liangzimixin 0.3.2 → 0.3.4

package/dist/index.cjs

@@ -17483,10 +17483,7 @@ var DEFAULT_INTERNAL_CONFIG = {
     }
   },
   auth: {
-    serverUrl: process.env.LZMX_AUTH_URL || "https://seal.example.com",
-    clientName: "liangzimixin",
-    scopes: ["openid", "im_sdk", "data_operate", "offline_access"],
-    autoRegister: true,
+    serverUrl: process.env.LZMX_AUTH_URL || "https://imtwo.zdxlz.com/open-apis/v1",
     refreshAheadMs: 3e5
   },
   crypto: {
@@ -17974,7 +17971,7 @@ async function resolveAndUploadMedia(params) {
       };
     }
     const msgType = fileType;
-    const contentPayload = fileType === "file" ? { fileKey: uploadResult.fileKey, filename: fileName, size: uploadResult.fileSize } : { fileKey: uploadResult.fileKey };
+    const contentPayload = fileType === "file" ? { fileId: uploadResult.fileKey, fileName, size: uploadResult.fileSize } : { fileId: uploadResult.fileKey };
     await messagePipe.sendMessage({
       chatId,
       senderId: chatId,
@@ -17984,7 +17981,7 @@ async function resolveAndUploadMedia(params) {
     });
     log3.info("media:sent", {
       chatId,
-      fileKey: uploadResult.fileKey,
+      fileId: uploadResult.fileKey,
       msgType
     });
     return {
@@ -18111,20 +18108,20 @@ ${body}` : body || raw.content;
     }
     case "image": {
       const c = parsed;
-      fileId = c?.fileKey;
+      fileId = c?.fileId;
       text = c?.altText ?? (fileId ? `![image](${fileId})` : "[image]");
       break;
     }
     case "file": {
       const c = parsed;
-      fileId = c?.fileKey;
-      fileName = c?.filename;
+      fileId = c?.fileId;
+      fileName = c?.fileName;
       text = fileName ? `[File: ${fileName}]` : "[file]";
       break;
     }
     case "voice": {
       const c = parsed;
-      fileId = c?.fileKey;
+      fileId = c?.fileId;
       const durationMs = c?.duration;
       const durationStr = durationMs != null ? ` ${(durationMs / 1e3).toFixed(1)}s` : "";
       text = `[Voice${durationStr}]`;
@@ -18132,7 +18129,7 @@ ${body}` : body || raw.content;
     }
     case "video": {
       const c = parsed;
-      fileId = c?.fileKey;
+      fileId = c?.fileId;
       const durationMs = c?.duration;
       const durationStr = durationMs != null ? ` ${(durationMs / 1e3).toFixed(1)}s` : "";
       text = `[Video${durationStr}]`;
@@ -19008,13 +19005,13 @@ var CryptoEngine = class _CryptoEngine {
 
 // src/auth/oauth-client.ts
 var log16 = createLogger("auth/oauth-client");
-var SealApiError = class extends Error {
+var ApiError = class extends Error {
   constructor(status, body, endpoint) {
-    super(`Seal API error: ${status} on ${endpoint}`);
+    super(`API error: ${status} on ${endpoint}`);
     this.status = status;
     this.body = body;
     this.endpoint = endpoint;
-    this.name = "SealApiError";
+    this.name = "ApiError";
   }
 };
 var TokenAcquireError = class extends Error {
@@ -19031,28 +19028,21 @@ function sleep(ms) {
   return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 var DEFAULT_TIMEOUT_MS = 3e4;
-var SealClient = class {
+var GRANT_TYPE = "client_credentials";
+var SCOPE = "client_credentials refresh_token";
+var OAuthClient = class {
   baseUrl;
-  clientId;
-  clientSecret;
-  clientName;
-  scopes;
+  appId;
+  appSecret;
   constructor(config2) {
-    this.baseUrl = config2.serverUrl.replace(/\/+$/, "");
-    this.clientId = config2.clientId;
-    this.clientSecret = config2.clientSecret;
-    this.clientName = config2.clientName;
-    this.scopes = config2.scopes;
-    log16.info("SealClient initialized", { serverUrl: this.baseUrl, clientName: config2.clientName });
+    this.baseUrl = config2.baseUrl.replace(/\/+$/, "");
+    this.appId = config2.appId;
+    this.appSecret = config2.appSecret;
+    log16.info("OAuthClient initialized", { baseUrl: this.baseUrl, appId: sanitize(this.appId) });
   }
   // ── 通用 HTTP 请求 ──
   /**
    * 统一 HTTP 请求封装 — 含超时、日志脱敏和错误处理
-   * @param method - HTTP 方法
-   * @param path - 请求路径 (如 '/seal/client/register')
-   * @param options - 请求选项
-   * @returns 解析后的 JSON 响应
-   * @throws SealApiError — HTTP 非 2xx 响应
    */
   async request(method, path2, options = {}) {
     const url2 = `${this.baseUrl}${path2}`;
@@ -19084,109 +19074,38 @@ var SealClient = class {
         parsedBody = responseBody;
       }
       log16.error("HTTP error", { method, url: url2, status: response.status });
-      throw new SealApiError(response.status, parsedBody, path2);
+      throw new ApiError(response.status, parsedBody, path2);
     }
     log16.debug("HTTP response", { method, url: url2, status: response.status });
     try {
       return JSON.parse(responseBody);
     } catch {
-      throw new SealApiError(response.status, responseBody, path2);
+      throw new ApiError(response.status, responseBody, path2);
     }
   }
   // ── 公共方法 ──
-  /** 判断是否已注册 (有 clientId + clientSecret) */
-  isRegistered() {
-    return !!(this.clientId && this.clientSecret);
-  }
-  /** 更新 clientId / clientSecret (注册成功后或从持久化加载后调用) */
-  setCredentials(clientId, clientSecret) {
-    this.clientId = clientId;
-    this.clientSecret = clientSecret;
-    log16.info("Credentials updated", { clientId: sanitize(clientId) });
-  }
-  /**
-   * 动态注册客户端 → POST /seal/client/register
-   *
-   * 首次运行时自动调用，获取 clientId 和 clientSecret。
-   * 注册成功后自动更新内部凭据。
-   */
-  async register(params) {
-    const body = {
-      client_name: params.clientName,
-      scopes: params.scopes,
