@yaoqi10012/wechat-kf 0.3.1

package/dist/crypto.js

@@ -0,0 +1,81 @@
+/**
+ * WeCom message encryption/decryption
+ *
+ * - Signature: SHA1(sort([token, timestamp, nonce, encrypt]))
+ * - Encryption: AES-256-CBC, key = Base64Decode(EncodingAESKey + "="), iv = key[0:16]
+ * - Plaintext format: random(16B) + msg_len(4B network order) + msg + receiveid
+ */
+import { createCipheriv, createDecipheriv, createHash, randomBytes, timingSafeEqual } from "node:crypto";
+import { logTag } from "./constants.js";
+export function deriveAesKey(encodingAESKey) {
+    if (encodingAESKey.length !== 43) {
+        throw new Error(`${logTag()} EncodingAESKey must be 43 characters, got ${encodingAESKey.length}`);
+    }
+    const key = Buffer.from(`${encodingAESKey}=`, "base64");
+    if (key.length !== 32) {
+        throw new Error(`${logTag()} derived AES key must be 32 bytes, got ${key.length}`);
+    }
+    return key;
+}
+/** SHA1 signature verification */
+export function computeSignature(token, timestamp, nonce, encrypt) {
+    const items = [token, timestamp, nonce, encrypt].sort();
+    return createHash("sha1").update(items.join("")).digest("hex");
+}
+export function verifySignature(token, timestamp, nonce, encrypt, expectedSignature) {
+    const actual = Buffer.from(computeSignature(token, timestamp, nonce, encrypt), "utf8");
+    const expected = Buffer.from(expectedSignature, "utf8");
+    if (actual.length !== expected.length)
+        return false;
+    return timingSafeEqual(actual, expected);
+}
+/** Decrypt an encrypted message from WeChat callback */
+export function decrypt(encodingAESKey, encrypted) {
+    const aesKey = deriveAesKey(encodingAESKey);
+    const iv = aesKey.subarray(0, 16);
+    const decipher = createDecipheriv("aes-256-cbc", aesKey, iv);
+    decipher.setAutoPadding(false);
+    const decrypted = Buffer.concat([decipher.update(encrypted, "base64"), decipher.final()]);
+    // Remove PKCS#7 padding — validate ALL N padding bytes equal N
+    const pad = decrypted[decrypted.length - 1];
+    if (pad < 1 || pad > 32 || pad > decrypted.length) {
+        throw new Error(`${logTag()} invalid PKCS#7 padding`);
+    }
+    for (let i = 1; i <= pad; i++) {
+        if (decrypted[decrypted.length - i] !== pad) {
+            throw new Error(`${logTag()} invalid PKCS#7 padding`);
+        }
+    }
+    const content = decrypted.subarray(0, decrypted.length - pad);
+    // Parse: random(16) + msg_len(4, big-endian) + msg + receiverId
+    if (content.length < 20) {
+        throw new Error(`${logTag()} decrypted content too short`);
+    }
+    const msgLen = content.readUInt32BE(16);
+    if (msgLen < 0 || 20 + msgLen > content.length) {
+        throw new Error(`${logTag()} invalid message length in decrypted content`);
+    }
+    const message = content.subarray(20, 20 + msgLen).toString("utf8");
+    const receiverId = content.subarray(20 + msgLen).toString("utf8");
+    return { message, receiverId };
+}
+/** Encrypt a message for WeChat callback response */
+export function encrypt(encodingAESKey, message, receiverId) {
+    const aesKey = deriveAesKey(encodingAESKey);
+    const iv = aesKey.subarray(0, 16);
+    const random = randomBytes(16);
+    const msgBuf = Buffer.from(message, "utf8");
+    const receiverBuf = Buffer.from(receiverId, "utf8");
+    const msgLenBuf = Buffer.alloc(4);
+    msgLenBuf.writeUInt32BE(msgBuf.length, 0);
+    const plaintext = Buffer.concat([random, msgLenBuf, msgBuf, receiverBuf]);
+    // PKCS#7 padding to 32-byte blocks
+    const blockSize = 32;
+    const padLen = blockSize - (plaintext.length % blockSize);
+    const padding = Buffer.alloc(padLen, padLen);
+    const padded = Buffer.concat([plaintext, padding]);
+    const cipher = createCipheriv("aes-256-cbc", aesKey, iv);
+    cipher.setAutoPadding(false);
+    return Buffer.concat([cipher.update(padded), cipher.final()]).toString("base64");
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACzG,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,MAAM,UAAU,YAAY,CAAC,cAAsB;IACjD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,8CAA8C,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,0CAA0C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kCAAkC;AAClC,MAAM,UAAU,gBAAgB,CAAC,KAAa,EAAE,SAAiB,EAAE,KAAa,EAAE,OAAe;IAC/F,MAAM,KAAK,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACxD,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,KAAa,EACb,SAAiB,EACjB,KAAa,EACb,OAAe,EACf,iBAAyB;IAEzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACpD,OAAO,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,OAAO,CAAC,cAAsB,EAAE,SAAiB;IAC/D,MAAM,MAAM,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAElC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAE/B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE1F,+DAA+D;IAC/D,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,IAAI,GAAG,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,yBAAyB,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,yBAAyB,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IACD,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;IAE9D,gEAAgE;IAChE,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,8BAA8B,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IACxC,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,8CAA8C,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,GAAG,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAElE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACjC,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,OAAO,CAAC,cAAsB,EAAE,OAAe,EAAE,UAAkB;IACjF,MAAM,MAAM,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAElC,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEpD,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAE1C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1E,mCAAmC;IACnC,MAAM,SAAS,GAAG,EAAE,CAAC;IACrB,MAAM,MAAM,GAAG,SAAS,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAE7B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACnF,CAAC"}

