@wu529778790/open-im 1.8.1-beta.9 → 1.8.2

package/dist/access/access-control.js

@@ -8,7 +8,7 @@ export class AccessControl {
     }
     isAllowed(userId) {
         if (this.allowedUserIds.size === 0) {
-            log.debug(`Allowing user ${userId} (no whitelist configured)`);
+            log.warn(`Allowing user ${userId} — no whitelist configured. Set allowedUserIds to restrict access.`);
             return true;
         }
         const allowed = this.allowedUserIds.has(userId);

package/dist/adapters/claude-sdk-adapter.js

@@ -16,6 +16,21 @@ const log = createLogger('ClaudeSDK');
 const activeSessions = new Map();
 // 存储正在进行的流式迭代器，用于中断
 const activeStreams = new Set();
+// Mutex to serialize process.chdir() calls across concurrent users
+let chdirMutex = Promise.resolve();
+function withChdirMutex(fn) {
+    const previous = chdirMutex;
+    let resolve;
+    chdirMutex = new Promise((r) => { resolve = r; });
+    return previous.then(() => {
+        try {
+            return fn();
+        }
+        finally {
+            resolve();
+        }
+    });
+}
 function isStreamEvent(msg) {
     return msg.type === 'stream_event';
 }
@@ -37,39 +52,51 @@ function isResult(msg) {
  * @param permissionMode 权限模式
  * @returns SDKSession 对象和实际的 sessionId
  */
-async function getOrCreateSession(sessionId, _workDir, // 保留参数以备将来使用
-model, permissionMode) {
+async function getOrCreateSession(sessionId, workDir, model, permissionMode) {
     const resolvedModel = model?.trim() || 'claude-opus-4-5';
     const sessionOptions = {
         model: resolvedModel,
         permissionMode,
-        // 可以添加其他选项，如 hooks, allowedTools 等
     };
     const baseUrl = process.env.ANTHROPIC_BASE_URL ?? '(default)';
-    log.info(`[V2] getOrCreateSession model param=${String(model ?? '')} resolved=${resolvedModel} baseUrl=${baseUrl}`);
-    let session;
-    if (sessionId) {
-        // 尝试恢复已有会话
+    log.info(`[V2] getOrCreateSession model param=${String(model ?? '')} resolved=${resolvedModel} baseUrl=${baseUrl} workDir=${workDir}`);
+    // Use mutex to serialize process.chdir() calls across concurrent users
+    return withChdirMutex(() => {
+        let session;
+        const originalCwd = process.cwd();
         try {
-            log.info(`Attempting to resume session: ${sessionId}`);
-            session = unstable_v2_resumeSession(sessionId, sessionOptions);
-            activeSessions.set(sessionId, session);
-            log.info(`Successfully resumed session: ${sessionId}`);
-            return { session, sessionId };
+            if (workDir && workDir !== originalCwd) {
+                process.chdir(workDir);
+            }
+            if (sessionId) {
+                // 尝试恢复已有会话
+                try {
+                    log.info(`Attempting to resume session: ${sessionId}`);
+                    session = unstable_v2_resumeSession(sessionId, sessionOptions);
+                    activeSessions.set(sessionId, session);
+                    log.info(`Successfully resumed session: ${sessionId}`);
+                    return { session, sessionId };
+                }
+                catch (err) {
+                    log.warn(`Failed to resume session ${sessionId}, creating new one: ${err}`);
+                    // 恢复失败，创建新会话
+                }
+            }
+            // 创建新会话
+            session = unstable_v2_createSession(sessionOptions);
+            // 新会话的 sessionId 需要从第一个消息中获取
+            // 暂时返回 undefined，稍后在 init 消息中获取
+            const tempId = `pending-${Date.now()}`;
+            activeSessions.set(tempId, session);
+            log.info(`Created new session (tempId: ${tempId})`);
+            return { session, sessionId: tempId };
         }
-        catch (err) {
-            log.warn(`Failed to resume session ${sessionId}, creating new one: ${err}`);
-            // 恢复失败，创建新会话
+        finally {
+            if (workDir && workDir !== originalCwd) {
+                process.chdir(originalCwd);
+            }
         }
-    }
-    // 创建新会话
-    session = unstable_v2_createSession(sessionOptions);
-    // 新会话的 sessionId 需要从第一个消息中获取
-    // 暂时返回 undefined，稍后在 init 消息中获取
-    const tempId = `pending-${Date.now()}`;
-    activeSessions.set(tempId, session);
-    log.info(`Created new session (tempId: ${tempId})`);
-    return { session, sessionId: tempId };
+    });
 }
 export class ClaudeSDKAdapter {
     toolId = 'claude-sdk';
@@ -103,15 +130,8 @@ export class ClaudeSDKAdapter {
         const abortController = new AbortController();
         let streamClosed = false;
         let actualSessionId;
+        let pendingTempId; // 记录临时 ID，用于 abort 时清理
         let runSettled = false;
-        let timeoutId = null;
-        const timeoutMs = options?.timeoutMs ?? 600_000;
-        const clearRunTimeout = () => {
-            if (timeoutId !== null) {
-                clearTimeout(timeoutId);
-                timeoutId = null;
-            }
-        };
         const permissionMode = options?.skipPermissions
             ? 'bypassPermissions'
             : options?.permissionMode === 'acceptEdits'
@@ -120,15 +140,6 @@ export class ClaudeSDKAdapter {
                     ? 'plan'
                     : 'default';
         const runSession = async () => {
-            timeoutId = setTimeout(() => {
-                if (runSettled)
-                    return;
-                runSettled = true;
-                clearRunTimeout();
-                log.warn(`[ClaudeSDK] Request timeout after ${timeoutMs}ms`);
-                abortController.abort();
-                callbacks.onError(`请求超时（${Math.round(timeoutMs / 1000)}s），请重试或缩短问题。`);
