@tencent-connect/openclaw-qqbot 1.7.1 → 1.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/README.md +188 -3
  2. package/README.zh.md +190 -3
  3. package/dist/index.d.ts +1 -0
  4. package/dist/index.js +1 -0
  5. package/dist/src/api.d.ts +2 -0
  6. package/dist/src/api.js +16 -3
  7. package/dist/src/config.d.ts +5 -1
  8. package/dist/src/config.js +12 -2
  9. package/dist/src/gateway.js +131 -169
  10. package/dist/src/slash-commands.js +119 -3
  11. package/dist/src/tools/channel.js +1 -4
  12. package/dist/src/tools/remind.js +0 -1
  13. package/dist/src/transport/index.d.ts +10 -0
  14. package/dist/src/transport/index.js +9 -0
  15. package/dist/src/transport/webhook-transport.d.ts +67 -0
  16. package/dist/src/transport/webhook-transport.js +245 -0
  17. package/dist/src/transport/webhook-verify.d.ts +48 -0
  18. package/dist/src/transport/webhook-verify.js +98 -0
  19. package/dist/src/types.d.ts +19 -0
  20. package/dist/src/utils/audio-convert.js +37 -9
  21. package/index.ts +1 -0
  22. package/package.json +1 -1
  23. package/scripts/postinstall-link-sdk.js +44 -0
  24. package/scripts/upgrade-via-npm.sh +358 -62
  25. package/scripts/upgrade-via-source.sh +122 -85
  26. package/src/api.ts +18 -4
  27. package/src/config.ts +15 -2
  28. package/src/gateway.ts +135 -167
  29. package/src/onboarding.ts +8 -0
  30. package/src/slash-commands.ts +137 -3
  31. package/src/tools/channel.ts +1 -7
  32. package/src/tools/remind.ts +0 -2
  33. package/src/transport/index.ts +11 -0
  34. package/src/transport/webhook-transport.ts +332 -0
  35. package/src/transport/webhook-verify.ts +119 -0
  36. package/src/types.ts +22 -1
  37. package/src/typings/openclaw-webhook-ingress.d.ts +66 -0
  38. package/src/utils/audio-convert.ts +37 -9
@@ -0,0 +1,245 @@
1
+ /**
2
+ * Webhook Transport — receive QQ Bot events via HTTP POST callbacks.
3
+ *
4
+ * Uses OpenClaw plugin-sdk's `registerWebhookTargetWithPluginRoute` (模式 C)
5
+ * to register webhook HTTP routes through the framework's gateway HTTP server,
6
+ * sharing the same port and benefiting from built-in rate limiting & in-flight guards.
7
+ *
8
+ * Architecture:
9
+ * 1. On gateway startAccount, register a webhook target via plugin-sdk
10
+ * 2. Framework routes POST requests to our handler
11
+ * 3. Handler verifies Ed25519 signatures and dispatches events
12
+ * 4. Returns op:12 ACK immediately, processes events asynchronously
13
+ * 5. On account stop (abortSignal), unregister the target
14
+ *
15
+ * Configuration (openclaw.yaml):
16
+ * ```yaml
17
+ * channels:
18
+ * qqbot:
19
+ * appId: "xxx"
20
+ * clientSecret: "xxx"
21
+ * transport: webhook
22
+ * webhook:
23
+ * path: /qqbot/webhook
24
+ * ```
25
+ */
26
+ import { registerWebhookTargetWithPluginRoute, withResolvedWebhookRequestPipeline, resolveWebhookTargetWithAuthOrRejectSync, createWebhookInFlightLimiter, createFixedWindowRateLimiter, readWebhookBodyOrReject, } from "openclaw/plugin-sdk/webhook-ingress";
27
+ import { verifyWebhookSignature, signValidationResponse } from "./webhook-verify.js";
28
+ // ============ Constants ============
29
+ const OP_DISPATCH = 0;
30
+ const OP_HTTP_CALLBACK_ACK = 12;
31
+ const OP_VALIDATION = 13;
32
+ const PLUGIN_ID = "openclaw-qqbot";
33
+ const DEFAULT_WEBHOOK_PATH = "/qqbot/webhook";
34
+ // ============ Module state ============
35
+ /** Per-path target registry (shared across all accounts) */
36
+ const webhookTargets = new Map();
37
+ /** Per-account event handler map */
38
+ const eventHandlers = new Map();
39
+ /** Module-level logger (set by the last startWebhookTransport call) */
40
+ let log;
41
