cclawd 1.0.0 → 1.0.2

package/extensions/mfa-auth/index.ts

@@ -1,12 +1,12 @@
 import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
 import { authManager } from "./src/auth-manager.js";
 import { config } from "./src/config.js";
+import { dabbyClient } from "./src/dabby-client.js";
 import { NotificationService } from "./src/notification-service.js";
 import { qrCodeAuthProvider } from "./src/providers/qr-code.js";
-import { startHttpServer, setNotifyCallback, getServerBaseUrl } from "./src/server.js";
+import { setNotifyCallback } from "./src/server.js";
 import type { AuthSession } from "./src/types.js";
 
-let serverStarted = false;
 const notificationService = NotificationService.getInstance();
 const pendingAuthUsers = new Set<string>();
 
@@ -98,14 +98,17 @@ export default function register(api: OpenClawPluginApi) {
       const session = authManager.getLatestSessionByUserId(userId);
       const metadata = session?.metadata as Record<string, unknown> | undefined;
 
-      if (metadata?.authUrl) {
+      if (metadata?.qrCodeUrl) {
         pendingAuthUsers.delete(userId);
 
         let messageText = "";
         if (metadata.triggerType === "first_message") {
-          messageText = `🔐 首次对话需要进行认证\n\n为了您的账户安全，首次对话前需要完成身份验证。\n\n请点击链接完成验证:\n${metadata.authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`;
+          const isReauth = metadata.isReauth === true;
+          messageText = isReauth
+            ? `🔐 重新认证\n\n📱 请点击以下链接完成扫码认证:\n${metadata.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`
+            : `🔐 首次对话需要进行认证\n\n为了您的账户安全，首次对话前需要完成身份验证。\n\n📱 请点击以下链接完成扫码认证:\n${metadata.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`;
         } else if (metadata.triggerType === "sensitive_operation") {
-          messageText = `🔐 该操作需要二次认证\n\n检测到敏感操作: ${metadata.commandPreview}\n\n请点击链接完成验证:\n${metadata.authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟\n\n验证成功后，请回复"确认"或者重新发送之前的命令以继续执行。`;
+          messageText = `🔐 该操作需要二次认证\n\n检测到敏感操作: ${metadata.commandPreview}\n\n📱 请点击以下链接完成扫码认证:\n${metadata.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟\n\n验证成功后，请回复"确认"或者重新发送之前的命令以继续执行。`;
         }
 
         return { content: messageText };
@@ -207,7 +210,7 @@ export default function register(api: OpenClawPluginApi) {
       `[mfa-auth] Parsed from sessionKey: channel=${parsedChannel}, accountId=${parsedAccountId}, to=${parsedTo}`,
     );
 
-    const session = authManager.generateSession(userId, {
+    const session = await authManager.generateSession(userId, {
       sessionKey,
       senderId: userId,
       commandBody: command,
@@ -225,8 +228,6 @@ export default function register(api: OpenClawPluginApi) {
       return undefined;
     }
 
-    const authUrl = `${getServerBaseUrl()}/mfa-auth/${session.sessionId}`;
-
     api.logger.info(`[mfa-auth] Blocking sensitive tool call: ${toolName} from ${userId}`);
 
     // For webchat, use userId as sessionKey instead of agent:main:<userId>
@@ -238,7 +239,7 @@ export default function register(api: OpenClawPluginApi) {
           parsedChannel,
           parsedAccountId,
           parsedTo || userId,
-          `🔐 该操作需要二次认证\n\n检测到敏感操作: ${preview}\n\n请点击链接完成验证:\n${authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟\n\n验证成功后，请回复"确认"或者重新发送之前的命令以继续执行。`,
+          `🔐 该操作需要二次认证\n\n检测到敏感操作: ${preview}\n\n📱 请点击以下链接完成扫码认证:\n${session.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟\n\n验证成功后，请回复"确认"或者重新发送之前的命令以继续执行。`,
           userId,
           sessionKeyForWebchat,
         );
@@ -253,7 +254,7 @@ export default function register(api: OpenClawPluginApi) {
       // Also add to pending users as fallback
       pendingAuthUsers.add(userId);
       authManager.setSessionMetadata(session.sessionId, {
-        authUrl,
+        qrCodeUrl: session.qrCodeUrl,
         triggerType: "sensitive_operation",
         commandPreview: preview,
       });
@@ -274,41 +275,29 @@ export default function register(api: OpenClawPluginApi) {
     }
 
