npm - @yanhaidao/wecom - Versions diffs - 2.4.160 → 2.5.110 - Mend

@yanhaidao/wecom 2.4.160 → 2.5.110

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (313) hide show

package/dist/index.js +68 -0
package/dist/src/accounts.js +20 -0
package/dist/src/agent/handler.js +895 -0
package/dist/src/agent/index.js +5 -0
package/dist/src/app/account-runtime.js +216 -0
package/dist/src/app/bootstrap.js +19 -0
package/dist/src/app/index.js +118 -0
package/dist/src/capability/agent/delivery-service.js +63 -0
package/dist/src/capability/agent/fallback-policy.js +6 -0
package/dist/src/capability/agent/ingress-service.js +33 -0
package/dist/src/capability/agent/upstream-delivery-service.js +71 -0
package/dist/src/capability/bot/dispatch-config.js +45 -0
package/dist/src/capability/bot/fallback-delivery.js +147 -0
package/dist/src/capability/bot/local-path-delivery.js +178 -0
package/dist/src/capability/bot/sandbox-media.js +138 -0
package/dist/src/capability/bot/service.js +49 -0
package/dist/src/capability/bot/stream-delivery.js +321 -0
package/dist/src/capability/bot/stream-finalizer.js +81 -0
package/dist/src/capability/bot/stream-orchestrator.js +318 -0
package/dist/src/capability/bot/types.js +1 -0
package/{src/capability/calendar/client.ts → dist/src/capability/calendar/client.js} +118 -241
package/{src/capability/calendar/schema.ts → dist/src/capability/calendar/schema.js} +0 -38
package/dist/src/capability/calendar/tool.js +365 -0
package/dist/src/capability/calendar/types.js +12 -0
package/{src/capability/doc/client.ts → dist/src/capability/doc/client.js} +370 -605
package/{src/capability/doc/schema.ts → dist/src/capability/doc/schema.js} +345 -394
package/dist/src/capability/doc/tool.js +1556 -0
package/dist/src/capability/doc/types.js +113 -0
package/dist/src/capability/mcp/index.js +3 -0
package/dist/src/capability/mcp/schema.js +102 -0
package/dist/src/capability/mcp/tool.js +146 -0
package/dist/src/capability/mcp/transport.js +293 -0
package/dist/src/channel.js +224 -0
package/dist/src/config/accounts.js +236 -0
package/dist/src/config/derived-paths.js +31 -0
package/dist/src/config/index.js +7 -0
package/dist/src/config/media.js +110 -0
package/dist/src/config/network.js +32 -0
package/dist/src/config/routing.js +20 -0
package/dist/src/config/runtime-config.js +25 -0
package/dist/src/config/schema.js +4 -0
package/{src/config-schema.ts → dist/src/config-schema.js} +1 -1
package/dist/src/context-store.js +219 -0
package/{src/crypto/aes.ts → dist/src/crypto/aes.js} +11 -28
package/dist/src/crypto/index.js +9 -0
package/{src/crypto/signature.ts → dist/src/crypto/signature.js} +3 -18
package/{src/crypto/xml.ts → dist/src/crypto/xml.js} +3 -11
package/dist/src/crypto.js +145 -0
package/dist/src/domain/models.js +1 -0
package/dist/src/domain/policies.js +32 -0
package/{src/dynamic-agent.ts → dist/src/dynamic-agent.js} +36 -73
package/dist/src/gateway-monitor.js +139 -0
package/dist/src/http.js +114 -0
package/{src/media.ts → dist/src/media.js} +21 -40
package/dist/src/monitor/limits.js +7 -0
package/dist/src/monitor/state.js +28 -0
package/dist/src/monitor.js +84 -0
package/dist/src/observability/audit-log.js +30 -0
package/dist/src/observability/legacy-operational-event-store.js +22 -0
package/dist/src/observability/raw-envelope-log.js +24 -0
package/dist/src/observability/status-registry.js +9 -0
package/dist/src/observability/transport-session-view.js +14 -0
package/dist/src/onboarding.js +546 -0
package/dist/src/outbound.js +557 -0
package/dist/src/runtime/dispatcher.js +57 -0
package/{src/runtime/index.ts → dist/src/runtime/index.js} +0 -1
package/dist/src/runtime/outbound-intent.js +1 -0
package/dist/src/runtime/reply-orchestrator.js +38 -0
package/dist/src/runtime/routing-bridge.js +26 -0
package/dist/src/runtime/session-manager.js +112 -0
package/dist/src/runtime/source-registry.js +174 -0
package/dist/src/runtime.js +1 -0
package/dist/src/shared/command-auth.js +57 -0
package/{src/shared/index.ts → dist/src/shared/index.js} +0 -1
package/dist/src/shared/media-asset.js +65 -0
package/dist/src/shared/media-service.js +59 -0
package/dist/src/shared/media-types.js +1 -0
package/{src/shared/xml-parser.ts → dist/src/shared/xml-parser.js} +72 -63
package/dist/src/store/active-reply-store.js +41 -0
package/dist/src/store/interfaces.js +1 -0
package/dist/src/store/memory-store.js +33 -0
package/dist/src/store/stream-batch-store.js +319 -0
package/{src/target.ts → dist/src/target.js} +15 -48
package/dist/src/transport/agent-api/client.js +168 -0
package/dist/src/transport/agent-api/core.js +337 -0
package/dist/src/transport/agent-api/delivery.js +28 -0
package/dist/src/transport/agent-api/media-upload.js +4 -0
package/dist/src/transport/agent-api/reply.js +24 -0
package/dist/src/transport/agent-api/upstream-delivery.js +30 -0
package/dist/src/transport/agent-api/upstream-media-upload.js +46 -0
package/dist/src/transport/agent-api/upstream-reply.js +26 -0
package/dist/src/transport/agent-callback/http-handler.js +30 -0
package/dist/src/transport/agent-callback/inbound.js +4 -0