+ /** Shared rate limiter (fixed window, per source IP) */
42
+ let rateLimiter = null;
43
+ /** Shared in-flight limiter */
44
+ let inFlightLimiter = null;
45
+ function ensureGuards() {
46
+ if (!rateLimiter) {
47
+ rateLimiter = createFixedWindowRateLimiter({
48
+ windowMs: 60_000,
49
+ maxRequests: 600,
50
+ maxTrackedKeys: 4096,
51
+ });
52
+ }
53
+ if (!inFlightLimiter) {
54
+ inFlightLimiter = createWebhookInFlightLimiter({
55
+ maxInFlightPerKey: 8,
56
+ maxTrackedKeys: 4096,
57
+ });
58
+ }
59
+ return { rateLimiter, inFlightLimiter };
60
+ }
61
+ // ============ Main handler ============
62
+ /**
63
+ * Shared HTTP handler for all QQBot webhook routes.
64
+ * Registered once per unique path, dispatches to the correct account target.
65
+ */
66
+ async function handleQQBotWebhookRequest(req, res) {
67
+ const guards = ensureGuards();
68
+ const handled = await withResolvedWebhookRequestPipeline({
69
+ req,
70
+ res,
71
+ targetsByPath: webhookTargets,
72
+ rateLimiter: guards.rateLimiter,
73
+ inFlightLimiter: guards.inFlightLimiter,
74
+ requireJsonContentType: true,
75
+ handle: async ({ targets }) => {
76
+ // Read raw body (up to 1MB, 30s timeout)
77
+ const bodyResult = await readWebhookBodyOrReject({
78
+ req,
79
+ res,
80
+ maxBytes: 1024 * 1024,
81
+ timeoutMs: 30_000,
82
+ });
83
+ if (!bodyResult.ok)
84
+ return;
85
+ const rawBodyStr = bodyResult.value;
86
+ const rawBody = Buffer.from(rawBodyStr, "utf-8");
87
+ let payload;
88
+ try {
89
+ payload = JSON.parse(rawBodyStr);
90
+ }
91
+ catch (err) {
92
+ log?.error(`[qqbot:webhook] Failed to parse request body as JSON: ${err instanceof Error ? err.message : String(err)}, body preview: ${rawBodyStr.slice(0, 200)}`);
93
+ res.statusCode = 400;
94
+ res.end(JSON.stringify({ error: "invalid json" }));
95
+ return;
96
+ }
97
+ // ── op:13 — Callback URL validation (before signature check) ──
98
+ if (payload.op === OP_VALIDATION) {
99
+ handleValidation(payload, targets, res);
100
+ return;
101
+ }
102
+ // ── Signature verification → resolve target ──
103
+ const timestamp = getHeader(req, "x-signature-timestamp") ?? "";
104
+ const signature = getHeader(req, "x-signature-ed25519") ?? "";
105
+ if (!timestamp || !signature) {
106
+ log?.warn?.(`[qqbot:webhook] Missing signature headers — timestamp: "${timestamp}", signature: "${signature}", url: ${req.url}`);
107
+ res.statusCode = 401;
108
+ res.end(JSON.stringify({ error: "missing signature headers" }));
109
+ return;
110
+ }
111
+ const matchedTarget = resolveWebhookTargetWithAuthOrRejectSync({
112
+ targets,
113
+ res,
114
+ isMatch: (target) => verifyWebhookSignature({
115
+ body: rawBody,
116
+ timestamp,
117
+ signature,
118
+ botSecret: target.clientSecret,
119
+ }),
120
+ unauthorizedStatusCode: 401,
121
+ unauthorizedMessage: JSON.stringify({ error: "invalid signature" }),
122
+ });
123
+ if (!matchedTarget) {
124
+ log?.warn?.(`[qqbot:webhook] Signature verification failed for path: ${req.url}, timestamp: ${timestamp}`);
125
+ return; // response already sent by resolver
126
+ }
127
+ // ── ACK immediately ──
128
+ res.statusCode = 200;
129
+ res.setHeader("Content-Type", "application/json");
130
+ res.end(JSON.stringify({ op: OP_HTTP_CALLBACK_ACK, d: 0 }));
131
+ // ── Async dispatch (fire-and-forget) ──
132
+ if (payload.op === OP_DISPATCH) {
133
+ const handler = eventHandlers.get(matchedTarget.accountId);
134
+ if (handler) {
135
+ Promise.resolve(handler({
136
+ eventType: payload.t ?? "",
137
+ data: payload.d,
138
+ seq: payload.s,
139
+ })).catch((err) => {
140
+ log?.error(`[qqbot:${matchedTarget.accountId}] Event handler error for "${payload.t}": ${err instanceof Error ? err.message : String(err)}`);
