npm - @vrs-soft/wecom-aibot-mcp - Versions diffs - 3.3.3 → 3.4.0 - Mend

@vrs-soft/wecom-aibot-mcp 3.3.3 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/channel-server.js +5 -27
package/dist/config-wizard.js +42 -378
package/dist/hooks/permission-hook.js +7 -0
package/dist/hooks/stop-hook.js +4 -0
package/dist/project-config.d.ts +2 -0
package/dist/project-config.js +9 -4
package/package.json +1 -1

package/dist/channel-server.js CHANGED Viewed

@@ -14,11 +14,14 @@ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
 import { z } from 'zod';
 import * as fs from 'fs';
 import * as path from 'path';
-import { execSync } from 'child_process';
 import { VERSION, installSkill } from './config-wizard.js';
 import { addPermissionHook, registerActiveProject, unregisterActiveProject, updateWechatModeConfig, loadWechatModeConfig } from './project-config.js';
+import { findClaudePid } from './platform.js';
 import { logger } from './logger.js';
 /**
+ * v3.4.0: findClaudePid 移到 src/platform.ts（跨平台 wmic / ps），下方旧实现保留为参考
+ *         但已经不再使用 —— 调用点 import 自 platform.js
+ *
  * 沿进程树向上查找 Claude Code TUI 的 PID。
  *
  * 背景：本地 dev (`command: "node"`) 时 channel-server 是 Claude TUI 的直接子进程，
@@ -32,32 +35,7 @@ import { logger } from './logger.js';
  * 此函数从 startPid 起向上遍历，找到第一个命令名为 "claude" 的进程，返回其 PID。
  * 找不到时回退到 startPid（保持旧行为，至少 dev 场景不退化）。
  */
-function findClaudePid(startPid) {
-    let pid = startPid;
-    for (let i = 0; i < 8; i++) {
-        if (!pid || pid <= 1)
-            break;
-        try {
-            const comm = execSync(`ps -p ${pid} -o comm=`, { stdio: ['ignore', 'pipe', 'ignore'] })
-                .toString()
-                .trim();
-            // ps comm= 返回执行文件 basename。Claude Code TUI 安装名就是 "claude"
-            if (comm === 'claude' || comm.endsWith('/claude'))
-                return pid;
-            const ppidStr = execSync(`ps -p ${pid} -o ppid=`, { stdio: ['ignore', 'pipe', 'ignore'] })
-                .toString()
-                .trim();
-            const ppid = parseInt(ppidStr, 10);
-            if (!ppid || ppid === pid)
-                break;
-            pid = ppid;
-        }
-        catch {
-            break;
-        }
-    }
-    return startPid;
-}
+// 实现已迁移到 src/platform.ts（跨平台 wmic / ps），见 import { findClaudePid }
 const MCP_URL = process.env.MCP_URL || 'http://127.0.0.1:18963';
 const MCP_AUTH_TOKEN = process.env.MCP_AUTH_TOKEN;
 // ============================================

package/dist/config-wizard.js CHANGED Viewed

@@ -18,8 +18,13 @@ const VERSION_FILE = path.join(CONFIG_DIR, 'version.json');
 const SERVER_CONFIG_FILE = path.join(CONFIG_DIR, 'server.json');
 const CLAUDE_CONFIG_FILE = path.join(os.homedir(), '.claude.json');
 const CLAUDE_SETTINGS_FILE = path.join(os.homedir(), '.claude', 'settings.local.json');
-const HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'permission-hook.sh');
