agentquad 0.4.5 → 0.4.7

package/src/config.js

@@ -126,6 +126,7 @@ const DEFAULT_LARK_CONFIG = {
 	requireThreadGroup: true,
 	eventSubscribeEnabled: true,
 	autoCreateTopic: true,
+	autoCreateTodo: true,
 	defaultPermissionMode: "bypass",
 	notificationCooldownMs: 600_000,
 };
@@ -313,6 +314,9 @@ function defaultConfig() {
 		// 新建待办时是否默认勾选「创建后自动启动 AI 终端」。
 		// Drawer 上的开关仍可单次覆盖；这里只是默认值。
 		defaultAutoStartAi: false,
+		// 新建待办时默认套用的 Prompt 模板 ID 列表（多选）。空数组 = 不预选。
+		// 用户在 SettingsDrawer 里维护；创建任务时 TodoManage 读取此值作为表单初值。
+		defaultAppliedTemplateIds: [],
 		// 自动启动 / dispatch / 顶栏 ⌘K 等场景下使用的默认 AI 工具。
 		defaultAiTool: "claude",
 		tools: resolveToolsConfig(),
@@ -381,6 +385,9 @@ export function normalizeConfig(cfg = {}) {
 		...cfgRest,
 		defaultPermissionMode: normalizePermissionMode(cfg.defaultPermissionMode, "default"),
 		defaultAutoStartAi: !!cfg.defaultAutoStartAi,
+		defaultAppliedTemplateIds: Array.isArray(cfg.defaultAppliedTemplateIds)
+			? cfg.defaultAppliedTemplateIds.map((x) => String(x).trim()).filter(Boolean)
+			: [],
 		defaultAiTool,
 		tools: {
 			...mergedTools,
@@ -470,15 +477,38 @@ function backupCorruptConfig(file) {
 	}
 }
 
+// Atomic write: write to a sibling tmp file then rename over the target.
+// POSIX rename is atomic on the same filesystem — readers always see either
+// the old or the new file, never a half-written one. Eliminates the
+// truncated-write → JSON.parse-fail → reset-to-defaults loop.
+function atomicWriteFile(file, contents) {
+	const tmp = `${file}.${process.pid}.${Date.now()}.tmp`;
+	writeFileSync(tmp, contents);
+	renameSync(tmp, file);
+}
+
 function tryWriteConfig(file, cfg) {
 	try {
-		writeFileSync(file, JSON.stringify(cfg, null, 2));
+		atomicWriteFile(file, JSON.stringify(cfg, null, 2));
 		return true;
 	} catch {
 		return false;
 	}
 }
 
+// In-process write serialization. Concurrent PUT /api/config calls (and any
+// other server-side read-modify-write sequence) used to interleave their
+// load/save and lose each other's changes. withConfigLock chains operations
+// onto a single Promise queue so reads + writes within `fn` are atomic
+// against other queued operations. Out-of-process writers (CLI, hooks) are
+// NOT protected — see design doc R2/F4 deferred scope.
+let configWriteQueue = Promise.resolve();
+export function withConfigLock(fn) {
+	const run = configWriteQueue.then(() => fn(), () => fn());
+	configWriteQueue = run.catch(() => {});
+	return run;
+}
+
 export function loadConfig({ rootDir = DEFAULT_ROOT_DIR } = {}) {
 	ensureRoot(rootDir);
 	const file = join(rootDir, "config.json");
@@ -488,9 +518,7 @@ export function loadConfig({ rootDir = DEFAULT_ROOT_DIR } = {}) {
 		return cfg;
 	}
 	try {
-		const cfg = normalizeConfig(JSON.parse(readFileSync(file, "utf8")));
-		tryWriteConfig(file, cfg);
-		return cfg;
+		return normalizeConfig(JSON.parse(readFileSync(file, "utf8")));
 	} catch {
 		backupCorruptConfig(file);
 		const cfg = normalizeConfig();
@@ -501,7 +529,7 @@ export function loadConfig({ rootDir = DEFAULT_ROOT_DIR } = {}) {
 
 export function saveConfig(cfg, { rootDir = DEFAULT_ROOT_DIR } = {}) {
 	ensureRoot(rootDir);
-	writeFileSync(
+	atomicWriteFile(
 		join(rootDir, "config.json"),
 		JSON.stringify(normalizeConfig(cfg), null, 2),
 	);

package/src/db.js

@@ -1110,37 +1110,59 @@ export function openDb(file = ':memory:') {
     return r.changes
   }
 