-      authentication_methods: params.authMethods ?? ["client_secret_post"],
-      grant_types: params.grantTypes ?? ["authorization_code", "client_credentials", "refresh_token"],
-      redirect_uris: params.redirectUris ?? ["https://placeholder.local"],
-      logout_redirect_uris: [],
-      client_settings: {
-        "settings.client.require-authorization-consent": true
-      }
-    };
-    if (params.tokenSettings) {
-      const ts = {};
-      if (params.tokenSettings.accessTokenTtl) {
-        ts["settings.token.access-token-time-to-live"] = params.tokenSettings.accessTokenTtl;
-      }
-      if (params.tokenSettings.refreshTokenTtl) {
-        ts["settings.token.refresh-token-time-to-live"] = params.tokenSettings.refreshTokenTtl;
-      }
-      if (params.tokenSettings.accessTokenFormat) {
-        ts["settings.token.access-token-format"] = params.tokenSettings.accessTokenFormat;
-      }
-      if (params.tokenSettings.reuseRefreshTokens !== void 0) {
-        ts["settings.token.reuse-refresh-tokens"] = params.tokenSettings.reuseRefreshTokens;
-      }
-      ts["settings.token.authorization-code-time-to-live"] = "300";
-      body.token_settings = ts;
-    }
-    log16.info("Registering OAuth client", { clientName: params.clientName });
-    const response = await this.request(
-      "POST",
-      "/seal/client/register",
-      { body, contentType: "json" }
-    );
-    const registration = {
-      clientId: response.client_id,
-      clientSecret: response.client_secret,
-      clientSecretExpiresAt: response.client_secret_expires_at ?? "",
-      clientIdIssuedAt: response.client_id_issued_at ?? "",
-      scopes: response.scopes ?? params.scopes
-    };
-    this.setCredentials(registration.clientId, registration.clientSecret);
-    log16.info("OAuth client registered", {
-      clientId: sanitize(registration.clientId),
-      clientSecret: sanitize(registration.clientSecret),
-      scopes: registration.scopes,
-      expiresAt: registration.clientSecretExpiresAt
-    });
-    return registration;
-  }
   /**
-   * 获取访问令牌 → POST /seal/oauth2/token (client_credentials)
+   * 获取访问令牌 → POST /auth/token (client_credentials)
    *
-   * 使用客户端凭证模式获取 Access Token。
-   * 前置条件: clientId 和 clientSecret 必须存在 (通过 register 或 setCredentials 设置)
+   * 请求参数 (x-www-form-urlencoded):
+   *   - grant_type: client_credentials (写死)
+   *   - client_id: appId
+   *   - client_secret: appSecret
+   *   - scope: client_credentials refresh_token (写死)
    *
-   * @param scope - 请求的权限范围 (空格分隔)，不传则使用注册时的全部 scope
    * @returns TokenData 包含 access_token、过期时间等
-   * @throws Error — clientId/clientSecret 未设置
-   * @throws SealApiError — HTTP 错误
+   * @throws ApiError — HTTP 错误
    */
-  async getToken(scope) {
-    if (!this.clientId || !this.clientSecret) {
-      throw new Error("Cannot get token: clientId and clientSecret are required. Call register() or setCredentials() first.");
-    }
+  async getToken() {
     const params = new URLSearchParams();
-    params.set("grant_type", "client_credentials");
-    params.set("client_id", this.clientId);
-    params.set("client_secret", this.clientSecret);
-    if (scope) {
-      params.set("scope", scope);
-    }
-    log16.info("Requesting access token", { clientId: sanitize(this.clientId) });
+    params.set("grant_type", GRANT_TYPE);
+    params.set("client_id", this.appId);
+    params.set("client_secret", this.appSecret);
+    params.set("scope", SCOPE);
+    log16.info("Requesting access token", { appId: sanitize(this.appId) });
     const response = await this.request(
       "POST",
-      "/seal/oauth2/token",
+      "/auth/token",
       { body: params, contentType: "form" }
     );
     const now = Date.now();
@@ -19197,7 +19116,6 @@ var SealClient = class {
       expiresIn,
       scope: response.scope ?? "",
       refreshToken: void 0,
-      // Seal 不返回 refresh_token
       grantedAt: now,
       expiresAt: now + expiresIn * 1e3
     };
@@ -19208,12 +19126,9 @@ var SealClient = class {
     });
     return tokenData;
   }
-  /**
-   * 令牌校验 → GET /seal/oauth2/introspect
-   * 暂不实现 — 保留接口签名，后续需要时再补充
-   */
-  async introspect(_token) {
-    throw new Error("introspect() not implemented yet \u2014 Seal introspect API \u6682\u4E0D\u4F7F\u7528");
+  /** 获取 baseUrl (供其他模块复用) */
+  getBaseUrl() {
+    return this.baseUrl;
   }
 };
 
@@ -19347,12 +19262,10 @@ var DEFAULT_REFRESH_AHEAD_MS = 5 * 60 * 1e3;
 var MAX_RETRIES = 3;
 var RETRY_BASE_MS = 1e3;
 var TokenManager = class {
-  sealClient;
+  oauthClient;
   tokenStore;
   /** Token 过期前提前刷新的时间 (ms) */
   refreshAheadMs;
-  /** 自动注册的参数 */
-  autoRegisterParams;
   // ── 内存缓存 ──
   /** 内存中缓存的 access_token */
   cachedToken = null;
@@ -19366,10 +19279,9 @@ var TokenManager = class {
   /** 定时刷新器句柄 */
   refreshTimer = null;
   constructor(deps) {
-    this.sealClient = deps.sealClient;
+    this.oauthClient = deps.oauthClient;
     this.tokenStore = deps.tokenStore;
     this.refreshAheadMs = deps.refreshAheadMs ?? DEFAULT_REFRESH_AHEAD_MS;
-    this.autoRegisterParams = deps.autoRegisterParams;
     log18.info("TokenManager initialized", { refreshAheadMs: this.refreshAheadMs });
   }
   // ── 核心方法 ──
@@ -19398,13 +19310,6 @@ var TokenManager = class {
       this.refreshLock = null;
     }
   }
-  /**
-   * 令牌自省 — 暂不实现，后续补充。
-   * 返回的 identity_id 用于 gate.ts 的 anti-loop 检查 (bot 自己的 ID)。
-   */
-  async introspect() {
-    throw new Error("introspect() not implemented yet \u2014 Seal introspect API \u6682\u4E0D\u4F7F\u7528");