package/dist/src/transport/agent-callback/reply.js +8 -0
package/dist/src/transport/agent-callback/request-handler.js +189 -0
package/dist/src/transport/agent-callback/session.js +15 -0
package/dist/src/transport/bot-webhook/active-reply.js +27 -0
package/dist/src/transport/bot-webhook/http-handler.js +31 -0
package/dist/src/transport/bot-webhook/inbound-normalizer.js +496 -0
package/dist/src/transport/bot-webhook/inbound.js +4 -0
package/dist/src/transport/bot-webhook/message-shape.js +98 -0
package/dist/src/transport/bot-webhook/protocol.js +124 -0
package/dist/src/transport/bot-webhook/reply.js +9 -0
package/dist/src/transport/bot-webhook/request-handler.js +285 -0
package/dist/src/transport/bot-webhook/session.js +15 -0
package/dist/src/transport/bot-ws/inbound.js +147 -0
package/dist/src/transport/bot-ws/media.js +236 -0
package/dist/src/transport/bot-ws/reply.js +310 -0
package/dist/src/transport/bot-ws/sdk-adapter.js +257 -0
package/dist/src/transport/bot-ws/session.js +15 -0
package/dist/src/transport/http/common.js +78 -0
package/dist/src/transport/http/registry.js +71 -0
package/dist/src/transport/http/request-handler.js +51 -0
package/{src/transport/index.ts → dist/src/transport/index.js} +2 -10
package/dist/src/types/account.js +1 -0
package/dist/src/types/config.js +1 -0
package/dist/src/types/constants.js +28 -0
package/dist/src/types/events.js +1 -0
package/dist/src/types/index.js +1 -0
package/dist/src/types/legacy-stream.js +1 -0
package/dist/src/types/message.js +5 -0
package/dist/src/types/runtime-context.js +1 -0
package/dist/src/types/runtime.js +1 -0
package/dist/src/types.js +1 -0
package/dist/src/upstream/index.js +111 -0
package/dist/src/wecom_msg_adapter/markdown_adapter.js +280 -0
package/openclaw.plugin.json +15 -0
package/package.json +18 -1
package/.github/workflows/release.yml +0 -143
package/GOVERNANCE.md +0 -26
package/SKILLS_CAL.md +0 -895
package/SKILLS_DOC.md +0 -2288
package/UPSTREAM_CONFIG.md +0 -170
package/UPSTREAM_PLAN.md +0 -175
package/assets/01.bot-add.png +0 -0
package/assets/01.bot-setp2.png +0 -0
package/assets/01.image.jpg +0 -0
package/assets/02.agent.add.png +0 -0
package/assets/02.agent.api-set.png +0 -0
package/assets/02.image.jpg +0 -0
package/assets/03.agent.page.png +0 -0
package/assets/03.bot.page.png +0 -0
package/assets/link-me.jpg +0 -0
package/assets/register.png +0 -0
package/changelog/v2.2.28.md +0 -70
package/changelog/v2.3.10.md +0 -17
package/changelog/v2.3.11.md +0 -19
package/changelog/v2.3.12.md +0 -25
package/changelog/v2.3.13.md +0 -19
package/changelog/v2.3.14.md +0 -48
package/changelog/v2.3.15.md +0 -15
package/changelog/v2.3.16.md +0 -11
package/changelog/v2.3.18.md +0 -22
package/changelog/v2.3.19.md +0 -73
package/changelog/v2.3.2.md +0 -28
package/changelog/v2.3.26.md +0 -21
package/changelog/v2.3.27.md +0 -33
package/changelog/v2.3.4.md +0 -20
package/changelog/v2.3.9.md +0 -22
package/changelog/v2.4.12.md +0 -37
package/changelog/v2.4.16.md +0 -19
package/compat-single-account.md +0 -148
package/index.test.ts +0 -38
package/scripts/test-proxy.ts +0 -70
package/src/accounts.ts +0 -34
package/src/agent/api-client.upload.test.ts +0 -109
package/src/agent/handler.event-filter.test.ts +0 -100
package/src/agent/handler.ts +0 -1105
package/src/agent/index.ts +0 -12
package/src/app/account-runtime.ts +0 -276
package/src/app/bootstrap.ts +0 -29
package/src/app/index.ts +0 -192
package/src/capability/agent/delivery-service.ts +0 -87
package/src/capability/agent/fallback-policy.ts +0 -13
package/src/capability/agent/ingress-service.ts +0 -38
package/src/capability/agent/upstream-delivery-service.ts +0 -96
package/src/capability/bot/dispatch-config.ts +0 -47
package/src/capability/bot/fallback-delivery.ts +0 -178
package/src/capability/bot/local-path-delivery.ts +0 -215
package/src/capability/bot/sandbox-media.test.ts +0 -221
package/src/capability/bot/sandbox-media.ts +0 -176
package/src/capability/bot/service.ts +0 -56
package/src/capability/bot/stream-delivery.ts +0 -379
package/src/capability/bot/stream-finalizer.ts +0 -120
package/src/capability/bot/stream-orchestrator.ts +0 -371
package/src/capability/bot/types.ts +0 -8
package/src/capability/calendar/SKILLS_CHECKLIST.md +0 -251
package/src/capability/calendar/tool.ts +0 -417
package/src/capability/calendar/types.ts +0 -309
package/src/capability/doc/tool.ts +0 -1629
package/src/capability/doc/types.ts +0 -792
package/src/capability/mcp/index.ts +0 -10
package/src/capability/mcp/schema.ts +0 -107
package/src/capability/mcp/tool.ts +0 -174
package/src/capability/mcp/transport.ts +0 -394
package/src/channel.config.test.ts +0 -147
package/src/channel.lifecycle.test.ts +0 -255
package/src/channel.meta.test.ts +0 -26
package/src/channel.ts +0 -256
package/src/config/accounts.resolve.test.ts +0 -75
package/src/config/accounts.ts +0 -296
package/src/config/derived-paths.test.ts +0 -111
package/src/config/derived-paths.ts +0 -41
package/src/config/index.ts +0 -26
package/src/config/media.test.ts +0 -113
