opencode-oncall 0.1.0

package/dist/wechat/debug-bundle-flow.js

@@ -0,0 +1,180 @@
+import { mkdir, rm, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { zipSync } from "fflate";
+import { collectWechatDebugBundle } from "./debug-bundle-collector.js";
+const EXPORT_SUCCESS_PREFIX = "微信调试包已生成：";
+const EXPORT_FAILURE_MESSAGE = "导出微信调试包失败";
+const MISSING_DIAGNOSTICS_MESSAGE = "没有可导出的微信诊断文件";
+const MISSING_STATE_ROOT_MESSAGE = "微信状态目录不存在，无法导出调试包";
+const ZIP_WRITE_FAILURE_MESSAGE = "创建压缩包失败";
+class WechatDebugBundleFlowError extends Error {
+    failure;
+    constructor(failure) {
+        super(failure.message);
+        this.name = "WechatDebugBundleFlowError";
+        this.failure = failure;
+    }
+}
+export async function runWechatDebugBundleFlow(input, deps = {}) {
+    const now = input.now ?? new Date();
+    const outputRootDir = input.outputRootDir ?? path.join(tmpdir(), "opencode-wechat", "wechat-debug-bundles");
+    const bundle = await collectWechatDebugBundleOrThrow(input);
+    if (!bundle.entries.some((entry) => entry.category === "diagnostics")) {
+        throw new WechatDebugBundleFlowError({
+            ok: false,
+            mode: input.mode,
+            code: "missing-diagnostics",
+            message: MISSING_DIAGNOSTICS_MESSAGE,
+        });
+    }
+    let archive;
+    try {
+        archive = zipSync(Object.fromEntries(bundle.entries.map((entry) => [entry.bundlePath, entry.content])));
+    }
+    catch (error) {
+        throw new WechatDebugBundleFlowError(createZipWriteFailureResult(input.mode, error));
+    }
+    let finalBundlePath;
+    try {
+        await mkdir(outputRootDir, { recursive: true });
+        finalBundlePath = await writeBundleArchiveCollisionSafe({
+            archive,
+            mode: input.mode,
+            now,
+            outputRootDir,
+            writeArchiveFile: deps.writeArchiveFile ?? writeFile,
+            removeArchiveFile: deps.removeArchiveFile ?? rm,
+        });
+    }
+    catch (error) {
+        throw toFlowError(error, createZipWriteFailureResult(input.mode, error));
+    }
+    return {
+        mode: input.mode,
+        bundlePath: finalBundlePath,
+        message: `${EXPORT_SUCCESS_PREFIX}${finalBundlePath}`,
+    };
+}
+export function toWechatDebugBundleFailureResult(error, input) {
+    if (error instanceof WechatDebugBundleFlowError) {
+        return error.failure;
+    }
+    return {
+        ok: false,
+        mode: input?.mode ?? "sanitized",
+        code: "export-failed",
+        message: EXPORT_FAILURE_MESSAGE,
+        details: {
+            cause: toErrorMessage(error),
+        },
+    };
+}
+export function toWechatDebugBundleFailureMessage(error, input) {
+    return toWechatDebugBundleFailureResult(error, input).message;
+}
+function buildWechatDebugBundleFileName(mode, now) {
+    const modeLabel = mode === "sanitized" ? "sanitized" : "full";
+    const timestamp = now.toISOString().replace(/\.\d{3}Z$/, "").replaceAll(":", "-");
+    return `wechat-debug-bundle-${modeLabel}-${timestamp}.zip`;
+}
+async function writeBundleArchiveCollisionSafe(input) {
+    const preferredName = buildWechatDebugBundleFileName(input.mode, input.now);
+    const extension = path.extname(preferredName);
+    const nameWithoutExtension = preferredName.slice(0, -extension.length);
