npm - cli-claw-kit - Versions diffs - 0.0.1 - Mend

cli-claw-kit 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (295) hide show

package/LICENSE +21 -0
package/README.md +245 -0
package/config/default-groups.json +1 -0
package/config/global-agents-md.template.md +37 -0
package/config/mount-allowlist.json +11 -0
package/container/Dockerfile +160 -0
package/container/agent-runner/dist/.tsbuildinfo +1 -0
package/container/agent-runner/dist/agent-definitions.js +22 -0
package/container/agent-runner/dist/channel-prefixes.js +16 -0
package/container/agent-runner/dist/codex-config.js +29 -0
package/container/agent-runner/dist/image-detector.js +96 -0
package/container/agent-runner/dist/index.js +2587 -0
package/container/agent-runner/dist/mcp-tools.js +1076 -0
package/container/agent-runner/dist/stream-event.types.js +5 -0
package/container/agent-runner/dist/stream-processor.js +867 -0
package/container/agent-runner/dist/types.js +6 -0
package/container/agent-runner/dist/utils.js +115 -0
package/container/agent-runner/package.json +36 -0
package/container/agent-runner/prompts/security-rules.md +31 -0
package/container/agent-runner/src/agent-definitions.ts +27 -0
package/container/agent-runner/src/channel-prefixes.ts +16 -0
package/container/agent-runner/src/codex-config.ts +40 -0
package/container/agent-runner/src/image-detector.ts +116 -0
package/container/agent-runner/src/index.ts +3107 -0
package/container/agent-runner/src/mcp-tools.ts +1295 -0
package/container/agent-runner/src/stream-event.types.ts +10 -0
package/container/agent-runner/src/stream-processor.ts +932 -0
package/container/agent-runner/src/types.ts +75 -0
package/container/agent-runner/src/utils.ts +114 -0
package/container/agent-runner/tsconfig.json +17 -0
package/container/build.sh +28 -0
package/container/entrypoint.sh +64 -0
package/container/skills/agent-browser/SKILL.md +159 -0
package/container/skills/install-skill/SKILL.md +64 -0
package/container/skills/post-test-cleanup/SKILL.md +121 -0
package/dist/.tsbuildinfo +1 -0
package/dist/agent-output-parser.js +459 -0
package/dist/app-root.js +52 -0
package/dist/assistant-meta-footer.js +1 -0
package/dist/auth.js +91 -0
package/dist/billing.js +694 -0
package/dist/channel-prefixes.js +16 -0
package/dist/cli.js +86 -0
package/dist/commands.js +79 -0
package/dist/config.js +120 -0
package/dist/container-runner.js +981 -0
package/dist/daily-summary.js +210 -0
package/dist/db.js +3683 -0
package/dist/dingtalk.js +1347 -0
package/dist/feishu-markdown-style.js +97 -0
package/dist/feishu-streaming-card.js +1875 -0
package/dist/feishu.js +1628 -0
package/dist/file-manager.js +270 -0
package/dist/group-queue.js +1070 -0
package/dist/group-runtime.js +35 -0
package/dist/host-workspace-cwd.js +85 -0
package/dist/im-channel.js +384 -0
package/dist/im-command-utils.js +142 -0
package/dist/im-downloader.js +45 -0
package/dist/im-manager.js +527 -0
package/dist/im-utils.js +53 -0
package/dist/image-detector.js +96 -0
package/dist/index.js +5828 -0
package/dist/logger.js +22 -0
package/dist/mcp-utils.js +66 -0
package/dist/message-attachments.js +69 -0
package/dist/message-notifier.js +36 -0
package/dist/middleware/auth.js +85 -0
