feishu-user-plugin 1.3.10 → 1.3.12

package/src/test-credentials-monitor.js

@@ -0,0 +1,124 @@
+// src/test-credentials-monitor.js — unit test for src/auth/credentials-monitor.js.
+//
+// Pre-v1.3.12 hot-reload was partial: server.js stat-ed credentials.json mtime
+// and dispatched setActiveProfile() on change, but the UAT in-memory token,
+// _userNameCache, and lockfile heartbeat never observed the change. Users had
+// to restart Claude Code after `npx oauth` for the new UAT to take effect.
+//
+// CredentialsMonitor unifies the mtime + content-hash diff into a single
+// poll triggered per tool call. Owners register hooks for the parts they
+// care about: onUatChange / onCookieChange / onProfileSwitch / onCacheInvalidate.
+//
+// We test against a temporary credentials.json in a tmpdir so the test is
+// isolated from any real ~/.feishu-user-plugin state.
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const assert = require('node:assert/strict');
+const { createCredentialsMonitor } = require('./auth/credentials-monitor');
+
+function writeCreds(dir, obj) {
+  const p = path.join(dir, 'credentials.json');
+  fs.writeFileSync(p, JSON.stringify(obj, null, 2) + '\n', { mode: 0o600 });
+  return p;
+}
+
+async function run() {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'fish-monitor-'));
+  const credPath = path.join(dir, 'credentials.json');
+
+  const baseCreds = {
+    version: 1,
+    active: 'default',
+    profiles: {
+      default: {
+        LARK_APP_ID: 'cli_a',
+        LARK_USER_ACCESS_TOKEN: 'uat_v1',
+        LARK_USER_REFRESH_TOKEN: 'ref_v1',
+        LARK_COOKIE: 'cookie_v1',
+      },
+    },
+  };
+  writeCreds(dir, baseCreds);
+
+  // Inject path so monitor doesn't read real ~/.feishu-user-plugin
+  const monitor = createCredentialsMonitor({ path: credPath });
+
+  // --- 1. First sync establishes baseline; no hooks fire ---
+  let uatFired = 0, cookieFired = 0, profileFired = 0, cacheFired = 0;
+  monitor.onUatChange(() => uatFired++);
+  monitor.onCookieChange(() => cookieFired++);
+  monitor.onProfileSwitch(() => profileFired++);
+  monitor.onCacheInvalidate(() => cacheFired++);
+
+  monitor.sync();
+  assert.equal(uatFired, 0, 'baseline sync should not fire hooks');
+  assert.equal(cookieFired, 0);
+  assert.equal(profileFired, 0);
+  assert.equal(cacheFired, 0);
+
+  // --- 2. Change UAT field → onUatChange fires, others don't ---
+  // We must advance the mtime AFTER content change; on fast filesystems writing
+  // the same path repeatedly within the same ms gives identical mtime. Set
+  // explicit mtime so behaviour doesn't depend on FS clock granularity.
+  const after1 = { ...baseCreds, profiles: { default: { ...baseCreds.profiles.default, LARK_USER_ACCESS_TOKEN: 'uat_v2', LARK_USER_REFRESH_TOKEN: 'ref_v2' } } };
+  writeCreds(dir, after1);
+  fs.utimesSync(credPath, new Date(Date.now() + 1000), new Date(Date.now() + 1000));
+  monitor.sync();
+  assert.equal(uatFired, 1, 'onUatChange should fire on UAT diff');
+  assert.equal(cookieFired, 0, 'unchanged cookie → no cookie hook');
+  assert.equal(profileFired, 0, 'unchanged active → no profile hook');
+  assert.equal(cacheFired, 1, 'any change should fire onCacheInvalidate once');
+
+  // --- 3. Same content, just touch mtime → no hook fires (content hash guards) ---
+  fs.utimesSync(credPath, new Date(Date.now() + 2000), new Date(Date.now() + 2000));
+  monitor.sync();
+  assert.equal(uatFired, 1, 'touch (no content change) should not fire UAT');
+  assert.equal(cacheFired, 1);
+
+  // --- 4. Change cookie → onCookieChange fires ---
+  const after2 = { ...after1, profiles: { default: { ...after1.profiles.default, LARK_COOKIE: 'cookie_v2' } } };
+  writeCreds(dir, after2);
+  fs.utimesSync(credPath, new Date(Date.now() + 3000), new Date(Date.now() + 3000));
+  monitor.sync();
+  assert.equal(cookieFired, 1);
+  assert.equal(profileFired, 0);
+
+  // --- 5. Change active profile → onProfileSwitch fires (legacy parity) ---
+  const after3 = { ...after2, active: 'work', profiles: { default: after2.profiles.default, work: { LARK_APP_ID: 'cli_b' } } };
+  writeCreds(dir, after3);
+  fs.utimesSync(credPath, new Date(Date.now() + 4000), new Date(Date.now() + 4000));
+  monitor.sync();
+  assert.equal(profileFired, 1, 'active flip → onProfileSwitch fires');
+
