@yanhaidao/wecom 2.4.120 → 2.5.110

package/dist/src/transport/agent-api/delivery.js

@@ -0,0 +1,28 @@
+import { sendAgentApiMediaReply, sendAgentApiTextReply } from "./reply.js";
+import { uploadAgentApiMedia } from "./media-upload.js";
+export async function deliverAgentApiText(params) {
+    await sendAgentApiTextReply(params);
+}
+export async function deliverAgentApiMedia(params) {
+    let mediaType = "file";
+    if (params.contentType.startsWith("image/"))
+        mediaType = "image";
+    else if (params.contentType.startsWith("audio/"))
+        mediaType = "voice";
+    else if (params.contentType.startsWith("video/"))
+        mediaType = "video";
+    const mediaId = await uploadAgentApiMedia({
+        agent: params.agent,
+        type: mediaType,
+        buffer: params.buffer,
+        filename: params.filename,
+    });
+    await sendAgentApiMediaReply({
+        agent: params.agent,
+        target: params.target,
+        mediaId,
+        mediaType,
+        title: mediaType === "video" ? params.text?.trim().slice(0, 64) : undefined,
+        description: mediaType === "video" ? params.text?.trim().slice(0, 512) : undefined,
+    });
+}

package/dist/src/transport/agent-api/media-upload.js

@@ -0,0 +1,4 @@
+import { uploadMedia as uploadLegacyMedia } from "./core.js";
+export async function uploadAgentApiMedia(params) {
+    return uploadLegacyMedia(params);
+}

package/dist/src/transport/agent-api/reply.js

@@ -0,0 +1,24 @@
+import { sendAgentApiMedia, sendAgentApiText } from "./client.js";
+export async function sendAgentApiTextReply(params) {
+    await sendAgentApiText({
+        agent: params.agent,
+        toUser: params.target.touser,
+        toParty: params.target.toparty,
+        toTag: params.target.totag,
+        chatId: params.target.chatid,
+        text: params.text,
+    });
+}
+export async function sendAgentApiMediaReply(params) {
+    await sendAgentApiMedia({
+        agent: params.agent,
+        toUser: params.target.touser,
+        toParty: params.target.toparty,
+        toTag: params.target.totag,
+        chatId: params.target.chatid,
+        mediaId: params.mediaId,
+        mediaType: params.mediaType,
+        title: params.title,
+        description: params.description,
+    });
+}

package/dist/src/transport/agent-api/upstream-delivery.js

@@ -0,0 +1,30 @@
+import { sendUpstreamAgentApiMediaReply, sendUpstreamAgentApiTextReply } from "./upstream-reply.js";
+export async function deliverUpstreamAgentApiText(params) {
+    await sendUpstreamAgentApiTextReply(params);
+}
+export async function deliverUpstreamAgentApiMedia(params) {
+    let mediaType = "file";
+    if (params.contentType.startsWith("image/"))
+        mediaType = "image";
+    else if (params.contentType.startsWith("audio/"))
+        mediaType = "voice";
+    else if (params.contentType.startsWith("video/"))
+        mediaType = "video";
+    const { uploadUpstreamAgentApiMedia } = await import("./upstream-media-upload.js");
+    const mediaId = await uploadUpstreamAgentApiMedia({
+        upstreamAgent: params.upstreamAgent,
+        primaryAgent: params.primaryAgent,
+        type: mediaType,
+        buffer: params.buffer,
+        filename: params.filename,
+    });
+    await sendUpstreamAgentApiMediaReply({
+        upstreamAgent: params.upstreamAgent,
+        primaryAgent: params.primaryAgent,
+        target: params.target,
+        mediaId,
+        mediaType,
+        title: mediaType === "video" ? params.text?.trim().slice(0, 64) : undefined,
+        description: mediaType === "video" ? params.text?.trim().slice(0, 512) : undefined,
+    });
+}