package/dist/mount-security.js +315 -0
package/dist/permissions.js +67 -0
package/dist/project-memory.js +6 -0
package/dist/provider-pool.js +189 -0
package/dist/qq.js +826 -0
package/dist/reset-admin.js +42 -0
package/dist/routes/admin.js +543 -0
package/dist/routes/agent-definitions.js +241 -0
package/dist/routes/agents.js +533 -0
package/dist/routes/auth.js +675 -0
package/dist/routes/billing.js +490 -0
package/dist/routes/browse.js +210 -0
package/dist/routes/bug-report.js +387 -0
package/dist/routes/config.js +1868 -0
package/dist/routes/files.js +671 -0
package/dist/routes/groups.js +1367 -0
package/dist/routes/mcp-servers.js +320 -0
package/dist/routes/memory.js +523 -0
package/dist/routes/monitor.js +307 -0
package/dist/routes/skills.js +777 -0
package/dist/routes/tasks.js +509 -0
package/dist/routes/usage.js +64 -0
package/dist/routes/workspace-config.js +458 -0
package/dist/runtime-build.js +112 -0
package/dist/runtime-command-handler.js +189 -0
package/dist/runtime-command-registry.js +1 -0
package/dist/runtime-config.js +1777 -0
package/dist/runtime-identity.js +52 -0
package/dist/schemas.js +590 -0
package/dist/script-runner.js +64 -0
package/dist/sdk-query.js +82 -0
package/dist/skill-utils.js +145 -0
package/dist/sqlite-compat.js +19 -0
package/dist/stream-event.types.js +5 -0
package/dist/streaming-runtime-meta.js +29 -0
package/dist/task-scheduler.js +695 -0
package/dist/task-utils.js +13 -0
package/dist/telegram-pairing.js +59 -0
package/dist/telegram.js +897 -0
package/dist/terminal-manager.js +307 -0
package/dist/tool-step-display.js +1 -0
package/dist/types.js +1 -0
package/dist/utils.js +85 -0
package/dist/web-context.js +161 -0
package/dist/web.js +1377 -0
package/dist/wechat-crypto.js +182 -0
package/dist/wechat.js +589 -0
package/dist/workspace-runtime-reset.js +35 -0
package/package.json +107 -0
package/shared/assistant-meta-footer.ts +127 -0
package/shared/channel-prefixes.ts +16 -0
package/shared/dist/assistant-meta-footer.d.ts +29 -0
package/shared/dist/assistant-meta-footer.js +85 -0
package/shared/dist/channel-prefixes.d.ts +4 -0
package/shared/dist/channel-prefixes.js +16 -0
package/shared/dist/image-detector.d.ts +20 -0
package/shared/dist/image-detector.js +96 -0
package/shared/dist/runtime-command-registry.d.ts +38 -0
package/shared/dist/runtime-command-registry.js +185 -0
package/shared/dist/stream-event.d.ts +65 -0
package/shared/dist/stream-event.js +8 -0
package/shared/dist/tool-step-display.d.ts +4 -0
package/shared/dist/tool-step-display.js +11 -0
package/shared/image-detector.ts +116 -0
package/shared/runtime-command-registry.ts +252 -0
package/shared/stream-event.ts +67 -0
package/shared/tool-step-display.ts +21 -0
package/shared/tsconfig.json +24 -0
package/web/dist/assets/BillingPage-B1wBR_o-.js +52 -0
package/web/dist/assets/ChatPage-6GBZ9nXN.css +32 -0
package/web/dist/assets/ChatPage-BOJcXtaj.js +161 -0
package/web/dist/assets/KaTeX_AMS-Regular-BQhdFMY1.woff2 +0 -0
package/web/dist/assets/KaTeX_AMS-Regular-DMm9YOAa.woff +0 -0
