cc2im 0.2.0

package/dist/plugins/weixin/connection.js

@@ -0,0 +1,270 @@
+/**
+ * 微信连接 + 收发
+ * 从 cc2wx 搬迁，适配 hub 架构
+ */
+import { WeixinBot } from '@pinixai/weixin-bot';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { join, basename } from 'node:path';
+import { randomUUID } from 'node:crypto';
+import { downloadMedia, cleanupMedia } from './media.js';
+import { loadCredentials, CRED_PATH } from './qr-login.js';
+import { splitIntoChunks, formatChunks } from './chunker.js';
+import { uploadMedia } from './media-upload.js';
+import { SOCKET_DIR } from '../../shared/socket.js';
+const ALLOWED_USERS = process.env.CC2IM_ALLOWED_USERS
+    ? process.env.CC2IM_ALLOWED_USERS.split(',').map(s => s.trim())
+    : [];
+const CONTEXT_CACHE_PATH = join(SOCKET_DIR, 'weixin-context.json');
+export class WeixinConnection {
+    bot = new WeixinBot();
+    recentMessages = new Map(); // userId -> raw msg for reply
+    onIncoming = null;
+    listening = false;
+    cleanupTimer = null;
+    setMessageHandler(handler) {
+        this.onIncoming = handler;
+    }
+    /** Persist context tokens to disk so replies work after hub restart */
+    saveContextCache(channelId) {
+        const cache = {};
+        for (const [userId, msg] of this.recentMessages) {
+            if (msg._contextToken) {
+                cache[userId] = { userId, _contextToken: msg._contextToken };
+            }
+        }
+        try {
+            const path = channelId
+                ? join(SOCKET_DIR, `weixin-context-${channelId}.json`)
+                : CONTEXT_CACHE_PATH;
+            writeFileSync(path, JSON.stringify(cache) + '\n');
+            console.log(`[weixin] Saved context cache (${Object.keys(cache).length} users)`);
+        }
+        catch { }
+    }
+    /** Restore context tokens from disk. Call after login, before startListening. */
+    restoreContextCache(channelId) {
+        const path = channelId
+            ? join(SOCKET_DIR, `weixin-context-${channelId}.json`)
+            : CONTEXT_CACHE_PATH;
+        try {
+            if (!existsSync(path)) {
+                // Fall back to global file for backward compat
+                if (channelId && existsSync(CONTEXT_CACHE_PATH)) {
+                    return this.restoreContextCache();
+                }
+                return;
+            }
+            const cache = JSON.parse(readFileSync(path, 'utf8'));
+            let restored = 0;
+            for (const [userId, entry] of Object.entries(cache)) {
+                if (entry._contextToken) {
+                    this.recentMessages.set(userId, { userId, _contextToken: entry._contextToken });
+                    this.bot.contextTokens?.set(userId, entry._contextToken);
+                    restored++;
+                }
+            }
+            if (restored > 0) {
+                console.log(`[weixin] Restored context cache (${restored} users)`);
+            }
+        }
+        catch { }
+    }
+    async login(channelId) {
+        // Load per-channel credentials (falls back to global file)
+        const channelCreds = loadCredentials(channelId);
+        if (!channelCreds) {
+            throw new Error('未找到微信登录凭证! 请先运行: cc2im login');
+        }
+        // Write per-channel creds to the global path so the SDK picks them up.
+        // TODO: Race condition if two channels call login() concurrently — channel B
+        // could overwrite the global file before channel A's bot.login() reads it.
+        // Currently safe because channel-manager starts channels sequentially.
