npm - cc-lark - Versions diffs - 0.1.1 - Mend

cc-lark 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (298) hide show

package/.github/workflows/ci.yml +47 -0
package/.github/workflows/release.yml +47 -0
package/.github/workflows/sync-upstream.yml +127 -0
package/.prettierrc.json +7 -0
package/README.md +214 -0
package/dist/core/api-error.d.ts +193 -0
package/dist/core/api-error.d.ts.map +1 -0
package/dist/core/api-error.js +263 -0
package/dist/core/api-error.js.map +1 -0
package/dist/core/auth-errors.d.ts +13 -0
package/dist/core/auth-errors.d.ts.map +1 -0
package/dist/core/auth-errors.js +14 -0
package/dist/core/auth-errors.js.map +1 -0
package/dist/core/config.d.ts +60 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +115 -0
package/dist/core/config.js.map +1 -0
package/dist/core/device-flow.d.ts +80 -0
package/dist/core/device-flow.d.ts.map +1 -0
package/dist/core/device-flow.js +231 -0
package/dist/core/device-flow.js.map +1 -0
package/dist/core/index.d.ts +16 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +16 -0
package/dist/core/index.js.map +1 -0
package/dist/core/lark-client.d.ts +136 -0
package/dist/core/lark-client.d.ts.map +1 -0
package/dist/core/lark-client.js +315 -0
package/dist/core/lark-client.js.map +1 -0
package/dist/core/token-store.d.ts +67 -0
package/dist/core/token-store.d.ts.map +1 -0
package/dist/core/token-store.js +215 -0
package/dist/core/token-store.js.map +1 -0
package/dist/core/types.d.ts +286 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/core/types.js +11 -0
package/dist/core/types.js.map +1 -0
package/dist/core/uat-client.d.ts +64 -0
package/dist/core/uat-client.d.ts.map +1 -0
package/dist/core/uat-client.js +227 -0
package/dist/core/uat-client.js.map +1 -0
package/dist/core/version.d.ts +26 -0
package/dist/core/version.d.ts.map +1 -0
package/dist/core/version.js +50 -0
package/dist/core/version.js.map +1 -0
package/dist/index.d.ts +12 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +116 -0
package/dist/index.js.map +1 -0
package/dist/tools/bitable/app.d.ts +20 -0
package/dist/tools/bitable/app.d.ts.map +1 -0
package/dist/tools/bitable/app.js +301 -0
package/dist/tools/bitable/app.js.map +1 -0
package/dist/tools/bitable/field.d.ts +19 -0
package/dist/tools/bitable/field.d.ts.map +1 -0
package/dist/tools/bitable/field.js +315 -0
package/dist/tools/bitable/field.js.map +1 -0
package/dist/tools/bitable/index.d.ts +21 -0
package/dist/tools/bitable/index.d.ts.map +1 -0
package/dist/tools/bitable/index.js +39 -0
package/dist/tools/bitable/index.js.map +1 -0
package/dist/tools/bitable/record.d.ts +22 -0
package/dist/tools/bitable/record.d.ts.map +1 -0
package/dist/tools/bitable/record.js +434 -0
package/dist/tools/bitable/record.js.map +1 -0
package/dist/tools/bitable/table.d.ts +21 -0
package/dist/tools/bitable/table.d.ts.map +1 -0
package/dist/tools/bitable/table.js +361 -0
package/dist/tools/bitable/table.js.map +1 -0
package/dist/tools/calendar/calendar.d.ts +18 -0
package/dist/tools/calendar/calendar.d.ts.map +1 -0
package/dist/tools/calendar/calendar.js +192 -0
package/dist/tools/calendar/calendar.js.map +1 -0
package/dist/tools/calendar/event.d.ts +20 -0
package/dist/tools/calendar/event.d.ts.map +1 -0
package/dist/tools/calendar/event.js +465 -0
package/dist/tools/calendar/event.js.map +1 -0
package/dist/tools/calendar/index.d.ts +19 -0
package/dist/tools/calendar/index.d.ts.map +1 -0
