mvframe 1.0.72 → 1.0.74

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mvframe",
   "packageManager": "yarn@4.4.1",
-  "version": "1.0.72",
+  "version": "1.0.74",
   "author": "matt avis",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,6 +18,10 @@
       "import": "./dist/maps.js",
       "require": "./dist/maps.js"
     },
+    "./notify": {
+      "import": "./dist/notify.js",
+      "require": "./dist/notify.js"
+    },
     "./store": {
       "import": "./dist/store.js",
       "require": "./dist/store.js"
@@ -36,21 +40,30 @@
   },
   "scripts": {
     "dev": "vite",
+    "d": "node scripts/dev-with-notify.js",
+    "notify": "node scripts/notify-server.js",
     "build": "node scripts/prebuild.js",
     "install-cursor-skill": "node scripts/install-cursor-skill.js",
+    "install-codex-rules": "node scripts/install-codex-agents.js",
     "scaffold-app": "node scripts/scaffold-app.js",
     "gen-icon": "node scripts/gen-iconfont-ant-names.js",
     "b": "node scripts/build-host.js"
   },
   "bin": {
+    "mvframe-b": "scripts/build-host.js",
+    "mvframe-d": "scripts/dev-with-notify.js",
     "mvframe-init-app": "scripts/scaffold-app.js",
+    "mvframe-install-codex-rules": "scripts/install-codex-agents.js",
     "mvframe-install-cursor-skill": "scripts/install-cursor-skill.js",
-    "mvframe-b": "scripts/build-host.js"
+    "mvframe-notify": "scripts/notify-server.js"
   },
   "files": [
     "dist/*",
     "scripts/build-host.js",
+    "scripts/dev-with-notify.js",
+    "scripts/install-codex-agents.js",
     "scripts/install-cursor-skill.js",
+    "scripts/notify-server.js",
     "scripts/scaffold-app.js",
     ".cursor/skills/mvframe-app-init",
     ".cursor/rules"
@@ -72,7 +85,6 @@
   "devDependencies": {
     "@vitejs/plugin-vue": "^5.2.1",
     "@vue/shared": "^3.5.25",
-    "devrq": "file:../devrq",
     "element-plus": "^2.13.6",
     "rollup-plugin-terser": "^7.0.2",
     "sass-embedded": "^1.97.3",

package/scripts/dev-with-notify.js

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+/**
+ * Run Vite and the MVFrame DingTalk notify service together.
+ * This mirrors `mvframe-b`: the package owns the command, the host may opt in
+ * with `yarn exec mvframe-d` or a local script.
+ */
+const { spawn } = require("child_process");
+const path = require("path");
+const fs = require("fs");
+const { createRequire } = require("module");
+
+const children = new Set();
+let shuttingDown = false;
+
+function spawnChild(name, command, args, options = {}) {
+  const child = spawn(command, args, {
+    cwd: process.cwd(),
+    env: process.env,
+    stdio: "inherit",
+    shell: false,
+    ...options,
+  });
+
+  children.add(child);
+
+  child.on("exit", (code, signal) => {
+    children.delete(child);
+    if (shuttingDown) return;
+    if (code !== 0) {
+      console.error(`[mvframe-d] ${name} exited with ${signal || code}`);
+      shutdown(code || 1);
+    }
+  });
+
+  child.on("error", (error) => {
+    console.error(`[mvframe-d] failed to start ${name}: ${error.message}`);
+    shutdown(1);
+  });
+
+  return child;
+}
+
+function shutdown(code = 0) {
+  if (shuttingDown) return;
+  shuttingDown = true;
+  for (const child of children) {
+    if (!child.killed) {
+      child.kill("SIGTERM");
+    }
+  }
+  setTimeout(() => process.exit(code), 200);
+}
+
+process.on("SIGINT", () => shutdown(0));
+process.on("SIGTERM", () => shutdown(0));
+
+const notifyArgs = process.argv.slice(2);
+const notifyScript = path.join(__dirname, "notify-server.js");
+
+function resolveViteCli(cwd) {
+  let vpkg = "";
+  try {
+    const projectRequire = createRequire(path.join(cwd, "package.json"));
+    vpkg = projectRequire.resolve("vite/package.json");
+  } catch {
+    // Fall back to node_modules for non-PnP projects.