-  function seedBuiltinTemplatesIfEmpty() {
-    if (ptStmts.countAll.get().n > 0) return
+  // Canonical list of builtin templates. On startup we ensure each one exists
+  // in the DB (matched by exact name + builtin=1). Missing ones get inserted;
+  // user-edited copies are left alone. Adding a new entry here will surface
+  // for existing users on next restart.
+  const BUILTIN_TEMPLATE_SEEDS = [
+    {
+      name: 'Brainstorm（脑爆）',
+      description: '先脑爆方向，不急着动手',
+      content: '请先不要直接动手实现。先针对下面的任务 brainstorm：\n- 列出 2-3 种可选方案，说明优缺点\n- 指出风险点与需要用户拍板的关键决策\n- 明确验收标准\n\n在我确认方案后再进入实现。',
+    },
+    {
+      name: '自动驾驶（Autopilot）',
+      description: '内心脑爆 → 自选最优 → 跑完 → 最后报告',
+      content: '按"自动驾驶"模式处理下面的任务，不要停下来问我。\n\n1. 先在心里 brainstorm 2-3 种实现思路，挑出最合理的一种，但不需要列出来征求我的同意。\n2. 直接执行：理解 → 实现 → 自测（跑相关测试 / 编译 / lint） → 提交。\n3. 遇到不可避免必须我决策的歧义点（例：要不要删数据、要不要对外发版），才停下来问；普通选型不要问。\n4. 跑完后输出一份三段式报告：\n   - 变更摘要：改了什么、为什么这么改\n   - 验证结果：跑了哪些自测、是否通过、有没有遗留\n   - 仍需我确认的事项：列出来 / 没有就写"无"\n5. 我考虑过哪些方案、为什么选这个，请在"变更摘要"里用一两句说明。',
+    },
+    {
+      name: '稳定优先（Stability First）',
+      description: '改动面最小、不引新依赖、不动公共 API',
+      content: '本任务执行时请优先保证"稳定"，含义：\n- 改动面尽量小，不顺手重构、不删看似无用的代码\n- 不引入新依赖、不升级现有依赖\n- 不改公共 API / 接口签名 / 数据库 schema（除非任务本身就是改这个）\n- 优先补测试覆盖现有行为；改动 hot path 时尽量保留旧路径作为兜底\n- 选型偏保守：用已经在项目里用过的库 / 写法\n如果"稳定"和任务目标冲突，告诉我，让我决定。',
+    },
+    {
+      name: '未来发展优先（Future First）',
+      description: '允许重构 / 引入抽象 / 留扩展点',
+      content: '本任务执行时请优先考虑"长期可扩展性"，含义：\n- 允许并鼓励顺手重构邻近代码，让结构更清晰\n- 可以引入新抽象 / 接口，为可预见的下一步需求留扩展点\n- 公共 API / 类型 / 数据结构允许调整，但要在报告里列出影响面（调用方 / 测试 / 文档）\n- 选型可以挑当前社区主流而非项目已有的旧写法，但要说明替换原因\n- 不要为完全假想的需求过度设计 —— 只服务"已经看到苗头"的下一步\n完成后在报告里说明：哪些是为长期留的扩展点，分别服务什么场景。',
+    },
+    {
+      name: 'Bug 修复',
+      description: '复现 → 定位 → 最小用例 → 修复 → 回归',
+      content: '按 bug 修复流程处理下面的问题：\n1. 先复现（给出复现步骤和实际 vs 预期）\n2. 定位根因（不要过早修改代码）\n3. 写一个能复现该 bug 的最小用例（如果有测试框架）\n4. 修复根因，不是修现象\n5. 回归：跑相关测试；考虑同类 bug 是否还存在',
+    },
+    {
+      name: '重构',
+      description: '先读懂 → 列出影响面 → 小步重构',
+      content: '按照小步重构原则处理下面的任务：\n1. 先通读相关代码，复述你的理解\n2. 列出此次重构的影响面（调用方 / 测试 / 类型）\n3. 每一步只改一件事，保持可运行\n4. 每步后跑一次测试（如果有）\n5. 不要顺手加功能、不要引入新抽象，除非当前任务要求',
+    },
+    {
+      name: '写测试',
