liangzimixin 0.3.46 → 0.3.47

package/dist/index.cjs

@@ -2233,7 +2233,7 @@ var require_websocket = __commonJS({
     var http = require("http");
     var net = require("net");
     var tls = require("tls");
-    var { randomBytes: randomBytes3, createHash: createHash2 } = require("crypto");
+    var { randomBytes: randomBytes4, createHash: createHash3 } = require("crypto");
     var { Duplex, Readable } = require("stream");
     var { URL: URL2 } = require("url");
     var PerMessageDeflate2 = require_permessage_deflate();
@@ -2763,7 +2763,7 @@ var require_websocket = __commonJS({
         }
       }
       const defaultPort = isSecure ? 443 : 80;
-      const key = randomBytes3(16).toString("base64");
+      const key = randomBytes4(16).toString("base64");
       const request = isSecure ? https.request : http.request;
       const protocolSet = /* @__PURE__ */ new Set();
       let perMessageDeflate;
@@ -2893,7 +2893,7 @@ var require_websocket = __commonJS({
           abortHandshake(websocket, socket, "Invalid Upgrade header");
           return;
         }
-        const digest = createHash2("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         if (res.headers["sec-websocket-accept"] !== digest) {
           abortHandshake(websocket, socket, "Invalid Sec-WebSocket-Accept header");
           return;
@@ -3260,7 +3260,7 @@ var require_websocket_server = __commonJS({
     var EventEmitter2 = require("events");
     var http = require("http");
     var { Duplex } = require("stream");
-    var { createHash: createHash2 } = require("crypto");
+    var { createHash: createHash3 } = require("crypto");
     var extension2 = require_extension();
     var PerMessageDeflate2 = require_permessage_deflate();
     var subprotocol2 = require_subprotocol();
@@ -3561,7 +3561,7 @@ var require_websocket_server = __commonJS({
           );
         }
         if (this._state > RUNNING) return abortHandshake(socket, 503);
-        const digest = createHash2("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         const headers = [
           "HTTP/1.1 101 Switching Protocols",
           "Upgrade: websocket",
@@ -17836,8 +17836,8 @@ async function uploadMedia(params) {
     const { readFile: readFile3 } = await import("fs/promises");
     buffer = await readFile3(file2);
   }
-  const { createHash: createHash2 } = await import("crypto");
-  const fileHash = createHash2("md5").update(buffer).digest("hex");
+  const { createHash: createHash3 } = await import("crypto");
+  const fileHash = createHash3("md5").update(buffer).digest("hex");
   log2.debug("upload:fileHash", { fileName, fileHash });
   const maxBytes = maxFileSizeMb * 1024 * 1024;
   if (buffer.length > maxBytes) {
@@ -18017,6 +18017,65 @@ function inferMimeType(fileName) {
   const ext = path.extname(fileName).toLowerCase();
   return MIME_MAP[ext] || "application/octet-stream";
 }
+function getImageDimensions(buffer) {
+  try {
+    if (buffer.length < 24) return void 0;
+    if (buffer[0] === 137 && buffer[1] === 80 && buffer[2] === 78 && buffer[3] === 71) {
+      return {
+        width: buffer.readUInt32BE(16),
+        height: buffer.readUInt32BE(20)
+      };
+    }
+    if (buffer[0] === 71 && buffer[1] === 73 && buffer[2] === 70) {
+      return {
+        width: buffer.readUInt16LE(6),
+        height: buffer.readUInt16LE(8)
+      };
+    }
+    if (buffer[0] === 66 && buffer[1] === 77 && buffer.length >= 26) {
+      return {
+        width: buffer.readInt32LE(18),
+        height: Math.abs(buffer.readInt32LE(22))
+      };
+    }
