@yanhaidao/wecom 2.3.270 → 2.4.160

package/src/shared/media-service.test.ts

@@ -0,0 +1,111 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { WecomMediaService } from "./media-service.js";
+
+describe("WecomMediaService", () => {
+  const fetchRemoteMedia = vi.fn();
+  const saveMediaBuffer = vi.fn();
+
+  beforeEach(() => {
+    fetchRemoteMedia.mockReset();
+    saveMediaBuffer.mockReset();
+  });
+
+  it("passes configured wecom mediaMaxMb to remote attachment fetches and saves", async () => {
+    const service = new WecomMediaService(
+      {
+        channel: {
+          media: {
+            fetchRemoteMedia,
+            saveMediaBuffer,
+          },
+        },
+      } as never,
+      {
+        channels: {
+          wecom: {
+            mediaMaxMb: 24,
+          },
+        },
+      } as never,
+    );
+
+    fetchRemoteMedia.mockResolvedValue({
+      buffer: Buffer.from("file"),
+      contentType: "application/pdf",
+      fileName: "sample.pdf",
+    });
+    saveMediaBuffer.mockResolvedValue({
+      path: "/tmp/sample.pdf",
+    });
+
+    const event = {
+      accountId: "default",
+      attachments: [{ remoteUrl: "https://example.com/sample.pdf" }],
+    } as never;
+
+    const attachment = await service.normalizeFirstAttachment(event);
+
+    expect(fetchRemoteMedia).toHaveBeenCalledWith({
+      url: "https://example.com/sample.pdf",
+      maxBytes: 24 * 1024 * 1024,
+    });
+
+    await service.saveInboundAttachment(event, attachment!);
+
+    expect(saveMediaBuffer).toHaveBeenCalledWith(
+      expect.any(Buffer),
+      "application/pdf",
+      "inbound",
+      24 * 1024 * 1024,
+      "sample.pdf",
+    );
+  });
+
+  it("prefers account-specific mediaMaxMb for inbound saves", async () => {
+    const service = new WecomMediaService(
+      {
+        channel: {
+          media: {
+            fetchRemoteMedia,
+            saveMediaBuffer,
+          },
+        },
+      } as never,
+      {
+        channels: {
+          wecom: {
+            mediaMaxMb: 24,
+            accounts: {
+              ops: {
+                mediaMaxMb: 36,
+              },
+            },
+          },
+        },
+      } as never,
+    );
+
+    saveMediaBuffer.mockResolvedValue({
+      path: "/tmp/account-specific.pdf",
+    });
+
+    await service.saveInboundAttachment(
+      {
+        accountId: "ops",
+      } as never,
+      {
+        buffer: Buffer.from("file"),
+        contentType: "application/pdf",
+        filename: "ops.pdf",
+      },
+    );
+
+    expect(saveMediaBuffer).toHaveBeenCalledWith(
+      expect.any(Buffer),
+      "application/pdf",
+      "inbound",
+      36 * 1024 * 1024,
+      "ops.pdf",
+    );
+  });
+});

package/src/shared/media-service.ts

@@ -1,14 +1,27 @@
-import type { PluginRuntime } from "openclaw/plugin-sdk";
-
-import type { NormalizedMediaAttachment } from "./media-types.js";
-import type { UnifiedInboundEvent } from "../types/index.js";
+import type { OpenClawConfig, PluginRuntime } from "openclaw/plugin-sdk";
+import { resolveWecomMediaMaxBytes } from "../config/index.js";
 import { decryptWecomMediaWithMeta } from "../media.js";
+import type { UnifiedInboundEvent } from "../types/index.js";
+import type { NormalizedMediaAttachment } from "./media-types.js";
 
 export class WecomMediaService {
-  constructor(private readonly core: PluginRuntime) {}
+  constructor(
+    private readonly core: PluginRuntime,
+    private readonly cfg: OpenClawConfig,
+  ) {}
+
+  private resolveInboundMaxBytes(accountId: string): number {
+    return resolveWecomMediaMaxBytes(this.cfg, accountId);
+  }
 
