codex-to-im 1.0.41 → 1.0.43

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-to-im",
-  "version": "1.0.41",
+  "version": "1.0.43",
   "description": "Installable Codex-to-IM bridge with local setup UI and background service",
   "license": "MIT",
   "homepage": "https://github.com/zhangle1987/codex-to-im#readme",
@@ -40,10 +40,8 @@
     "prepublishOnly": "npm run typecheck && npm run build"
   },
   "dependencies": {
-    "@anthropic-ai/claude-agent-sdk": "^0.2.62",
     "@larksuiteoapi/node-sdk": "^1.59.0",
-    "@openai/codex-sdk": "^0.122.0",
-    "discord.js": "^14.25.1",
+    "@openai/codex-sdk": "^0.124.0",
     "markdown-it": "^14.1.1",
     "qrcode": "^1.5.4",
     "ws": "^8.18.0"

package/references/setup-guides.md

@@ -4,97 +4,6 @@ Detailed step-by-step guides for each IM platform. Referenced by the `setup` and
 
 ---
 
-## Telegram
-
-### Bot Token
-
-**How to get a Telegram Bot Token:**
-1. Open Telegram and search for `@BotFather`
-2. Send `/newbot` to create a new bot
-3. Follow the prompts: choose a display name and a username (must end in `bot`)
-4. BotFather will reply with a token like `7823456789:AAF-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
-5. Copy the full token and paste it here
-
-**Recommended bot settings** (send these commands to @BotFather):
-- `/setprivacy` → choose your bot → `Disable` (so the bot can read group messages, only needed for group use)
-- `/setcommands` → set commands like `new - Start new session`, `mode - Switch mode`
-
-Token format: `数字:字母数字字符串` (e.g. `7823456789:AAF-xxx...xxx`)
-
-### Chat ID
-
-**How to get your Telegram Chat ID:**
-1. Start a chat with your bot (search for the bot's username and click **Start**)
-2. Send any message to the bot (e.g. "hello")
-3. Open this URL in your browser (replace `YOUR_BOT_TOKEN` with your actual bot token):
-   `https://api.telegram.org/botYOUR_BOT_TOKEN/getUpdates`
-4. In the JSON response, find `"chat":{"id":123456789,...}` — that number is your Chat ID
-5. For group chats, the Chat ID is a negative number (e.g. `-1001234567890`)
-
-**Why this matters:** The bot uses Chat ID for authorization. If neither Chat ID nor Allowed User IDs are configured, the bot will reject all incoming messages.
-
-### Allowed User IDs (optional)
-
-**How to find your Telegram User ID:**
-1. Search for `@userinfobot` on Telegram and start a chat
-2. It will reply with your User ID (a number like `123456789`)
-3. Alternatively, forward a message from yourself to `@userinfobot`
-
-Enter comma-separated IDs to restrict access (recommended for security).
-Leave empty to allow anyone who can message the bot.
-
----
-
-## Discord
-
-### Bot Token
-
-**How to create a Discord Bot and get the token:**
-1. Go to https://discord.com/developers/applications
-2. Click **"New Application"** → give it a name → click **"Create"**
-3. Go to the **"Bot"** tab on the left sidebar
-4. Click **"Reset Token"** → copy the token (you can only see it once!)
-
-**Required bot settings (on the Bot tab):**
-- Under **Privileged Gateway Intents**, enable:
-  - ✅ **Message Content Intent** (required to read message text)
-
-**Invite the bot to your server:**
-1. Go to the **"OAuth2"** tab → **"URL Generator"**
-2. Under **Scopes**, check: `bot`
-3. Under **Bot Permissions**, check: `Send Messages`, `Read Message History`, `View Channels`
-4. Copy the generated URL at the bottom and open it in your browser
-5. Select the server and click **"Authorize"**
-
-Token format: a long base64-like string (e.g. `MTIzNDU2Nzg5.Gxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx`)
-
-### Allowed User IDs
-
-**How to find Discord User IDs:**
-1. In Discord, go to Settings → Advanced → enable **Developer Mode**
-2. Right-click on any user → **"Copy User ID"**
-
-Enter comma-separated IDs.
