+      // Upsert into memory only. Writing to config file is dangerous and can wipe user settings.
+      const changed = upsertAgentIdOnlyEntry(openclawConfig, normalizedId);
       if (changed) {
-        await configRuntime.writeConfigFile(latestConfig);
-        logger.info("WeCom: dynamic agent added to agents.list", { agentId: normalizedId });
+        logger.info("WeCom: dynamic agent added to in-memory agents.list", { agentId: normalizedId });
       }
+      
       // Always attempt seeding so recreated/cleaned dynamic agents can recover
-      // template files even when the id already exists in agents.list.
-      seedAgentWorkspace(normalizedId, latestConfig);
-
-      // Keep runtime in-memory config aligned to avoid stale reads in this process.
-      const openclawConfig = getOpenclawConfig();
-      if (openclawConfig && typeof openclawConfig === "object") {
-        upsertAgentIdOnlyEntry(openclawConfig, normalizedId);
-        setOpenclawConfig(openclawConfig);
-      }
+      // template files.
+      seedAgentWorkspace(normalizedId, openclawConfig, templateDir);
 
       getEnsuredDynamicAgentIds().add(normalizedId);
     })

package/wecom/http-handler-state.js

@@ -1,23 +0,0 @@
-/**
- * Shared flag that tracks whether the legacy wildcard HTTP handler was
- * successfully registered via api.registerHttpHandler().
- *
- * When true, gateway.startAccount must NOT also register via
- * registerPluginHttpRoute — the latter places the path into
- * registry.httpRoutes which causes shouldEnforceGatewayAuthForPluginPath
- * → isRegisteredPluginHttpRoutePath to return true → gateway auth
- * enforcement runs → WeCom webhook callbacks (which carry msg_signature,
- * not Bearer tokens) get blocked with 401.
- *
- * This module is intentionally separate from index.js to avoid circular
- * ESM imports (index.js ↔ wecom/channel-plugin.js).
- */
-let _wildcardHttpHandlerRegistered = false;
-
-export function markWildcardHttpHandlerRegistered() {
-  _wildcardHttpHandlerRegistered = true;
-}
-
-export function isWildcardHttpHandlerRegistered() {
-  return _wildcardHttpHandlerRegistered;
-}