+  }
+
+  if (!vpkg) {
+    vpkg = path.join(cwd, "node_modules", "vite", "package.json");
+  }
+
+  if (fs.existsSync(vpkg)) {
+    const p = require(vpkg);
+    const bin = typeof p.bin === "string" ? p.bin : p.bin && p.bin.vite;
+    if (bin) {
+      const cli = path.join(path.dirname(vpkg), bin);
+      if (fs.existsSync(cli)) return cli;
+    }
+  }
+  throw new Error(
+    "未在当前项目找到 Vite（请先安装依赖；宿主项目可执行 yarn install 后再运行 mvframe-d）",
+  );
+}
+
+spawnChild("notify", process.execPath, [notifyScript, ...notifyArgs]);
+try {
+  const viteEntry = resolveViteCli(process.cwd());
+  spawnChild("vite", process.execPath, [viteEntry, "--host", "0.0.0.0"]);
+} catch {
+  spawnChild("vite", "yarn", ["vite", "--host", "0.0.0.0"]);
+}

package/scripts/install-codex-agents.js

@@ -0,0 +1,127 @@
+#!/usr/bin/env node
+/**
+ * 将 MVFrame 的 Codex 规则写入宿主项目 AGENTS.md。
+ *
+ * Codex 不会自动读取 Cursor 的 `.cursor/rules/*.mdc`，因此宿主项目需要
+ * `AGENTS.md` 明确告诉 Codex：优先使用 MVFrame 全局组件、全局方法和样式工具类。
+ *
+ * 用法：
+ *   node path/to/mvframe/scripts/install-codex-agents.js
+ *   node path/to/mvframe/scripts/install-codex-agents.js /abs/path/to/your-project
+ *
+ * 环境变量（可选）：
+ *   MVFRAME_CODEX_AGENTS_OUT=/path/to/project  等价于第一个参数
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+const BEGIN = "<!-- MVFRAME-CODEX-RULES:BEGIN -->";
+const END = "<!-- MVFRAME-CODEX-RULES:END -->";
+
+function renderCodexAgentsSection() {
+  return `${BEGIN}
+# MVFrame Codex Rules
+
+This project uses MVFrame. When editing Vue, JS, TS, SCSS, or CSS in this host app, prefer the framework globals before adding local implementations.
+
+## Global Components
+
+- Prefer MVFrame global components in templates without local imports: \`Frame\`, \`Page\`, \`Table\`, \`Form\`, \`Input\`, \`Textarea\`, \`Select\`, \`SelectV2\`, \`Tabs\`, \`BtnGroup\`, \`Icon\`, \`Loading\`, \`Drawer\`, \`DrawerArea\`, \`Login\`, \`Lang\`.
+- Do not rebuild an equivalent control with raw DOM, \`el-*\` combinations, or third-party components unless the MVFrame component cannot express the behavior.
+- For segmented controls, single-choice button groups, login forms, page shells, tables, drawers, loading masks, and framework navigation, check the MVFrame component first.
+
+## Global Style Utilities
+
+- Before writing scoped CSS, inline \`:style\`, or new SCSS utility code, check whether MVFrame global classes already cover it.
+- MVFrame styles must be imported once from the app entry: \`import "mvframe/style"\` and \`import "mvframe/style/cpt"\`. If utility classes appear missing, fix the import before duplicating CSS.
+- Prefer utility classes in templates for common layout, spacing, sizing, typography, color, border, scroll, hover, radius, and positioning work.
