feishu-user-plugin 1.3.10 → 1.3.11

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "feishu-user-plugin",
-  "version": "1.3.10",
+  "version": "1.3.11",
   "description": "All-in-one Feishu plugin for Claude Code — send messages as yourself, read chats (auto-expanded merge_forward), manage docs / bitable / wiki (full CRUD) / drive / OKR (with progress writes) / calendar (read+write) / Tasks v2 / multi-profile auto-switch / real-time WS events. 82 tools + 9 prompts, 3 auth layers.",
   "author": {
     "name": "EthanQC"

package/.cursor-plugin/plugin.json

@@ -0,0 +1,27 @@
+{
+  "name": "feishu-user-plugin",
+  "displayName": "Feishu MCP for Claude Code & Codex",
+  "description": "All-in-one Feishu MCP server for Claude Code & Codex — 84 tools across 3 auth layers (cookie / app / OAuth). Send as you, read groups, manage docs / bitable / wiki / drive / calendar / tasks / OKR.",
+  "version": "1.3.11",
+  "author": {
+    "name": "EthanQC"
+  },
+  "homepage": "https://ethanqc.github.io/feishu-user-plugin/",
+  "repository": "https://github.com/EthanQC/feishu-user-plugin",
+  "license": "MIT",
+  "category": "Communication",
+  "keywords": ["feishu", "lark", "mcp", "claude-code", "codex"],
+  "mcpServers": {
+    "feishu-user-plugin": {
+      "command": "npx",
+      "args": ["-y", "feishu-user-plugin"],
+      "env": {
+        "LARK_COOKIE": "${LARK_COOKIE}",
+        "LARK_APP_ID": "${LARK_APP_ID}",
+        "LARK_APP_SECRET": "${LARK_APP_SECRET}",
+        "LARK_USER_ACCESS_TOKEN": "${LARK_USER_ACCESS_TOKEN}",
+        "LARK_USER_REFRESH_TOKEN": "${LARK_USER_REFRESH_TOKEN}"
+      }
+    }
+  }
+}

