mvframe 1.0.73 → 1.0.74

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mvframe",
   "packageManager": "yarn@4.4.1",
-  "version": "1.0.73",
+  "version": "1.0.74",
   "author": "matt avis",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -18,6 +18,10 @@
       "import": "./dist/maps.js",
       "require": "./dist/maps.js"
     },
+    "./notify": {
+      "import": "./dist/notify.js",
+      "require": "./dist/notify.js"
+    },
     "./store": {
       "import": "./dist/store.js",
       "require": "./dist/store.js"
@@ -36,6 +40,8 @@
   },
   "scripts": {
     "dev": "vite",
+    "d": "node scripts/dev-with-notify.js",
+    "notify": "node scripts/notify-server.js",
     "build": "node scripts/prebuild.js",
     "install-cursor-skill": "node scripts/install-cursor-skill.js",
     "install-codex-rules": "node scripts/install-codex-agents.js",
@@ -44,16 +50,20 @@
     "b": "node scripts/build-host.js"
   },
   "bin": {
+    "mvframe-b": "scripts/build-host.js",
+    "mvframe-d": "scripts/dev-with-notify.js",
     "mvframe-init-app": "scripts/scaffold-app.js",
-    "mvframe-install-cursor-skill": "scripts/install-cursor-skill.js",
     "mvframe-install-codex-rules": "scripts/install-codex-agents.js",
-    "mvframe-b": "scripts/build-host.js"
+    "mvframe-install-cursor-skill": "scripts/install-cursor-skill.js",
+    "mvframe-notify": "scripts/notify-server.js"
   },
   "files": [
     "dist/*",
     "scripts/build-host.js",
+    "scripts/dev-with-notify.js",
     "scripts/install-codex-agents.js",
     "scripts/install-cursor-skill.js",
+    "scripts/notify-server.js",
     "scripts/scaffold-app.js",
     ".cursor/skills/mvframe-app-init",
     ".cursor/rules"
@@ -75,7 +85,6 @@
   "devDependencies": {
     "@vitejs/plugin-vue": "^5.2.1",
     "@vue/shared": "^3.5.25",
-    "devrq": "file:../devrq",
     "element-plus": "^2.13.6",
     "rollup-plugin-terser": "^7.0.2",
     "sass-embedded": "^1.97.3",

package/scripts/dev-with-notify.js

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+/**
+ * Run Vite and the MVFrame DingTalk notify service together.
+ * This mirrors `mvframe-b`: the package owns the command, the host may opt in
+ * with `yarn exec mvframe-d` or a local script.
+ */
+const { spawn } = require("child_process");
+const path = require("path");
+const fs = require("fs");
+const { createRequire } = require("module");
+
+const children = new Set();
+let shuttingDown = false;
+
+function spawnChild(name, command, args, options = {}) {
+  const child = spawn(command, args, {
+    cwd: process.cwd(),
+    env: process.env,
+    stdio: "inherit",
+    shell: false,
+    ...options,
+  });
+
+  children.add(child);
+
+  child.on("exit", (code, signal) => {
+    children.delete(child);
+    if (shuttingDown) return;
+    if (code !== 0) {
+      console.error(`[mvframe-d] ${name} exited with ${signal || code}`);
+      shutdown(code || 1);
+    }
+  });
+
+  child.on("error", (error) => {
+    console.error(`[mvframe-d] failed to start ${name}: ${error.message}`);
+    shutdown(1);
+  });
+
+  return child;
+}
+
+function shutdown(code = 0) {
+  if (shuttingDown) return;
+  shuttingDown = true;
+  for (const child of children) {
+    if (!child.killed) {
+      child.kill("SIGTERM");
+    }
+  }
+  setTimeout(() => process.exit(code), 200);
+}
+
+process.on("SIGINT", () => shutdown(0));
+process.on("SIGTERM", () => shutdown(0));
+
+const notifyArgs = process.argv.slice(2);
+const notifyScript = path.join(__dirname, "notify-server.js");
+
+function resolveViteCli(cwd) {
+  let vpkg = "";
+  try {
+    const projectRequire = createRequire(path.join(cwd, "package.json"));
+    vpkg = projectRequire.resolve("vite/package.json");
+  } catch {
+    // Fall back to node_modules for non-PnP projects.
+  }
+
+  if (!vpkg) {
+    vpkg = path.join(cwd, "node_modules", "vite", "package.json");
+  }
+
+  if (fs.existsSync(vpkg)) {
+    const p = require(vpkg);
+    const bin = typeof p.bin === "string" ? p.bin : p.bin && p.bin.vite;
+    if (bin) {
+      const cli = path.join(path.dirname(vpkg), bin);
+      if (fs.existsSync(cli)) return cli;
+    }
+  }
+  throw new Error(
+    "未在当前项目找到 Vite（请先安装依赖；宿主项目可执行 yarn install 后再运行 mvframe-d）",
+  );
+}
+
+spawnChild("notify", process.execPath, [notifyScript, ...notifyArgs]);
+try {
+  const viteEntry = resolveViteCli(process.cwd());
+  spawnChild("vite", process.execPath, [viteEntry, "--host", "0.0.0.0"]);
+} catch {
+  spawnChild("vite", "yarn", ["vite", "--host", "0.0.0.0"]);
+}