-const STOP_HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'stop-hook.sh');
+// v3.4.0: hook 改 Node.js 实现，安装为 .mjs（hook 安装目录无 package.json，
+// 用 .js 会被 node 当 CommonJS，源文件的 import 语法报错）
+const HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'permission-hook.mjs');
+const STOP_HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'stop-hook.mjs');
+// 旧路径（v3.3.x 及以前），安装时清理
+const HOOK_SCRIPT_PATH_LEGACY = path.join(CONFIG_DIR, 'permission-hook.sh');
+const STOP_HOOK_SCRIPT_PATH_LEGACY = path.join(CONFIG_DIR, 'stop-hook.sh');
 // Skill 模板路径（包内）- 使用 fileURLToPath 确保跨平台兼容
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -179,389 +184,48 @@ export function uninstall() {
 }
 // 生成并写入 hook 脚本（HTTP Transport 版本）
 function writeHookScript() {
-    const script = `#!/bin/bash
-# wecom-aibot-mcp PermissionRequest hook
-# HTTP Transport 版本
-#
-# 固定端口: 18963
-# 通过 PID 树查 ~/.wecom-aibot-mcp/active-projects.json 匹配项目，读 wechatMode 开关
-MCP_PORT=18963
-# 先保存输入（只能读一次）
-INPUT=$(cat)
-# 日志输出：--debug 模式下输出到 stderr，否则静默
-DEBUG_FILE="$HOME/.wecom-aibot-mcp/debug"
-log_debug() {
-  if [[ -f "$DEBUG_FILE" ]]; then
-    echo "$1" >&2
-  fi
-}
-log_debug "[$(date)] Hook called. TOOL_NAME: $(echo "$INPUT" | jq -r '.tool_name')"
-TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // empty')
-# MCP 工具本身不需要拦截
-if [[ "$TOOL_NAME" == mcp__* ]]; then
-  log_debug "[$(date)] Allowed: MCP tool"
-  printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"allow"}}}'
-  exit 0
-fi
-# 只读工具不需要拦截
-case "$TOOL_NAME" in
-  Read|Glob|Grep|LS|TaskList|TaskGet|TaskOutput|TaskStop|CronList|CronCreate|CronDelete|AskUserQuestion|Skill|ListMcpResourcesTool|EnterPlanMode|ExitPlanMode|WebSearch|WebFetch|NotebookEdit)
-    log_debug "[$(date)] Allowed: read-only tool"
-    printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"allow"}}}'
-    exit 0
-    ;;
-esac
-# 通过进程树匹配活跃项目（以 Claude 进程为准，不依赖 pwd）
-ACTIVE_INDEX="$HOME/.wecom-aibot-mcp/active-projects.json"
-log_debug "[$(date)] Checking active-projects index via PID tree (pid=$$, ppid=$PPID)"
-if [[ ! -f "$ACTIVE_INDEX" ]]; then
-  log_debug "[$(date)] No active-projects index, exit 0"
-  exit 0
-fi
-# 沿进程树向上查找，深度 8 层
-PROJECT_DIR=""
-SEARCH_PID=$PPID
-for i in {1..8}; do
-  if [[ -z "$SEARCH_PID" ]] || [[ "$SEARCH_PID" -le 1 ]]; then
-    break
-  fi
-  MATCH=$(jq -r --argjson p "$SEARCH_PID" '.[] | select(.pid==$p) | .projectDir' "$ACTIVE_INDEX" 2>/dev/null)
-  if [[ -n "$MATCH" ]]; then
-    PROJECT_DIR="$MATCH"
-    log_debug "[$(date)] Found project via PID $SEARCH_PID (depth $i): $PROJECT_DIR"
-    break
-  fi
-  SEARCH_PID=$(ps -o ppid= -p "$SEARCH_PID" 2>/dev/null | tr -d ' ')
-done
-if [[ -z "$PROJECT_DIR" ]]; then
-  log_debug "[$(date)] No PID match in process tree, exit 0"
-  exit 0
-fi
-CONFIG_FILE="$PROJECT_DIR/.claude/wecom-aibot.json"
-log_debug "[$(date)] Found project: $PROJECT_DIR"
-# 配置文件不存在，不在微信模式
-if [[ ! -f "$CONFIG_FILE" ]]; then