+    for (let attempt = 0; attempt < 10_000; attempt += 1) {
+        const suffix = attempt === 0 ? "" : `-${attempt + 1}`;
+        const candidatePath = path.join(input.outputRootDir, `${nameWithoutExtension}${suffix}${extension}`);
+        try {
+            await input.writeArchiveFile(candidatePath, input.archive, { flag: "wx" });
+            return candidatePath;
+        }
+        catch (error) {
+            if (isAlreadyExistsError(error)) {
+                continue;
+            }
+            const cleanupError = await tryRemovePartialArchive(candidatePath, input.removeArchiveFile);
+            if (cleanupError) {
+                throw new WechatDebugBundleFlowError(createZipCleanupFailureResult(input.mode, candidatePath, error, cleanupError));
+            }
+            throw new WechatDebugBundleFlowError(createZipWriteFailureResult(input.mode, error, candidatePath));
+        }
+    }
+    throw new WechatDebugBundleFlowError(createZipWriteFailureResult(input.mode, "unique-name-exhausted"));
+}
+async function collectWechatDebugBundleOrThrow(input) {
+    try {
+        return await collectWechatDebugBundle(input);
+    }
+    catch (error) {
+        const message = toErrorMessage(error);
+        if (message === MISSING_STATE_ROOT_MESSAGE) {
+            throw new WechatDebugBundleFlowError({
+                ok: false,
+                mode: input.mode,
+                code: "missing-state-root",
+                message,
+            });
+        }
+        throw new WechatDebugBundleFlowError({
+            ok: false,
+            mode: input.mode,
+            code: "export-failed",
+            message: EXPORT_FAILURE_MESSAGE,
+            details: {
+                cause: message,
+            },
+        });
+    }
+}
+function isAlreadyExistsError(error) {
+    return error instanceof Error && "code" in error && error.code === "EEXIST";
+}
+function toFlowError(error, fallbackFailure) {
+    if (error instanceof WechatDebugBundleFlowError) {
+        return error;
+    }
+    return new WechatDebugBundleFlowError(fallbackFailure);
+}
+function createZipWriteFailureResult(mode, error, archivePath) {
+    const details = {
+        ...(archivePath ? { archivePath } : {}),
+        writeCause: toErrorMessage(error),
+    };
+    return {
+        ok: false,
+        mode,
+        code: "zip-write-failed",
+        message: ZIP_WRITE_FAILURE_MESSAGE,
+        details,
+    };
+}
+function createZipCleanupFailureResult(mode, archivePath, writeError, cleanupError) {
+    return {
+        ok: false,
+        mode,
+        code: "zip-cleanup-failed",
+        message: `创建压缩包失败，请手动删除残留压缩包：${archivePath}`,
+        archivePath,
+        details: {
+            archivePath,
+            writeCause: toErrorMessage(writeError),
+            cleanupCause: toErrorMessage(cleanupError),
+        },
+    };
+}
+async function tryRemovePartialArchive(filePath, removeArchiveFile) {
+    try {
+        await removeArchiveFile(filePath, { force: true });
+        return undefined;
+    }
+    catch (error) {
+        return error;
+    }
+}
+function toErrorMessage(error) {
+    if (error instanceof Error && error.message.trim().length > 0) {
+        return error.message;
+    }
+    return String(error);
+}