package/dist/tools/calendar/index.js +37 -0
package/dist/tools/calendar/index.js.map +1 -0
package/dist/tools/chat/chat.d.ts +11 -0
package/dist/tools/chat/chat.d.ts.map +1 -0
package/dist/tools/chat/chat.js +106 -0
package/dist/tools/chat/chat.js.map +1 -0
package/dist/tools/chat/index.d.ts +11 -0
package/dist/tools/chat/index.d.ts.map +1 -0
package/dist/tools/chat/index.js +20 -0
package/dist/tools/chat/index.js.map +1 -0
package/dist/tools/chat/members.d.ts +9 -0
package/dist/tools/chat/members.d.ts.map +1 -0
package/dist/tools/chat/members.js +80 -0
package/dist/tools/chat/members.js.map +1 -0
package/dist/tools/common/get-user.d.ts +11 -0
package/dist/tools/common/get-user.d.ts.map +1 -0
package/dist/tools/common/get-user.js +112 -0
package/dist/tools/common/get-user.js.map +1 -0
package/dist/tools/common/index.d.ts +11 -0
package/dist/tools/common/index.d.ts.map +1 -0
package/dist/tools/common/index.js +20 -0
package/dist/tools/common/index.js.map +1 -0
package/dist/tools/common/search-user.d.ts +9 -0
package/dist/tools/common/search-user.d.ts.map +1 -0
package/dist/tools/common/search-user.js +88 -0
package/dist/tools/common/search-user.js.map +1 -0
package/dist/tools/doc/create.d.ts +17 -0
package/dist/tools/doc/create.d.ts.map +1 -0
package/dist/tools/doc/create.js +159 -0
package/dist/tools/doc/create.js.map +1 -0
package/dist/tools/doc/fetch.d.ts +17 -0
package/dist/tools/doc/fetch.d.ts.map +1 -0
package/dist/tools/doc/fetch.js +123 -0
package/dist/tools/doc/fetch.js.map +1 -0
package/dist/tools/doc/index.d.ts +21 -0
package/dist/tools/doc/index.d.ts.map +1 -0
package/dist/tools/doc/index.js +33 -0
package/dist/tools/doc/index.js.map +1 -0
package/dist/tools/doc/shared.d.ts +69 -0
package/dist/tools/doc/shared.d.ts.map +1 -0
package/dist/tools/doc/shared.js +172 -0
package/dist/tools/doc/shared.js.map +1 -0
package/dist/tools/doc/update.d.ts +25 -0
package/dist/tools/doc/update.d.ts.map +1 -0
package/dist/tools/doc/update.js +208 -0
package/dist/tools/doc/update.js.map +1 -0
package/dist/tools/drive/file.d.ts +13 -0
package/dist/tools/drive/file.d.ts.map +1 -0
package/dist/tools/drive/file.js +212 -0
package/dist/tools/drive/file.js.map +1 -0
package/dist/tools/drive/index.d.ts +12 -0
package/dist/tools/drive/index.d.ts.map +1 -0
package/dist/tools/drive/index.js +25 -0
package/dist/tools/drive/index.js.map +1 -0
package/dist/tools/im/format-messages.d.ts +99 -0
package/dist/tools/im/format-messages.d.ts.map +1 -0
package/dist/tools/im/format-messages.js +277 -0
package/dist/tools/im/format-messages.js.map +1 -0
package/dist/tools/im/helpers.d.ts +53 -0
package/dist/tools/im/helpers.d.ts.map +1 -0
package/dist/tools/im/helpers.js +85 -0
package/dist/tools/im/helpers.js.map +1 -0
package/dist/tools/im/index.d.ts +25 -0
package/dist/tools/im/index.d.ts.map +1 -0
package/dist/tools/im/index.js +44 -0
package/dist/tools/im/index.js.map +1 -0
package/dist/tools/im/message-read.d.ts +19 -0
package/dist/tools/im/message-read.d.ts.map +1 -0
package/dist/tools/im/message-read.js +526 -0
package/dist/tools/im/message-read.js.map +1 -0
package/dist/tools/im/message.d.ts +22 -0
package/dist/tools/im/message.d.ts.map +1 -0
package/dist/tools/im/message.js +233 -0
package/dist/tools/im/message.js.map +1 -0
package/dist/tools/im/resource.d.ts +19 -0
package/dist/tools/im/resource.d.ts.map +1 -0