     if (parsedChannel && parsedChannel !== "web") {
-      if (parsedChannel !== "feishu") {
+      if (false) {
         api.logger.warn(
           `[mfa-auth] Channel ${parsedChannel} not supported, skipping auth notification`,
         );
       } else {
-        api.logger.info(
-          `[mfa-auth] Sensitive operation params: channel=${parsedChannel}, to=${parsedTo}, accountId=${parsedAccountId}, userId=${userId}`,
-        );
+        const messageText = `🔐 该操作需要二次认证\n\n检测到敏感操作: ${preview}\n\n📱 请点击以下链接完成扫码认证:\n${session.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟\n\n验证成功后，请回复"确认"或者重新发送之前的命令以继续执行。`;
 
-        try {
-          await sendAuthMessage(
-            parsedChannel,
-            parsedAccountId,
-            parsedTo || userId,
-            `🔐 该操作需要二次认证\n\n检测到敏感操作: ${preview}\n\n请点击链接完成验证:\n${authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟\n\n验证成功后，请回复"确认"或者重新发送之前的命令以继续执行。`,
-            userId,
-          );
+        await sendAuthMessage(
+          parsedChannel,
+          parsedAccountId,
+          parsedTo || userId,
+          messageText,
+          userId,
+        );
 
-          startPollingForAuth(api, userId, session.sessionId, {
-            triggerType: "sensitive_operation",
-            isReauth: false,
-            channel: parsedChannel,
-            accountId: parsedAccountId,
-            to: parsedTo,
-            sessionKey: ctx.sessionKey || "",
-          });
-        } catch (error) {
-          const errorDetails = error instanceof Error ? error.message : String(error);
-          api.logger.error(
-            `[mfa-auth] Failed to send sensitive operation auth notification: ${errorDetails}`,
-          );
-          api.logger.error(
-            `[mfa-auth] Sensitive operation notification details: channel=${parsedChannel}, to=${parsedTo}, accountId=${parsedAccountId}`,
-          );
-        }
+        startPollingForAuth(api, userId, session.sessionId, {
+          triggerType: "sensitive_operation",
+          isReauth: false,
+          channel: parsedChannel,
+          accountId: parsedAccountId,
+          to: parsedTo,
+          sessionKey: ctx.sessionKey || "",
+        });
       }
     }
 
@@ -332,6 +321,14 @@ export default function register(api: OpenClawPluginApi) {
       return;
     }
 
+    const content = event.content || "";
+    const isReauthCommand = content.trim() === "/reauth";
+
+    if (isReauthCommand) {
+      api.logger.info(`[mfa-auth] /reauth command detected, skipping first message auth check`);
+      return;
+    }
+
     const userId = event.from || ctx.conversationId || "unknown";
 
     if (authManager.isUserVerifiedForFirstMessage(userId)) {
@@ -394,7 +391,7 @@ export default function register(api: OpenClawPluginApi) {
       }
     }
 
-    const session = authManager.generateSession(userId, {
+    const session = await authManager.generateSession(userId, {
       sessionKey,
       senderId: userId,
       commandBody: event.content || "",
@@ -414,14 +411,12 @@ export default function register(api: OpenClawPluginApi) {
       return;
     }
 
-    const authUrl = `${getServerBaseUrl()}/mfa-auth/${session.sessionId}`;
-
     api.logger.info(`[mfa-auth] Blocking first message from ${userId}`);
 
     if (parsedChannel === "webchat" || parsedChannel === "web") {
       pendingAuthUsers.add(userId);
       authManager.setSessionMetadata(session.sessionId, {
-        authUrl,
+        qrCodeUrl: session.qrCodeUrl,
         triggerType: "first_message",
       });
 