+
+Common utility classes:
+
+| Need | Prefer |
+|------|--------|
+| flex layout | \`flexMode\`, \`flexV\`, \`flex1\`, \`flexGrow\`, \`noShrink\`, \`minw0\`, \`minh0\` |
+| flex alignment | \`hl\`, \`hc\`, \`hr\`, \`hb\`, \`ha\`, \`vl\`, \`vc\`, \`vr\`, \`vs\` |
+| wrapping / gaps | \`flexWrap\`, \`grid\`, \`g2\` ... \`g40\` |
+| spacing | \`p{N}\`, \`pt{N}\`, \`pr{N}\`, \`pb{N}\`, \`pl{N}\`, \`m{N}\`, \`mt{N}\`, \`mr{N}\`, \`mb{N}\`, \`ml{N}\` where N is one of \`0,2,4,6,8,10,12,16,20,24,30,32,36,40,48\` |
+| sizing | \`w{N}\`, \`h{N}\`, \`minw{N}\`, \`maxw{N}\`, \`minh{N}\`, \`maxh{N}\`, \`wp25\`, \`wp50\`, \`wp75\`, \`wp100\`, \`hp100\`, \`vh100\` |
+| text | \`fs{N}\`, \`lh{N}\`, \`fw300\`, \`fw500\`, \`fw700\`, \`txt-c\`, \`txt-r\`, \`txt-nowrap\`, \`txt-nowrap{N}\`, \`txt-wrap\`, \`txt-prewrap\` |
+| color / background | \`txt-h1\`, \`txt-h2\`, \`txt-p\`, \`txt-tip\`, \`txt-gray\`, \`txt-primary\`, \`bg-primary\`, \`bg-page-header\`, \`border\`, \`border-t\`, \`border-b\`, \`border-none\` |
+| positioning / effects | \`relative\`, \`abs\`, \`absFull\`, \`absCenter\`, \`sticky\`, \`z1\`, \`z2\`, \`z9\`, \`radius{N}\`, \`radiusP50\`, \`hover\`, \`trans-all\`, \`backdrop\` |
+| interaction / scroll | \`point\`, \`grab\`, \`yscroll\`, \`xscroll\`, \`nobar\`, \`noscroll\`, \`noselect\`, \`noevent\`, \`hide\` |
+
+Spacing rule: do not add odd-pixel \`margin\` or \`padding\` such as \`3px\`, \`5px\`, \`7px\`, \`9px\`, or \`11px\`. Use the MVFrame spacing classes or rem values aligned with the spacing scale.
+
+Scoped styles are still allowed for component-specific behavior, complex selectors, custom brand visuals, third-party overrides, or values not covered by the utility system. Keep those scoped rules narrow and combine them with MVFrame classes.
+
+## Global Methods
+
+- Prefer MVFrame globals instead of repeated imports or local helpers: \`globalThis.$d\`, \`$fa\`, \`$fu\`, \`$pm\`, \`$db\`, \`$copy\`, \`$deepClone\`, \`$getLang\`, \`$getImg\`, \`$sc\`, \`$c.info\`.
+- In templates, call global methods directly when they are provided through Vue globalProperties.
+- For ordinary JS modules, use \`globalThis.$xxx\` or the exported MVFrame subpath only when a direct import is explicitly needed.
+
+## Router, Store, And Maps
+
+- Prefer route \`name\` navigation over raw \`path\` navigation.
+- Use the MVFrame store factory pattern already wired by the app: \`inject("store")\` in components or \`import { store, pinia } from "mvframe/store"\` in setup code and guards.
+- For MVFrame maps/i18n maps, prefer \`useMap\`, \`getMaps\`, \`patchMaps\`, \`mapLang\`, and \`mapLangPath\` from \`mvframe/maps\`.
+
+## Editing Checklist
+
+- Before adding markup, check whether a MVFrame global component fits.
+- Before adding CSS, check whether MVFrame utility classes fit.
+- Before importing a helper library, check whether a MVFrame global helper already exists.
+- If local CSS or a new helper is still needed, keep it small and specific to the component.
+${END}
+`;
+}
+
+function upsertCodexAgents(projectRoot) {
+  const targetRoot = path.resolve(projectRoot);
+  const fp = path.join(targetRoot, "AGENTS.md");
+  const section = renderCodexAgentsSection();
+
+  let next;
+  if (fs.existsSync(fp)) {
+    const current = fs.readFileSync(fp, "utf8");
+    const start = current.indexOf(BEGIN);
+    const end = current.indexOf(END);
+    if (start >= 0 && end >= start) {
+      next = `${current.slice(0, start)}${section}${current.slice(end + END.length)}`;
+    } else {
+      const trimmed = current.replace(/\s*$/, "");
+      next = `${trimmed}\n\n${section}`;
+    }
+  } else {
+    next = `${section}`;
+  }
+
+  fs.writeFileSync(fp, next.endsWith("\n") ? next : `${next}\n`, "utf8");
+  console.log("[mvframe] 已写入 Codex 规则：");
+  console.log("  ", fp);
+}
+
+function main() {
+  const argPath = process.argv.find((a, i) => i >= 2 && !a.startsWith("--"));
+  const projectRoot = path.resolve(
+    process.env.MVFRAME_CODEX_AGENTS_OUT || argPath || process.cwd(),
+  );
+
+  if (!fs.existsSync(projectRoot)) {
+    console.error("[mvframe] 目录不存在:", projectRoot);
+    process.exit(1);
+  }
+
+  upsertCodexAgents(projectRoot);
+  console.log("[mvframe] Codex 打开该项目后会读取 AGENTS.md，并优先使用 MVFrame 全局能力。");
+}
+
+if (require.main === module) {
+  main();
+}
+
+module.exports = {
+  upsertCodexAgents,
+  renderCodexAgentsSection,
+};

package/scripts/notify-server.js

@@ -0,0 +1,405 @@
+#!/usr/bin/env node
+/**
+ * MVFrame DingTalk notify service.
