npm - botmux - Versions diffs - 2.85.0 → 2.85.1 - Mend

botmux 2.85.0 → 2.85.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +22 -13
package/dist/cli.js.map +1 -1
package/dist/daemon.d.ts.map +1 -1
package/dist/daemon.js +4 -1
package/dist/daemon.js.map +1 -1
package/dist/dashboard/bot-onboarding.d.ts +24 -8
package/dist/dashboard/bot-onboarding.d.ts.map +1 -1
package/dist/dashboard/bot-onboarding.js +170 -49
package/dist/dashboard/bot-onboarding.js.map +1 -1
package/dist/dashboard/bot-payload.d.ts +43 -0
package/dist/dashboard/bot-payload.d.ts.map +1 -0
package/dist/dashboard/bot-payload.js +44 -0
package/dist/dashboard/bot-payload.js.map +1 -0
package/dist/dashboard/registry.d.ts +2 -0
package/dist/dashboard/registry.d.ts.map +1 -1
package/dist/dashboard/registry.js.map +1 -1
package/dist/dashboard/web/bot-defaults.d.ts +1 -0
package/dist/dashboard/web/bot-defaults.d.ts.map +1 -1
package/dist/dashboard/web/bot-defaults.js +6 -3
package/dist/dashboard/web/bot-defaults.js.map +1 -1
package/dist/dashboard/web/bot-onboarding.d.ts.map +1 -1
package/dist/dashboard/web/bot-onboarding.js +60 -4
package/dist/dashboard/web/bot-onboarding.js.map +1 -1
package/dist/dashboard/web/i18n.d.ts.map +1 -1
package/dist/dashboard/web/i18n.js +14 -0
package/dist/dashboard/web/i18n.js.map +1 -1
package/dist/dashboard/web/overview.d.ts +22 -0
package/dist/dashboard/web/overview.d.ts.map +1 -1
package/dist/dashboard/web/overview.js +6 -1
package/dist/dashboard/web/overview.js.map +1 -1
package/dist/dashboard-web/app.js +261 -250
package/dist/dashboard.js +58 -36
package/dist/dashboard.js.map +1 -1
package/dist/im/lark/client.d.ts.map +1 -1
package/dist/im/lark/client.js +23 -1
package/dist/im/lark/client.js.map +1 -1
package/dist/im/lark/event-dispatcher.d.ts.map +1 -1
package/dist/im/lark/event-dispatcher.js +16 -9
package/dist/im/lark/event-dispatcher.js.map +1 -1
package/dist/setup/cli-selection.d.ts +20 -1
package/dist/setup/cli-selection.d.ts.map +1 -1
package/dist/setup/cli-selection.js +45 -5
package/dist/setup/cli-selection.js.map +1 -1
package/dist/worker.js +10 -1
package/dist/worker.js.map +1 -1
package/package.json +1 -1

package/dist/cli.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";~~AA86IA~~;;;;;;;;;;;GAWG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,EACvC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,qBAAqB,EAAE,SAAS,CAAC,EAC9F,KAAK,EAAE,MAAM,EACb,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,OAAO,2BAA2B,EAAE,UAAU,GAAG,IAAI,CAAC,GACzF,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA8F7B"}
1	+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AA47IA;;;;;;;;;;;GAWG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,EACvC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,qBAAqB,EAAE,SAAS,CAAC,EAC9F,KAAK,EAAE,MAAM,EACb,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,OAAO,2BAA2B,EAAE,UAAU,GAAG,IAAI,CAAC,GACzF,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA8F7B"}

