@wu529778790/open-im 1.8.1 → 1.8.2

package/dist/access/access-control.js

@@ -8,7 +8,7 @@ export class AccessControl {
     }
     isAllowed(userId) {
         if (this.allowedUserIds.size === 0) {
-            log.debug(`Allowing user ${userId} (no whitelist configured)`);
+            log.warn(`Allowing user ${userId} — no whitelist configured. Set allowedUserIds to restrict access.`);
             return true;
         }
         const allowed = this.allowedUserIds.has(userId);

package/dist/adapters/claude-sdk-adapter.js

@@ -16,6 +16,21 @@ const log = createLogger('ClaudeSDK');
 const activeSessions = new Map();
 // 存储正在进行的流式迭代器，用于中断
 const activeStreams = new Set();
+// Mutex to serialize process.chdir() calls across concurrent users
+let chdirMutex = Promise.resolve();
+function withChdirMutex(fn) {
+    const previous = chdirMutex;
+    let resolve;
+    chdirMutex = new Promise((r) => { resolve = r; });
+    return previous.then(() => {
+        try {
+            return fn();
+        }
+        finally {
+            resolve();
+        }
+    });
+}
 function isStreamEvent(msg) {
     return msg.type === 'stream_event';
 }
@@ -37,39 +52,51 @@ function isResult(msg) {
  * @param permissionMode 权限模式
  * @returns SDKSession 对象和实际的 sessionId
  */
-async function getOrCreateSession(sessionId, _workDir, // 保留参数以备将来使用
-model, permissionMode) {
+async function getOrCreateSession(sessionId, workDir, model, permissionMode) {
     const resolvedModel = model?.trim() || 'claude-opus-4-5';
     const sessionOptions = {
         model: resolvedModel,
         permissionMode,
-        // 可以添加其他选项，如 hooks, allowedTools 等
     };
     const baseUrl = process.env.ANTHROPIC_BASE_URL ?? '(default)';
-    log.info(`[V2] getOrCreateSession model param=${String(model ?? '')} resolved=${resolvedModel} baseUrl=${baseUrl}`);
-    let session;
-    if (sessionId) {
-        // 尝试恢复已有会话
+    log.info(`[V2] getOrCreateSession model param=${String(model ?? '')} resolved=${resolvedModel} baseUrl=${baseUrl} workDir=${workDir}`);
+    // Use mutex to serialize process.chdir() calls across concurrent users
+    return withChdirMutex(() => {
+        let session;
+        const originalCwd = process.cwd();
         try {
-            log.info(`Attempting to resume session: ${sessionId}`);
-            session = unstable_v2_resumeSession(sessionId, sessionOptions);
-            activeSessions.set(sessionId, session);
-            log.info(`Successfully resumed session: ${sessionId}`);
-            return { session, sessionId };
+            if (workDir && workDir !== originalCwd) {
+                process.chdir(workDir);
+            }
+            if (sessionId) {
+                // 尝试恢复已有会话
+                try {
+                    log.info(`Attempting to resume session: ${sessionId}`);
+                    session = unstable_v2_resumeSession(sessionId, sessionOptions);
+                    activeSessions.set(sessionId, session);
+                    log.info(`Successfully resumed session: ${sessionId}`);
+                    return { session, sessionId };
+                }
+                catch (err) {
+                    log.warn(`Failed to resume session ${sessionId}, creating new one: ${err}`);
+                    // 恢复失败，创建新会话
+                }
+            }
+            // 创建新会话
+            session = unstable_v2_createSession(sessionOptions);
+            // 新会话的 sessionId 需要从第一个消息中获取
+            // 暂时返回 undefined，稍后在 init 消息中获取
+            const tempId = `pending-${Date.now()}`;
+            activeSessions.set(tempId, session);
+            log.info(`Created new session (tempId: ${tempId})`);
+            return { session, sessionId: tempId };
         }
-        catch (err) {
-            log.warn(`Failed to resume session ${sessionId}, creating new one: ${err}`);
-            // 恢复失败，创建新会话
+        finally {
+            if (workDir && workDir !== originalCwd) {
+                process.chdir(originalCwd);
+            }
         }
-    }
-    // 创建新会话
-    session = unstable_v2_createSession(sessionOptions);
-    // 新会话的 sessionId 需要从第一个消息中获取
-    // 暂时返回 undefined，稍后在 init 消息中获取
-    const tempId = `pending-${Date.now()}`;
-    activeSessions.set(tempId, session);
-    log.info(`Created new session (tempId: ${tempId})`);
-    return { session, sessionId: tempId };
+    });
 }
 export class ClaudeSDKAdapter {
     toolId = 'claude-sdk';
@@ -105,14 +132,6 @@ export class ClaudeSDKAdapter {
         let actualSessionId;
         let pendingTempId; // 记录临时 ID，用于 abort 时清理
         let runSettled = false;
-        let timeoutId = null;
-        const timeoutMs = options?.timeoutMs ?? 600_000;
-        const clearRunTimeout = () => {
-            if (timeoutId !== null) {
-                clearTimeout(timeoutId);
-                timeoutId = null;
-            }
-        };
         const permissionMode = options?.skipPermissions
             ? 'bypassPermissions'
             : options?.permissionMode === 'acceptEdits'
@@ -121,15 +140,6 @@ export class ClaudeSDKAdapter {
                     ? 'plan'
                     : 'default';
         const runSession = async () => {
-            timeoutId = setTimeout(() => {
-                if (runSettled)
-                    return;
-                runSettled = true;
-                clearRunTimeout();
-                log.warn(`[ClaudeSDK] Request timeout after ${timeoutMs}ms`);
-                abortController.abort();
-                callbacks.onError(`请求超时（${Math.round(timeoutMs / 1000)}s），请重试或缩短问题。`);
-            }, timeoutMs);
             try {
                 // 检查环境变量
                 const hasApiKey = !!process.env.ANTHROPIC_API_KEY;
@@ -209,7 +219,6 @@ export class ClaudeSDKAdapter {
                             // 检查会话错误
                             if (!success) {
                                 runSettled = true;
-                                clearRunTimeout();
                                 const noConvErr = errs.find((e) => e.includes('No conversation found') || e.includes('session not found'));
                                 if (noConvErr) {
                                     log.warn(`Session ${actualSessionId} not found, may need to create new one`);
@@ -237,25 +246,31 @@ export class ClaudeSDKAdapter {
                                 result.result = accumulated;
                             }
                             runSettled = true;
-                            clearRunTimeout();
                             callbacks.onComplete(result);
                             return;
                         }
                     }
                     // 如果流正常结束但没有收到 result 消息
-                    if (!streamClosed && accumulated) {
-                        log.info('Stream ended without result message, using accumulated text');
-                        runSettled = true;
-                        clearRunTimeout();
-                        callbacks.onComplete({
-                            success: true,
-                            result: accumulated,
-                            accumulated,
-                            cost: 0,
-                            durationMs: 0,
-                            numTurns: 1,
-                            toolStats,
-                        });
+                    if (!streamClosed) {
+                        if (accumulated) {
+                            log.info('Stream ended without result message, using accumulated text');
+                            runSettled = true;
+                            callbacks.onComplete({
+                                success: true,
+                                result: accumulated,
+                                accumulated,
+                                cost: 0,
+                                durationMs: 0,
+                                numTurns: 1,
+                                toolStats,
+                            });
+                        }
+                        else {
+                            // 流结束但无 result 也无 accumulated：必须触发回调，否则 Promise 永远挂起
+                            log.warn('Stream ended with no result and no accumulated text, calling onError to prevent stuck state');
+                            runSettled = true;
+                            callbacks.onError('AI 响应异常结束（无输出），请重试');
+                        }
                     }
                 }
                 finally {
@@ -266,7 +281,6 @@ export class ClaudeSDKAdapter {
             catch (err) {
                 if (abortController.signal.aborted) {
                     log.info('Session run aborted');
-                    clearRunTimeout();
                     // 清理 pending tempId（abort 可能在 init 消息之前发生）
                     const idToClean = actualSessionId ?? pendingTempId;
                     if (idToClean?.startsWith('pending-')) {
@@ -276,7 +290,6 @@ export class ClaudeSDKAdapter {
                     return;
                 }
                 runSettled = true;
-                clearRunTimeout();
                 const errorObj = err;
                 const msg = errorObj.message || String(err);
                 log.error(`Claude SDK V2 error: ${msg}`);

