npm - weacpx - Versions diffs - 0.1.3 → 0.1.4 - Mend

weacpx 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +71 -9
package/dist/bridge/bridge-main.js +75 -24
package/dist/cli.js +2738 -254
package/package.json +8 -3

package/dist/cli.js CHANGED Viewed

@@ -1046,120 +1046,2267 @@ var require_main = __commonJS((exports, module) => {
   };
 });
-// src/weixin-sdk.ts
-var exports_weixin_sdk = {};
-__export(exports_weixin_sdk, {
-  loadWeixinSdk: () => loadWeixinSdk,
-  buildWeixinSdkSourceCandidates: () => buildWeixinSdkSourceCandidates,
-  buildWeixinSdkImportCandidates: () => buildWeixinSdkImportCandidates
+// src/weixin/storage/state-dir.ts
+import os from "node:os";
+import path from "node:path";
+function resolveStateDir() {
+  return process.env.OPENCLAW_STATE_DIR?.trim() || process.env.CLAWDBOT_STATE_DIR?.trim() || path.join(os.homedir(), ".openclaw");
+}
+var init_state_dir = () => {};
+// src/weixin/auth/accounts.ts
+import fs from "node:fs";
+import path2 from "node:path";
+function normalizeAccountId(raw) {
+  return raw.trim().toLowerCase().replace(/[@.]/g, "-");
+}
+function deriveRawAccountId(normalizedId) {
+  if (normalizedId.endsWith("-im-bot")) {
+    return `${normalizedId.slice(0, -7)}@im.bot`;
+  }
+  if (normalizedId.endsWith("-im-wechat")) {
+    return `${normalizedId.slice(0, -10)}@im.wechat`;
+  }
+  return;
+}
+function resolveWeixinStateDir() {
+  return path2.join(resolveStateDir(), "openclaw-weixin");
+}
+function resolveAccountIndexPath() {
+  return path2.join(resolveWeixinStateDir(), "accounts.json");
+}
+function listIndexedWeixinAccountIds() {
+  const filePath = resolveAccountIndexPath();
+  try {
+    if (!fs.existsSync(filePath))
+      return [];
+    const raw = fs.readFileSync(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed))
+      return [];
+    return parsed.filter((id) => typeof id === "string" && id.trim() !== "");
+  } catch {
+    return [];
+  }
+}
+function registerWeixinAccountId(accountId) {
+  const dir = resolveWeixinStateDir();
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(resolveAccountIndexPath(), JSON.stringify([accountId], null, 2), "utf-8");
+}
+function resolveAccountsDir() {
+  return path2.join(resolveWeixinStateDir(), "accounts");
+}
+function resolveAccountPath(accountId) {
+  return path2.join(resolveAccountsDir(), `${accountId}.json`);
+}
+function loadLegacyToken() {
+  const legacyPath = path2.join(resolveStateDir(), "credentials", "openclaw-weixin", "credentials.json");
+  try {
+    if (!fs.existsSync(legacyPath))
+      return;
+    const raw = fs.readFileSync(legacyPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    return typeof parsed.token === "string" ? parsed.token : undefined;
+  } catch {
+    return;
+  }
+}
+function readAccountFile(filePath) {
+  try {
+    if (fs.existsSync(filePath)) {
+      return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    }
+  } catch {}
+  return null;
+}
+function loadWeixinAccount(accountId) {
+  const primary = readAccountFile(resolveAccountPath(accountId));
+  if (primary)
+    return primary;
+  const rawId = deriveRawAccountId(accountId);
+  if (rawId) {
+    const compat = readAccountFile(resolveAccountPath(rawId));
+    if (compat)
+      return compat;
+  }
+  const token = loadLegacyToken();
+  if (token)
+    return { token };
+  return null;
+}
+function saveWeixinAccount(accountId, update) {
+  const dir = resolveAccountsDir();
+  fs.mkdirSync(dir, { recursive: true });
+  const existing = loadWeixinAccount(accountId) ?? {};
