npm - cclawd - Versions diffs - 2026.3.37 → 2026.3.38 - Mend

cclawd 2026.3.37 → 2026.3.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/.buildstamp CHANGED Viewed

	@@ -1 +1 @@
1	- {"builtAt":~~1779772831735~~,"head":"~~4d285bed5bc28747fa2fac8c0483add371947d16~~"}
1	+ {"builtAt":1779847731292,"head":"130310d3504f3dbf6c85523f813ceef7e406e463"}

package/dist/build-info.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "2026.3.37",
-  "commit": "4d285bed5bc28747fa2fac8c0483add371947d16",
-  "builtAt": "2026-05-26T05:20:52.974Z"
+  "version": "2026.3.38",
+  "commit": "130310d3504f3dbf6c85523f813ceef7e406e463",
+  "builtAt": "2026-05-27T02:09:12.325Z"
 }

package/dist/extensions/cclawd-guard/index.js CHANGED Viewed

@@ -561,17 +561,27 @@ var BehaviorDetector = class {
 		this.pendingQuotaMessage = null;
 		return msg;
 	}
+	/**
+	* Update current-turn user intent from a raw user message (message_received only).
+	* Do not call with agent prompts — they may include channel envelopes/system injection.
+	*/
 	setUserIntent(sessionKey, message) {
 		const state = this.getOrCreate(sessionKey);
-		const hasBypassMarker = message.includes(REAL_PERSON_AUTH_BYPASS_MARKER);
-		const effectiveMessage = message.replace(REAL_PERSON_AUTH_BYPASS_MARKER, "").trim() || message;
-		if (hasBypassMarker) {
+		if (message.includes(REAL_PERSON_AUTH_BYPASS_MARKER)) {
 			state.realPersonAuthBypassOncePending = true;
 			this.log.info("Detected real-person-auth bypass marker; next tool call will be allowed once.");
 		}
-		if (!state.userIntent) state.userIntent = effectiveMessage.slice(0, 500);
+		const effectiveMessage = this.stripBypassMarker(message);
+		state.userIntent = effectiveMessage.slice(0, 500);
 		state.recentUserMessages = [...state.recentUserMessages.slice(-4), effectiveMessage.slice(0, 200)];
 	}
+	/** Detect real-person-auth one-shot bypass marker in the agent prompt (before_agent_start). */
+	handleAuthBypassMarker(sessionKey, message) {
+		if (!message.includes(REAL_PERSON_AUTH_BYPASS_MARKER)) return;
+		const state = this.getOrCreate(sessionKey);
+		state.realPersonAuthBypassOncePending = true;
+		this.log.info("Detected real-person-auth bypass marker; next tool call will be allowed once.");
+	}
 	clearSession(sessionKey) {
 		this.sessions.delete(sessionKey);
 	}
@@ -796,6 +806,9 @@ var BehaviorDetector = class {
 			clearTimeout(timer);
 		}
 	}
+	stripBypassMarker(message) {
+		return message.replace(REAL_PERSON_AUTH_BYPASS_MARKER, "").trim() || message;
+	}
 	detectLocalHardBlock(userIntent, toolName, params) {
 		const paramsText = JSON.stringify(params ?? {}).toLowerCase();
 		const context = [
@@ -1875,7 +1888,7 @@ const openClawGuardPlugin = {
 			const text = typeof event.prompt === "string" ? event.prompt : JSON.stringify(event.prompt ?? "");
 			const runId = `run-${randomBytes(8).toString("hex")}`;
 			globalEventReporter?.setRunId(sessionKey, runId);
-			if (globalBehaviorDetector && event.prompt) globalBehaviorDetector.setUserIntent(sessionKey, text);
+			if (globalBehaviorDetector && event.prompt) globalBehaviorDetector.handleAuthBypassMarker(sessionKey, text);
 			globalEventReporter?.report(sessionKey, "before_agent_start", {
 				timestamp: (/* @__PURE__ */ new Date()).toISOString(),
 				prompt: text,