package/scripts/notify-server.js

@@ -0,0 +1,405 @@
+#!/usr/bin/env node
+/**
+ * MVFrame DingTalk notify service.
+ *
+ * Secrets stay in the Node process. Browser code should only call this local
+ * service with `MVFRAME_NOTIFY_TOKEN`, never hold the DingTalk webhook/secret.
+ */
+const http = require("http");
+const https = require("https");
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+const DEFAULT_ENV_FILE = ".env.mvframe-notify";
+
+function parseArgs(argv) {
+  const out = {};
+  for (let i = 0; i < argv.length; i += 1) {
+    const arg = argv[i];
+    if (!arg.startsWith("--")) continue;
+    const eq = arg.indexOf("=");
+    if (eq > 0) {
+      out[arg.slice(2, eq)] = arg.slice(eq + 1);
+      continue;
+    }
+    const key = arg.slice(2);
+    const next = argv[i + 1];
+    if (next && !next.startsWith("--")) {
+      out[key] = next;
+      i += 1;
+    } else {
+      out[key] = true;
+    }
+  }
+  return out;
+}
+
+function trimEnvValue(value) {
+  let out = String(value ?? "").trim();
+  if (out.length >= 2) {
+    const first = out[0];
+    const last = out[out.length - 1];
+    if ((first === '"' && last === '"') || (first === "'" && last === "'")) {
+      out = out.slice(1, -1);
+    }
+  }
+  return out;
+}
+
+function loadEnvFile(file) {
+  if (!file || !fs.existsSync(file)) return;
+  const content = fs.readFileSync(file, "utf8");
+  for (const raw of content.split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line || line.startsWith("#")) continue;
+    const normalized = line.startsWith("export ") ? line.slice(7).trim() : line;
+    const eq = normalized.indexOf("=");
+    if (eq <= 0) continue;
+    const key = normalized.slice(0, eq).trim();
+    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) continue;
+    if (process.env[key] == null) {
+      process.env[key] = trimEnvValue(normalized.slice(eq + 1));
+    }
+  }
+}
+
+function splitList(value) {
+  return String(value || "")
+    .split(",")
+    .map((item) => item.trim())
+    .filter(Boolean);
+}
+
+function parseBoolean(value) {
+  return /^(1|true|yes|on)$/i.test(String(value || ""));
+}
+
+function readStdin() {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (chunk) => {
+      body += chunk;
+    });
+    process.stdin.on("end", () => resolve(body));
+    process.stdin.on("error", reject);
+  });
+}
+
+function readRequestBody(req, limit = 64 * 1024) {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    req.setEncoding("utf8");
+    req.on("data", (chunk) => {
+      body += chunk;
+      if (Buffer.byteLength(body) > limit) {
+        reject(new Error("request body too large"));
+        req.destroy();
+      }
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}
+
+function writeJson(res, status, payload, corsOrigin) {
+  res.writeHead(status, {
+    "Content-Type": "application/json; charset=utf-8",
+    "Access-Control-Allow-Origin": corsOrigin,
+    "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
+    "Access-Control-Allow-Headers": "content-type,authorization,x-mvframe-notify-token",
+  });
+  if (status === 204) {
+    res.end();
+    return;
+  }
+  res.end(`${JSON.stringify(payload, null, 2)}\n`);
+}
+
+function sanitizeStatus(config) {
+  return {
+    provider: "dingtalk",
+    enabled: Boolean(config.webhook),
+    signed: Boolean(config.secret),
+    port: config.port,
+    host: config.host,
+    hasWebhook: Boolean(config.webhook),
+    hasSecret: Boolean(config.secret),
+    hasToken: Boolean(config.token),
+    atMobileCount: config.atMobiles.length,
+    atUserIdCount: config.atUserIds.length,
+    atAll: config.atAll,
+    timeoutMs: config.timeoutMs,
+  };
+}
+
+function buildDingTalkUrl(config) {
+  const url = new URL(config.webhook);
+  if (!config.secret) return url.toString();
+
+  const timestamp = Date.now().toString();
+  const sign = crypto