+    if (buffer[0] === 82 && buffer[1] === 73 && buffer[8] === 87 && buffer[9] === 69) {
+      if (buffer[12] === 86 && buffer[13] === 80 && buffer[14] === 56 && buffer[15] === 32) {
+        if (buffer.length >= 30) {
+          return {
+            width: buffer.readUInt16LE(26) & 16383,
+            height: buffer.readUInt16LE(28) & 16383
+          };
+        }
+      }
+      if (buffer[12] === 86 && buffer[13] === 80 && buffer[14] === 56 && buffer[15] === 76) {
+        if (buffer.length >= 25) {
+          const bits = buffer.readUInt32LE(21);
+          return {
+            width: (bits & 16383) + 1,
+            height: (bits >> 14 & 16383) + 1
+          };
+        }
+      }
+    }
+    if (buffer[0] === 255 && buffer[1] === 216) {
+      let offset = 2;
+      while (offset < buffer.length - 8) {
+        if (buffer[offset] !== 255) break;
+        const marker = buffer[offset + 1];
+        if (marker >= 192 && marker <= 195 || marker >= 197 && marker <= 199 || marker >= 201 && marker <= 203 || marker >= 205 && marker <= 207) {
+          return {
+            height: buffer.readUInt16BE(offset + 5),
+            width: buffer.readUInt16BE(offset + 7)
+          };
+        }
+        const segLen = buffer.readUInt16BE(offset + 2);
+        offset += 2 + segLen;
+      }
+    }
+  } catch {
+  }
+  return void 0;
+}
 async function resolveAndUploadMedia(params) {
   const {
     mediaUrl,
@@ -18067,7 +18126,26 @@ async function resolveAndUploadMedia(params) {
     }
     const fileType = detectFileType(fileName);
     const mimeType = inferMimeType(fileName);
-    log3.info("media:fileType", { fileName, fileType, mimeType });
+    const ext = path.extname(fileName).replace(".", "").toLowerCase();
+    let imageDimensions;
+    if (fileType === "image") {
+      imageDimensions = getImageDimensions(buffer);
+      log3.info("media:imageDimensions", { fileName, ...imageDimensions });
+    }
+    log3.info("media:fileType", { fileName, fileType, mimeType, ext });
+    let encryptionMeta;
+    if (!params.skipEncrypt) {
+      try {
+        const originalSize = buffer.length;
+        const result = await messagePipe.encryptFile(buffer);
+        buffer = result.encryptedBuffer;
+        encryptionMeta = { keyId: result.keyId, iv: result.iv };
+        log3.info("media:encrypted", { fileName, originalSize, encryptedSize: buffer.length });
+      } catch (err) {
+        log3.error("media:encrypt failed", { fileName, error: err.message });
+        throw err;
+      }
+    }
     let uploadResult;
     try {
       uploadResult = await uploadMedia({
@@ -18092,11 +18170,17 @@ async function resolveAndUploadMedia(params) {
     const msgType = fileType;
     let contentPayload;
     if (fileType === "file") {
-      contentPayload = { fileId: uploadResult.fileKey, fileName, size: uploadResult.fileSize, mimeType };
+      contentPayload = { fileId: uploadResult.fileKey, fileName, size: uploadResult.fileSize, ext };
     } else if (fileType === "image") {
-      contentPayload = { fileId: uploadResult.fileKey };
+      contentPayload = {
+        fileId: uploadResult.fileKey,
+        width: imageDimensions?.width ?? 0,
+        height: imageDimensions?.height ?? 0,
+        altText: fileName,
+        ext
+      };
     } else {
-      contentPayload = { fileId: uploadResult.fileKey, mimeType };
+      contentPayload = { fileId: uploadResult.fileKey, ext };
     }
     await messagePipe.sendMessage({
       chatId,
@@ -18104,12 +18188,15 @@ async function resolveAndUploadMedia(params) {
       // 私聊场景: chatId 即为用户 ID
       msgType,