-            }, timeoutMs);
             try {
                 // 检查环境变量
                 const hasApiKey = !!process.env.ANTHROPIC_API_KEY;
@@ -139,7 +150,10 @@ export class ClaudeSDKAdapter {
                 log.info(`[V2] Session: ${sessionId ?? 'new'}, prompt="${prompt.slice(0, 50)}..."`);
                 log.info(`[V2] model param=${String(options?.model ?? '')} baseUrl=${process.env.ANTHROPIC_BASE_URL ?? '(default)'}`);
                 // 获取或创建会话
-                const { session } = await getOrCreateSession(sessionId, workDir, options?.model, permissionMode);
+                const { session, sessionId: returnedId } = await getOrCreateSession(sessionId, workDir, options?.model, permissionMode);
+                if (returnedId.startsWith('pending-')) {
+                    pendingTempId = returnedId;
+                }
                 // 发送用户消息
                 await session.send(prompt);
                 // 获取响应流
@@ -205,7 +219,6 @@ export class ClaudeSDKAdapter {
                             // 检查会话错误
                             if (!success) {
                                 runSettled = true;
-                                clearRunTimeout();
                                 const noConvErr = errs.find((e) => e.includes('No conversation found') || e.includes('session not found'));
                                 if (noConvErr) {
                                     log.warn(`Session ${actualSessionId} not found, may need to create new one`);
@@ -233,25 +246,31 @@ export class ClaudeSDKAdapter {
                                 result.result = accumulated;
                             }
                             runSettled = true;
-                            clearRunTimeout();
                             callbacks.onComplete(result);
                             return;
                         }
                     }
                     // 如果流正常结束但没有收到 result 消息
-                    if (!streamClosed && accumulated) {
-                        log.info('Stream ended without result message, using accumulated text');
-                        runSettled = true;
-                        clearRunTimeout();
-                        callbacks.onComplete({
-                            success: true,
-                            result: accumulated,
-                            accumulated,
-                            cost: 0,
-                            durationMs: 0,
-                            numTurns: 1,
-                            toolStats,
-                        });
+                    if (!streamClosed) {
+                        if (accumulated) {
+                            log.info('Stream ended without result message, using accumulated text');
+                            runSettled = true;
+                            callbacks.onComplete({
+                                success: true,
+                                result: accumulated,
+                                accumulated,
+                                cost: 0,
+                                durationMs: 0,
+                                numTurns: 1,
+                                toolStats,
+                            });
+                        }
+                        else {
+                            // 流结束但无 result 也无 accumulated：必须触发回调，否则 Promise 永远挂起
+                            log.warn('Stream ended with no result and no accumulated text, calling onError to prevent stuck state');
+                            runSettled = true;
+                            callbacks.onError('AI 响应异常结束（无输出），请重试');
+                        }
                     }
                 }
                 finally {
@@ -262,16 +281,15 @@ export class ClaudeSDKAdapter {
             catch (err) {
                 if (abortController.signal.aborted) {
                     log.info('Session run aborted');
-                    clearRunTimeout();
-                    // 清理 pending tempId
-                    if (actualSessionId?.startsWith('pending-')) {
-                        activeSessions.delete(actualSessionId);
-                        log.info(`Cleaned up pending session: ${actualSessionId}`);
+                    // 清理 pending tempId（abort 可能在 init 消息之前发生）
+                    const idToClean = actualSessionId ?? pendingTempId;
+                    if (idToClean?.startsWith('pending-')) {
+                        activeSessions.delete(idToClean);
+                        log.info(`Cleaned up pending session: ${idToClean}`);
                     }
                     return;
                 }
                 runSettled = true;
-                clearRunTimeout();
                 const errorObj = err;
                 const msg = errorObj.message || String(err);
                 log.error(`Claude SDK V2 error: ${msg}`);
@@ -279,9 +297,10 @@ export class ClaudeSDKAdapter {
                     log.error(`Error stack: ${errorObj.stack}`);
                 }
                 // 清理 pending tempId（session 在获取真实 ID 前就失败了）
-                if (actualSessionId?.startsWith('pending-')) {
-                    activeSessions.delete(actualSessionId);
-                    log.info(`Cleaned up pending session after error: ${actualSessionId}`);
+                const errIdToClean = actualSessionId ?? pendingTempId;
+                if (errIdToClean?.startsWith('pending-')) {
+                    activeSessions.delete(errIdToClean);
+                    log.info(`Cleaned up pending session after error: ${errIdToClean}`);
                 }
                 callbacks.onError(msg);
             }