+      description: 'TDD：红 → 绿 → 重构',
+      content: '用 TDD 的方式处理下面的任务：\n1. 先列出测试矩阵（输入 × 场景）\n2. 先写一个最简失败用例（红）\n3. 用最小改动让它通过（绿）\n4. 重构（保持绿）\n5. 重复 2-4 直到覆盖矩阵\n不 mock 真实依赖（除非跨网络/支付等）。',
+    },
+    {
+      name: '代码评审',
+      description: '只评审，不改代码',
+      content: '请只做代码评审，不要修改代码。按下面的维度给出具体反馈：\n- 可读性：命名、结构、注释\n- 正确性：边界、错误处理、并发\n- 安全性：注入、鉴权、敏感数据\n- 性能：明显的 N+1 / 无谓复制\n- 简洁性：是否有过度设计 / 可删除的冗余\n每条反馈给出文件:行号 + 建议。',
+    },
+  ]
+  const findBuiltinByName = db.prepare(
+    `SELECT id FROM prompt_templates WHERE builtin = 1 AND name = ? LIMIT 1`,
+  )
+  function ensureBuiltinTemplates() {
     const now = Date.now()
-    const seeds = [
-      {
-        name: 'Brainstorm（脑爆）',
-        description: '先脑爆方向，不急着动手',
-        content: '请先不要直接动手实现。先针对下面的任务 brainstorm：\n- 列出 2-3 种可选方案，说明优缺点\n- 指出风险点与需要用户拍板的关键决策\n- 明确验收标准\n\n在我确认方案后再进入实现。',
-      },
-      {
-        name: 'Bug 修复',
-        description: '复现 → 定位 → 最小用例 → 修复 → 回归',
-        content: '按 bug 修复流程处理下面的问题：\n1. 先复现（给出复现步骤和实际 vs 预期）\n2. 定位根因（不要过早修改代码）\n3. 写一个能复现该 bug 的最小用例（如果有测试框架）\n4. 修复根因，不是修现象\n5. 回归：跑相关测试；考虑同类 bug 是否还存在',
-      },
-      {
-        name: '重构',
-        description: '先读懂 → 列出影响面 → 小步重构',
-        content: '按照小步重构原则处理下面的任务：\n1. 先通读相关代码，复述你的理解\n2. 列出此次重构的影响面（调用方 / 测试 / 类型）\n3. 每一步只改一件事，保持可运行\n4. 每步后跑一次测试（如果有）\n5. 不要顺手加功能、不要引入新抽象，除非当前任务要求',
-      },
-      {
-        name: '写测试',
-        description: 'TDD：红 → 绿 → 重构',
-        content: '用 TDD 的方式处理下面的任务：\n1. 先列出测试矩阵（输入 × 场景）\n2. 先写一个最简失败用例（红）\n3. 用最小改动让它通过（绿）\n4. 重构（保持绿）\n5. 重复 2-4 直到覆盖矩阵\n不 mock 真实依赖（除非跨网络/支付等）。',
-      },
-      {
-        name: '代码评审',
-        description: '只评审，不改代码',
-        content: '请只做代码评审，不要修改代码。按下面的维度给出具体反馈：\n- 可读性：命名、结构、注释\n- 正确性：边界、错误处理、并发\n- 安全性：注入、鉴权、敏感数据\n- 性能：明显的 N+1 / 无谓复制\n- 简洁性：是否有过度设计 / 可删除的冗余\n每条反馈给出文件:行号 + 建议。',
-      },
-    ]
-    seeds.forEach((s, i) => {
+    BUILTIN_TEMPLATE_SEEDS.forEach((s, i) => {
+      if (findBuiltinByName.get(s.name)) return
       ptStmts.insert.run({
         id: randomUUID(),
         name: s.name,
@@ -1153,7 +1175,7 @@ export function openDb(file = ':memory:') {
       })
     })
   }
-  seedBuiltinTemplatesIfEmpty()
+  ensureBuiltinTemplates()
 