package/dist/wechat/debug-bundle-redaction.d.ts

@@ -0,0 +1,14 @@
+export type WechatDebugBundleMode = "sanitized" | "full";
+export type RedactDebugBundleContentOptions = {
+    bundlePath: string;
+    mode: WechatDebugBundleMode;
+};
+export declare const REDACTED_CONTEXT_TOKEN = "[REDACTED_CONTEXT_TOKEN]";
+export declare const REDACTED_ACCOUNT_ID = "[REDACTED_ACCOUNT_ID]";
+export declare const REDACTED_USER_ID = "[REDACTED_USER_ID]";
+export declare const REDACTED_TOKEN = "[REDACTED_TOKEN]";
+export declare const REDACTED_CREDENTIAL = "[REDACTED_CREDENTIAL]";
+export declare const REDACTED_MESSAGE_TEXT = "[REDACTED_MESSAGE_TEXT]";
+export declare const REDACTED_CORRUPT_STRUCTURED_CONTENT = "[REDACTED_CORRUPT_STRUCTURED_CONTENT]";
+export declare function redactDebugBundleContent(content: Buffer, options: RedactDebugBundleContentOptions): Buffer;
+export declare function redactDebugBundleText(text: string, bundlePath: string): string;

package/dist/wechat/debug-bundle-redaction.js

@@ -0,0 +1,339 @@
+export const REDACTED_CONTEXT_TOKEN = "[REDACTED_CONTEXT_TOKEN]";
+export const REDACTED_ACCOUNT_ID = "[REDACTED_ACCOUNT_ID]";
+export const REDACTED_USER_ID = "[REDACTED_USER_ID]";
+export const REDACTED_TOKEN = "[REDACTED_TOKEN]";
+export const REDACTED_CREDENTIAL = "[REDACTED_CREDENTIAL]";
+export const REDACTED_MESSAGE_TEXT = "[REDACTED_MESSAGE_TEXT]";
+export const REDACTED_CORRUPT_STRUCTURED_CONTENT = "[REDACTED_CORRUPT_STRUCTURED_CONTENT]";
+const SAFE_DIAGNOSTIC_SUFFIX_KEYS = ["requestId", "upstream", "status"];
+export function redactDebugBundleContent(content, options) {
+    if (options.mode === "full") {
+        return Buffer.from(content);
+    }
+    const text = content.toString("utf8");
+    return Buffer.from(redactDebugBundleText(text, options.bundlePath), "utf8");
+}
+export function redactDebugBundleText(text, bundlePath) {
+    if (bundlePath.endsWith(".json")) {
+        return redactJsonText(text);
+    }
+    if (bundlePath.endsWith(".jsonl")) {
+        return redactJsonLines(text, { failClosed: true });
+    }
+    if (bundlePath.endsWith(".log")) {
+        return redactJsonLines(text, { failClosed: false });
+    }
+    return redactPlainText(text);
+}
+function redactJsonText(text) {
+    const parsed = tryParseJson(text);
+    if (parsed === undefined) {
+        return serializeCorruptStructuredContent({ multiline: true, trailingNewline: text.endsWith("\n") });
+    }
+    const suffix = text.endsWith("\n") ? "\n" : "";
+    return `${JSON.stringify(redactStructuredValue(parsed), null, 2)}${suffix}`;
+}
+function redactJsonLines(text, options) {
+    const lines = text.split(/\r?\n/);
+    const redactedLines = lines.map((line) => {
+        if (line.trim().length === 0) {
+            return line;
+        }
+        const parsed = tryParseJson(line);
+        if (parsed === undefined) {
+            if (options.failClosed || looksLikeStructuredLine(line)) {
+                return serializeCorruptStructuredContent({ multiline: false, trailingNewline: false });
+            }
+            return redactPlainText(line);
+        }
+        return JSON.stringify(redactStructuredValue(parsed));
+    });
+    return redactedLines.join("\n");
+}
+function redactPlainText(text) {
+    let redacted = redactQuotedEscapedJsonFragments(text);
+    redacted = redactUnquotedEscapedJsonFragments(redacted);
+    redacted = redactEmbeddedJsonFragments(redacted);
+    redacted = redacted.replace(/Bearer\s+[^\s\r\n&?,;|]+/gi, `Bearer ${REDACTED_TOKEN}`);
+    redacted = replaceField(redacted, ["authorization"], REDACTED_TOKEN, {
+        allowColonFollowers: true,
+        followerKeys: SAFE_DIAGNOSTIC_SUFFIX_KEYS,
+        preserveWholeSuffixOnly: true,