package/web/dist/assets/KaTeX_AMS-Regular-DRggAlZN.ttf +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Bold-ATXxdsX0.ttf +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Bold-BEiXGLvX.woff +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Bold-Dq_IR9rO.woff2 +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Regular-CTRA-rTL.woff +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Regular-Di6jR-x-.woff2 +0 -0
package/web/dist/assets/KaTeX_Caligraphic-Regular-wX97UBjC.ttf +0 -0
package/web/dist/assets/KaTeX_Fraktur-Bold-BdnERNNW.ttf +0 -0
package/web/dist/assets/KaTeX_Fraktur-Bold-BsDP51OF.woff +0 -0
package/web/dist/assets/KaTeX_Fraktur-Bold-CL6g_b3V.woff2 +0 -0
package/web/dist/assets/KaTeX_Fraktur-Regular-CB_wures.ttf +0 -0
package/web/dist/assets/KaTeX_Fraktur-Regular-CTYiF6lA.woff2 +0 -0
package/web/dist/assets/KaTeX_Fraktur-Regular-Dxdc4cR9.woff +0 -0
package/web/dist/assets/KaTeX_Main-Bold-Cx986IdX.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-Bold-Jm3AIy58.woff +0 -0
package/web/dist/assets/KaTeX_Main-Bold-waoOVXN0.ttf +0 -0
package/web/dist/assets/KaTeX_Main-BoldItalic-DxDJ3AOS.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-BoldItalic-DzxPMmG6.ttf +0 -0
package/web/dist/assets/KaTeX_Main-BoldItalic-SpSLRI95.woff +0 -0
package/web/dist/assets/KaTeX_Main-Italic-3WenGoN9.ttf +0 -0
package/web/dist/assets/KaTeX_Main-Italic-BMLOBm91.woff +0 -0
package/web/dist/assets/KaTeX_Main-Italic-NWA7e6Wa.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-Regular-B22Nviop.woff2 +0 -0
package/web/dist/assets/KaTeX_Main-Regular-Dr94JaBh.woff +0 -0
package/web/dist/assets/KaTeX_Main-Regular-ypZvNtVU.ttf +0 -0
package/web/dist/assets/KaTeX_Math-BoldItalic-B3XSjfu4.ttf +0 -0
package/web/dist/assets/KaTeX_Math-BoldItalic-CZnvNsCZ.woff2 +0 -0
package/web/dist/assets/KaTeX_Math-BoldItalic-iY-2wyZ7.woff +0 -0
package/web/dist/assets/KaTeX_Math-Italic-DA0__PXp.woff +0 -0
package/web/dist/assets/KaTeX_Math-Italic-flOr_0UB.ttf +0 -0
package/web/dist/assets/KaTeX_Math-Italic-t53AETM-.woff2 +0 -0
package/web/dist/assets/KaTeX_SansSerif-Bold-CFMepnvq.ttf +0 -0
package/web/dist/assets/KaTeX_SansSerif-Bold-D1sUS0GD.woff2 +0 -0
package/web/dist/assets/KaTeX_SansSerif-Bold-DbIhKOiC.woff +0 -0
package/web/dist/assets/KaTeX_SansSerif-Italic-C3H0VqGB.woff2 +0 -0
package/web/dist/assets/KaTeX_SansSerif-Italic-DN2j7dab.woff +0 -0
package/web/dist/assets/KaTeX_SansSerif-Italic-YYjJ1zSn.ttf +0 -0
package/web/dist/assets/KaTeX_SansSerif-Regular-BNo7hRIc.ttf +0 -0
package/web/dist/assets/KaTeX_SansSerif-Regular-CS6fqUqJ.woff +0 -0
package/web/dist/assets/KaTeX_SansSerif-Regular-DDBCnlJ7.woff2 +0 -0
package/web/dist/assets/KaTeX_Script-Regular-C5JkGWo-.ttf +0 -0
package/web/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 +0 -0
package/web/dist/assets/KaTeX_Script-Regular-D5yQViql.woff +0 -0
package/web/dist/assets/KaTeX_Size1-Regular-C195tn64.woff +0 -0
package/web/dist/assets/KaTeX_Size1-Regular-Dbsnue_I.ttf +0 -0
package/web/dist/assets/KaTeX_Size1-Regular-mCD8mA8B.woff2 +0 -0
package/web/dist/assets/KaTeX_Size2-Regular-B7gKUWhC.ttf +0 -0
package/web/dist/assets/KaTeX_Size2-Regular-Dy4dx90m.woff2 +0 -0
package/web/dist/assets/KaTeX_Size2-Regular-oD1tc_U0.woff +0 -0
package/web/dist/assets/KaTeX_Size3-Regular-CTq5MqoE.woff +0 -0