package/src/config/media.ts +0 -139
package/src/config/network.ts +0 -53
package/src/config/routing.test.ts +0 -88
package/src/config/routing.ts +0 -26
package/src/config/runtime-config.ts +0 -46
package/src/config/schema.ts +0 -90
package/src/context-store.ts +0 -297
package/src/crypto/index.ts +0 -24
package/src/crypto.test.ts +0 -32
package/src/crypto.ts +0 -176
package/src/domain/models.ts +0 -7
package/src/domain/policies.ts +0 -36
package/src/dynamic-agent.account-scope.test.ts +0 -17
package/src/gateway-monitor.ts +0 -181
package/src/http.ts +0 -145
package/src/media.test.ts +0 -82
package/src/monitor/limits.ts +0 -7
package/src/monitor/state.queue.test.ts +0 -185
package/src/monitor/state.ts +0 -34
package/src/monitor.active.test.ts +0 -245
package/src/monitor.inbound-filter.test.ts +0 -63
package/src/monitor.integration.test.ts +0 -208
package/src/monitor.ts +0 -121
package/src/monitor.webhook.test.ts +0 -774
package/src/observability/audit-log.ts +0 -48
package/src/observability/legacy-operational-event-store.ts +0 -36
package/src/observability/raw-envelope-log.ts +0 -28
package/src/observability/status-registry.ts +0 -13
package/src/observability/transport-session-view.ts +0 -14
package/src/onboarding.test.ts +0 -336
package/src/onboarding.ts +0 -704
package/src/outbound.test.ts +0 -1271
package/src/outbound.ts +0 -746
package/src/runtime/dispatcher.ts +0 -71
package/src/runtime/outbound-intent.ts +0 -4
package/src/runtime/reply-orchestrator.test.ts +0 -71
package/src/runtime/reply-orchestrator.ts +0 -67
package/src/runtime/routing-bridge.test.ts +0 -115
package/src/runtime/routing-bridge.ts +0 -44
package/src/runtime/session-manager.test.ts +0 -174
package/src/runtime/session-manager.ts +0 -139
package/src/runtime/source-registry.ts +0 -249
package/src/runtime.ts +0 -14
package/src/shared/command-auth.ts +0 -87
package/src/shared/media-asset.ts +0 -78
package/src/shared/media-service.test.ts +0 -111
package/src/shared/media-service.ts +0 -84
package/src/shared/media-types.ts +0 -5
package/src/shared/xml-parser.test.ts +0 -50
package/src/store/active-reply-store.ts +0 -42
package/src/store/interfaces.ts +0 -11
package/src/store/memory-store.ts +0 -43
package/src/store/stream-batch-store.ts +0 -350
package/src/transport/agent-api/client.ts +0 -277
package/src/transport/agent-api/core.ts +0 -463
package/src/transport/agent-api/delivery.ts +0 -41
package/src/transport/agent-api/media-upload.ts +0 -11
package/src/transport/agent-api/reply.ts +0 -39
package/src/transport/agent-api/upstream-delivery.ts +0 -45
package/src/transport/agent-api/upstream-media-upload.ts +0 -70
package/src/transport/agent-api/upstream-reply.ts +0 -43
package/src/transport/agent-callback/http-handler.ts +0 -47
package/src/transport/agent-callback/inbound.ts +0 -5
package/src/transport/agent-callback/reply.ts +0 -13
package/src/transport/agent-callback/request-handler.ts +0 -244
package/src/transport/agent-callback/session.ts +0 -23
package/src/transport/bot-webhook/active-reply.ts +0 -39
package/src/transport/bot-webhook/http-handler.ts +0 -48
package/src/transport/bot-webhook/inbound-normalizer.test.ts +0 -433
package/src/transport/bot-webhook/inbound-normalizer.ts +0 -558
package/src/transport/bot-webhook/inbound.ts +0 -5
package/src/transport/bot-webhook/message-shape.ts +0 -92
package/src/transport/bot-webhook/protocol.ts +0 -148
package/src/transport/bot-webhook/reply.ts +0 -15
package/src/transport/bot-webhook/request-handler.ts +0 -394
package/src/transport/bot-webhook/session.ts +0 -23
package/src/transport/bot-ws/inbound.test.ts +0 -290
package/src/transport/bot-ws/inbound.ts +0 -163
package/src/transport/bot-ws/media.test.ts +0 -44
package/src/transport/bot-ws/media.ts +0 -321
package/src/transport/bot-ws/reply.test.ts +0 -450
package/src/transport/bot-ws/reply.ts +0 -365
package/src/transport/bot-ws/sdk-adapter.test.ts +0 -187
package/src/transport/bot-ws/sdk-adapter.ts +0 -314
package/src/transport/bot-ws/session.ts +0 -28
package/src/transport/http/common.ts +0 -109
package/src/transport/http/registry.ts +0 -92
package/src/transport/http/request-handler.ts +0 -84
package/src/types/account.ts +0 -70
package/src/types/config.ts +0 -114
package/src/types/constants.ts +0 -31
package/src/types/events.ts +0 -21
package/src/types/global.d.ts +0 -9
package/src/types/index.ts +0 -17
package/src/types/legacy-stream.ts +0 -50
package/src/types/message.ts +0 -189
package/src/types/runtime-context.ts +0 -28
package/src/types/runtime.ts +0 -165
package/src/types.ts +0 -41
package/src/upstream/index.ts +0 -150
package/src/upstream.test.ts +0 -84
package/src/wecom_msg_adapter/markdown_adapter.ts +0 -331
package/tsconfig.json +0 -22
package/vitest.config.ts +0 -26
/package/{src/capability/agent/index.ts → dist/src/capability/agent/index.js} +0 -0
/package/{src/capability/bot/index.ts → dist/src/capability/bot/index.js} +0 -0
/package/{src/capability/calendar/index.ts → dist/src/capability/calendar/index.js} +0 -0
/package/{src/capability/index.ts → dist/src/capability/index.js} +0 -0

