@sunnoy/wecom 1.9.0 → 2.0.0

package/wecom/constants.js

@@ -1,27 +1,49 @@
 import { join } from "node:path";
 
+export const CHANNEL_ID = "wecom";
 export const DEFAULT_ACCOUNT_ID = "default";
+export const DEFAULT_WEBSOCKET_URL = "wss://openws.work.weixin.qq.com";
+export const DEFAULT_WS_URL = DEFAULT_WEBSOCKET_URL;
+
+export const THINKING_MESSAGE = "<think></think>";
+export const MEDIA_IMAGE_PLACEHOLDER = "<media:image>";
+export const MEDIA_DOCUMENT_PLACEHOLDER = "<media:document>";
+
+export const IMAGE_DOWNLOAD_TIMEOUT_MS = 30_000;
+export const FILE_DOWNLOAD_TIMEOUT_MS = 60_000;
+export const REPLY_SEND_TIMEOUT_MS = 15_000;
+export const MESSAGE_PROCESS_TIMEOUT_MS = 5 * 60 * 1000;
+export const WS_HEARTBEAT_INTERVAL_MS = 30_000;
+export const WS_MAX_RECONNECT_ATTEMPTS = 100;
+
+export const MESSAGE_STATE_TTL_MS = 10 * 60 * 1000;
+export const MESSAGE_STATE_CLEANUP_INTERVAL_MS = 60_000;
+export const MESSAGE_STATE_MAX_SIZE = 500;
+export const REQID_TTL_MS = 7 * 24 * 60 * 60 * 1000;
+export const REQID_MAX_SIZE = 200;
+export const REQID_FLUSH_DEBOUNCE_MS = 1_000;
+
+export const PENDING_REPLY_TTL_MS = 5 * 60 * 1000;
+export const PENDING_REPLY_MAX_SIZE = 50;
+
+export const DEFAULT_MEDIA_MAX_MB = 5;
+export const TEXT_CHUNK_LIMIT = 4000;
+export const DEFAULT_WELCOME_MESSAGE = ["你好，我是 AI 助手。", "", "可用命令：", "/new", "/compact", "/help", "/status"].join(
+  "\n",
+);
 
-// Placeholder shown while the LLM is processing or the message is queued.
-export const THINKING_PLACEHOLDER = "思考中...";
-
-// Image cache directory.
 export const MEDIA_CACHE_DIR = join(process.env.HOME || "/tmp", ".openclaw", "media", "wecom");
 
-// Slash commands that are allowed by default.
 export const DEFAULT_COMMAND_ALLOWLIST = ["/new", "/compact", "/help", "/status"];
 export const HIGH_PRIORITY_COMMANDS = new Set(["/stop", "/new"]);
-
-// Default message shown when a command is blocked.
 export const DEFAULT_COMMAND_BLOCK_MESSAGE = `⚠️ 该命令不可用。
 
 支持的命令：
 • **/new** - 新建会话
-• **/compact** - 压缩会话（保留上下文摘要）
+• **/compact** - 压缩会话
 • **/help** - 查看帮助
 • **/status** - 查看状态`;
 
-// Files recognised by openclaw core as bootstrap files.
 export const BOOTSTRAP_FILENAMES = new Set([
   "AGENTS.md",
   "SOUL.md",
@@ -30,60 +52,48 @@ export const BOOTSTRAP_FILENAMES = new Set([
   "USER.md",
   "HEARTBEAT.md",
   "BOOTSTRAP.md",
+  "system-prompt.md",
 ]);
 
-// Per-user message debounce buffer.
-// Collects messages arriving within DEBOUNCE_MS into a single dispatch.
-export const DEBOUNCE_MS = 2000;
-
-export const MAIN_RESPONSE_IDLE_CLOSE_MS = 30 * 1000;
-export const SAFETY_NET_IDLE_CLOSE_MS = 90 * 1000;
-export const RESPONSE_URL_ERROR_BODY_PREVIEW_MAX = 300;
-
-// Default Agent API base URL (self-built application mode).
-// Can be overridden via `channels.wecom.network.apiBaseUrl` config or
-// `WECOM_API_BASE_URL` env var for users behind a reverse-proxy gateway
-// that relays requests to qyapi.weixin.qq.com (issue #79).
 const DEFAULT_API_BASE = "https://qyapi.weixin.qq.com";
+let apiBaseUrl = DEFAULT_API_BASE;
 
-let _apiBase = DEFAULT_API_BASE;
-
-/**
- * Set the API base URL from plugin config (called during plugin load).
- * @param {string} url
- */
 export function setApiBaseUrl(url) {
-  const trimmed = (url || "").trim().replace(/\/+$/, "");
-  _apiBase = trimmed || DEFAULT_API_BASE;
+  const trimmed = String(url ?? "").trim().replace(/\/+$/, "");
+  apiBaseUrl = trimmed || DEFAULT_API_BASE;
 }
 