+        allowAmpersandFollowers: true,
+        forbidQuestionMarkBeforeSuffix: true,
+    });
+    redacted = replaceField(redacted, ["contextToken"], REDACTED_CONTEXT_TOKEN);
+    redacted = replaceField(redacted, ["wechatAccountId", "accountId"], REDACTED_ACCOUNT_ID);
+    redacted = replaceField(redacted, ["userId", "fromUserId", "toUserId"], REDACTED_USER_ID);
+    redacted = replaceField(redacted, ["cookie", "credential", "credentials"], REDACTED_CREDENTIAL);
+    redacted = replaceField(redacted, ["accessToken", "refreshToken", "bearerToken", "token", "secret", "password"], REDACTED_TOKEN);
+    redacted = replaceField(redacted, ["messageBody", "messageText", "message", "rawText", "rawMessage", "body", "text", "content"], REDACTED_MESSAGE_TEXT, {
+        allowColonFollowers: true,
+        followerKeys: SAFE_DIAGNOSTIC_SUFFIX_KEYS,
+        preserveWholeSuffixOnly: true,
+        requireMinimumFollowerCount: 2,
+    });
+    return redacted;
+}
+function redactQuotedEscapedJsonFragments(text) {
+    return text.replace(/"((?:\{(?:\\.|[^"\r\n])*\})|(?:\[(?:\\.|[^"\r\n])*\]))"/g, (match, fragment) => {
+        const parsed = tryParseEscapedJsonFragment(fragment);
+        if (parsed === undefined) {
+            return match;
+        }
+        return `"${stringifyEscapedJsonFragment(redactStructuredValue(parsed))}"`;
+    });
+}
+function redactUnquotedEscapedJsonFragments(text) {
+    return text.replace(/(?:\{(?:\\.|[^{}\r\n])*\})|(?:\[(?:\\.|[^\[\]\r\n])*\])/g, (fragment) => {
+        if (!fragment.includes('\\"')) {
+            return fragment;
+        }
+        const parsed = tryParseEscapedJsonFragment(fragment);
+        if (parsed === undefined) {
+            return fragment;
+        }
+        return stringifyEscapedJsonFragment(redactStructuredValue(parsed));
+    });
+}
+function replaceField(text, keys, replacement, options = {}) {
+    const escapedKeys = keys.map((key) => escapeRegExp(key)).join("|");
+    const followerValueSeparator = options.allowColonFollowers ? "(?:=|:)" : "=";
+    const followerKeyPattern = (options.followerKeys ?? [])
+        .map((key) => escapeRegExp(key))
+        .join("|");
+    const structuredFollowerBoundary = followerKeyPattern.length > 0
+        ? `(?:\\s+(?:${followerKeyPattern})\\s*${followerValueSeparator}|[&?](?:${followerKeyPattern})\\s*=|[,;|]+\\s*(?:${followerKeyPattern})\\s*${followerValueSeparator})`
+        : null;
+    const matcher = new RegExp(options.terminal
+        ? `(\\b(?:${escapedKeys})\\b\\s*[:=]\\s*)([^\\r\\n]*)`
+        : options.preserveWholeSuffixOnly
+            ? `(\\b(?:${escapedKeys})\\b\\s*[:=]\\s*)([^\\r\\n]*)`
+            : structuredFollowerBoundary
+                ? `(\\b(?:${escapedKeys})\\b\\s*[:=]\\s*)([^\\r\\n]*?)(?=(?:${structuredFollowerBoundary})|$)`
+                : `(\\b(?:${escapedKeys})\\b\\s*[:=]\\s*)([^\\r\\n]*)`, "gi");
+    return text.replace(matcher, (_, prefix, value) => {
+        if (options.preserveWholeSuffixOnly) {
+            const suffix = extractSafeSuffixChain(value, {
+                allowColonFollowers: options.allowColonFollowers === true,
+                followerKeys: options.followerKeys ?? [],
+                allowAmpersandFollowers: options.allowAmpersandFollowers === true,
+                forbidQuestionMarkBeforeSuffix: options.forbidQuestionMarkBeforeSuffix === true,
+                minimumCount: options.requireMinimumFollowerCount ?? 1,
+            });
+            return `${prefix}${replacement}${suffix}`;
+        }
+        return `${prefix}${replacement}`;
+    });
+}
+function extractSafeSuffixChain(value, options) {
+    if (options.followerKeys.length === 0) {
+        return "";
+    }