package/dist/src/config/schema.js ADDED Viewed

@@ -0,0 +1,4 @@
+/**
+ * @deprecated No longer a Zod schema. Kept as a type-only export for backward compatibility.
+ */
+export const WecomConfigSchema = undefined;

package/{src/config-schema.ts → dist/src/config-schema.js} RENAMED Viewed

@@ -2,4 +2,4 @@
  * Backward-compatible schema export.
  * Canonical schema lives in `src/config/schema.ts`.
  */
-export { WecomConfigSchema, type WecomConfigInput } from "./config/schema.js";
+export { WecomConfigSchema } from "./config/schema.js";

package/dist/src/context-store.js ADDED Viewed

@@ -0,0 +1,219 @@
+/**
+ * Context store for WeCom Bot WS proactive push.
+ *
+ * Similar to Weixin's contextToken mechanism, we need to track:
+ * - Which accountId has active sessions with which peerId
+ * - The contextToken for routing outbound messages
+ */
+import { randomUUID } from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+// Simple logger
+const logger = {
+    info: (...args) => console.log('[wecom-context]', ...args),
+    warn: (...args) => console.warn('[wecom-context]', ...args),
+    debug: (...args) => process.env.DEBUG && console.log('[wecom-context]', ...args),
+};
+// In-memory store: accountId -> peerId -> context info
+const peerContextStore = new Map();
+// Reverse lookup: peerId -> accountId (for routing outbound)
+const peerToAccountMap = new Map();
+const contextTokenToPeerMap = new Map();
+function resolveStateDir() {
+    return process.env.OPENCLAW_STATE_DIR || path.join(process.env.HOME || "/tmp", ".openclaw");
+}
+function resolveContextFilePath(accountId) {
+    return path.join(resolveStateDir(), "wecom", "context", `${accountId}.json`);
+}
+/** Persist peer contexts for an account to disk */
+function persistContexts(accountId) {
+    const peerMap = peerContextStore.get(accountId);
+    if (!peerMap)
+        return;
+    const data = {};
+    for (const [peerId, info] of peerMap) {
+        data[peerId] = info;
+    }
+    const filePath = resolveContextFilePath(accountId);
+    try {
+        const dir = path.dirname(filePath);
+        fs.mkdirSync(dir, { recursive: true });
+        fs.writeFileSync(filePath, JSON.stringify(data, null, 0), "utf-8");
+    }
+    catch (err) {
+        logger.warn?.(`persistContexts: failed to write ${filePath}: ${String(err)}`);
+    }
+}
+function normalizeContextToken(value) {
+    const token = typeof value === "string" ? value.trim() : "";
+    return token || undefined;
+}
+function normalizePeerKind(value) {
+    return value === "group" ? "group" : "direct";
+}
+function normalizeOptional(value) {
+    const normalized = typeof value === "string" ? value.trim() : "";
+    return normalized || undefined;
+}
+function findStoredPeerContext(accountId, peerId) {
+    const peerMap = peerContextStore.get(accountId);
+    if (!peerMap)
+        return undefined;
+    const exact = peerMap.get(peerId);
+    if (exact)
+        return exact;
+    const normalizedPeerId = peerId.trim().toLowerCase();
+    for (const [storedPeerId, info] of peerMap) {
+        if (storedPeerId.trim().toLowerCase() === normalizedPeerId) {
+            return info;
+        }
+    }
+    return undefined;
+}
+function registerPeerContext(accountId, peerId, info) {
+    let peerMap = peerContextStore.get(accountId);
+    if (!peerMap) {
+        peerMap = new Map();
+        peerContextStore.set(accountId, peerMap);
+    }
+    const previous = peerMap.get(peerId);
+    if (previous?.contextToken && previous.contextToken !== info.contextToken) {
+        contextTokenToPeerMap.delete(previous.contextToken);
+    }
+    peerMap.set(peerId, info);
+    peerToAccountMap.set(peerId, accountId);
+    contextTokenToPeerMap.set(info.contextToken, {
+        accountId,
+        peerId,
+        ...info,
+    });
+}
+function resolveStoredPeerContext(accountId, peerId, params) {
+    const existing = findStoredPeerContext(accountId, peerId);
+    return {
+        contextToken: normalizeContextToken(params.contextToken) ??
+            existing?.contextToken ??
+            randomUUID(),
+        peerKind: params.peerKind ?? existing?.peerKind ?? "direct",
+        lastSeen: params.lastSeen ?? Date.now(),
+        ...(normalizeOptional(params.upstreamCorpId) || existing?.upstreamCorpId
+            ? { upstreamCorpId: normalizeOptional(params.upstreamCorpId) ?? existing?.upstreamCorpId }
+            : {}),
+    };
+}
+/** Restore persisted peer contexts for an account */
+export function restorePeerContexts(accountId) {
+    const filePath = resolveContextFilePath(accountId);
+    try {
+        if (!fs.existsSync(filePath))