+        writeFileSync(CRED_PATH, JSON.stringify(channelCreds, null, 2) + '\n', { mode: 0o600 });
+        console.log('[hub] 使用已保存的凭证登录微信...');
+        const creds = await this.bot.login();
+        console.log(`[hub] 微信连接成功! accountId=${creds.accountId}`);
+        if (ALLOWED_USERS.length === 0) {
+            console.log('[hub] ⚠ 白名单为空，将接受所有用户消息');
+            console.log('[hub] 设置 CC2IM_ALLOWED_USERS 环境变量限制用户');
+        }
+        return creds.accountId;
+    }
+    startListening() {
+        if (this.listening)
+            return;
+        this.listening = true;
+        // Clean up expired media on startup + every 6 hours
+        cleanupMedia();
+        this.cleanupTimer = setInterval(cleanupMedia, 6 * 60 * 60 * 1000);
+        this.bot.onMessage(async (msg) => {
+            // Allowlist check
+            if (ALLOWED_USERS.length > 0 && !ALLOWED_USERS.includes(msg.userId)) {
+                console.log(`[hub] Blocked message from unlisted user: ${msg.userId}`);
+                return;
+            }
+            console.log(`[hub] 收到微信消息 from=${msg.userId} type=${msg.type}: ${msg.text?.slice(0, 100)}`);
+            // Cache for reply + persist context token to disk
+            this.recentMessages.set(msg.userId, msg);
+            if (this.recentMessages.size > 50) {
+                const oldest = this.recentMessages.keys().next().value;
+                if (oldest)
+                    this.recentMessages.delete(oldest);
+            }
+            this.saveContextCache();
+            // Handle media
+            let mediaPath = null;
+            let voiceText = null;
+            if (msg.type !== 'text' && msg.raw?.item_list?.[0]) {
+                if (msg.type === 'voice') {
+                    voiceText = msg.text || msg.raw?.item_list?.[0]?.voice_item?.text || null;
+                }
+                else {
+                    mediaPath = await downloadMedia(msg.raw.item_list[0]);
+                }
+            }
+            if (this.onIncoming) {
+                Promise.resolve(this.onIncoming({ ...msg, mediaPath, voiceText })).catch((err) => {
+                    console.error(`[weixin-bot] Message handler error: ${err instanceof Error ? err.message : String(err)}`);
+                });
+            }
+        });
+    }
+    async startPolling() {
+        console.log('[hub] 开始监听微信消息...');
+        await this.bot.run();
+    }
+    /** Stop the polling loop and clear the message handler so reconnect starts clean. */
+    stop() {
+        this.bot.stop();
+        if (this.cleanupTimer) {
+            clearInterval(this.cleanupTimer);
+            this.cleanupTimer = null;
+        }
+        this.onIncoming = null;
+        // Note: do NOT reset this.listening — bot.onMessage() is additive (SDK has no
+        // removeHandler). The registered handler delegates to this.onIncoming, which is
+        // cleared above, making it a no-op until reconnect sets a fresh handler.
+    }
+    async startTyping(userId) {
+        try {
+            await this.bot.sendTyping(userId);
+        }
+        catch { }
+    }
+    async stopTyping(userId) {
+        try {
+            await this.bot.stopTyping(userId);
+        }
+        catch { }
+    }
+    async send(userId, text) {
+        const chunks = formatChunks(splitIntoChunks(text));
+        const cachedMsg = this.recentMessages.get(userId);
+        for (let i = 0; i < chunks.length; i++) {
+            try {
+                if (cachedMsg) {
+                    await this.bot.reply(cachedMsg, chunks[i]);
+                }
+                else {
+                    await this.bot.send(userId, chunks[i]);
+                }
+            }
+            catch (err) {
+                // WeChat SDK needs a cached context token to send.
+                // After hub restart, cache is empty until user sends a new message.