-function apiBase() {
-  // Env var takes precedence over config.
-  const env = (process.env.WECOM_API_BASE_URL || "").trim().replace(/\/+$/, "");
-  return env || _apiBase;
+function resolveApiBaseUrl() {
+  const env = String(process.env.WECOM_API_BASE_URL ?? "").trim().replace(/\/+$/, "");
+  return env || apiBaseUrl;
 }
 
-// Agent API endpoints (self-built application mode).
 export const AGENT_API_ENDPOINTS = {
-  get GET_TOKEN() { return `${apiBase()}/cgi-bin/gettoken`; },
-  get SEND_MESSAGE() { return `${apiBase()}/cgi-bin/message/send`; },
-  get SEND_APPCHAT() { return `${apiBase()}/cgi-bin/appchat/send`; },
-  get UPLOAD_MEDIA() { return `${apiBase()}/cgi-bin/media/upload`; },
-  get DOWNLOAD_MEDIA() { return `${apiBase()}/cgi-bin/media/get`; },
+  get GET_TOKEN() {
+    return `${resolveApiBaseUrl()}/cgi-bin/gettoken`;
+  },
+  get SEND_MESSAGE() {
+    return `${resolveApiBaseUrl()}/cgi-bin/message/send`;
+  },
+  get SEND_APPCHAT() {
+    return `${resolveApiBaseUrl()}/cgi-bin/appchat/send`;
+  },
+  get UPLOAD_MEDIA() {
+    return `${resolveApiBaseUrl()}/cgi-bin/media/upload`;
+  },
+  get DOWNLOAD_MEDIA() {
+    return `${resolveApiBaseUrl()}/cgi-bin/media/get`;
+  },
 };
 
 export const TOKEN_REFRESH_BUFFER_MS = 60 * 1000;
 export const AGENT_API_REQUEST_TIMEOUT_MS = 15 * 1000;
-export const MAX_REQUEST_BODY_SIZE = 1024 * 1024; // 1 MB
-
-// Webhook Bot endpoints (group robot notifications).
-export const WEBHOOK_BOT_SEND_URL_DEFAULT = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send";
-export const WEBHOOK_BOT_UPLOAD_URL_DEFAULT = "https://qyapi.weixin.qq.com/cgi-bin/webhook/upload_media";
+export const MAX_REQUEST_BODY_SIZE = 1024 * 1024;
 
-// Dynamic getters so apiBaseUrl override applies to webhook bot too.
 export function getWebhookBotSendUrl() {
-  return `${apiBase()}/cgi-bin/webhook/send`;
+  return `${resolveApiBaseUrl()}/cgi-bin/webhook/send`;
 }
+
 export function getWebhookBotUploadUrl() {
-  return `${apiBase()}/cgi-bin/webhook/upload_media`;
+  return `${resolveApiBaseUrl()}/cgi-bin/webhook/upload_media`;
 }

package/wecom/dm-policy.js

@@ -0,0 +1,91 @@
+import { generateReqId } from "@wecom/aibot-node-sdk";
+import { logger } from "../logger.js";
+import { isSenderAllowed } from "./group-policy.js";
+import { getRuntime } from "./state.js";
+
+async function readStoredAllowFrom(pairing, accountId) {
+  const legacy = await pairing
+    .readAllowFromStore("wecom", undefined, accountId)
+    .catch(() => []);
+  const current = await pairing
+    .readAllowFromStore({ channel: "wecom", accountId })
+    .catch(() => []);
+  return [...legacy, ...current];
+}
+
+async function sendPairingReply({ wsClient, frame, text, sendReply }) {
+  if (typeof sendReply === "function") {
+    await sendReply({
+      frame,
+      text,
+      finish: true,
+      streamId: generateReqId("pairing"),
+    });
+    return;
+  }
+
+  const streamId = generateReqId("pairing");
+  await wsClient.replyStream(frame, streamId, text, true);
+}
+
+export async function checkDmPolicy({ senderId, isGroup, account, wsClient, frame, core, sendReply }) {
+  if (isGroup) {
+    return { allowed: true };
+  }
+
+  let runtime = null;
+  try {
+    runtime = getRuntime();
+  } catch {}
+  const pairing = core?.pairing ?? runtime?.channel?.pairing ?? runtime?.pairing;
+  const dmPolicy = account?.config?.dmPolicy ?? "pairing";
+  const configAllowFrom = (account?.config?.allowFrom ?? []).map((entry) => String(entry));
+
+  if (dmPolicy === "disabled") {
+    return { allowed: false };
+  }
+
+  if (dmPolicy === "open") {
+    return { allowed: true };
+  }
+
+  const storeAllowFrom = pairing ? await readStoredAllowFrom(pairing, account.accountId) : [];
+  const effectiveAllowFrom = [...configAllowFrom, ...storeAllowFrom];
+  if (isSenderAllowed(senderId, effectiveAllowFrom)) {
+    return { allowed: true };
+  }
+
+  if (dmPolicy === "pairing" && pairing) {
+    const request = await pairing.upsertPairingRequest({
+      channel: "wecom",
+      id: senderId,
+      accountId: account.accountId,
+      meta: { name: senderId },
+    });
+
+    if (request?.created) {
+      try {
+        const replyText = pairing.buildPairingReply({
+          channel: "wecom",
+          idLine: `您的企业微信用户ID: ${senderId}`,
+          code: request.code,
+        });
+        await sendPairingReply({
+          wsClient,
+          frame,
+          text: replyText,
+          sendReply,
+        });
+      } catch (error) {
+        logger.warn(`[wecom] failed to send pairing reply: ${error.message}`);
+      }
+    }
+
+    return {
+      allowed: false,
+      pairingSent: Boolean(request?.created),
+    };
+  }
+
+  return { allowed: false };
+}