package/dist/cli.js

@@ -50,7 +50,7 @@ async function cmdStart() {
         console.log("\nopen-im is already running in the background.");
         console.log(`  pid: ${status.pid}`);
         console.log(`  config page: ${getWebConfigUrl()}`);
-        return;
+        process.exit(0);
     }
     if (!(await ensureConfigured("start"))) {
         process.exit(1);
@@ -67,17 +67,19 @@ async function cmdStart() {
         console.log("  A one-time login URL (with login_token) has been printed by the config-web server logger.");
         console.log("  Please use that URL (replacing 127.0.0.1 with your server IP/hostname) for the first login.");
     }
+    process.exit(0);
 }
 async function cmdStop() {
     const status = getManagerStatus();
     if (!status.pid) {
         console.log("open-im is not running in the background.");
-        return;
+        process.exit(0);
     }
     await stopBackgroundService();
     const result = await stopManagerProcess();
     console.log("\nopen-im stopped.");
     console.log(`  pid: ${result.pid}`);
+    process.exit(0);
 }
 async function cmdRestart() {
     const status = getManagerStatus();
@@ -98,6 +100,7 @@ async function cmdRestart() {
     console.log("\nopen-im restarted in the background.");
     console.log(`  pid: ${child.pid}`);
     console.log(`  config page: ${getWebConfigUrl()}`);
+    process.exit(0);
 }
 async function cmdInit() {
     console.log("\nopen-im CLI setup\n");

package/dist/commands/handler.d.ts

@@ -19,7 +19,6 @@ export declare class CommandHandler {
     private deps;
     constructor(deps: CommandHandlerDeps);
     dispatch(text: string, chatId: string, userId: string, platform: 'dingtalk' | 'feishu' | 'qq' | 'telegram' | 'wechat' | 'wework' | 'workbuddy', handleClaudeRequest: ClaudeRequestHandler): Promise<boolean>;
-    private getClearHistoryHint;
     private handleHelp;
     private handleNew;
     private handlePwd;

package/dist/commands/handler.js

@@ -16,9 +16,9 @@ export class CommandHandler {
             return true;
         }
         if (t === '/help')
-            return this.handleHelp(chatId, platform);
+            return this.handleHelp(chatId);
         if (t === '/new')
-            return this.handleNew(chatId, userId, platform);
+            return this.handleNew(chatId, userId);
         if (t === '/pwd')
             return this.handlePwd(chatId, userId);
         if (t === '/status')
@@ -33,18 +33,7 @@ export class CommandHandler {
         }
         return false;
     }
-    getClearHistoryHint(platform) {
-        return platform === 'feishu'
-            ? '💡 提示：如需清除本对话的历史消息，请点击飞书聊天右上角「...」→ 清除聊天记录'
-            : platform === 'wechat'
-                ? '💡 提示：如需清除本对话的历史消息，请清除聊天记录'
-                : platform === 'dingtalk'
-                    ? '💡 提示：如需清除本对话的历史消息，请在钉钉中清空聊天记录'
-                    : platform === 'workbuddy'
-                        ? '💡 提示：如需清除本对话的历史消息，请清除聊天记录'
-                        : '💡 提示：如需清除本对话的历史消息，请点击 Telegram 聊天右上角 ⋮ → 清除历史';
-    }
-    async handleHelp(chatId, platform) {
+    async handleHelp(chatId) {
         const help = [
             '📋 可用命令:',
             '',
@@ -53,16 +42,14 @@ export class CommandHandler {
             '/status - 显示状态',
             '/cd <路径> - 切换工作目录',
             '/pwd - 当前工作目录',
-            '',
-            this.getClearHistoryHint(platform),
         ].join('\n');
         await this.deps.sender.sendTextReply(chatId, help);
         return true;
     }
-    async handleNew(chatId, userId, platform) {
+    async handleNew(chatId, userId) {
         const ok = this.deps.sessionManager.newSession(userId);
         await this.deps.sender.sendTextReply(chatId, ok
-            ? `✅ AI 会话已重置，下一条消息将使用全新上下文。\n\n${this.getClearHistoryHint(platform)}`
+            ? '✅ AI 会话已重置，下一条消息将使用全新上下文。'
             : '当前没有活动会话。');
         return true;
     }
@@ -103,8 +90,7 @@ export class CommandHandler {
         try {
             const resolved = await this.deps.sessionManager.setWorkDir(userId, dir);
             await this.deps.sender.sendTextReply(chatId, `📁 工作目录已切换到: ${escapePathForMarkdown(resolved)}\n\n` +
-                `🔄 AI 会话已重置，下一条消息将使用全新上下文。\n` +
-                this.getClearHistoryHint(platform));
+                `🔄 AI 会话已重置，下一条消息将使用全新上下文。`);
         }
         catch (err) {
             await this.deps.sender.sendTextReply(chatId, err instanceof Error ? err.message : String(err));