-
-**Why this matters:** The bot uses a default-deny policy. If neither Allowed User IDs nor Allowed Channel IDs are configured, the bot will silently reject all incoming messages. You must set at least one.
-
-### Allowed Channel IDs (optional)
-
-**How to find Discord Channel IDs:**
-1. With Developer Mode enabled, right-click on any channel → **"Copy Channel ID"**
-
-Enter comma-separated IDs to restrict the bot to specific channels.
-Leave empty to allow all channels the bot can see.
-
-### Allowed Guild (Server) IDs (optional)
-
-**How to find Discord Server IDs:**
-1. With Developer Mode enabled, right-click on the server icon → **"Copy Server ID"**
-
-Enter comma-separated IDs. Leave empty to allow all servers the bot is in.
-
----
-
 ## Feishu / Lark
 
 ### App ID and App Secret
@@ -138,11 +47,11 @@ Enter comma-separated IDs. Leave empty to allow all servers the bot is in.
 }
 ```
 
-4. Click **"Save"** to apply all permissions
-
-If the batch import UI is not available, add each scope manually via the search box.
-
-> **Important:** If `cardkit:card:write` is missing, enabling Feishu streaming in the local workbench will not work. The bridge will log Feishu error `99991672` and fall back to a normal final-result message.
+4. Click **"Save"** to apply all permissions
+
+If the batch import UI is not available, add each scope manually via the search box.
+
+> **Important:** If `cardkit:card:write` is missing, enabling Feishu streaming in the local workbench will not work. The bridge will log Feishu error `99991672` and fall back to a normal final-result message.
 
 **Step B — Enable the bot**
 
@@ -161,9 +70,9 @@ If the batch import UI is not available, add each scope manually via the search
 
 > The bridge service must be running before configuring events. Feishu validates the WebSocket connection when saving event subscription — if the bridge is not running, you'll get "未检测到应用连接信息" (connection not detected) error.
 
-**Step D — Start the bridge service**
-
-Start the bridge from the local `codex-to-im` workbench. This establishes the WebSocket long connection that Feishu needs to detect.
+**Step D — Start the bridge service**
+
+Start the bridge from the local `codex-to-im` workbench. This establishes the WebSocket long connection that Feishu needs to detect.
 
 **Step E — Configure Events & Callbacks (long connection)**
 
@@ -192,21 +101,21 @@ If you already have a Feishu app configured, you need to:
    - `im:message:update` — Real-time card content updates
    - `im:message.reactions:read`, `im:message.reactions:write_only` — Typing indicator
 2. **Publish a new version** — Permission changes only take effect after a new version is approved
-3. **Start (or restart) the bridge** — Start it from the local `codex-to-im` workbench so the WebSocket connection is active
+3. **Start (or restart) the bridge** — Start it from the local `codex-to-im` workbench so the WebSocket connection is active
 4. **Add callback**: Go to Events & Callbacks, add `card.action.trigger` callback (card interaction for permission buttons). This step requires the bridge to be running — Feishu validates the WebSocket connection when saving.
 5. **Publish again** — The new callback requires another version publish + admin approval
-6. **Restart the bridge** — Stop and start it again from the local `codex-to-im` workbench to pick up the new capabilities
-
-### Current Feishu streaming behavior with Codex runtime
-
-Even after the Feishu permissions are correct, the current `codex` runtime does **not** guarantee token-by-token text streaming into the Feishu card.
-
-As of **2026-03-24**, the `Codex CLI / SDK` event stream typically emits assistant text when the `agent_message` item completes, rather than as token deltas. In practice, Feishu streaming cards are best understood as:
-
-- early `Thinking` / tool progress updates
-- final response text written into the card at completion
-
-So if you see the final answer appear all at once after the card was created successfully, that is currently expected behavior with `codex`.
+6. **Restart the bridge** — Stop and start it again from the local `codex-to-im` workbench to pick up the new capabilities
+
+### Current Feishu streaming behavior with Codex runtime
+
+Even after the Feishu permissions are correct, the current `codex` runtime does **not** guarantee token-by-token text streaming into the Feishu card.