package/dist/cli.js

@@ -50,7 +50,7 @@ async function cmdStart() {
         console.log("\nopen-im is already running in the background.");
         console.log(`  pid: ${status.pid}`);
         console.log(`  config page: ${getWebConfigUrl()}`);
-        return;
+        process.exit(0);
     }
     if (!(await ensureConfigured("start"))) {
         process.exit(1);
@@ -67,17 +67,19 @@ async function cmdStart() {
         console.log("  A one-time login URL (with login_token) has been printed by the config-web server logger.");
         console.log("  Please use that URL (replacing 127.0.0.1 with your server IP/hostname) for the first login.");
     }
+    process.exit(0);
 }
 async function cmdStop() {
     const status = getManagerStatus();
     if (!status.pid) {
         console.log("open-im is not running in the background.");
-        return;
+        process.exit(0);
     }
     await stopBackgroundService();
     const result = await stopManagerProcess();
     console.log("\nopen-im stopped.");
     console.log(`  pid: ${result.pid}`);
+    process.exit(0);
 }
 async function cmdRestart() {
     const status = getManagerStatus();
@@ -98,6 +100,7 @@ async function cmdRestart() {
     console.log("\nopen-im restarted in the background.");
     console.log(`  pid: ${child.pid}`);
     console.log(`  config page: ${getWebConfigUrl()}`);
+    process.exit(0);
 }
 async function cmdInit() {
     console.log("\nopen-im CLI setup\n");

package/dist/commands/handler.d.ts

@@ -19,7 +19,6 @@ export declare class CommandHandler {
     private deps;
     constructor(deps: CommandHandlerDeps);
     dispatch(text: string, chatId: string, userId: string, platform: 'dingtalk' | 'feishu' | 'qq' | 'telegram' | 'wechat' | 'wework' | 'workbuddy', handleClaudeRequest: ClaudeRequestHandler): Promise<boolean>;
-    private getClearHistoryHint;
     private handleHelp;
     private handleNew;
     private handlePwd;