package/web/dist/assets/KaTeX_Size3-Regular-DgpXs0kz.ttf +0 -0
package/web/dist/assets/KaTeX_Size4-Regular-BF-4gkZK.woff +0 -0
package/web/dist/assets/KaTeX_Size4-Regular-DWFBv043.ttf +0 -0
package/web/dist/assets/KaTeX_Size4-Regular-Dl5lxZxV.woff2 +0 -0
package/web/dist/assets/KaTeX_Typewriter-Regular-C0xS9mPB.woff +0 -0
package/web/dist/assets/KaTeX_Typewriter-Regular-CO6r4hn1.woff2 +0 -0
package/web/dist/assets/KaTeX_Typewriter-Regular-D3Ib7_Hf.ttf +0 -0
package/web/dist/assets/SettingsPage-DoY7FoZ_.js +153 -0
package/web/dist/assets/ShareImageDialog-C1ga8b7l.js +22 -0
package/web/dist/assets/TasksPage-CRivnNsx.js +14 -0
package/web/dist/assets/_basePickBy-Bf-bSoS9.js +1 -0
package/web/dist/assets/_baseUniq-zAOaCuKw.js +1 -0
package/web/dist/assets/arc-Dm9mVQ9U.js +1 -0
package/web/dist/assets/architectureDiagram-2XIMDMQ5-BLmzX1wr.js +36 -0
package/web/dist/assets/band-CquvqAHh.js +1 -0
package/web/dist/assets/blockDiagram-WCTKOSBZ-B9pcqm3j.js +132 -0
package/web/dist/assets/c4Diagram-IC4MRINW-Cytx1q3b.js +10 -0
package/web/dist/assets/channel-BOVj73LR.js +1 -0
package/web/dist/assets/channel-meta-CQD0Pei-.js +41 -0
package/web/dist/assets/chunk-4BX2VUAB-0ToDr6RE.js +1 -0
package/web/dist/assets/chunk-55IACEB6-DQDjnXfS.js +1 -0
package/web/dist/assets/chunk-FMBD7UC4-Di8ABm6c.js +15 -0
package/web/dist/assets/chunk-JSJVCQXG-BZQN6rnX.js +1 -0
package/web/dist/assets/chunk-KX2RTZJC-zBbcpaN_.js +1 -0
package/web/dist/assets/chunk-NQ4KR5QH-BCrLoU88.js +220 -0
package/web/dist/assets/chunk-QZHKN3VN-Bqk8juan.js +1 -0
package/web/dist/assets/chunk-WL4C6EOR-D2YX-MHY.js +189 -0
package/web/dist/assets/classDiagram-VBA2DB6C-DUUoMyaK.js +1 -0
package/web/dist/assets/classDiagram-v2-RAHNMMFH-DUUoMyaK.js +1 -0
package/web/dist/assets/clone-BmaCesfa.js +1 -0
package/web/dist/assets/cose-bilkent-S5V4N54A-CTsv6qQA.js +1 -0
package/web/dist/assets/cytoscape.esm-BQaXIfA_.js +331 -0
package/web/dist/assets/dagre-KLK3FWXG-Ci4Jh9nu.js +4 -0
package/web/dist/assets/defaultLocale-DX6XiGOO.js +1 -0
package/web/dist/assets/diagram-E7M64L7V-BFRnfTI2.js +24 -0
package/web/dist/assets/diagram-IFDJBPK2-B7Zhnp0b.js +43 -0
package/web/dist/assets/diagram-P4PSJMXO-BVyP7nwq.js +24 -0
package/web/dist/assets/erDiagram-INFDFZHY-NorKdTOF.js +70 -0
package/web/dist/assets/error-CGD5mp5f.js +1 -0
package/web/dist/assets/flowDiagram-PKNHOUZH-Ch97nABF.js +162 -0
package/web/dist/assets/ganttDiagram-A5KZAMGK-BQ2pLWsy.js +292 -0
package/web/dist/assets/gitGraphDiagram-K3NZZRJ6-bcvnBsD2.js +65 -0
package/web/dist/assets/graph-CeAEckur.js +1 -0
package/web/dist/assets/index-CPnL1_qC.js +768 -0
package/web/dist/assets/index-DVevCbcO.css +10 -0
package/web/dist/assets/infoDiagram-LFFYTUFH-CcsrFdj-.js +2 -0
package/web/dist/assets/init-Dmth1JHB.js +1 -0
package/web/dist/assets/ishikawaDiagram-PHBUUO56-1upyMfHN.js +70 -0
package/web/dist/assets/journeyDiagram-4ABVD52K-CKUi-V0c.js +139 -0
package/web/dist/assets/kanban-definition-K7BYSVSG-DOnQwXfL.js +89 -0
package/web/dist/assets/layout-BmMMqTnJ.js +1 -0
package/web/dist/assets/linear-DiaJloY5.js +1 -0
package/web/dist/assets/mermaid.core-BWLV1B2v.js +254 -0
package/web/dist/assets/mindmap-definition-YRQLILUH-BeAKHVWP.js +68 -0