+
+As of **2026-03-24**, the `Codex CLI / SDK` event stream typically emits assistant text when the `agent_message` item completes, rather than as token deltas. In practice, Feishu streaming cards are best understood as:
+
+- early `Thinking` / tool progress updates
+- final response text written into the card at completion
+
+So if you see the final answer appear all at once after the card was created successfully, that is currently expected behavior with `codex`.
 
 ### Domain (optional)
 
@@ -222,37 +131,6 @@ Leave empty to allow all users who can message the bot.
 
 ---
 
-## QQ
-
-> **Note:** QQ first version only supports **C2C private chat** (sandbox access). Group chat and channel are not supported yet.
-
-### App ID and App Secret (required)
-
-**How to get QQ Bot credentials:**
-1. Go to https://q.qq.com/qqbot/openclaw
-2. Log in and enter the QQ Bot / OpenClaw management page
-3. Create a new QQ Bot or select an existing one
-4. Find **App ID** and **App Secret** on the bot's credential page
-5. Copy both values
-
-These are the only two required fields for QQ.
-
-### Sandbox private chat setup
-
-1. In the QQ Bot management page, configure sandbox access
-2. Scan the QR code with QQ to add the bot as a friend
-3. Send a message to the bot via QQ private chat to start using it
-
-### Allowed User OpenIDs (optional)
-
-**Important:** The value is `user_openid`, NOT QQ number.
-
-`user_openid` is an opaque identifier assigned by the QQ Bot platform to each user. You can obtain it from the bot's message logs after a user sends a message to the bot.
-
-If you don't have the openid yet, leave this field empty. You can add it later via `reconfigure`.
-
----
-
 ## Weixin / 微信
 
 > Risk note: this integration follows the same OpenClaw-style WeChat plugin protocol used by CodePilot. Because it connects a non-OpenClaw product to WeChat, there may be account risk. Use with caution.
@@ -261,28 +139,28 @@ If you don't have the openid yet, leave this field empty. You can add it later v
 
 Weixin does **not** use a static bot token in `config.env`.
 
-Instead, run the local QR helper from the local app directory:
+Instead, run the local QR helper from the local app directory:
+
+- Repo checkout or app install:
+
+```bash
+cd /path/to/codex-to-im
+npm run weixin:login
+```
 
-- Repo checkout or app install:
-
-```bash
-cd /path/to/codex-to-im
-npm run weixin:login
-```
-
-If you are running from a checked-out repo, use that repo's `codex-to-im` directory.
+If you are running from a checked-out repo, use that repo's `codex-to-im` directory.
 
 What happens next:
 
 1. The helper requests a fresh WeChat QR code
 2. It writes a local HTML file to:
-  `~/.codex-to-im/runtime/weixin-login.html`
+  `~/.codex-to-im/runtime/weixin-login.html`
 3. It tries to open that HTML file in your default browser automatically
 4. You scan the QR code with the WeChat app and confirm on your phone
 5. On success, the helper stores the linked account in:
-  `~/.codex-to-im/data/weixin-accounts.json`
+  `~/.codex-to-im/data/weixin-accounts.json`
 
-The filename stays plural for backward compatibility. Multiple linked Weixin accounts can coexist in the same store.
+The filename stays plural for backward compatibility. Multiple linked Weixin accounts can coexist in the same store.
 
 If the browser does not open automatically, open the HTML file manually.
 
@@ -319,4 +197,4 @@ Weixin voice messages are handled differently from image/file/video media:
 - If WeChat does **not** include a transcript, the bridge returns a user-visible error asking the sender to enable WeChat voice transcription and resend.
 - The bridge does **not** download, decrypt, or transcribe raw voice audio on its own.
 
-This rule applies in both Claude Code and Codex runtimes.
+This rule applies to the Codex runtime.

package/references/token-validation.md

@@ -1,44 +1,28 @@
-# Token Validation Commands
-
-After writing config.env, validate each enabled platform's credentials to catch typos and configuration errors early.