-  async downloadRemoteMedia(params: { url: string }): Promise<NormalizedMediaAttachment> {
-    const loaded = await this.core.channel.media.fetchRemoteMedia({ url: params.url });
+  async downloadRemoteMedia(params: {
+    url: string;
+    maxBytes: number;
+  }): Promise<NormalizedMediaAttachment> {
+    const loaded = await this.core.channel.media.fetchRemoteMedia({
+      url: params.url,
+      maxBytes: params.maxBytes,
+    });
     return {
       buffer: loaded.buffer,
       contentType: loaded.contentType,
@@ -22,8 +35,14 @@ export class WecomMediaService {
    * Bot-webhook: uses the account-level EncodingAESKey.
    * Both use AES-256-CBC with PKCS#7 padding (32-byte block), IV = key[:16].
    */
-  async downloadEncryptedMedia(params: { url: string; aesKey: string }): Promise<NormalizedMediaAttachment> {
-    const decrypted = await decryptWecomMediaWithMeta(params.url, params.aesKey);
+  async downloadEncryptedMedia(params: {
+    url: string;
+    aesKey: string;
+    maxBytes: number;
+  }): Promise<NormalizedMediaAttachment> {
+    const decrypted = await decryptWecomMediaWithMeta(params.url, params.aesKey, {
+      maxBytes: params.maxBytes,
+    });
     return {
       buffer: decrypted.buffer,
       contentType: decrypted.sourceContentType,
@@ -31,26 +50,35 @@ export class WecomMediaService {
     };
   }
 
-  async saveInboundAttachment(event: UnifiedInboundEvent, attachment: NormalizedMediaAttachment): Promise<string> {
+  async saveInboundAttachment(
+    event: UnifiedInboundEvent,
+    attachment: NormalizedMediaAttachment,
+  ): Promise<string> {
+    const maxBytes = this.resolveInboundMaxBytes(event.accountId);
     const saved = await this.core.channel.media.saveMediaBuffer(
       attachment.buffer,
       attachment.contentType,
       "inbound",
-      undefined,
+      maxBytes,
       attachment.filename,
     );
     return saved.path;
   }
 
-  async normalizeFirstAttachment(event: UnifiedInboundEvent): Promise<NormalizedMediaAttachment | undefined> {
+  async normalizeFirstAttachment(
+    event: UnifiedInboundEvent,
+  ): Promise<NormalizedMediaAttachment | undefined> {
     const first = event.attachments?.[0];
     if (!first?.remoteUrl) {
       return undefined;
     }
+    // Keep fetch/decrypt/save on the same account-aware limit instead of falling back
+    // to the core media store default (5MB).
+    const maxBytes = this.resolveInboundMaxBytes(event.accountId);
     // Bot-ws media is AES-encrypted; use decryption when aesKey is present
     if (first.aesKey) {
-      return this.downloadEncryptedMedia({ url: first.remoteUrl, aesKey: first.aesKey });
+      return this.downloadEncryptedMedia({ url: first.remoteUrl, aesKey: first.aesKey, maxBytes });
     }
-    return this.downloadRemoteMedia({ url: first.remoteUrl });
+    return this.downloadRemoteMedia({ url: first.remoteUrl, maxBytes });
   }
 }

package/src/target.ts

@@ -26,6 +26,35 @@ export interface ScopedWecomTarget {
     rawTarget: string;
 }
 
+function parseUpstreamScopedTarget(raw: string): {
+    accountId?: string;
+    userId: string;
+} | undefined {
+    const legacyScoped = raw.match(/^wecom-agent-upstream:([^:]+):([^:]+):(.+)$/i);
+    if (legacyScoped) {
+        return {
+            accountId: legacyScoped[1]?.trim(),
+            userId: legacyScoped[3]?.trim() || "",
+        };
+    }
+
+    const queryIndex = raw.indexOf("?upstream_corp=");
+    if (queryIndex < 0 || !raw.startsWith("wecom-agent:")) {
+        return undefined;
+    }
+
+    const pathPart = raw.slice(0, queryIndex);
+    const match = pathPart.match(/^wecom-agent:([^:]+):user:(.+)$/i);
+    if (!match) {
+        return undefined;
+    }
+
+    return {
+        accountId: match[1]?.trim(),
+        userId: match[2]?.trim() || "",
+    };
+}
+
 export function buildWecomContextTarget(contextToken: string): string {
     return `wecom:context:${contextToken}`;
 }
@@ -118,6 +147,17 @@ export function resolveScopedWecomTarget(raw: string | undefined, defaultAccount
     if (!raw?.trim()) return undefined;
 