package/dist/commands/handler.js

@@ -16,9 +16,9 @@ export class CommandHandler {
             return true;
         }
         if (t === '/help')
-            return this.handleHelp(chatId, platform);
+            return this.handleHelp(chatId);
         if (t === '/new')
-            return this.handleNew(chatId, userId, platform);
+            return this.handleNew(chatId, userId);
         if (t === '/pwd')
             return this.handlePwd(chatId, userId);
         if (t === '/status')
@@ -33,18 +33,7 @@ export class CommandHandler {
         }
         return false;
     }
-    getClearHistoryHint(platform) {
-        return platform === 'feishu'
-            ? '💡 提示：如需清除本对话的历史消息，请点击飞书聊天右上角「...」→ 清除聊天记录'
-            : platform === 'wechat'
-                ? '💡 提示：如需清除本对话的历史消息，请清除聊天记录'
-                : platform === 'dingtalk'
-                    ? '💡 提示：如需清除本对话的历史消息，请在钉钉中清空聊天记录'
-                    : platform === 'workbuddy'
-                        ? '💡 提示：如需清除本对话的历史消息，请清除聊天记录'
-                        : '💡 提示：如需清除本对话的历史消息，请点击 Telegram 聊天右上角 ⋮ → 清除历史';
-    }
-    async handleHelp(chatId, platform) {
+    async handleHelp(chatId) {
         const help = [
             '📋 可用命令:',
             '',
@@ -53,16 +42,14 @@ export class CommandHandler {
             '/status - 显示状态',
             '/cd <路径> - 切换工作目录',
             '/pwd - 当前工作目录',
-            '',
-            this.getClearHistoryHint(platform),
         ].join('\n');
         await this.deps.sender.sendTextReply(chatId, help);
         return true;
     }
-    async handleNew(chatId, userId, platform) {
+    async handleNew(chatId, userId) {
         const ok = this.deps.sessionManager.newSession(userId);
         await this.deps.sender.sendTextReply(chatId, ok
-            ? `✅ AI 会话已重置，下一条消息将使用全新上下文。\n\n${this.getClearHistoryHint(platform)}`
+            ? '✅ AI 会话已重置，下一条消息将使用全新上下文。'
             : '当前没有活动会话。');
         return true;
     }
@@ -103,8 +90,7 @@ export class CommandHandler {
         try {
             const resolved = await this.deps.sessionManager.setWorkDir(userId, dir);
             await this.deps.sender.sendTextReply(chatId, `📁 工作目录已切换到: ${escapePathForMarkdown(resolved)}\n\n` +
-                `🔄 AI 会话已重置，下一条消息将使用全新上下文。\n` +
-                this.getClearHistoryHint(platform));
+                `🔄 AI 会话已重置，下一条消息将使用全新上下文。`);
         }
         catch (err) {
             await this.deps.sender.sendTextReply(chatId, err instanceof Error ? err.message : String(err));