-  }
   /** 检查当前令牌是否包含指定的 scope */
   hasScope(scope) {
     if (!this.cachedScope) return false;
@@ -19435,14 +19340,14 @@ var TokenManager = class {
    *
    * 重试策略:
    *   - 网络错误 / 5xx → 重试 (最多 3 次)
-   *   - 401/403 → 不重试 (client_secret 可能无效)
+   *   - 401/403 → 不重试 (凭证可能无效)
    */
   async _acquireTokenWithRetry() {
     for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
       try {
         return await this._acquireToken();
       } catch (err) {
-        if (err instanceof SealApiError && (err.status === 401 || err.status === 403)) {
+        if (err instanceof ApiError && (err.status === 401 || err.status === 403)) {
           log18.error("Token acquire failed with auth error, not retrying", { status: err.status });
           throw err;
         }
@@ -19470,10 +19375,9 @@ var TokenManager = class {
    *
    * 流程:
    *   1. 尝试从 TokenStore 加载缓存
-   *   2. 检查是否需要注册客户端
-   *   3. 调用 SealClient.getToken() 获取新 Token
-   *   4. 保存到内存缓存 + TokenStore
-   *   5. 设置定时刷新器
+   *   2. 调用 OAuthClient.getToken() 获取新 Token
+   *   3. 保存到内存缓存 + TokenStore
+   *   4. 设置定时刷新器
    */
   async _acquireToken() {
     try {
@@ -19490,43 +19394,8 @@ var TokenManager = class {
     } catch {
       log18.warn("Failed to load token from store, acquiring new one");
     }
-    if (!this.sealClient.isRegistered()) {
-      try {
-        const savedCreds = await this.tokenStore.load("credentials");
-        if (savedCreds?.clientId && savedCreds?.clientSecret) {
-          this.sealClient.setCredentials(
-            savedCreds.clientId,
-            savedCreds.clientSecret
-          );
-          log18.info("Credentials loaded from store");
-        }
-      } catch {
-        log18.debug("No saved credentials found");
-      }
-    }
-    if (!this.sealClient.isRegistered()) {
-      if (!this.autoRegisterParams) {
-        throw new Error("SealClient not registered and autoRegisterParams not provided. Call setCredentials() or enable autoRegister.");
-      }
-      log18.info("Auto-registering OAuth client");
-      const registration = await this.sealClient.register({
-        clientName: this.autoRegisterParams.clientName,
-        scopes: this.autoRegisterParams.scopes,
-        tokenSettings: this.autoRegisterParams.tokenSettings ? {
-          accessTokenTtl: this.autoRegisterParams.tokenSettings.accessTokenTtl,
-          refreshTokenTtl: this.autoRegisterParams.tokenSettings.refreshTokenTtl,
-          accessTokenFormat: this.autoRegisterParams.tokenSettings.accessTokenFormat
-        } : void 0
-      });
-      await this.tokenStore.save("credentials", {
-        clientId: registration.clientId,
-        clientSecret: registration.clientSecret,
-        clientSecretExpiresAt: registration.clientSecretExpiresAt
-      });
-      log18.info("OAuth client registered and credentials saved");
-    }
-    log18.info("Acquiring new access token");
-    const tokenData = await this.sealClient.getToken();
+    log18.info("Acquiring new access token via POST /auth/token");
+    const tokenData = await this.oauthClient.getToken();
     this.updateCache(tokenData);
     await this.tokenStore.save("token", tokenData);
     this.scheduleRefresh(tokenData);
@@ -19883,11 +19752,18 @@ var MessagePipe = class {
       log21.warn("inbound:data-parse-error", { error: err.message });
       return;
     }
-    if (callbackData.eventType !== "MessageReceived") {
+    if (callbackData.eventType !== "callback:direct") {
       log21.debug("inbound:event-ignored", { eventType: callbackData.eventType });
       return;
     }
-    const msg = callbackData.content;
+    const msg = {
+      messageId: callbackData.msgUid,
+      chatId: callbackData.groupId || callbackData.userId,
+      senderId: callbackData.userId,
+      msgType: callbackData.type,
+      content: JSON.stringify(callbackData.content),
+      timestamp: Date.now()
+    };
     log21.debug("inbound:frame", { messageId: msg.messageId, eventType: callbackData.eventType });
     if (this.dedup.isDuplicate(msg.messageId)) {
       log21.debug("inbound:dedup-hit", { messageId: msg.messageId });
@@ -19948,10 +19824,14 @@ var ConnectionManager = class {
     this.running = true;
     this.reconnectAttempts = 0;
     const token = await tokenFn();
+    const wsUrl = url2.replace(/\/+$/, "") + "/events/stream";
     await this.client.connect({
-      url: url2,
+      url: wsUrl,
       token,
-      headers: this.appId ? { "X-App-ID": this.appId } : void 0
+      headers: {
+        "Authorization": token,
+        ...this.appId ? { "X-App-ID": this.appId } : {}
+      }
     });
     this.client.on("close", () => {
       if (this.running) {
@@ -20004,10 +19884,14 @@ var ConnectionManager = class {
       this.reconnectAttempts++;
       try {
         const token = await this.tokenFn();
+        const wsUrl = this.url.replace(/\/+$/, "") + "/events/stream";
         await this.client.connect({
-          url: this.url,
+          url: wsUrl,
           token,
-          headers: this.appId ? { "X-App-ID": this.appId } : void 0
+          headers: {
+            "Authorization": token,
+            ...this.appId ? { "X-App-ID": this.appId } : {}
+          }
         });
         this.reconnectAttempts = 0;
         this.startHeartbeat();
@@ -20432,28 +20316,17 @@ async function startPlugin(accountConfig, internalOverrides) {
     cryptoEngine = CryptoEngine.createPassthrough();