package/.mcpb/manifest.json

@@ -0,0 +1,91 @@
+{
+  "manifest_version": "0.3",
+  "name": "feishu-user-plugin",
+  "display_name": "Feishu MCP for Claude Code & Codex",
+  "version": "1.3.11",
+  "description": "All-in-one Feishu MCP server for Claude Code & Codex — 84 tools across 3 auth layers (cookie / app / OAuth). Send as you, read groups, manage docs / bitable / wiki / drive / calendar / tasks / OKR.",
+  "long_description": "feishu-user-plugin is a local stdio MCP server that bridges Feishu / Lark and any MCP client (Claude Code, Codex, Cursor, Windsurf, OpenClaw, Claude Desktop). It exposes 84 tools across three auth layers: cookie + protobuf for sending messages as the real user (a capability not available through the official bot API), Feishu Open Platform app credentials for groups / docs / bitable / wiki / drive / calendar / tasks / OKR, and user OAuth (UAT) for P2P chat reading and user-owned resource creation.",
+  "author": {
+    "name": "EthanQC",
+    "url": "https://github.com/EthanQC"
+  },
+  "homepage": "https://ethanqc.github.io/feishu-user-plugin/",
+  "documentation": "https://github.com/EthanQC/feishu-user-plugin/blob/main/README.md",
+  "support": "https://github.com/EthanQC/feishu-user-plugin/issues",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/EthanQC/feishu-user-plugin.git"
+  },
+  "license": "MIT",
+  "keywords": [
+    "feishu",
+    "lark",
+    "claude-code",
+    "codex",
+    "mcp",
+    "model-context-protocol",
+    "im",
+    "messaging",
+    "protobuf"
+  ],
+  "privacy_policies": [
+    "https://github.com/EthanQC/feishu-user-plugin/blob/main/PRIVACY.md"
+  ],
+  "server": {
+    "type": "node",
+    "entry_point": "src/index.js",
+    "mcp_config": {
+      "command": "node",
+      "args": ["${__dirname}/src/index.js"],
+      "env": {
+        "LARK_COOKIE": "${user_config.lark_cookie}",
+        "LARK_APP_ID": "${user_config.lark_app_id}",
+        "LARK_APP_SECRET": "${user_config.lark_app_secret}",
+        "LARK_USER_ACCESS_TOKEN": "${user_config.lark_user_access_token}",
+        "LARK_USER_REFRESH_TOKEN": "${user_config.lark_user_refresh_token}"
+      }
+    }
+  },
+  "user_config": {
+    "lark_cookie": {
+      "type": "string",
+      "title": "LARK_COOKIE",
+      "description": "Feishu web cookie (from feishu.cn DevTools → Network → request headers Cookie). Required for user-identity messaging tools.",
+      "required": false,
+      "sensitive": true
+    },
+    "lark_app_id": {
+      "type": "string",
+      "title": "LARK_APP_ID",
+      "description": "Feishu self-built app ID (cli_xxx). Required for Official API tools (group reads, docs, bitable, wiki, drive, calendar, tasks, OKR).",
+      "required": false,
+      "sensitive": true
+    },
+    "lark_app_secret": {
+      "type": "string",
+      "title": "LARK_APP_SECRET",
+      "description": "Feishu self-built app secret. Pairs with LARK_APP_ID.",
+      "required": false,
+      "sensitive": true
+    },
+    "lark_user_access_token": {
+      "type": "string",
+      "title": "LARK_USER_ACCESS_TOKEN",
+      "description": "User OAuth UAT (run `npx feishu-user-plugin oauth` to obtain). Required for P2P chat reading and user-owned resource creation.",
+      "required": false,
+      "sensitive": true
+    },
+    "lark_user_refresh_token": {
+      "type": "string",
+      "title": "LARK_USER_REFRESH_TOKEN",
+      "description": "User OAuth refresh token. Pairs with LARK_USER_ACCESS_TOKEN; auto-rotates the UAT on expiry.",
+      "required": false,
+      "sensitive": true
+    }
+  },
+  "compatibility": {
+    "runtimes": {
+      "node": ">=18.0.0"
+    }
+  }
+}

package/CHANGELOG.md

@@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/), and this project adheres to [Semantic Versioning](https://semver.org/).
 