+  const token = update.token?.trim() || existing.token;
+  const baseUrl = update.baseUrl?.trim() || existing.baseUrl;
+  const userId = update.userId !== undefined ? update.userId.trim() || undefined : existing.userId?.trim() || undefined;
+  const data = {
+    ...token ? { token, savedAt: new Date().toISOString() } : {},
+    ...baseUrl ? { baseUrl } : {},
+    ...userId ? { userId } : {}
+  };
+  const filePath = resolveAccountPath(accountId);
+  fs.writeFileSync(filePath, JSON.stringify(data, null, 2), "utf-8");
+  try {
+    fs.chmodSync(filePath, 384);
+  } catch {}
+}
+function clearWeixinAccount(accountId) {
+  try {
+    fs.unlinkSync(resolveAccountPath(accountId));
+  } catch {}
+}
+function clearAllWeixinAccounts() {
+  const ids = listIndexedWeixinAccountIds();
+  for (const id of ids) {
+    clearWeixinAccount(id);
+  }
+  try {
+    fs.writeFileSync(resolveAccountIndexPath(), "[]", "utf-8");
+  } catch {}
+}
+function resolveConfigPath() {
+  const envPath = process.env.OPENCLAW_CONFIG?.trim();
+  if (envPath)
+    return envPath;
+  return path2.join(resolveStateDir(), "openclaw.json");
+}
+function loadConfigRouteTag(accountId) {
+  try {
+    const configPath = resolveConfigPath();
+    if (!fs.existsSync(configPath))
+      return;
+    const raw = fs.readFileSync(configPath, "utf-8");
+    const cfg = JSON.parse(raw);
+    const channels = cfg.channels;
+    const section = channels?.["openclaw-weixin"];
+    if (!section)
+      return;
+    if (accountId) {
+      const accounts = section.accounts;
+      const tag = accounts?.[accountId]?.routeTag;
+      if (typeof tag === "number")
+        return String(tag);
+      if (typeof tag === "string" && tag.trim())
+        return tag.trim();
+    }
+    if (typeof section.routeTag === "number")
+      return String(section.routeTag);
+    return typeof section.routeTag === "string" && section.routeTag.trim() ? section.routeTag.trim() : undefined;
+  } catch {
+    return;
+  }
+}
+function listWeixinAccountIds() {
+  return listIndexedWeixinAccountIds();
+}
+function resolveWeixinAccount(accountId) {
+  const raw = accountId?.trim();
+  if (!raw) {
+    throw new Error("weixin: accountId is required (no default account)");
+  }
+  const id = normalizeAccountId(raw);
+  const accountData = loadWeixinAccount(id);
+  const token = accountData?.token?.trim() || undefined;
+  const stateBaseUrl = accountData?.baseUrl?.trim() || "";
+  return {
+    accountId: id,
+    baseUrl: stateBaseUrl || DEFAULT_BASE_URL,
+    cdnBaseUrl: CDN_BASE_URL,
+    token,
+    enabled: true,
+    configured: Boolean(token)
+  };
+}
+var DEFAULT_BASE_URL = "https://ilinkai.weixin.qq.com", CDN_BASE_URL = "https://novac2c.cdn.weixin.qq.com/c2c";
+var init_accounts = __esm(() => {
+  init_state_dir();
+});
+// src/weixin/util/logger.ts
+import fs2 from "node:fs";
+import os2 from "node:os";
+import path3 from "node:path";
+function resolveMinLevel() {
+  const env = process.env.OPENCLAW_LOG_LEVEL?.toUpperCase();
+  if (env && env in LEVEL_IDS)
+    return LEVEL_IDS[env] ?? LEVEL_IDS[DEFAULT_LOG_LEVEL] ?? 3;
+  return LEVEL_IDS[DEFAULT_LOG_LEVEL] ?? 3;
+}
+function toLocalISO(now) {
+  const offsetMs = -now.getTimezoneOffset() * 60000;
+  const sign = offsetMs >= 0 ? "+" : "-";
+  const abs = Math.abs(now.getTimezoneOffset());
+  const offStr = `${sign}${String(Math.floor(abs / 60)).padStart(2, "0")}:${String(abs % 60).padStart(2, "0")}`;
+  return new Date(now.getTime() + offsetMs).toISOString().replace("Z", offStr);