+    const followerKeyPattern = options.followerKeys.map((key) => escapeRegExp(key)).join("|");
+    const valueSeparator = options.allowColonFollowers ? "(?:=|:)" : "=";
+    const segmentSeparator = options.allowAmpersandFollowers ? `[\\s,;|&]+` : `[\\s,;|]+`;
+    const segment = `${segmentSeparator}(?:${followerKeyPattern})\\s*${valueSeparator}\\s*[^\\s,;|&?]+`;
+    const suffixMatcher = new RegExp(`((?:${segment})+)$`, "i");
+    const suffixMatch = value.match(suffixMatcher);
+    if (!suffixMatch) {
+        return "";
+    }
+    const prefixValue = value.slice(0, value.length - suffixMatch[1].length);
+    if (options.forbidQuestionMarkBeforeSuffix && prefixValue.includes("?")) {
+        return "";
+    }
+    const segmentMatcher = new RegExp(segment, "gi");
+    const segmentCount = Array.from(suffixMatch[1].matchAll(segmentMatcher)).length;
+    return segmentCount >= options.minimumCount ? suffixMatch[1] : "";
+}
+function tryParseJson(text) {
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return undefined;
+    }
+}
+function serializeCorruptStructuredContent(options) {
+    const placeholder = { _corruptStructuredContent: REDACTED_CORRUPT_STRUCTURED_CONTENT };
+    const serialized = options.multiline ? JSON.stringify(placeholder, null, 2) : JSON.stringify(placeholder);
+    return options.trailingNewline ? `${serialized}\n` : serialized;
+}
+function looksLikeStructuredLine(line) {
+    const trimmed = line.trimStart();
+    return trimmed.startsWith("{") || trimmed.startsWith("[");
+}
+function redactStructuredValue(value, key = "") {
+    if (typeof value === "string") {
+        const replacement = replacementForKey(key);
+        if (replacement !== null) {
+            return redactPlainText(replacement);
+        }
+        const nestedJson = tryParseJson(value);
+        if (nestedJson !== undefined) {
+            return JSON.stringify(redactStructuredValue(nestedJson));
+        }
+        return redactPlainText(redactEmbeddedJsonFragments(value));
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => redactStructuredValue(item, key));
+    }
+    if (!value || typeof value !== "object") {
+        return value;
+    }
+    const next = {};
+    for (const [childKey, childValue] of Object.entries(value)) {
+        next[childKey] = redactStructuredValue(childValue, childKey);
+    }
+    return next;
+}
+function replacementForKey(key) {
+    const normalizedKey = normalizeKey(key);
+    if (normalizedKey.length === 0) {
+        return null;
+    }
+    if (normalizedKey === "contexttoken") {
+        return REDACTED_CONTEXT_TOKEN;
+    }
+    if (normalizedKey === "wechataccountid" || normalizedKey === "accountid") {
+        return REDACTED_ACCOUNT_ID;
+    }
+    if (normalizedKey.endsWith("userid")) {
+        return REDACTED_USER_ID;
+    }
+    if (normalizedKey.includes("cookie") || normalizedKey.includes("credential")) {
+        return REDACTED_CREDENTIAL;
+    }
+    if (normalizedKey.includes("token") ||
+        normalizedKey.includes("bearer") ||
+        normalizedKey.includes("authorization") ||
+        normalizedKey.includes("secret") ||
+        normalizedKey.includes("password")) {
+        return REDACTED_TOKEN;
+    }
+    if (normalizedKey === "body" ||
+        normalizedKey === "text" ||
+        normalizedKey === "content" ||
+        normalizedKey.includes("message") ||
+        normalizedKey.includes("rawtext") ||
+        normalizedKey.includes("rawmessage")) {
+        return REDACTED_MESSAGE_TEXT;
+    }
+    return null;
+}
+function redactEmbeddedJsonFragments(text) {
+    let output = "";
+    let cursor = 0;
+    while (cursor < text.length) {
+        const fragment = findNextEmbeddedJsonFragment(text, cursor);