package/dist/tools/im/resource.js +185 -0
package/dist/tools/im/resource.js.map +1 -0
package/dist/tools/im/time-utils.d.ts +70 -0
package/dist/tools/im/time-utils.d.ts.map +1 -0
package/dist/tools/im/time-utils.js +277 -0
package/dist/tools/im/time-utils.js.map +1 -0
package/dist/tools/index.d.ts +85 -0
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/index.js +135 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/oauth.d.ts +15 -0
package/dist/tools/oauth.d.ts.map +1 -0
package/dist/tools/oauth.js +379 -0
package/dist/tools/oauth.js.map +1 -0
package/dist/tools/search/doc-search.d.ts +9 -0
package/dist/tools/search/doc-search.d.ts.map +1 -0
package/dist/tools/search/doc-search.js +219 -0
package/dist/tools/search/doc-search.js.map +1 -0
package/dist/tools/search/index.d.ts +11 -0
package/dist/tools/search/index.d.ts.map +1 -0
package/dist/tools/search/index.js +18 -0
package/dist/tools/search/index.js.map +1 -0
package/dist/tools/sheets/index.d.ts +11 -0
package/dist/tools/sheets/index.d.ts.map +1 -0
package/dist/tools/sheets/index.js +18 -0
package/dist/tools/sheets/index.js.map +1 -0
package/dist/tools/sheets/sheet.d.ts +11 -0
package/dist/tools/sheets/sheet.d.ts.map +1 -0
package/dist/tools/sheets/sheet.js +332 -0
package/dist/tools/sheets/sheet.js.map +1 -0
package/dist/tools/task/index.d.ts +12 -0
package/dist/tools/task/index.d.ts.map +1 -0
package/dist/tools/task/index.js +30 -0
package/dist/tools/task/index.js.map +1 -0
package/dist/tools/task/task.d.ts +13 -0
package/dist/tools/task/task.d.ts.map +1 -0
package/dist/tools/task/task.js +225 -0
package/dist/tools/task/task.js.map +1 -0
package/dist/tools/task/tasklist.d.ts +13 -0
package/dist/tools/task/tasklist.d.ts.map +1 -0
package/dist/tools/task/tasklist.js +206 -0
package/dist/tools/task/tasklist.js.map +1 -0
package/dist/tools/wiki/index.d.ts +11 -0
package/dist/tools/wiki/index.d.ts.map +1 -0
package/dist/tools/wiki/index.js +20 -0
package/dist/tools/wiki/index.js.map +1 -0
package/dist/tools/wiki/node.d.ts +11 -0
package/dist/tools/wiki/node.d.ts.map +1 -0
package/dist/tools/wiki/node.js +112 -0
package/dist/tools/wiki/node.js.map +1 -0
package/dist/tools/wiki/space.d.ts +11 -0
package/dist/tools/wiki/space.d.ts.map +1 -0
package/dist/tools/wiki/space.js +125 -0
package/dist/tools/wiki/space.js.map +1 -0
package/dist/utils/index.d.ts +8 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +8 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +36 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +101 -0
package/dist/utils/logger.js.map +1 -0
package/eslint.config.js +13 -0
package/package.json +54 -0
package/skills/feishu-bitable/SKILL.md +248 -0
package/skills/feishu-bitable/references/examples.md +813 -0
package/skills/feishu-bitable/references/field-properties.md +763 -0
package/skills/feishu-bitable/references/record-values.md +911 -0
package/skills/feishu-calendar/SKILL.md +244 -0
package/skills/feishu-channel-rules/SKILL.md +18 -0
package/skills/feishu-channel-rules/references/markdown-syntax.md +138 -0
package/skills/feishu-create-doc/SKILL.md +719 -0
package/skills/feishu-fetch-doc/SKILL.md +93 -0
package/skills/feishu-im-read/SKILL.md +163 -0
package/skills/feishu-task/SKILL.md +293 -0
package/skills/feishu-troubleshoot/SKILL.md +70 -0
package/skills/feishu-update-doc/SKILL.md +285 -0
package/src/core/api-error.ts +342 -0
package/src/core/auth-errors.ts +27 -0