@@ -438,41 +433,30 @@ export default function register(api: OpenClawPluginApi) {
     }
 
     if (parsedChannel && parsedChannel !== "web") {
-      if (parsedChannel !== "feishu") {
+      if (false) {
         api.logger.warn(
           `[mfa-auth] Channel ${parsedChannel} not supported, skipping auth notification`,
         );
       } else {
-        api.logger.info(
-          `[mfa-auth] First message auth params: channel=${parsedChannel}, to=${parsedTo}, accountId=${parsedAccountId}, userId=${userId}`,
-        );
+        const messageText = `🔐 首次对话需要进行认证\n\n为了您的账户安全，首次对话前需要完成身份验证。\n\n📱 请点击以下链接完成扫码认证:\n${session.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`;
 
-        try {
-          await sendAuthMessage(
-            parsedChannel,
-            parsedAccountId,
-            parsedTo || userId,
-            `🔐 首次对话需要进行认证\n\n为了您的账户安全，首次对话前需要完成身份验证。\n\n请点击链接完成验证:\n${authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`,
-            userId,
-          );
+        await sendAuthMessage(
+          parsedChannel,
+          parsedAccountId,
+          parsedTo || userId,
+          messageText,
+          userId,
+          sessionKey,
+        );
 
-          startPollingForAuth(api, userId, session.sessionId, {
-            triggerType: "first_message",
-            isReauth: false,
-            channel: parsedChannel,
-            accountId: parsedAccountId,
-            to: parsedTo,
-            sessionKey: sessionKey,
-          });
-        } catch (error) {
-          const errorDetails = error instanceof Error ? error.message : String(error);
-          api.logger.error(
-            `[mfa-auth] Failed to send first message auth notification: ${errorDetails}`,
-          );
-          api.logger.error(
-            `[mfa-auth] Notification details: channel=${parsedChannel}, to=${parsedTo}, accountId=${parsedAccountId}`,
-          );
-        }
+        startPollingForAuth(api, userId, session.sessionId, {
+          triggerType: "first_message",
+          isReauth: false,
+          channel: parsedChannel,
+          accountId: parsedAccountId,
+          to: parsedTo,
+          sessionKey: sessionKey,
+        });
       }
     }
   });
@@ -506,7 +490,7 @@ export default function register(api: OpenClawPluginApi) {
 
       api.logger.info(`[mfa-auth] Using sessionKey for reauth: ${sessionKey}`);
 
-      const session = authManager.generateSession(userId, {
+      const session = await authManager.generateSession(userId, {
         sessionKey,
         senderId: userId,
         commandBody: "/reauth",
@@ -524,18 +508,23 @@ export default function register(api: OpenClawPluginApi) {
         return { text: "❌ 认证会话创建失败，请稍后重试。" };
       }
 
-      const authUrl = `${getServerBaseUrl()}/mfa-auth/${session.sessionId}`;
-
       api.logger.info(
         `[mfa-auth] Reauth requested by user ${userId}, session=${session.sessionId}`,
       );
 
-      const messageText = `🔐 重新认证\n\n请点击以下链接完成身份验证:\n${authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`;
+      const messageText = `🔐 重新认证\n\n📱 请点击以下链接完成扫码认证:\n${session.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`;
 
       // Use sendAuthMessage to ensure consistent delivery via WebSocket for WebChat
       // This will use the new robust session resolution logic
       if (parsedChannel === "webchat" || parsedChannel === "web") {
         try {
+          pendingAuthUsers.add(userId);
+          authManager.setSessionMetadata(session.sessionId, {
+            qrCodeUrl: session.qrCodeUrl,
+            triggerType: "first_message",
+            isReauth: true,
+          });
+
           await sendAuthMessage(
             parsedChannel,
             parsedAccountId,
@@ -562,7 +551,7 @@ export default function register(api: OpenClawPluginApi) {
         }
       }
 