+  // --- 6. Hook receives the new credentials snapshot as argument ---
+  let receivedToken = null;
+  monitor.onUatChange((snap) => { receivedToken = snap?.LARK_USER_ACCESS_TOKEN; });
+  const after4 = { ...after3, profiles: { ...after3.profiles, work: { LARK_APP_ID: 'cli_b', LARK_USER_ACCESS_TOKEN: 'uat_work_v1', LARK_USER_REFRESH_TOKEN: 'ref_work_v1' } } };
+  writeCreds(dir, after4);
+  fs.utimesSync(credPath, new Date(Date.now() + 5000), new Date(Date.now() + 5000));
+  monitor.sync();
+  assert.equal(receivedToken, 'uat_work_v1', 'UAT hook should receive the active profile env block');
+
+  // --- 7. Monitor handles missing file gracefully (no throw) ---
+  fs.unlinkSync(credPath);
+  monitor.sync(); // should not throw
+
+  // --- 8. File reappears later → next sync detects + fires ---
+  writeCreds(dir, baseCreds);
+  fs.utimesSync(credPath, new Date(Date.now() + 6000), new Date(Date.now() + 6000));
+  monitor.sync();
+  // baseCreds.active='default' diff from previous 'work' → profile change
+  // baseCreds.UAT='uat_v1' diff from previous 'uat_work_v1' → uat change
+  assert.ok(profileFired >= 2);
+  assert.ok(uatFired >= 2);
+
+  fs.rmSync(dir, { recursive: true, force: true });
+  console.log('credentials-monitor.js: PASS');
+}
+
+if (require.main === module) run().catch(e => { console.error(e); process.exit(1); });
+module.exports = { run };

package/src/test-display-label.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+// src/test-display-label.js — unit test for LarkOfficialClient._computeDisplayLabel
+//
+// _computeDisplayLabel maps a formatted message (with senderId/senderType/senderName/
+// isRecalled fields) to a human-friendly string for LLM consumption. This covers the
+// 6 sender shapes Feishu actually produces:
+//
+//   1. user with resolved name           → name
+//   2. user with senderName=null         → "(open_id)" fallback
+//   3. app (bot) with name in cache      → "[Bot] AppName"
+//   4. app (bot) without name            → "[Bot] (cli_xxx)"
+//   5. anonymous sender                  → "[匿名]"
+//   6. system message (no sender)        → "[系统]"
+//   7. recalled-message prefix           → "[已撤回] " + base label
+//
+// Without the implementation this script fails (which is what we want pre-fix).
+
+const { LarkOfficialClient } = require('./clients/official/base');
+
+const client = new LarkOfficialClient('cli_dummy', 'dummy_secret');
+client._appNameCache.set('cli_named_bot', 'Claude聊天助手');
+
+const tests = [
+  {
+    name: 'user with resolved name',
+    input: { senderType: 'user', senderId: 'ou_x', senderName: '周宇' },
+    expected: '周宇',
+  },
+  {
+    name: 'user with null senderName',
+    input: { senderType: 'user', senderId: 'ou_abc123', senderName: null },
+    expected: '(ou_abc123)',
+  },
+  {
+    name: 'app with name in cache',
+    input: { senderType: 'app', senderId: 'cli_named_bot' },
+    expected: '[Bot] Claude聊天助手',
+  },
+  {
+    name: 'app without name',
+    input: { senderType: 'app', senderId: 'cli_unknown' },
+    expected: '[Bot] (cli_unknown)',
+  },
+  {
+    name: 'anonymous',
+    input: { senderType: 'anonymous', senderId: 'ou_x' },
+    expected: '[匿名]',
+  },
+  {
+    name: 'system (no senderId)',
+    input: { senderId: undefined },
+    expected: '[系统]',
+  },
+  {
+    name: 'recalled user message',
+    input: { senderType: 'user', senderId: 'ou_x', senderName: '怪兽', isRecalled: true },
+    expected: '[已撤回] 怪兽',
+  },
+  {
+    name: 'recalled with null senderName',
+    input: { senderType: 'user', senderId: 'ou_y', senderName: null, isRecalled: true },
+    expected: '[已撤回] (ou_y)',
+  },
+];
+
+let failures = 0;
+for (const t of tests) {
+  let actual;
+  try {
+    actual = client._computeDisplayLabel(t.input);
+  } catch (e) {
+    console.error(`FAIL ${t.name}: threw ${e.message}`);
+    failures++;
+    continue;
+  }
+  if (actual !== t.expected) {
+    console.error(`FAIL ${t.name}: expected ${JSON.stringify(t.expected)}, got ${JSON.stringify(actual)}`);
+    failures++;
+  } else {
+    console.log(`OK   ${t.name}`);
+  }
+}
+
+if (failures) {
+  console.error(`\n${failures} test(s) failed`);
+  process.exit(1);
+}
+console.log(`\nAll ${tests.length} display-label tests passed`);

package/src/test-error-codes.js

@@ -0,0 +1,85 @@
+// src/test-error-codes.js — unit test for src/error-codes.js classifyError.