package/dist/src/transport/agent-api/upstream-media-upload.js

@@ -0,0 +1,46 @@
+import crypto from "node:crypto";
+import { resolveWecomEgressProxyUrlFromNetwork } from "../../config/index.js";
+import { LIMITS } from "../../types/constants.js";
+import { wecomFetch } from "../../http.js";
+import { guessUploadContentType, normalizeUploadFilename } from "./core.js";
+import { getUpstreamAgentApiAccessToken } from "./client.js";
+export async function uploadUpstreamAgentApiMedia(params) {
+    const { upstreamAgent, primaryAgent, type, buffer, filename } = params;
+    const safeFilename = normalizeUploadFilename(filename);
+    // 使用下游企业的 access_token
+    const token = await getUpstreamAgentApiAccessToken({
+        primaryAgent,
+        upstreamCorpId: upstreamAgent.corpId,
+        upstreamAgentId: upstreamAgent.agentId,
+    });
+    const proxyUrl = resolveWecomEgressProxyUrlFromNetwork(upstreamAgent.network);
+    const url = `https://qyapi.weixin.qq.com/cgi-bin/media/upload?access_token=${encodeURIComponent(token)}&type=${encodeURIComponent(type)}&debug=1`;
+    const uploadOnce = async (fileContentType) => {
+        const boundary = `----WebKitFormBoundary${crypto.randomBytes(16).toString("hex")}`;
+        const header = Buffer.from(`--${boundary}\r\n` +
+            `Content-Disposition: form-data; name="media"; filename="${safeFilename}"; filelength=${buffer.length}\r\n` +
+            `Content-Type: ${fileContentType}\r\n\r\n`);
+        const footer = Buffer.from(`\r\n--${boundary}--\r\n`);
+        const body = Buffer.concat([header, buffer, footer]);
+        const res = await wecomFetch(url, {
+            method: "POST",
+            headers: {
+                "Content-Type": `multipart/form-data; boundary=${boundary}`,
+                "Content-Length": String(body.length),
+            },
+            body,
+        }, { proxyUrl, timeoutMs: LIMITS.REQUEST_TIMEOUT_MS });
+        const json = (await res.json());
+        return json;
+    };
+    const preferredContentType = guessUploadContentType(safeFilename);
+    let json = await uploadOnce(preferredContentType);
+    if (!json?.media_id && preferredContentType !== "application/octet-stream") {
+        console.warn(`[wecom-upstream-upload] Upload failed with ${preferredContentType}, retrying as application/octet-stream: ${json?.errcode} ${json?.errmsg}`);
+        json = await uploadOnce("application/octet-stream");
+    }
+    if (!json?.media_id) {
+        throw new Error(`upload failed: ${json?.errcode} ${json?.errmsg}`);
+    }
+    return json.media_id;
+}

package/dist/src/transport/agent-api/upstream-reply.js

@@ -0,0 +1,26 @@
+import { sendUpstreamAgentApiMedia, sendUpstreamAgentApiText } from "./client.js";
+export async function sendUpstreamAgentApiTextReply(params) {
+    await sendUpstreamAgentApiText({
+        upstreamAgent: params.upstreamAgent,
+        primaryAgent: params.primaryAgent,
+        toUser: params.target.touser,
+        toParty: params.target.toparty,
+        toTag: params.target.totag,
+        chatId: params.target.chatid,
+        text: params.text,
+    });
+}
+export async function sendUpstreamAgentApiMediaReply(params) {
+    await sendUpstreamAgentApiMedia({
+        upstreamAgent: params.upstreamAgent,
+        primaryAgent: params.primaryAgent,
+        toUser: params.target.touser,
+        toParty: params.target.toparty,
+        toTag: params.target.totag,
+        chatId: params.target.chatid,
+        mediaId: params.mediaId,
+        mediaType: params.mediaType,
+        title: params.title,
+        description: params.description,
+    });
+}

package/dist/src/transport/agent-callback/http-handler.js

@@ -0,0 +1,30 @@
+import { resolveAgentCallbackPaths } from "./inbound.js";
+import { createAgentCallbackSessionSnapshot } from "./session.js";
+import { registerAgentWebhookTarget } from "../http/registry.js";
+export function startAgentCallbackTransport(params) {
+    const paths = resolveAgentCallbackPaths(params.account.accountId);
+    params.runtime.updateTransportSession(createAgentCallbackSessionSnapshot({
+        accountId: params.account.accountId,
+        running: true,
+    }));
+    const unregisters = paths.map((path) => registerAgentWebhookTarget({
+        agent: params.account,
+        config: params.cfg,
+        runtimeEnv: params.runtimeEnv,
+        touchTransportSession: (patch) => params.runtime.touchTransportSession("agent-callback", patch),
+        auditSink: (event) => params.runtime.recordOperationalIssue(event),
+        path,
+    }));
+    return {
+        paths,
+        stop: () => {
+            for (const unregister of unregisters) {
+                unregister();
+            }
+            params.runtime.updateTransportSession(createAgentCallbackSessionSnapshot({
+                accountId: params.account.accountId,
+                running: false,
+            }));
+        },
+    };
+}