     const trimmed = raw.trim();
+
+    const upstreamScoped = parseUpstreamScopedTarget(trimmed);
+    if (upstreamScoped) {
+        const accountId = upstreamScoped.accountId || defaultAccountId;
+        return {
+            accountId,
+            target: { touser: upstreamScoped.userId },
+            rawTarget: upstreamScoped.userId,
+        };
+    }
+
     const agentScoped = trimmed.match(/^wecom-agent:([^:]+):(.+)$/i);
     if (agentScoped) {
         const accountId = agentScoped[1]?.trim() || defaultAccountId;

package/src/transport/agent-api/client.ts

@@ -1,7 +1,9 @@
 import type { ResolvedAgentAccount } from "../../types/index.js";
+import { LIMITS } from "../../types/constants.js";
 import {
   downloadMedia as downloadLegacyMedia,
   getAccessToken as getLegacyAccessToken,
+  getUpstreamAccessToken as getLegacyUpstreamAccessToken,
   sendMedia as sendLegacyMedia,
   sendText as sendLegacyText,
 } from "./core.js";
@@ -10,6 +12,14 @@ export async function getAgentApiAccessToken(agent: ResolvedAgentAccount): Promi
   return getLegacyAccessToken(agent);
 }
 
+export async function getUpstreamAgentApiAccessToken(params: {
+  primaryAgent: ResolvedAgentAccount;
+  upstreamCorpId: string;
+  upstreamAgentId: number;
+}): Promise<string> {
+  return getLegacyUpstreamAccessToken(params);
+}
+
 export async function sendAgentApiText(params: {
   agent: ResolvedAgentAccount;
   toUser?: string;
@@ -42,3 +52,226 @@ export async function downloadAgentApiMedia(params: {
 }): Promise<{ buffer: Buffer; contentType: string; filename?: string }> {
   return downloadLegacyMedia(params);
 }
+
+export async function downloadUpstreamAgentApiMedia(params: {
+  upstreamAgent: ResolvedAgentAccount;
+  primaryAgent: ResolvedAgentAccount;
+  mediaId: string;
+  maxBytes?: number;
+}): Promise<{ buffer: Buffer; contentType: string; filename?: string }> {
+  const { upstreamAgent, primaryAgent, mediaId, maxBytes } = params;
+
+  const token = await getUpstreamAgentApiAccessToken({
+    primaryAgent,
+    upstreamCorpId: upstreamAgent.corpId,
+    upstreamAgentId: upstreamAgent.agentId!,
+  });
+  const url = `https://qyapi.weixin.qq.com/cgi-bin/media/get?access_token=${encodeURIComponent(token)}&media_id=${encodeURIComponent(mediaId)}`;
+
+  const { wecomFetch, readResponseBodyAsBuffer } = await import("../../http.js");
+  const { resolveWecomEgressProxyUrlFromNetwork } = await import("../../config/index.js");
+
+  const res = await wecomFetch(url, undefined, {
+    proxyUrl: resolveWecomEgressProxyUrlFromNetwork(upstreamAgent.network),
+    timeoutMs: LIMITS.REQUEST_TIMEOUT_MS,
+  });
+
+  if (!res.ok) {
+    throw new Error(`download failed: ${res.status}`);
+  }
+
+  const contentType = res.headers.get("content-type") || "application/octet-stream";
+  const disposition = res.headers.get("content-disposition") || "";
+  const filename = (() => {
+    const mStar = disposition.match(/filename\*\s*=\s*([^;]+)/i);
+    if (mStar) {
+      const raw = mStar[1]!.trim().replace(/^"(.*)"$/, "$1");
+      const parts = raw.split("''");
+      const encoded = parts.length === 2 ? parts[1]! : raw;
+      try {
+        return decodeURIComponent(encoded);
+      } catch {
+        return encoded;
+      }
+    }
+    const m = disposition.match(/filename\s*=\s*([^;]+)/i);
+    if (!m) return undefined;
+    return m[1]!.trim().replace(/^"(.*)"$/, "$1") || undefined;
+  })();
+
+  if (contentType.includes("application/json")) {
+    const json = (await res.json()) as { errcode?: number; errmsg?: string };
+    throw new Error(`download failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+
+  const buffer = await readResponseBodyAsBuffer(res, maxBytes);
+  return { buffer, contentType, filename };
+}
+
+/**
+ * 发送文本消息给上下游用户
+ * 使用下游企业的 access_token 和 agentId
+ */
+export async function sendUpstreamAgentApiText(params: {
+  upstreamAgent: ResolvedAgentAccount;
+  primaryAgent: ResolvedAgentAccount;
+  toUser?: string;
+  toParty?: string;
+  toTag?: string;
+  chatId?: string;
+  text: string;
+}): Promise<void> {
+  const { upstreamAgent, primaryAgent, toUser, toParty, toTag, chatId, text } = params;
+
+  // 获取下游企业的 access_token
+  const token = await getUpstreamAgentApiAccessToken({
+    primaryAgent,
+    upstreamCorpId: upstreamAgent.corpId,
+    upstreamAgentId: upstreamAgent.agentId!,
+  });
+
+  const useChat = Boolean(chatId);