+//
+// Covers the v1.3.12 widening:
+//   - 20064 (invalid_grant — UAT revoked, permanent)
+//   - 91403 (cross-tenant bot — bot can never access, route to UAT)
+//   - 1254xxx upload errors (transient — retry once)
+//   - res.json() parse failure messages → 'retry' (transient)
+//
+// Each case maps an error code (or Error object) to { action, reason } the
+// classifier should output. Run via `node src/test-error-codes.js` or as part
+// of `npm test` (imported from src/test-all.js).
+
+'use strict';
+
+const assert = require('node:assert/strict');
+const { classifyError, FAILURE_MAP, TRANSIENT_PATTERNS } = require('./error-codes');
+
+function run() {
+  // --- Existing classifications (regression guard) ---
+  assert.deepEqual(
+    classifyError(240001),
+    { action: 'uat', reason: 'bot_external_tenant', code: 240001 },
+    '240001 → bot_external_tenant',
+  );
+  assert.deepEqual(
+    classifyError(70009),
+    { action: 'uat', reason: 'bot_no_permission', code: 70009 },
+  );
+  assert.deepEqual(
+    classifyError(42101),
+    { action: 'retry', reason: 'bot_rate_limited', code: 42101 },
+  );
+
+  // --- New v1.3.12 entries ---
+  const m20064 = classifyError(20064);
+  assert.equal(m20064.action, 'uat', '20064 should escalate to UAT path (revoked permanent)');
+  assert.equal(m20064.reason, 'uat_revoked', '20064 reason should be uat_revoked');
+
+  const m91403 = classifyError(91403);
+  assert.equal(m91403.action, 'uat', '91403 cross-tenant bot');
+  assert.equal(m91403.reason, 'bot_cross_tenant');
+
+  // 1254xxx — a sample of upload failures observed in production
+  for (const code of [1254000, 1254001, 1254301, 1254400]) {
+    const c = classifyError(code);
+    assert.equal(c.action, 'retry', `${code} should be transient (retry)`);
+    assert.equal(c.reason, 'upload_transient', `${code} reason`);
+  }
+
+  // --- res.json() parse failures should retry once ---
+  // Real-world: feishu's gateway occasionally returns truncated bodies that
+  // make response.json() throw SyntaxError; one retry usually clears it.
+  const parseErr = new Error('Unexpected end of JSON input');
+  parseErr.name = 'SyntaxError';
+  const parseClass = classifyError(parseErr);
+  assert.equal(parseClass.action, 'retry', 'JSON parse error → retry');
+  assert.equal(parseClass.reason, 'response_parse_error');
+
+  // --- Existing transient patterns still work ---
+  const networkErr = new Error('fetch timeout after 10000ms');
+  assert.equal(classifyError(networkErr).action, 'retry');
+
+  const httpFive = new Error('readMessages failed (HTTP 503, code=99991400): rate limited');
+  // Note: code=99991400 hits FAILURE_MAP before the pattern. Either way action=retry.
+  assert.equal(classifyError(httpFive).action, 'retry');
+
+  // --- Unknown codes preserve fallback behavior ---
+  assert.deepEqual(
+    classifyError(99999),
+    { action: 'unknown', reason: 'bot_unknown_error', code: 99999 },
+  );
+
+  // --- TRANSIENT_PATTERNS still exported ---
+  assert.ok(Array.isArray(TRANSIENT_PATTERNS) && TRANSIENT_PATTERNS.length >= 5);
+
+  // --- FAILURE_MAP coverage: all new codes are registered ---
+  assert.ok(FAILURE_MAP[20064], 'FAILURE_MAP must register 20064');
+  assert.ok(FAILURE_MAP[91403], 'FAILURE_MAP must register 91403');
+  assert.ok(FAILURE_MAP[1254000], 'FAILURE_MAP must register 1254000');
+
+  console.log('error-codes.js: PASS');
+}
+
+if (require.main === module) run();
+module.exports = { run };

package/src/test-identity-state.js

@@ -0,0 +1,172 @@
+// src/test-identity-state.js — unit test for src/auth/identity-state.js.