     log25.info("Crypto passthrough mode \u2713 (disabled by config)");
   }
-  const sealClient = new SealClient({
-    serverUrl: config2.auth.serverUrl,
-    clientName: config2.auth.clientName,
-    clientId: config2.auth.clientId,
-    clientSecret: config2.auth.clientSecret,
-    scopes: config2.auth.scopes
+  const oauthClient = new OAuthClient({
+    baseUrl: config2.auth.serverUrl,
+    appId: accountConfig.appId,
+    appSecret: accountConfig.appSecret
   });
   const tokenStorePath = (0, import_node_path2.join)((0, import_node_os.homedir)(), TOKEN_STORE_DIR, "tokens");
   const tokenStore = new TokenStore(tokenStorePath, cryptoEngine);
   const tokenManager = new TokenManager({
-    sealClient,
+    oauthClient,
     tokenStore,
-    refreshAheadMs: config2.auth.refreshAheadMs,
-    autoRegisterParams: config2.auth.autoRegister ? {
-      clientName: config2.auth.clientName,
-      scopes: config2.auth.scopes,
-      tokenSettings: config2.auth.tokenSettings ? {
-        accessTokenTtl: config2.auth.tokenSettings.accessTokenTtl,
-        refreshTokenTtl: config2.auth.tokenSettings.refreshTokenTtl,
-        accessTokenFormat: config2.auth.tokenSettings.accessTokenFormat
-      } : void 0
-    } : void 0
+    refreshAheadMs: config2.auth.refreshAheadMs
   });
   log25.info("Auth initialized \u2713");
   let pushQueue = null;

package/dist/index.d.cts

@@ -64,26 +64,10 @@ interface InternalConfig {
         };
     };
     auth: {
-        /** 🔴 OAuth 认证服务器地址 */
+        /** 🔴 API 基础地址 (如 https://imtwo.zdxlz.com/open-apis/v1) */
         serverUrl: string;
-        /** 🔴 OAuth 客户端显示名称 */
-        clientName: string;
-        /** 🟡 OAuth Client ID (不填则自动注册) */
-        clientId?: string;
-        /** 🟡 OAuth Client Secret */
-        clientSecret?: string;
-        /** 🟡 OAuth 授权范围 */
-        scopes: string[];
-        /** 🟡 是否自动注册 OAuth 客户端 */
-        autoRegister: boolean;
         /** 🟡 Token 提前刷新时间 (ms) */
         refreshAheadMs: number;
-        /** 🟡 Token 高级设置 */
-        tokenSettings?: {
-            accessTokenTtl: string;
-            refreshTokenTtl: string;
-            accessTokenFormat: string;
-        };
     };
     crypto: {
         /** 🟡 是否启用量子加密 */
@@ -162,10 +146,10 @@ interface InboundMessage {
      * 根据 msgType 解析为对应的 Content 类型:
      * - text:     `{"content": "你好"}`
      * - markdown: `{"title": "标题", "content": "正文", "recommendations": [...]}`
-     * - image:    `{"fileKey": "f_abc", "width": 800, "height": 600}`
-     * - file:     `{"fileKey": "f_xyz", "filename": "报告.pdf", "size": 1048576}`
-     * - voice:    `{"fileKey": "f_aud", "duration": 5000}`
-     * - video:    `{"fileKey": "f_vid", "duration": 120, "width": 1920, "height": 1080}`
+     * - image:    `{"fileId": "xxx", "width": 1920, "height": 1200}`
+     * - file:     `{"fileId": "xxx", "fileName": "test.xlsx", "size": 9763}`
+     * - voice:    `{"fileId": "xxx", "duration": 2914.23}`
+     * - video:    `{"fileId": "xxx", "duration": 5291667.32, "width": 1200}`
      * - system:   `{"text": "用户已加入会话"}`
      */
     content: string;
@@ -204,31 +188,7 @@ declare enum EncryptionStrategy {
     METADATA = "metadata",
     NONE = "none"
 }
-/** Seal OAuth 服务器连接配置 */
-interface SealConfig {
-    /** OAuth 服务器地址 */
-    serverUrl: string;
-    /** 客户端 ID (动态注册后获取) */
-    clientId?: string;
-    /** 客户端 Secret (动态注册后获取) */
-    clientSecret?: string;
-    /** 客户端显示名称 (注册时使用) */
-    clientName: string;
-    /** 请求的 OAuth scope 列表 */
-    scopes: string[];
-}
-/** 客户端动态注册结果 — POST /seal/client/register 响应 */
-interface SealClientRegistration {
-    clientId: string;
-    clientSecret: string;
-    /** Secret 过期时间 (ISO 8601) */
-    clientSecretExpiresAt: string;
-    /** 客户端 ID 签发时间 (ISO 8601) */
-    clientIdIssuedAt: string;
-    /** 实际授权的 scope 列表 */
-    scopes: string[];
-}
-/** OAuth 令牌数据 — 包含 access_token 和可选的 refresh_token */
+/** OAuth 令牌数据 — POST /auth/token 响应 */
 interface TokenData {
     accessToken: string;
     tokenType: 'Bearer';
@@ -242,23 +202,12 @@ interface TokenData {
     /** 签发时间戳 (Unix ms) */
     grantedAt: number;
 }
-/** Token 自省结果 — GET /seal/oauth2/introspect 响应 */
-interface IntrospectResult {
-    /** 令牌类型标识 */
-    schema: string;
-    /** 客户端 ID */
-    clientId: string;
-    /** 用户身份 ID (用于 gate.ts anti-loop 检查: 识别 bot 自己的 ID) */
-    identityId: string;
-    /** 实际授权的 scope */
-    scope: string;
-}
 
 /**
- * openclaw-liangzimixin — Seal OAuth HTTP 客户端
+ * openclaw-liangzimixin — OAuth HTTP 客户端
  *
- * 封装 Seal 授权服务器通信: register / getToken
- * 基于《seal认证技术文档》OAuth2 Client Credentials 模式
+ * 封装 IM 开放平台授权通信: POST /auth/token (client_credentials)
+ * 基于《第三方应用机器人对接 API 文档》
  *
  * 安全要求:
  *   - client_secret / access_token 不得出现在日志中 (仅前 8 位 + ***)
@@ -266,73 +215,48 @@ interface IntrospectResult {
  */
 
 /**
- * Seal OAuth HTTP 客户端 — 封装与 Seal 授权服务器的所有 HTTP 通信。
- * 提供核心操作: 动态注册 / 获取令牌
+ * OAuth 客户端配置 — 构造 OAuthClient 时传入
+ */
+interface OAuthClientConfig {
+    /** API 基础地址 (如 https://imtwo.zdxlz.com/open-apis/v1) */
+    baseUrl: string;
+    /** 应用 ID — 用作 OAuth client_id */
+    appId: string;
+    /** 应用密钥 — 用作 OAuth client_secret */
+    appSecret: string;
+}
+/**
+ * OAuth HTTP 客户端 — 封装与 IM 开放平台的认证通信。
  *
- * Introspect 暂不实现，保留接口签名。
+ * 对接《第三方应用机器人对接 API 文档》中的授权接口:
+ *   POST {{baseUrl}}/auth/token
+ *   Content-Type: application/x-www-form-urlencoded
+ *   grant_type=client_credentials & client_id={appId} & client_secret={appSecret} & scope=...