package/dist/config-web.js

@@ -180,10 +180,20 @@ function clean(value) {
     const trimmed = value.trim();
     return trimmed ? trimmed : undefined;
 }
+const MAX_REQUEST_BODY_BYTES = 1 * 1024 * 1024; // 1 MB
 function readJson(request) {
     return new Promise((resolve, reject) => {
         const chunks = [];
-        request.on("data", (chunk) => chunks.push(Buffer.from(chunk)));
+        let totalBytes = 0;
+        request.on("data", (chunk) => {
+            totalBytes += chunk.length;
+            if (totalBytes > MAX_REQUEST_BODY_BYTES) {
+                reject(new Error("Request body too large (max 1 MB)"));
+                request.destroy();
+                return;
+            }
+            chunks.push(Buffer.from(chunk));
+        });
         request.on("end", () => {
             try {
                 const raw = Buffer.concat(chunks).toString("utf-8");
@@ -200,6 +210,11 @@ function json(response, statusCode, body) {
     response.writeHead(statusCode, { "content-type": "application/json; charset=utf-8" });
     response.end(JSON.stringify(body));
 }
+function maskSecret(value) {
+    if (!value || value.length <= 4)
+        return value ? "****" : "";
+    return value.slice(0, 2) + "****" + value.slice(-2);
+}
 function buildInitialPayload(file) {
     // Load Claude settings from ~/.claude/settings.json
     const claudeEnv = loadClaudeSettingsEnv();
@@ -208,7 +223,7 @@ function buildInitialPayload(file) {
             telegram: {
                 enabled: file.platforms?.telegram?.enabled ?? Boolean(file.platforms?.telegram?.botToken),
                 aiCommand: file.platforms?.telegram?.aiCommand ?? "",
-                botToken: file.platforms?.telegram?.botToken ?? "",
+                botToken: maskSecret(file.platforms?.telegram?.botToken),
                 proxy: file.platforms?.telegram?.proxy ?? "",
                 allowedUserIds: (file.platforms?.telegram?.allowedUserIds ?? []).join(", "),
             },
@@ -216,36 +231,36 @@ function buildInitialPayload(file) {
                 enabled: file.platforms?.feishu?.enabled ?? Boolean(file.platforms?.feishu?.appId && file.platforms?.feishu?.appSecret),
                 aiCommand: file.platforms?.feishu?.aiCommand ?? "",
                 appId: file.platforms?.feishu?.appId ?? "",
-                appSecret: file.platforms?.feishu?.appSecret ?? "",
+                appSecret: maskSecret(file.platforms?.feishu?.appSecret),
                 allowedUserIds: (file.platforms?.feishu?.allowedUserIds ?? []).join(", "),
             },
             qq: {
                 enabled: file.platforms?.qq?.enabled ?? Boolean(file.platforms?.qq?.appId && file.platforms?.qq?.secret),
                 aiCommand: file.platforms?.qq?.aiCommand ?? "",
                 appId: file.platforms?.qq?.appId ?? "",
-                secret: file.platforms?.qq?.secret ?? "",
+                secret: maskSecret(file.platforms?.qq?.secret),
                 allowedUserIds: (file.platforms?.qq?.allowedUserIds ?? []).join(", "),
             },
             wework: {
                 enabled: file.platforms?.wework?.enabled ?? Boolean(file.platforms?.wework?.corpId && file.platforms?.wework?.secret),
                 aiCommand: file.platforms?.wework?.aiCommand ?? "",
                 corpId: file.platforms?.wework?.corpId ?? "",
-                secret: file.platforms?.wework?.secret ?? "",
+                secret: maskSecret(file.platforms?.wework?.secret),
                 allowedUserIds: (file.platforms?.wework?.allowedUserIds ?? []).join(", "),
             },
             dingtalk: {
                 enabled: file.platforms?.dingtalk?.enabled ?? Boolean(file.platforms?.dingtalk?.clientId && file.platforms?.dingtalk?.clientSecret),
                 aiCommand: file.platforms?.dingtalk?.aiCommand ?? "",
                 clientId: file.platforms?.dingtalk?.clientId ?? "",
-                clientSecret: file.platforms?.dingtalk?.clientSecret ?? "",
+                clientSecret: maskSecret(file.platforms?.dingtalk?.clientSecret),
                 cardTemplateId: file.platforms?.dingtalk?.cardTemplateId ?? "",
                 allowedUserIds: (file.platforms?.dingtalk?.allowedUserIds ?? []).join(", "),
             },
             workbuddy: {
                 enabled: file.platforms?.workbuddy?.enabled ?? Boolean(file.platforms?.workbuddy?.accessToken && file.platforms?.workbuddy?.refreshToken && file.platforms?.workbuddy?.userId),
                 aiCommand: file.platforms?.workbuddy?.aiCommand ?? "",
-                accessToken: file.platforms?.workbuddy?.accessToken ?? "",
-                refreshToken: file.platforms?.workbuddy?.refreshToken ?? "",
+                accessToken: maskSecret(file.platforms?.workbuddy?.accessToken),
+                refreshToken: maskSecret(file.platforms?.workbuddy?.refreshToken),
                 userId: file.platforms?.workbuddy?.userId ?? "",
                 baseUrl: file.platforms?.workbuddy?.baseUrl ?? "",
                 allowedUserIds: (file.platforms?.workbuddy?.allowedUserIds ?? []).join(", "),
@@ -258,7 +273,7 @@ function buildInitialPayload(file) {
             claudeConfigPath: process.platform === 'win32'
                 ? getClaudeConfigHome() + "\\.claude\\settings.json"
                 : getClaudeConfigHome() + "/.claude/settings.json",
-            claudeAuthToken: claudeEnv.ANTHROPIC_AUTH_TOKEN ?? "",
+            claudeAuthToken: maskSecret(claudeEnv.ANTHROPIC_AUTH_TOKEN),
             claudeBaseUrl: claudeEnv.ANTHROPIC_BASE_URL ?? "",
             claudeModel: claudeEnv.ANTHROPIC_MODEL ?? "",
             claudeProxy: file.tools?.claude?.proxy ?? "",