+## [1.3.11] - 2026-05-09
+
+主线一项：Lark Desktop 多账号无感切换 — 用户在 Feishu Desktop 切账号，MCP 在 ~15 s 内自动跟进，无需任何 CLI 命令、无需 MCP 工具调用。配套三件 v1.4 prep（Privacy Policy / `.mcpb` manifest / `.cursor-plugin/plugin.json` / MCP Registry CI 自动 publish）已就位但未对外提交，等用户 dispatch。工具数 84 不变。
+
+### Added
+- **Lark Desktop 多账号无感切换 (A)**：用户在 Feishu Desktop 切换账号 → MCP 自动跟进，不需要任何 CLI 命令、不需要 MCP 工具调用。`credentials.json::profiles[*].larkHash` 字段绑定 profile 与 `~/Library/Containers/com.bytedance.macos.feishu/Data/Library/Application Support/LarkShell/sdk_storage/<hash>/`；owner heartbeat (15 s) 监听各账号 `cookie_store.db` 的 mtime，最近活跃的 hash 与当前 active 不一致 + mtime 推进时调 `setActiveProfile`（5 s debounce）。`setup` 在 `fresh` / `update` 模式下自动绑定（单账号直接绑、多账号在交互模式下让用户选 / 非交互模式取最近活跃 + 在 stderr 列出其它）。新 CLI flag：`--bind-hash <hash>` 显式绑定，`--no-bind-hash` 跳过自动检测。未绑定但活跃的 hash 在 stderr 打一次性提示带 `setup --profile <name> --bind-hash <hash>` 命令。Lark 加密 `cookie_store.db` 全程不读不解密，cookie 仍由 `LARK_COOKIE` 按 profile 单独提供。macOS-only；Linux / Windows 默认无副作用。
+- **`src/auth/lark-desktop.js` 模块**：`getSdkStorageDir()` / `listAccountHashes()` / `mostRecentHash()` / `detectSwitch()` 全部 fixture-testable，无新依赖（仅 `fs.statSync`）。13 个单元测试位于 `src/test-lark-desktop.js`，CI 友好（不依赖 Lark Desktop 安装）。
+- **`.mcpb` 桌面扩展 manifest + Privacy Policy（v1.4 prep）**：`PRIVACY.md` 中英双语，按 Anthropic Connectors Directory 评审标准 6 维度组织（采集 / 处理 / 存储 / 第三方 / 留存 / 联系）；`.mcpb/manifest.json` 走 `manifest_version=0.3` schema，含 `server.mcp_config` + `user_config` 块（5 个 `LARK_*` 全部声明 `sensitive=true`）；`scripts/build-mcpb.js` 产出 `dist/feishu-user-plugin-<version>.mcpb`；CI gate `scripts/check-mcpb-version.js` 接进 `validate.yml`。**未提交**至 https://clau.de/desktop-extention-submission，等用户 dispatch（v1.4 计划）。
+- **`.cursor-plugin/plugin.json`（v1.4 prep）**：按 Cursor plugins schema 编写（`mcpServers` 块镜像 README 的 Claude Code 配置）；`scripts/check-version.js` 由 3 源扩到 4 源版本三角等价（`package.json` / `.claude-plugin/plugin.json` / `SKILL.md` / `.cursor-plugin/plugin.json`）。Schema 与 `docs/launch/submissions/cursor-marketplace.md` 校对发现 `author` 是 `{name, email}` 不是 `{name, url}`，已按官方 schema 修正。**未提交** Cursor Marketplace，等用户 dispatch。
+- **MCP Registry CI 自动 publish（v1.4 prep）**：`.github/workflows/publish.yml` 增 mcp-publisher 步骤，`v*` tag 触发 → curl 安装 `mcp-publisher` → `login github-oidc`（runner OIDC token，无需 PAT）→ `publish mcp-registry.json`。`scripts/check-mcp-registry-version.js` 校验 `mcp-registry.json::version` + `packages[0].version` 与 `package.json::version` 一致；接进 `publish.yml`（pre-publish）+ `validate.yml`（PR-time）。从下个 release 起 Registry 同步零人工。
+
+### Test scenarios
+- 单 profile + 单 hash：`setup` 自动绑定，stderr 一行 `Bound profile "default" to Lark account hash <hex>`，无后续噪声
+- 多 profile + 多 hash：在 Lark Desktop 切到 profile B 绑的账号 → 15 s 内 stderr 出 `Lark Desktop account changed; switching profile to "B"` → `credentials.json::active` 更新 → 下一次工具调用走 B 的凭证
+- 未绑定但活跃 hash：在 Lark Desktop 切到一个新账号 → stderr 出一次性提示带 `setup --profile <name> --bind-hash <hash>` 命令；后续 heartbeat 不再重复
+- 非 darwin：`getSdkStorageDir()` 返回 null，所有反应器代码 no-op；`setup --no-bind-hash` 显式跳过
+- v1.4 prep 三件套不影响 v1.3.10 → v1.3.11 的运行时行为，仅扩 CI / metadata / packaging
+
 ## [1.3.10] - 2026-05-09
 