   const wikiStmts = {
     insertRun: db.prepare(`

package/src/lark-bot.js

@@ -126,6 +126,38 @@ export function normalizeEvent(raw = {}) {
  * action.value 是按钮的 value（构卡片时塞的 JSON），约定字段：
  *   { callback_data: 'qt:perm:abcd:allow' }   // 跟 telegram 的 callback_data 同字符串格式
  */
+/**
+ * 把 wizard 风格的 callback 返回值（{toast: '字符串', chosenLabel, action, editOriginal}）
+ * 适配成 Lark 卡片回调期望的 schema（{toast: {type, content}}）。
+ *
+ * 背景：Lark SDK 的 WSClient.handleEventData 把 handler 的返回值 base64 编码后回写到
+ * WebSocket frame；Lark 服务端反序列化时按文档校验 toast 必须是 `{type, content}` 对象，
+ * wizard 直传 string 会失败 → 飞书 UI 弹「出错了，请稍后重试 code: 200340」。
+ * 文档：https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/feishu-cards/card-callback/card-callback-communication
+ *
+ * 已经是 Lark 格式的（{toast: {type, content}}）直接放过；undefined → 不显 toast。
+ */
+export function adaptWizardResponseToLark(r) {
+  if (!r || typeof r !== 'object') return undefined
+
+  // 已是 Lark 形态（{toast: {type?, content}}） → 透传，保留 caller 想自己控的 type
+  if (r.toast && typeof r.toast === 'object' && (typeof r.toast.content === 'string' || r.toast.i18n)) {
+    const out = { toast: { ...r.toast } }
+    if (!out.toast.type) out.toast.type = 'info'
+    return out
+  }
+
+  // wizard 形态（toast: string）→ 按 action 字段推断 type
+  const content = typeof r.toast === 'string' ? r.toast.trim() : ''
+  if (!content) return undefined  // 没有 toast 文本就别 emit，Lark UI 默认无提示
+  let type = 'info'
+  const action = String(r.action || '')
+  if (action.includes('allow') || action.includes('sent')) type = 'success'
+  else if (action.includes('stale') || action.includes('invalid')) type = 'warning'
+  else if (action.includes('failed') || action.includes('error') || action.includes('unavailable')) type = 'error'
+  return { toast: { type, content } }
+}
+
 export function normalizeCardAction(raw = {}) {
   const event = raw.event || raw
   const action = event.action || {}
@@ -418,20 +450,24 @@ export function createLarkBot({
 