-  log_debug "[$(date)] No wecom-aibot.json config, exit 0"
-  exit 0
-fi
-# 检查 wechatMode 是否为 true（微信模式开关）
-WECHAT_MODE=$(jq -r '.wechatMode // false' "$CONFIG_FILE" 2>/dev/null)
-log_debug "[$(date)] wechatMode: $WECHAT_MODE"
-if [[ "$WECHAT_MODE" != "true" ]]; then
-  log_debug "[$(date)] wechatMode not true, exit 0"
-  exit 0
-fi
-# 确定 MCP Server 地址
-# channel 模式直接使用远程地址，http 模式先试本地再回退远程
-MODE=$(jq -r '.mode // "http"' "$CONFIG_FILE" 2>/dev/null)
-MCP_BASE_URL="http://127.0.0.1:$MCP_PORT"
-AUTH_ARGS=()
-# v3.3.3: 远端 daemon 用自签 / Let's Encrypt cert 时若过期或被信任链拒绝，会让 curl 静默失败。
-#         hook 已经用 Bearer token 鉴权，TLS 只是传输加密，因此 https URL 一律加 -k 跳过 cert 校验。
-TLS_OPTS=()
-_try_remote() {
-  CLAUDE_JSON="$HOME/.claude.json"
-  if [[ ! -f "$CLAUDE_JSON" ]]; then
-    log_debug "[$(date)] No ~/.claude.json found, exit 0"
-    exit 0
-  fi
-  REMOTE_URL=$(jq -r '.mcpServers["wecom-aibot-channel"].env.MCP_URL // empty' "$CLAUDE_JSON" 2>/dev/null)
-  REMOTE_TOKEN=$(jq -r '.mcpServers["wecom-aibot-channel"].env.MCP_AUTH_TOKEN // empty' "$CLAUDE_JSON" 2>/dev/null)
-  if [[ -z "$REMOTE_URL" ]]; then
-    log_debug "[$(date)] No remote URL configured, exit 0"
-    exit 0
-  fi
-  # v3.3.3: 远端 https 时 -k 跳 cert 校验（cert 过期/不可信不再卡死 hook）
-  if [[ "$REMOTE_URL" == https://* ]]; then
-    TLS_OPTS=(-k)
-  fi
-  REMOTE_HEALTH=$(curl -s -m 5 "\${TLS_OPTS[@]}" \${REMOTE_TOKEN:+-H "Authorization: Bearer $REMOTE_TOKEN"} "$REMOTE_URL/health" 2>/dev/null)
-  log_debug "[$(date)] Remote health check ($REMOTE_URL): $REMOTE_HEALTH"
-  if echo "$REMOTE_HEALTH" | jq -e '.status == "ok"' > /dev/null 2>&1; then
-    MCP_BASE_URL="$REMOTE_URL"
-    [[ -n "$REMOTE_TOKEN" ]] && AUTH_ARGS=(-H "Authorization: Bearer $REMOTE_TOKEN")
-    log_debug "[$(date)] Using remote server: $MCP_BASE_URL"
-  else
-    log_debug "[$(date)] Remote health check failed, exit 0"
-    exit 0
-  fi
-}
-if [[ "$MODE" == "channel" ]]; then
-  # channel 模式：直接使用远程地址，跳过本地检查
-  log_debug "[$(date)] Channel mode, using remote server directly"
-  _try_remote
-else
-  # http 模式：本地优先，失败则尝试远程
-  HEALTH=$(curl -s -m 2 "$MCP_BASE_URL/health" 2>/dev/null)
-  log_debug "[$(date)] Local health check: $HEALTH"
-  if ! echo "$HEALTH" | jq -e '.status == "ok"' > /dev/null 2>&1; then
-    log_debug "[$(date)] Local server not available, trying remote channel config..."
-    _try_remote
-  fi
-fi
-# 读取当前项目使用的机器人名称和 ccId
-ROBOT_NAME=$(jq -r '.robotName // empty' "$CONFIG_FILE" 2>/dev/null)
-CC_ID=$(jq -r '.ccId // empty' "$CONFIG_FILE" 2>/dev/null)
-# 发送审批请求（使用 pwd 作为 projectDir）
-TOOL_INPUT=$(echo "$INPUT" | jq -c '.tool_input // {}')
-BODY=$(jq -n --arg tool_name "$TOOL_NAME" --argjson tool_input "$TOOL_INPUT" --arg project_dir "$PROJECT_DIR" --arg robot_name "$ROBOT_NAME" --arg cc_id "$CC_ID" \\
-  '{"tool_name":$tool_name,"tool_input":$tool_input,"projectDir":$project_dir,"robotName":$robot_name,"ccId":$cc_id}')
-log_debug "[$(date)] Sending approval request..."