 Growth track 一次性 ship + Official MCP Registry 上架。本版无新工具（84 不变），主体是发现入口、文档语气与发布元数据：仓库一句话描述与 npm description 同步、GitHub Pages 中文优先 SEO landing 上线、`README.md` 主版本切到中文、`docs/launch/` 13 文件 launch 草稿就位、Dockerfile 给 Glama listing introspection 用、自定义 OG image 替代 GitHub 默认渲染、CONTRIBUTING.md 双语重写。所有用户可见文档统一去除 reverse-engineering / 暴力探测 / 营销腔 / 合规免责段。

package/PRIVACY.md

@@ -0,0 +1,105 @@
+# 隐私政策 / Privacy Policy
+
+`feishu-user-plugin` 是一个本地运行的 MCP 服务器。本文档说明插件如何处理用户提供的飞书 / Lark 凭证以及通过 MCP 工具调用流转的数据。
+
+---
+
+## 中文
+
+### 1. 收集的数据
+
+插件本身不收集任何数据。运行需要用户主动配置以下凭证，全部来自用户自己的飞书 / Lark 账号：
+
+- `LARK_COOKIE` —— 用户浏览器登录 feishu.cn 后从请求头复制的 cookie 串
+- `LARK_APP_ID` + `LARK_APP_SECRET` —— 用户在飞书开放平台自建应用的 ID 与密钥
+- `LARK_USER_ACCESS_TOKEN` + `LARK_USER_REFRESH_TOKEN` —— 用户通过 `npx feishu-user-plugin oauth` 在自己浏览器中授权后由插件本地保存的 OAuth 令牌
+
+以上凭证保存在用户本地，不会发送给插件作者或除飞书自身以外的任何第三方。
+
+### 2. 处理的数据
+
+插件只处理用户通过 MCP 工具调用主动请求的数据：消息、文档、多维表格、知识库、云空间、日历、任务、OKR、联系人。插件是用户与飞书开放平台之间的薄代理，不在数据通过时做额外的留存、备份、上传或分析。
+
+### 3. 数据存储位置
+
+- 凭证文件：`~/.feishu-user-plugin/credentials.json`，文件权限 0600（仅当前用户可读写），由用户的操作系统强制访问控制
+- 实时事件日志（启用时）：`~/.feishu-user-plugin/events.jsonl`，append-only，10 MB 软上限 / 20 MB 硬上限自动轮转
+- 不上报遥测，不发送埋点，不联网调用统计接口，不与插件作者维护的任何后台通信
+
+唯一的数据驻留点是用户本机。
+
+### 4. 第三方共享
+
+插件运行时与两类外部方通信：
+
+- **飞书开放平台 API**（`open.feishu.cn` / `feishu.cn`）—— 用户自己的飞书租户。所有读写都直接打到这里，等价于用户自己用飞书客户端的操作
+- **用户运行的 AI 客户端**（Claude Code / Codex / Cursor / Windsurf / OpenClaw / Claude Desktop 等）—— 这是 MCP 协议的另一端，由用户自行选择安装
+
+插件不引入任何额外的第三方依赖（无 CDN、无分析服务、无错误上报）。
+
+### 5. 数据保留
+
+完全由用户控制。插件不主动删除、归档或复制用户数据。要彻底移除：
+
+```bash
+rm -rf ~/.feishu-user-plugin
+npm uninstall -g feishu-user-plugin
+```
+
+撤销飞书侧的 OAuth 授权可在飞书开放平台的应用管理页操作。
+
+### 6. 联系方式
+
+- 一般问题：[GitHub Issues](https://github.com/EthanQC/feishu-user-plugin/issues)
+- 安全披露：在 GitHub Issue 标题前加 `[security]` 前缀
+
+---
+
+## English
+
+### 1. Data Collected
+
+The plugin itself collects no data. Operation requires the user to provide the following credentials, all from the user's own Feishu / Lark account:
+
+- `LARK_COOKIE` — cookie string the user copies from their own browser session on feishu.cn
+- `LARK_APP_ID` + `LARK_APP_SECRET` — credentials of a self-built app the user registers on the Feishu Open Platform