package/dist/config-web.js

@@ -117,6 +117,7 @@ export function getHealthPlatformSnapshot(file, env = process.env) {
     const fileQQ = file.platforms?.qq;
     const fileWework = file.platforms?.wework;
     const fileDingtalk = file.platforms?.dingtalk;
+    const fileWorkbuddy = file.platforms?.workbuddy;
     const telegramBotToken = env.TELEGRAM_BOT_TOKEN ?? fileTelegram?.botToken ?? file.telegramBotToken;
     const feishuAppId = env.FEISHU_APP_ID ?? fileFeishu?.appId ?? file.feishuAppId;
     const feishuAppSecret = env.FEISHU_APP_SECRET ?? fileFeishu?.appSecret ?? file.feishuAppSecret;
@@ -126,6 +127,9 @@ export function getHealthPlatformSnapshot(file, env = process.env) {
     const weworkSecret = env.WEWORK_SECRET ?? fileWework?.secret;
     const dingtalkClientId = env.DINGTALK_CLIENT_ID ?? fileDingtalk?.clientId;
     const dingtalkClientSecret = env.DINGTALK_CLIENT_SECRET ?? fileDingtalk?.clientSecret;
+    const workbuddyAccessToken = fileWorkbuddy?.accessToken;
+    const workbuddyRefreshToken = fileWorkbuddy?.refreshToken;
+    const workbuddyUserId = fileWorkbuddy?.userId;
     return {
         telegram: {
             configured: !!telegramBotToken,
@@ -157,6 +161,12 @@ export function getHealthPlatformSnapshot(file, env = process.env) {
             healthy: !!(dingtalkClientId && dingtalkClientSecret),
             message: dingtalkClientId && dingtalkClientSecret ? "Client ID and Secret configured" : "Missing credentials",
         },
+        workbuddy: {
+            configured: !!(workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId),
+            enabled: !!(workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId) && fileWorkbuddy?.enabled !== false,
+            healthy: !!(workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId),
+            message: workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId ? "OAuth credentials configured" : "Missing credentials",
+        },
     };
 }
 function splitCsv(value) {
@@ -170,10 +180,20 @@ function clean(value) {
     const trimmed = value.trim();
     return trimmed ? trimmed : undefined;
 }
+const MAX_REQUEST_BODY_BYTES = 1 * 1024 * 1024; // 1 MB
 function readJson(request) {
     return new Promise((resolve, reject) => {
         const chunks = [];
-        request.on("data", (chunk) => chunks.push(Buffer.from(chunk)));
+        let totalBytes = 0;
+        request.on("data", (chunk) => {
+            totalBytes += chunk.length;
+            if (totalBytes > MAX_REQUEST_BODY_BYTES) {
+                reject(new Error("Request body too large (max 1 MB)"));
+                request.destroy();
+                return;
+            }
+            chunks.push(Buffer.from(chunk));
+        });
         request.on("end", () => {
             try {
                 const raw = Buffer.concat(chunks).toString("utf-8");
@@ -190,6 +210,11 @@ function json(response, statusCode, body) {
     response.writeHead(statusCode, { "content-type": "application/json; charset=utf-8" });
     response.end(JSON.stringify(body));
 }
+function maskSecret(value) {
+    if (!value || value.length <= 4)
+        return value ? "****" : "";
+    return value.slice(0, 2) + "****" + value.slice(-2);
+}
 function buildInitialPayload(file) {
     // Load Claude settings from ~/.claude/settings.json
     const claudeEnv = loadClaudeSettingsEnv();
@@ -198,7 +223,7 @@ function buildInitialPayload(file) {
             telegram: {
                 enabled: file.platforms?.telegram?.enabled ?? Boolean(file.platforms?.telegram?.botToken),
                 aiCommand: file.platforms?.telegram?.aiCommand ?? "",
-                botToken: file.platforms?.telegram?.botToken ?? "",
+                botToken: maskSecret(file.platforms?.telegram?.botToken),
                 proxy: file.platforms?.telegram?.proxy ?? "",
                 allowedUserIds: (file.platforms?.telegram?.allowedUserIds ?? []).join(", "),
             },
@@ -206,31 +231,40 @@ function buildInitialPayload(file) {
                 enabled: file.platforms?.feishu?.enabled ?? Boolean(file.platforms?.feishu?.appId && file.platforms?.feishu?.appSecret),
                 aiCommand: file.platforms?.feishu?.aiCommand ?? "",
                 appId: file.platforms?.feishu?.appId ?? "",
-                appSecret: file.platforms?.feishu?.appSecret ?? "",
+                appSecret: maskSecret(file.platforms?.feishu?.appSecret),
                 allowedUserIds: (file.platforms?.feishu?.allowedUserIds ?? []).join(", "),
             },
             qq: {
                 enabled: file.platforms?.qq?.enabled ?? Boolean(file.platforms?.qq?.appId && file.platforms?.qq?.secret),
                 aiCommand: file.platforms?.qq?.aiCommand ?? "",
                 appId: file.platforms?.qq?.appId ?? "",
-                secret: file.platforms?.qq?.secret ?? "",