       content: JSON.stringify(contentPayload),
-      skipEncrypt: params.skipEncrypt
+      skipEncrypt: params.skipEncrypt,
+      encryptionMeta
+      // 文件加密的 keyId/iv → sendMessage 用于构建 extra
     });
     log3.info("media:sent", {
       chatId,
       fileId: uploadResult.fileKey,
-      msgType
+      msgType,
+      encrypted: Boolean(encryptionMeta)
     });
     return {
       channel: CHANNEL_ID,
@@ -20097,6 +20184,49 @@ var MessagePipe = class _MessagePipe {
   async injectRawFrame(rawData) {
     return this.handleInbound(rawData);
   }
+  /**
+   * 加密文件 Buffer — 按 10MB 分片加密，返回加密后的 Buffer + 密钥信息。
+   * 用于文件上传前的加密处理。
+   *
+   * 如果 CryptoEngine 为透传模式，直接返回原始 buffer。
+   *
+   * @param buffer - 原始文件 Buffer
+   * @returns { encryptedBuffer, keyId, iv } — 加密后的 buffer + 密钥标识 + 初始化向量
+   */
+  async encryptFile(buffer) {
+    const iv = (0, import_node_crypto3.randomBytes)(8).toString("hex");
+    const chunkSize = 10 * 1024 * 1024;
+    const totalChunks = Math.ceil(buffer.length / chunkSize);
+    let keyId = "";
+    let sessionKey = "";
+    let fillKey = "";
+    const encryptedChunks = [];
+    for (let i = 0; i < totalChunks; i++) {
+      const start = i * chunkSize;
+      const end = Math.min(start + chunkSize, buffer.length);
+      const chunk = buffer.subarray(start, end);
+      const options = keyId ? { keyId, sessionKey, fillKey } : void 0;
+      const result = await this.crypto.encryptFileChunk(chunk, iv, options);
+      encryptedChunks.push(result.fileBuffer);
+      keyId = result.keyId;
+      sessionKey = result.sessionKey;
+      fillKey = result.fillKey;
+      log21.debug("\u{1F512} \u6587\u4EF6\u5206\u7247\u52A0\u5BC6", {
+        chunk: `${i + 1}/${totalChunks}`,
+        originalSize: chunk.length,
+        encryptedSize: result.fileBuffer.length,
+        keyId
+      });
+    }
+    const encryptedBuffer = Buffer.concat(encryptedChunks);
+    log21.info("\u{1F512} \u6587\u4EF6\u52A0\u5BC6\u5B8C\u6210", {
+      originalSize: buffer.length,
+      encryptedSize: encryptedBuffer.length,
+      totalChunks,
+      keyId
+    });
+    return { encryptedBuffer, keyId, iv };
+  }
   /** 文件类消息类型集合 — 这些类型的加密消息保留原始 content（文件元数据） */
   static FILE_MSG_TYPES = /* @__PURE__ */ new Set(["image", "file", "voice", "video"]);
   /**
@@ -20144,11 +20274,15 @@ var MessagePipe = class _MessagePipe {
     const isFileMessage = _MessagePipe.FILE_MSG_TYPES.has(msg.msgType);
     if (!msg.skipEncrypt && this.quantumAccount) {
       if (this.encryptionMode === "quantum_only") {
-        const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
-        if (isFileMessage) {
+        if (isFileMessage && msg.encryptionMeta) {
+          extra = _MessagePipe.buildFileEncryptExtra(msg.encryptionMeta.iv, msg.encryptionMeta.keyId);
+          log21.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_only)", { sessionId: msg.encryptionMeta.keyId, msgType: msg.msgType });
+        } else if (isFileMessage) {
+          const { keyId, iv } = await this.crypto.encrypt(msg.content);
           extra = _MessagePipe.buildFileEncryptExtra(iv, keyId);
-          log21.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_only)", { sessionId: keyId, msgType: msg.msgType });
+          log21.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_only, fallback)", { sessionId: keyId, msgType: msg.msgType });
         } else {
+          const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
           extra = JSON.stringify({
             cryptoIv: iv,
             encryptMsg: ciphertext,
@@ -20159,11 +20293,15 @@ var MessagePipe = class _MessagePipe {