package/web/dist/assets/ordinal-DILIJJjt.js +1 -0
package/web/dist/assets/pieDiagram-SKSYHLDU-DfiMSfWo.js +30 -0
package/web/dist/assets/quadrantDiagram-337W2JSQ-wZxZOJxd.js +7 -0
package/web/dist/assets/requirementDiagram-Z7DCOOCP-BK4HHm17.js +73 -0
package/web/dist/assets/sankeyDiagram-WA2Y5GQK-BX6t2avX.js +10 -0
package/web/dist/assets/sequenceDiagram-2WXFIKYE-BPQlkbAa.js +145 -0
package/web/dist/assets/sheet-rI0FfB1g.js +6 -0
package/web/dist/assets/sliders-horizontal-CuijWFNK.js +6 -0
package/web/dist/assets/sparkles-BsMYXJoT.js +11 -0
package/web/dist/assets/square-0CqMX1Q3.js +11 -0
package/web/dist/assets/stateDiagram-RAJIS63D-DxkV0Vwd.js +1 -0
package/web/dist/assets/stateDiagram-v2-FVOUBMTO-qLYoiOPe.js +1 -0
package/web/dist/assets/step-D51IIHGA.js +1 -0
package/web/dist/assets/tasks-D8JjBTwx.js +1 -0
package/web/dist/assets/time-O8zIGux3.js +1 -0
package/web/dist/assets/timeline-definition-YZTLITO2-kNp1DyFc.js +61 -0
package/web/dist/assets/treemap-KZPCXAKY-CkrClVhk.js +162 -0
package/web/dist/assets/utils-KGAn0XTg.js +11 -0
package/web/dist/assets/vennDiagram-LZ73GAT5-CgdzEZz4.js +34 -0
package/web/dist/assets/xychartDiagram-JWTSCODW-DfYGPfNB.js +7 -0
package/web/dist/assets/zap-_hKJYy7J.js +6 -0
package/web/dist/favicon.svg +332 -0
package/web/dist/fonts/AlibabaPuHuiTi-3-55-Regular.woff2 +0 -0
package/web/dist/fonts/AlibabaPuHuiTi-3-65-Medium.woff2 +0 -0
package/web/dist/fonts/AlibabaPuHuiTi-3-75-SemiBold.woff2 +0 -0
package/web/dist/fonts/DMSans-latin-ext.woff2 +0 -0
package/web/dist/fonts/DMSans-latin.woff2 +0 -0
package/web/dist/icons/README.md +20 -0
package/web/dist/icons/apple-touch-icon-180.png +0 -0
package/web/dist/icons/icon-128.png +0 -0
package/web/dist/icons/icon-144.png +0 -0
package/web/dist/icons/icon-152.png +0 -0
package/web/dist/icons/icon-192.png +0 -0
package/web/dist/icons/icon-192.svg +332 -0
package/web/dist/icons/icon-384.png +0 -0
package/web/dist/icons/icon-48.png +0 -0
package/web/dist/icons/icon-512-maskable.png +0 -0
package/web/dist/icons/icon-512.png +0 -0
package/web/dist/icons/icon-512.svg +332 -0
package/web/dist/icons/icon-72.png +0 -0
package/web/dist/icons/icon-96.png +0 -0
package/web/dist/icons/loading-logo.svg +332 -0
package/web/dist/icons/logo-1024.png +0 -0
package/web/dist/icons/logo-icon.svg +332 -0
package/web/dist/icons/logo-text.svg +332 -0
package/web/dist/index.html +30 -0
package/web/dist/manifest.webmanifest +1 -0
package/web/dist/registerSW.js +1 -0
package/web/dist/sw.js +1 -0
package/web/dist/workbox-08d6266a.js +1 -0

package/dist/wechat-crypto.js ADDED Viewed

@@ -0,0 +1,182 @@
+import crypto from 'crypto';
+import fs from 'fs';
+import path from 'path';
+import { logger } from './logger.js';
+// CDN Base URL
+const DEFAULT_CDN_BASE = 'https://novac2c.cdn.weixin.qq.com/c2c';
+/** AES-128-ECB 加密（PKCS7 padding） */
+export function encryptAesEcb(plaintext, key) {
+    const cipher = crypto.createCipheriv('aes-128-ecb', key, null);
+    return Buffer.concat([cipher.update(plaintext), cipher.final()]);
+}
+/** AES-128-ECB 解密（PKCS7 padding） */
+export function decryptAesEcb(ciphertext, key) {
+    const decipher = crypto.createDecipheriv('aes-128-ecb', key, null);