package/src/core/config.ts +134 -0
package/src/core/device-flow.ts +314 -0
package/src/core/index.ts +16 -0
package/src/core/lark-client.ts +391 -0
package/src/core/token-store.ts +249 -0
package/src/core/types.ts +302 -0
package/src/core/uat-client.ts +298 -0
package/src/core/version.ts +53 -0
package/src/index.ts +138 -0
package/src/tools/bitable/app.ts +390 -0
package/src/tools/bitable/field.ts +406 -0
package/src/tools/bitable/index.ts +43 -0
package/src/tools/bitable/record.ts +559 -0
package/src/tools/bitable/table.ts +472 -0
package/src/tools/calendar/calendar.ts +254 -0
package/src/tools/calendar/event.ts +606 -0
package/src/tools/calendar/index.ts +41 -0
package/src/tools/chat/chat.ts +127 -0
package/src/tools/chat/index.ts +24 -0
package/src/tools/chat/members.ts +93 -0
package/src/tools/common/get-user.ts +127 -0
package/src/tools/common/index.ts +24 -0
package/src/tools/common/search-user.ts +99 -0
package/src/tools/doc/create.ts +184 -0
package/src/tools/doc/fetch.ts +149 -0
package/src/tools/doc/index.ts +38 -0
package/src/tools/doc/shared.ts +228 -0
package/src/tools/doc/update.ts +240 -0
package/src/tools/drive/file.ts +265 -0
package/src/tools/drive/index.ts +29 -0
package/src/tools/im/format-messages.ts +391 -0
package/src/tools/im/helpers.ts +109 -0
package/src/tools/im/index.ts +49 -0
package/src/tools/im/message-read.ts +676 -0
package/src/tools/im/message.ts +303 -0
package/src/tools/im/resource.ts +225 -0
package/src/tools/im/time-utils.ts +347 -0
package/src/tools/index.ts +205 -0
package/src/tools/oauth.ts +460 -0
package/src/tools/search/doc-search.ts +250 -0
package/src/tools/search/index.ts +22 -0
package/src/tools/sheets/index.ts +22 -0
package/src/tools/sheets/sheet.ts +382 -0
package/src/tools/task/index.ts +34 -0
package/src/tools/task/task.ts +265 -0
package/src/tools/task/tasklist.ts +262 -0
package/src/tools/wiki/index.ts +24 -0
package/src/tools/wiki/node.ts +131 -0
package/src/tools/wiki/space.ts +152 -0
package/src/utils/index.ts +8 -0
package/src/utils/logger.ts +132 -0
package/tests/core/config.test.ts +238 -0
package/tests/core/device-flow.test.ts +490 -0
package/tests/core/lark-client.test.ts +378 -0
package/tests/core/token-store.test.ts +438 -0
package/tests/index.test.ts +360 -0
package/tests/tools/doc/create.test.ts +224 -0
package/tests/tools/doc/fetch.test.ts +182 -0
package/tests/tools/doc/shared.test.ts +183 -0
package/tests/tools/doc/update.test.ts +330 -0
package/tests/tools/im/format-messages.test.ts +184 -0
package/tests/tools/im/time-utils.test.ts +178 -0
package/tests/utils/logger.test.ts +140 -0
package/tsconfig.json +20 -0

package/src/core/types.ts ADDED Viewed

@@ -0,0 +1,302 @@
+/**
+ * Copyright (c) 2026 ByteDance Ltd. and/or its affiliates
+ * SPDX-License-Identifier: MIT
+ *
+ * Core type definitions for the cc-lark MCP Server.
+ *
+ * Contains Feishu/Lark API types, configuration interfaces, and MCP-specific types.
+ * Adapted from openclaw-lark for MCP Server architecture.
+ */
+// ---------------------------------------------------------------------------
+// Domain & connection enums
+// ---------------------------------------------------------------------------
+/**
+ * The Lark platform brand.
+ * - `"feishu"` targets the China-mainland Feishu service.
+ * - `"lark"` targets the international Lark service.
+ * - Any other string is treated as a custom base URL.