-RESPONSE=$(curl -s -m 10 "\${TLS_OPTS[@]}" -X POST "$MCP_BASE_URL/approve" \\
-  "\${AUTH_ARGS[@]}" \\
-  -H "Content-Type: application/json" \\
-  -d "$BODY")
-log_debug "[$(date)] Approval response: $RESPONSE"
-TASK_ID=$(echo "$RESPONSE" | jq -r '.taskId // empty')
-if [[ -z "$TASK_ID" ]]; then
-  log_debug "[$(date)] No taskId, exit 0"
-  exit 0
-fi
-log_debug "[$(date)] Waiting for approval, taskId: $TASK_ID"
-# 轮询审批结果（带超时：从配置读取）
-AUTO_APPROVE_TIMEOUT=$(jq -r '.autoApproveTimeout // 300' "$CONFIG_FILE" 2>/dev/null)
-# 超时时间（秒），转换为轮询次数（每次 sleep 2秒）
-# 使用向上取整补偿整数截断：MAX_POLL = ceil(timeout/2) = (timeout+1)/2
-MAX_POLL=$(( (AUTO_APPROVE_TIMEOUT + 1) / 2 ))
-if [[ $MAX_POLL -lt 1 ]]; then
-  MAX_POLL=1
-fi
-POLL_COUNT=0
-log_debug "[$(date)] autoApproveTimeout: $AUTO_APPROVE_TIMEOUT seconds, MAX_POLL: $MAX_POLL (actual wait: ~$((MAX_POLL * 2))s)"
-while [[ $POLL_COUNT -lt $MAX_POLL ]]; do
-  sleep 2
-  POLL_COUNT=$((POLL_COUNT + 1))
-  STATUS=$(curl -s -m 3 "\${TLS_OPTS[@]}" "\${AUTH_ARGS[@]}" "$MCP_BASE_URL/approval_status/$TASK_ID" 2>/dev/null)
-  RESULT=$(echo "$STATUS" | jq -r '.result // empty')
-  log_debug "[$(date)] Poll $POLL_COUNT/$MAX_POLL: result=$RESULT"
-  if [[ "$RESULT" == "allow-once" || "$RESULT" == "allow-always" ]]; then
-    log_debug "[$(date)] Approved by user"
-    printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"allow"}}}'
-    exit 0
-  elif [[ "$RESULT" == "deny" ]]; then
-    log_debug "[$(date)] Denied by user"
-    printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"deny","message":"用户拒绝"}}}'
-    exit 0
-  fi
-done
-log_debug "[$(date)] Timeout reached, executing smart auto-approval"
-# 超时处理：必须立即决策，Claude Code 的 hook timeout 会杀掉阻塞进程。
-# 规则：删除命令→拒绝，项目内操作→允许，项目外操作→拒绝
-# 检查是否是删除命令（仅匹配命令行本身，不匹配 heredoc 内容）
-IS_DELETE=0
-if [[ "$TOOL_NAME" == "Bash" ]]; then
-  # 只取命令的第一行（避免 heredoc 内容干扰）
-  FIRST_LINE=$(echo "$TOOL_INPUT" | jq -r '.command // empty' | head -1)
-  log_debug "[$(date)] Checking delete: FIRST_LINE=$FIRST_LINE"
-  if [[ "$FIRST_LINE" == rm\\ * ]] || [[ "$FIRST_LINE" == rm ]] \\
-     || echo "$FIRST_LINE" | grep -qE '(^|[;&|(] *)(rm |rmdir )'; then
-    IS_DELETE=1
-  fi
-fi
-log_debug "[$(date)] IS_DELETE: $IS_DELETE"
-# 删除操作 → 永远拒绝
-if [[ $IS_DELETE -eq 1 ]]; then
-  log_debug "[$(date)] Auto-deny: delete operation"
-  # 通知 MCP Server 发送微信消息
-  curl -s -m 5 "\${TLS_OPTS[@]}" -X POST "$MCP_BASE_URL/approval_timeout/$TASK_ID" "\${AUTH_ARGS[@]}" -H "Content-Type: application/json" -d '{"result":"deny","reason":"超时自动拒绝：删除操作需人工确认"}' > /dev/null 2>&1 &
-  printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"deny","message":"超时自动拒绝：删除操作需人工确认"}}}'