package/dist/dingtalk/event-handler.js

@@ -99,7 +99,8 @@ async function buildMediaPrompt(message, kind, robotCodeFallback) {
                 fallbackExtension: kind === 'image' ? 'jpg' : 'bin',
             });
         }
-        catch {
+        catch (err) {
+            log.warn('Failed to download DingTalk media from URL:', err);
             localPath = undefined;
         }
     }
@@ -118,7 +119,8 @@ async function buildMediaPrompt(message, kind, robotCodeFallback) {
                 localPath = await saveBufferMedia(downloaded.buffer, extension, basenameHint);
             }
         }
-        catch {
+        catch (err) {
+            log.warn('Failed to download DingTalk media via robotCode:', err);
             localPath = undefined;
         }
     }
@@ -194,7 +196,9 @@ export function setupDingTalkHandlers(config, sessionManager) {
             try {
                 await sendTextReply(chatId, '启动 AI 处理失败，请重试。');
             }
-            catch { /* ignore */ }
+            catch (err) {
+                log.warn('Failed to send startup error reply:', err);
+            }
             return;
         }
         const stopTyping = startTypingLoop(chatId);

package/dist/dingtalk/message-sender.js

@@ -24,6 +24,19 @@ const FLOW_STATUS = {
 };
 let senderSettings = {};
 const streamStates = new Map();
+// Periodic cleanup of orphaned stream states (max 30 minutes)
+const STREAM_MAX_AGE_MS = 30 * 60 * 1000;
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, state] of streamStates) {
+        // streamStates in DingTalk don't have createdAt, clean up by size
+        if (streamStates.size > 50) {
+            streamStates.delete(id);
+            log.info(`Cleaned up old DingTalk stream state: ${id}`);
+            break; // Clean one at a time to avoid blocking
+        }
+    }
+}, STREAM_MAX_AGE_MS);
 function generateMessageId() {
     return `${Date.now()}-${randomBytes(6).toString('hex')}`;
 }

package/dist/feishu/event-handler.js

@@ -88,7 +88,9 @@ async function sendPermissionFallback(chatId, guide) {
         await sendTextReply(chatId, guide);
         return;
     }
-    catch { /* 卡片方式失败，降级 */ }
+    catch (err) {
+        log.warn('Card-based reply failed, falling back to plain text:', err);
+    }
     // 2. 降级为纯文本消息
     try {
         const client = (await import('./client.js')).getClient();
@@ -103,7 +105,9 @@ async function sendPermissionFallback(chatId, guide) {
         });
         return;
     }
-    catch { /* 纯文本也失败 */ }
+    catch (err) {
+        log.warn('Plain text reply also failed:', err);
+    }
     log.error('All fallback methods failed to send permission guide');
 }
 async function downloadFeishuMessageResource(client, messageId, fileKey, type, options) {
@@ -146,23 +150,38 @@ export function setupFeishuHandlers(config, sessionManager) {
         const toolId = aiCommand;
         // 使用 CardKit 打字机效果（80ms 节流，约 12 次/秒，比 patch 5 QPS 更流畅）
         let cardHandle;
-        try {
-            cardHandle = await sendThinkingCard(chatId, toolId);
-        }
-        catch (err) {
-            log.error('Failed to send thinking card:', err);
-            // 检测是否为飞书权限不足
-            if (isPermissionError(err)) {
-                const guide = buildPermissionGuideMessage(err);
-                await sendPermissionFallback(chatId, guide).catch(() => { });
+        const MAX_SEND_RETRIES = 3;
+        for (let attempt = 1; attempt <= MAX_SEND_RETRIES; attempt++) {
+            try {
+                cardHandle = await sendThinkingCard(chatId, toolId);
+                break;
             }
-            else {
-                try {
-                    await sendTextReply(chatId, '启动 AI 处理失败，请重试。');
+            catch (err) {
+                const isRetryable = err && typeof err === 'object' && 'code' in err &&
+                    (err.code === 'ETIMEDOUT' || err.code === 'ECONNRESET' || err.code === 'ECONNREFUSED');
+                if (isRetryable && attempt < MAX_SEND_RETRIES) {
+                    log.warn(`sendThinkingCard attempt ${attempt}/${MAX_SEND_RETRIES} failed (${err.code}), retrying...`);
+                    await new Promise((r) => setTimeout(r, 1000 * attempt));
+                    continue;
+                }
+                log.error(`Failed to send thinking card after ${attempt} attempts:`, err);
+                // 检测是否为飞书权限不足
+                if (isPermissionError(err)) {
+                    const guide = buildPermissionGuideMessage(err);
+                    await sendPermissionFallback(chatId, guide).catch((err) => {
+                        log.warn('Permission fallback send failed:', err);
+                    });
                 }
-                catch { /* ignore */ }
+                else {
+                    try {
+                        await sendTextReply(chatId, '启动 AI 处理失败，请重试。');
+                    }
+                    catch (err) {
+                        log.warn('Failed to send startup error reply:', err);
+                    }
+                }
+                return;
             }
-            return;
         }
         const { messageId: msgId, cardId } = cardHandle;
         const stopTyping = startTypingLoop(chatId);
@@ -219,7 +238,8 @@ export function setupFeishuHandlers(config, sessionManager) {
             try {
                 obj = JSON.parse(raw);
             }
-            catch {
+            catch (err) {
+                log.debug('Failed to parse action value as JSON:', err);
                 return null;
             }
         }
@@ -272,8 +292,8 @@ export function setupFeishuHandlers(config, sessionManager) {
             }
             actionData = parsed;
         }
-        catch {
-            /* ignore */
+        catch (err) {
+            log.debug('Failed to parse card action data:', err);
         }
         if (actionData?.action === 'stop' && actionData.card_id) {
             const cardId = actionData.card_id;