+}
+function localDateKey(now) {
+  return toLocalISO(now).slice(0, 10);
+}
+function resolveMainLogPath() {
+  const dateKey = localDateKey(new Date);
+  return path3.join(MAIN_LOG_DIR, `openclaw-${dateKey}.log`);
+}
+function buildLoggerName(accountId) {
+  return accountId ? `${SUBSYSTEM}/${accountId}` : SUBSYSTEM;
+}
+function writeLog(level, message, accountId) {
+  const levelId = LEVEL_IDS[level] ?? LEVEL_IDS.INFO ?? 3;
+  if (levelId < minLevelId)
+    return;
+  const now = new Date;
+  const loggerName = buildLoggerName(accountId);
+  const prefixedMessage = accountId ? `[${accountId}] ${message}` : message;
+  const entry = JSON.stringify({
+    "0": loggerName,
+    "1": prefixedMessage,
+    _meta: {
+      runtime: RUNTIME,
+      runtimeVersion: RUNTIME_VERSION,
+      hostname: HOSTNAME,
+      name: loggerName,
+      parentNames: PARENT_NAMES,
+      date: now.toISOString(),
+      logLevelId: levelId,
+      logLevelName: level
+    },
+    time: toLocalISO(now)
+  });
+  try {
+    if (!logDirEnsured) {
+      fs2.mkdirSync(MAIN_LOG_DIR, { recursive: true });
+      logDirEnsured = true;
+    }
+    fs2.appendFileSync(resolveMainLogPath(), `${entry}
+`, "utf-8");
+  } catch {}
+}
+function createLogger(accountId) {
+  return {
+    info(message) {
+      writeLog("INFO", message, accountId);
+    },
+    debug(message) {
+      writeLog("DEBUG", message, accountId);
+    },
+    warn(message) {
+      writeLog("WARN", message, accountId);
+    },
+    error(message) {
+      writeLog("ERROR", message, accountId);
+    },
+    withAccount(id) {
+      return createLogger(id);
+    },
+    getLogFilePath() {
+      return resolveMainLogPath();
+    },
+    close() {}
+  };
+}
+var MAIN_LOG_DIR, SUBSYSTEM = "gateway/channels/openclaw-weixin", RUNTIME = "node", RUNTIME_VERSION, HOSTNAME, PARENT_NAMES, LEVEL_IDS, DEFAULT_LOG_LEVEL = "INFO", minLevelId, logDirEnsured = false, logger;
+var init_logger = __esm(() => {
+  MAIN_LOG_DIR = path3.join("/tmp", "openclaw");
+  RUNTIME_VERSION = process.versions.node;
+  HOSTNAME = os2.hostname() || "unknown";
+  PARENT_NAMES = ["openclaw"];
+  LEVEL_IDS = {
+    TRACE: 1,
+    DEBUG: 2,
+    INFO: 3,
+    WARN: 4,
+    ERROR: 5,
+    FATAL: 6
+  };
+  minLevelId = resolveMinLevel();
+  logger = createLogger();
+});
+// src/weixin/util/redact.ts
+function truncate(s, max) {
+  if (!s)
+    return "";
+  if (s.length <= max)
+    return s;
+  return `${s.slice(0, max)}…(len=${s.length})`;
+}
+function redactToken(token, prefixLen = DEFAULT_TOKEN_PREFIX_LEN) {
+  if (!token)
+    return "(none)";
+  if (token.length <= prefixLen)
+    return `****(len=${token.length})`;
+  return `${token.slice(0, prefixLen)}…(len=${token.length})`;
+}
+function redactBody(body, maxLen = DEFAULT_BODY_MAX_LEN) {
+  if (!body)
+    return "(empty)";
+  if (body.length <= maxLen)
+    return body;
+  return `${body.slice(0, maxLen)}…(truncated, totalLen=${body.length})`;
+}
+function redactUrl(rawUrl) {
+  try {
+    const u = new URL(rawUrl);
+    const base = `${u.origin}${u.pathname}`;
+    return u.search ? `${base}?<redacted>` : base;
+  } catch {
+    return truncate(rawUrl, 80);
+  }
+}
+var DEFAULT_BODY_MAX_LEN = 200, DEFAULT_TOKEN_PREFIX_LEN = 6;
+// src/weixin/api/api.ts
+import crypto from "node:crypto";
+import fs3 from "node:fs";
+import path4 from "node:path";
+import { fileURLToPath } from "node:url";
+function readChannelVersion() {
+  try {
+    const dir = path4.dirname(fileURLToPath(import.meta.url));