+                secret: maskSecret(file.platforms?.qq?.secret),
                 allowedUserIds: (file.platforms?.qq?.allowedUserIds ?? []).join(", "),
             },
             wework: {
                 enabled: file.platforms?.wework?.enabled ?? Boolean(file.platforms?.wework?.corpId && file.platforms?.wework?.secret),
                 aiCommand: file.platforms?.wework?.aiCommand ?? "",
                 corpId: file.platforms?.wework?.corpId ?? "",
-                secret: file.platforms?.wework?.secret ?? "",
+                secret: maskSecret(file.platforms?.wework?.secret),
                 allowedUserIds: (file.platforms?.wework?.allowedUserIds ?? []).join(", "),
             },
             dingtalk: {
                 enabled: file.platforms?.dingtalk?.enabled ?? Boolean(file.platforms?.dingtalk?.clientId && file.platforms?.dingtalk?.clientSecret),
                 aiCommand: file.platforms?.dingtalk?.aiCommand ?? "",
                 clientId: file.platforms?.dingtalk?.clientId ?? "",
-                clientSecret: file.platforms?.dingtalk?.clientSecret ?? "",
+                clientSecret: maskSecret(file.platforms?.dingtalk?.clientSecret),
                 cardTemplateId: file.platforms?.dingtalk?.cardTemplateId ?? "",
                 allowedUserIds: (file.platforms?.dingtalk?.allowedUserIds ?? []).join(", "),
             },
+            workbuddy: {
+                enabled: file.platforms?.workbuddy?.enabled ?? Boolean(file.platforms?.workbuddy?.accessToken && file.platforms?.workbuddy?.refreshToken && file.platforms?.workbuddy?.userId),
+                aiCommand: file.platforms?.workbuddy?.aiCommand ?? "",
+                accessToken: maskSecret(file.platforms?.workbuddy?.accessToken),
+                refreshToken: maskSecret(file.platforms?.workbuddy?.refreshToken),
+                userId: file.platforms?.workbuddy?.userId ?? "",
+                baseUrl: file.platforms?.workbuddy?.baseUrl ?? "",
+                allowedUserIds: (file.platforms?.workbuddy?.allowedUserIds ?? []).join(", "),
+            },
         },
         ai: {
             aiCommand: file.aiCommand ?? "claude",
@@ -239,7 +273,7 @@ function buildInitialPayload(file) {
             claudeConfigPath: process.platform === 'win32'
                 ? getClaudeConfigHome() + "\\.claude\\settings.json"
                 : getClaudeConfigHome() + "/.claude/settings.json",
-            claudeAuthToken: claudeEnv.ANTHROPIC_AUTH_TOKEN ?? "",
+            claudeAuthToken: maskSecret(claudeEnv.ANTHROPIC_AUTH_TOKEN),
             claudeBaseUrl: claudeEnv.ANTHROPIC_BASE_URL ?? "",
             claudeModel: claudeEnv.ANTHROPIC_MODEL ?? "",
             claudeProxy: file.tools?.claude?.proxy ?? "",
@@ -276,6 +310,12 @@ function validatePayload(payload) {
         errors.push("DingTalk client ID is required.");
     if (payload.platforms.dingtalk.enabled && !clean(payload.platforms.dingtalk.clientSecret))
         errors.push("DingTalk client secret is required.");
+    if (payload.platforms.workbuddy.enabled && !clean(payload.platforms.workbuddy.accessToken))
+        errors.push("WorkBuddy access token is required.");
+    if (payload.platforms.workbuddy.enabled && !clean(payload.platforms.workbuddy.refreshToken))
+        errors.push("WorkBuddy refresh token is required.");
+    if (payload.platforms.workbuddy.enabled && !clean(payload.platforms.workbuddy.userId))
+        errors.push("WorkBuddy user ID is required.");
     if (!clean(payload.ai.claudeWorkDir))
         errors.push("Default work directory is required.");
     if (!Number.isFinite(payload.ai.claudeTimeoutMs) || payload.ai.claudeTimeoutMs <= 0)
@@ -330,6 +370,17 @@ function validateConfigForPlatform(platform, config) {
                 errors.push("DingTalk client secret is required and must be a non-empty string.");
             }
             break;
+        case "workbuddy":
+            if (!c.accessToken || typeof c.accessToken !== "string" || !clean(c.accessToken)) {
+                errors.push("WorkBuddy access token is required and must be a non-empty string.");
+            }
+            if (!c.refreshToken || typeof c.refreshToken !== "string" || !clean(c.refreshToken)) {
+                errors.push("WorkBuddy refresh token is required and must be a non-empty string.");
+            }
+            if (!c.userId || typeof c.userId !== "string" || !clean(c.userId)) {
+                errors.push("WorkBuddy user ID is required and must be a non-empty string.");
+            }
+            break;
         default:
             errors.push(`Unknown platform: ${platform}`);
     }
@@ -455,6 +506,34 @@ async function probeDingTalk(config) {
     }
     return "DingTalk credentials are valid.";
 }
+async function probeWorkBuddy(config) {