   async function handleCardAction(raw) {
     const ev = normalizeCardAction(raw)
+    logger.info?.(`[lark-bot] card action received: callbackData=${ev.callbackData || 'null'} chatId=${ev.chatId || 'null'} from=${ev.fromUserId || 'null'}`)
     if (!ev.chatId || !ev.callbackData) {
-      return { ok: false, reason: 'invalid_card_action' }
+      const r = adaptWizardResponseToLark({ toast: '⚠️ 无效的卡片回传', action: 'invalid' })
+      logger.info?.(`[lark-bot] card action → Lark resp: ${JSON.stringify(r)}`)
+      return r
     }
     const configuredChatId = getConfig()?.lark?.chatId
     if (configuredChatId && ev.chatId !== String(configuredChatId)) {
       logger.warn?.(`[lark-bot] ignored card_action from other chat: ${ev.chatId}`)
-      return { ok: true, action: 'ignored_chat' }
+      // 跨群点的卡片：返回最小合法响应（带个 info toast），避免 Lark UI 弹 200340 generic 错误
+      return { toast: { type: 'info', content: '已忽略（非本群）' } }
     }
     if (typeof wizard.handleCallback !== 'function') {
       logger.warn?.(`[lark-bot] wizard.handleCallback unavailable; dropping lark card action`)
-      return { ok: false, reason: 'no_handler' }
+      return adaptWizardResponseToLark({ toast: '⚠️ 服务未就绪', action: 'failed' })
     }
     try {
-      return await wizard.handleCallback({
+      const wizardR = await wizard.handleCallback({
         channel: 'lark',
         chatId: ev.chatId,
         threadId: ev.threadId,
@@ -439,9 +475,12 @@ export function createLarkBot({
         callbackData: ev.callbackData,
         fromUserId: ev.fromUserId,
       })
+      const adapted = adaptWizardResponseToLark(wizardR)
+      logger.info?.(`[lark-bot] card action → wizard returned ${JSON.stringify(wizardR)} → Lark resp: ${JSON.stringify(adapted)}`)
+      return adapted
     } catch (e) {
       logger.warn?.(`[lark-bot] card action handler failed: ${e.message}`)
-      return { ok: false, reason: 'handler_failed', detail: e.message }
+      return adaptWizardResponseToLark({ toast: `⚠️ 处理失败：${e.message}`, action: 'failed' })
     }
   }
 

package/src/mcp/tools/openclaw/index.js

@@ -315,7 +315,7 @@ export function registerOpenClawTools(server, deps) {
           // 拼按钮失败不阻塞；纯文本兜底（用户照样能数字回复）
         }
 
-        const sendResult = await openclaw.postText({
+        const sendResult = await openclaw.broadcastText({
           sessionId,
           message: lines.join('\n'),
           replyMarkup: askUserMarkup,

package/src/openclaw-bridge.js

@@ -132,6 +132,7 @@ export function createOpenClawBridge({
   telegramSender = sendViaTelegramAPI,                // 测试用：可 mock fake fetch
   telegramBot: initialTelegramBot = null,              // 可选：用于 sendDocument 附件
   larkBot: initialLarkBot = null,
+  getRoutesForSession = null,                          // 注入：读 db 双路由（telegram + lark），broadcastEcho 用
 } = {}) {
   let telegramBot = initialTelegramBot
   let larkBot = initialLarkBot
@@ -140,7 +141,8 @@ export function createOpenClawBridge({
 
   // 出站限流环形缓冲：每分钟 ≤ rateLimitPerMin 条
   const sendTimestamps = []
-  // sessionId → { targetUserId, account, channel }
+  // sessionId → Map<channel, route> —— 一个 session 可同时绑 telegram + lark + weixin
+  // Map 保留插入顺序，"最新注册的那条"可以靠遍历最后一个值拿到，用于无 channel hint 的 fallback。
   const sessionRoutes = new Map()
   // peerUserId → { sessionId, sentAt } — 最近一次推到该 peer 的 session
   // 用于 PTY stdin proxy：用户在微信回话时知道往哪个 PTY 写
@@ -168,18 +170,38 @@ export function createOpenClawBridge({
     sendTimestamps.push(nowMs())
   }
 
+  function getRoutesInner(sessionId) {
+    return sessionRoutes.get(sessionId) || null
+  }
+
+  function ensureRoutesInner(sessionId) {
+    let inner = sessionRoutes.get(sessionId)
+    if (!inner) {
+      inner = new Map()
+      sessionRoutes.set(sessionId, inner)
+    }
+    return inner
+  }
+
+  function allRoutesForSession(sessionId) {
+    const inner = getRoutesInner(sessionId)
+    return inner ? Array.from(inner.values()) : []
+  }
+
   function registerSessionRoute(sessionId, { targetUserId, account, channel, threadId, rootMessageId, topicName, triggerMessageId, messageAppLink } = {}) {
     if (!sessionId || !targetUserId) return
-    sessionRoutes.set(sessionId, {
+    const effectiveChannel = channel || getOpenClawConfig().channel || 'openclaw-weixin'
+    const route = {
       targetUserId,
       account: account || null,
-      channel: channel || getOpenClawConfig().channel || 'openclaw-weixin',
-      threadId: threadId != null ? threadId : null,    // ← Telegram Topic 路由用
+      channel: effectiveChannel,
+      threadId: threadId != null ? threadId : null,
       rootMessageId: rootMessageId || null,
-      topicName: topicName || null,                     // ← SessionEnd 改名 ✅ 用
-      triggerMessageId: triggerMessageId != null ? triggerMessageId : null,  // D 方案：reaction 加在用户触发消息上
+      topicName: topicName || null,
+      triggerMessageId: triggerMessageId != null ? triggerMessageId : null,
       messageAppLink: messageAppLink || null,
-    })
+    }
+    ensureRoutesInner(sessionId).set(effectiveChannel, route)
   }
 