+    .createHmac("sha256", config.secret)
+    .update(`${timestamp}\n${config.secret}`, "utf8")
+    .digest("base64");
+
+  url.searchParams.set("timestamp", timestamp);
+  url.searchParams.set("sign", sign);
+  return url.toString();
+}
+
+function postJson(url, payload, timeoutMs) {
+  return new Promise((resolve, reject) => {
+    const target = new URL(url);
+    const body = JSON.stringify(payload);
+    const client = target.protocol === "https:" ? https : http;
+    const req = client.request(
+      target,
+      {
+        method: "POST",
+        timeout: timeoutMs,
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(body),
+        },
+      },
+      (response) => {
+        let data = "";
+        response.setEncoding("utf8");
+        response.on("data", (chunk) => {
+          data += chunk;
+        });
+        response.on("end", () => {
+          let parsed = data;
+          try {
+            parsed = data ? JSON.parse(data) : null;
+          } catch {
+            // Keep raw response body.
+          }
+          resolve({
+            status: response.statusCode || 0,
+            data: parsed,
+          });
+        });
+      },
+    );
+
+    req.on("timeout", () => {
+      req.destroy(new Error(`dingtalk timeout after ${timeoutMs}ms`));
+    });
+    req.on("error", reject);
+    req.write(body);
+    req.end();
+  });
+}
+
+async function sendDingTalk(config, message, options = {}) {
+  if (!config.webhook) {
+    return {
+      ok: false,
+      message: "missing DINGTALK_WEBHOOK",
+    };
+  }
+
+  const atMobiles = Array.isArray(options.atMobiles)
+    ? options.atMobiles
+    : config.atMobiles;
+  const atUserIds = Array.isArray(options.atUserIds)
+    ? options.atUserIds
+    : config.atUserIds;
+  const atAll = options.atAll == null ? config.atAll : Boolean(options.atAll);
+
+  const response = await postJson(
+    buildDingTalkUrl(config),
+    {
+      msgtype: "text",
+      text: {
+        content: String(message || ""),
+      },
+      at: {
+        atMobiles,
+        atUserIds,
+        isAtAll: atAll,
+      },
+    },
+    config.timeoutMs,
+  );
+
+  const data = response.data;
+  const ok =
+    response.status >= 200 &&
+    response.status < 300 &&
+    (!data || typeof data !== "object" || data.errcode === undefined || data.errcode === 0);
+
+  return {
+    ok,
+    httpStatus: response.status,
+    code: data && typeof data === "object" ? data.errcode : undefined,
+    message:
+      data && typeof data === "object"
+        ? data.errmsg || (ok ? "sent" : "dingtalk rejected")
+        : ok
+          ? "sent"
+          : "dingtalk rejected",
+    data,
+  };
+}
+
+function getAuthToken(req) {
+  const headerToken = req.headers["x-mvframe-notify-token"];
+  if (typeof headerToken === "string" && headerToken.trim()) {
+    return headerToken.trim();
+  }
+
+  const authorization = req.headers.authorization;
+  if (typeof authorization === "string") {
+    const match = authorization.match(/^Bearer\s+(.+)$/i);
+    if (match) return match[1].trim();
+  }
+
+  return "";
+}
+
+function ensureAuthorized(req, config) {
+  if (!config.token) return true;
+  return getAuthToken(req) === config.token;
+}
+
+function parseMessageFromUrl(url) {
+  return url.searchParams.get("msg") || url.searchParams.get("message") || "";
+}
+
+async function parseNotifyPayload(req, url) {
+  if (req.method === "GET") {
+    return {
+      message: parseMessageFromUrl(url),
+    };
+  }
+
+  const raw = await readRequestBody(req);
+  const contentType = String(req.headers["content-type"] || "").toLowerCase();
+  if (contentType.includes("application/json")) {
+    const parsed = raw ? JSON.parse(raw) : {};
+    return {
+      message: parsed.message ?? parsed.msg ?? "",
+      atMobiles: Array.isArray(parsed.atMobiles) ? parsed.atMobiles : undefined,
+      atUserIds: Array.isArray(parsed.atUserIds) ? parsed.atUserIds : undefined,