-      if (!parsedChannel || parsedChannel !== "feishu") {
+      if (!parsedChannel) {
         api.logger.warn(`[mfa-auth] Channel ${parsedChannel} not supported`);
         return { text: "❌ 当前渠道不支持认证。" };
       }
@@ -576,7 +565,7 @@ export default function register(api: OpenClawPluginApi) {
           parsedChannel,
           parsedAccountId,
           parsedTo || userId,
-          `🔐 重新认证\n\n请点击以下链接完成身份验证:\n${authUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`,
+          `🔐 重新认证\n\n📱 请点击以下链接完成扫码认证:\n${session.qrCodeUrl}\n\n验证有效期: ${Math.floor(config.timeout / 60000)} 分钟`,
           userId,
         );
 
@@ -598,12 +587,7 @@ export default function register(api: OpenClawPluginApi) {
     },
   });
 
-  if (!serverStarted) {
-    api.logger.info("mfa-auth: Starting HTTP server...");
-    startHttpServer();
-    serverStarted = true;
-    api.logger.info("mfa-auth plugin loaded");
-  }
+  api.logger.info("mfa-auth plugin loaded");
 }
 
 function startPollingForAuth(
@@ -619,18 +603,11 @@ function startPollingForAuth(
     sessionKey?: string;
   },
 ) {
-  // Only start polling if notification is disabled (passive mode)
-  // Or we can always poll as a fallback?
-  // User asked for this SPECIFICALLY when enableAuthNotification is false.
-  // But if it's true, the callback will handle it.
-  // To avoid double notification, we should check the config here or ensure consumption is atomic.
-  // Since checkAndConsumeNotification is atomic, we can run this safely even if callback also runs.
-
   api.logger.info(
     `[mfa-auth] Starting polling for auth status: userId=${userId}, sessionId=${sessionId}`,
   );
 
-  const pollInterval = setInterval(() => {
+  const pollInterval = setInterval(async () => {
     let isVerified = false;
     if (context.triggerType === "first_message") {
       isVerified = authManager.isUserVerifiedForFirstMessage(userId);
@@ -638,6 +615,34 @@ function startPollingForAuth(
       isVerified = authManager.isUserVerifiedForSensitiveOps(userId);
     }
 
+    if (!isVerified) {
+      const session = authManager.getSession(sessionId);
+      if (session && session.certToken) {
+        try {
+          const authResult = await dabbyClient.getAuthResult(session.certToken);
+          if (authResult.status === "verified") {
+            api.logger.info(`[mfa-auth] Auth verification successful for session ${sessionId}`);
+            authManager.markUserVerified(
+              userId,
+              context.triggerType === "first_message" ? "first_message" : "sensitive_operation",
+              context.isReauth,
+            );
+            isVerified = true;
+          } else if (authResult.status === "failed" || authResult.status === "expired") {
+            api.logger.warn(
+              `[mfa-auth] Auth failed or expired for session ${sessionId}: ${authResult.error}`,
+            );
+            clearInterval(pollInterval);
+            return;
+          }
+        } catch (error) {
+          api.logger.error(
+            `[mfa-auth] Failed to check auth status for session ${sessionId}: ${String(error)}`,
+          );
+        }
+      }
+    }
+
     if (isVerified) {
       clearInterval(pollInterval);
 

package/extensions/mfa-auth/node_modules/.bin/qrcode-terminal

@@ -9,13 +9,8 @@ case `uname` in
     ;;
 esac
 
-if [ -z "$NODE_PATH" ]; then
-  export NODE_PATH="/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal/bin/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/node_modules"
-else
-  export NODE_PATH="/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal/bin/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/node_modules:$NODE_PATH"
-fi
 if [ -x "$basedir/node" ]; then
   exec "$basedir/node"  "$basedir/../qrcode-terminal/bin/qrcode-terminal.js" "$@"
-else
+else 
   exec node  "$basedir/../qrcode-terminal/bin/qrcode-terminal.js" "$@"
 fi