+        if (!fragment) {
+            output += text.slice(cursor);
+            break;
+        }
+        output += text.slice(cursor, fragment.start);
+        output += fragment.stringify(redactStructuredValue(fragment.parsed));
+        cursor = fragment.end;
+    }
+    return output;
+}
+function findNextEmbeddedJsonFragment(text, startIndex) {
+    for (let index = startIndex; index < text.length; index++) {
+        const character = text[index];
+        if (character !== "{" && character !== "[") {
+            continue;
+        }
+        const end = findBalancedJsonEnd(text, index);
+        if (end === -1) {
+            const candidate = text.slice(index);
+            if (looksLikeBrokenStructuredFragment(candidate)) {
+                return {
+                    start: index,
+                    end: text.length,
+                    parsed: REDACTED_CORRUPT_STRUCTURED_CONTENT,
+                    stringify: stringifyCorruptStructuredFragment,
+                };
+            }
+            continue;
+        }
+        const candidate = text.slice(index, end);
+        const parsed = tryParseJson(candidate);
+        if (parsed === undefined) {
+            const escapedParsed = tryParseEscapedJsonFragment(candidate);
+            if (escapedParsed === undefined) {
+                continue;
+            }
+            return { start: index, end, parsed: escapedParsed, stringify: stringifyEscapedJsonFragment };
+        }
+        return { start: index, end, parsed, stringify: stringifyJsonFragment };
+    }
+    return null;
+}
+function findBalancedJsonEnd(text, startIndex) {
+    const stack = [];
+    let inString = false;
+    let escaped = false;
+    for (let index = startIndex; index < text.length; index++) {
+        const character = text[index];
+        if (escaped) {
+            escaped = false;
+            continue;
+        }
+        if (inString) {
+            if (character === "\\") {
+                escaped = true;
+                continue;
+            }
+            if (character === '"') {
+                inString = false;
+            }
+            continue;
+        }
+        if (character === '"') {
+            inString = true;
+            continue;
+        }
+        if (character === "{") {
+            stack.push("}");
+            continue;
+        }
+        if (character === "[") {
+            stack.push("]");
+            continue;
+        }
+        if (character === "}" || character === "]") {
+            const expected = stack.pop();
+            if (expected !== character) {
+                return -1;
+            }
+            if (stack.length === 0) {
+                return index + 1;
+            }
+        }
+    }
+    return -1;
+}
+function tryParseEscapedJsonFragment(text) {
+    if (!text.includes('\\"')) {
+        return undefined;
+    }
+    return tryParseJson(text.replace(/\\"/g, '"').replace(/\\\\/g, "\\"));
+}
+function stringifyJsonFragment(value) {
+    return JSON.stringify(value);
+}
+function stringifyEscapedJsonFragment(value) {
+    return JSON.stringify(value).replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}
+function stringifyCorruptStructuredFragment() {
+    return REDACTED_CORRUPT_STRUCTURED_CONTENT;
+}
+function looksLikeBrokenStructuredFragment(text) {
+    return /"(?:contextToken|wechatAccountId|accountId|userId|fromUserId|toUserId|accessToken|refreshToken|bearerToken|token|cookie|credential|credentials|messageBody|messageText|message|rawText|rawMessage|body|text|content|authorization|secret|password)"\s*:/.test(text);
+}
+function normalizeKey(key) {
+    return key.replace(/[^a-z0-9]/gi, "").toLowerCase();
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}