-  exit 0
-fi
-# 检查操作路径是否在项目内
-IS_IN_PROJECT=0
-case "$TOOL_NAME" in
-  Bash)
-    CMD=$(echo "$TOOL_INPUT" | jq -r '.command // empty')
-    EXEC_CWD=$(pwd)
-    log_debug "[$(date)] Bash CMD=$CMD, EXEC_CWD=$EXEC_CWD"
-    if [[ "$CMD" == *"$PROJECT_DIR"* ]]; then
-      # 明确包含项目路径 → 项目内
-      IS_IN_PROJECT=1
-    elif echo "$CMD" | grep -qE '(^|[ \t])/[a-zA-Z0-9]'; then
-      # 含有绝对路径：过滤掉项目路径和安全系统目录，看是否还有真正的项目外路径
-      OUTSIDE=$(echo "$CMD" | grep -oE '(^| )/[a-zA-Z0-9][^ \t>|;&]*' | tr -d ' ' \
-        | grep -v "^$PROJECT_DIR" \
-        | grep -vE '^(/tmp/|/var/tmp/|/dev/null|/dev/stdin|/dev/stdout|/dev/stderr|/dev/fd/)')
-      if [[ -z "$OUTSIDE" ]]; then
-        # 绝对路径全是项目内或安全临时目录 → 以执行位置为准
-        log_debug "[$(date)] Only safe abs paths, checking EXEC_CWD: $EXEC_CWD"
-        if [[ "$EXEC_CWD" == "$PROJECT_DIR"* ]]; then
-          IS_IN_PROJECT=1
-        fi
-      else
-        log_debug "[$(date)] Outside abs path detected: $OUTSIDE"
-        IS_IN_PROJECT=0
-      fi
-    else
-      # 无绝对路径（相对路径或纯命令如 npm/git）→ 以执行位置为准
-      log_debug "[$(date)] No absolute path, checking EXEC_CWD: $EXEC_CWD"
-      if [[ "$EXEC_CWD" == "$PROJECT_DIR"* ]]; then
-        IS_IN_PROJECT=1
-      fi
-    fi
-    ;;
-  Write|Edit)
-    FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // empty')
-    if [[ "$FILE_PATH" == "$PROJECT_DIR"* ]] || [[ "$FILE_PATH" != /* ]]; then
-      IS_IN_PROJECT=1
-    fi
-    ;;
-  *)
-    FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // .path // .directory // empty')
-    if [[ -n "$FILE_PATH" ]]; then
-      if [[ "$FILE_PATH" == "$PROJECT_DIR"* ]] || [[ "$FILE_PATH" != /* ]]; then
-        IS_IN_PROJECT=1
-      fi
-    fi
-    ;;
-esac
-log_debug "[$(date)] IS_IN_PROJECT: $IS_IN_PROJECT"
-# 根据项目内/外决策
-if [[ $IS_IN_PROJECT -eq 1 ]]; then
-  log_debug "[$(date)] Auto-allow: project operation"
-  # 通知 MCP Server 发送微信消息
-  curl -s -m 5 "\${TLS_OPTS[@]}" -X POST "$MCP_BASE_URL/approval_timeout/$TASK_ID" "\${AUTH_ARGS[@]}" -H "Content-Type: application/json" -d '{"result":"allow-once","reason":"超时自动允许：项目内操作"}' > /dev/null 2>&1 &
-  printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"allow","message":"超时自动允许：项目内操作"}}}'
-else
-  log_debug "[$(date)] Auto-deny: outside project"
-  # 通知 MCP Server 发送微信消息
-  curl -s -m 5 "\${TLS_OPTS[@]}" -X POST "$MCP_BASE_URL/approval_timeout/$TASK_ID" "\${AUTH_ARGS[@]}" -H "Content-Type: application/json" -d '{"result":"deny","reason":"超时自动拒绝：项目外操作需人工确认"}' > /dev/null 2>&1 &
-  printf '%s\\n' '{"hookSpecificOutput":{"hookEventName":"PermissionRequest","decision":{"behavior":"deny","message":"超时自动拒绝：项目外操作需人工确认"}}}'