+ */
+export type LarkBrand = 'feishu' | 'lark' | (string & {});
+// ---------------------------------------------------------------------------
+// Feishu identifiers
+// ---------------------------------------------------------------------------
+/** The four ID types recognised by the Feishu API. */
+export type FeishuIdType = 'open_id' | 'user_id' | 'union_id' | 'chat_id';
+// ---------------------------------------------------------------------------
+// MCP-specific types
+// ---------------------------------------------------------------------------
+/** Standard MCP tool result structure. */
+export interface ToolResult {
+  content: Array<{
+    type: 'text' | 'image' | 'resource';
+    text?: string;
+    data?: string;
+    mimeType?: string;
+    resource?: {
+      uri: string;
+      name: string;
+      mimeType?: string;
+      text?: string;
+      blob?: string;
+    };
+  }>;
+  isError?: boolean;
+}
+/** Tool definition for MCP server. */
+export interface ToolDefinition {
+  name: string;
+  description: string;
+  inputSchema: {
+    type: 'object';
+    properties?: Record<string, unknown>;
+    required?: string[];
+  };
+}
+// ---------------------------------------------------------------------------
+// Configuration types
+// ---------------------------------------------------------------------------
+/** Feishu configuration loaded from environment variables. */
+export interface FeishuConfig {
+  /** Feishu App ID */
+  appId: string;
+  /** Feishu App Secret */
+  appSecret: string;
+  /** User Access Token (optional, for user-authorized operations) */
+  userAccessToken?: string;
+  /** The Lark platform brand (feishu, lark, or custom URL) */
+  brand?: LarkBrand;
+  /** Encrypt key for webhook event decryption */
+  encryptKey?: string;
+  /** Verification token for webhook validation */
+  verificationToken?: string;
+}
+/** Validation result for configuration. */
+export interface ConfigValidationResult {
+  valid: boolean;
+  errors: string[];
+  config?: FeishuConfig;
+}
+// ---------------------------------------------------------------------------
+// Credentials
+// ---------------------------------------------------------------------------
+/** The minimum credential set needed to interact with the Lark API. */
+export interface LarkCredentials {
+  appId: string;
+  appSecret: string;
+  encryptKey?: string;
+  verificationToken?: string;
+  brand: LarkBrand;
+}
+// ---------------------------------------------------------------------------
+// Lark API response types
+// ---------------------------------------------------------------------------
+/** Base response from Lark API. */
+export interface LarkApiResponse<T = unknown> {
+  code: number;
+  msg: string;
+  data?: T;
+}
+/** Token response from Lark API. */
+export interface LarkTokenResponse {
+  tenant_access_token: string;
+  expire: number;
+}
+/** User info from Lark API. */
+export interface LarkUserInfo {
+  open_id: string;
+  user_id?: string;
+  union_id?: string;
+  name?: string;
+  en_name?: string;
+  nickname?: string;
+  email?: string;
+  mobile?: string;
+  gender?: number;
+  avatar_url?: string;
+  status?: {
+    is_frozen?: boolean;
+    is_resigned?: boolean;
+    is_activated?: boolean;
+  };
+  department_ids?: string[];
+  leader_user_id?: string;
+  city?: string;
+  country?: string;
+  work_station?: string;
+  join_time?: number;
+  employee_no?: string;
+  employee_type?: number;
+  positions?: string[];
+  orders?: number;
+}
+/** Message content types. */
+export type LarkMessageContent =
+  | { text: string }
+  | { image_key: string }
+  | { file_key: string }
+  | { audio_key: string }
+  | { media_key: string }
+  | { sticker_key: string }
+  | { rich_text: LarkRichTextContent };
+/** Rich text content structure. */
+export interface LarkRichTextContent {
+  zh_cn?: LarkRichTextSection[];
+  en_us?: LarkRichTextSection[];
+}
+/** Rich text section. */
+export interface LarkRichTextSection {
+  title?: string;
+  lines?: LarkRichTextLine[];
+}
+/** Rich text line. */
+export interface LarkRichTextLine {
+  text_run?: {
+    text: string;
+    bold?: boolean;
+    italic?: boolean;
+    underline?: boolean;
+    strikethrough?: boolean;
+    inline_code?: boolean;
+    color?: string;
+    link?: string;
+  };
+  mention_run?: {
+    text: string;
+    user_id: string;
+  };
+  equation_run?: {
+    text: string;
+  };
+}
+// ---------------------------------------------------------------------------
+// Document types
+// ---------------------------------------------------------------------------
+/** Docx document metadata. */
+export interface LarkDocxDocument {
+  document_id: string;
+  revision_id: number;
+  title: string;
+  create_time: number;
+  update_time: number;
+}
+/** Docx block content. */
+export interface LarkDocxBlock {
+  block_type: number;
+  block_id: string;
+  parent_id?: string;
+  children?: string[];
+  text?: {
+    initial_style: Record<string, unknown>;
+    elements: Array<{
+      text_run?: { content: string };