+            return;
+        const raw = fs.readFileSync(filePath, "utf-8");
+        const data = JSON.parse(raw);
+        const peerMap = new Map();
+        let count = 0;
+        let mutated = false;
+        for (const [peerId, info] of Object.entries(data)) {
+            const normalized = {
+                contextToken: normalizeContextToken(info?.contextToken) ?? randomUUID(),
+                peerKind: normalizePeerKind(info?.peerKind),
+                lastSeen: typeof info?.lastSeen === "number" && Number.isFinite(info.lastSeen)
+                    ? info.lastSeen
+                    : Date.now(),
+                ...(normalizeOptional(info?.upstreamCorpId)
+                    ? { upstreamCorpId: normalizeOptional(info?.upstreamCorpId) }
+                    : {}),
+            };
+            peerMap.set(peerId, normalized);
+            peerToAccountMap.set(peerId, accountId);
+            contextTokenToPeerMap.set(normalized.contextToken, {
+                accountId,
+                peerId,
+                ...normalized,
+            });
+            if (normalized.contextToken !== info?.contextToken ||
+                normalized.peerKind !== info?.peerKind ||
+                normalized.lastSeen !== info?.lastSeen ||
+                normalized.upstreamCorpId !== normalizeOptional(info?.upstreamCorpId)) {
+                mutated = true;
+            }
+            count++;
+        }
+        peerContextStore.set(accountId, peerMap);
+        if (mutated) {
+            persistContexts(accountId);
+        }
+        logger.info?.(`restorePeerContexts: restored ${count} peers for account=${accountId}`);
+    }
+    catch (err) {
+        logger.warn?.(`restorePeerContexts: failed to read ${filePath}: ${String(err)}`);
+    }
+}
+/** Store context for a peer (called on inbound message) */
+export function setPeerContext(accountId, peerId, options) {
+    const resolved = resolveStoredPeerContext(accountId, peerId, options ?? {});
+    registerPeerContext(accountId, peerId, resolved);
+    // Persist to disk (debounced would be better, but simple for now)
+    persistContexts(accountId);
+    logger.debug?.(`setPeerContext: accountId=${accountId} peerId=${peerId} token=${resolved.contextToken} kind=${resolved.peerKind}`);
+    return resolved.contextToken;
+}
+/** Get the accountId that has an active session with a peer */
+export function getAccountIdByPeer(peerId) {
+    return peerToAccountMap.get(peerId);
+}
+/** Get the most recent peerId for an account (for proactive push) */
+export function getRecentPeerForAccount(accountId, maxAgeMs = 30 * 60 * 1000) {
+    const peerMap = peerContextStore.get(accountId);
+    if (!peerMap)
+        return undefined;
+    let mostRecent;
+    for (const [peerId, info] of peerMap) {
+        if (Date.now() - info.lastSeen > maxAgeMs)
+            continue;
+        if (!mostRecent || info.lastSeen > mostRecent.lastSeen) {
+            mostRecent = { peerId, lastSeen: info.lastSeen };
+        }
+    }
+    return mostRecent?.peerId;
+}
+/** Get context token for a peer */
+export function getPeerContextToken(accountId, peerId) {
+    return findStoredPeerContext(accountId, peerId)?.contextToken;
+}
+export function getPeerUpstreamCorpId(accountId, peerId) {
+    return findStoredPeerContext(accountId, peerId)?.upstreamCorpId;
+}
+/** Resolve a peer context from a context token. */
+export function getPeerContextByToken(contextToken) {
+    return contextTokenToPeerMap.get(contextToken);
+}
+/** Resolve accountId from a context token. */
+export function getAccountIdByContextToken(contextToken) {
+    return contextTokenToPeerMap.get(contextToken)?.accountId;
+}
+/** Check if we have an active session for routing */
+export function hasActiveSession(accountId, peerId, maxAgeMs = 30 * 60 * 1000) {
+    const info = findStoredPeerContext(accountId, peerId);
+    if (!info)
+        return false;
+    return Date.now() - info.lastSeen < maxAgeMs;
+}
+/** Clear all contexts for an account */
+export function clearPeerContexts(accountId) {
+    const peerMap = peerContextStore.get(accountId);
+    if (peerMap) {
+        for (const [peerId, info] of peerMap) {
+            peerToAccountMap.delete(peerId);
+            contextTokenToPeerMap.delete(info.contextToken);
+        }
+    }
+    peerContextStore.delete(accountId);
+    const filePath = resolveContextFilePath(accountId);
+    try {
+        if (fs.existsSync(filePath))
+            fs.unlinkSync(filePath);
+    }
+    catch (err) {
+        logger.warn?.(`clearPeerContexts: failed to remove ${filePath}`);
+    }
+}