+    const pkgPath = path4.resolve(dir, "..", "..", "package.json");
+    const pkg = JSON.parse(fs3.readFileSync(pkgPath, "utf-8"));
+    return pkg.version ?? "unknown";
+  } catch {
+    return "unknown";
+  }
+}
+function buildBaseInfo() {
+  return { channel_version: CHANNEL_VERSION };
+}
+function ensureTrailingSlash(url) {
+  return url.endsWith("/") ? url : `${url}/`;
+}
+function randomWechatUin() {
+  const uint32 = crypto.randomBytes(4).readUInt32BE(0);
+  return Buffer.from(String(uint32), "utf-8").toString("base64");
+}
+function buildCommonHeaders() {
+  const headers = {};
+  const routeTag = loadConfigRouteTag();
+  if (routeTag) {
+    headers.SKRouteTag = routeTag;
+  }
+  return headers;
+}
+function buildHeaders(opts) {
+  const headers = {
+    "Content-Type": "application/json",
+    AuthorizationType: "ilink_bot_token",
+    "Content-Length": String(Buffer.byteLength(opts.body, "utf-8")),
+    "X-WECHAT-UIN": randomWechatUin(),
+    ...buildCommonHeaders()
+  };
+  if (opts.token?.trim()) {
+    headers.Authorization = `Bearer ${opts.token.trim()}`;
+  }
+  logger.debug(`requestHeaders: ${JSON.stringify({ ...headers, Authorization: headers.Authorization ? "Bearer ***" : undefined })}`);
+  return headers;
+}
+async function apiGetFetch(params) {
+  const base = ensureTrailingSlash(params.baseUrl);
+  const url = new URL(params.endpoint, base);
+  const hdrs = buildCommonHeaders();
+  logger.debug(`GET ${redactUrl(url.toString())}`);
+  const controller = new AbortController;
+  const t = setTimeout(() => controller.abort(), params.timeoutMs);
+  try {
+    const res = await fetch(url.toString(), {
+      method: "GET",
+      headers: hdrs,
+      signal: controller.signal
+    });
+    clearTimeout(t);
+    const rawText = await res.text();
+    logger.debug(`${params.label} status=${res.status} raw=${redactBody(rawText)}`);
+    if (!res.ok) {
+      throw new Error(`${params.label} ${res.status}: ${rawText}`);
+    }
+    return rawText;
+  } catch (err) {
+    clearTimeout(t);
+    throw err;
+  }
+}
+async function apiFetch(params) {
+  const base = ensureTrailingSlash(params.baseUrl);
+  const url = new URL(params.endpoint, base);
+  const hdrs = buildHeaders({ token: params.token, body: params.body });
+  logger.debug(`POST ${redactUrl(url.toString())} body=${redactBody(params.body)}`);
+  const controller = new AbortController;
+  const t = setTimeout(() => controller.abort(), params.timeoutMs);
+  const onAbort = () => controller.abort();
+  params.abortSignal?.addEventListener("abort", onAbort, { once: true });
+  try {
+    const res = await fetch(url.toString(), {
+      method: "POST",
+      headers: hdrs,
+      body: params.body,
+      signal: controller.signal
+    });
+    clearTimeout(t);
+    const rawText = await res.text();
+    logger.debug(`${params.label} status=${res.status} raw=${redactBody(rawText)}`);
+    if (!res.ok) {
+      throw new Error(`${params.label} ${res.status}: ${rawText}`);
+    }
+    return rawText;
+  } catch (err) {
+    clearTimeout(t);
+    throw err;
+  } finally {
+    params.abortSignal?.removeEventListener("abort", onAbort);
+  }
+}
+async function getUpdates(params) {
+  const timeout = params.timeoutMs ?? DEFAULT_LONG_POLL_TIMEOUT_MS;
+  try {
+    const rawText = await apiFetch({
+      baseUrl: params.baseUrl,
+      endpoint: "ilink/bot/getupdates",
+      body: JSON.stringify({
+        get_updates_buf: params.get_updates_buf ?? "",