141
+ });
142
+ }
143
+ else {
144
+ log?.warn?.(`[qqbot:webhook] No event handler registered for account: ${matchedTarget.accountId}, event: ${payload.t}`);
145
+ }
146
+ }
147
+ },
148
+ });
149
+ return handled;
150
+ }
151
+ // ============ Validation handler (op:13) ============
152
+ function handleValidation(payload, targets, res) {
153
+ const d = payload.d;
154
+ if (!d?.plain_token || !d?.event_ts) {
155
+ log?.warn?.(`[qqbot:webhook] Invalid validation payload (op:13): missing plain_token or event_ts, got: ${JSON.stringify(d)}`);
156
+ res.statusCode = 400;
157
+ res.end(JSON.stringify({ error: "invalid validation payload" }));
158
+ return;
159
+ }
160
+ // Use the first target's secret for validation
161
+ // (op:13 is sent during URL registration, only one bot should be using the path at that time)
162
+ const target = targets[0];
163
+ if (!target) {
164
+ log?.error(`[qqbot:webhook] No target registered for validation (op:13), cannot sign response`);
165
+ res.statusCode = 500;
166
+ res.end(JSON.stringify({ error: "no target registered" }));
167
+ return;
168
+ }
169
+ const response = signValidationResponse({
170
+ plainToken: d.plain_token,
171
+ eventTs: d.event_ts,
172
+ botSecret: target.clientSecret,
173
+ });
174
+ res.statusCode = 200;
175
+ res.setHeader("Content-Type", "application/json");
176
+ res.end(JSON.stringify(response));
177
+ }
178
+ // ============ Public API ============
179
+ /**
180
+ * Start the webhook transport for a given account.
181
+ *
182
+ * Registers a webhook target on the framework's plugin HTTP route system.
183
+ * The handler verifies Ed25519 signatures, ACKs immediately, and dispatches
184
+ * events asynchronously via the provided `onEvent` callback.
185
+ *
186
+ * Returns when the abortSignal is triggered (account stopped).
187
+ */
188
+ export async function startWebhookTransport(opts) {
189
+ const { account, abortSignal, onEvent, onReady, onError, log: optLog } = opts;
190
+ log = optLog;
191
+ const webhookPath = account.config.webhook?.path ?? DEFAULT_WEBHOOK_PATH;
192
+ log?.info(`[qqbot:${account.accountId}] Starting webhook transport on path: ${webhookPath}`);
193
+ // Register event handler for this account
194
+ eventHandlers.set(account.accountId, onEvent);
195
+ // Register webhook target + plugin HTTP route
196
+ const { unregister } = registerWebhookTargetWithPluginRoute({
197
+ targetsByPath: webhookTargets,
198
+ target: {
199
+ path: webhookPath,
200
+ accountId: account.accountId,
201
+ appId: account.appId,
202
+ clientSecret: account.clientSecret,
203
+ },
204
+ route: {
205
+ auth: "plugin",
206
+ match: "exact",
207
+ pluginId: PLUGIN_ID,
208
+ source: "qqbot-webhook",
209
+ accountId: account.accountId,
210
+ replaceExisting: true,
211
+ log: (msg) => log?.info(msg),
212
+ handler: handleQQBotWebhookRequest,
213
+ },
214
+ onLastPathTargetRemoved: () => {
215
+ log?.info(`[qqbot] Last webhook target removed from path: ${webhookPath}`);
216
+ },
217
+ });
218
+ log?.info(`[qqbot:${account.accountId}] Webhook transport registered on path: ${webhookPath}`);
219
+ onReady?.();
220
+ // Wait until abort signal fires
221
+ await new Promise((resolve) => {
222
+ if (abortSignal.aborted) {
223
+ resolve();
224
+ return;
225
+ }
226
+ abortSignal.addEventListener("abort", () => resolve(), { once: true });
227
+ });
228
+ // Cleanup
229
+ unregister();
230
+ eventHandlers.delete(account.accountId);
231
+ log?.info(`[qqbot:${account.accountId}] Webhook transport stopped`);
232
+ }
233
+ /**
234
+ * Resolve the webhook path for a given account (for external configuration / setWebhook calls).