+- `LARK_USER_ACCESS_TOKEN` + `LARK_USER_REFRESH_TOKEN` — OAuth tokens issued after the user grants consent via `npx feishu-user-plugin oauth` and saved locally by the plugin
+
+These credentials remain on the user's machine and are not transmitted to the plugin author or any third party other than Feishu itself.
+
+### 2. Data Processed
+
+The plugin only processes data the user explicitly requests through MCP tool calls: messages, documents, bitable, wiki, drive, calendar, tasks, OKR, contacts. The plugin is a thin proxy between the user and the Feishu Open Platform; it does not retain, archive, replicate, upload, or analyse data in transit.
+
+### 3. Where Data Is Stored
+
+- Credential file: `~/.feishu-user-plugin/credentials.json`, mode 0600 (readable / writable only by the file owner), enforced by OS-level access control
+- Realtime event log (when enabled): `~/.feishu-user-plugin/events.jsonl`, append-only, 10 MB soft / 20 MB hard rotation cap
+- No telemetry, no analytics, no phone-home, no communication with any backend maintained by the plugin author
+
+The user's machine is the only retention point.
+
+### 4. Third-Party Sharing
+
+At runtime the plugin communicates with two external parties:
+
+- **Feishu Open Platform API** (`open.feishu.cn` / `feishu.cn`) — the user's own Feishu tenant. All reads and writes go directly there, equivalent to actions the user could take in the official Feishu client
+- **The AI client the user runs** (Claude Code / Codex / Cursor / Windsurf / OpenClaw / Claude Desktop, etc.) — the other end of the MCP protocol, chosen and installed by the user
+
+The plugin introduces no additional third party (no CDN, no analytics service, no error-reporting endpoint).
+
+### 5. Data Retention
+
+Entirely user-controlled. The plugin does not delete, archive, or replicate user data on its own. To remove everything:
+
+```bash
+rm -rf ~/.feishu-user-plugin
+npm uninstall -g feishu-user-plugin
+```
+
+OAuth authorization on the Feishu side can be revoked from the application management page of the Feishu Open Platform.
+
+### 6. Contact
+
+- General issues: [GitHub Issues](https://github.com/EthanQC/feishu-user-plugin/issues)
+- Security disclosures: prefix the issue title with `[security]`