package/dist/cli.js CHANGED Viewed

@@ -531,10 +531,11 @@ async function obtainCredentials(rl) {
     return { ok: true, appId, appSecret, brand };
 }
 /**
- * 用指定应用凭证把 open_id (ou_) 解析成 union_id (on_，跨应用稳定)。
- * 查询失败（无 contact 权限 / API 错误）则 fallback 返回原 open_id。
+ * 用新应用自身凭证验证扫码链路拿到的 open_id。
+ * 能解析 union_id 时写 on_；没有 union_id 但 open_id 对当前 app 有效时写 ou_。
+ * 查询失败或用户不在当前 app 视角时返回 undefined，调用方不得 fallback 写入该 ou_。
  */
-async function resolveOpenIdToUnionId(appId, appSecret, openId, brand = 'feishu') {
+async function resolveScannerAllowedUser(appId, appSecret, openId, brand = 'feishu') {
     try {
         const { Client } = await import('@larksuiteoapi/node-sdk');
         // brand → 域名。Lark 扫码人 ou_→on_ 必须打 larksuite.com，否则失败丢掉 cross-app 稳定性。
@@ -543,11 +544,12 @@ async function resolveOpenIdToUnionId(appId, appSecret, openId, brand = 'feishu'
             path: { user_id: openId },
             params: { user_id_type: 'open_id' },
         });
-        if (res.code === 0 && res.data?.user?.union_id)
-            return res.data.user.union_id;
+        if (res.code === 0 && res.data?.user) {
+            return res.data.user.union_id ?? openId;
+        }
     }
-    catch { /* fallback */ }
-    return openId;
+    catch { /* do not trust scanner open_id when verification fails */ }
+    return undefined;
 }
 /**
  * 手动建 bot 时（没有扫码人 open_id）必须指定至少一个 owner.
@@ -569,11 +571,11 @@ async function promptRequiredOwner(rl) {
         }
         const invalid = findInvalidAllowedUserEntries(entries);
         if (invalid.length > 0) {
-            console.log(`   ❌ 以下不是完整邮箱或 open_id（邮箱前缀不接受）: ${invalid.join(', ')}`);
+            console.log(`   ❌ 以下不是完整邮箱、union_id 或 open_id（邮箱前缀不接受）: ${invalid.join(', ')}`);
             continue;
         }
         if (!hasOwnerEntry(entries)) {
-            console.log('   ❌ 至少需要一个 open_id 或完整邮箱作为 owner。');
+            console.log('   ❌ 至少需要一个完整邮箱、union_id 或 open_id 作为 owner。');
             continue;
         }
         return entries;
@@ -633,13 +635,20 @@ async function promptBotConfig(rl) {
     }
     // setup 不再询问 model（用户常选到无权限的 model，setup 完一发消息就 spawn
     // 报错，排查成本高）。需要指定 model 走 /config 卡片或手动编辑 bots.json。
-    // 扫码场景默认填扫码人自己 (registerApp 返回里有 open_id), 天然就是 owner.
-    // 优先解析成 union_id (on_，跨应用稳定)；失败则 fallback 到 open_id (ou_)。
+    // 扫码场景默认填扫码人自己，但 registerApp 返回的 open_id 不能直接信任：
+    // 只有新 app 自身能验证时才写入 allowedUsers；验证失败则要求手动填写 owner。
     // 手动 fallback 场景没 open_id —— 必须显式指定 owner, 否则配置无 owner:
     // allowedUsers 为空时虽然"全开放", 但一旦后续加了 allowedChatGroups 就会变成
     // "群成员能对话却没人能做敏感操作 / 用 /grant". setup 阶段强制收口, 不允许没 owner.
     if (creds.userOpenId) {
-        bot.allowedUsers = [await resolveOpenIdToUnionId(creds.appId, creds.appSecret, creds.userOpenId, creds.brand)];
+        const owner = await resolveScannerAllowedUser(creds.appId, creds.appSecret, creds.userOpenId, creds.brand);
+        if (owner) {
+            bot.allowedUsers = [owner];
+        }
+        else {
+            console.log('⚠️  无法确认扫码人的 open_id 属于当前新应用，请手动填写 owner。');
+            bot.allowedUsers = await promptRequiredOwner(rl);
+        }
     }
     else {
         bot.allowedUsers = await promptRequiredOwner(rl);
@@ -738,7 +747,7 @@ async function promptEditBotConfig(rl, bot) {
     ]);
     input.workingDir = await ask(rl, `默认工作目录 [${formatOptionalValue(bot.workingDir)}]: `);
     printInputHelp('允许的用户', [
-        '可选。限制哪些飞书用户可以操作机器人，支持完整邮箱（如 alice@example.com）或 open_id（ou_xxx），多个值用逗号分隔。',
+        '可选。限制哪些飞书用户可以操作机器人，支持完整邮箱（如 alice@example.com）、union_id（on_xxx）或 open_id（ou_xxx），多个值用逗号分隔。',
         '注意：必须是完整邮箱，邮箱前缀（如 alice）无法解析、会被丢弃。',
         '留空保留当前值；输入 - 清空限制。',
     ]);