235
+ */
236
+ export function resolveWebhookPath(account) {
237
+ return account.config.webhook?.path ?? DEFAULT_WEBHOOK_PATH;
238
+ }
239
+ // ============ Helpers ============
240
+ function getHeader(req, key) {
241
+ const val = req.headers[key];
242
+ if (Array.isArray(val))
243
+ return val[0];
244
+ return val;
245
+ }
@@ -0,0 +1,48 @@
1
+ /**
2
+ * Webhook signature verification — Ed25519.
3
+ *
4
+ * QQ Open Platform uses Ed25519 for webhook callback verification:
5
+ * 1. Bot secret is padded/truncated to 32 bytes as the Ed25519 seed.
6
+ * 2. The public key verifies `timestamp + body` against `X-Signature-Ed25519`.
7
+ * 3. For callback URL validation (op:13), signs `event_ts + plain_token`.
8
+ *
9
+ * Reference: https://bot.q.qq.com/wiki/develop/api-v2/dev-prepare/interface-framework/event-emit.html
10
+ */
11
+ /**
12
+ * Sign a message using the bot's Ed25519 private key.
13
+ * Returns hex-encoded signature.
14
+ */
15
+ export declare function ed25519Sign(botSecret: string, message: Buffer): string;
16
+ /**
17
+ * Verify an Ed25519 signature from a QQ webhook callback request.
18
+ *
19
+ * @param params.body - Raw request body (Buffer)
20
+ * @param params.timestamp - Value of `X-Signature-Timestamp` header
21
+ * @param params.signature - Value of `X-Signature-Ed25519` header (hex string)
22
+ * @param params.botSecret - The bot's AppSecret
23
+ * @returns `true` if signature is valid
24
+ */
25
+ export declare function verifyWebhookSignature(params: {
26
+ body: Buffer;
27
+ timestamp: string;
28
+ signature: string;
29
+ botSecret: string;
30
+ }): boolean;
31
+ /**
32
+ * Generate the response for callback URL validation (op:13).
33
+ *
34
+ * QQ sends `{ op: 13, d: { plain_token, event_ts } }` to verify
35
+ * the callback URL. We must return `{ plain_token, signature }`.
36
+ *
37
+ * @param params.plainToken - The `plain_token` from the validation request
38
+ * @param params.eventTs - The `event_ts` from the validation request
39
+ * @param params.botSecret - The bot's AppSecret
40
+ */
41
+ export declare function signValidationResponse(params: {
42
+ plainToken: string;
43
+ eventTs: string;
44
+ botSecret: string;
45
+ }): {
46
+ plain_token: string;
47
+ signature: string;
48
+ };
@@ -0,0 +1,98 @@
1
+ /**
2
+ * Webhook signature verification — Ed25519.
3
+ *
4
+ * QQ Open Platform uses Ed25519 for webhook callback verification:
5
+ * 1. Bot secret is padded/truncated to 32 bytes as the Ed25519 seed.
6
+ * 2. The public key verifies `timestamp + body` against `X-Signature-Ed25519`.