package/dist/fs-utils.d.ts

@@ -0,0 +1,7 @@
+/**
+ * File-system utilities — atomic write via temp file + rename.
+ *
+ * On POSIX systems, `rename()` within the same filesystem is atomic,
+ * so the target file is never left in a partially-written state.
+ */
+export declare function atomicWriteFile(filePath: string, content: string, encoding?: BufferEncoding): Promise<void>;

package/dist/fs-utils.js

@@ -0,0 +1,13 @@
+/**
+ * File-system utilities — atomic write via temp file + rename.
+ *
+ * On POSIX systems, `rename()` within the same filesystem is atomic,
+ * so the target file is never left in a partially-written state.
+ */
+import { rename, writeFile } from "node:fs/promises";
+export async function atomicWriteFile(filePath, content, encoding = "utf8") {
+    const tmpPath = `${filePath}.tmp`;
+    await writeFile(tmpPath, content, encoding);
+    await rename(tmpPath, filePath); // atomic on the same filesystem
+}
+//# sourceMappingURL=fs-utils.js.map

package/dist/fs-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fs-utils.js","sourceRoot":"","sources":["../src/fs-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAErD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,OAAe,EACf,WAA2B,MAAM;IAEjC,MAAM,OAAO,GAAG,GAAG,QAAQ,MAAM,CAAC;IAClC,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5C,MAAM,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,gCAAgC;AACnE,CAAC"}

package/dist/monitor.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Shared context manager for WeChat KF plugin
+ *
+ * Provides a rendezvous point between the "default" account (which sets up
+ * enterprise-level shared infrastructure) and per-kfId accounts (which need
+ * the shared crypto config and BotContext to start polling).
+ */
+import type { BotContext } from "./bot.js";
+export type SharedContext = {
+    callbackToken: string;
+    encodingAESKey: string;
+    corpId: string;
+    appSecret: string;
+    webhookPath: string;
+    botCtx: BotContext;
+};
+export declare function setPairingKfId(externalUserId: string, openKfId: string): void;
+export declare function getPairingKfId(externalUserId: string): string | undefined;
+/** Set the shared context. Resolves any pending waitForSharedContext calls. */
+export declare function setSharedContext(ctx: SharedContext): void;
+/** Get the shared context, or null if not yet set. */
+export declare function getSharedContext(): SharedContext | null;
+/**
+ * Wait until the shared context is set.
+ * Rejects if the signal aborts before the context is ready.
+ */
+export declare function waitForSharedContext(signal?: AbortSignal): Promise<SharedContext>;
+/** Clear the shared context (used during shutdown). */
+export declare function clearSharedContext(): void;
+/** Reset all module-level state. @internal For testing only. */
+export declare function _reset(): void;

package/dist/monitor.js

@@ -0,0 +1,80 @@
+/**
+ * Shared context manager for WeChat KF plugin
+ *
+ * Provides a rendezvous point between the "default" account (which sets up
+ * enterprise-level shared infrastructure) and per-kfId accounts (which need
+ * the shared crypto config and BotContext to start polling).
+ */
+// ── Module-level state ──
+let sharedCtx = null;
+let readyResolve = null;
+let readyPromise = null;
+/** Cache: externalUserId → openKfId for pairing approval notifications. */
+const pairingKfIdCache = new Map();
+export function setPairingKfId(externalUserId, openKfId) {
+    pairingKfIdCache.set(externalUserId, openKfId);
+}
+export function getPairingKfId(externalUserId) {
+    return pairingKfIdCache.get(externalUserId);
+}
+function ensureReadyPromise() {
+    if (!readyPromise) {
+        readyPromise = new Promise((resolve) => {
+            readyResolve = resolve;
+        });
+    }
+    return readyPromise;
+}
+/** Set the shared context. Resolves any pending waitForSharedContext calls. */
+export function setSharedContext(ctx) {
+    sharedCtx = ctx;
+    // Resolve waiting callers
+    if (readyResolve) {
+        readyResolve();
+        readyResolve = null;
+    }
+}
+/** Get the shared context, or null if not yet set. */
+export function getSharedContext() {
+    return sharedCtx;
+}
+/**
+ * Wait until the shared context is set.
+ * Rejects if the signal aborts before the context is ready.
+ */
+export function waitForSharedContext(signal) {
+    // Already available — fast path
+    if (sharedCtx)
+        return Promise.resolve(sharedCtx);
+    // Already aborted
+    if (signal?.aborted) {
+        return Promise.reject(new DOMException("The operation was aborted.", "AbortError"));
+    }
+    const ready = ensureReadyPromise();
+    return new Promise((resolve, reject) => {
+        const onReady = () => {
+            signal?.removeEventListener("abort", onAbort);
+            resolve(sharedCtx);
+        };
+        const onAbort = () => {
+            reject(new DOMException("The operation was aborted.", "AbortError"));
+        };
+        signal?.addEventListener("abort", onAbort, { once: true });
+        ready.then(onReady);
+    });
+}
+/** Clear the shared context (used during shutdown). */
+export function clearSharedContext() {
+    sharedCtx = null;
+    readyPromise = null;
+    readyResolve = null;
+    pairingKfIdCache.clear();
+}
+/** Reset all module-level state. @internal For testing only. */
+export function _reset() {
+    sharedCtx = null;
+    readyResolve = null;
+    readyPromise = null;
+    pairingKfIdCache.clear();
+}
+//# sourceMappingURL=monitor.js.map