+      atAll: parsed.atAll,
+    };
+  }
+
+  const params = new URLSearchParams(raw);
+  return {
+    message: params.get("message") || params.get("msg") || parseMessageFromUrl(url),
+  };
+}
+
+function createConfig(args) {
+  const envFile = path.resolve(
+    process.cwd(),
+    String(args.env || process.env.MVFRAME_NOTIFY_ENV || DEFAULT_ENV_FILE),
+  );
+  loadEnvFile(envFile);
+
+  return {
+    envFile,
+    port: Number(args.port || process.env.MVFRAME_NOTIFY_PORT || process.env.NOTIFY_PORT || 3300),
+    host: String(args.host || process.env.MVFRAME_NOTIFY_HOST || "127.0.0.1"),
+    token: String(args.token || process.env.MVFRAME_NOTIFY_TOKEN || "").trim(),
+    webhook: String(args.webhook || process.env.DINGTALK_WEBHOOK || "").trim(),
+    secret: String(args.secret || process.env.DINGTALK_SECRET || "").trim(),
+    atMobiles: splitList(args.atMobiles || process.env.DINGTALK_AT_MOBILES || ""),
+    atUserIds: splitList(args.atUserIds || process.env.DINGTALK_AT_USER_IDS || ""),
+    atAll: parseBoolean(args.atAll || process.env.DINGTALK_AT_ALL || ""),
+    timeoutMs: Number(args.timeout || process.env.MVFRAME_NOTIFY_TIMEOUT_MS || 5000),
+    corsOrigin: String(args.corsOrigin || process.env.MVFRAME_NOTIFY_CORS_ORIGIN || "*"),
+  };
+}
+
+async function runOnce(config, args) {
+  const message = args.message || args.msg || (await readStdin()).trim();
+  if (!message) {
+    console.error("[mvframe-notify] missing message");
+    process.exit(1);
+  }
+  const result = await sendDingTalk(config, message);
+  console.log(JSON.stringify(result, null, 2));
+  process.exit(result.ok ? 0 : 1);
+}
+
+function startServer(config) {
+  const server = http.createServer(async (req, res) => {
+    const url = new URL(req.url || "/", `http://${req.headers.host || "127.0.0.1"}`);
+
+    if (req.method === "OPTIONS") {
+      writeJson(res, 204, null, config.corsOrigin);
+      return;
+    }
+
+    if (url.pathname === "/health") {
+      writeJson(res, 200, { ok: true, ...sanitizeStatus(config) }, config.corsOrigin);
+      return;
+    }
+
+    if (url.pathname !== "/notify" && url.pathname !== "/push") {
+      writeJson(res, 404, { ok: false, message: "not found" }, config.corsOrigin);
+      return;
+    }
+
+    if (!ensureAuthorized(req, config)) {
+      writeJson(res, 401, { ok: false, message: "unauthorized" }, config.corsOrigin);
+      return;
+    }
+
+    try {
+      const payload = await parseNotifyPayload(req, url);
+      const message = String(payload.message || "").trim();
+      if (!message) {
+        writeJson(res, 400, { ok: false, message: "missing message" }, config.corsOrigin);
+        return;
+      }
+
+      const push = await sendDingTalk(config, message, payload);
+      writeJson(res, push.ok ? 200 : 502, { ok: push.ok, push }, config.corsOrigin);
+    } catch (error) {
+      writeJson(
+        res,
+        500,
+        {
+          ok: false,
+          message: error.message || String(error),
+        },
+        config.corsOrigin,
+      );
+    }
+  });
+
+  server.listen(config.port, config.host, () => {
+    const status = sanitizeStatus(config);
+    console.log(`[mvframe-notify] DingTalk service: http://${config.host}:${config.port}`);
+    console.log(
+      `[mvframe-notify] status: webhook=${status.hasWebhook ? "set" : "missing"}, secret=${status.hasSecret ? "set" : "missing"}, token=${status.hasToken ? "enabled" : "disabled"}`,
+    );
+    console.log(`[mvframe-notify] env: ${path.relative(process.cwd(), config.envFile)}`);
+  });
+
+  return server;
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const config = createConfig(args);
+
+  if (args.once) {
+    await runOnce(config, args);
+    return;
+  }
+
+  startServer(config);
+}
+
+main().catch((error) => {
+  console.error(error.message || error);
+  process.exit(1);
+});