package/{src/crypto/aes.ts → dist/src/crypto/aes.js} RENAMED Viewed

@@ -2,13 +2,12 @@
  * WeCom AES-256-CBC 加解密核心
  * Bot 和 Agent 模式共用
  */
 import crypto from "node:crypto";
 import { CRYPTO } from "../types/constants.js";
-export function decodeEncodingAESKey(encodingAESKey: string): Buffer {
+export function decodeEncodingAESKey(encodingAESKey) {
     const trimmed = encodingAESKey.trim();
-    if (!trimmed) throw new Error("encodingAESKey missing");
+    if (!trimmed)
+        throw new Error("encodingAESKey missing");
     const withPadding = trimmed.endsWith("=") ? trimmed : `${trimmed}=`;
     const key = Buffer.from(withPadding, "base64");
     if (key.length !== CRYPTO.AES_KEY_LENGTH) {
@@ -16,17 +15,16 @@ export function decodeEncodingAESKey(encodingAESKey: string): Buffer {
     }
     return key;
 }
-function pkcs7Pad(buf: Buffer, blockSize: number): Buffer {
+function pkcs7Pad(buf, blockSize) {
     const mod = buf.length % blockSize;
     const pad = mod === 0 ? blockSize : blockSize - mod;
     const padByte = Buffer.from([pad]);
-    return Buffer.concat([buf, Buffer.alloc(pad, padByte[0]!)]);
+    return Buffer.concat([buf, Buffer.alloc(pad, padByte[0])]);
 }
-export function pkcs7Unpad(buf: Buffer, blockSize: number): Buffer {
-    if (buf.length === 0) throw new Error("invalid pkcs7 payload");
-    const pad = buf[buf.length - 1]!;
+export function pkcs7Unpad(buf, blockSize) {
+    if (buf.length === 0)
+        throw new Error("invalid pkcs7 payload");
+    const pad = buf[buf.length - 1];
     if (pad < 1 || pad > blockSize) {
         throw new Error("invalid pkcs7 padding");
     }
@@ -40,15 +38,10 @@ export function pkcs7Unpad(buf: Buffer, blockSize: number): Buffer {
     }
     return buf.subarray(0, buf.length - pad);
 }
 /**
  * 解密 WeCom 加密消息
  */
-export function decryptWecomEncrypted(params: {
-    encodingAESKey: string;
-    receiveId?: string;
-    encrypt: string;
-}): string {
+export function decryptWecomEncrypted(params) {
     const aesKey = decodeEncodingAESKey(params.encodingAESKey);
     const iv = aesKey.subarray(0, 16);
     const decipher = crypto.createDecipheriv("aes-256-cbc", aesKey, iv);
@@ -58,11 +51,9 @@ export function decryptWecomEncrypted(params: {
         decipher.final(),
     ]);
     const decrypted = pkcs7Unpad(decryptedPadded, CRYPTO.PKCS7_BLOCK_SIZE);
     if (decrypted.length < 20) {
         throw new Error(`invalid payload (expected >=20 bytes, got ${decrypted.length})`);
     }
     // 16 bytes random + 4 bytes length + msg + receiveId
     const msgLen = decrypted.readUInt32BE(16);
     const msgStart = 20;
@@ -71,7 +62,6 @@ export function decryptWecomEncrypted(params: {
         throw new Error(`invalid msg length (msgEnd=${msgEnd}, total=${decrypted.length})`);
     }
     const msg = decrypted.subarray(msgStart, msgEnd).toString("utf8");
     const receiveId = params.receiveId ?? "";
     if (receiveId) {
         const trailing = decrypted.subarray(msgEnd).toString("utf8");
@@ -79,18 +69,12 @@ export function decryptWecomEncrypted(params: {
             throw new Error(`receiveId mismatch (expected "${receiveId}", got "${trailing}")`);
         }
     }
     return msg;
 }
 /**
  * 加密明文为 WeCom 格式
  */
-export function encryptWecomPlaintext(params: {
-    encodingAESKey: string;
-    receiveId?: string;
-    plaintext: string;
-}): string {
+export function encryptWecomPlaintext(params) {
     const aesKey = decodeEncodingAESKey(params.encodingAESKey);
     const iv = aesKey.subarray(0, 16);
     const random16 = crypto.randomBytes(16);
@@ -98,7 +82,6 @@ export function encryptWecomPlaintext(params: {
     const msgLen = Buffer.alloc(4);
     msgLen.writeUInt32BE(msg.length, 0);
     const receiveId = Buffer.from(params.receiveId ?? "", "utf8");
     const raw = Buffer.concat([random16, msgLen, msg, receiveId]);
     const padded = pkcs7Pad(raw, CRYPTO.PKCS7_BLOCK_SIZE);
     const cipher = crypto.createCipheriv("aes-256-cbc", aesKey, iv);

package/dist/src/crypto/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * WeCom 加解密模块导出
+ */
+// AES 加解密
+export { decodeEncodingAESKey, pkcs7Unpad, decryptWecomEncrypted, encryptWecomPlaintext, } from "./aes.js";
+// 签名验证
+export { computeWecomMsgSignature, verifyWecomSignature, } from "./signature.js";
+// XML 辅助
+export { extractEncryptFromXml, extractToUserNameFromXml, buildEncryptedXmlResponse, } from "./xml.js";