+  const url = useChat
+    ? `https://qyapi.weixin.qq.com/cgi-bin/appchat/send?access_token=${encodeURIComponent(token)}`
+    : `https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=${encodeURIComponent(token)}`;
+
+  const body = useChat
+    ? { chatid: chatId, msgtype: "text", text: { content: text } }
+    : {
+        touser: toUser,
+        toparty: toParty,
+        totag: toTag,
+        msgtype: "text",
+        agentid: upstreamAgent.agentId,
+        text: { content: text },
+      };
+
+  const { wecomFetch } = await import("../../http.js");
+  const { resolveWecomEgressProxyUrlFromNetwork } = await import("../../config/index.js");
+  
+  const res = await wecomFetch(
+    url,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+    },
+    {
+      proxyUrl: resolveWecomEgressProxyUrlFromNetwork(upstreamAgent.network),
+      timeoutMs: LIMITS.REQUEST_TIMEOUT_MS,
+    },
+  );
+  
+  const json = (await res.json()) as {
+    errcode?: number;
+    errmsg?: string;
+    invaliduser?: string;
+    invalidparty?: string;
+    invalidtag?: string;
+  };
+
+  if (json?.errcode !== 0) {
+    throw new Error(`send failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+
+  if (json?.invaliduser || json?.invalidparty || json?.invalidtag) {
+    const details = [
+      json.invaliduser ? `invaliduser=${json.invaliduser}` : "",
+      json.invalidparty ? `invalidparty=${json.invalidparty}` : "",
+      json.invalidtag ? `invalidtag=${json.invalidtag}` : "",
+    ]
+      .filter(Boolean)
+      .join(", ");
+    throw new Error(`send partial failure: ${details}`);
+  }
+}
+
+/**
+ * 发送媒体消息给上下游用户
+ * 使用下游企业的 access_token 和 agentId
+ */
+export async function sendUpstreamAgentApiMedia(params: {
+  upstreamAgent: ResolvedAgentAccount;
+  primaryAgent: ResolvedAgentAccount;
+  toUser?: string;
+  toParty?: string;
+  toTag?: string;
+  chatId?: string;
+  mediaId: string;
+  mediaType: "image" | "voice" | "video" | "file";
+  title?: string;
+  description?: string;
+}): Promise<void> {
+  const { upstreamAgent, primaryAgent, toUser, toParty, toTag, chatId, mediaId, mediaType, title, description } = params;
+  
+  // 获取下游企业的 access_token
+  const token = await getUpstreamAgentApiAccessToken({
+    primaryAgent,
+    upstreamCorpId: upstreamAgent.corpId,
+    upstreamAgentId: upstreamAgent.agentId!,
+  });
+
+  console.log(
+    `[wecom-upstream-api] sendMedia corpId=${upstreamAgent.corpId} agentId=${upstreamAgent.agentId} ` +
+      `toUser=${toUser ?? ""} mediaType=${mediaType}`,
+  );
+
+  const useChat = Boolean(chatId);
+  const url = useChat
+    ? `https://qyapi.weixin.qq.com/cgi-bin/appchat/send?access_token=${encodeURIComponent(token)}`
+    : `https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=${encodeURIComponent(token)}`;
+
+  const mediaPayload = mediaType === "video" 
+    ? { media_id: mediaId, title: title ?? "Video", description: description ?? "" } 
+    : { media_id: mediaId };
+    
+  const body = useChat
+    ? { chatid: chatId, msgtype: mediaType, [mediaType]: mediaPayload }
+    : {
+        touser: toUser,
+        toparty: toParty,
+        totag: toTag,
+        msgtype: mediaType,
+        agentid: upstreamAgent.agentId,
+        [mediaType]: mediaPayload,
+      };
+
+  const { wecomFetch } = await import("../../http.js");
+  const { resolveWecomEgressProxyUrlFromNetwork } = await import("../../config/index.js");
+  
+  const res = await wecomFetch(
+    url,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+    },
+    {
+      proxyUrl: resolveWecomEgressProxyUrlFromNetwork(upstreamAgent.network),
+      timeoutMs: LIMITS.REQUEST_TIMEOUT_MS,
+    },
+  );
+  
+  const json = (await res.json()) as {
+    errcode?: number;
+    errmsg?: string;
+    invaliduser?: string;
+    invalidparty?: string;
+    invalidtag?: string;
+  };
+
+  if (json?.errcode !== 0) {
+    throw new Error(`send ${mediaType} failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+
+  if (json?.invaliduser || json?.invalidparty || json?.invalidtag) {
+    const details = [
+      json.invaliduser ? `invaliduser=${json.invaliduser}` : "",
+      json.invalidparty ? `invalidparty=${json.invalidparty}` : "",
+      json.invalidtag ? `invalidtag=${json.invalidtag}` : "",
+    ]
+      .filter(Boolean)
+      .join(", ");
+    throw new Error(`send ${mediaType} partial failure: ${details}`);
+  }
+}