+      mention_run?: { user_id: string; text: string };
+      equation_run?: { content: string };
+    }>;
+  };
+  heading1?: { elements: unknown[] };
+  heading2?: { elements: unknown[] };
+  heading3?: { elements: unknown[] };
+  heading4?: { elements: unknown[] };
+  heading5?: { elements: unknown[] };
+  heading6?: { elements: unknown[] };
+  heading7?: { elements: unknown[] };
+  heading8?: { elements: unknown[] };
+  heading9?: { elements: unknown[] };
+  bullet?: { elements: unknown[] };
+  ordered?: { elements: unknown[] };
+  code?: { elements: unknown[] };
+  quote?: { elements: unknown[] };
+  table?: {
+    rows: number;
+    columns: number;
+    property: {
+      row_size: number[];
+      column_size: number[];
+    };
+    cells: string[];
+  };
+  table_cell?: {
+    property: Record<string, unknown>;
+  };
+}
+// ---------------------------------------------------------------------------
+// Sheet types
+// ---------------------------------------------------------------------------
+/** Spreadsheet metadata. */
+export interface LarkSpreadsheet {
+  spreadsheet_token: string;
+  name: string;
+  revision: number;
+  owner_id: string;
+  create_time: number;
+  update_time: number;
+}
+/** Sheet (worksheet) metadata. */
+export interface LarkSheet {
+  sheet_id: string;
+  title: string;
+  index: number;
+  row_count: number;
+  column_count: number;
+  frozen_row_count?: number;
+  frozen_column_count?: number;
+}
+/** Sheet cell value. */
+export interface LarkCellValue {
+  value: string;
+  type: number;
+}
+// ---------------------------------------------------------------------------
+// Drive types
+// ---------------------------------------------------------------------------
+/** Drive file metadata. */
+export interface LarkDriveFile {
+  token: string;
+  name: string;
+  type: string;
+  parent_token: string;
+  create_time: number;
+  update_time: number;
+  size: number;
+  creator_id?: string;
+  modifier_id?: string;
+}
+/** Drive folder metadata. */
+export interface LarkDriveFolder {
+  token: string;
+  name: string;
+  parent_token: string;
+  create_time: number;
+  update_time: number;
+  creator_id?: string;
+}

package/src/core/uat-client.ts ADDED Viewed

@@ -0,0 +1,298 @@
+/**
+ * Copyright (c) 2026 ByteDance Ltd. and/or its affiliates
+ * SPDX-License-Identifier: MIT
+ *
+ * UAT (User Access Token) API call wrapper for cc-lark MCP Server.
+ *
+ * Provides a safe, auto-refreshing interface for making Lark API calls on
+ * behalf of a user. Tokens are read from file-based storage, refreshed
+ * transparently, and never exposed to the AI layer.
+ *
+ * Adapted from openclaw-lark for MCP Server architecture.
+ */
+import type { LarkBrand } from './types.js';
+import {
+  getStoredToken,
+  setStoredToken,
+  removeStoredToken,
+  tokenStatus,
+  maskToken,
+  type StoredUAToken,
+} from './token-store.js';
+import { resolveOAuthEndpoints } from './device-flow.js';
+import { logger } from '../utils/logger.js';
+import { getUserAgent } from './version.js';
+import { REFRESH_TOKEN_IRRECOVERABLE, TOKEN_RETRY_CODES, NeedAuthorizationError } from './api-error.js';
+const log = logger('uat-client');
+// Re-export for backward compatibility
+export { NeedAuthorizationError };
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+export interface UATCallOptions {
+  userOpenId: string;
+  appId: string;
+  appSecret: string;
+  domain: LarkBrand;
+}
+export interface UATStatus {
+  authorized: boolean;
+  userOpenId: string;
+  scope?: string;
+  expiresAt?: number;
+  refreshExpiresAt?: number;
+  grantedAt?: number;
+  tokenStatus?: 'valid' | 'needs_refresh' | 'expired';
+}
+// ---------------------------------------------------------------------------
+// HTTP helper
+// ---------------------------------------------------------------------------
+/**
+ * Header-aware fetch for Lark API calls.
+ */
+function larkFetch(url: string | URL | Request, init?: RequestInit): Promise<Response> {
+  const headers = {
+    ...init?.headers,
+    'User-Agent': getUserAgent(),
+  };
+  return fetch(url, { ...init, headers });
+}
+// ---------------------------------------------------------------------------
+// Per-user refresh lock
+// ---------------------------------------------------------------------------
+/**
+ * Guards against concurrent refresh operations for the same user.
+ *
+ * refresh_token is single-use: if two requests trigger a refresh
+ * simultaneously, the second one would use an already-consumed token and
+ * fail. The lock ensures only one refresh runs at a time per user.
+ */
+const refreshLocks = new Map<string, Promise<StoredUAToken | null>>();
+// ---------------------------------------------------------------------------
+// Refresh implementation
+// ---------------------------------------------------------------------------
+async function doRefreshToken(opts: UATCallOptions, stored: StoredUAToken): Promise<StoredUAToken | null> {
+  // refresh_token already expired → can't refresh, need re-auth.