package/dist/extensions/feishu/node_modules/.package-lock.json CHANGED Viewed

@@ -3,9 +3,9 @@
   "requires": true,
   "packages": {
     "node_modules/@larksuiteoapi/node-sdk": {
-      "version": "1.65.0",
-      "resolved": "https://registry.npmjs.org/@larksuiteoapi/node-sdk/-/node-sdk-1.65.0.tgz",
-      "integrity": "sha512-SkMeiFvi4mMVGrmBBh50vWPOgAvfbcpdcAW+iryheFFHUmji49aDch/YtxsKGFtzFlL/rseQXFzNFL8+LdQQ5Q==",
+      "version": "1.66.0",
+      "resolved": "https://registry.npmjs.org/@larksuiteoapi/node-sdk/-/node-sdk-1.66.0.tgz",
+      "integrity": "sha512-ueKbbdvmVGVie3KvKbvHZqvDC/gg3M0rRDeyQanQWK+i2bQgiiTpIfpqVWvxuTgprV31yqV7HPMjN6KegWSCfA==",
       "license": "MIT",
       "dependencies": {
         "axios": "~1.13.3",

package/dist/extensions/feishu/node_modules/@larksuiteoapi/node-sdk/README.md CHANGED Viewed

@@ -691,6 +691,10 @@ try {
 | signal | `AbortSignal` to cancel the polling | AbortSignal | No | - |
 | onQRCodeReady | Callback when the verification URL is ready. Receives `{ url, expireIn }`. You can render the URL as a QR code for users to scan, or display it as a link | function | Yes | - |
 | onStatusChange | Callback on polling status changes. Receives `{ status, interval? }`. Status values: `polling`, `slow_down`, `domain_switched` | function | No | - |
+| appPreset | Pre-fill values for the app-creation page. All fields are optional; users can still edit them on the page | AppPreset | No | - |
+| appPreset.avatar | App avatar URL(s). 1-6 URLs supported; the first one is selected by default. Allowed formats: png / jpg / jpeg / webp / gif (gif is sampled to a single frame, not animated) | string \| string[] | No | - |
+| appPreset.name | App name. Supports the `{user}` placeholder (replaced with the scanning user's name) | string | No | - |
+| appPreset.desc | App description. Supports the `{user}` placeholder | string | No | - |
 #### Return value

package/dist/extensions/feishu/node_modules/@larksuiteoapi/node-sdk/README.zh.md CHANGED Viewed

@@ -753,6 +753,10 @@ try {
 | signal         | 用于取消轮询的 `AbortSignal`                                                                    | AbortSignal | 否  | -                        |
 | onQRCodeReady  | 验证链接就绪时的回调，参数为 `{ url, expireIn }`。可将 URL 渲染为二维码供用户扫码，或直接作为链接展示                          | function    | 是  | -                        |
 | onStatusChange | 轮询状态变化时的回调，参数为 `{ status, interval? }`。status 取值：`polling`、`slow_down`、`domain_switched` | function    | 否  | -                        |
+| appPreset      | 预设应用信息（头像、名称、描述）。所有字段都是可选的，用户扫码后仍可在页面手动修改                                                  | AppPreset   | 否  | -                        |
+| appPreset.avatar | 应用头像 URL，支持 1-6 个；传多个时默认选中第一个。支持 png / jpg / jpeg / webp / gif（gif 自动取一帧，不保留动图）           | string \| string[] | 否  | -                |
+| appPreset.name | 应用名称，支持 `{user}` 占位符（替换为扫码用户名称）                                                              | string      | 否  | -                        |
+| appPreset.desc | 应用描述，支持 `{user}` 占位符                                                                          | string      | 否  | -                        |
 #### 返回值

package/dist/extensions/feishu/node_modules/@larksuiteoapi/node-sdk/es/index.js CHANGED Viewed