+                console.error(`[weixin] Failed to send to ${userId}: ${err.message}`);
+                return;
+            }
+            if (i < chunks.length - 1)
+                await new Promise(r => setTimeout(r, 500));
+        }
+    }
+    /** Upload a local image and send it as an image message. */
+    async sendImage(userId, filePath) {
+        const { baseUrl, token, contextToken } = await this.getBotCredentials(userId);
+        const { cdnMedia, rawSize } = await uploadMedia(filePath, 'image', baseUrl, token, userId);
+        const msg = {
+            from_user_id: '',
+            to_user_id: userId,
+            client_id: randomUUID(),
+            message_type: 2, // MessageType.BOT
+            message_state: 2, // MessageState.FINISH
+            context_token: contextToken,
+            item_list: [{
+                    type: 2, // MessageItemType.IMAGE
+                    image_item: {
+                        media: cdnMedia,
+                        mid_size: rawSize,
+                    },
+                }],
+        };
+        await this.callSendMessage(baseUrl, token, msg);
+        console.log(`[weixin] Image sent to ${userId}: ${filePath}`);
+    }
+    /** Upload a local file and send it as a file message. */
+    async sendFile(userId, filePath) {
+        const { baseUrl, token, contextToken } = await this.getBotCredentials(userId);
+        const { cdnMedia, rawSize } = await uploadMedia(filePath, 'file', baseUrl, token, userId);
+        const msg = {
+            from_user_id: '',
+            to_user_id: userId,
+            client_id: randomUUID(),
+            message_type: 2, // MessageType.BOT
+            message_state: 2, // MessageState.FINISH
+            context_token: contextToken,
+            item_list: [{
+                    type: 4, // MessageItemType.FILE
+                    file_item: {
+                        media: cdnMedia,
+                        file_name: basename(filePath),
+                        len: String(rawSize),
+                    },
+                }],
+        };
+        await this.callSendMessage(baseUrl, token, msg);
+        console.log(`[weixin] File sent to ${userId}: ${basename(filePath)}`);
+    }
+    // ── private helpers for media send ────────────────────────────────
+    /** Extract baseUrl, token, and contextToken from the SDK internals. */
+    async getBotCredentials(userId) {
+        const bot = this.bot;
+        const baseUrl = bot.baseUrl;
+        const creds = await bot.ensureCredentials();
+        const token = creds.token;
+        // contextToken: prefer SDK's internal map, fall back to our cache
+        const contextToken = bot.contextTokens?.get(userId) ??
+            this.recentMessages.get(userId)?._contextToken;
+        if (!contextToken) {
+            throw new Error(`No context token for user ${userId}. The user must send a message first.`);
+        }
+        return { baseUrl, token, contextToken };
+    }
+    /**
+     * POST /ilink/bot/sendmessage — mirrors the SDK's sendMessage()
+     * which is not re-exported from the package's main entry.
+     */
+    async callSendMessage(baseUrl, token, msg) {
+        const url = new URL('/ilink/bot/sendmessage', `${baseUrl.replace(/\/+$/, '')}/`);
+        const resp = await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                AuthorizationType: 'ilink_bot_token',
+                Authorization: `Bearer ${token}`,
+            },
+            body: JSON.stringify({
+                msg,
+                base_info: { channel_version: '1.0.0' },
+            }),
+            signal: AbortSignal.timeout(15_000),
+        });
+        if (!resp.ok) {
+            const text = await resp.text();
+            throw new Error(`sendMessage failed: HTTP ${resp.status} — ${text}`);
+        }
+        const body = (await resp.json());
+        if (body.ret && body.ret !== 0) {
+            throw new Error(`sendMessage returned ret=${body.ret}: ${body.errmsg ?? ''}`);
+        }
+    }
+}

package/dist/plugins/weixin/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * WeChat connector plugin — bridges WeChat ↔ hub ↔ spokes.
+ * Owns: WeixinConnection, PermissionManager, user tracking, message routing.
+ */
+import type { Cc2imPlugin } from '../../shared/plugin.js';
+/**
+ * @deprecated Use createChannelManagerPlugin + WeixinChannel instead.
+ * Kept for reference during migration — no longer registered in hub.
+ */
+export declare function createWeixinPlugin(): Cc2imPlugin;

package/dist/plugins/weixin/index.js

@@ -0,0 +1,198 @@
+/**
+ * WeChat connector plugin — bridges WeChat ↔ hub ↔ spokes.
+ * Owns: WeixinConnection, PermissionManager, user tracking, message routing.
+ */
+import { basename, join } from 'node:path';
+import { copyFileSync, mkdirSync } from 'node:fs';
+import { SOCKET_DIR } from '../../shared/socket.js';
+import { WeixinConnection } from './connection.js';
+import { PermissionManager } from './permission.js';
+const TYPING_ACK_DELAY_MS = 10_000; // 10s 后发"处理中"
+/**
+ * @deprecated Use createChannelManagerPlugin + WeixinChannel instead.