package/wecom/group-policy.js

@@ -0,0 +1,85 @@
+import { normalizeWecomAllowFromEntry } from "./allow-from.js";
+
+function normalizeGroupEntry(entry) {
+  const trimmed = String(entry ?? "").trim();
+  if (!trimmed) {
+    return null;
+  }
+  if (trimmed === "*") {
+    return "*";
+  }
+  return trimmed.replace(/^wecom:/i, "").replace(/^(group|chat):/i, "").trim().toLowerCase();
+}
+
+function resolveGroupConfig(accountConfig, groupId) {
+  const groups = accountConfig?.groups;
+  if (!groups || typeof groups !== "object") {
+    return null;
+  }
+
+  const normalizedGroupId = String(groupId ?? "").trim().toLowerCase();
+  if (!normalizedGroupId) {
+    return groups["*"] ?? null;
+  }
+
+  for (const [key, value] of Object.entries(groups)) {
+    if (String(key).trim().toLowerCase() === normalizedGroupId) {
+      return value;
+    }
+  }
+
+  return groups["*"] ?? null;
+}
+
+function isGroupAllowed(groupId, allowFrom, policy) {
+  if (policy === "disabled") {
+    return false;
+  }
+  if (policy === "open") {
+    return true;
+  }
+
+  const normalizedGroupId = String(groupId ?? "").trim().toLowerCase();
+  const normalizedAllowFrom = (allowFrom ?? []).map(normalizeGroupEntry).filter(Boolean);
+  if (normalizedAllowFrom.includes("*")) {
+    return true;
+  }
+  return normalizedAllowFrom.includes(normalizedGroupId);
+}
+
+export function isSenderAllowed(senderId, allowFrom) {
+  const normalizedSender = normalizeWecomAllowFromEntry(senderId);
+  const normalizedAllowFrom = (allowFrom ?? []).map(normalizeWecomAllowFromEntry).filter(Boolean);
+
+  if (normalizedAllowFrom.includes("*")) {
+    return true;
+  }
+
+  return normalizedAllowFrom.includes(normalizedSender);
+}
+
+export function checkGroupPolicy({ chatId, senderId, account, config }) {
+  const groupPolicy =
+    account?.config?.groupPolicy ??
+    config?.channels?.wecom?.groupPolicy ??
+    "open";
+
+  const groupAllowFrom =
+    account?.config?.groupAllowFrom ??
+    config?.channels?.wecom?.groupAllowFrom ??
+    [];
+
+  if (!isGroupAllowed(chatId, groupAllowFrom, groupPolicy)) {
+    return { allowed: false };
+  }
+
+  const groupConfig = resolveGroupConfig(account?.config, chatId);
+  const senderAllowFrom = Array.isArray(groupConfig?.allowFrom) ? groupConfig.allowFrom : [];
+  if (senderAllowFrom.length === 0) {
+    return { allowed: true };
+  }
+
+  return {
+    allowed: isSenderAllowed(senderId, senderAllowFrom),
+  };
+}