package/dist/src/transport/agent-callback/inbound.js

@@ -0,0 +1,4 @@
+import { resolveDerivedPathSummary } from "../../config/index.js";
+export function resolveAgentCallbackPaths(accountId) {
+    return resolveDerivedPathSummary(accountId).agentCallback;
+}

package/dist/src/transport/agent-callback/reply.js

@@ -0,0 +1,8 @@
+export function createAgentCallbackReplyContext(params) {
+    return {
+        transport: "agent-callback",
+        accountId: params.accountId,
+        passiveWindowMs: 5_000,
+        raw: params.raw,
+    };
+}

package/dist/src/transport/agent-callback/request-handler.js

@@ -0,0 +1,189 @@
+import { decryptWecomEncrypted, verifyWecomSignature } from "../../crypto.js";
+import { extractEncryptFromXml } from "../../crypto/xml.js";
+import { getWecomRuntime } from "../../runtime.js";
+import { handleAgentWebhook } from "../../agent/index.js";
+import { extractAgentId, parseXml } from "../../shared/xml-parser.js";
+import { LIMITS as WECOM_LIMITS } from "../../types/constants.js";
+import { logRouteFailure, readTextBody, resolveQueryParams, resolveSignatureParam, writeRouteFailure, } from "../http/common.js";
+const ERROR_HELP = "\n\n遇到问题？联系作者: YanHaidao (微信: YanHaidao)";
+function truncateForLog(raw, maxChars = 600) {
+    const compact = raw.replace(/\s+/g, " ").trim();
+    if (compact.length <= maxChars)
+        return compact;
+    return `${compact.slice(0, maxChars)}...(truncated)`;
+}
+function buildParsedAgentSummary(parsed) {
+    const data = parsed;
+    const msgType = String(data.MsgType ?? "").trim() || "unknown";
+    const fromUser = String(data.FromUserName ?? "").trim() || "N/A";
+    const toUser = String(data.ToUserName ?? "").trim() || "N/A";
+    const event = String(data.Event ?? "").trim() || "N/A";
+    const msgId = String(data.MsgId ?? "").trim() || "N/A";
+    const chatId = String(data.ChatId ?? data.chatid ?? "").trim() || "N/A";
+    const agentId = String(data.AgentID ?? "").trim() || "N/A";
+    return `msgType=${msgType} from=${fromUser} to=${toUser} event=${event} msgId=${msgId} chatId=${chatId} agentId=${agentId}`;
+}
+function normalizeAgentIdValue(value) {
+    if (typeof value === "number" && Number.isFinite(value))
+        return value;
+    const raw = String(value ?? "").trim();
+    if (!raw)
+        return undefined;
+    const parsed = Number(raw);
+    return Number.isFinite(parsed) ? parsed : undefined;
+}
+export async function handleAgentCallbackRequest(params) {
+    const { req, res, path, reqId, targets } = params;
+    if (targets.length === 0) {
+        console.error(`[wecom] inbound(agent): reqId=${reqId} path=${path} no_registered_target availableTargets=0`);
+        res.statusCode = 404;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(`agent not configured for path=${path} - Agent 模式未配置或回调路径错误，请运行 openclaw onboarding${ERROR_HELP}`);
+        return true;
+    }
+    const query = resolveQueryParams(req);
+    const timestamp = query.get("timestamp") ?? "";
+    const nonce = query.get("nonce") ?? "";
+    const signature = resolveSignatureParam(query);
+    const hasSig = Boolean(signature);
+    const remote = req.socket?.remoteAddress ?? "unknown";
+    if (req.method === "GET") {
+        const echostr = query.get("echostr") ?? "";
+        const signatureMatches = targets.filter((target) => verifyWecomSignature({
+            token: target.agent.token,
+            timestamp,
+            nonce,
+            encrypt: echostr,
+            signature,
+        }));
+        if (signatureMatches.length !== 1) {
+            const reason = signatureMatches.length === 0 ? "wecom_account_not_found" : "wecom_account_conflict";
+            const candidateIds = (signatureMatches.length > 0 ? signatureMatches : targets).map((target) => target.agent.accountId);
+            logRouteFailure({
+                reqId,
+                path,
+                method: "GET",
+                reason,
+                candidateAccountIds: candidateIds,
+            });
+            writeRouteFailure(res, reason, reason === "wecom_account_conflict"
+                ? "Agent callback account conflict: multiple accounts matched signature."
+                : "Agent callback account not found: signature verification failed.");
+            return true;
+        }
+        const selected = signatureMatches[0];
+        try {
+            const plain = decryptWecomEncrypted({
+                encodingAESKey: selected.agent.encodingAESKey,
+                receiveId: selected.agent.corpId,
+                encrypt: echostr,