@@ -89750,6 +89750,35 @@ const SDK_NAME = 'node-sdk';
 const DEFAULT_FEISHU_DOMAIN = 'accounts.feishu.cn';
 const DEFAULT_LARK_DOMAIN = 'accounts.larksuite.com';
 const ENDPOINT = '/oauth/v1/app/registration';
+const AVATAR_MAX_COUNT = 6;
+/**
+ * Append `avatar` / `name` / `desc` query params to the QR code URL.
+ * `URLSearchParams` handles URL encoding automatically.
+ */
+function applyAppPreset(qrCodeUrl, preset) {
+    const { avatar, name, desc } = preset;
+    if (avatar !== undefined) {
+        const avatars = Array.isArray(avatar) ? avatar : [avatar];
+        if (avatars.length === 0) {
+            throw new Error('appPreset.avatar must contain at least 1 URL');
+        }
+        if (avatars.length > AVATAR_MAX_COUNT) {
+            throw new Error(`appPreset.avatar supports at most ${AVATAR_MAX_COUNT} URLs, got ${avatars.length}`);
+        }
+        avatars.forEach((url, idx) => {
+            if (typeof url !== 'string' || url === '') {
+                throw new Error(`appPreset.avatar[${idx}] must be a non-empty string`);
+            }
+            qrCodeUrl.searchParams.append('avatar', url);
+        });
+    }
+    if (name !== undefined) {
+        qrCodeUrl.searchParams.set('name', name);
+    }
+    if (desc !== undefined) {
+        qrCodeUrl.searchParams.set('desc', desc);
+    }
+}
 function requestRegistration(baseUrl, params) {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
@@ -89867,13 +89896,16 @@ function startPolling(ctx) {
 function registerApp(options) {
     var _a, _b, _c, _d;
     return __awaiter(this, void 0, void 0, function* () {
-        const { domain, source, signal, onQRCodeReady, onStatusChange } = options;
+        const { domain, source, signal, onQRCodeReady, onStatusChange, appPreset } = options;
         const baseUrl = `https://${domain !== null && domain !== void 0 ? domain : DEFAULT_FEISHU_DOMAIN}`;
         const beginRes = yield begin(baseUrl);
         const qrCodeUrl = new URL(beginRes.verification_uri_complete);
         qrCodeUrl.searchParams.set('from', 'sdk');
         qrCodeUrl.searchParams.set('source', source ? `${SDK_NAME}/${source}` : SDK_NAME);
         qrCodeUrl.searchParams.set('tp', 'sdk');
+        if (appPreset) {
+            applyAppPreset(qrCodeUrl, appPreset);
+        }
         onQRCodeReady({
             url: qrCodeUrl.toString(),
             expireIn: (_a = beginRes.expires_in) !== null && _a !== void 0 ? _a : 600,

package/dist/extensions/feishu/node_modules/@larksuiteoapi/node-sdk/lib/index.js CHANGED Viewed