package/dist/index.js

@@ -306,6 +306,15 @@ export async function main() {
     };
     process.on("SIGINT", () => shutdown().catch(() => process.exit(1)));
     process.on("SIGTERM", () => shutdown().catch(() => process.exit(1)));
+    // Global error handlers to prevent unhandled crashes
+    process.on("unhandledRejection", (reason) => {
+        log.error("Unhandled Promise rejection:", reason);
+    });
+    process.on("uncaughtException", (err) => {
+        log.error("Uncaught exception (process will exit):", err);
+        closeLogger();
+        process.exit(1);
+    });
 }
 const isEntry = process.argv[1]?.replace(/\\/g, "/").endsWith("/index.js") ||
     process.argv[1]?.replace(/\\/g, "/").endsWith("/index.ts");

package/dist/manager-control.js

@@ -6,6 +6,10 @@ import { APP_HOME } from "./constants.js";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PID_FILE = join(APP_HOME, "open-im.pid");
 const READY_FILE = join(APP_HOME, "open-im.ready");
+function logError(prefix, err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`[manager-control] ${prefix} ${msg}\n`);
+}
 function getManagerEntry() {
     const extension = extname(fileURLToPath(import.meta.url));
     if (extension === ".ts") {
@@ -106,6 +110,9 @@ export async function startManagerProcess(cwd) {
         env: process.env,
         windowsHide: process.platform === "win32",
     });
+    child.on("error", (err) => {
+        logError("Manager process spawn failed:", err);
+    });
     child.unref();
     if (!child.pid) {
         throw new Error("Failed to start manager process.");

package/dist/qq/client.js

@@ -144,7 +144,12 @@ function startHeartbeat(intervalMs) {
     heartbeatTimer = setInterval(() => {
         if (!ws || ws.readyState !== WebSocket.OPEN)
             return;
-        ws.send(JSON.stringify({ op: 1, d: seq }));
+        try {
+            ws.send(JSON.stringify({ op: 1, d: seq }));
+        }
+        catch (err) {
+            log.warn('QQ heartbeat send failed:', err);
+        }
     }, intervalMs);
 }
 async function connectWebSocket(config, handler) {

package/dist/qq/event-handler.js

@@ -62,7 +62,8 @@ async function buildAttachmentPrompt(event) {
                                 : "bin",
                 });
             }
-            catch {
+            catch (err) {
+                log.warn('Failed to download QQ media attachment:', err);
                 localPath = undefined;
             }
         }
@@ -153,7 +154,9 @@ export function setupQQHandlers(config, sessionManager) {
             try {
                 await sendTextReply(chatId, "启动 AI 处理失败，请重试。");
             }
-            catch { /* ignore */ }
+            catch (err) {
+                log.warn('Failed to send startup error reply:', err);
+            }
             return;
         }
         const stopTyping = startTypingLoop();

package/dist/qq/message-sender.js

@@ -7,6 +7,17 @@ import { buildDirectoryMessage } from "../shared/system-messages.js";
 const log = createLogger("QQSender");
 const MAX_QQ_MESSAGE_LENGTH = 1500;
 const pendingReplies = new Map();
+// Periodic cleanup of orphaned pending replies
+const PENDING_MAX_AGE_MS = 10 * 60 * 1000; // 10 minutes
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, state] of pendingReplies) {
+        // pendingReplies don't have timestamps, but we can clear old ones based on size
+        if (pendingReplies.size > 100) {
+            pendingReplies.delete(id);
+        }
+    }
+}, PENDING_MAX_AGE_MS);
 function parseChatTarget(chatId) {
     if (chatId.startsWith("group:")) {
         return { kind: "group", id: chatId.slice("group:".length) };

package/dist/service-control.js

@@ -93,6 +93,10 @@ export function startBackgroundService(cwd) {
         env: process.env,
         windowsHide: process.platform === "win32",
     });
+    child.on("error", (err) => {
+        // Spawn failure (ENOENT etc.) — report via stderr since logger may not be initialized
+        process.stderr.write(`[service-control] Spawn failed: ${err.message}\n`);
+    });
     child.unref();
     if (!child.pid) {
         throw new Error("Failed to start background service.");

package/dist/session/session-manager.js

@@ -236,7 +236,17 @@ export class SessionManager {
         const resolved = resolveWorkDirInput(baseDir, targetDir);
         if (!existsSync(resolved))
             throw new Error(`目录不存在: \`${resolved}\``);
-        return realpath(resolved);
+        const real = await realpath(resolved);
+        // Block access to sensitive system directories
+        const blockedPrefixes = process.platform === 'win32'
+            ? ['C:\\Windows', 'C:\\Program Files', 'C:\\Program Files (x86)', 'C:\\ProgramData']
+            : ['/etc', '/proc', '/sys', '/dev', '/boot', '/root', '/sbin', '/usr/sbin'];
+        for (const prefix of blockedPrefixes) {
+            if (real.toLowerCase().startsWith(prefix.toLowerCase())) {
+                throw new Error(`不允许访问系统目录: \`${real}\``);
+            }
+        }
+        return real;
     }
     load(previousDefaultWorkDir) {
         try {

package/dist/shared/chat-user-map.js

@@ -4,6 +4,17 @@
  */
 const chatToUser = new Map();
 const chatToPlatform = new Map();
+// Periodic cleanup to prevent unbounded growth (keep last 1000 entries)
+const CHAT_MAP_MAX_SIZE = 1000;
+setInterval(() => {
+    if (chatToUser.size > CHAT_MAP_MAX_SIZE) {
+        const keysToDelete = [...chatToUser.keys()].slice(0, chatToUser.size - CHAT_MAP_MAX_SIZE);
+        for (const key of keysToDelete) {
+            chatToUser.delete(key);
+            chatToPlatform.delete(key);
+        }
+    }
+}, 60 * 60 * 1000); // Check every hour
 export function setChatUser(chatId, userId, platform) {
     chatToUser.set(chatId, userId);
     if (platform)