+ * Kept for reference during migration — no longer registered in hub.
+ */
+export function createWeixinPlugin() {
+    let weixin;
+    let permissionMgr;
+    let cleanupInterval;
+    const lastUserByAgent = new Map();
+    let lastGlobalUser = null;
+    // Per-agent pending ack timer: agentId → { userId, timer }
+    const pendingAck = new Map();
+    return {
+        name: 'weixin',
+        async init(ctx) {
+            weixin = new WeixinConnection();
+            permissionMgr = new PermissionManager();
+            /** Clear pending ack timer for an agent (called when agent responds) */
+            function clearPendingAck(agentId) {
+                const pending = pendingAck.get(agentId);
+                if (pending) {
+                    clearTimeout(pending.timer);
+                    pendingAck.delete(agentId);
+                    weixin.stopTyping(pending.userId).catch(() => { });
+                }
+            }
+            /** Start typing indicator + delayed ack for a user→agent message */
+            function startPendingAck(agentId, userId) {
+                clearPendingAck(agentId); // clear any previous
+                weixin.startTyping(userId).catch(() => { });
+                const timer = setTimeout(async () => {
+                    pendingAck.delete(agentId);
+                    await weixin.send(userId, `⏳ 收到，正在处理...`).catch(() => { });
+                }, TYPING_ACK_DELAY_MS);
+                pendingAck.set(agentId, { userId, timer });
+            }
+            // --- Spoke → WeChat: handle spoke messages ---
+            ctx.on('spoke:message', async (agentId, msg) => {
+                switch (msg.type) {
+                    case 'reply': {
+                        clearPendingAck(agentId);
+                        console.log(`[hub] Reply from ${agentId} to ${msg.userId}: ${msg.text.slice(0, 100)}`);
+                        ctx.broadcastMonitor({ kind: 'message_out', agentId, userId: msg.userId, text: msg.text, timestamp: new Date().toISOString() });
+                        await weixin.send(msg.userId, msg.text);
+                        break;
+                    }
+                    case 'permission_request': {
+                        console.log(`[hub] Permission request from ${agentId}: ${msg.toolName}`);
+                        const sendFn = async (userId, text) => { await weixin.send(userId, text); };
+                        await permissionMgr.handleRequest(agentId, msg, ctx, sendFn, lastUserByAgent, lastGlobalUser);
+                        break;
+                    }
+                    case 'status': {
+                        console.log(`[hub] Agent ${agentId} status: ${msg.status}`);
+                        break;
+                    }
+                    case 'permission_timeout': {
+                        permissionMgr.handleTimeout(msg.requestId);
+                        break;
+                    }
+                    case 'send_file': {
+                        clearPendingAck(agentId);
+                        const IMAGE_EXTS = new Set(['jpg', 'jpeg', 'png', 'gif', 'webp', 'bmp']);
+                        const VIDEO_EXTS = new Set(['mp4', 'mov', 'avi', 'webm']);
+                        const ext = msg.filePath.split('.').pop()?.toLowerCase() || '';
+                        const isImage = IMAGE_EXTS.has(ext);
+                        const isVideo = VIDEO_EXTS.has(ext);
+                        const msgType = isImage ? 'image' : isVideo ? 'video' : 'file';
+                        try {
+                            if (isImage) {
+                                await weixin.sendImage(msg.userId, msg.filePath);
+                            }
+                            else {
+                                await weixin.sendFile(msg.userId, msg.filePath);
+                            }
+                            // Copy to media dir so dashboard can preview
+                            const mediaDir = join(SOCKET_DIR, 'media');
+                            const mediaName = `${Date.now()}-${basename(msg.filePath)}`;
+                            try {
+                                mkdirSync(mediaDir, { recursive: true });
+                                copyFileSync(msg.filePath, join(mediaDir, mediaName));
+                            }
+                            catch { }
+                            console.log(`[hub] File sent from ${agentId} to ${msg.userId}: ${msg.filePath}`);
+                            ctx.broadcastMonitor({
+                                kind: 'message_out', agentId, userId: msg.userId,
+                                text: isImage ? '[图片]' : `[${msgType}] ${basename(msg.filePath)}`,
+                                timestamp: new Date().toISOString(),
+                                msgType,
+                                mediaUrl: `/media/${mediaName}`,
+                            });
+                        }
+                        catch (err) {
+                            console.error(`[hub] Failed to send file from ${agentId}: ${err.message}`);
+                        }