         }
       } else {
         try {
-          const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
-          if (isFileMessage) {
+          if (isFileMessage && msg.encryptionMeta) {
+            extra = _MessagePipe.buildFileEncryptExtra(msg.encryptionMeta.iv, msg.encryptionMeta.keyId);
+            log21.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_and_plain)", { sessionId: msg.encryptionMeta.keyId, msgType: msg.msgType });
+          } else if (isFileMessage) {
+            const { keyId, iv } = await this.crypto.encrypt(msg.content);
             extra = _MessagePipe.buildFileEncryptExtra(iv, keyId);
-            log21.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_and_plain)", { sessionId: keyId, msgType: msg.msgType });
+            log21.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_and_plain, fallback)", { sessionId: keyId, msgType: msg.msgType });
           } else {
+            const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
             extra = JSON.stringify({
               cryptoIv: iv,
               encryptMsg: ciphertext,

package/dist/index.d.cts

@@ -191,6 +191,11 @@ interface OutboundMessage {
     replyToMessageId?: string;
     /** 跳过出站加密 — 用于"思考中"等无需加密的系统提示消息 */
     skipEncrypt?: boolean;
+    /** 文件加密元数据 — 文件已在上传前加密时传入，sendMessage 直接使用此 keyId/iv 构建 extra */
+    encryptionMeta?: {
+        keyId: string;
+        iv: string;
+    };
 }
 /**
  * 加密策略枚举 — 根据消息类型选择不同的加密等级
@@ -786,6 +791,20 @@ declare class MessagePipe {
      * TODO: 验证通过后移除此方法
      */
     injectRawFrame(rawData: string | Buffer): Promise<void>;
+    /**
+     * 加密文件 Buffer — 按 10MB 分片加密，返回加密后的 Buffer + 密钥信息。
+     * 用于文件上传前的加密处理。
+     *
+     * 如果 CryptoEngine 为透传模式，直接返回原始 buffer。
+     *
+     * @param buffer - 原始文件 Buffer
+     * @returns { encryptedBuffer, keyId, iv } — 加密后的 buffer + 密钥标识 + 初始化向量
+     */
+    encryptFile(buffer: Buffer): Promise<{
+        encryptedBuffer: Buffer;
+        keyId: string;
+        iv: string;
+    }>;
     /** 文件类消息类型集合 — 这些类型的加密消息保留原始 content（文件元数据） */
     private static readonly FILE_MSG_TYPES;
     /**

package/dist/setup-entry.cjs

@@ -2233,7 +2233,7 @@ var require_websocket = __commonJS({
     var http = require("http");
     var net = require("net");
     var tls = require("tls");
-    var { randomBytes: randomBytes3, createHash: createHash2 } = require("crypto");
+    var { randomBytes: randomBytes4, createHash: createHash3 } = require("crypto");
     var { Duplex, Readable } = require("stream");
     var { URL: URL2 } = require("url");
     var PerMessageDeflate2 = require_permessage_deflate();
@@ -2763,7 +2763,7 @@ var require_websocket = __commonJS({
         }
       }
       const defaultPort = isSecure ? 443 : 80;
-      const key = randomBytes3(16).toString("base64");
+      const key = randomBytes4(16).toString("base64");
       const request = isSecure ? https.request : http.request;
       const protocolSet = /* @__PURE__ */ new Set();
       let perMessageDeflate;
@@ -2893,7 +2893,7 @@ var require_websocket = __commonJS({
           abortHandshake(websocket, socket, "Invalid Upgrade header");
           return;
         }
-        const digest = createHash2("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         if (res.headers["sec-websocket-accept"] !== digest) {
           abortHandshake(websocket, socket, "Invalid Sec-WebSocket-Accept header");
           return;
@@ -3260,7 +3260,7 @@ var require_websocket_server = __commonJS({
     var EventEmitter2 = require("events");
     var http = require("http");