+  if (Date.now() >= stored.refreshExpiresAt) {
+    log.info(`refresh_token expired for ${opts.userOpenId}, clearing`);
+    await removeStoredToken(opts.appId, opts.userOpenId);
+    return null;
+  }
+  const endpoints = resolveOAuthEndpoints(opts.domain);
+  const resp = await larkFetch(endpoints.token, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: stored.refreshToken,
+      client_id: opts.appId,
+      client_secret: opts.appSecret,
+    }).toString(),
+  });
+  const data = (await resp.json()) as Record<string, unknown>;
+  // Lark v2 token endpoint returns `code: 0` on success.
+  // Some responses use `error` field instead (standard OAuth).
+  const code = data.code as number | undefined;
+  const error = data.error as string | undefined;
+  if ((code !== undefined && code !== 0) || error) {
+    const errCode = code ?? error;
+    const errMsg = (data.error_description as string) ?? (data.msg as string) ?? 'unknown';
+    // Known irrecoverable codes: invalid/expired/missing refresh_token
+    if (REFRESH_TOKEN_IRRECOVERABLE.has(code as number)) {
+      log.warn(`refresh failed (code=${errCode}), clearing token for ${opts.userOpenId}`);
+      await removeStoredToken(opts.appId, opts.userOpenId);
+      return null;
+    }
+    throw new Error(`Token refresh failed (code=${errCode}): ${errMsg}`);
+  }
+  if (!data.access_token) {
+    throw new Error('Token refresh returned no access_token');
+  }
+  const now = Date.now();
+  const updated: StoredUAToken = {
+    userOpenId: stored.userOpenId,
+    appId: opts.appId,
+    accessToken: data.access_token as string,
+    // refresh_token is rotated – always use the new one.
+    refreshToken: (data.refresh_token as string) ?? stored.refreshToken,
+    expiresAt: now + ((data.expires_in as number) ?? 7200) * 1000,
+    refreshExpiresAt: data.refresh_token_expires_in
+      ? now + (data.refresh_token_expires_in as number) * 1000
+      : stored.refreshExpiresAt,
+    scope: (data.scope as string) ?? stored.scope,
+    grantedAt: stored.grantedAt,
+  };
+  await setStoredToken(updated);
+  log.info(`refreshed UAT for ${opts.userOpenId} (at:${maskToken(updated.accessToken)})`);
+  return updated;
+}
+/**
+ * Refresh with per-user locking.
+ */
+async function refreshWithLock(opts: UATCallOptions, stored: StoredUAToken): Promise<StoredUAToken | null> {
+  const key = `${opts.appId}:${opts.userOpenId}`;
+  // Another refresh is already in-flight – wait for it and re-read.
+  const existing = refreshLocks.get(key);
+  if (existing) {
+    await existing;
+    return getStoredToken(opts.appId, opts.userOpenId);
+  }
+  const promise = doRefreshToken(opts, stored);
+  refreshLocks.set(key, promise);
+  try {
+    return await promise;
+  } finally {
+    refreshLocks.delete(key);
+  }
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Obtain a valid access_token for the given user.
+ *
+ * - Reads from storage.
+ * - Refreshes proactively if the token is about to expire.
+ * - Throws when no token exists or refresh fails irrecoverably.
+ *
+ * The returned token must never be exposed to the AI layer.
+ */
+export async function getValidAccessToken(opts: UATCallOptions): Promise<string> {
+  const stored = await getStoredToken(opts.appId, opts.userOpenId);
+  if (!stored) {
+    throw new NeedAuthorizationError(opts.userOpenId);
+  }
+  const status = tokenStatus(stored);
+  if (status === 'valid') {
+    return stored.accessToken;
+  }
+  if (status === 'needs_refresh') {
+    const refreshed = await refreshWithLock(opts, stored);
+    if (!refreshed) {
+      throw new NeedAuthorizationError(opts.userOpenId);
+    }
+    return refreshed.accessToken;
+  }
+  // expired
+  await removeStoredToken(opts.appId, opts.userOpenId);
+  throw new NeedAuthorizationError(opts.userOpenId);
+}
+/**
+ * Execute an API call with a valid UAT, retrying once on token-expiry errors.