package/dist/monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitor.js","sourceRoot":"","sources":["../src/monitor.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAaH,2BAA2B;AAE3B,IAAI,SAAS,GAAyB,IAAI,CAAC;AAC3C,IAAI,YAAY,GAAwB,IAAI,CAAC;AAC7C,IAAI,YAAY,GAAyB,IAAI,CAAC;AAE9C,2EAA2E;AAC3E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEnD,MAAM,UAAU,cAAc,CAAC,cAAsB,EAAE,QAAgB;IACrE,gBAAgB,CAAC,GAAG,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,cAAsB;IACnD,OAAO,gBAAgB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,kBAAkB;IACzB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAC3C,YAAY,GAAG,OAAO,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,gBAAgB,CAAC,GAAkB;IACjD,SAAS,GAAG,GAAG,CAAC;IAChB,0BAA0B;IAC1B,IAAI,YAAY,EAAE,CAAC;QACjB,YAAY,EAAE,CAAC;QACf,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,gBAAgB;IAC9B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAoB;IACvD,gCAAgC;IAChC,IAAI,SAAS;QAAE,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEjD,kBAAkB;IAClB,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;QACpB,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,4BAA4B,EAAE,YAAY,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,KAAK,GAAG,kBAAkB,EAAE,CAAC;IAEnC,OAAO,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACpD,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,MAAM,EAAE,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9C,OAAO,CAAC,SAAU,CAAC,CAAC;QACtB,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,MAAM,CAAC,IAAI,YAAY,CAAC,4BAA4B,EAAE,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC;QAEF,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,kBAAkB;IAChC,SAAS,GAAG,IAAI,CAAC;IACjB,YAAY,GAAG,IAAI,CAAC;IACpB,YAAY,GAAG,IAAI,CAAC;IACpB,gBAAgB,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,MAAM;IACpB,SAAS,GAAG,IAAI,CAAC;IACjB,YAAY,GAAG,IAAI,CAAC;IACpB,YAAY,GAAG,IAAI,CAAC;IACpB,gBAAgB,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC"}

package/dist/outbound.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Outbound message adapter for WeChat KF  (framework-driven direct delivery)
+ *
+ * Responsibility:
+ *   This module implements the OpenClaw `ChannelPlugin.outbound` interface and
+ *   is called by the framework when the agent produces a final reply.
+ *
+ *   Text is first converted from markdown to Unicode formatting (formatText),
+ *   then chunked by UTF-8 byte length via `chunkTextByUtf8Bytes` (WeChat API
+ *   enforces a 2048-byte limit on text.content).  Framework auto-chunking is
+ *   disabled (`chunker: null`) because it would chunk *before* formatting,
+ *   causing post-format expansion to exceed the limit.
+ *
+ *   For media, the framework's `loadWebMedia` handles all URL formats
+ *   (HTTP, file://, local paths, MEDIA: prefix, ~), then the buffer is
+ *   uploaded to WeChat and sent using `uploadAndSendMedia` from `send-utils.ts`.
+ *
+ * WeChat KF session limits:
+ *   The API enforces a 48-hour / 5-message limit per session window.
+ *   Once a customer sends a message, the agent may reply with up to 5 messages
+ *   within 48 hours.  After that, sending returns errcode 95026.
+ *   This module detects that error and logs a clear warning rather than
+ *   propagating a generic failure.
+ *
+ * Counterpart:
+ *   `reply-dispatcher.ts` handles the *other* outbound path: typing-aware
+ *   streaming replies dispatched internally by `bot.ts`.
+ *
+ * accountId = openKfId (dynamically discovered)
+ */
+import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk";
+export declare const wechatKfOutbound: ChannelOutboundAdapter;