+            });
+            res.statusCode = 200;
+            res.setHeader("Content-Type", "text/plain; charset=utf-8");
+            res.end(plain);
+            return true;
+        }
+        catch {
+            res.statusCode = 400;
+            res.setHeader("Content-Type", "text/plain; charset=utf-8");
+            res.end(`decrypt failed - 解密失败，请检查 EncodingAESKey${ERROR_HELP}`);
+            return true;
+        }
+    }
+    if (req.method !== "POST") {
+        return false;
+    }
+    const rawBody = await readTextBody(req, WECOM_LIMITS.MAX_REQUEST_BODY_SIZE);
+    if (!rawBody.ok) {
+        res.statusCode = 400;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(rawBody.error || "invalid payload");
+        return true;
+    }
+    console.log(`[wecom] inbound(agent): reqId=${reqId} path=${path} rawXmlBytes=${Buffer.byteLength(rawBody.value, "utf8")} rawPreview=${JSON.stringify(truncateForLog(rawBody.value))}`);
+    let encrypted = "";
+    try {
+        encrypted = extractEncryptFromXml(rawBody.value);
+    }
+    catch {
+        res.statusCode = 400;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(`invalid xml - 缺少 Encrypt 字段${ERROR_HELP}`);
+        return true;
+    }
+    console.log(`[wecom] inbound(agent): reqId=${reqId} path=${path} encryptedLen=${encrypted.length}`);
+    const signatureMatches = targets.filter((target) => verifyWecomSignature({
+        token: target.agent.token,
+        timestamp,
+        nonce,
+        encrypt: encrypted,
+        signature,
+    }));
+    if (signatureMatches.length !== 1) {
+        const reason = signatureMatches.length === 0 ? "wecom_account_not_found" : "wecom_account_conflict";
+        const candidateIds = (signatureMatches.length > 0 ? signatureMatches : targets).map((target) => target.agent.accountId);
+        logRouteFailure({
+            reqId,
+            path,
+            method: "POST",
+            reason,
+            candidateAccountIds: candidateIds,
+        });
+        writeRouteFailure(res, reason, reason === "wecom_account_conflict"
+            ? "Agent callback account conflict: multiple accounts matched signature."
+            : "Agent callback account not found: signature verification failed.");
+        return true;
+    }
+    const selected = signatureMatches[0];
+    let decrypted = "";
+    let parsed = null;
+    try {
+        decrypted = decryptWecomEncrypted({
+            encodingAESKey: selected.agent.encodingAESKey,
+            receiveId: selected.agent.corpId,
+            encrypt: encrypted,
+        });
+        parsed = parseXml(decrypted);
+    }
+    catch {
+        res.statusCode = 400;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(`decrypt failed - 解密失败，请检查 EncodingAESKey${ERROR_HELP}`);
+        return true;
+    }
+    if (!parsed) {
+        res.statusCode = 400;
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(`invalid xml - XML 解析失败${ERROR_HELP}`);
+        return true;
+    }
+    selected.runtimeEnv.log?.(`[wecom] inbound(agent): reqId=${reqId} accountId=${selected.agent.accountId} decryptedBytes=${Buffer.byteLength(decrypted, "utf8")} parsed=${buildParsedAgentSummary(parsed)} decryptedPreview=${JSON.stringify(truncateForLog(decrypted))}`);
+    const inboundAgentId = normalizeAgentIdValue(extractAgentId(parsed));
+    if (inboundAgentId !== undefined &&
+        selected.agent.agentId !== undefined &&
+        inboundAgentId !== selected.agent.agentId) {
+        selected.runtimeEnv.error?.(`[wecom] inbound(agent): reqId=${reqId} accountId=${selected.agent.accountId} agentId_mismatch expected=${selected.agent.agentId} actual=${inboundAgentId}`);
+    }
+    const core = getWecomRuntime();
+    selected.runtimeEnv.log?.(`[wecom] inbound(agent): reqId=${reqId} method=${req.method ?? "UNKNOWN"} remote=${remote} timestamp=${timestamp ? "yes" : "no"} nonce=${nonce ? "yes" : "no"} msg_signature=${hasSig ? "yes" : "no"} accountId=${selected.agent.accountId}`);
+    selected.touchTransportSession?.({ lastInboundAt: Date.now(), running: true });
+    return handleAgentWebhook({
+        req,
+        res,
+        verifiedPost: {
+            timestamp,
+            nonce,
+            signature,
+            encrypted,
+            decrypted,
+            parsed,
+        },
+        agent: selected.agent,
+        config: selected.config,
+        core,
+        log: selected.runtimeEnv.log,
+        error: selected.runtimeEnv.error,
+        auditSink: selected.auditSink,
+        touchTransportSession: selected.touchTransportSession,
+    });
+}