+ */
+export async function callWithUAT<T>(
+  opts: UATCallOptions,
+  apiCall: (accessToken: string) => Promise<T>
+): Promise<T> {
+  const accessToken = await getValidAccessToken(opts);
+  try {
+    return await apiCall(accessToken);
+  } catch (err: unknown) {
+    // Retry once if the server reports token invalid/expired.
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const code = (err as any)?.code ?? (err as any)?.response?.data?.code;
+    if (TOKEN_RETRY_CODES.has(code as number)) {
+      log.warn(`API call failed (code=${code}), refreshing and retrying`);
+      const stored = await getStoredToken(opts.appId, opts.userOpenId);
+      if (!stored) throw new NeedAuthorizationError(opts.userOpenId);
+      const refreshed = await refreshWithLock(opts, stored);
+      if (!refreshed) throw new NeedAuthorizationError(opts.userOpenId);
+      return await apiCall(refreshed.accessToken);
+    }
+    throw err;
+  }
+}
+/**
+ * Get the current UAT status for a user.
+ */
+export async function getUATStatus(opts: UATCallOptions): Promise<UATStatus> {
+  const stored = await getStoredToken(opts.appId, opts.userOpenId);
+  if (!stored) {
+    return {
+      authorized: false,
+      userOpenId: opts.userOpenId,
+    };
+  }
+  const status = tokenStatus(stored);
+  return {
+    authorized: status !== 'expired',
+    userOpenId: opts.userOpenId,
+    scope: stored.scope,
+    expiresAt: stored.expiresAt,
+    refreshExpiresAt: stored.refreshExpiresAt,
+    grantedAt: stored.grantedAt,
+    tokenStatus: status,
+  };
+}
+/**
+ * Save a new token from OAuth device flow.
+ */
+export async function saveTokenFromDeviceFlow(
+  opts: UATCallOptions,
+  tokenData: {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    refreshExpiresIn: number;
+    scope: string;
+  }
+): Promise<StoredUAToken> {
+  const now = Date.now();
+  const stored: StoredUAToken = {
+    userOpenId: opts.userOpenId,
+    appId: opts.appId,
+    accessToken: tokenData.accessToken,
+    refreshToken: tokenData.refreshToken,
+    expiresAt: now + tokenData.expiresIn * 1000,
+    refreshExpiresAt: now + tokenData.refreshExpiresIn * 1000,
+    scope: tokenData.scope,
+    grantedAt: now,
+  };
+  await setStoredToken(stored);
+  return stored;
+}
+/**
+ * Revoke a user's UAT by removing it from storage.
+ */
+export async function revokeUAT(appId: string, userOpenId: string): Promise<void> {
+  await removeStoredToken(appId, userOpenId);
+  log.info(`revoked UAT for ${userOpenId}`);
+}

package/src/core/version.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Copyright (c) 2026 ByteDance Ltd. and/or its affiliates
+ * SPDX-License-Identifier: MIT
+ *
+ * Version management for cc-lark MCP Server.
+ *
+ * Reads version from package.json and generates User-Agent string.
+ */
+import { fileURLToPath } from 'node:url';
+import { dirname, join } from 'node:path';
+import { readFileSync } from 'node:fs';
+/** Cached version string */
+let cachedVersion: string | undefined;
+/**
+ * Get the package version from package.json.
+ *
+ * @returns Version string (e.g., "0.1.0") or "unknown" if read fails
+ */
+export function getPackageVersion(): string {
+  if (cachedVersion) return cachedVersion;
+  try {
+    // Current file: src/core/version.ts -> up two levels to project root
+    const __filename = fileURLToPath(import.meta.url);
+    const __dirname = dirname(__filename);
+    const packageJsonPath = join(__dirname, '..', '..', 'package.json');
+    const raw = readFileSync(packageJsonPath, 'utf8');
+    const pkg = JSON.parse(raw) as { version?: string };
+    cachedVersion = pkg.version ?? 'unknown';
+    return cachedVersion;
+  } catch {
+    cachedVersion = 'unknown';
+    return cachedVersion;
+  }
+}
+/**
+ * Generate User-Agent string for HTTP requests.
+ *
+ * @returns User-Agent string (e.g., "cc-lark/0.1.0")
+ *
+ * @example
+ * ```typescript
+ * getUserAgent() // => "cc-lark/0.1.0"
+ * ```
+ */
+export function getUserAgent(): string {
+  return `cc-lark/${getPackageVersion()}`;
+}