+    const accessToken = clean(String(config.accessToken ?? ""));
+    const refreshToken = clean(String(config.refreshToken ?? ""));
+    const userId = clean(String(config.userId ?? ""));
+    if (!accessToken || !refreshToken || !userId)
+        throw new Error("WorkBuddy access token, refresh token, and user ID are required.");
+    const baseUrl = clean(String(config.baseUrl ?? "")) || "https://copilot.tencent.com";
+    // Validate credentials by attempting to register workspace
+    const response = await fetch(`${baseUrl}/api/copilot/workspace/register`, {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            "authorization": `Bearer ${accessToken}`,
+        },
+        body: JSON.stringify({
+            userId,
+            hostId: "open-im-test",
+            workspaceId: "open-im-test-workspace",
+            workspaceName: "OpenIM Test Workspace",
+        }),
+        signal: AbortSignal.timeout(TEST_TIMEOUT_MS),
+    });
+    if (!response.ok) {
+        const body = await response.text();
+        throw new Error(`WorkBuddy authentication failed: ${body.slice(0, 200) || `HTTP ${response.status}`}`);
+    }
+    return "WorkBuddy credentials are valid.";
+}
 export async function testPlatformConfig(platform, config) {
     const errors = validateConfigForPlatform(platform, config);
     if (errors.length > 0) {
@@ -471,6 +550,8 @@ export async function testPlatformConfig(platform, config) {
             return probeWeWork(config);
         case "dingtalk":
             return probeDingTalk(config);
+        case "workbuddy":
+            return probeWorkBuddy(config);
         default:
             throw new Error(`Unknown platform: ${platform}`);
     }
@@ -557,6 +638,16 @@ function toFileConfig(payload, existing) {
                 cardTemplateId: clean(payload.platforms.dingtalk.cardTemplateId),
                 allowedUserIds: splitCsv(payload.platforms.dingtalk.allowedUserIds),
             },
+            workbuddy: {
+                ...existing.platforms?.workbuddy,
+                enabled: payload.platforms.workbuddy.enabled,
+                aiCommand: clean(payload.platforms.workbuddy.aiCommand),
+                accessToken: clean(payload.platforms.workbuddy.accessToken),
+                refreshToken: clean(payload.platforms.workbuddy.refreshToken),
+                userId: clean(payload.platforms.workbuddy.userId),
+                baseUrl: clean(payload.platforms.workbuddy.baseUrl),
+                allowedUserIds: splitCsv(payload.platforms.workbuddy.allowedUserIds),
+            },
         },
     };
 }
@@ -812,6 +903,7 @@ export async function startWebConfigServer(options) {
             const fileQQ = file.platforms?.qq;
             const fileWework = file.platforms?.wework;
             const fileDingtalk = file.platforms?.dingtalk;
+            const fileWorkbuddy = file.platforms?.workbuddy;
             const telegramBotToken = process.env.TELEGRAM_BOT_TOKEN ?? fileTelegram?.botToken ?? file.telegramBotToken;
             const feishuAppId = process.env.FEISHU_APP_ID ?? fileFeishu?.appId ?? file.feishuAppId;
             const feishuAppSecret = process.env.FEISHU_APP_SECRET ?? fileFeishu?.appSecret ?? file.feishuAppSecret;
@@ -821,6 +913,9 @@ export async function startWebConfigServer(options) {
             const weworkSecret = process.env.WEWORK_SECRET ?? fileWework?.secret;
             const dingtalkClientId = process.env.DINGTALK_CLIENT_ID ?? fileDingtalk?.clientId;
             const dingtalkClientSecret = process.env.DINGTALK_CLIENT_SECRET ?? fileDingtalk?.clientSecret;
+            const workbuddyAccessToken = fileWorkbuddy?.accessToken;
+            const workbuddyRefreshToken = fileWorkbuddy?.refreshToken;
+            const workbuddyUserId = fileWorkbuddy?.userId;
             const platforms = {};
             // 检查 Telegram
             platforms.telegram = {
@@ -857,6 +952,13 @@ export async function startWebConfigServer(options) {
                 healthy: !!(dingtalkClientId && dingtalkClientSecret),
                 message: (dingtalkClientId && dingtalkClientSecret) ? "Client ID and Secret configured" : "Missing credentials"
             };
+            // 检查 WorkBuddy
+            platforms.workbuddy = {
+                configured: !!(workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId),
+                enabled: !!(workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId) && fileWorkbuddy?.enabled !== false,
+                healthy: !!(workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId),
+                message: (workbuddyAccessToken && workbuddyRefreshToken && workbuddyUserId) ? "OAuth credentials configured" : "Missing credentials"
+            };
             json(response, 200, { platforms, serviceStatus: getServiceStatus() });
             return;
         }