+ *
+ * Secrets stay in the Node process. Browser code should only call this local
+ * service with `MVFRAME_NOTIFY_TOKEN`, never hold the DingTalk webhook/secret.
+ */
+const http = require("http");
+const https = require("https");
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+const DEFAULT_ENV_FILE = ".env.mvframe-notify";
+
+function parseArgs(argv) {
+  const out = {};
+  for (let i = 0; i < argv.length; i += 1) {
+    const arg = argv[i];
+    if (!arg.startsWith("--")) continue;
+    const eq = arg.indexOf("=");
+    if (eq > 0) {
+      out[arg.slice(2, eq)] = arg.slice(eq + 1);
+      continue;
+    }
+    const key = arg.slice(2);
+    const next = argv[i + 1];
+    if (next && !next.startsWith("--")) {
+      out[key] = next;
+      i += 1;
+    } else {
+      out[key] = true;
+    }
+  }
+  return out;
+}
+
+function trimEnvValue(value) {
+  let out = String(value ?? "").trim();
+  if (out.length >= 2) {
+    const first = out[0];
+    const last = out[out.length - 1];
+    if ((first === '"' && last === '"') || (first === "'" && last === "'")) {
+      out = out.slice(1, -1);
+    }
+  }
+  return out;
+}
+
+function loadEnvFile(file) {
+  if (!file || !fs.existsSync(file)) return;
+  const content = fs.readFileSync(file, "utf8");
+  for (const raw of content.split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line || line.startsWith("#")) continue;
+    const normalized = line.startsWith("export ") ? line.slice(7).trim() : line;
+    const eq = normalized.indexOf("=");
+    if (eq <= 0) continue;
+    const key = normalized.slice(0, eq).trim();
+    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) continue;
+    if (process.env[key] == null) {
+      process.env[key] = trimEnvValue(normalized.slice(eq + 1));
+    }
+  }
+}
+
+function splitList(value) {
+  return String(value || "")
+    .split(",")
+    .map((item) => item.trim())
+    .filter(Boolean);
+}
+
+function parseBoolean(value) {
+  return /^(1|true|yes|on)$/i.test(String(value || ""));
+}
+
+function readStdin() {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (chunk) => {
+      body += chunk;
+    });
+    process.stdin.on("end", () => resolve(body));
+    process.stdin.on("error", reject);
+  });
+}
+
+function readRequestBody(req, limit = 64 * 1024) {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    req.setEncoding("utf8");
+    req.on("data", (chunk) => {
+      body += chunk;
+      if (Buffer.byteLength(body) > limit) {
+        reject(new Error("request body too large"));
+        req.destroy();
+      }
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}
+
+function writeJson(res, status, payload, corsOrigin) {
+  res.writeHead(status, {
+    "Content-Type": "application/json; charset=utf-8",
+    "Access-Control-Allow-Origin": corsOrigin,
+    "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
+    "Access-Control-Allow-Headers": "content-type,authorization,x-mvframe-notify-token",
+  });
+  if (status === 204) {
+    res.end();
+    return;
+  }
+  res.end(`${JSON.stringify(payload, null, 2)}\n`);
+}
+
+function sanitizeStatus(config) {
+  return {
+    provider: "dingtalk",
+    enabled: Boolean(config.webhook),
+    signed: Boolean(config.secret),
+    port: config.port,
+    host: config.host,
+    hasWebhook: Boolean(config.webhook),
+    hasSecret: Boolean(config.secret),
+    hasToken: Boolean(config.token),
+    atMobileCount: config.atMobiles.length,
+    atUserIdCount: config.atUserIds.length,
+    atAll: config.atAll,
+    timeoutMs: config.timeoutMs,
+  };
+}
+
+function buildDingTalkUrl(config) {
+  const url = new URL(config.webhook);
+  if (!config.secret) return url.toString();
+
+  const timestamp = Date.now().toString();
+  const sign = crypto
+    .createHmac("sha256", config.secret)
+    .update(`${timestamp}\n${config.secret}`, "utf8")
+    .digest("base64");
+
+  url.searchParams.set("timestamp", timestamp);
+  url.searchParams.set("sign", sign);
+  return url.toString();
+}
+
+function postJson(url, payload, timeoutMs) {
+  return new Promise((resolve, reject) => {
+    const target = new URL(url);
+    const body = JSON.stringify(payload);
+    const client = target.protocol === "https:" ? https : http;
+    const req = client.request(
+      target,
+      {
+        method: "POST",
+        timeout: timeoutMs,
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(body),
+        },
+      },
+      (response) => {
+        let data = "";
+        response.setEncoding("utf8");
+        response.on("data", (chunk) => {
+          data += chunk;
+        });
+        response.on("end", () => {
+          let parsed = data;
+          try {
+            parsed = data ? JSON.parse(data) : null;
+          } catch {
+            // Keep raw response body.