package/scripts/scaffold-app.js

@@ -36,6 +36,22 @@ function write(rel, content) {
   console.log("[mvframe-init] 写入", rel);
 }
 
+function appendGitignoreLines(lines) {
+  const fp = path.join(target, ".gitignore");
+  const existing = fs.existsSync(fp) ? fs.readFileSync(fp, "utf8") : "";
+  const current = new Set(
+    existing
+      .split(/\r?\n/)
+      .map((line) => line.trim())
+      .filter(Boolean),
+  );
+  const missing = lines.filter((line) => !current.has(line));
+  if (missing.length === 0) return;
+  const prefix = existing && !existing.endsWith("\n") ? "\n" : "";
+  fs.writeFileSync(fp, `${existing}${prefix}${missing.join("\n")}\n`, "utf8");
+  console.log("[mvframe-init] 已更新 .gitignore");
+}
+
 /**
  * 将本包 `.cursor/rules/*.mdc` 复制到目标工程，与 mvframe 仓库内 Cursor 规则保持一致。
  * 发布包需在 `package.json` 的 `files` 中包含 `.cursor/rules`。
@@ -166,6 +182,7 @@ function main() {
 
   copyCursorRulesFromPackage();
   upsertCodexAgents(target);
+  appendGitignoreLines([".env.local", ".env.mvframe-notify"]);
 
   write(
     "src/main.js",
@@ -354,6 +371,12 @@ export default {
     // url: "//at.alicdn.com/t/c/your_font.js",
     // prefix: "ant",
   },
+  notify: {
+    enabled: true,
+    endpoint: import.meta.env.VITE_MVFRAME_NOTIFY_ENDPOINT || "http://127.0.0.1:3300",
+    token: import.meta.env.VITE_MVFRAME_NOTIFY_TOKEN || "",
+    timeout: 5000,
+  },
   table: {
     summaryMetric: null,
   },
@@ -732,6 +755,35 @@ export default defineConfig({
     );
   }
 