+//
+// resolveIdentity + withIdentityFallback are the v1.3.12 replacement for
+// asUserOrApp's silent fallback. Behaviour we test:
+//
+//   1. resolveIdentity reads in-memory client state (no API call by default)
+//      and returns one of: VALID_USER / UAT_EXPIRED / BOT_ONLY / NO_CREDENTIALS.
+//   2. withIdentityFallback wraps a UAT-first / bot-fallback flow, attaches
+//      via / via_reason / identity to the response, refines the cached
+//      identity on UAT failure (e.g. 20064 → UAT_REVOKED), and returns a
+//      well-formed combined error when both sides fail.
+//   3. invalidateIdentity clears the 30s cache so a new probe is taken next
+//      time (CredentialsMonitor will call this on UAT change).
+
+'use strict';
+
+const assert = require('node:assert/strict');
+const {
+  IdentityState,
+  resolveIdentity,
+  withIdentityFallback,
+  invalidateIdentity,
+} = require('./auth/identity-state');
+
+// Minimal fake client. Real LarkOfficialClient exposes hasUAT (getter), appId,
+// _uat, _uatExpires; tests only need those.
+function fakeClient({ hasUAT = false, appId = 'cli_test', expires = 0 } = {}) {
+  return {
+    appId,
+    appSecret: 'secret',
+    _uat: hasUAT ? 'token' : null,
+    _uatRefresh: hasUAT ? 'refresh' : null,
+    _uatExpires: expires,
+    get hasUAT() { return !!this._uat; },
+  };
+}
+
+async function run() {
+  // --- 1. enum values are exported ---
+  for (const k of ['VALID_USER', 'UAT_EXPIRED', 'UAT_REVOKED', 'UAT_MISSING_SCOPE', 'BOT_ONLY', 'NO_CREDENTIALS']) {
+    assert.ok(IdentityState[k], `IdentityState.${k} should be defined`);
+  }
+
+  // --- 2. resolveIdentity, no UAT, has app ---
+  const c1 = fakeClient({ hasUAT: false, appId: 'cli_x' });
+  invalidateIdentity(c1);
+  assert.equal(await resolveIdentity(c1), IdentityState.BOT_ONLY);
+
+  // --- 3. resolveIdentity, no UAT, no app ---
+  const c2 = fakeClient({ hasUAT: false, appId: null });
+  invalidateIdentity(c2);
+  assert.equal(await resolveIdentity(c2), IdentityState.NO_CREDENTIALS);
+
+  // --- 4. resolveIdentity, valid UAT (future expiry) ---
+  const c3 = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) + 3600 });
+  invalidateIdentity(c3);
+  assert.equal(await resolveIdentity(c3), IdentityState.VALID_USER);
+
+  // --- 5. resolveIdentity, expired UAT (past expiry) ---
+  const c4 = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) - 100 });
+  invalidateIdentity(c4);
+  assert.equal(await resolveIdentity(c4), IdentityState.UAT_EXPIRED);
+
+  // --- 6. resolveIdentity cache: change underlying state, get cached value ---
+  invalidateIdentity(c1);
+  assert.equal(await resolveIdentity(c1), IdentityState.BOT_ONLY);
+  c1._uat = 'token'; // simulate adopt-persisted-uat happened mid-flight
+  c1._uatExpires = Math.floor(Date.now() / 1000) + 3600;
+  // Still cached — 30s window not elapsed.