package/README.md

@@ -357,6 +357,26 @@ Issues / PR 欢迎。提交前先看 [CONTRIBUTING.md](CONTRIBUTING.md)。
 
 飞书改协议导致功能挂掉 —— 开 issue 带错误日志即可。
 
+## 隐私 / Privacy
+
+本地运行的 MCP 服务器，凭证留在用户本机，不上报遥测，不与插件作者后台通信。完整文本见 [PRIVACY.md](PRIVACY.md)。
+
+- **收集**：插件本身不收集任何数据；`LARK_COOKIE` / `LARK_APP_ID` / `LARK_APP_SECRET` / `LARK_USER_ACCESS_TOKEN` / `LARK_USER_REFRESH_TOKEN` 全部由用户主动配置，来源于用户自己的飞书 / Lark 账号
+- **处理**：仅处理用户通过 MCP 工具调用主动请求的消息 / 文档 / 多维表格 / 知识库 / 云空间 / 日历 / 任务 / OKR / 联系人，不留存、不分析
+- **存储**：`~/.feishu-user-plugin/credentials.json`（mode 0600）；可选事件日志 `~/.feishu-user-plugin/events.jsonl`（10 MB / 20 MB 自动轮转）
+- **第三方**：仅与用户自己的飞书租户和用户运行的 AI 客户端通信，无 CDN / 分析 / 错误上报
+- **保留**：完全用户控制；`rm -rf ~/.feishu-user-plugin && npm uninstall -g feishu-user-plugin` 即清空
+- **联系**：[GitHub Issues](https://github.com/EthanQC/feishu-user-plugin/issues)，安全问题在 issue 标题前加 `[security]`
+
+A locally-run MCP server. Credentials stay on the user's machine; no telemetry, no phone-home. Full text at [PRIVACY.md](PRIVACY.md).
+
+- **Collected**: nothing by the plugin itself; the five `LARK_*` envs are supplied by the user from their own Feishu / Lark account
+- **Processed**: only the messages / docs / bitable / wiki / drive / calendar / tasks / OKR / contacts the user explicitly requests via MCP tool calls
+- **Stored**: `~/.feishu-user-plugin/credentials.json` (mode 0600); optional event log at `~/.feishu-user-plugin/events.jsonl`
+- **Third-party**: only the user's own Feishu tenant and the AI client the user runs (Claude Code / Codex / Cursor / etc.)
+- **Retention**: entirely user-controlled; `rm -rf ~/.feishu-user-plugin && npm uninstall -g feishu-user-plugin` removes everything
+- **Contact**: [GitHub Issues](https://github.com/EthanQC/feishu-user-plugin/issues); security disclosures with `[security]` prefix in the title
+
 ## License
 