+                        break;
+                    }
+                    // NOTE: 'management' type is handled by hub core, not by this plugin
+                }
+            });
+            // --- WeChat → Spoke: handle incoming WeChat messages ---
+            weixin.setMessageHandler(async (incomingMsg) => {
+                const userId = incomingMsg.userId;
+                const ref = { userId, channelId: 'weixin' };
+                lastGlobalUser = ref;
+                // Permission verdict detection
+                if (permissionMgr.tryHandleVerdict(incomingMsg, ctx))
+                    return;
+                // Route message
+                const router = ctx.getRouter();
+                const routed = router.route(incomingMsg.text || '');
+                lastUserByAgent.set(routed.agentId, ref);
+                // Unknown agent
+                if (routed.unknownAgent) {
+                    const available = router.getAgentNames();
+                    await weixin.send(userId, `⚠ Agent "${routed.agentId}" 不存在，可用的 agent: ${available.join(', ') || '无'}`);
+                    return;
+                }
+                // Intercepted commands (restart, effort)
+                if (routed.intercepted) {
+                    const agentManager = ctx.getAgentManager();
+                    switch (routed.intercepted.command) {
+                        case 'restart': {
+                            await weixin.send(userId, `正在重启 ${routed.agentId}...`);
+                            const result = await agentManager.restart(routed.agentId);
+                            await weixin.send(userId, result.success ? `✓ ${routed.agentId} 已重启` : `✗ 重启失败: ${result.error}`);
+                            return;
+                        }
+                        case 'effort': {
+                            const effort = routed.intercepted.args[0];
+                            agentManager.updateEffort(routed.agentId, effort);
+                            await weixin.send(userId, `正在以 --effort ${effort} 重启 ${routed.agentId}...`);
+                            const result = await agentManager.restart(routed.agentId);
+                            await weixin.send(userId, result.success ? `✓ ${routed.agentId} 已重启 (effort: ${effort})` : `✗ 重启失败: ${result.error}`);
+                            return;
+                        }
+                    }
+                }
+                // Forward to spoke — persistence plugin will queue if offline
+                const text = buildMessageContent(incomingMsg, routed.text);
+                console.log(`[hub] Forwarding to ${routed.agentId}: ${text.substring(0, 80)}`);
+                const mediaUrl = incomingMsg.mediaPath ? `/media/${basename(incomingMsg.mediaPath)}` : undefined;
+                ctx.broadcastMonitor({ kind: 'message_in', agentId: routed.agentId, userId, text: routed.text, timestamp: new Date().toISOString(), msgType: incomingMsg.type, mediaUrl });
+                const sent = ctx.deliverToAgent(routed.agentId, {
+                    type: 'message',
+                    userId,
+                    text,
+                    msgType: incomingMsg.type,
+                    mediaPath: incomingMsg.mediaPath ?? undefined,
+                    timestamp: incomingMsg.timestamp?.toISOString() ?? new Date().toISOString(),
+                });
+                if (sent) {
+                    startPendingAck(routed.agentId, userId);
+                }
+                else {
+                    console.log(`[hub] Message queued for offline agent "${routed.agentId}"`);
+                    await weixin.send(userId, `📬 ${routed.agentId} 暂时离线，消息已排队，上线后自动投递。`);
+                }
+            });
+            // Permission cleanup
+            cleanupInterval = setInterval(() => permissionMgr.cleanup(), 60_000);
+            // Login, restore context cache, start listening
+            await weixin.login();
+            weixin.restoreContextCache();
+            weixin.startListening();
+            // startPolling() is a long-poll loop that never returns — fire and forget
+            weixin.startPolling().catch((err) => {
+                console.error(`[weixin] Polling error: ${err.message}`);
+            });
+        },
+        async destroy() {
+            if (cleanupInterval)
+                clearInterval(cleanupInterval);
+            weixin.saveContextCache();
+        },
+    };
+}
+function buildMessageContent(msg, routedText) {
+    if (msg.type === 'voice' && msg.voiceText)
+        return `[微信 ${msg.userId}] (语音转文字) ${msg.voiceText}`;
+    if (msg.type === 'voice')
+        return `[微信 ${msg.userId}] (语音消息，无法识别)`;
+    if (msg.mediaPath)
+        return `[微信 ${msg.userId}] (${msg.type} 已下载到 ${msg.mediaPath})`;
+    if (msg.type !== 'text')
+        return `[微信 ${msg.userId}] (${msg.type} 消息，下载失败)`;
+    return `[微信 ${msg.userId}] ${routedText}`;
+}

package/dist/plugins/weixin/media-upload.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Media upload — AES-128-ECB encrypt + CDN upload
+ *
+ * Reverse of media.ts (download + decrypt).