+          }
+          resolve({
+            status: response.statusCode || 0,
+            data: parsed,
+          });
+        });
+      },
+    );
+
+    req.on("timeout", () => {
+      req.destroy(new Error(`dingtalk timeout after ${timeoutMs}ms`));
+    });
+    req.on("error", reject);
+    req.write(body);
+    req.end();
+  });
+}
+
+async function sendDingTalk(config, message, options = {}) {
+  if (!config.webhook) {
+    return {
+      ok: false,
+      message: "missing DINGTALK_WEBHOOK",
+    };
+  }
+
+  const atMobiles = Array.isArray(options.atMobiles)
+    ? options.atMobiles
+    : config.atMobiles;
+  const atUserIds = Array.isArray(options.atUserIds)
+    ? options.atUserIds
+    : config.atUserIds;
+  const atAll = options.atAll == null ? config.atAll : Boolean(options.atAll);
+
+  const response = await postJson(
+    buildDingTalkUrl(config),
+    {
+      msgtype: "text",
+      text: {
+        content: String(message || ""),
+      },
+      at: {
+        atMobiles,
+        atUserIds,
+        isAtAll: atAll,
+      },
+    },
+    config.timeoutMs,
+  );
+
+  const data = response.data;
+  const ok =
+    response.status >= 200 &&
+    response.status < 300 &&
+    (!data || typeof data !== "object" || data.errcode === undefined || data.errcode === 0);
+
+  return {
+    ok,
+    httpStatus: response.status,
+    code: data && typeof data === "object" ? data.errcode : undefined,
+    message:
+      data && typeof data === "object"
+        ? data.errmsg || (ok ? "sent" : "dingtalk rejected")
+        : ok
+          ? "sent"
+          : "dingtalk rejected",
+    data,
+  };
+}
+
+function getAuthToken(req) {
+  const headerToken = req.headers["x-mvframe-notify-token"];
+  if (typeof headerToken === "string" && headerToken.trim()) {
+    return headerToken.trim();
+  }
+
+  const authorization = req.headers.authorization;
+  if (typeof authorization === "string") {
+    const match = authorization.match(/^Bearer\s+(.+)$/i);
+    if (match) return match[1].trim();
+  }
+
+  return "";
+}
+
+function ensureAuthorized(req, config) {
+  if (!config.token) return true;
+  return getAuthToken(req) === config.token;
+}
+
+function parseMessageFromUrl(url) {
+  return url.searchParams.get("msg") || url.searchParams.get("message") || "";
+}
+
+async function parseNotifyPayload(req, url) {
+  if (req.method === "GET") {
+    return {
+      message: parseMessageFromUrl(url),
+    };
+  }
+
+  const raw = await readRequestBody(req);
+  const contentType = String(req.headers["content-type"] || "").toLowerCase();
+  if (contentType.includes("application/json")) {
+    const parsed = raw ? JSON.parse(raw) : {};
+    return {
+      message: parsed.message ?? parsed.msg ?? "",
+      atMobiles: Array.isArray(parsed.atMobiles) ? parsed.atMobiles : undefined,
+      atUserIds: Array.isArray(parsed.atUserIds) ? parsed.atUserIds : undefined,
+      atAll: parsed.atAll,
+    };
+  }
+
+  const params = new URLSearchParams(raw);
+  return {
+    message: params.get("message") || params.get("msg") || parseMessageFromUrl(url),
+  };
+}
+
+function createConfig(args) {
+  const envFile = path.resolve(
+    process.cwd(),
+    String(args.env || process.env.MVFRAME_NOTIFY_ENV || DEFAULT_ENV_FILE),
+  );
+  loadEnvFile(envFile);
+
+  return {
+    envFile,
+    port: Number(args.port || process.env.MVFRAME_NOTIFY_PORT || process.env.NOTIFY_PORT || 3300),