-fi
-`;
+    // v3.4.0: 从 dist/hooks/ 拷贝预编译的 .js 替代旧 bash 模板
     ensureConfigDir();
-    fs.writeFileSync(HOOK_SCRIPT_PATH, script, { mode: 0o755 });
+    const src = path.join(__dirname, 'hooks', 'permission-hook.js');
+    if (!fs.existsSync(src)) {
+        console.log('[config] ⚠️ 找不到 hook 源文件，跳过:', src);
+        return;
+    }
+    fs.copyFileSync(src, HOOK_SCRIPT_PATH);
+    try {
+        fs.chmodSync(HOOK_SCRIPT_PATH, 0o755);
+    }
+    catch { /* Windows 无 exec bit，忽略 */ }
+    // 清理 v3.3.x 及以前的 .sh 残留
+    if (fs.existsSync(HOOK_SCRIPT_PATH_LEGACY)) {
+        try {
+            fs.unlinkSync(HOOK_SCRIPT_PATH_LEGACY);
+        }
+        catch { /* ignore */ }
+    }
     console.log(`[config] Hook 脚本已写入: ${HOOK_SCRIPT_PATH}`);
 }
 // 生成并写入 Stop hook 脚本
 // HTTP 模式使用：阻止 Claude 停止，提示调用 get_pending_messages 恢复轮询
 function writeStopHookScript() {
-    const script = `#!/bin/bash
-# wecom-aibot-mcp Stop hook
-# HTTP 模式使用：阻止 Claude 停止，提示调用 get_pending_messages 恢复轮询
-#
-# 固定端口: 18963
-# 只检查 $(pwd)/.claude/wecom-aibot.json 的 wechatMode 字段
-MCP_PORT=18963
-# 先保存输入（Stop 事件数据）
-INPUT=$(cat)
-# 日志输出：--debug 模式下输出到 stderr，否则静默
-DEBUG_FILE="$HOME/.wecom-aibot-mcp/debug"
-log_debug() {
-  if [[ -f "$DEBUG_FILE" ]]; then
-    echo "$1" >&2
-  fi
-}
-log_debug "[$(date)] Stop hook called. INPUT: \${INPUT:0:200}"
-# 检查项目目录的微信模式配置文件
-PROJECT_DIR=$(pwd)
-CONFIG_FILE="$PROJECT_DIR/.claude/wecom-aibot.json"
-log_debug "[$(date)] Checking config: $CONFIG_FILE"
-# 配置文件不存在，不在微信模式，允许停止
-if [[ ! -f "$CONFIG_FILE" ]]; then
-  log_debug "[$(date)] No config file, exit 0 (allow stop)"
-  exit 0
-fi
-# 检查 wechatMode 是否为 true（微信模式开关）
-WECHAT_MODE=$(jq -r '.wechatMode // false' "$CONFIG_FILE" 2>/dev/null)
-log_debug "[$(date)] wechatMode: $WECHAT_MODE"
-if [[ "$WECHAT_MODE" != "true" ]]; then
-  log_debug "[$(date)] wechatMode not true, exit 0 (allow stop)"
-  exit 0
-fi
-# 确定 MCP Server 地址（本地优先，失败则尝试远程 channel 配置）
-MCP_BASE_URL="http://127.0.0.1:$MCP_PORT"
-AUTH_ARGS=()
-HEALTH=$(curl -s -m 2 "$MCP_BASE_URL/health" 2>/dev/null)
-log_debug "[$(date)] Local health check: $HEALTH"
-if ! echo "$HEALTH" | jq -e '.status == "ok"' > /dev/null 2>&1; then
-  CLAUDE_JSON="$HOME/.claude.json"
-  if [[ -f "$CLAUDE_JSON" ]]; then
-    REMOTE_URL=$(jq -r '.mcpServers["wecom-aibot-channel"].env.MCP_URL // empty' "$CLAUDE_JSON" 2>/dev/null)
-    REMOTE_TOKEN=$(jq -r '.mcpServers["wecom-aibot-channel"].env.MCP_AUTH_TOKEN // empty' "$CLAUDE_JSON" 2>/dev/null)
-    if [[ -n "$REMOTE_URL" ]]; then