package/dist/wechat/handle.d.ts

@@ -0,0 +1,10 @@
+import type { WechatRequestKind } from "./state-paths.js";
+export declare function createRouteKey(input: {
+    kind: WechatRequestKind;
+    requestID: string;
+    scopeKey?: string;
+}): string;
+export declare function normalizeHandle(input: string): string;
+export declare function assertValidHandleInput(input: string): void;
+export declare function createHandle(kind: WechatRequestKind, existingHandles: Iterable<string>): string;
+export declare function createSessionReplyHandle(existingHandles: Iterable<string>): string;

package/dist/wechat/handle.js

@@ -0,0 +1,57 @@
+import crypto from "node:crypto";
+const HANDLE_PREFIX = {
+    question: "q",
+    permission: "p",
+};
+const SESSION_REPLY_HANDLE_PREFIX = "s";
+function normalizeRequestID(requestID) {
+    return requestID.trim().toLowerCase();
+}
+export function createRouteKey(input) {
+    const normalized = normalizeRequestID(input.requestID);
+    const normalizedScope = typeof input.scopeKey === "string" ? input.scopeKey.trim().toLowerCase() : "";
+    const digest = crypto
+        .createHash("sha1")
+        .update(`${input.kind}:${normalized}:${normalizedScope}`)
+        .digest("hex")
+        .slice(0, 12);
+    return `${input.kind}-${digest}`;
+}
+export function normalizeHandle(input) {
+    const value = input.trim().toLowerCase();
+    if (!/^[a-z][a-z0-9]*$/.test(value)) {
+        throw new Error("invalid handle format");
+    }
+    return value;
+}
+function isRawRequestIDLike(input) {
+    return /^req(?:uest)?[-_]/i.test(input.trim());
+}
+export function assertValidHandleInput(input) {
+    if (isRawRequestIDLike(input)) {
+        throw new Error("raw requestID cannot be used as handle");
+    }
+    normalizeHandle(input);
+}
+export function createHandle(kind, existingHandles) {
+    return createPrefixedHandle(HANDLE_PREFIX[kind], existingHandles);
+}
+export function createSessionReplyHandle(existingHandles) {
+    return createPrefixedHandle(SESSION_REPLY_HANDLE_PREFIX, existingHandles);
+}
+function createPrefixedHandle(prefix, existingHandles) {
+    const seen = new Set();
+    for (const item of existingHandles) {
+        try {
+            seen.add(normalizeHandle(item));
+        }
+        catch {
+            // ignore invalid historical values
+        }
+    }
+    let index = 1;
+    while (seen.has(`${prefix}${index}`)) {
+        index += 1;
+    }
+    return `${prefix}${index}`;
+}

package/dist/wechat/ipc-auth.d.ts

@@ -0,0 +1,6 @@
+import type { BrokerMessageType } from "./protocol.js";
+export declare function createSessionToken(): string;
+export declare function registerConnection(instanceID: string, connectionRef: unknown): string;
+export declare function validateSessionToken(instanceID: string, token: string): boolean;
+export declare function revokeSessionToken(instanceID: string): void;
+export declare function isAuthRequired(type: BrokerMessageType): boolean;

package/dist/wechat/ipc-auth.js

@@ -0,0 +1,39 @@
+import { randomUUID } from "node:crypto";
+const sessionByInstanceID = new Map();
+const TOKEN_FREE_TYPES = ["registerInstance", "ping"];
+function isNonEmptyString(value) {
+    return typeof value === "string" && value.trim().length > 0;
+}
+export function createSessionToken() {
+    return randomUUID();
+}
+export function registerConnection(instanceID, connectionRef) {
+    if (!isNonEmptyString(instanceID)) {
+        throw new Error("invalid instanceID");
+    }
+    const token = createSessionToken();
+    sessionByInstanceID.set(instanceID, { token, connectionRef });
+    return token;
+}
+export function validateSessionToken(instanceID, token) {
+    if (!isNonEmptyString(instanceID) || !isNonEmptyString(token)) {
+        return false;
+    }
+    const current = sessionByInstanceID.get(instanceID);
+    if (!current) {
+        return false;
+    }
+    return current.token === token;
+}
+export function revokeSessionToken(instanceID) {
+    if (!isNonEmptyString(instanceID)) {
+        return;
+    }
+    sessionByInstanceID.delete(instanceID);
+}
+export function isAuthRequired(type) {
+    if (TOKEN_FREE_TYPES.includes(type)) {
+        return false;
+    }
+    return true;
+}

package/dist/wechat/latest-account-state-store.d.ts

@@ -0,0 +1,8 @@
+export type WechatLatestAccountState = {
+    accountId: string;
+    token: string;
+    baseUrl: string;
+    getUpdatesBuf?: string;
+};
+export declare function readWechatLatestAccountState(): Promise<WechatLatestAccountState | null>;
+export declare function writeWechatLatestAccountState(input: WechatLatestAccountState): Promise<WechatLatestAccountState>;