   function clearSessionRoute(sessionId, reason = 'unknown') {
@@ -190,12 +212,20 @@ export function createOpenClawBridge({
   }
 
   function hasExplicitRoute(sessionId) {
-    return Boolean(sessionId && sessionRoutes.has(sessionId))
+    if (!sessionId) return false
+    const inner = sessionRoutes.get(sessionId)
+    return Boolean(inner && inner.size > 0)
   }
 
-  function resolveRoute(sessionId) {
-    const explicit = sessionRoutes.get(sessionId)
-    if (explicit) return explicit
+  function resolveRoute(sessionId, channel = null) {
+    const inner = getRoutesInner(sessionId)
+    if (inner && inner.size > 0) {
+      if (channel) return inner.get(channel) || null
+      // 无 channel hint：返回最新注册的（Map 保留插入顺序，最后一个 value 是 latest）
+      let last = null
+      for (const r of inner.values()) last = r
+      return last
+    }
     const oc = getOpenClawConfig()
     if (!oc.targetUserId) return null
     return {
@@ -219,7 +249,7 @@ export function createOpenClawBridge({
     if (!rateLimitOk()) return { ok: false, reason: 'rate_limited' }
 
     const oc = getOpenClawConfig()
-    const route = sessionId ? resolveRoute(sessionId) : null
+    const route = sessionId ? resolveRoute(sessionId, channel || null) : null
     const effectiveChannel = channel || route?.channel || oc.channel || 'openclaw-weixin'
     const rawTarget = target || route?.targetUserId || oc.targetUserId
     const effectiveTarget = normalizeTarget(rawTarget, effectiveChannel)
@@ -269,8 +299,8 @@ export function createOpenClawBridge({
         const threadIdForSend = route?.threadId || null
         // 防御兜底：sessionId-routed 但没拿到 thread → fallback 路径，不能静默落 General。
         // 仅当 caller 传了 sessionId 时启用（无 sessionId 是显式 broadcast，允许直发默认 chat）。
-        if (!threadIdForSend && sessionId && !sessionRoutes.has(sessionId)) {
-          logger.warn?.(`[openclaw-bridge] refuse send to telegram general: sid=${sessionId} has no registered route (routesSize=${sessionRoutes.size}); would have leaked to General. msgLen=${message.length}`)
+        if (!threadIdForSend && sessionId && !hasExplicitRoute(sessionId)) {
+          logger.warn?.(`[openclaw-bridge] refuse send to telegram general: sid=${sessionId} has no registered route (routesSize=${sessionRoutes.size}); would have leaked to General. msgLen=${message.length}`)  // sessionRoutes.size = outer Map size (number of sessions)
           return { ok: false, reason: 'no_thread_id_route_missing' }
         }
         logger.info?.(`[openclaw-bridge] telegram send sessionId=${sessionId} chatId=${effectiveTarget} threadId=${threadIdForSend} (route=${route ? JSON.stringify({tid: route.threadId, tn: route.topicName}) : 'null'}) attachment=${attachment ? 'yes' : 'no'} msgLen=${message.length}`)
@@ -445,12 +475,16 @@ export function createOpenClawBridge({
   function findSessionsByTarget(peer) {
     if (!peer) return []
     const out = []
-    for (const [sid, info] of sessionRoutes) {
-      // 同一个 peer 可能有多个 session；route 里 targetUserId 可能带或不带后缀
-      const tgt = info?.targetUserId || ''
-      if (tgt === peer || tgt.startsWith(peer + '@') || peer.startsWith(tgt + '@')) {
-        out.push(sid)
+    for (const [sid, inner] of sessionRoutes) {
+      let matched = false
+      for (const info of inner.values()) {
+        const tgt = info?.targetUserId || ''
+        if (tgt === peer || tgt.startsWith(peer + '@') || peer.startsWith(tgt + '@')) {
+          matched = true
+          break
+        }
       }
+      if (matched) out.push(sid)
     }
     return out
   }
@@ -479,15 +513,17 @@ export function createOpenClawBridge({
   function findSessionByRoute({ channel = null, chatId, threadId = null, rootMessageId = null } = {}) {
     if (!chatId) return null
     const targetStr = String(chatId)
-    for (const [sid, info] of sessionRoutes) {
-      if (channel && info?.channel !== channel) continue
-      if (String(info?.targetUserId || '') !== targetStr) continue
-      if (rootMessageId) {
-        if (info?.rootMessageId === rootMessageId) return sid
-        continue
+    for (const [sid, inner] of sessionRoutes) {
+      for (const info of inner.values()) {
+        if (channel && info?.channel !== channel) continue
+        if (String(info?.targetUserId || '') !== targetStr) continue
+        if (rootMessageId) {
+          if (info?.rootMessageId === rootMessageId) return sid
+          continue
+        }
+        if ((info?.threadId || null) !== (threadId || null)) continue
+        return sid
       }
-      if ((info?.threadId || null) !== (threadId || null)) continue
-      return sid
     }
     return null
   }
@@ -535,15 +571,127 @@ export function createOpenClawBridge({
     }
   }
 