package/{src/crypto/signature.ts → dist/src/crypto/signature.js} RENAMED Viewed

@@ -1,38 +1,23 @@
 /**
  * WeCom 签名计算与验证
  */
 import crypto from "node:crypto";
-function sha1Hex(input: string): string {
+function sha1Hex(input) {
     return crypto.createHash("sha1").update(input).digest("hex");
 }
 /**
  * 计算 WeCom 消息签名
  */
-export function computeWecomMsgSignature(params: {
-    token: string;
-    timestamp: string;
-    nonce: string;
-    encrypt: string;
-}): string {
+export function computeWecomMsgSignature(params) {
     const parts = [params.token, params.timestamp, params.nonce, params.encrypt]
         .map((v) => String(v ?? ""))
         .sort();
     return sha1Hex(parts.join(""));
 }
 /**
  * 验证 WeCom 消息签名
  */
-export function verifyWecomSignature(params: {
-    token: string;
-    timestamp: string;
-    nonce: string;
-    encrypt: string;
-    signature: string;
-}): boolean {
+export function verifyWecomSignature(params) {
     const expected = computeWecomMsgSignature({
         token: params.token,
         timestamp: params.timestamp,

package/{src/crypto/xml.ts → dist/src/crypto/xml.js} RENAMED Viewed

@@ -2,11 +2,10 @@
  * WeCom XML 加解密辅助函数
  * 用于 Agent 模式处理 XML 格式回调
  */
 /**
  * 从 XML 密文中提取 Encrypt 字段
  */
-export function extractEncryptFromXml(xml: string): string {
+export function extractEncryptFromXml(xml) {
     const match = /<Encrypt><!\[CDATA\[(.*?)\]\]><\/Encrypt>/s.exec(xml);
     if (!match?.[1]) {
         // 尝试不带 CDATA 的格式
@@ -18,11 +17,10 @@ export function extractEncryptFromXml(xml: string): string {
     }
     return match[1];
 }
 /**
  * 从 XML 中提取 ToUserName (CorpID)
  */
-export function extractToUserNameFromXml(xml: string): string {
+export function extractToUserNameFromXml(xml) {
     const match = /<ToUserName><!\[CDATA\[(.*?)\]\]><\/ToUserName>/s.exec(xml);
     if (!match?.[1]) {
         const altMatch = /<ToUserName>(.*?)<\/ToUserName>/s.exec(xml);
@@ -30,16 +28,10 @@ export function extractToUserNameFromXml(xml: string): string {
     }
     return match[1];
 }
 /**
  * 构建加密 XML 响应
  */
-export function buildEncryptedXmlResponse(params: {
-    encrypt: string;
-    signature: string;
-    timestamp: string;
-    nonce: string;
-}): string {
+export function buildEncryptedXmlResponse(params) {
     return `<xml>
 <Encrypt><![CDATA[${params.encrypt}]]></Encrypt>
 <MsgSignature><![CDATA[${params.signature}]]></MsgSignature>