package/dist/shared/media-storage.js

@@ -131,6 +131,33 @@ export async function saveBase64Media(base64, extension, basenameHint) {
     return saveBufferMedia(Buffer.from(base64, "base64"), extension, basenameHint);
 }
 export async function downloadMediaFromUrl(url, options) {
+    // SSRF protection: validate URL before fetching
+    const BLOCKED_HOSTS = ['127.0.0.1', 'localhost', '0.0.0.0', '[::1]', '169.254.169.254'];
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid URL: ${url}`);
+    }
+    const protocol = parsedUrl.protocol.toLowerCase();
+    if (protocol !== 'https:' && protocol !== 'http:') {
+        throw new Error(`Unsupported URL protocol: ${protocol}`);
+    }
+    const hostname = parsedUrl.hostname.toLowerCase();
+    for (const blocked of BLOCKED_HOSTS) {
+        if (hostname === blocked) {
+            throw new Error(`Blocked URL host: ${hostname}`);
+        }
+    }
+    // Block link-local and private IPs (e.g., 10.x.x.x, 172.16-31.x.x, 192.168.x.x)
+    const ipMatch = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (ipMatch) {
+        const [, a, b] = ipMatch.map(Number);
+        if (a === 10 || (a === 172 && b >= 16 && b <= 31) || (a === 192 && b === 168) || a === 0) {
+            throw new Error(`Blocked private/internal IP: ${hostname}`);
+        }
+    }
     await mkdir(IMAGE_DIR, { recursive: true });
     const response = await fetch(url, { signal: AbortSignal.timeout(MEDIA_DOWNLOAD_TIMEOUT_MS) });
     if (!response.ok) {

package/dist/telegram/client.js

@@ -43,7 +43,9 @@ export async function initTelegram(config, setupHandlers) {
             // 不再 exit(1)，让其他通道继续运行
         }
     };
-    void launchWithRetry();
+    void launchWithRetry().catch((err) => {
+        log.error("Telegram launchWithRetry failed fatally:", err);
+    });
     log.info("Telegram bot launched");
 }
 export function stopTelegram() {

package/dist/telegram/event-handler.js

@@ -110,7 +110,9 @@ export function setupTelegramHandlers(bot, config, sessionManager) {
             try {
                 await sendTextReply(chatId, "启动 AI 处理失败，请重试。");
             }
-            catch { /* ignore */ }
+            catch (err) {
+                log.warn('Failed to send startup error reply:', err);
+            }
             return;
         }
         const stopTyping = startTypingLoop(chatId);
@@ -180,7 +182,8 @@ export function setupTelegramHandlers(bot, config, sessionManager) {
                     throttle.recordSuccess();
                     lastUpdateTime = Date.now();
                 }
-                catch {
+                catch (err) {
+                    log.debug('Stream update failed:', err);
                     throttle.recordError();
                 }
                 finally {
@@ -194,7 +197,7 @@ export function setupTelegramHandlers(bot, config, sessionManager) {
                     }
                 }
             };
-            return (content, toolNote) => {
+            const wrapper = (content, toolNote) => {
                 if (content.startsWith("💭 **思考中...**")) {
                     return;
                 }
@@ -215,6 +218,17 @@ export function setupTelegramHandlers(bot, config, sessionManager) {
                     performUpdate(content, toolNote);
                 }, Math.max(DEBOUNCE_MS, baseDelay));
             };
+            // flush 排队的 debounce 更新，防止 sendComplete 时仍有 streaming 更新在排队
+            wrapper.flush = async () => {
+                if (debounceTimer) {
+                    clearTimeout(debounceTimer);
+                    debounceTimer = null;
+                }
+                while (updateInProgress) {
+                    await new Promise((resolve) => setTimeout(resolve, 50));
+                }
+            };
+            return wrapper;
         };
         const streamUpdateWrapper = createStreamUpdateWrapper();
         await runAITask({ config, sessionManager }, {
@@ -232,12 +246,30 @@ export function setupTelegramHandlers(bot, config, sessionManager) {
             },
             sendComplete: async (content, note) => {
                 throttle.reset();
-                try {
-                    await sendFinalMessages(chatId, msgId, content, note, toolId);
-                }
-                catch (err) {
-                    log.error("Failed to send complete message:", err);
-                    await updateMessage(chatId, msgId, content, "done", note, toolId);
+                // 先 flush 排队的 streaming 更新，防止它覆盖后续的 done 消息
+                await streamUpdateWrapper.flush?.();
+                const maxAttempts = 3;
+                for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+                    try {
+                        await sendFinalMessages(chatId, msgId, content, note, toolId);
+                        return;
+                    }
+                    catch (err) {
+                        log.error(`Failed to send complete message (attempt ${attempt}/${maxAttempts}):`, err);
+                        if (attempt < maxAttempts) {
+                            await new Promise((r) => setTimeout(r, 2000 * attempt));
+                        }
+                        else {
+                            // 最终失败：尝试发送纯文本作为最后手段
+                            try {
+                                await sendTextReply(chatId, `⚠️ 消息更新失败（网络异常），以下是 AI 回复：\n\n${content.slice(0, 4000)}`);
+                            }
+                            catch (fallbackErr) {
+                                log.error("All send attempts failed:", fallbackErr);
+                                throw err;
+                            }
+                        }
+                    }
                 }
             },
             sendError: async (error) => {

package/dist/telegram/message-sender.js

@@ -9,6 +9,15 @@ import { MAX_TELEGRAM_MESSAGE_LENGTH } from "../constants.js";
 import { listDirectories, buildDirectoryKeyboard, } from "../commands/handler.js";
 const log = createLogger("TgSender");
 const lastSentByMsg = new Map();
+// Periodic cleanup of orphaned entries (entries not cleaned by done/error)
+const LAST_SENT_MAX_AGE_MS = 30 * 60 * 1000; // 30 minutes
+setInterval(() => {
+    // lastSentByMsg doesn't store timestamps, so clear all entries periodically
+    // since they are just dedup cache entries, clearing is safe
+    if (lastSentByMsg.size > 0) {
+        lastSentByMsg.clear();
+    }
+}, LAST_SENT_MAX_AGE_MS);
 const STATUS_ICONS = {
     thinking: "🔵",
     streaming: "🔵",
@@ -85,6 +94,10 @@ export async function updateMessage(chatId, messageId, content, status, note, to
         }
         else {
             log.error("Failed to update message:", err);
+            // 对 done/error 状态的更新失败必须 throw，否则消息永远卡在 streaming
+            if (status === "done" || status === "error") {
+                throw err;
+            }
         }
     }
     if (status === "done" || status === "error") {