package/extensions/mfa-auth/node_modules/.bin/qrcode-terminal.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+GOTO start
+:find_dp0
+SET dp0=%~dp0
+EXIT /b
+:start
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+endLocal & goto #_undefined_# 2>NUL || title %COMSPEC% & "%_prog%"  "%dp0%\..\qrcode-terminal\bin\qrcode-terminal.js" %*

package/extensions/mfa-auth/node_modules/.bin/qrcode-terminal.ps1

@@ -2,23 +2,11 @@
 $basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
 
 $exe=""
-$pathsep=":"
-$env_node_path=$env:NODE_PATH
-$new_node_path="C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\qrcode-terminal@0.12.0\node_modules\qrcode-terminal\bin\node_modules;C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\qrcode-terminal@0.12.0\node_modules\qrcode-terminal\node_modules;C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\qrcode-terminal@0.12.0\node_modules;C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\node_modules"
 if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
   # Fix case when both the Windows and Linux builds of Node
   # are installed in the same directory
   $exe=".exe"
-  $pathsep=";"
-} else {
-  $new_node_path="/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal/bin/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/node_modules"
-}
-if ([string]::IsNullOrEmpty($env_node_path)) {
-  $env:NODE_PATH=$new_node_path
-} else {
-  $env:NODE_PATH="$new_node_path$pathsep$env_node_path"
 }
-
 $ret=0
 if (Test-Path "$basedir/node$exe") {
   # Support pipeline input
@@ -37,5 +25,4 @@ if (Test-Path "$basedir/node$exe") {
   }
   $ret=$LASTEXITCODE
 }
-$env:NODE_PATH=$env_node_path
 exit $ret

package/extensions/mfa-auth/node_modules/.bin/tsx

@@ -9,13 +9,8 @@ case `uname` in
     ;;
 esac
 
-if [ -z "$NODE_PATH" ]; then
-  export NODE_PATH="/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/node_modules"
-else
-  export NODE_PATH="/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/node_modules:$NODE_PATH"
-fi
 if [ -x "$basedir/node" ]; then
   exec "$basedir/node"  "$basedir/../tsx/dist/cli.mjs" "$@"
-else
+else 
   exec node  "$basedir/../tsx/dist/cli.mjs" "$@"
 fi

package/extensions/mfa-auth/node_modules/.bin/tsx.cmd

@@ -0,0 +1,17 @@
+@ECHO off
+GOTO start
+:find_dp0
+SET dp0=%~dp0
+EXIT /b
+:start
+SETLOCAL
+CALL :find_dp0
+
+IF EXIST "%dp0%\node.exe" (
+  SET "_prog=%dp0%\node.exe"
+) ELSE (
+  SET "_prog=node"
+  SET PATHEXT=%PATHEXT:;.JS;=;%
+)
+
+endLocal & goto #_undefined_# 2>NUL || title %COMSPEC% & "%_prog%"  "%dp0%\..\tsx\dist\cli.mjs" %*

package/extensions/mfa-auth/node_modules/.bin/tsx.ps1

@@ -2,23 +2,11 @@
 $basedir=Split-Path $MyInvocation.MyCommand.Definition -Parent
 
 $exe=""
-$pathsep=":"
-$env_node_path=$env:NODE_PATH
-$new_node_path="C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\tsx@4.21.0\node_modules\tsx\dist\node_modules;C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\tsx@4.21.0\node_modules\tsx\node_modules;C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\tsx@4.21.0\node_modules;C:\Users\asta1\PycharmProjects\cclawd\node_modules\.pnpm\node_modules"
 if ($PSVersionTable.PSVersion -lt "6.0" -or $IsWindows) {
   # Fix case when both the Windows and Linux builds of Node
   # are installed in the same directory
   $exe=".exe"
-  $pathsep=";"
-} else {
-  $new_node_path="/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/dist/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules/tsx/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/tsx@4.21.0/node_modules:/mnt/c/Users/asta1/PycharmProjects/cclawd/node_modules/.pnpm/node_modules"
-}
-if ([string]::IsNullOrEmpty($env_node_path)) {
-  $env:NODE_PATH=$new_node_path
-} else {
-  $env:NODE_PATH="$new_node_path$pathsep$env_node_path"
 }
-
 $ret=0
 if (Test-Path "$basedir/node$exe") {
   # Support pipeline input
@@ -37,5 +25,4 @@ if (Test-Path "$basedir/node$exe") {
   }
   $ret=$LASTEXITCODE
 }
-$env:NODE_PATH=$env_node_path
 exit $ret