-
-## Telegram
-
-```bash
-curl -s "https://api.telegram.org/bot${TOKEN}/getMe"
-```
-Expected: response contains `"ok":true`. If not, the Bot Token is invalid — re-check with @BotFather.
-
-## Discord
-
-Verify token format matches: `[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+`
-
-A format mismatch means the token was copied incorrectly from the Discord Developer Portal.
-
-## Feishu / Lark
-
-```bash
-curl -s -X POST "${DOMAIN}/open-apis/auth/v3/tenant_access_token/internal" \
-  -H "Content-Type: application/json" \
-  -d '{"app_id":"...","app_secret":"..."}'
-```
-Expected: response contains `"code":0`. If not, check that App ID and App Secret match the Feishu Developer Console.
-
-## QQ
-
-Step 1 — Get access token:
-```bash
-curl -s -X POST "https://bots.qq.com/app/getAppAccessToken" \
-  -H "Content-Type: application/json" \
-  -d '{"appId":"...","clientSecret":"..."}'
-```
-Expected: response contains `access_token`.
-
-Step 2 — Verify gateway connectivity:
-```bash
-curl -s "https://api.sgroup.qq.com/gateway" \
-  -H "Authorization: QQBot <access_token>"
-```
-Expected: response contains a gateway URL.
-
-If either step fails, verify the App ID and App Secret from https://q.qq.com.
+# Token Validation Commands
+
+After writing `config.env`, validate each enabled platform's credentials to catch typos and configuration errors early.
+
+## Feishu / Lark
+
+```bash
+curl -s -X POST "${DOMAIN}/open-apis/auth/v3/tenant_access_token/internal" \
+  -H "Content-Type: application/json" \
+  -d '{"app_id":"...","app_secret":"..."}'
+```
+
+Expected: response contains `"code":0`. If not, check that App ID, App Secret, and site/domain match the Feishu Developer Console.
+
+## Weixin
+
+Weixin uses the local linked-account store instead of a bot token. Validate it with:
+
+```bash
+codex-to-im status
+```
+
+If no linked account is available, run:
+
+```bash
+cd /path/to/codex-to-im
+npm run weixin:login
+```

package/references/troubleshooting.md

@@ -8,7 +8,7 @@
 
 1. Run the local doctor script or inspect the workbench logs to identify the issue
 2. Check that Node.js >= 20 is installed: `node --version`
-3. Check that Claude Code CLI is available: `claude --version`
+3. Check that Codex CLI is available: `codex --version`
 4. Verify config exists: `ls -la ~/.codex-to-im/config.env`
 5. Check logs for startup errors in `~/.codex-to-im/logs/`
 
@@ -23,12 +23,11 @@
 
 **Steps**:
 
-1. Verify the bot token is valid with the local workbench test tools or doctor script
-2. Check allowed user IDs in config -- if set, only listed users can interact
-3. For Telegram: ensure you've sent `/start` to the bot first
-4. For Discord: verify the bot has been invited to the server with message read permissions
-5. For Feishu: confirm the app has been approved and event subscriptions are configured
-6. Check recent logs for incoming message events under `~/.codex-to-im/logs/`
+1. Verify the channel credentials with the local workbench test tools or doctor script
+2. Check allowed user IDs in config -- if set, only listed users can interact
+3. For Feishu: confirm the app has been approved and event subscriptions are configured
+4. For Weixin: confirm the linked account is logged in and assigned to the channel instance
+5. Check recent logs for incoming message events under `~/.codex-to-im/logs/`
 
 ## Feishu streaming cards not working
 
@@ -52,12 +51,12 @@
 
 ## Permission timeout
 
-**Symptoms**: Claude Code session starts but times out waiting for tool approval.
+**Symptoms**: Codex session starts but times out waiting for tool approval.