package/dist/wechat/auth/qclaw-api.js

@@ -14,7 +14,7 @@ function nested(obj, ...keys) {
 export class QClawAPI {
     env;
     guid;
-    loginKey = 'm83qdao0AmE5';
+    loginKey = process.env.QCLAW_LOGIN_KEY || 'm83qdao0AmE5';
     jwtToken = '';
     userId = '';
     constructor(env, guid, jwtToken = '') {

package/dist/wechat/client.js

@@ -104,9 +104,28 @@ async function connectWebSocket(config) {
     }
     updateState('connecting');
     return new Promise((resolve, reject) => {
+        let settled = false;
+        // Connection timeout to prevent promise from hanging forever
+        const connectionTimeout = setTimeout(() => {
+            if (settled)
+                return;
+            settled = true;
+            const err = new Error('WeChat WebSocket connection timeout');
+            log.error(err.message);
+            updateState('error');
+            try {
+                ws?.close();
+            }
+            catch { /* ignore */ }
+            reject(err);
+        }, 30000);
         try {
             ws = new WebSocket(config.url);
             ws.on('open', () => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(connectionTimeout);
                 log.info('WeChat WebSocket connected');
                 reconnectAttempts = 0;
                 updateState('connected');
@@ -125,18 +144,33 @@ async function connectWebSocket(config) {
                 }
             });
             ws.on('error', (err) => {
+                if (settled) {
+                    // Late error after connection was established — just log it
+                    log.error('WeChat WebSocket error (after open):', err);
+                    return;
+                }
+                settled = true;
+                clearTimeout(connectionTimeout);
                 log.error('WeChat WebSocket error:', err);
                 updateState('error');
                 reject(err);
             });
             ws.on('close', () => {
+                clearTimeout(connectionTimeout);
                 log.info('WeChat WebSocket closed');
                 stopHeartbeat();
                 updateState('disconnected');
+                if (!settled) {
+                    settled = true;
+                    reject(new Error('WeChat WebSocket closed before open'));
+                    return;
+                }
                 scheduleReconnect(config);
             });
         }
         catch (err) {
+            settled = true;
+            clearTimeout(connectionTimeout);
             log.error('Error creating WebSocket connection:', err);
             updateState('error');
             reject(err);

package/dist/wechat/event-handler.js

@@ -53,7 +53,8 @@ export function setupWeChatHandlers(config, sessionManager) {
             }
             return parsed;
         }
-        catch {
+        catch (err) {
+            log.debug('Failed to parse WeChat incoming message JSON:', err);
             return null;
         }
     }
@@ -90,8 +91,8 @@ export function setupWeChatHandlers(config, sessionManager) {
                     text: contextText,
                 });
             }
-            catch {
-                // Fall through to metadata-only prompt.
+            catch (err) {
+                log.warn('Failed to download WeChat media, falling back to metadata-only prompt:', err);
             }
         }
         return buildMediaMetadataPrompt({
@@ -133,7 +134,9 @@ export function setupWeChatHandlers(config, sessionManager) {
             try {
                 await sendTextReply(chatId, '启动 AI 处理失败，请重试。');
             }
-            catch { /* ignore */ }
+            catch (err) {
+                log.warn('Failed to send startup error reply:', err);
+            }
             return;
         }
         const stopTyping = startTypingLoop(chatId);

package/dist/wework/event-handler.js

@@ -21,6 +21,8 @@ import { buildMediaContext } from '../shared/media-context.js';
 import { buildErrorNote, buildProgressNote } from '../shared/message-note.js';
 const log = createLogger('WeWorkHandler');
 const WEWORK_MEDIA_TIMEOUT_MS = 60_000;
+// Safety timeout: abort hung tasks before stream expires (5 min TTL → 4.5 min safety)
+const WEWORK_TASK_SAFETY_TIMEOUT_MS = 4.5 * 60 * 1000;
 async function saveWeWorkUrlMedia(payload, fallbackExtension) {
     if (!payload.url) {
         throw new Error("Missing WeWork media URL");
@@ -119,7 +121,8 @@ export async function buildMediaPrompt(data, kind) {
                     text: contextText,
                 });
             }
-            catch {
+            catch (err) {
+                log.warn('Failed to download WeWork image, falling back to URL reference:', err);
                 imageReference = `Remote image URL: ${imagePayload.url}`;
             }
         }
@@ -144,8 +147,8 @@ export async function buildMediaPrompt(data, kind) {
                 text: contextText,
             });
         }
-        catch {
-            // Fall back to metadata-only prompt.
+        catch (err) {
+            log.warn('Failed to download WeWork media, falling back to metadata-only prompt:', err);
         }
     }
     return buildMediaMetadataPrompt({
@@ -194,11 +197,31 @@ export function setupWeWorkHandlers(config, sessionManager) {
                 try {
                     await sendTextReply(chatId, '启动 AI 处理失败，请重试。', reqId);
                 }
-                catch { /* ignore */ }
+                catch (err) {
+                    log.warn('Failed to send startup error reply:', err);
+                }
                 return;
             }
             const stopTyping = startTypingLoop(chatId);
             const taskKey = `${userId}:${msgId}`;
+            // Safety timeout: abort hung tasks before stream expires, unblocking the queue
+            let safetyTimer = setTimeout(() => {
+                safetyTimer = null;
+                const state = runningTasks.get(taskKey);
+                if (state) {
+                    log.warn(`[SAFETY_TIMEOUT] Task ${taskKey} exceeded ${WEWORK_TASK_SAFETY_TIMEOUT_MS}ms, aborting`);
+                    state.handle.abort();
+                    runningTasks.delete(taskKey);
+                    stopTyping();
+                    sendTextReply(chatId, `AI 处理超时（${Math.round(WEWORK_TASK_SAFETY_TIMEOUT_MS / 1000)}s），已自动取消。请重试。`, reqId).catch(() => { });
+                }
+            }, WEWORK_TASK_SAFETY_TIMEOUT_MS);
+            const clearSafetyTimer = () => {
+                if (safetyTimer) {
+                    clearTimeout(safetyTimer);
+                    safetyTimer = null;
+                }
+            };
             await runAITask({ config, sessionManager }, { userId, chatId, workDir, sessionId, convId, platform: 'wework', taskKey }, prompt, toolAdapter, {
                 throttleMs: WEWORK_THROTTLE_MS,
                 streamUpdate: async (content, toolNote) => {
@@ -217,6 +240,7 @@ export function setupWeWorkHandlers(config, sessionManager) {
                     await updateMessage(chatId, msgId, `Error: ${error}`, 'error', buildErrorNote(), toolId, reqId);
                 },
                 extraCleanup: () => {
+                    clearSafetyTimer();
                     stopTyping();
                     runningTasks.delete(taskKey);
                 },