package/wecom/onboarding.js

@@ -0,0 +1,117 @@
+import { addWildcardAllowFrom } from "openclaw/plugin-sdk";
+import { DEFAULT_WS_URL, DEFAULT_ACCOUNT_ID } from "./constants.js";
+import { resolveAccount, updateAccountConfig } from "./accounts.js";
+
+const CHANNEL_ID = "wecom";
+
+function resolveWizardAccountId(accountId) {
+  return String(accountId || DEFAULT_ACCOUNT_ID).trim() || DEFAULT_ACCOUNT_ID;
+}
+
+function resolveOnboardingAccountId(params) {
+  return resolveWizardAccountId(params?.accountId);
+}
+
+function setWecomDmPolicy(cfg, accountId, dmPolicy) {
+  const account = resolveAccount(cfg, accountId);
+  const existingAllowFrom = Array.isArray(account.config.allowFrom) ? account.config.allowFrom : [];
+  const nextAllowFrom =
+    dmPolicy === "open"
+      ? addWildcardAllowFrom(existingAllowFrom.map((entry) => String(entry)))
+      : existingAllowFrom.map((entry) => String(entry));
+
+  return updateAccountConfig(cfg, accountId, {
+    dmPolicy,
+    allowFrom: nextAllowFrom,
+  });
+}
+
+async function promptBotId(prompter, account) {
+  return String(
+    await prompter.text({
+      message: "企业微信机器人 Bot ID",
+      initialValue: account?.botId ?? "",
+      validate: (value) => (String(value ?? "").trim() ? undefined : "Required"),
+    }),
+  ).trim();
+}
+
+async function promptSecret(prompter, account) {
+  return String(
+    await prompter.text({
+      message: "企业微信机器人 Secret",
+      initialValue: account?.secret ?? "",
+      validate: (value) => (String(value ?? "").trim() ? undefined : "Required"),
+    }),
+  ).trim();
+}
+
+async function promptWebsocketUrl(prompter, account) {
+  return String(
+    await prompter.text({
+      message: "企业微信 WebSocket 地址（留空使用官方默认地址）",
+      initialValue: account?.websocketUrl ?? DEFAULT_WS_URL,
+    }),
+  ).trim();
+}
+
+const dmPolicy = {
+  label: "企业微信",
+  channel: CHANNEL_ID,
+  policyKey: "channels.wecom.dmPolicy",
+  allowFromKey: "channels.wecom.allowFrom",
+  getCurrent: (cfg, accountId) => resolveAccount(cfg, resolveWizardAccountId(accountId)).config.dmPolicy ?? "pairing",
+  setPolicy: (cfg, policy, accountId) => setWecomDmPolicy(cfg, resolveWizardAccountId(accountId), policy),
+  promptAllowFrom: async ({ cfg, prompter, accountId }) => {
+    const resolvedAccountId = resolveOnboardingAccountId({ accountId });
+    const account = resolveAccount(cfg, resolvedAccountId);
+    const existingAllowFrom = Array.isArray(account.config.allowFrom) ? account.config.allowFrom : [];
+    const input = await prompter.text({
+      message: "企业微信 allowFrom（用户ID，每行一个）",
+      initialValue: existingAllowFrom.join("\n"),
+      placeholder: "user_a\nuser_b",
+    });
+
+    const allowFrom = String(input ?? "")
+      .split(/[\n,;]+/g)
+      .map((entry) => entry.trim())
+      .filter(Boolean);
+
+    return updateAccountConfig(cfg, resolvedAccountId, { allowFrom });
+  },
+};
+
+export const wecomOnboardingAdapter = {
+  channel: CHANNEL_ID,
+  getStatus: async ({ cfg, accountId }) => {
+    const account = resolveAccount(cfg, resolveOnboardingAccountId({ accountId }));
+    const configured = Boolean(account.botId && account.secret);
+    return {
+      channel: CHANNEL_ID,
+      configured,
+      statusLines: [`企业微信: ${configured ? "已配置" : "需要 Bot ID 和 Secret"}`],
+      selectionHint: configured ? "已配置" : "需要设置",
+    };
+  },
+  configure: async ({ cfg, prompter, accountId }) => {
+    const resolvedAccountId = resolveWizardAccountId(accountId);
+    const account = resolveAccount(cfg, resolvedAccountId);
+    const botId = await promptBotId(prompter, account);
+    const secret = await promptSecret(prompter, account);
+    const websocketUrl = await promptWebsocketUrl(prompter, account);
+
+    const nextCfg = updateAccountConfig(cfg, resolvedAccountId, {
+      enabled: true,
+      botId,
+      secret,
+      websocketUrl: websocketUrl || DEFAULT_WS_URL,
+      sendThinkingMessage: account.sendThinkingMessage !== false,
+      dmPolicy: account.config.dmPolicy ?? "pairing",
+      allowFrom: account.config.allowFrom ?? [],
+    });
+
+    return { cfg: nextCfg };
+  },
+  dmPolicy,
+  disable: (cfg, accountId) => updateAccountConfig(cfg, resolveWizardAccountId(accountId), { enabled: false }),
+};