package/dist/src/crypto.js ADDED Viewed

@@ -0,0 +1,145 @@
+import crypto from "node:crypto";
+/**
+ * **decodeEncodingAESKey (解码 AES Key)**
+ *
+ * 将企业微信配置的 Base64 编码的 AES Key 解码为 Buffer。
+ * 包含补全 Padding 和长度校验 (必须32字节)。
+ */
+export function decodeEncodingAESKey(encodingAESKey) {
+    const trimmed = encodingAESKey.trim();
+    if (!trimmed)
+        throw new Error("encodingAESKey missing");
+    const withPadding = trimmed.endsWith("=") ? trimmed : `${trimmed}=`;
+    const key = Buffer.from(withPadding, "base64");
+    if (key.length !== 32) {
+        throw new Error(`invalid encodingAESKey (expected 32 bytes after base64 decode, got ${key.length})`);
+    }
+    return key;
+}
+// WeCom uses PKCS#7 padding with a block size of 32 bytes (not AES's 16-byte block).
+// This is compatible with AES-CBC as 32 is a multiple of 16, but it requires manual padding/unpadding.
+export const WECOM_PKCS7_BLOCK_SIZE = 32;
+function pkcs7Pad(buf, blockSize) {
+    const mod = buf.length % blockSize;
+    const pad = mod === 0 ? blockSize : blockSize - mod;
+    const padByte = Buffer.from([pad]);
+    return Buffer.concat([buf, Buffer.alloc(pad, padByte[0])]);
+}
+/**
+ * **pkcs7Unpad (去除 PKCS#7 填充)**
+ *
+ * 移除 AES 解密后的 PKCS#7 填充字节。
+ * 包含填充合法性校验。
+ */
+export function pkcs7Unpad(buf, blockSize) {
+    if (buf.length === 0)
+        throw new Error("invalid pkcs7 payload");
+    const pad = buf[buf.length - 1];
+    if (pad < 1 || pad > blockSize) {
+        throw new Error("invalid pkcs7 padding");
+    }
+    if (pad > buf.length) {
+        throw new Error("invalid pkcs7 payload");
+    }
+    // Best-effort validation (all padding bytes equal).
+    for (let i = 0; i < pad; i += 1) {
+        if (buf[buf.length - 1 - i] !== pad) {
+            throw new Error("invalid pkcs7 padding");
+        }
+    }
+    return buf.subarray(0, buf.length - pad);
+}
+function sha1Hex(input) {
+    return crypto.createHash("sha1").update(input).digest("hex");
+}
+/**
+ * **computeWecomMsgSignature (计算消息签名)**
+ *
+ * 算法：sha1(sort(token, timestamp, nonce, encrypt_msg))
+ */
+export function computeWecomMsgSignature(params) {
+    const parts = [params.token, params.timestamp, params.nonce, params.encrypt]
+        .map((v) => String(v ?? ""))
+        .sort();
+    return sha1Hex(parts.join(""));
+}
+/**
+ * **verifyWecomSignature (验证消息签名)**
+ *
+ * 比较计算出的签名与企业微信传入的签名是否一致。
+ */
+export function verifyWecomSignature(params) {
+    const expected = computeWecomMsgSignature({
+        token: params.token,
+        timestamp: params.timestamp,
+        nonce: params.nonce,
+        encrypt: params.encrypt,
+    });
+    return expected === params.signature;
+}
+/**
+ * **decryptWecomEncrypted (解密企业微信消息)**
+ *
+ * 将企业微信的 AES 加密包解密为明文。
+ * 流程：
+ * 1. Base64 解码 AESKey 并获取 IV (前16字节)。
+ * 2. AES-CBC 解密。
+ * 3. 去除 PKCS#7 填充。
+ * 4. 拆解协议包结构: [16字节随机串][4字节长度][消息体][接收者ID]。
+ * 5. 校验接收者ID (ReceiveId)。
+ */
+export function decryptWecomEncrypted(params) {
+    const aesKey = decodeEncodingAESKey(params.encodingAESKey);
+    const iv = aesKey.subarray(0, 16);
+    const decipher = crypto.createDecipheriv("aes-256-cbc", aesKey, iv);
+    decipher.setAutoPadding(false);
+    const decryptedPadded = Buffer.concat([
+        decipher.update(Buffer.from(params.encrypt, "base64")),
+        decipher.final(),
+    ]);
+    const decrypted = pkcs7Unpad(decryptedPadded, WECOM_PKCS7_BLOCK_SIZE);
+    if (decrypted.length < 20) {
+        throw new Error(`invalid decrypted payload (expected at least 20 bytes, got ${decrypted.length})`);
+    }
+    // 16 bytes random + 4 bytes network-order length + msg + receiveId (optional)
+    const msgLen = decrypted.readUInt32BE(16);
+    const msgStart = 20;
+    const msgEnd = msgStart + msgLen;
+    if (msgEnd > decrypted.length) {
+        throw new Error(`invalid decrypted msg length (msgEnd=${msgEnd}, payloadLength=${decrypted.length})`);
+    }
+    const msg = decrypted.subarray(msgStart, msgEnd).toString("utf8");
+    const receiveId = params.receiveId ?? "";
+    if (receiveId) {
+        const trailing = decrypted.subarray(msgEnd).toString("utf8");
+        if (trailing !== receiveId) {
+            throw new Error(`receiveId mismatch (expected "${receiveId}", got "${trailing}")`);
+        }
+    }
+    return msg;
+}
+/**
+ * **encryptWecomPlaintext (加密回复消息)**
+ *
+ * 将明文消息打包为企业微信的加密格式。
+ * 流程：
+ * 1. 构造协议包: [16字节随机串][4字节长度][消息体][接收者ID]。
+ * 2. PKCS#7 填充。
+ * 3. AES-CBC 加密。
+ * 4. 转 Base64。
+ */
+export function encryptWecomPlaintext(params) {
+    const aesKey = decodeEncodingAESKey(params.encodingAESKey);
+    const iv = aesKey.subarray(0, 16);
+    const random16 = crypto.randomBytes(16);
+    const msg = Buffer.from(params.plaintext ?? "", "utf8");
+    const msgLen = Buffer.alloc(4);
+    msgLen.writeUInt32BE(msg.length, 0);
+    const receiveId = Buffer.from(params.receiveId ?? "", "utf8");
+    const raw = Buffer.concat([random16, msgLen, msg, receiveId]);
+    const padded = pkcs7Pad(raw, WECOM_PKCS7_BLOCK_SIZE);
+    const cipher = crypto.createCipheriv("aes-256-cbc", aesKey, iv);
+    cipher.setAutoPadding(false);
+    const encrypted = Buffer.concat([cipher.update(padded), cipher.final()]);
+    return encrypted.toString("base64");
+}

package/dist/src/domain/models.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/src/domain/policies.js ADDED Viewed

@@ -0,0 +1,32 @@
+export function assertBotPrimaryTransport(account) {
+    if (account.primaryTransport === "ws" && !account.wsConfigured) {
+        throw new Error(`WeCom bot account "${account.accountId}" is missing bot.ws credentials.`);
+    }
+    if (account.primaryTransport === "webhook" && !account.webhookConfigured) {
+        throw new Error(`WeCom bot account "${account.accountId}" is missing bot.webhook credentials.`);
+    }
+}
+export function buildDedupKey(event) {
+    return `${event.accountId}:${event.transport}:${event.messageId}`;
+}
+export function resolveConversationKey(event) {
+    const conversation = event.conversation;
+    return [event.accountId, conversation.peerKind, conversation.peerId, conversation.senderId].join(":");
+}
+export function normalizeWecomAllowFromEntry(raw) {
+    return raw
+        .trim()
+        .toLowerCase()
+        .replace(/^wecom:/, "")
+        .replace(/^user:/, "")
+        .replace(/^userid:/, "");
+}
+export function isWecomSenderAllowed(senderUserId, allowFrom) {
+    const list = allowFrom.map((entry) => normalizeWecomAllowFromEntry(entry)).filter(Boolean);
+    if (list.includes("*"))
+        return true;
+    const normalizedSender = normalizeWecomAllowFromEntry(senderUserId);
+    if (!normalizedSender)
+        return false;
+    return list.includes(normalizedSender);
+}