@@ -89768,6 +89768,35 @@ const SDK_NAME = 'node-sdk';
 const DEFAULT_FEISHU_DOMAIN = 'accounts.feishu.cn';
 const DEFAULT_LARK_DOMAIN = 'accounts.larksuite.com';
 const ENDPOINT = '/oauth/v1/app/registration';
+const AVATAR_MAX_COUNT = 6;
+/**
+ * Append `avatar` / `name` / `desc` query params to the QR code URL.
+ * `URLSearchParams` handles URL encoding automatically.
+ */
+function applyAppPreset(qrCodeUrl, preset) {
+    const { avatar, name, desc } = preset;
+    if (avatar !== undefined) {
+        const avatars = Array.isArray(avatar) ? avatar : [avatar];
+        if (avatars.length === 0) {
+            throw new Error('appPreset.avatar must contain at least 1 URL');
+        }
+        if (avatars.length > AVATAR_MAX_COUNT) {
+            throw new Error(`appPreset.avatar supports at most ${AVATAR_MAX_COUNT} URLs, got ${avatars.length}`);
+        }
+        avatars.forEach((url, idx) => {
+            if (typeof url !== 'string' || url === '') {
+                throw new Error(`appPreset.avatar[${idx}] must be a non-empty string`);
+            }
+            qrCodeUrl.searchParams.append('avatar', url);
+        });
+    }
+    if (name !== undefined) {
+        qrCodeUrl.searchParams.set('name', name);
+    }
+    if (desc !== undefined) {
+        qrCodeUrl.searchParams.set('desc', desc);
+    }
+}
 function requestRegistration(baseUrl, params) {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
@@ -89885,13 +89914,16 @@ function startPolling(ctx) {
 function registerApp(options) {
     var _a, _b, _c, _d;
     return __awaiter(this, void 0, void 0, function* () {
-        const { domain, source, signal, onQRCodeReady, onStatusChange } = options;
+        const { domain, source, signal, onQRCodeReady, onStatusChange, appPreset } = options;
         const baseUrl = `https://${domain !== null && domain !== void 0 ? domain : DEFAULT_FEISHU_DOMAIN}`;
         const beginRes = yield begin(baseUrl);
         const qrCodeUrl = new URL(beginRes.verification_uri_complete);
         qrCodeUrl.searchParams.set('from', 'sdk');
         qrCodeUrl.searchParams.set('source', source ? `${SDK_NAME}/${source}` : SDK_NAME);
         qrCodeUrl.searchParams.set('tp', 'sdk');
+        if (appPreset) {
+            applyAppPreset(qrCodeUrl, appPreset);
+        }
         onQRCodeReady({
             url: qrCodeUrl.toString(),
             expireIn: (_a = beginRes.expires_in) !== null && _a !== void 0 ? _a : 600,

package/dist/extensions/feishu/node_modules/@larksuiteoapi/node-sdk/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@larksuiteoapi/node-sdk",
-  "version": "1.65.0",
+  "version": "1.66.0",
   "description": "larksuite open sdk for nodejs",
   "keywords": [
     "feishu",

package/dist/extensions/feishu/node_modules/@larksuiteoapi/node-sdk/types/index.d.ts CHANGED Viewed

@@ -300741,6 +300741,23 @@ interface StatusChangeInfo {
     status: 'polling' | 'slow_down' | 'domain_switched';
     interval?: number;
 }
+/**
+ * Pre-fill values shown on the app-creation page after the user scans the QR
+ * code. All fields are optional and the user can still edit them on the page;
+ * the final values are whatever the user submits.
+ */
+interface AppPreset {
+    /**
+     * App avatar URL(s). Pass a single URL or 1-6 URLs. The first one is the
+     * default selection. Each URL must point to a publicly reachable image
+     * (png / jpg / jpeg / webp / gif).
+     */
+    avatar?: string | string[];
+    /** App name. Supports `{user}` placeholder, replaced with the scanning user's name. */
+    name?: string;
+    /** App description. Supports `{user}` placeholder. */
+    desc?: string;
+}
 interface RegisterAppOptions {
     domain?: string;
     larkDomain?: string;
@@ -300748,6 +300765,8 @@ interface RegisterAppOptions {
     signal?: AbortSignal;
     onQRCodeReady: (info: QRCodeInfo) => void;
     onStatusChange?: (info: StatusChangeInfo) => void;
+    /** Pre-fill values for the app-creation page. See {@link AppPreset}. */
+    appPreset?: AppPreset;
 }
 interface UserInfo {
     open_id?: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cclawd",
-  "version": "2026.3.37",
+  "version": "2026.3.38",
   "description": "Multi-channel AI gateway with extensible messaging integrations",
   "keywords": [],
   "homepage": "https://github.com/openclaw/openclaw#readme",