-      REMOTE_HEALTH=$(curl -s -m 5 \${REMOTE_TOKEN:+-H "Authorization: Bearer $REMOTE_TOKEN"} "$REMOTE_URL/health" 2>/dev/null)
-      if echo "$REMOTE_HEALTH" | jq -e '.status == "ok"' > /dev/null 2>&1; then
-        MCP_BASE_URL="$REMOTE_URL"
-        [[ -n "$REMOTE_TOKEN" ]] && AUTH_ARGS=(-H "Authorization: Bearer $REMOTE_TOKEN")
-        log_debug "[$(date)] Using remote server: $MCP_BASE_URL"
-      else
-        log_debug "[$(date)] MCP Server offline, exit 0 (allow stop)"
-        exit 0
-      fi
-    else
-      log_debug "[$(date)] MCP Server offline, exit 0 (allow stop)"
-      exit 0
-    fi
-  else
-    log_debug "[$(date)] MCP Server offline, exit 0 (allow stop)"
-    exit 0
-  fi
-fi
-# 获取 ccId
-CC_ID=$(jq -r '.ccId // empty' "$CONFIG_FILE" 2>/dev/null)
-log_debug "[$(date)] ccId: $CC_ID"
-if [[ -z "$CC_ID" ]]; then
-  log_debug "[$(date)] No ccId in config, exit 0 (allow stop)"
-  exit 0
-fi
-# 处于微信模式，需要恢复轮询
-# 使用 exit code 2 阻止停止，并提示 Claude 调用 MCP 工具
-log_debug "[$(date)] ✅ WeChat mode active, blocking stop to resume polling"
-log_debug "[$(date)] ccId=$CC_ID, will prompt Claude to call get_pending_messages"
-echo "任务已完成，请调用 mcp__wecom-aibot__get_pending_messages(cc_id=\"$CC_ID\", timeout_ms=30000) 恢复微信消息轮询" >&2
-exit 2
-`;
+    // v3.4.0: 同上，从 dist/hooks/ 拷贝预编译的 .js
     ensureConfigDir();
-    fs.writeFileSync(STOP_HOOK_SCRIPT_PATH, script, { mode: 0o755 });
+    const src = path.join(__dirname, 'hooks', 'stop-hook.js');
+    if (!fs.existsSync(src)) {
+        console.log('[config] ⚠️ 找不到 stop-hook 源文件，跳过:', src);
+        return;
+    }
+    fs.copyFileSync(src, STOP_HOOK_SCRIPT_PATH);
+    try {
+        fs.chmodSync(STOP_HOOK_SCRIPT_PATH, 0o755);
+    }
+    catch { /* ignore */ }
+    if (fs.existsSync(STOP_HOOK_SCRIPT_PATH_LEGACY)) {
+        try {
+            fs.unlinkSync(STOP_HOOK_SCRIPT_PATH_LEGACY);
+        }
+        catch { /* ignore */ }
+    }
     console.log(`[config] Stop Hook 脚本已写入: ${STOP_HOOK_SCRIPT_PATH}`);
 }
 // 写入 MCP 工具权限到 Claude settings

package/dist/hooks/permission-hook.js CHANGED Viewed

@@ -16,7 +16,14 @@
  *   6. 超时（autoApproveTimeout）→ 智能策略：
  *      - rm 命令 → 拒
  *      - 项目内 → 允许，项目外 → 拒
+ *
+ * v3.4.0 起替代 permission-hook.sh：去掉 jq / bash / curl / ps / grep 外部依赖，
+ * 跨平台（Windows wmic / Unix ps），方便部署到没装 jq 的机器（如 jorry）。
  */
+// v3.4.0: daemon HTTPS 用 Let's Encrypt 自签或过期时 fetch 会拒，hook 走 Bearer
+// token 鉴权，TLS 只是传输层加密，跳过 cert 校验更稳。设到环境变量是为了影响
+// 整个 node 进程的全局 fetch / undici 行为。
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';

package/dist/hooks/stop-hook.js CHANGED Viewed

@@ -4,7 +4,11 @@
  *
  * Claude 准备停止时触发。如果当前项目处于微信模式，输出 exit code 2 阻止停止，