+ * Encrypts a local file and uploads it to the WeChat CDN,
+ * returning CDNMedia metadata for use in sendMessage.
+ */
+import type { CDNMedia } from '@pinixai/weixin-bot';
+export interface UploadResult {
+    cdnMedia: CDNMedia;
+    rawSize: number;
+}
+/**
+ * Upload a local file to the WeChat CDN.
+ *
+ * 1. Read file & generate AES key
+ * 2. Encrypt with AES-128-ECB
+ * 3. POST /ilink/bot/getuploadurl to obtain CDN endpoint
+ * 4. PUT encrypted payload to CDN
+ * 5. Return CDNMedia for embedding in sendMessage
+ */
+export declare function uploadMedia(filePath: string, mediaType: 'image' | 'video' | 'file', baseUrl: string, token: string, toUserId: string): Promise<UploadResult>;

package/dist/plugins/weixin/media-upload.js

@@ -0,0 +1,134 @@
+/**
+ * Media upload — AES-128-ECB encrypt + CDN upload
+ *
+ * Reverse of media.ts (download + decrypt).
+ * Encrypts a local file and uploads it to the WeChat CDN,
+ * returning CDNMedia metadata for use in sendMessage.
+ */
+import { readFileSync } from 'node:fs';
+import { randomBytes, createCipheriv, createHash } from 'node:crypto';
+// ── helpers (not re-exported by the SDK's main entry) ────────────
+function randomWechatUin() {
+    const value = randomBytes(4).readUInt32BE(0);
+    return Buffer.from(String(value), 'utf8').toString('base64');
+}
+function buildHeaders(token) {
+    return {
+        AuthorizationType: 'ilink_bot_token',
+        Authorization: `Bearer ${token}`,
+        'X-WECHAT-UIN': randomWechatUin(),
+    };
+}
+// ── media-type mapping ───────────────────────────────────────────
+const MEDIA_TYPE_MAP = {
+    image: 1,
+    video: 2,
+    file: 3,
+};
+// ── core ─────────────────────────────────────────────────────────
+/**
+ * Generate a random 16-byte hex string for use as AES key.
+ * The WeChat protocol stores this as a hex string (not raw bytes).
+ */
+function generateAesKeyHex() {
+    return randomBytes(16).toString('hex');
+}
+/**
+ * Encrypt plaintext buffer with AES-128-ECB + PKCS7 padding.
+ * Key is a 16-byte hex string → parse to 16-byte Buffer.
+ */
+function encryptAes128Ecb(plain, aesKeyHex) {
+    const key = Buffer.from(aesKeyHex, 'hex');
+    const cipher = createCipheriv('aes-128-ecb', key, Buffer.alloc(0));
+    return Buffer.concat([cipher.update(plain), cipher.final()]);
+}
+/**
+ * Encode the hex AES key as base64 (matches download-side parseAesKey expectation).