7
+ * 3. For callback URL validation (op:13), signs `event_ts + plain_token`.
8
+ *
9
+ * Reference: https://bot.q.qq.com/wiki/develop/api-v2/dev-prepare/interface-framework/event-emit.html
10
+ */
11
+ import * as crypto from "node:crypto";
12
+ // ============ Seed derivation ============
13
+ /**
14
+ * Derive an Ed25519 seed (32 bytes) from the bot secret.
15
+ * QQ's spec: repeat the secret until >= 32 chars, then truncate to 32.
16
+ */
17
+ function deriveSeed(botSecret) {
18
+ let seed = botSecret;
19
+ while (seed.length < 32) {
20
+ seed = seed + seed;
21
+ }
22
+ return Buffer.from(seed.slice(0, 32), "utf-8");
23
+ }
24
+ /**
25
+ * Generate Ed25519 key pair from bot secret.
26
+ */
27
+ function getKeyPair(botSecret) {
28
+ const seed = deriveSeed(botSecret);
29
+ // Node.js Ed25519: create private key from raw 32-byte seed
30
+ const privateKey = crypto.createPrivateKey({
31
+ key: Buffer.concat([
32
+ // Ed25519 PKCS8 DER prefix for 32-byte seed
33
+ Buffer.from("302e020100300506032b657004220420", "hex"),
34
+ seed,
35
+ ]),
36
+ format: "der",
37
+ type: "pkcs8",
38
+ });
39
+ const publicKey = crypto.createPublicKey(privateKey);
40
+ return { privateKey, publicKey };
41
+ }
42
+ // ============ Signature generation ============
43
+ /**
44
+ * Sign a message using the bot's Ed25519 private key.
45
+ * Returns hex-encoded signature.
46
+ */
47
+ export function ed25519Sign(botSecret, message) {
48
+ const { privateKey } = getKeyPair(botSecret);
49
+ const signature = crypto.sign(null, message, privateKey);
50
+ return signature.toString("hex");
51
+ }
52
+ // ============ Signature verification ============
53
+ /**
54
+ * Verify an Ed25519 signature from a QQ webhook callback request.
55
+ *
56
+ * @param params.body - Raw request body (Buffer)
57
+ * @param params.timestamp - Value of `X-Signature-Timestamp` header
58
+ * @param params.signature - Value of `X-Signature-Ed25519` header (hex string)
59
+ * @param params.botSecret - The bot's AppSecret
60
+ * @returns `true` if signature is valid
61
+ */
62
+ export function verifyWebhookSignature(params) {
63
+ const { body, timestamp, signature, botSecret } = params;
64
+ try {
65
+ const { publicKey } = getKeyPair(botSecret);
66
+ const message = Buffer.concat([
67
+ Buffer.from(timestamp, "utf-8"),
68
+ body,
69
+ ]);
70
+ const sigBuffer = Buffer.from(signature, "hex");
71
+ return crypto.verify(null, message, publicKey, sigBuffer);
72
+ }
73
+ catch (err) {
74
+ console.warn(`[qqbot:webhook-verify] Ed25519 verification threw: ${err instanceof Error ? err.message : String(err)}`);
75
+ return false;
76
+ }
77
+ }
78
+ // ============ Callback URL validation (op:13) ============
79
+ /**
80
+ * Generate the response for callback URL validation (op:13).
81
+ *
82
+ * QQ sends `{ op: 13, d: { plain_token, event_ts } }` to verify
83
+ * the callback URL. We must return `{ plain_token, signature }`.