package/dist/wework/message-sender.js

@@ -101,6 +101,18 @@ function formatWeWorkMessage(title, content, status, note) {
     return message;
 }
 const streamStates = new Map();
+// Periodic cleanup of expired/orphaned stream states
+const STREAM_CLEANUP_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, state] of streamStates) {
+        if (now - state.createdAt >= STREAM_SAFE_TTL_MS) {
+            state.closed = true;
+            streamStates.delete(id);
+            log.info(`Cleaned up expired stream state: ${id}`);
+        }
+    }
+}, STREAM_CLEANUP_INTERVAL_MS);
 function sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -187,6 +199,12 @@ export async function updateMessage(chatId, streamId, content, status, note, too
             return;
         if (Date.now() - state.createdAt >= STREAM_SAFE_TTL_MS) {
             markExpired(state, streamId);
+            // Stream expired - fall back to text delivery for errors and final states
+            if (status === 'error' || status === 'done') {
+                const reqIdUsed = getReqId(reqId);
+                sendText(reqIdUsed, message);
+                log.info(`Stream expired, sent ${status} via text fallback: streamId=${streamId}`);
+            }
             return;
         }
         state.pendingUpdate = { message, status, reqId };
@@ -207,17 +225,24 @@ export async function sendFinalMessages(chatId, streamId, fullContent, note, too
     const title = getToolTitle(toolId, 'done');
     const parts = splitLongContent(contentToSend, MAX_WEWORK_MESSAGE_LENGTH);
     const finalMessage = formatWeWorkMessage(title, parts[0], 'done', parts.length > 1 ? `内容较长，已分段发送 (1/${parts.length})` : note);
-    try {
-        const state = streamStates.get(streamId);
-        const shouldFallbackToText = !!state && (state.expired || Date.now() - state.createdAt >= STREAM_SAFE_TTL_MS);
-        if (!shouldFallbackToText && state && contentToSend.length > 0) {
-            // 先发一条「输出中」带正文，再发 finish 的最终条，避免企微端一直停在「思考中」不刷新
+    const state = streamStates.get(streamId);
+    const shouldFallbackToText = !!state && (state.expired || Date.now() - state.createdAt >= STREAM_SAFE_TTL_MS);
+    // 先发一条「输出中」带正文，再发 finish 的最终条，避免企微端一直停在「思考中」不刷新
+    // 独立 try-catch：即使此步失败，仍须发送 finish=true，否则企微永远卡在「正在思考」
+    if (!shouldFallbackToText && state && contentToSend.length > 0) {
+        try {
             await updateMessage(chatId, streamId, contentToSend, 'streaming', note, toolId, reqId);
         }
-        if (state) {
-            state.closed = true;
-            state.pendingUpdate = undefined;
+        catch (err) {
+            log.warn('Pre-finish streaming update failed, will still send finish=true:', err);
         }
+    }
+    if (state) {
+        state.closed = true;
+        state.pendingUpdate = undefined;
+    }
+    // finish=true 是关键：必须保证发出，否则企微 UI 永远停留在「正在思考」
+    try {
         if (!shouldFallbackToText) {
             if (state) {
                 const elapsed = Date.now() - state.lastSentAt;
@@ -232,21 +257,28 @@ export async function sendFinalMessages(chatId, streamId, fullContent, note, too
             sendText(getReqId(reqId), finalMessage);
             log.info(`Final stream expired, sent text fallback instead: streamId=${streamId}`);
         }
-        streamStates.delete(streamId);
-        for (let i = 1; i < parts.length; i++) {
-            try {
-                const partContent = `${parts[i]}\n\n_*(续 ${i + 1}/${parts.length})*_`;
-                const partMessage = formatWeWorkMessage(title, partContent, 'done', i === parts.length - 1 ? note : undefined);
-                sendText(getReqId(reqId), partMessage);
-                log.info(`Final message part ${i + 1}/${parts.length} sent`);
-            }
-            catch (err) {
-                log.error(`Failed to send part ${i + 1}:`, err);
-            }
-        }
     }
     catch (err) {
-        log.error('Failed to send final messages:', err);
+        log.warn('Primary finish send failed, trying text fallback:', err);
+        try {
+            sendText(getReqId(reqId), finalMessage);
+            log.info(`Fallback text sent after primary finish failure, streamId=${streamId}`);
+        }
+        catch (fallbackErr) {
+            log.error('Both primary and fallback finish sends failed:', fallbackErr);
+        }
+    }
+    streamStates.delete(streamId);
+    for (let i = 1; i < parts.length; i++) {
+        try {
+            const partContent = `${parts[i]}\n\n_*(续 ${i + 1}/${parts.length})*_`;
+            const partMessage = formatWeWorkMessage(title, partContent, 'done', i === parts.length - 1 ? note : undefined);
+            sendText(getReqId(reqId), partMessage);
+            log.info(`Final message part ${i + 1}/${parts.length} sent`);
+        }
+        catch (err) {
+            log.error(`Failed to send part ${i + 1}:`, err);
+        }
     }
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wu529778790/open-im",
-  "version": "1.8.1",
+  "version": "1.8.2",
   "description": "Multi-platform IM bridge for AI CLI tools (Claude, Codex, CodeBuddy)",
   "type": "module",
   "main": "dist/index.js",
@@ -46,7 +46,7 @@
     "url": "https://github.com/wu529778790/open-im/issues"
   },
   "dependencies": {
-    "@anthropic-ai/claude-agent-sdk": "^0.2.76",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.86",
     "@larksuiteoapi/node-sdk": "^1.59.0",
     "@wu529778790/open-im": "^1.8.1-beta.8",
     "centrifuge": "^5.3.0",