+        base_info: buildBaseInfo()
+      }),
+      token: params.token,
+      timeoutMs: timeout,
+      label: "getUpdates",
+      abortSignal: params.abortSignal
+    });
+    const resp = JSON.parse(rawText);
+    return resp;
+  } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      logger.debug(`getUpdates: client-side timeout after ${timeout}ms, returning empty response`);
+      return { ret: 0, msgs: [], get_updates_buf: params.get_updates_buf };
+    }
+    throw err;
+  }
+}
+async function getUploadUrl(params) {
+  const rawText = await apiFetch({
+    baseUrl: params.baseUrl,
+    endpoint: "ilink/bot/getuploadurl",
+    body: JSON.stringify({
+      filekey: params.filekey,
+      media_type: params.media_type,
+      to_user_id: params.to_user_id,
+      rawsize: params.rawsize,
+      rawfilemd5: params.rawfilemd5,
+      filesize: params.filesize,
+      thumb_rawsize: params.thumb_rawsize,
+      thumb_rawfilemd5: params.thumb_rawfilemd5,
+      thumb_filesize: params.thumb_filesize,
+      no_need_thumb: params.no_need_thumb,
+      aeskey: params.aeskey,
+      base_info: buildBaseInfo()
+    }),
+    token: params.token,
+    timeoutMs: params.timeoutMs ?? DEFAULT_API_TIMEOUT_MS,
+    label: "getUploadUrl"
+  });
+  const resp = JSON.parse(rawText);
+  return resp;
+}
+async function sendMessage(params) {
+  await apiFetch({
+    baseUrl: params.baseUrl,
+    endpoint: "ilink/bot/sendmessage",
+    body: JSON.stringify({ ...params.body, base_info: buildBaseInfo() }),
+    token: params.token,
+    timeoutMs: params.timeoutMs ?? DEFAULT_API_TIMEOUT_MS,
+    label: "sendMessage"
+  });
+}
+async function getConfig(params) {
+  const rawText = await apiFetch({
+    baseUrl: params.baseUrl,
+    endpoint: "ilink/bot/getconfig",
+    body: JSON.stringify({
+      ilink_user_id: params.ilinkUserId,
+      context_token: params.contextToken,
+      base_info: buildBaseInfo()
+    }),
+    token: params.token,
+    timeoutMs: params.timeoutMs ?? DEFAULT_CONFIG_TIMEOUT_MS,
+    label: "getConfig"
+  });
+  const resp = JSON.parse(rawText);
+  return resp;
+}
+async function sendTyping(params) {
+  await apiFetch({
+    baseUrl: params.baseUrl,
+    endpoint: "ilink/bot/sendtyping",
+    body: JSON.stringify({ ...params.body, base_info: buildBaseInfo() }),
+    token: params.token,
+    timeoutMs: params.timeoutMs ?? DEFAULT_CONFIG_TIMEOUT_MS,
+    label: "sendTyping"
+  });
+}
+var CHANNEL_VERSION, DEFAULT_LONG_POLL_TIMEOUT_MS = 35000, DEFAULT_API_TIMEOUT_MS = 15000, DEFAULT_CONFIG_TIMEOUT_MS = 1e4;
+var init_api = __esm(() => {
+  init_accounts();
+  init_logger();
+  CHANNEL_VERSION = readChannelVersion();
+});
+// src/weixin/auth/login-qr.ts
+import { randomUUID } from "node:crypto";
+function isLoginFresh(login) {
+  return Date.now() - login.startedAt < ACTIVE_LOGIN_TTL_MS;
+}
+function purgeExpiredLogins() {
+  for (const [id, login] of activeLogins) {
+    if (!isLoginFresh(login)) {
+      activeLogins.delete(id);
+    }
+  }
+}
+async function fetchQRCode(apiBaseUrl, botType) {
+  logger.info(`Fetching QR code from: ${apiBaseUrl} bot_type=${botType}`);
+  const rawText = await apiGetFetch({
+    baseUrl: apiBaseUrl,
+    endpoint: `ilink/bot/get_bot_qrcode?bot_type=${encodeURIComponent(botType)}`,
+    timeoutMs: GET_QRCODE_TIMEOUT_MS,
+    label: "fetchQRCode"
+  });
+  return JSON.parse(rawText);
+}
+async function pollQRStatus(apiBaseUrl, qrcode) {
+  logger.debug(`Long-poll QR status from: ${apiBaseUrl} qrcode=***`);
+  try {