84
+ *
85
+ * @param params.plainToken - The `plain_token` from the validation request
86
+ * @param params.eventTs - The `event_ts` from the validation request
87
+ * @param params.botSecret - The bot's AppSecret
88
+ */
89
+ export function signValidationResponse(params) {
90
+ const { plainToken, eventTs, botSecret } = params;
91
+ // Sign: event_ts + plain_token
92
+ const message = Buffer.from(eventTs + plainToken, "utf-8");
93
+ const signature = ed25519Sign(botSecret, message);
94
+ return {
95
+ plain_token: plainToken,
96
+ signature,
97
+ };
98
+ }
@@ -26,6 +26,8 @@ export interface ResolvedQQBotAccount {
26
26
  imageServerBaseUrl?: string;
27
27
  /** 是否支持 markdown 消息(默认 true) */
28
28
  markdownSupport: boolean;
29
+ /** User-Agent 追加后缀(从通道级配置 channels.qqbot.userAgentSuffix 解析) */
30
+ userAgentSuffix?: string;
29
31
  config: QQBotAccountConfig;
30
32
  }
31
33
  /** 群消息策略:open=全响应 | allowlist=白名单 | disabled=不响应 */
@@ -50,6 +52,13 @@ export interface GroupConfig {
50
52
  /** 群历史消息缓存条数(0 禁用,默认 20) */
51
53
  historyLimit?: number;
52
54
  }
55
+ /** 消息接收传输方式 */
56
+ export type TransportMode = "websocket" | "webhook";
57
+ /** Webhook 传输配置 */
58
+ export interface WebhookTransportConfig {
59
+ /** 监听路径(默认 /qqbot/webhook) */
60
+ path?: string;
61
+ }
53
62
  /**
54
63
  * QQ Bot 账户配置
55
64
  */
@@ -61,6 +70,10 @@ export interface QQBotAccountConfig {
61
70
  clientSecretFile?: string;
62
71
  dmPolicy?: "open" | "pairing" | "allowlist";
63
72
  allowFrom?: string[];
73
+ /** 消息接收传输方式:websocket(默认)| webhook */
74
+ transport?: TransportMode;
75
+ /** webhook 传输配置(transport="webhook" 时生效) */
76
+ webhook?: WebhookTransportConfig;
64
77
  /** 群消息策略(默认 allowlist) */
65
78
  groupPolicy?: GroupPolicy;
66
79
  /** 群白名单(groupPolicy 为 allowlist 时生效) */
@@ -107,6 +120,12 @@ export interface QQBotAccountConfig {
107
120
  * 示例: "ryantest/openclaw-qqbot"
108
121
  */
109
122
  upgradePkg?: string;
123
+ /**
124
+ * 群消息是否默认需要 @机器人才响应(默认 true)
125
+ * 优先级低于 groups.{groupId}.requireMention 和 groups."*".requireMention
126
+ * 设为 false 时,所有群默认无需 @ 即触发回复(仍可被群级配置覆盖)
127
+ */
128
+ defaultRequireMention?: boolean;
110
129
  /**
111
130
  * 出站消息合并回复(debounce)配置
112
131
  * 当短时间内收到多次 deliver 时,将文本合并为一条消息发送,避免消息轰炸
@@ -1,8 +1,29 @@
1
1
  import * as fs from "node:fs";
2
2
  import * as path from "node:path";
3
3
  import { execFile } from "node:child_process";
4
- import { decode, encode, isSilk } from "silk-wasm";
5
4
  import { detectFfmpeg, isWindows } from "./platform.js";
5
+ // silk-wasm 动态加载(可选依赖,未安装时降级为不支持语音编解码)
6
+ let silkWasm = null;
7
+ let silkWasmLoaded = false;
8
+ async function loadSilkWasm() {
9
+ if (silkWasmLoaded)
10
+ return silkWasm;
11
+ silkWasmLoaded = true;
12
+ try {
13
+ silkWasm = await import("silk-wasm");
14
+ }
15
+ catch {
16
+ console.warn("[audio-convert] silk-wasm not available, voice encoding/decoding disabled");
17
+ silkWasm = null;
18
+ }
19
+ return silkWasm;
20
+ }
21
+ // 同步版本的 isSilk(用于不方便 await 的场景),首次调用前需先 loadSilkWasm
22
+ function isSilkSync(data) {
23
+ if (!silkWasm)
24
+ return false;
25
+ return silkWasm.isSilk(data);
26
+ }
6
27
  /**
7
28
  * 检查文件是否为 SILK 格式(QQ/微信语音常用格式)
8
29
  * QQ 语音文件通常以 .amr 扩展名保存,但实际编码可能是 SILK v3
@@ -11,7 +32,7 @@ import { detectFfmpeg, isWindows } from "./platform.js";
11