 
 **Steps**:
 
-1. The bridge runs Claude Code in non-interactive mode; ensure your Claude Code configuration allows the necessary tools
-2. Consider using `--allowedTools` in your configuration to pre-approve common tools
+1. The bridge runs Codex through the SDK/CLI; ensure the configured sandbox and approval policy match the requested task
+2. Use the IM permission prompt to approve the requested tool, or adjust Codex approval settings if you expect unattended execution
 3. Check network connectivity if the timeout occurs during API calls
 
 ## High memory usage
@@ -71,7 +70,7 @@
    ```
    Stop the bridge, then start it again from the local workbench
    ```
-3. If the issue persists, check how many concurrent sessions are active -- each Claude Code session consumes memory
+3. If the issue persists, check how many concurrent sessions are active -- each Codex session consumes memory
 4. Review logs for error loops that may cause memory leaks
 
 ## Stale PID file

package/scripts/build.js

@@ -6,17 +6,12 @@ const common = {
   format: 'esm',
   target: 'node20',
   external: [
-    // SDK must stay external — it spawns a CLI subprocess and resolves
-    // dist/cli.js relative to its own package location. Bundling it
-    // breaks that path resolution.
-    '@anthropic-ai/claude-agent-sdk',
     '@openai/codex-sdk',
     // Keep large IM SDKs external so global/local npm installs resolve them
     // from node_modules instead of inflating daemon.mjs.
     '@larksuiteoapi/node-sdk',
-    'discord.js',
-    // discord.js optional native deps
-    'bufferutil', 'utf-8-validate', 'zlib-sync', 'erlpack',
+    // ws optional native deps
+    'bufferutil', 'utf-8-validate',
     // Node.js built-ins
     'fs', 'path', 'os', 'crypto', 'http', 'https', 'net', 'tls',
     'stream', 'events', 'url', 'util', 'child_process', 'worker_threads',

package/scripts/daemon.sh

@@ -38,34 +38,16 @@ ensure_built() {
 }
 
 # Clean environment for subprocess isolation.
-clean_env() {
-  unset CLAUDECODE 2>/dev/null || true
-
-  local runtime
-  runtime=$(grep "^CTI_RUNTIME=" "$CTI_HOME/config.env" 2>/dev/null | head -1 | cut -d= -f2- | tr -d "'" | tr -d '"' || true)
-  runtime="${runtime:-claude}"
-
-  local mode="${CTI_ENV_ISOLATION:-inherit}"
-  if [ "$mode" = "strict" ]; then
-    case "$runtime" in
-      codex)
-        while IFS='=' read -r name _; do
-          case "$name" in ANTHROPIC_*) unset "$name" 2>/dev/null || true ;; esac
-        done < <(env)
-        ;;
-      claude)
-        # Keep ANTHROPIC_* (from config.env) — needed for third-party API providers.
-        # Strip OPENAI_* to avoid cross-runtime leakage.
-        while IFS='=' read -r name _; do
-          case "$name" in OPENAI_*) unset "$name" 2>/dev/null || true ;; esac
-        done < <(env)
-        ;;
-      auto)
-        # Keep both ANTHROPIC_* and OPENAI_* for auto mode
-        ;;
-    esac
-  fi
-}
+clean_env() {
+  unset CLAUDECODE 2>/dev/null || true
+
+  local mode="${CTI_ENV_ISOLATION:-inherit}"
+  if [ "$mode" = "strict" ]; then
+    while IFS='=' read -r name _; do
+      case "$name" in ANTHROPIC_*) unset "$name" 2>/dev/null || true ;; esac
+    done < <(env)
+  fi
+}
 
 read_pid() {
   [ -f "$PID_FILE" ] && cat "$PID_FILE" 2>/dev/null || echo ""
@@ -133,8 +115,7 @@ case "${1:-help}" in
       exit 1
     fi
 
-    # Source config.env BEFORE clean_env so that CTI_ANTHROPIC_PASSTHROUGH
-    # and other CTI_* flags are available when clean_env checks them.
+    # Source config.env BEFORE clean_env so CTI_* flags are available.
     [ -f "$CTI_HOME/config.env" ] && set -a && source "$CTI_HOME/config.env" && set +a
 
     clean_env