+  /**
+   * 把 user prompt echo 到所有已绑定的 IM thread，排除 origin channel。
+   * 路由从注入的 getRoutesForSession 拿（读 db 双路由），不依赖 in-memory sessionRoutes
+   * （后者每 session 只有一条 route，无法跨 telegram + lark 同时发）。
+   *
+   * 失败一律静默 warn —— echo 是辅助路径，不能影响 agent 的 Stop hook 主流程。
+   */
+  async function broadcastEcho({ sessionId, message, excludeChannel } = {}) {
+    if (!sessionId || !message) return { skipped: true, reason: 'missing_args' }
+    if (typeof getRoutesForSession !== 'function') return { skipped: true, reason: 'no_routes_fn' }
+    if (!rateLimitOk()) return { skipped: true, reason: 'rate_limited' }
+
+    let routes
+    try {
+      routes = getRoutesForSession(sessionId) || {}
+    } catch (e) {
+      logger?.warn?.(`[openclaw-bridge] broadcastEcho getRoutesForSession threw: ${e.message}`)
+      return { skipped: true, reason: 'routes_lookup_failed' }
+    }
+    const { telegram: tg, lark: lk } = routes
+    const results = { telegram: null, lark: null }
+
+    if (excludeChannel === 'telegram') {
+      results.telegram = { skipped: true, reason: 'excluded' }
+    } else if (!tg?.threadId || !tg?.targetUserId) {
+      results.telegram = { skipped: true, reason: 'no_route' }
+    } else {
+      const token = getTelegramTokenFromConfig(getConfig())
+      if (!token) {
+        results.telegram = { ok: false, reason: 'no_token' }
+      } else {
+        try {
+          results.telegram = await telegramSender({
+            token,
+            chatId: String(tg.targetUserId),
+            threadId: Number(tg.threadId),
+            text: message,
+            logger,
+          })
+          if (results.telegram?.ok) recordSend()
+        } catch (e) {
+          logger?.warn?.(`[openclaw-bridge] broadcastEcho telegram threw: ${e.message}`)
+          results.telegram = { ok: false, reason: 'threw', detail: e.message }
+        }
+      }
+    }
+
+    if (excludeChannel === 'lark') {
+      results.lark = { skipped: true, reason: 'excluded' }
+    } else if (!lk?.rootMessageId || !larkBot?.replyInThread) {
+      results.lark = { skipped: true, reason: 'no_route' }
+    } else {
+      try {
+        results.lark = await larkBot.replyInThread({
+          rootMessageId: String(lk.rootMessageId),
+          text: message,
+        })
+        if (results.lark?.ok) recordSend()
+      } catch (e) {
+        logger?.warn?.(`[openclaw-bridge] broadcastEcho lark threw: ${e.message}`)
+        results.lark = { ok: false, reason: 'threw', detail: e.message }
+      }
+    }
+
+    return results
+  }
+
+  /**
+   * Fan-out 文本到 sessionId 当前所有绑定的 channel。Stop hook / ask_user / dispatcher 警告类
+   * 消息走这里，确保 telegram + lark 都能看到（cross-channel mirror 对齐）。