  */
-declare class SealClient {
+declare class OAuthClient {
     private readonly baseUrl;
-    private clientId?;
-    private clientSecret?;
-    private readonly clientName;
-    private readonly scopes;
-    constructor(config: SealConfig);
+    private readonly appId;
+    private readonly appSecret;
+    constructor(config: OAuthClientConfig);
     /**
      * 统一 HTTP 请求封装 — 含超时、日志脱敏和错误处理
-     * @param method - HTTP 方法
-     * @param path - 请求路径 (如 '/seal/client/register')
-     * @param options - 请求选项
-     * @returns 解析后的 JSON 响应
-     * @throws SealApiError — HTTP 非 2xx 响应
      */
     private request;
-    /** 判断是否已注册 (有 clientId + clientSecret) */
-    isRegistered(): boolean;
-    /** 更新 clientId / clientSecret (注册成功后或从持久化加载后调用) */
-    setCredentials(clientId: string, clientSecret: string): void;
     /**
-     * 动态注册客户端 → POST /seal/client/register
+     * 获取访问令牌 → POST /auth/token (client_credentials)
      *
-     * 首次运行时自动调用，获取 clientId 和 clientSecret。
-     * 注册成功后自动更新内部凭据。
-     */
-    register(params: {
-        /** 客户端显示名称 */
-        clientName: string;
-        /** 请求的 OAuth scope */
-        scopes: string[];
-        /** 授权类型 (默认包含 authorization_code, client_credentials, refresh_token) */
-        grantTypes?: string[];
-        /** 认证方法 (默认 ['client_secret_post']) */
-        authMethods?: string[];
-        /** 重定向 URI (默认 ['https://placeholder.local']) */
-        redirectUris?: string[];
-        /** Token 高级设置 */
-        tokenSettings?: {
-            accessTokenTtl?: string;
-            refreshTokenTtl?: string;
-            accessTokenFormat?: string;
-            reuseRefreshTokens?: boolean;
-        };
-    }): Promise<SealClientRegistration>;
-    /**
-     * 获取访问令牌 → POST /seal/oauth2/token (client_credentials)
+     * 请求参数 (x-www-form-urlencoded):
+     *   - grant_type: client_credentials (写死)
+     *   - client_id: appId
+     *   - client_secret: appSecret
+     *   - scope: client_credentials refresh_token (写死)
      *
-     * 使用客户端凭证模式获取 Access Token。
-     * 前置条件: clientId 和 clientSecret 必须存在 (通过 register 或 setCredentials 设置)
-     *
-     * @param scope - 请求的权限范围 (空格分隔)，不传则使用注册时的全部 scope
      * @returns TokenData 包含 access_token、过期时间等
-     * @throws Error — clientId/clientSecret 未设置
-     * @throws SealApiError — HTTP 错误
+     * @throws ApiError — HTTP 错误
      */
-    getToken(scope?: string): Promise<TokenData>;
-    /**
-     * 令牌校验 → GET /seal/oauth2/introspect
-     * 暂不实现 — 保留接口签名，后续需要时再补充
-     */
-    introspect(_token: string): Promise<IntrospectResult>;
+    getToken(): Promise<TokenData>;
+    /** 获取 baseUrl (供其他模块复用) */
+    getBaseUrl(): string;
 }
 
 /**
@@ -540,11 +464,11 @@ declare class TokenStore {
 /**
  * openclaw-liangzimixin — Token 生命周期管理
  *
- * 自动获取 / 缓存 / 过期重取 / 并发锁 / scope 检查 / 定时刷新
+ * 自动获取 / 缓存 / 过期重取 / 并发锁 / 定时刷新
  *
  * Token 生命周期策略:
- *   - 首次调用: 检查本地缓存 → 未命中则注册(autoRegister) → 获取 Token → 缓存
- *   - 过期处理: 直接重新调用 POST /seal/oauth2/token 获取新 Token (无 refresh_token)
+ *   - 首次调用: 检查本地缓存 → 未命中则调用 POST /auth/token → 缓存
+ *   - 过期处理: 直接重新调用 getToken() 获取新 Token
  *   - 提前刷新: Token 过期前 refreshAheadMs 毫秒自动重新获取
  *   - 并发锁: 多个并发请求共享同一个 Token 获取 Promise
  *
@@ -565,12 +489,10 @@ declare class TokenStore {
  *   shutdown()       — 清理定时器和并发锁
  */
 declare class TokenManager {
-    private readonly sealClient;
+    private readonly oauthClient;
     private readonly tokenStore;
     /** Token 过期前提前刷新的时间 (ms) */
     private readonly refreshAheadMs;
-    /** 自动注册的参数 */
-    private readonly autoRegisterParams?;
     /** 内存中缓存的 access_token */
     private cachedToken;
     /** 内存中缓存的 scope (用于 hasScope 检查) */
@@ -582,19 +504,9 @@ declare class TokenManager {
     /** 定时刷新器句柄 */
     private refreshTimer;
     constructor(deps: {
-        sealClient: SealClient;
+        oauthClient: OAuthClient;
         tokenStore: TokenStore;
         refreshAheadMs?: number;
-        /** 自动注册参数 — autoRegister=true 时使用 */
-        autoRegisterParams?: {
-            clientName: string;
-            scopes: string[];
-            tokenSettings?: {
-                accessTokenTtl?: string;
-                refreshTokenTtl?: string;
-                accessTokenFormat?: string;
-            };
-        };
     });
     /**
      * 获取有效的 access_token — 自动获取/重取，含并发锁。
@@ -607,11 +519,6 @@ declare class TokenManager {
      * @returns 有效的 access_token 字符串
      */
     getValidToken(): Promise<string>;
-    /**
-     * 令牌自省 — 暂不实现，后续补充。
-     * 返回的 identity_id 用于 gate.ts 的 anti-loop 检查 (bot 自己的 ID)。
-     */
-    introspect(): Promise<IntrospectResult>;
     /** 检查当前令牌是否包含指定的 scope */
     hasScope(scope: string): boolean;
     /** 检查是否已授权 (是否持有有效令牌) */
@@ -625,7 +532,7 @@ declare class TokenManager {
      *
      * 重试策略:
      *   - 网络错误 / 5xx → 重试 (最多 3 次)
-     *   - 401/403 → 不重试 (client_secret 可能无效)
+     *   - 401/403 → 不重试 (凭证可能无效)
      */
     private _acquireTokenWithRetry;
     /**
@@ -633,10 +540,9 @@ declare class TokenManager {
      *
      * 流程:
      *   1. 尝试从 TokenStore 加载缓存
-     *   2. 检查是否需要注册客户端
-     *   3. 调用 SealClient.getToken() 获取新 Token
-     *   4. 保存到内存缓存 + TokenStore
-     *   5. 设置定时刷新器
+     *   2. 调用 OAuthClient.getToken() 获取新 Token
+     *   3. 保存到内存缓存 + TokenStore
+     *   4. 设置定时刷新器
      */
     private _acquireToken;
     /** 更新内存缓存 */

package/dist/setup-entry.cjs

@@ -4120,7 +4120,7 @@ async function resolveAndUploadMedia(params) {
       };
     }
     const msgType = fileType;
-    const contentPayload = fileType === "file" ? { fileKey: uploadResult.fileKey, filename: fileName, size: uploadResult.fileSize } : { fileKey: uploadResult.fileKey };
+    const contentPayload = fileType === "file" ? { fileId: uploadResult.fileKey, fileName, size: uploadResult.fileSize } : { fileId: uploadResult.fileKey };
     await messagePipe.sendMessage({