  * 同时通过 stderr 提示 Claude 调用 get_pending_messages 恢复轮询。
+ *
+ * v3.4.0 起替代 stop-hook.sh：去掉 jq / bash / curl 依赖，跨平台。
  */
+// v3.4.0: 同 permission-hook —— 跳过 TLS cert 校验（Bearer token 提供身份）
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';

package/dist/project-config.d.ts CHANGED Viewed

@@ -116,6 +116,8 @@ export declare function validateConfig(config: Partial<ProjectConfig>): boolean;
 export declare function getProjectSettingsPath(projectDir: string): string;
 export declare const PERMISSION_HOOK_SCRIPT_PATH: string;
 export declare const STOP_HOOK_SCRIPT_PATH: string;
+export declare const PERMISSION_HOOK_SCRIPT_PATH_LEGACY: string;
+export declare const STOP_HOOK_SCRIPT_PATH_LEGACY: string;
 /**
  * 添加 PermissionRequest hook 到项目 settings.json
  */

package/dist/project-config.js CHANGED Viewed

@@ -251,16 +251,21 @@ export function getProjectSettingsPath(projectDir) {
 }
 // ============================================
 // Hook 脚本路径（统一定义）
+// v3.4.0: hook 改为 Node.js 实现 —— 去 jq/bash/curl 外部依赖，跨平台
 // ============================================
 const CONFIG_DIR = path.join(os.homedir(), '.wecom-aibot-mcp');
-export const PERMISSION_HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'permission-hook.sh');
-export const STOP_HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'stop-hook.sh');
+export const PERMISSION_HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'permission-hook.mjs');
+export const STOP_HOOK_SCRIPT_PATH = path.join(CONFIG_DIR, 'stop-hook.mjs');
+// v3.4.0 前的旧路径，安装新版本时一并删掉残留
+export const PERMISSION_HOOK_SCRIPT_PATH_LEGACY = path.join(CONFIG_DIR, 'permission-hook.sh');
+export const STOP_HOOK_SCRIPT_PATH_LEGACY = path.join(CONFIG_DIR, 'stop-hook.sh');
 /**
  * PermissionRequest hook 配置
+ * v3.4.0+: command 改为 `node "..."`，双引号包路径以兼容含空格的 Windows 路径
  */
 const PERMISSION_HOOK = {
     matcher: '',
-    hooks: [{ type: 'command', command: PERMISSION_HOOK_SCRIPT_PATH, timeout: 3600 }],
+    hooks: [{ type: 'command', command: `node "${PERMISSION_HOOK_SCRIPT_PATH}"`, timeout: 3600 }],
 };
 /**
  * Stop hook 配置
@@ -268,7 +273,7 @@ const PERMISSION_HOOK = {
  */
 const STOP_HOOK = {
     matcher: '',
-    hooks: [{ type: 'command', command: STOP_HOOK_SCRIPT_PATH }],
+    hooks: [{ type: 'command', command: `node "${STOP_HOOK_SCRIPT_PATH}"` }],
 };
 /**
  * 进入微信模式时默认预批的 MCP 工具通配（避免每次都走 hook 增加延迟）

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vrs-soft/wecom-aibot-mcp",
-  "version": "3.3.3",
+  "version": "3.4.0",
   "description": "企业微信智能机器人 MCP 客户端 - 连接 wecom-aibot-server daemon",
   "type": "module",
   "main": "dist/index.js",