+   *
+   * 实现：对每个绑定的 channel 调用一次 postText（显式带 channel），复用现有的限流、
+   * fast-path、CLI fallback。返回 byChannel 聚合结果。
+   */
+  async function broadcastText({ sessionId, message, replyMarkup = null, attachment = null, excludeChannel = null } = {}) {
+    if (!sessionId || !message) return { skipped: true, reason: 'missing_args' }
+    const routes = allRoutesForSession(sessionId)
+    if (!routes.length) {
+      // session 没有任何 in-memory 路由 → 退回单 postText（用 config 默认 target）。
+      // 行为对齐改造前的 postText({sessionId, message}) 老语义。
+      const r = await postText({ sessionId, message, replyMarkup, attachment })
+      return { ok: !!r?.ok, byChannel: { default: r }, fanout: false }
+    }
+    const byChannel = {}
+    let anyOk = false
+    for (const route of routes) {
+      if (route.channel === excludeChannel) {
+        byChannel[route.channel] = { skipped: true, reason: 'excluded' }
+        continue
+      }
+      const r = await postText({
+        sessionId,
+        message,
+        channel: route.channel,
+        target: route.targetUserId,
+        replyMarkup,
+        attachment,
+      })
+      byChannel[route.channel] = r
+      if (r?.ok) anyOk = true
+    }
+    return { ok: anyOk, byChannel, fanout: true }
+  }
+
   function setTelegramBot(bot) { telegramBot = bot }
   function setLarkBot(bot) { larkBot = bot || null }
   function setTopicGoneHandler(fn) { topicGoneHandler = typeof fn === 'function' ? fn : null }
   function listSessionRoutes() {
-    return Array.from(sessionRoutes.entries()).map(([sessionId, info]) => ({ sessionId, ...info }))
+    const out = []
+    for (const [sid, inner] of sessionRoutes) {
+      for (const route of inner.values()) {
+        out.push({ sessionId: sid, ...route })
+      }
+    }
+    return out
   }
 
   return {
     postText,
+    broadcastText,
+    broadcastEcho,
     healthCheck,
     isEnabled,
     registerSessionRoute,

package/src/openclaw-hook-installer.js

@@ -23,7 +23,7 @@ import { fileURLToPath } from 'node:url'
 import { DEFAULT_ROOT_DIR } from './config.js'
 
 const QUADTODO_MANAGED_KEY = '_quadtodoManaged'
-const HOOK_EVENTS = ['Stop', 'Notification', 'SessionEnd']
+const HOOK_EVENTS = ['Stop', 'Notification', 'SessionEnd', 'UserPromptSubmit']
 const HOOK_VERSION_RE = /quadtodo-hook-version:\s*(\d+)/
 
 function defaultHookScriptPath() {
@@ -52,6 +52,7 @@ function buildHookEntry(event, hookScriptPath) {
   // Claude Code hook 格式（参考其文档）：matchers 数组里每项有 type+command
   const eventLower = event === 'SessionEnd' ? 'session-end'
     : event === 'Notification' ? 'notification'
+    : event === 'UserPromptSubmit' ? 'user-prompt-submit'
     : 'stop'
   return {
     matcher: '*',