       chatId,
       senderId: chatId,
@@ -4130,7 +4130,7 @@ async function resolveAndUploadMedia(params) {
     });
     log3.info("media:sent", {
       chatId,
-      fileKey: uploadResult.fileKey,
+      fileId: uploadResult.fileKey,
       msgType
     });
     return {
@@ -18039,10 +18039,7 @@ var DEFAULT_INTERNAL_CONFIG = {
     }
   },
   auth: {
-    serverUrl: process.env.LZMX_AUTH_URL || "https://seal.example.com",
-    clientName: "liangzimixin",
-    scopes: ["openid", "im_sdk", "data_operate", "offline_access"],
-    autoRegister: true,
+    serverUrl: process.env.LZMX_AUTH_URL || "https://imtwo.zdxlz.com/open-apis/v1",
     refreshAheadMs: 3e5
   },
   crypto: {
@@ -18266,13 +18263,13 @@ var CryptoEngine = class _CryptoEngine {
 
 // src/auth/oauth-client.ts
 var log7 = createLogger("auth/oauth-client");
-var SealApiError = class extends Error {
+var ApiError = class extends Error {
   constructor(status, body, endpoint) {
-    super(`Seal API error: ${status} on ${endpoint}`);
+    super(`API error: ${status} on ${endpoint}`);
     this.status = status;
     this.body = body;
     this.endpoint = endpoint;
-    this.name = "SealApiError";
+    this.name = "ApiError";
   }
 };
 var TokenAcquireError = class extends Error {
@@ -18289,28 +18286,21 @@ function sleep(ms) {
   return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 var DEFAULT_TIMEOUT_MS = 3e4;
-var SealClient = class {
+var GRANT_TYPE = "client_credentials";
+var SCOPE = "client_credentials refresh_token";
+var OAuthClient = class {
   baseUrl;
-  clientId;
-  clientSecret;
-  clientName;
-  scopes;
+  appId;
+  appSecret;
   constructor(config2) {
-    this.baseUrl = config2.serverUrl.replace(/\/+$/, "");
-    this.clientId = config2.clientId;
-    this.clientSecret = config2.clientSecret;
-    this.clientName = config2.clientName;
-    this.scopes = config2.scopes;
-    log7.info("SealClient initialized", { serverUrl: this.baseUrl, clientName: config2.clientName });
+    this.baseUrl = config2.baseUrl.replace(/\/+$/, "");
+    this.appId = config2.appId;
+    this.appSecret = config2.appSecret;
+    log7.info("OAuthClient initialized", { baseUrl: this.baseUrl, appId: sanitize(this.appId) });
   }
   // ── 通用 HTTP 请求 ──
   /**
    * 统一 HTTP 请求封装 — 含超时、日志脱敏和错误处理
-   * @param method - HTTP 方法
-   * @param path - 请求路径 (如 '/seal/client/register')
-   * @param options - 请求选项
-   * @returns 解析后的 JSON 响应
-   * @throws SealApiError — HTTP 非 2xx 响应
    */
   async request(method, path2, options = {}) {
     const url2 = `${this.baseUrl}${path2}`;
@@ -18342,109 +18332,38 @@ var SealClient = class {
         parsedBody = responseBody;
       }
       log7.error("HTTP error", { method, url: url2, status: response.status });
-      throw new SealApiError(response.status, parsedBody, path2);
+      throw new ApiError(response.status, parsedBody, path2);
     }
     log7.debug("HTTP response", { method, url: url2, status: response.status });
     try {
       return JSON.parse(responseBody);
     } catch {
-      throw new SealApiError(response.status, responseBody, path2);
+      throw new ApiError(response.status, responseBody, path2);
     }
   }
   // ── 公共方法 ──
-  /** 判断是否已注册 (有 clientId + clientSecret) */
-  isRegistered() {
-    return !!(this.clientId && this.clientSecret);
-  }
-  /** 更新 clientId / clientSecret (注册成功后或从持久化加载后调用) */
-  setCredentials(clientId, clientSecret) {
-    this.clientId = clientId;
-    this.clientSecret = clientSecret;
-    log7.info("Credentials updated", { clientId: sanitize(clientId) });
-  }
-  /**
-   * 动态注册客户端 → POST /seal/client/register
-   *
-   * 首次运行时自动调用，获取 clientId 和 clientSecret。
-   * 注册成功后自动更新内部凭据。
-   */
-  async register(params) {
-    const body = {
-      client_name: params.clientName,
-      scopes: params.scopes,
-      authentication_methods: params.authMethods ?? ["client_secret_post"],
-      grant_types: params.grantTypes ?? ["authorization_code", "client_credentials", "refresh_token"],
-      redirect_uris: params.redirectUris ?? ["https://placeholder.local"],
-      logout_redirect_uris: [],
-      client_settings: {
-        "settings.client.require-authorization-consent": true
-      }
-    };
-    if (params.tokenSettings) {
-      const ts = {};
-      if (params.tokenSettings.accessTokenTtl) {
-        ts["settings.token.access-token-time-to-live"] = params.tokenSettings.accessTokenTtl;
-      }
-      if (params.tokenSettings.refreshTokenTtl) {
-        ts["settings.token.refresh-token-time-to-live"] = params.tokenSettings.refreshTokenTtl;
-      }
-      if (params.tokenSettings.accessTokenFormat) {
-        ts["settings.token.access-token-format"] = params.tokenSettings.accessTokenFormat;
-      }
-      if (params.tokenSettings.reuseRefreshTokens !== void 0) {
-        ts["settings.token.reuse-refresh-tokens"] = params.tokenSettings.reuseRefreshTokens;
-      }
-      ts["settings.token.authorization-code-time-to-live"] = "300";
-      body.token_settings = ts;
-    }
-    log7.info("Registering OAuth client", { clientName: params.clientName });
-    const response = await this.request(
-      "POST",
-      "/seal/client/register",
-      { body, contentType: "json" }
-    );
-    const registration = {
-      clientId: response.client_id,
-      clientSecret: response.client_secret,
-      clientSecretExpiresAt: response.client_secret_expires_at ?? "",
-      clientIdIssuedAt: response.client_id_issued_at ?? "",
-      scopes: response.scopes ?? params.scopes
-    };
-    this.setCredentials(registration.clientId, registration.clientSecret);
-    log7.info("OAuth client registered", {
-      clientId: sanitize(registration.clientId),
-      clientSecret: sanitize(registration.clientSecret),
-      scopes: registration.scopes,