+    host: String(args.host || process.env.MVFRAME_NOTIFY_HOST || "127.0.0.1"),
+    token: String(args.token || process.env.MVFRAME_NOTIFY_TOKEN || "").trim(),
+    webhook: String(args.webhook || process.env.DINGTALK_WEBHOOK || "").trim(),
+    secret: String(args.secret || process.env.DINGTALK_SECRET || "").trim(),
+    atMobiles: splitList(args.atMobiles || process.env.DINGTALK_AT_MOBILES || ""),
+    atUserIds: splitList(args.atUserIds || process.env.DINGTALK_AT_USER_IDS || ""),
+    atAll: parseBoolean(args.atAll || process.env.DINGTALK_AT_ALL || ""),
+    timeoutMs: Number(args.timeout || process.env.MVFRAME_NOTIFY_TIMEOUT_MS || 5000),
+    corsOrigin: String(args.corsOrigin || process.env.MVFRAME_NOTIFY_CORS_ORIGIN || "*"),
+  };
+}
+
+async function runOnce(config, args) {
+  const message = args.message || args.msg || (await readStdin()).trim();
+  if (!message) {
+    console.error("[mvframe-notify] missing message");
+    process.exit(1);
+  }
+  const result = await sendDingTalk(config, message);
+  console.log(JSON.stringify(result, null, 2));
+  process.exit(result.ok ? 0 : 1);
+}
+
+function startServer(config) {
+  const server = http.createServer(async (req, res) => {
+    const url = new URL(req.url || "/", `http://${req.headers.host || "127.0.0.1"}`);
+
+    if (req.method === "OPTIONS") {
+      writeJson(res, 204, null, config.corsOrigin);
+      return;
+    }
+
+    if (url.pathname === "/health") {
+      writeJson(res, 200, { ok: true, ...sanitizeStatus(config) }, config.corsOrigin);
+      return;
+    }
+
+    if (url.pathname !== "/notify" && url.pathname !== "/push") {
+      writeJson(res, 404, { ok: false, message: "not found" }, config.corsOrigin);
+      return;
+    }
+
+    if (!ensureAuthorized(req, config)) {
+      writeJson(res, 401, { ok: false, message: "unauthorized" }, config.corsOrigin);
+      return;
+    }
+
+    try {
+      const payload = await parseNotifyPayload(req, url);
+      const message = String(payload.message || "").trim();
+      if (!message) {
+        writeJson(res, 400, { ok: false, message: "missing message" }, config.corsOrigin);
+        return;
+      }
+
+      const push = await sendDingTalk(config, message, payload);
+      writeJson(res, push.ok ? 200 : 502, { ok: push.ok, push }, config.corsOrigin);
+    } catch (error) {
+      writeJson(
+        res,
+        500,
+        {
+          ok: false,
+          message: error.message || String(error),
+        },
+        config.corsOrigin,
+      );
+    }
+  });
+
+  server.listen(config.port, config.host, () => {
+    const status = sanitizeStatus(config);
+    console.log(`[mvframe-notify] DingTalk service: http://${config.host}:${config.port}`);
+    console.log(
+      `[mvframe-notify] status: webhook=${status.hasWebhook ? "set" : "missing"}, secret=${status.hasSecret ? "set" : "missing"}, token=${status.hasToken ? "enabled" : "disabled"}`,
+    );
+    console.log(`[mvframe-notify] env: ${path.relative(process.cwd(), config.envFile)}`);
+  });
+
+  return server;
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const config = createConfig(args);
+
+  if (args.once) {
+    await runOnce(config, args);
+    return;
+  }
+
+  startServer(config);
+}
+
+main().catch((error) => {
+  console.error(error.message || error);
+  process.exit(1);
+});