package/src/transport/agent-api/core.ts

@@ -19,7 +19,7 @@ function truncateForLog(raw: string, maxChars = 180): string {
   return `${compact.slice(0, maxChars)}...(truncated)`;
 }
 
-function normalizeUploadFilename(filename: string): string {
+export function normalizeUploadFilename(filename: string): string {
   const trimmed = filename.trim();
   if (!trimmed) return "file.bin";
   const ext = trimmed.includes(".") ? `.${trimmed.split(".").pop()!.toLowerCase()}` : "";
@@ -35,7 +35,7 @@ function normalizeUploadFilename(filename: string): string {
   return `${safeBase}${safeExt || ".bin"}`;
 }
 
-function guessUploadContentType(filename: string): string {
+export function guessUploadContentType(filename: string): string {
   const ext = filename.split(".").pop()?.toLowerCase() || "";
   const contentTypeMap: Record<string, string> = {
     jpg: "image/jpg",
@@ -83,6 +83,10 @@ function requireAgentId(agent: ResolvedAgentAccount): number {
   throw new Error(`wecom agent account=${agent.accountId} missing agentId; sending via cgi-bin/message/send requires agentId`);
 }
 
+/**
+ * 获取主企业的 access_token
+ * 使用 corpid + corpsecret
+ */
 export async function getAccessToken(agent: ResolvedAgentAccount): Promise<string> {
   const cacheKey = `${agent.corpId}:${String(agent.agentId ?? "na")}`;
   let cache = tokenCaches.get(cacheKey);
@@ -104,6 +108,7 @@ export async function getAccessToken(agent: ResolvedAgentAccount): Promise<strin
   cache.refreshPromise = (async () => {
     try {
       const url = `${API_ENDPOINTS.GET_TOKEN}?corpid=${encodeURIComponent(agent.corpId)}&corpsecret=${encodeURIComponent(agent.corpSecret)}`;
+      
       const res = await wecomFetch(url, undefined, {
         proxyUrl: resolveWecomEgressProxyUrlFromNetwork(agent.network),
         timeoutMs: LIMITS.REQUEST_TIMEOUT_MS,
@@ -125,6 +130,97 @@ export async function getAccessToken(agent: ResolvedAgentAccount): Promise<strin
   return cache.refreshPromise;
 }
 