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+/** AES-128-ECB 密文大小（PKCS7 padding 到 16 字节边界） */
+export function aesEcbPaddedSize(plaintextSize) {
+    // PKCS7 always adds at least 1 byte, up to block size (16)
+    return Math.ceil((plaintextSize + 1) / 16) * 16;
+}
+/** 构造 CDN 下载 URL */
+export function buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl) {
+    const base = cdnBaseUrl || DEFAULT_CDN_BASE;
+    return `${base}/download?encrypted_query_param=${encodeURIComponent(encryptedQueryParam)}`;
+}
+/** 构造 CDN 上传 URL */
+export function buildCdnUploadUrl(params) {
+    const base = params.cdnBaseUrl || DEFAULT_CDN_BASE;
+    return `${base}/upload?encrypted_query_param=${encodeURIComponent(params.uploadParam)}&filekey=${encodeURIComponent(params.filekey)}`;
+}
+/**
+ * 解析 aes_key（base64）为 16 字节 Buffer
+ * 两种编码：
+ *   - base64(raw 16 bytes) → 图片
+ *   - base64(hex string of 16 bytes) → 文件/语音/视频
+ */
+function parseAesKey(aesKeyBase64) {
+    const decoded = Buffer.from(aesKeyBase64, 'base64');
+    if (decoded.length === 16) {
+        // Raw 16 bytes — used for images
+        return decoded;
+    }
+    // Decoded is a hex string (32 chars representing 16 bytes) — used for files/voice/video
+    const hexStr = decoded.toString('utf-8');
+    const keyBuf = Buffer.from(hexStr, 'hex');
+    if (keyBuf.length !== 16) {
+        throw new Error(`Invalid AES key: expected 16 bytes, got ${keyBuf.length} after hex decode`);
+    }
+    return keyBuf;
+}
+/** 从 CDN 下载并 AES-128-ECB 解密 */
+export async function downloadAndDecryptMedia(encryptQueryParam, aesKeyBase64, cdnBaseUrl) {
+    const url = buildCdnDownloadUrl(encryptQueryParam, cdnBaseUrl);
+    const key = parseAesKey(aesKeyBase64);
+    logger.debug({ url: url.slice(0, 120) }, 'Downloading encrypted media from CDN');
+    const resp = await fetch(url, { signal: AbortSignal.timeout(60_000) });
+    if (!resp.ok) {
+        throw new Error(`CDN download failed: ${resp.status} ${resp.statusText}`);
+    }
+    const ciphertext = Buffer.from(await resp.arrayBuffer());
+    return decryptAesEcb(ciphertext, key);
+}
+/** 上传 Buffer 到 CDN（加密后上传） */
+export async function uploadBufferToCdn(params) {
+    const encrypted = encryptAesEcb(params.buf, params.aeskey);
+    const url = buildCdnUploadUrl({
+        cdnBaseUrl: params.cdnBaseUrl,
+        uploadParam: params.uploadParam,
+        filekey: params.filekey,
+    });
+    let lastError;
+    for (let attempt = 0; attempt < 3; attempt++) {
+        try {
+            const resp = await fetch(url, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/octet-stream' },
+                body: new Uint8Array(encrypted),
+                signal: AbortSignal.timeout(120_000),
+            });
+            if (!resp.ok) {
+                throw new Error(`CDN upload failed: ${resp.status} ${resp.statusText}`);
+            }
+            const downloadParam = resp.headers.get('x-encrypted-param');
+            if (!downloadParam) {
+                throw new Error('CDN upload response missing x-encrypted-param header');
+            }
+            return { downloadParam };
+        }
+        catch (err) {