+  assert.equal(await resolveIdentity(c1), IdentityState.BOT_ONLY, 'cache should hold within 30s');
+  invalidateIdentity(c1);
+  assert.equal(await resolveIdentity(c1), IdentityState.VALID_USER, 'invalidate reads fresh state');
+
+  // --- 7. withIdentityFallback: UAT path succeeds ---
+  const cOk = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) + 3600 });
+  invalidateIdentity(cOk);
+  const r1 = await withIdentityFallback({
+    client: cOk,
+    uatFn: async () => ({ code: 0, data: { ok: true } }),
+    botFn: async () => { throw new Error('should not run'); },
+    label: 'test_op',
+  });
+  assert.equal(r1.via, 'uat');
+  assert.equal(r1.identity, IdentityState.VALID_USER);
+  assert.equal(r1.data.code, 0);
+  assert.equal(r1.data.ok, undefined, 'should pass through fields, not double-wrap');
+  assert.equal(r1.data.data.ok, true);
+  assert.equal(r1.viaReason, undefined, 'no fallback → no via_reason');
+
+  // --- 8. withIdentityFallback: UAT returns 20064 → bot fallback, identity refined ---
+  let botRan = false;
+  const cRevoked = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) + 3600 });
+  invalidateIdentity(cRevoked);
+  const r2 = await withIdentityFallback({
+    client: cRevoked,
+    uatFn: async () => ({ code: 20064, msg: 'invalid_grant' }),
+    botFn: async () => { botRan = true; return { code: 0, data: { from: 'bot' } }; },
+    label: 'test_revoked',
+  });
+  assert.equal(botRan, true);
+  assert.equal(r2.via, 'bot');
+  assert.equal(r2.identity, IdentityState.UAT_REVOKED, 'identity refined on 20064');
+  assert.ok(typeof r2.viaReason === 'string' && r2.viaReason.includes('20064'));
+  assert.ok(r2.fallbackWarning && r2.fallbackWarning.includes('UAT'));
+
+  // Subsequent resolveIdentity sees the refined cached state without re-probe.
+  assert.equal(await resolveIdentity(cRevoked), IdentityState.UAT_REVOKED);
+
+  // --- 9. withIdentityFallback: UAT 99991668 → UAT_MISSING_SCOPE ---
+  const cScope = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) + 3600 });
+  invalidateIdentity(cScope);
+  const r3 = await withIdentityFallback({
+    client: cScope,
+    uatFn: async () => ({ code: 99991668, msg: 'scope not granted' }),
+    botFn: async () => ({ code: 0, data: { ok: true } }),
+    label: 'test_scope',
+  });
+  assert.equal(r3.identity, IdentityState.UAT_MISSING_SCOPE);
+  assert.equal(r3.via, 'bot');
+
+  // --- 10. withIdentityFallback: UAT throws → bot fallback ---
+  const cThrow = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) + 3600 });
+  invalidateIdentity(cThrow);
+  const r4 = await withIdentityFallback({
+    client: cThrow,
+    uatFn: async () => { throw new Error('network blew up'); },
+    botFn: async () => ({ code: 0, data: { ok: 'bot' } }),
+    label: 'test_throw',
+  });
+  assert.equal(r4.via, 'bot');
+  assert.ok(r4.viaReason.includes('network blew up'));
+
+  // --- 11. withIdentityFallback: BOT_ONLY → no uat attempted, informational warning ---
+  const cBotOnly = fakeClient({ hasUAT: false, appId: 'cli_x' });
+  invalidateIdentity(cBotOnly);
+  let uatRan = false;
+  const r5 = await withIdentityFallback({
+    client: cBotOnly,
+    uatFn: async () => { uatRan = true; return { code: 0 }; },
+    botFn: async () => ({ code: 0, data: { ok: 'bot' } }),
+    label: 'test_botonly',
+  });
+  assert.equal(uatRan, false, 'BOT_ONLY must not invoke uatFn');
+  assert.equal(r5.via, 'bot');
+  assert.equal(r5.identity, IdentityState.BOT_ONLY);
+  // BOT_ONLY still attaches the legacy "未配置 UAT" informational warning so
+  // users notice that resources will be owned by the shared bot.
+  assert.ok(r5.fallbackWarning && r5.fallbackWarning.includes('未配置 UAT'));
+
+  // --- 12. withIdentityFallback: both sides fail → throws combined error ---
+  const cBoth = fakeClient({ hasUAT: true, expires: Math.floor(Date.now() / 1000) + 3600 });
+  invalidateIdentity(cBoth);
+  let caught;
+  try {
+    await withIdentityFallback({
+      client: cBoth,
+      uatFn: async () => ({ code: 99991668, msg: 'no scope' }),
+      botFn: async () => { throw new Error('bot not in chat'); },
+      label: 'test_both_fail',
+    });
+  } catch (e) { caught = e; }
+  assert.ok(caught, 'both-fail should throw');
+  assert.ok(caught.message.includes('test_both_fail'));
+  assert.ok(caught.message.includes('bot not in chat'));
+  assert.ok(caught.uatSummary, 'combined error carries uatSummary');
+  assert.ok(caught.botError, 'combined error carries botError');
+
+  console.log('identity-state.js: PASS');
+}
+
+if (require.main === module) run().catch(e => { console.error(e); process.exit(1); });
+module.exports = { run };