32
  function isSilkFile(filePath) {
12
33
  try {
13
34
  const buf = fs.readFileSync(filePath);
14
- return isSilk(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
35
+ return isSilkSync(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
15
36
  }
16
37
  catch {
17
38
  return false;
@@ -76,13 +97,14 @@ export async function convertSilkToWav(inputPath, outputDir) {
76
97
  // 转为 Uint8Array 以兼容 silk-wasm 类型要求
77
98
  const rawData = new Uint8Array(strippedBuf.buffer, strippedBuf.byteOffset, strippedBuf.byteLength);
78
99
  // 验证是否为 SILK 格式
79
- if (!isSilk(rawData)) {
100
+ const silk = await loadSilkWasm();
101
+ if (!silk || !silk.isSilk(rawData)) {
80
102
  return null;
81
103
  }
82
104
  // SILK 解码为 PCM (s16le)
83
105
  // QQ 语音通常采样率为 24000Hz
84
106
  const sampleRate = 24000;
85
- const result = await decode(rawData, sampleRate);
107
+ const result = await silk.decode(rawData, sampleRate);
86
108
  // PCM → WAV
87
109
  const wavBuffer = pcmToWav(result.data, sampleRate);
88
110
  // 写入 WAV 文件
@@ -317,8 +339,12 @@ export async function textToSpeechPCM(text, ttsCfg) {
317
339
  throw lastError ?? new Error("TTS failed: all formats exhausted");
318
340
  }
319
341
  export async function pcmToSilk(pcmBuffer, sampleRate) {
342
+ const silk = await loadSilkWasm();
343
+ if (!silk) {
344
+ throw new Error("silk-wasm not available, cannot encode PCM to SILK. Install silk-wasm to enable voice sending.");
345
+ }
320
346
  const pcmData = new Uint8Array(pcmBuffer.buffer, pcmBuffer.byteOffset, pcmBuffer.byteLength);
321
- const result = await encode(pcmData, sampleRate);
347
+ const result = await silk.encode(pcmData, sampleRate);
322
348
  return {
323
349
  silkBuffer: Buffer.from(result.data.buffer, result.data.byteOffset, result.data.byteLength),
324
350
  duration: result.duration,
@@ -365,10 +391,11 @@ export async function audioFileToSilkBase64(filePath, directUploadFormats) {
365
391
  return buf.toString("base64");
366
392
  }
367
393
  // 1. .slk / .amr 扩展名 → 检测 SILK 魔数,是 SILK 则直传
394
+ const silk = await loadSilkWasm();
368
395
  if ([".slk", ".slac"].includes(ext)) {
369
396
  const stripped = stripAmrHeader(buf);
370
397
  const raw = new Uint8Array(stripped.buffer, stripped.byteOffset, stripped.byteLength);
371
- if (isSilk(raw)) {
398
+ if (silk?.isSilk(raw)) {
372
399
  console.log(`[audio-convert] SILK file, direct use: ${filePath} (${buf.length} bytes)`);
373
400
  return buf.toString("base64");
374
401
  }
@@ -377,7 +404,7 @@ export async function audioFileToSilkBase64(filePath, directUploadFormats) {
377
404
  const rawCheck = new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);
378
405
  const strippedCheck = stripAmrHeader(buf);
379
406
  const strippedRaw = new Uint8Array(strippedCheck.buffer, strippedCheck.byteOffset, strippedCheck.byteLength);
380
- if (isSilk(rawCheck) || isSilk(strippedRaw)) {
407
+ if (silk?.isSilk(rawCheck) || silk?.isSilk(strippedRaw)) {
381
408
  console.log(`[audio-convert] SILK detected by header: ${filePath} (${buf.length} bytes)`);
382
409
  return buf.toString("base64");
383
410
  }
@@ -458,10 +485,11 @@ export async function audioFileToSilkFile(filePath, directUploadFormats) {
458
485
  return filePath;
459
486
  }
460
487
  // 1. 已经是 SILK 编码 → 直接返回原文件
488
+ const silk = await loadSilkWasm();