+            lastError = err;
+            if (attempt < 2) {
+                logger.warn({ err, attempt: attempt + 1 }, 'CDN upload attempt failed, retrying');
+                await new Promise((r) => setTimeout(r, 1000 * (attempt + 1)));
+            }
+            else {
+                logger.error({ err, attempt: attempt + 1 }, 'CDN upload failed after all retries');
+            }
+        }
+    }
+    throw lastError ?? new Error('CDN upload failed after 3 retries');
+}
+/** 获取上传预签名 URL */
+export async function getUploadUrl(params) {
+    const url = `${params.baseUrl}/ilink/bot/getuploadurl`;
+    const body = {
+        filekey: params.filekey,
+        media_type: params.mediaType,
+        to_user_id: params.toUserId,
+        rawsize: params.rawsize,
+        rawfilemd5: params.rawfilemd5,
+        filesize: params.filesize,
+        no_need_thumb: true,
+        aeskey: params.aeskey,
+        base_info: { channel_version: '1.0.0' },
+    };
+    const xWechatUin = crypto.randomBytes(16).toString('base64');
+    const resp = await fetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${params.token}`,
+            AuthorizationType: 'ilink_bot_token',
+            'X-WECHAT-UIN': xWechatUin,
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(15_000),
+    });
+    if (!resp.ok) {
+        const text = await resp.text().catch(() => '');
+        throw new Error(`getUploadUrl failed: ${resp.status} ${resp.statusText} - ${text}`);
+    }
+    const data = (await resp.json());
+    const uploadParam = data.upload_param;
+    if (!uploadParam) {
+        throw new Error(`getUploadUrl response missing upload_param: ${JSON.stringify(data)}`);
+    }
+    return { uploadParam };
+}
+/** 完整的媒体上传流程：读文件 → 哈希 → 加密 → 获取URL → 上传 */
+export async function uploadMediaFile(params) {
+    // Read file (async to avoid blocking event loop on large files)
+    const buf = await fs.promises.readFile(params.filePath);
+    const rawsize = buf.length;
+    // Compute MD5 hash
+    const rawfilemd5 = crypto.createHash('md5').update(buf).digest('hex');
+    // Generate AES key (16 random bytes)
+    const aeskey = crypto.randomBytes(16);
+    const aeskeyHex = aeskey.toString('hex');
+    // Compute ciphertext size
+    const filesize = aesEcbPaddedSize(rawsize);
+    // Generate filekey from filename + timestamp
+    const basename = path.basename(params.filePath);
+    const filekey = `${Date.now()}_${basename}`;
+    // Get upload URL
+    const { uploadParam } = await getUploadUrl({
+        baseUrl: params.baseUrl,
+        token: params.token,
+        filekey,
+        mediaType: params.mediaType,
+        toUserId: params.toUserId,
+        rawsize,
+        rawfilemd5,
+        filesize,
+        aeskey: aeskeyHex,
+    });
+    // Encrypt and upload
+    const { downloadParam } = await uploadBufferToCdn({
+        buf,
+        uploadParam,
+        filekey,
+        cdnBaseUrl: params.cdnBaseUrl,
+        aeskey,
+    });
+    return {
+        filekey,
+        downloadEncryptedQueryParam: downloadParam,
+        aeskey: aeskeyHex,
+        fileSize: rawsize,
+        fileSizeCiphertext: filesize,
+    };
+}