+/**
+ * 获取下游企业的 access_token
+ * 
+ * 根据企业微信文档：https://developer.work.weixin.qq.com/document/path/95816
+ * 
+ * 请求方式：POST（HTTPS）
+ * 请求地址：https://qyapi.weixin.qq.com/cgi-bin/corpgroup/corp/gettoken?access_token=ACCESS_TOKEN
+ * 
+ * 请求体：
+ * {
+ *   "corpid": "下游企业corpid",
+ *   "business_type": 1,  // 1 表示上下游企业
+ *   "agentid": 下游企业应用ID
+ * }
+ * 
+ * 注意：需要使用上游企业的 access_token 作为调用凭证
+ */
+export async function getUpstreamAccessToken(params: {
+  primaryAgent: ResolvedAgentAccount;
+  upstreamCorpId: string;
+  upstreamAgentId: number;
+}): Promise<string> {
+  const { primaryAgent, upstreamCorpId, upstreamAgentId } = params;
+
+  // 缓存 key 增加 primaryCorpId 维度，避免多主企业之间碰撞
+  const cacheKey = `upstream:${primaryAgent.corpId}:${upstreamCorpId}:${upstreamAgentId}`;
+  let cache = tokenCaches.get(cacheKey);
+
+  if (!cache) {
+    cache = { token: "", expiresAt: 0, refreshPromise: null };
+    tokenCaches.set(cacheKey, cache);
+  }
+
+  const now = Date.now();
+  if (cache.token && cache.expiresAt > now + LIMITS.TOKEN_REFRESH_BUFFER_MS) {
+    return cache.token;
+  }
+
+  if (cache.refreshPromise) {
+    return cache.refreshPromise;
+  }
+
+  cache.refreshPromise = (async () => {
+    try {
+      // 1. 先获取上游企业的 access_token
+      const primaryToken = await getAccessToken(primaryAgent);
+
+      // 2. 调用 corpgroup/corp/gettoken 获取下游企业的 access_token
+      const url = `https://qyapi.weixin.qq.com/cgi-bin/corpgroup/corp/gettoken?access_token=${encodeURIComponent(primaryToken)}`;
+      
+      const requestBody = {
+        corpid: upstreamCorpId,
+        business_type: 1,  // 1 表示上下游企业
+        agentid: upstreamAgentId,
+      };
+
+      const res = await wecomFetch(
+        url,
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(requestBody),
+        },
+        {
+          proxyUrl: resolveWecomEgressProxyUrlFromNetwork(primaryAgent.network),
+          timeoutMs: LIMITS.REQUEST_TIMEOUT_MS,
+        },
+      );
+      
+      const json = (await res.json()) as { 
+        access_token?: string; 
+        expires_in?: number; 
+        errcode?: number; 
+        errmsg?: string 
+      };
+
+      if (!json?.access_token) {
+        throw new Error(`get upstream token failed: ${json?.errcode} ${json?.errmsg}`);
+      }
+
+      cache!.token = json.access_token;
+      cache!.expiresAt = Date.now() + (json.expires_in ?? 7200) * 1000;
+      return cache!.token;
+    } finally {
+      cache!.refreshPromise = null;
+    }
+  })();
+
+  return cache.refreshPromise;
+}
+
 export async function sendText(params: {
   agent: ResolvedAgentAccount;
   toUser?: string;
@@ -135,7 +231,7 @@ export async function sendText(params: {
 }): Promise<void> {
   const { agent, toUser, toParty, toTag, chatId, text } = params;
   console.log(
-    `[wecom-agent-api] sendText request account=${agent.accountId} agentId=${String(agent.agentId ?? "N/A")} ` +
+    `[wecom-agent-api] sendText request account=${agent.accountId} agentId=${String(agent.agentId ?? "N/A")} corpId=${agent.corpId} ` +
       `toUser=${toUser ?? ""} toParty=${toParty ?? ""} toTag=${toTag ?? ""} chatId=${chatId ?? ""} ` +
       `textLen=${text.length} textPreview=${JSON.stringify(truncateForLog(text))}`,
   );
@@ -175,7 +271,7 @@ export async function sendText(params: {
   };
 
   console.log(
-    `[wecom-agent-api] sendText response account=${agent.accountId} agentId=${String(agent.agentId ?? "N/A")} ` +
+    `[wecom-agent-api] sendText response account=${agent.accountId} agentId=${String(agent.agentId ?? "N/A")} corpId=${agent.corpId} ` +
       `toUser=${toUser ?? ""} toParty=${toParty ?? ""} toTag=${toTag ?? ""} chatId=${chatId ?? ""} ` +
       `errcode=${String(json?.errcode ?? "N/A")} errmsg=${json?.errmsg ?? ""} ` +
       `invaliduser=${json?.invaliduser ?? ""} invalidparty=${json?.invalidparty ?? ""} invalidtag=${json?.invalidtag ?? ""}`,
@@ -209,7 +305,7 @@ export async function uploadMedia(params: {
   const proxyUrl = resolveWecomEgressProxyUrlFromNetwork(agent.network);
   const url = `${API_ENDPOINTS.UPLOAD_MEDIA}?access_token=${encodeURIComponent(token)}&type=${encodeURIComponent(type)}&debug=1`;
 
-  console.log(`[wecom-upload] Uploading media: type=${type}, filename=${safeFilename}, size=${buffer.length} bytes`);
+  console.log(`[wecom-upload] Uploading media: type=${type}, filename=${safeFilename}, size=${buffer.length} bytes, corpId=${agent.corpId}`);
 
   const uploadOnce = async (fileContentType: string) => {
     const boundary = `----WebKitFormBoundary${crypto.randomBytes(16).toString("hex")}`;