-      expiresAt: registration.clientSecretExpiresAt
-    });
-    return registration;
-  }
   /**
-   * 获取访问令牌 → POST /seal/oauth2/token (client_credentials)
+   * 获取访问令牌 → POST /auth/token (client_credentials)
    *
-   * 使用客户端凭证模式获取 Access Token。
-   * 前置条件: clientId 和 clientSecret 必须存在 (通过 register 或 setCredentials 设置)
+   * 请求参数 (x-www-form-urlencoded):
+   *   - grant_type: client_credentials (写死)
+   *   - client_id: appId
+   *   - client_secret: appSecret
+   *   - scope: client_credentials refresh_token (写死)
    *
-   * @param scope - 请求的权限范围 (空格分隔)，不传则使用注册时的全部 scope
    * @returns TokenData 包含 access_token、过期时间等
-   * @throws Error — clientId/clientSecret 未设置
-   * @throws SealApiError — HTTP 错误
+   * @throws ApiError — HTTP 错误
    */
-  async getToken(scope) {
-    if (!this.clientId || !this.clientSecret) {
-      throw new Error("Cannot get token: clientId and clientSecret are required. Call register() or setCredentials() first.");
-    }
+  async getToken() {
     const params = new URLSearchParams();
-    params.set("grant_type", "client_credentials");
-    params.set("client_id", this.clientId);
-    params.set("client_secret", this.clientSecret);
-    if (scope) {
-      params.set("scope", scope);
-    }
-    log7.info("Requesting access token", { clientId: sanitize(this.clientId) });
+    params.set("grant_type", GRANT_TYPE);
+    params.set("client_id", this.appId);
+    params.set("client_secret", this.appSecret);
+    params.set("scope", SCOPE);
+    log7.info("Requesting access token", { appId: sanitize(this.appId) });
     const response = await this.request(
       "POST",
-      "/seal/oauth2/token",
+      "/auth/token",
       { body: params, contentType: "form" }
     );
     const now = Date.now();
@@ -18455,7 +18374,6 @@ var SealClient = class {
       expiresIn,
       scope: response.scope ?? "",
       refreshToken: void 0,
-      // Seal 不返回 refresh_token
       grantedAt: now,
       expiresAt: now + expiresIn * 1e3
     };
@@ -18466,12 +18384,9 @@ var SealClient = class {
     });
     return tokenData;
   }
-  /**
-   * 令牌校验 → GET /seal/oauth2/introspect
-   * 暂不实现 — 保留接口签名，后续需要时再补充
-   */
-  async introspect(_token) {
-    throw new Error("introspect() not implemented yet \u2014 Seal introspect API \u6682\u4E0D\u4F7F\u7528");
+  /** 获取 baseUrl (供其他模块复用) */
+  getBaseUrl() {
+    return this.baseUrl;
   }
 };
 
@@ -18605,12 +18520,10 @@ var DEFAULT_REFRESH_AHEAD_MS = 5 * 60 * 1e3;
 var MAX_RETRIES = 3;
 var RETRY_BASE_MS = 1e3;
 var TokenManager = class {
-  sealClient;
+  oauthClient;
   tokenStore;
   /** Token 过期前提前刷新的时间 (ms) */
   refreshAheadMs;
-  /** 自动注册的参数 */
-  autoRegisterParams;
   // ── 内存缓存 ──
   /** 内存中缓存的 access_token */
   cachedToken = null;
@@ -18624,10 +18537,9 @@ var TokenManager = class {
   /** 定时刷新器句柄 */
   refreshTimer = null;
   constructor(deps) {
-    this.sealClient = deps.sealClient;
+    this.oauthClient = deps.oauthClient;
     this.tokenStore = deps.tokenStore;
     this.refreshAheadMs = deps.refreshAheadMs ?? DEFAULT_REFRESH_AHEAD_MS;
-    this.autoRegisterParams = deps.autoRegisterParams;
     log9.info("TokenManager initialized", { refreshAheadMs: this.refreshAheadMs });
   }
   // ── 核心方法 ──
@@ -18656,13 +18568,6 @@ var TokenManager = class {
       this.refreshLock = null;
     }
   }
-  /**
-   * 令牌自省 — 暂不实现，后续补充。
-   * 返回的 identity_id 用于 gate.ts 的 anti-loop 检查 (bot 自己的 ID)。
-   */
-  async introspect() {
-    throw new Error("introspect() not implemented yet \u2014 Seal introspect API \u6682\u4E0D\u4F7F\u7528");
-  }
   /** 检查当前令牌是否包含指定的 scope */
   hasScope(scope) {
     if (!this.cachedScope) return false;
@@ -18693,14 +18598,14 @@ var TokenManager = class {
    *
    * 重试策略:
    *   - 网络错误 / 5xx → 重试 (最多 3 次)
-   *   - 401/403 → 不重试 (client_secret 可能无效)
+   *   - 401/403 → 不重试 (凭证可能无效)
    */
   async _acquireTokenWithRetry() {
     for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
       try {
         return await this._acquireToken();
       } catch (err) {
-        if (err instanceof SealApiError && (err.status === 401 || err.status === 403)) {
+        if (err instanceof ApiError && (err.status === 401 || err.status === 403)) {
           log9.error("Token acquire failed with auth error, not retrying", { status: err.status });
           throw err;
         }
@@ -18728,10 +18633,9 @@ var TokenManager = class {
    *
    * 流程:
    *   1. 尝试从 TokenStore 加载缓存
-   *   2. 检查是否需要注册客户端
-   *   3. 调用 SealClient.getToken() 获取新 Token
-   *   4. 保存到内存缓存 + TokenStore
-   *   5. 设置定时刷新器
+   *   2. 调用 OAuthClient.getToken() 获取新 Token
+   *   3. 保存到内存缓存 + TokenStore
+   *   4. 设置定时刷新器
    */
   async _acquireToken() {
     try {
@@ -18748,43 +18652,8 @@ var TokenManager = class {
     } catch {
       log9.warn("Failed to load token from store, acquiring new one");
     }
-    if (!this.sealClient.isRegistered()) {
-      try {
-        const savedCreds = await this.tokenStore.load("credentials");
-        if (savedCreds?.clientId && savedCreds?.clientSecret) {
-          this.sealClient.setCredentials(
-            savedCreds.clientId,
-            savedCreds.clientSecret
-          );
-          log9.info("Credentials loaded from store");
-        }
-      } catch {
-        log9.debug("No saved credentials found");
-      }
-    }
-    if (!this.sealClient.isRegistered()) {
-      if (!this.autoRegisterParams) {
-        throw new Error("SealClient not registered and autoRegisterParams not provided. Call setCredentials() or enable autoRegister.");
-      }
-      log9.info("Auto-registering OAuth client");
-      const registration = await this.sealClient.register({
-        clientName: this.autoRegisterParams.clientName,
-        scopes: this.autoRegisterParams.scopes,
-        tokenSettings: this.autoRegisterParams.tokenSettings ? {