package/dist/dingtalk/client.js

@@ -7,7 +7,9 @@ const TEXT_MSG_KEY = 'sampleText';
 const DINGTALK_STREAM_HOST = 'wss-open-connection.dingtalk.com';
 let client = null;
 let messageHandler = null;
+// sessionWebhook 有过期时间（约 2 小时），需要记录时间戳
 const sessionWebhookByChat = new Map();
+const WEBHOOK_TTL_MS = 90 * 60 * 1000; // 90 分钟后视为过期
 const unionIdByUserId = new Map();
 let dingtalkWarnFilterInstalled = false;
 export function shouldSuppressDingTalkSocketWarn(args) {
@@ -44,13 +46,19 @@ function getClient() {
 export function registerSessionWebhook(chatId, sessionWebhook) {
     if (!chatId || !sessionWebhook)
         return;
-    sessionWebhookByChat.set(chatId, sessionWebhook);
+    sessionWebhookByChat.set(chatId, { webhook: sessionWebhook, registeredAt: Date.now() });
 }
 async function sendByWebhook(chatId, body) {
-    const sessionWebhook = sessionWebhookByChat.get(chatId);
-    if (!sessionWebhook) {
+    const entry = sessionWebhookByChat.get(chatId);
+    if (!entry) {
         throw new Error(`DingTalk sessionWebhook unavailable for chat ${chatId}`);
     }
+    // 检查 webhook 是否过期
+    if (Date.now() - entry.registeredAt > WEBHOOK_TTL_MS) {
+        sessionWebhookByChat.delete(chatId);
+        throw new Error(`DingTalk sessionWebhook expired for chat ${chatId}`);
+    }
+    const sessionWebhook = entry.webhook;
     const accessToken = await getClient().getAccessToken();
     const res = await fetch(sessionWebhook, {
         method: 'POST',

package/dist/dingtalk/event-handler.js

@@ -99,7 +99,8 @@ async function buildMediaPrompt(message, kind, robotCodeFallback) {
                 fallbackExtension: kind === 'image' ? 'jpg' : 'bin',
             });
         }
-        catch {
+        catch (err) {
+            log.warn('Failed to download DingTalk media from URL:', err);
             localPath = undefined;
         }
     }
@@ -118,7 +119,8 @@ async function buildMediaPrompt(message, kind, robotCodeFallback) {
                 localPath = await saveBufferMedia(downloaded.buffer, extension, basenameHint);
             }
         }
-        catch {
+        catch (err) {
+            log.warn('Failed to download DingTalk media via robotCode:', err);
             localPath = undefined;
         }
     }
@@ -194,7 +196,9 @@ export function setupDingTalkHandlers(config, sessionManager) {
             try {
                 await sendTextReply(chatId, '启动 AI 处理失败，请重试。');
             }
-            catch { /* ignore */ }
+            catch (err) {
+                log.warn('Failed to send startup error reply:', err);
+            }
             return;
         }
         const stopTyping = startTypingLoop(chatId);