     var { Duplex } = require("stream");
-    var { createHash: createHash2 } = require("crypto");
+    var { createHash: createHash3 } = require("crypto");
     var extension2 = require_extension();
     var PerMessageDeflate2 = require_permessage_deflate();
     var subprotocol2 = require_subprotocol();
@@ -3561,7 +3561,7 @@ var require_websocket_server = __commonJS({
           );
         }
         if (this._state > RUNNING) return abortHandshake(socket, 503);
-        const digest = createHash2("sha1").update(key + GUID).digest("base64");
+        const digest = createHash3("sha1").update(key + GUID).digest("base64");
         const headers = [
           "HTTP/1.1 101 Switching Protocols",
           "Upgrade: websocket",
@@ -3928,8 +3928,8 @@ async function uploadMedia(params) {
     const { readFile: readFile3 } = await import("fs/promises");
     buffer = await readFile3(file2);
   }
-  const { createHash: createHash2 } = await import("crypto");
-  const fileHash = createHash2("md5").update(buffer).digest("hex");
+  const { createHash: createHash3 } = await import("crypto");
+  const fileHash = createHash3("md5").update(buffer).digest("hex");
   log2.debug("upload:fileHash", { fileName, fileHash });
   const maxBytes = maxFileSizeMb * 1024 * 1024;
   if (buffer.length > maxBytes) {
@@ -4109,6 +4109,65 @@ function inferMimeType(fileName) {
   const ext = path.extname(fileName).toLowerCase();
   return MIME_MAP[ext] || "application/octet-stream";
 }
+function getImageDimensions(buffer) {
+  try {
+    if (buffer.length < 24) return void 0;
+    if (buffer[0] === 137 && buffer[1] === 80 && buffer[2] === 78 && buffer[3] === 71) {
+      return {
+        width: buffer.readUInt32BE(16),
+        height: buffer.readUInt32BE(20)
+      };
+    }
+    if (buffer[0] === 71 && buffer[1] === 73 && buffer[2] === 70) {
+      return {
+        width: buffer.readUInt16LE(6),
+        height: buffer.readUInt16LE(8)
+      };
+    }
+    if (buffer[0] === 66 && buffer[1] === 77 && buffer.length >= 26) {
+      return {
+        width: buffer.readInt32LE(18),
+        height: Math.abs(buffer.readInt32LE(22))
+      };
+    }
+    if (buffer[0] === 82 && buffer[1] === 73 && buffer[8] === 87 && buffer[9] === 69) {
+      if (buffer[12] === 86 && buffer[13] === 80 && buffer[14] === 56 && buffer[15] === 32) {
+        if (buffer.length >= 30) {
+          return {
+            width: buffer.readUInt16LE(26) & 16383,
+            height: buffer.readUInt16LE(28) & 16383
+          };
+        }
+      }
+      if (buffer[12] === 86 && buffer[13] === 80 && buffer[14] === 56 && buffer[15] === 76) {
+        if (buffer.length >= 25) {
+          const bits = buffer.readUInt32LE(21);
+          return {
+            width: (bits & 16383) + 1,
+            height: (bits >> 14 & 16383) + 1
+          };
+        }
+      }
+    }
+    if (buffer[0] === 255 && buffer[1] === 216) {
+      let offset = 2;
+      while (offset < buffer.length - 8) {
+        if (buffer[offset] !== 255) break;
+        const marker = buffer[offset + 1];
+        if (marker >= 192 && marker <= 195 || marker >= 197 && marker <= 199 || marker >= 201 && marker <= 203 || marker >= 205 && marker <= 207) {
+          return {
+            height: buffer.readUInt16BE(offset + 5),
+            width: buffer.readUInt16BE(offset + 7)
+          };
+        }
+        const segLen = buffer.readUInt16BE(offset + 2);
+        offset += 2 + segLen;
+      }
+    }
+  } catch {
+  }
+  return void 0;
+}
 async function resolveAndUploadMedia(params) {
   const {
     mediaUrl,