package/dist/src/transport/agent-callback/session.js

@@ -0,0 +1,15 @@
+export function createAgentCallbackSessionSnapshot(params) {
+    return {
+        accountId: params.accountId,
+        transport: "agent-callback",
+        running: params.running,
+        ownerId: `${params.accountId}:agent-callback`,
+        connected: params.running,
+        authenticated: true,
+        lastConnectedAt: params.running ? Date.now() : undefined,
+        lastDisconnectedAt: params.running ? undefined : Date.now(),
+        lastInboundAt: params.lastInboundAt,
+        lastOutboundAt: params.lastOutboundAt,
+        lastError: params.lastError,
+    };
+}

package/dist/src/transport/bot-webhook/active-reply.js

@@ -0,0 +1,27 @@
+import { wecomFetch } from "../../http.js";
+import { LIMITS, monitorState } from "../../monitor/state.js";
+const activeReplyStore = monitorState.activeReplyStore;
+export function storeActiveReply(streamId, responseUrl, proxyUrl) {
+    activeReplyStore.store(streamId, responseUrl, proxyUrl);
+}
+export function getActiveReplyUrl(streamId) {
+    return activeReplyStore.getUrl(streamId);
+}
+export async function useActiveReplyOnce(streamId, fn) {
+    return activeReplyStore.use(streamId, async (params) => {
+        await new Promise((resolve) => setTimeout(resolve, 1000));
+        await fn(params);
+    });
+}
+export async function sendActiveMessage(streamId, content) {
+    await useActiveReplyOnce(streamId, async ({ responseUrl, proxyUrl }) => {
+        const res = await wecomFetch(responseUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ msgtype: "text", text: { content } }),
+        }, { proxyUrl, timeoutMs: LIMITS.REQUEST_TIMEOUT_MS });
+        if (!res.ok) {
+            throw new Error(`active send failed: ${res.status}`);
+        }
+    });
+}

package/dist/src/transport/bot-webhook/http-handler.js

@@ -0,0 +1,31 @@
+import { resolveBotWebhookPaths } from "./inbound.js";
+import { createBotWebhookSessionSnapshot } from "./session.js";
+import { registerWecomWebhookTarget } from "../http/registry.js";
+export function startBotWebhookTransport(params) {
+    const paths = resolveBotWebhookPaths(params.account.accountId);
+    params.runtime.updateTransportSession(createBotWebhookSessionSnapshot({
+        accountId: params.account.accountId,
+        running: true,
+    }));
+    const unregisters = paths.map((path) => registerWecomWebhookTarget({
+        account: params.account,
+        config: params.cfg,
+        runtime: params.runtimeEnv,
+        core: params.runtime.core,
+        path,
+        touchTransportSession: (patch) => params.runtime.touchTransportSession("bot-webhook", patch),
+        auditSink: (event) => params.runtime.recordOperationalIssue(event),
+    }));
+    return {
+        paths,
+        stop: () => {
+            for (const unregister of unregisters) {
+                unregister();
+            }
+            params.runtime.updateTransportSession(createBotWebhookSessionSnapshot({
+                accountId: params.account.accountId,
+                running: false,
+            }));
+        },
+    };
+}