 [MIT](LICENSE)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "feishu-user-plugin",
   "mcpName": "io.github.EthanQC/feishu-user-plugin",
-  "version": "1.3.10",
+  "version": "1.3.11",
   "description": "All-in-one Feishu MCP server for Claude Code & Codex — 84 tools across 3 auth layers (cookie / app / OAuth). Send as you, read groups, manage docs / bitable / wiki / drive / calendar / tasks / OKR.",
   "main": "src/index.js",
   "bin": {
@@ -45,12 +45,15 @@
     "proto/",
     "scripts/",
     ".claude-plugin/",
+    ".cursor-plugin/",
+    ".mcpb/",
     "skills/",
     ".mcp.json.example",
     ".env.example",
     "CHANGELOG.md",
     "README.md",
     "README.en.md",
+    "PRIVACY.md",
     "LICENSE"
   ],
   "engines": {
@@ -64,7 +67,6 @@
     "protobufjs": "^7.5.6"
   },
   "devDependencies": {
-    "@resvg/resvg-js": "^2.6.2",
     "husky": "^9.1.7"
   },
   "overrides": {

package/scripts/build-mcpb.js

@@ -0,0 +1,119 @@
+#!/usr/bin/env node
+'use strict';
+
+// scripts/build-mcpb.js
+//
+// Packages the runtime files + .mcpb/manifest.json into
+// dist/feishu-user-plugin-<version>.mcpb (a ZIP with manifest.json at the root).
+//
+// The .mcpb format is a plain ZIP archive consumed by Claude Desktop / Anthropic
+// Connectors Directory. Required layout:
+//   manifest.json            (at root, copied from .mcpb/manifest.json)
+//   src/...                  (server runtime)
+//   proto/...                (protobuf descriptors)
+//   skills/...               (MCP prompts source)
+//   .claude-plugin/...       (plugin metadata)
+//   package.json             (so `node src/index.js` resolves deps after `npm ci`)
+//   package-lock.json
+//   PRIVACY.md, README.md, LICENSE
+//
+// node_modules/ is NOT bundled; the connector host runs `npm ci --omit=dev`
+// against the bundled package.json once installed (Anthropic convention).
+//
+// Re-runnable: overwrites dist/feishu-user-plugin-<version>.mcpb on each run.
+//
+// Usage:
+//   node scripts/build-mcpb.js
+
+const fs = require('fs');
+const path = require('path');
+const { execFileSync } = require('child_process');
+
+const ROOT = path.join(__dirname, '..');
+const DIST = path.join(ROOT, 'dist');
+const MANIFEST_SRC = path.join(ROOT, '.mcpb', 'manifest.json');
+
+function fail(msg) {
+  console.error(`build-mcpb: ${msg}`);
+  process.exit(1);
+}
+
+if (!fs.existsSync(MANIFEST_SRC)) fail('.mcpb/manifest.json not found');
+
+const pkg = JSON.parse(fs.readFileSync(path.join(ROOT, 'package.json'), 'utf8'));
+const manifest = JSON.parse(fs.readFileSync(MANIFEST_SRC, 'utf8'));
+
+if (!manifest.version) fail('.mcpb/manifest.json missing `version`');
+if (manifest.version !== pkg.version) {
+  fail(
+    `version mismatch — package.json=${pkg.version} but .mcpb/manifest.json=${manifest.version}. ` +
+      `Run: node scripts/check-mcpb-version.js`
+  );
+}
+
+const VERSION = pkg.version;
+const OUT = path.join(DIST, `feishu-user-plugin-${VERSION}.mcpb`);
+
+if (!fs.existsSync(DIST)) fs.mkdirSync(DIST, { recursive: true });
+if (fs.existsSync(OUT)) fs.unlinkSync(OUT);
+
+// Files & dirs to bundle. Order matters only for predictable zip output.
+// Mirrors package.json::files plus PRIVACY.md and the bundled manifest.json.
+const ENTRIES = [
+  'manifest.json', // synthesized at staging root from .mcpb/manifest.json
+  'src',
+  'proto',
+  'scripts',
+  '.claude-plugin',
+  'skills',
+  'package.json',
+  'package-lock.json',
+  'PRIVACY.md',
+  'README.md',
+  'LICENSE',
+];
+
+// Stage in a tmp dir so the zip has manifest.json at the archive root rather
+// than .mcpb/manifest.json. Using a tmp dir keeps the source tree clean.
+const STAGE = fs.mkdtempSync(path.join(require('os').tmpdir(), 'mcpb-build-'));
+try {
+  // Copy manifest.json to staging root
+  fs.copyFileSync(MANIFEST_SRC, path.join(STAGE, 'manifest.json'));
+
+  // Copy each remaining entry from repo root → staging root
+  for (const entry of ENTRIES.slice(1)) {
+    const src = path.join(ROOT, entry);
+    if (!fs.existsSync(src)) {
+      console.warn(`build-mcpb: skipping missing entry: ${entry}`);
+      continue;
+    }
+    const dest = path.join(STAGE, entry);
+    copyRecursive(src, dest);
+  }
+
+  // Create the ZIP via system `zip` (present on macOS + ubuntu-latest CI).
+  // -r recursive, -X strip extra OS attrs for reproducibility, -q quiet.
+  // We pass `.` so paths inside the zip are relative to the staging root.
+  execFileSync('zip', ['-rqX', OUT, '.'], { cwd: STAGE, stdio: 'inherit' });
+} finally {
+  fs.rmSync(STAGE, { recursive: true, force: true });
+}
+
+const stats = fs.statSync(OUT);
+console.log(`OK: built ${path.relative(ROOT, OUT)} (${(stats.size / 1024).toFixed(1)} KB)`);
+
+// --- helpers ------------------------------------------------------------
+
+function copyRecursive(src, dest) {
+  const stat = fs.statSync(src);
+  if (stat.isDirectory()) {
+    fs.mkdirSync(dest, { recursive: true });
+    for (const child of fs.readdirSync(src)) {
+      // Skip OS noise + already-built artifacts inside copied dirs
+      if (child === '.DS_Store' || child === 'node_modules' || child === 'dist') continue;
+      copyRecursive(path.join(src, child), path.join(dest, child));
+    }
+  } else if (stat.isFile()) {
+    fs.copyFileSync(src, dest);
+  }
+}