package/extensions/mfa-auth/node_modules/.package-lock.json

@@ -0,0 +1,103 @@
+{
+  "name": "openclaw-mfa-auth",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "../../node_modules/.pnpm/@larksuiteoapi+node-sdk@1.59.0/node_modules/@larksuiteoapi/node-sdk": {
+      "version": "1.59.0",
+      "license": "MIT",
+      "dependencies": {
+        "axios": "~1.13.3",
+        "lodash.identity": "^3.0.0",
+        "lodash.merge": "^4.6.2",
+        "lodash.pickby": "^4.6.0",
+        "protobufjs": "^7.2.6",
+        "qs": "^6.14.2",
+        "ws": "^8.19.0"
+      },
+      "devDependencies": {
+        "@koa/router": "^12.0.0",
+        "@rollup/plugin-alias": "^3.1.9",
+        "@rollup/plugin-typescript": "^8.3.2",
+        "@types/jest": "^28.1.3",
+        "@types/lodash.merge": "^4.6.7",
+        "@types/lodash.pick": "^4.4.7",
+        "@types/qs": "^6.9.16",
+        "@types/ws": "^8.5.10",
+        "@typescript-eslint/parser": "^5.27.1",
+        "body-parser": "^1.20.1",
+        "eslint": "^8.17.0",
+        "eslint-config-airbnb-base": "^15.0.0",
+        "eslint-config-prettier": "^8.5.0",
+        "eslint-plugin-import": "^2.26.0",
+        "express": "^4.18.2",
+        "jest": "^28.1.1",
+        "koa": "^2.13.4",
+        "koa-body": "^5.0.0",
+        "prettier": "2.6.2",
+        "rollup": "^2.75.5",
+        "rollup-plugin-dts": "^4.2.2",
+        "rollup-plugin-license": "^2.8.1",
+        "ts-jest": "^28.0.5",
+        "ts-node": "^10.8.1",
+        "tsconfig-paths": "^4.0.0",
+        "tslib": "^2.4.0",
+        "typescript": "^4.7.3"
+      }
+    },
+    "../../node_modules/.pnpm/@types+node@20.19.37/node_modules/@types/node": {
+      "version": "20.19.37",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "../../node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal": {
+      "version": "0.12.0",
+      "bin": {
+        "qrcode-terminal": "bin/qrcode-terminal.js"
+      },
+      "devDependencies": {
+        "expect.js": "*",
+        "jshint": "*",
+        "mocha": "*",
+        "sinon": "*"
+      }
+    },
+    "../../node_modules/.pnpm/tsx@4.21.0/node_modules/tsx": {
+      "version": "4.21.0",
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "~0.27.0",
+        "get-tsconfig": "^4.7.5"
+      },
+      "bin": {
+        "tsx": "dist/cli.mjs"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      }
+    },
+    "node_modules/@larksuiteoapi/node-sdk": {
+      "resolved": "../../node_modules/.pnpm/@larksuiteoapi+node-sdk@1.59.0/node_modules/@larksuiteoapi/node-sdk",
+      "link": true
+    },
+    "node_modules/@types/node": {
+      "resolved": "../../node_modules/.pnpm/@types+node@20.19.37/node_modules/@types/node",
+      "link": true
+    },
+    "node_modules/qrcode-terminal": {
+      "resolved": "../../node_modules/.pnpm/qrcode-terminal@0.12.0/node_modules/qrcode-terminal",
+      "link": true
+    },
+    "node_modules/tsx": {
+      "resolved": "../../node_modules/.pnpm/tsx@4.21.0/node_modules/tsx",
+      "link": true
+    }
+  }
+}