+  write(
+    ".env.mvframe-notify.example",
+    `# Copy to .env.mvframe-notify and fill values for the local Node notify service.
+# Do not put DingTalk webhook/secret in src/main.js or other browser-bundled files.
+
+MVFRAME_NOTIFY_PORT=3300
+MVFRAME_NOTIFY_HOST=127.0.0.1
+MVFRAME_NOTIFY_TOKEN=
+MVFRAME_NOTIFY_TIMEOUT_MS=5000
+MVFRAME_NOTIFY_CORS_ORIGIN=*
+
+DINGTALK_WEBHOOK="https://oapi.dingtalk.com/robot/send?access_token=xxxxxxxx"
+DINGTALK_SECRET="SECxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+DINGTALK_AT_MOBILES=""
+DINGTALK_AT_USER_IDS=""
+DINGTALK_AT_ALL=""
+`,
+  );
+
+  write(
+    ".env.local.example",
+    `# Copy to .env.local when you need the browser app to call mvframe-notify.
+# VITE_MVFRAME_NOTIFY_TOKEN should match MVFRAME_NOTIFY_TOKEN in .env.mvframe-notify.
+
+VITE_MVFRAME_NOTIFY_ENDPOINT=http://127.0.0.1:3300
+VITE_MVFRAME_NOTIFY_TOKEN=
+`,
+  );
+
   write(
     "MVFRAME-SCAFFOLD.md",
     `# MVFrame 雏形已生成
@@ -744,6 +796,12 @@ export default defineConfig({
 yarn dev
 \`\`\`
 
+如需同时启动 Vite 与 MVFrame 钉钉通知服务，可显式执行框架命令（与 \`mvframe-b\` 类似由 MVFrame 包提供，不会自动覆盖宿主脚本）：
+
+\`\`\`bash
+yarn exec mvframe-d
+\`\`\`
+
 若需跳过对 \`package.json\` 的修改：\`node scripts/scaffold-app.js --no-package-json\`。
 
 自动生成的 \`vite.config.js\` 已包含 \`unplugin-auto-import\`；\`dts: true\` 时类型默认写在项目根 \`auto-imports.d.ts\`。
@@ -778,7 +836,43 @@ yarn dev
 
 ## 子路径（按需）
 
-发布包 \`exports\` 还提供 \`mvframe/composition\`、\`mvframe/util\`、\`mvframe/store\` 等，业务侧可 \`import { ... } from "mvframe/composition"\` 等，参见包内 \`package.json\` 的 \`exports\`。
+发布包 \`exports\` 还提供 \`mvframe/composition\`、\`mvframe/util\`、\`mvframe/store\`、\`mvframe/notify\` 等，业务侧可 \`import { ... } from "mvframe/composition"\` 等，参见包内 \`package.json\` 的 \`exports\`。
+
+## 钉钉通知（mvframe-notify）
+
+脚手架已初始化：
+
+- \`src/config/index.js\` 的 \`notify\` 节点：浏览器端只保存本地服务地址和访问 token。
+- \`.env.mvframe-notify.example\`：复制为 \`.env.mvframe-notify\`，填写 \`DINGTALK_WEBHOOK\` / \`DINGTALK_SECRET\`。
+- \`.env.local.example\`：复制为 \`.env.local\`，填写 \`VITE_MVFRAME_NOTIFY_ENDPOINT\` / \`VITE_MVFRAME_NOTIFY_TOKEN\`。
+
+启动通知服务：
+
+\`\`\`bash
+yarn exec mvframe-notify
+\`\`\`
+
+同时启动 Vite 和通知服务：
+
+\`\`\`bash
+yarn exec mvframe-d
+\`\`\`
+
+前端发送：
+
+\`\`\`js
+await globalThis.$notify.send("需要发送到钉钉的消息");
+\`\`\`
+
+或按需导入：
+
+\`\`\`js
+import { notify } from "mvframe/notify";
+
+await notify("需要发送到钉钉的消息");
+\`\`\`
+
+注意：钉钉 webhook / secret 不应写进 \`main.js\`、\`src/config/index.js\` 或任何会被 Vite 打包到浏览器的文件。
 
 ## 目录约定