@@ -4159,7 +4218,26 @@ async function resolveAndUploadMedia(params) {
     }
     const fileType = detectFileType(fileName);
     const mimeType = inferMimeType(fileName);
-    log3.info("media:fileType", { fileName, fileType, mimeType });
+    const ext = path.extname(fileName).replace(".", "").toLowerCase();
+    let imageDimensions;
+    if (fileType === "image") {
+      imageDimensions = getImageDimensions(buffer);
+      log3.info("media:imageDimensions", { fileName, ...imageDimensions });
+    }
+    log3.info("media:fileType", { fileName, fileType, mimeType, ext });
+    let encryptionMeta;
+    if (!params.skipEncrypt) {
+      try {
+        const originalSize = buffer.length;
+        const result = await messagePipe.encryptFile(buffer);
+        buffer = result.encryptedBuffer;
+        encryptionMeta = { keyId: result.keyId, iv: result.iv };
+        log3.info("media:encrypted", { fileName, originalSize, encryptedSize: buffer.length });
+      } catch (err) {
+        log3.error("media:encrypt failed", { fileName, error: err.message });
+        throw err;
+      }
+    }
     let uploadResult;
     try {
       uploadResult = await uploadMedia({
@@ -4184,11 +4262,17 @@ async function resolveAndUploadMedia(params) {
     const msgType = fileType;
     let contentPayload;
     if (fileType === "file") {
-      contentPayload = { fileId: uploadResult.fileKey, fileName, size: uploadResult.fileSize, mimeType };
+      contentPayload = { fileId: uploadResult.fileKey, fileName, size: uploadResult.fileSize, ext };
     } else if (fileType === "image") {
-      contentPayload = { fileId: uploadResult.fileKey };
+      contentPayload = {
+        fileId: uploadResult.fileKey,
+        width: imageDimensions?.width ?? 0,
+        height: imageDimensions?.height ?? 0,
+        altText: fileName,
+        ext
+      };
     } else {
-      contentPayload = { fileId: uploadResult.fileKey, mimeType };
+      contentPayload = { fileId: uploadResult.fileKey, ext };
     }
     await messagePipe.sendMessage({
       chatId,
@@ -4196,12 +4280,15 @@ async function resolveAndUploadMedia(params) {
       // 私聊场景: chatId 即为用户 ID
       msgType,
       content: JSON.stringify(contentPayload),
-      skipEncrypt: params.skipEncrypt
+      skipEncrypt: params.skipEncrypt,
+      encryptionMeta
+      // 文件加密的 keyId/iv → sendMessage 用于构建 extra
     });
     log3.info("media:sent", {
       chatId,
       fileId: uploadResult.fileKey,
-      msgType
+      msgType,
+      encrypted: Boolean(encryptionMeta)
     });
     return {
       channel: CHANNEL_ID,
@@ -19141,6 +19228,49 @@ var MessagePipe = class _MessagePipe {
   async injectRawFrame(rawData) {
     return this.handleInbound(rawData);
   }
+  /**
+   * 加密文件 Buffer — 按 10MB 分片加密，返回加密后的 Buffer + 密钥信息。
+   * 用于文件上传前的加密处理。
+   *
+   * 如果 CryptoEngine 为透传模式，直接返回原始 buffer。
+   *
+   * @param buffer - 原始文件 Buffer
+   * @returns { encryptedBuffer, keyId, iv } — 加密后的 buffer + 密钥标识 + 初始化向量
+   */
+  async encryptFile(buffer) {
+    const iv = (0, import_node_crypto3.randomBytes)(8).toString("hex");
+    const chunkSize = 10 * 1024 * 1024;
+    const totalChunks = Math.ceil(buffer.length / chunkSize);
+    let keyId = "";
+    let sessionKey = "";
+    let fillKey = "";
+    const encryptedChunks = [];
+    for (let i = 0; i < totalChunks; i++) {
+      const start = i * chunkSize;
+      const end = Math.min(start + chunkSize, buffer.length);
+      const chunk = buffer.subarray(start, end);
+      const options = keyId ? { keyId, sessionKey, fillKey } : void 0;