461
489
  if ([".slk", ".slac"].includes(ext)) {
462
490
  const stripped = stripAmrHeader(buf);
463
491
  const raw = new Uint8Array(stripped.buffer, stripped.byteOffset, stripped.byteLength);
464
- if (isSilk(raw)) {
492
+ if (silk?.isSilk(raw)) {
465
493
  console.log(`[audio-convert] SILK file, direct use: ${filePath} (${buf.length} bytes)`);
466
494
  return filePath;
467
495
  }
@@ -469,7 +497,7 @@ export async function audioFileToSilkFile(filePath, directUploadFormats) {
469
497
  const rawCheck = new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);
470
498
  const strippedCheck = stripAmrHeader(buf);
471
499
  const strippedRaw = new Uint8Array(strippedCheck.buffer, strippedCheck.byteOffset, strippedCheck.byteLength);
472
- if (isSilk(rawCheck) || isSilk(strippedRaw)) {
500
+ if (silk?.isSilk(rawCheck) || silk?.isSilk(strippedRaw)) {
473
501
  console.log(`[audio-convert] SILK detected by header: ${filePath} (${buf.length} bytes)`);
474
502
  return filePath;
475
503
  }
package/index.ts CHANGED
@@ -29,3 +29,4 @@ export * from "./src/api.js";
29
29
  export * from "./src/config.js";
30
30
  export * from "./src/gateway.js";
31
31
  export * from "./src/outbound.js";
32
+ export * from "./src/transport/index.js";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tencent-connect/openclaw-qqbot",
3
- "version": "1.7.1",
3
+ "version": "1.7.2",
4
4
  "publishConfig": {
5
5
  "access": "public"
6
6
  },
@@ -110,6 +110,50 @@ if (!openclawRoot) {
110
110
  }
111
111
  }
112
112
 
113
+ // Strategy 4: pnpm global installation
114
+ // pnpm stores globals in ~/Library/pnpm/global/<ver>/.pnpm/<pkg>@<version>.../node_modules/<pkg>
115
+ // or resolves via `pnpm root -g`
116
+ if (!openclawRoot) {
117
+ // 4a: try `pnpm root -g`
118
+ try {
119
+ const pnpmGlobalRoot = execSync("pnpm root -g", { encoding: "utf-8" }).trim();
120
+ for (const name of CLI_NAMES) {
121
+ const candidate = join(pnpmGlobalRoot, name);
122
+ if (existsSync(join(candidate, "package.json"))) {
123
+ openclawRoot = candidate;
124
+ break;
125
+ }
126
+ }
127
+ } catch {}
128
+
129
+ // 4b: resolve from the real binary path into .pnpm store
130
+ if (!openclawRoot) {
131
+ const whichCmd = process.platform === "win32" ? "where" : "which";
132
+ for (const name of CLI_NAMES) {
133
+ try {
134
+ const bin = execSync(`${whichCmd} ${name}`, { encoding: "utf-8" }).trim().split("\n")[0];
135
+ if (!bin) continue;
136
+ const realBin = realpathSync(bin);
137
+ // pnpm bin layout: .../node_modules/.pnpm/<pkg>@<ver>.../node_modules/<pkg>/dist/bin.js
138
+ // or .../node_modules/<pkg>/dist/bin.js (hoisted)
139
+ // Walk up to find node_modules/<name>/package.json
140
+ let dir = dirname(realBin);
141
+ for (let i = 0; i < 8; i++) {
142
+ const candidate = join(dir, "node_modules", name);
143
+ if (existsSync(join(candidate, "package.json"))) {
144
+ openclawRoot = candidate;
145
+ break;
146
+ }
147
+ const parent = dirname(dir);
148
+ if (parent === dir) break;
149
+ dir = parent;
150
+ }
151
+ if (openclawRoot) break;
152
+ } catch {}
153
+ }
154
+ }
155
+ }
156
+
113
157
  if (!openclawRoot) {
114
158
  // Not fatal — plugin may work if openclaw loads it with proper alias resolution
115
159
  // But log a warning so upgrade scripts can detect the failure