+ *
+ * Download does:  base64 → utf8 hex string → Buffer.from(hex)
+ * So upload must: hex string → utf8 bytes → base64
+ */
+function aesKeyToBase64(aesKeyHex) {
+    return Buffer.from(aesKeyHex, 'utf8').toString('base64');
+}
+/**
+ * Upload a local file to the WeChat CDN.
+ *
+ * 1. Read file & generate AES key
+ * 2. Encrypt with AES-128-ECB
+ * 3. POST /ilink/bot/getuploadurl to obtain CDN endpoint
+ * 4. PUT encrypted payload to CDN
+ * 5. Return CDNMedia for embedding in sendMessage
+ */
+export async function uploadMedia(filePath, mediaType, baseUrl, token, toUserId) {
+    // 1. Read & encrypt
+    const plain = readFileSync(filePath);
+    const aesKeyHex = generateAesKeyHex();
+    const encrypted = encryptAes128Ecb(plain, aesKeyHex);
+    const filekey = randomBytes(16).toString('hex');
+    const rawfilemd5 = createHash('md5').update(plain).digest('hex');
+    // 2. Get upload URL
+    const body = {
+        filekey,
+        media_type: MEDIA_TYPE_MAP[mediaType],
+        to_user_id: toUserId,
+        rawsize: plain.length,
+        rawfilemd5,
+        filesize: encrypted.length,
+        aeskey: aesKeyHex,
+        no_need_thumb: true,
+        base_info: { channel_version: '1.0.0' },
+    };
+    const normalizedBase = baseUrl.replace(/\/+$/, '');
+    const uploadUrlResp = await fetch(new URL('/ilink/bot/getuploadurl', `${normalizedBase}/`), {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            ...buildHeaders(token),
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(15_000),
+    });
+    if (!uploadUrlResp.ok) {
+        const text = await uploadUrlResp.text();
+        throw new Error(`getuploadurl failed: HTTP ${uploadUrlResp.status} — ${text}`);
+    }
+    const uploadInfo = (await uploadUrlResp.json());
+    if (uploadInfo.ret && uploadInfo.ret !== 0) {
+        throw new Error(`getuploadurl returned ret=${uploadInfo.ret}`);
+    }
+    // 3. Upload encrypted payload to CDN
+    const cdnBase = uploadInfo.upload_url || 'https://novac2c.cdn.weixin.qq.com/c2c/upload';
+    const cdnUrl = `${cdnBase}?encrypted_query_param=${encodeURIComponent(uploadInfo.upload_param)}&filekey=${filekey}`;
+    const cdnResp = await fetch(cdnUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/octet-stream',
+            ...buildHeaders(token),
+        },
+        body: new Uint8Array(encrypted),
+        signal: AbortSignal.timeout(60_000),
+    });
+    if (!cdnResp.ok) {
+        const text = await cdnResp.text();
+        throw new Error(`CDN upload failed: HTTP ${cdnResp.status} — ${text}`);
+    }
+    // 4. Extract encrypt_query_param from response
+    //    Prefer header, fall back to JSON body
+    let encryptQueryParam = cdnResp.headers.get('x-encrypted-param') ?? '';
+    if (!encryptQueryParam) {
+        const cdnBody = (await cdnResp.json());
+        encryptQueryParam = cdnBody.encrypt_query_param ?? '';
+    }
+    if (!encryptQueryParam) {
+        throw new Error('CDN upload succeeded but no encrypt_query_param returned');
+    }
+    return {
+        cdnMedia: {
+            encrypt_query_param: encryptQueryParam,
+            aes_key: aesKeyToBase64(aesKeyHex),
+            encrypt_type: 1,
+        },
+        rawSize: plain.length,
+    };
+}

package/dist/plugins/weixin/media.d.ts

@@ -0,0 +1,6 @@
+/**
+ * 媒体下载 + AES 解密
+ * 从 cc2wx.ts:31-106 搬迁，逻辑不变
+ */
+export declare function cleanupMedia(): void;
+export declare function downloadMedia(item: any): Promise<string | null>;