package/scripts/check-mcp-registry-version.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+'use strict';
+// Verifies mcp-registry.json::version + packages[0].version == package.json::version.
+// Wired into:
+//   - .github/workflows/publish.yml — pre-publish gate so CI never publishes to the
+//     official MCP Registry with a stale version string.
+//   - .github/workflows/validate.yml — PR-time gate so any version bump on
+//     package.json without a matching bump on mcp-registry.json fails before merge.
+const fs = require('fs');
+const path = require('path');
+
+const ROOT = path.join(__dirname, '..');
+
+const pkg = JSON.parse(fs.readFileSync(path.join(ROOT, 'package.json'), 'utf8'));
+const pkgVersion = pkg.version;
+
+const registryPath = path.join(ROOT, 'mcp-registry.json');
+const registry = JSON.parse(fs.readFileSync(registryPath, 'utf8'));
+const registryVersion = registry.version;
+
+if (!Array.isArray(registry.packages) || registry.packages.length === 0) {
+  console.error('ERROR: mcp-registry.json has no packages[] entries');
+  process.exit(1);
+}
+const pkgEntryVersion = registry.packages[0].version;
+
+const sources = [
+  { label: 'package.json', version: pkgVersion, path: 'package.json' },
+  { label: 'mcp-registry.json::version', version: registryVersion, path: 'mcp-registry.json' },
+  { label: 'mcp-registry.json::packages[0].version', version: pkgEntryVersion, path: 'mcp-registry.json' },
+];
+
+const allEqual = sources.every((s) => s.version === sources[0].version);
+
+if (!allEqual) {
+  console.error('ERROR: mcp-registry.json version mismatch with package.json!');
+  sources.forEach((s) => console.error(`  ${s.label}: ${s.version}`));
+  console.error('Fix: bump mcp-registry.json::version AND mcp-registry.json::packages[0].version');
+  console.error(`     to match package.json (${pkgVersion}).`);
+  process.exit(1);
+}
+
+console.log(`OK: mcp-registry.json version ${pkgVersion}`);

package/scripts/check-mcpb-version.js

@@ -0,0 +1,33 @@
+#!/usr/bin/env node
+'use strict';
+const fs = require('fs');
+const path = require('path');
+
+const ROOT = path.join(__dirname, '..');
+
+// Source 1: package.json
+const pkg = JSON.parse(fs.readFileSync(path.join(ROOT, 'package.json'), 'utf8'));
+const pkgVersion = pkg.version;
+
+// Source 2: .mcpb/manifest.json
+const manifestPath = path.join(ROOT, '.mcpb', 'manifest.json');
+if (!fs.existsSync(manifestPath)) {
+  console.error('ERROR: .mcpb/manifest.json not found');
+  process.exit(1);
+}
+const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
+const manifestVersion = manifest.version;
+
+if (!manifestVersion) {
+  console.error('ERROR: .mcpb/manifest.json is missing the `version` field');
+  process.exit(1);
+}
+
+if (pkgVersion !== manifestVersion) {
+  console.error('ERROR: .mcpb manifest version mismatch!');
+  console.error(`  package.json:        ${pkgVersion}`);
+  console.error(`  .mcpb/manifest.json: ${manifestVersion}`);
+  process.exit(1);
+}
+
+console.log(`OK: .mcpb manifest version ${pkgVersion}`);

package/scripts/check-version.js

@@ -22,10 +22,15 @@ if (!skillMatch) {
 }
 const skillVersion = skillMatch[1];
 
+// Source 4: .cursor-plugin/plugin.json
+const cursorPlugin = JSON.parse(fs.readFileSync(path.join(ROOT, '.cursor-plugin', 'plugin.json'), 'utf8'));
+const cursorVersion = cursorPlugin.version;
+
 const sources = [
   { label: 'package.json', version: pkgVersion, path: 'package.json' },
   { label: '.claude-plugin/plugin.json', version: pluginVersion, path: '.claude-plugin/plugin.json' },
   { label: 'skills/feishu-user-plugin/SKILL.md', version: skillVersion, path: 'skills/feishu-user-plugin/SKILL.md' },
+  { label: '.cursor-plugin/plugin.json', version: cursorVersion, path: '.cursor-plugin/plugin.json' },
 ];
 
 const versions = sources.map((s) => s.version);