+      const result = await this.crypto.encryptFileChunk(chunk, iv, options);
+      encryptedChunks.push(result.fileBuffer);
+      keyId = result.keyId;
+      sessionKey = result.sessionKey;
+      fillKey = result.fillKey;
+      log12.debug("\u{1F512} \u6587\u4EF6\u5206\u7247\u52A0\u5BC6", {
+        chunk: `${i + 1}/${totalChunks}`,
+        originalSize: chunk.length,
+        encryptedSize: result.fileBuffer.length,
+        keyId
+      });
+    }
+    const encryptedBuffer = Buffer.concat(encryptedChunks);
+    log12.info("\u{1F512} \u6587\u4EF6\u52A0\u5BC6\u5B8C\u6210", {
+      originalSize: buffer.length,
+      encryptedSize: encryptedBuffer.length,
+      totalChunks,
+      keyId
+    });
+    return { encryptedBuffer, keyId, iv };
+  }
   /** 文件类消息类型集合 — 这些类型的加密消息保留原始 content（文件元数据） */
   static FILE_MSG_TYPES = /* @__PURE__ */ new Set(["image", "file", "voice", "video"]);
   /**
@@ -19188,11 +19318,15 @@ var MessagePipe = class _MessagePipe {
     const isFileMessage = _MessagePipe.FILE_MSG_TYPES.has(msg.msgType);
     if (!msg.skipEncrypt && this.quantumAccount) {
       if (this.encryptionMode === "quantum_only") {
-        const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
-        if (isFileMessage) {
+        if (isFileMessage && msg.encryptionMeta) {
+          extra = _MessagePipe.buildFileEncryptExtra(msg.encryptionMeta.iv, msg.encryptionMeta.keyId);
+          log12.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_only)", { sessionId: msg.encryptionMeta.keyId, msgType: msg.msgType });
+        } else if (isFileMessage) {
+          const { keyId, iv } = await this.crypto.encrypt(msg.content);
           extra = _MessagePipe.buildFileEncryptExtra(iv, keyId);
-          log12.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_only)", { sessionId: keyId, msgType: msg.msgType });
+          log12.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_only, fallback)", { sessionId: keyId, msgType: msg.msgType });
         } else {
+          const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
           extra = JSON.stringify({
             cryptoIv: iv,
             encryptMsg: ciphertext,
@@ -19203,11 +19337,15 @@ var MessagePipe = class _MessagePipe {
         }
       } else {
         try {
-          const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
-          if (isFileMessage) {
+          if (isFileMessage && msg.encryptionMeta) {
+            extra = _MessagePipe.buildFileEncryptExtra(msg.encryptionMeta.iv, msg.encryptionMeta.keyId);
+            log12.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_and_plain)", { sessionId: msg.encryptionMeta.keyId, msgType: msg.msgType });
+          } else if (isFileMessage) {
+            const { keyId, iv } = await this.crypto.encrypt(msg.content);
             extra = _MessagePipe.buildFileEncryptExtra(iv, keyId);
-            log12.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_and_plain)", { sessionId: keyId, msgType: msg.msgType });
+            log12.debug("\u{1F512} \u51FA\u7AD9\u6587\u4EF6\u6D88\u606F\u5DF2\u6807\u8BB0\u52A0\u5BC6 (quantum_and_plain, fallback)", { sessionId: keyId, msgType: msg.msgType });
           } else {
+            const { ciphertext, keyId, iv } = await this.crypto.encrypt(msg.content);
             extra = JSON.stringify({
               cryptoIv: iv,
               encryptMsg: ciphertext,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "liangzimixin",
-  "version": "0.3.46",
+  "version": "0.3.47",
   "description": "Quantum-encrypted IM channel plugin for OpenClaw",
   "type": "module",
   "main": "dist/index.cjs",