-          accessTokenTtl: this.autoRegisterParams.tokenSettings.accessTokenTtl,
-          refreshTokenTtl: this.autoRegisterParams.tokenSettings.refreshTokenTtl,
-          accessTokenFormat: this.autoRegisterParams.tokenSettings.accessTokenFormat
-        } : void 0
-      });
-      await this.tokenStore.save("credentials", {
-        clientId: registration.clientId,
-        clientSecret: registration.clientSecret,
-        clientSecretExpiresAt: registration.clientSecretExpiresAt
-      });
-      log9.info("OAuth client registered and credentials saved");
-    }
-    log9.info("Acquiring new access token");
-    const tokenData = await this.sealClient.getToken();
+    log9.info("Acquiring new access token via POST /auth/token");
+    const tokenData = await this.oauthClient.getToken();
     this.updateCache(tokenData);
     await this.tokenStore.save("token", tokenData);
     this.scheduleRefresh(tokenData);
@@ -19141,11 +19010,18 @@ var MessagePipe = class {
       log12.warn("inbound:data-parse-error", { error: err.message });
       return;
     }
-    if (callbackData.eventType !== "MessageReceived") {
+    if (callbackData.eventType !== "callback:direct") {
       log12.debug("inbound:event-ignored", { eventType: callbackData.eventType });
       return;
     }
-    const msg = callbackData.content;
+    const msg = {
+      messageId: callbackData.msgUid,
+      chatId: callbackData.groupId || callbackData.userId,
+      senderId: callbackData.userId,
+      msgType: callbackData.type,
+      content: JSON.stringify(callbackData.content),
+      timestamp: Date.now()
+    };
     log12.debug("inbound:frame", { messageId: msg.messageId, eventType: callbackData.eventType });
     if (this.dedup.isDuplicate(msg.messageId)) {
       log12.debug("inbound:dedup-hit", { messageId: msg.messageId });
@@ -19206,10 +19082,14 @@ var ConnectionManager = class {
     this.running = true;
     this.reconnectAttempts = 0;
     const token = await tokenFn();
+    const wsUrl = url2.replace(/\/+$/, "") + "/events/stream";
     await this.client.connect({
-      url: url2,
+      url: wsUrl,
       token,
-      headers: this.appId ? { "X-App-ID": this.appId } : void 0
+      headers: {
+        "Authorization": token,
+        ...this.appId ? { "X-App-ID": this.appId } : {}
+      }
     });
     this.client.on("close", () => {
       if (this.running) {
@@ -19262,10 +19142,14 @@ var ConnectionManager = class {
       this.reconnectAttempts++;
       try {
         const token = await this.tokenFn();
+        const wsUrl = this.url.replace(/\/+$/, "") + "/events/stream";
         await this.client.connect({
-          url: this.url,
+          url: wsUrl,
           token,
-          headers: this.appId ? { "X-App-ID": this.appId } : void 0
+          headers: {
+            "Authorization": token,
+            ...this.appId ? { "X-App-ID": this.appId } : {}
+          }
         });
         this.reconnectAttempts = 0;
         this.startHeartbeat();
@@ -19738,28 +19622,17 @@ async function startPlugin(accountConfig, internalOverrides) {
     cryptoEngine = CryptoEngine.createPassthrough();
     log16.info("Crypto passthrough mode \u2713 (disabled by config)");
   }
-  const sealClient = new SealClient({
-    serverUrl: config2.auth.serverUrl,
-    clientName: config2.auth.clientName,
-    clientId: config2.auth.clientId,
-    clientSecret: config2.auth.clientSecret,
-    scopes: config2.auth.scopes
+  const oauthClient = new OAuthClient({
+    baseUrl: config2.auth.serverUrl,
+    appId: accountConfig.appId,
+    appSecret: accountConfig.appSecret
   });
   const tokenStorePath = (0, import_node_path2.join)((0, import_node_os.homedir)(), TOKEN_STORE_DIR, "tokens");
   const tokenStore = new TokenStore(tokenStorePath, cryptoEngine);
   const tokenManager = new TokenManager({
-    sealClient,
+    oauthClient,
     tokenStore,
-    refreshAheadMs: config2.auth.refreshAheadMs,
-    autoRegisterParams: config2.auth.autoRegister ? {
-      clientName: config2.auth.clientName,
-      scopes: config2.auth.scopes,
-      tokenSettings: config2.auth.tokenSettings ? {
-        accessTokenTtl: config2.auth.tokenSettings.accessTokenTtl,
-        refreshTokenTtl: config2.auth.tokenSettings.refreshTokenTtl,
-        accessTokenFormat: config2.auth.tokenSettings.accessTokenFormat
-      } : void 0
-    } : void 0
+    refreshAheadMs: config2.auth.refreshAheadMs
   });
   log16.info("Auth initialized \u2713");
   let pushQueue = null;
@@ -19844,20 +19717,20 @@ ${body}` : body || raw.content;
     }
     case "image": {
       const c = parsed;
-      fileId = c?.fileKey;
+      fileId = c?.fileId;
       text = c?.altText ?? (fileId ? `![image](${fileId})` : "[image]");
       break;
     }
     case "file": {
       const c = parsed;
-      fileId = c?.fileKey;
-      fileName = c?.filename;
+      fileId = c?.fileId;
+      fileName = c?.fileName;
       text = fileName ? `[File: ${fileName}]` : "[file]";
       break;
     }
     case "voice": {
       const c = parsed;
-      fileId = c?.fileKey;
+      fileId = c?.fileId;
       const durationMs = c?.duration;
       const durationStr = durationMs != null ? ` ${(durationMs / 1e3).toFixed(1)}s` : "";
       text = `[Voice${durationStr}]`;
@@ -19865,7 +19738,7 @@ ${body}` : body || raw.content;
     }
     case "video": {
       const c = parsed;
-      fileId = c?.fileKey;
+      fileId = c?.fileId;
       const durationMs = c?.duration;
       const durationStr = durationMs != null ? ` ${(durationMs / 1e3).toFixed(1)}s` : "";
       text = `[Video${durationStr}]`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "liangzimixin",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "description": "Quantum-encrypted IM channel plugin for OpenClaw",
   "type": "module",
   "main": "dist/index.cjs",