+    const rawText = await apiGetFetch({
+      baseUrl: apiBaseUrl,
+      endpoint: `ilink/bot/get_qrcode_status?qrcode=${encodeURIComponent(qrcode)}`,
+      timeoutMs: QR_LONG_POLL_TIMEOUT_MS,
+      label: "pollQRStatus"
+    });
+    logger.debug(`pollQRStatus: body=${rawText.substring(0, 200)}`);
+    return JSON.parse(rawText);
+  } catch (err) {
+    if (err instanceof Error && err.name === "AbortError") {
+      logger.debug(`pollQRStatus: client-side timeout after ${QR_LONG_POLL_TIMEOUT_MS}ms, returning wait`);
+      return { status: "wait" };
+    }
+    logger.warn(`pollQRStatus: network/gateway error, will retry: ${String(err)}`);
+    return { status: "wait" };
+  }
+}
+async function startWeixinLoginWithQr(opts) {
+  const sessionKey = opts.accountId || randomUUID();
+  purgeExpiredLogins();
+  const existing = activeLogins.get(sessionKey);
+  if (!opts.force && existing && isLoginFresh(existing) && existing.qrcodeUrl) {
+    return {
+      qrcodeUrl: existing.qrcodeUrl,
+      message: "二维码已就绪，请使用微信扫描。",
+      sessionKey
+    };
+  }
+  try {
+    const botType = opts.botType || DEFAULT_ILINK_BOT_TYPE;
+    logger.info(`Starting Weixin login with bot_type=${botType}`);
+    const qrResponse = await fetchQRCode(FIXED_BASE_URL, botType);
+    logger.info(`QR code received, qrcode=${redactToken(qrResponse.qrcode)} imgContentLen=${qrResponse.qrcode_img_content?.length ?? 0}`);
+    logger.info(`二维码链接: ${qrResponse.qrcode_img_content}`);
+    const login = {
+      sessionKey,
+      id: randomUUID(),
+      qrcode: qrResponse.qrcode,
+      qrcodeUrl: qrResponse.qrcode_img_content,
+      startedAt: Date.now()
+    };
+    activeLogins.set(sessionKey, login);
+    return {
+      qrcodeUrl: qrResponse.qrcode_img_content,
+      message: "使用微信扫描以下二维码，以完成连接。",
+      sessionKey
+    };
+  } catch (err) {
+    logger.error(`Failed to start Weixin login: ${String(err)}`);
+    return {
+      message: `Failed to start login: ${String(err)}`,
+      sessionKey
+    };
+  }
+}
+async function waitForWeixinLogin(opts) {
+  let activeLogin = activeLogins.get(opts.sessionKey);
+  if (!activeLogin) {
+    logger.warn(`waitForWeixinLogin: no active login sessionKey=${opts.sessionKey}`);
+    return {
+      connected: false,
+      message: "当前没有进行中的登录，请先发起登录。"
+    };
+  }
+  if (!isLoginFresh(activeLogin)) {
+    logger.warn(`waitForWeixinLogin: login QR expired sessionKey=${opts.sessionKey}`);
+    activeLogins.delete(opts.sessionKey);
+    return {
+      connected: false,
+      message: "二维码已过期，请重新生成。"
+    };
+  }
+  const timeoutMs = Math.max(opts.timeoutMs ?? 480000, 1000);
+  const deadline = Date.now() + timeoutMs;
+  let scannedPrinted = false;
+  let qrRefreshCount = 1;
+  activeLogin.currentApiBaseUrl = FIXED_BASE_URL;
+  logger.info("Starting to poll QR code status...");
+  while (Date.now() < deadline) {
+    try {
+      const currentBaseUrl = activeLogin.currentApiBaseUrl ?? FIXED_BASE_URL;
+      const statusResponse = await pollQRStatus(currentBaseUrl, activeLogin.qrcode);
+      logger.debug(`pollQRStatus: status=${statusResponse.status} hasBotToken=${Boolean(statusResponse.bot_token)} hasBotId=${Boolean(statusResponse.ilink_bot_id)}`);
+      activeLogin.status = statusResponse.status;
+      switch (statusResponse.status) {
+        case "wait":
+          if (opts.verbose) {
+            process.stdout.write(".");
+          }
+          break;
+        case "scaned":
+          if (!scannedPrinted) {
+            process.stdout.write(`
+\uD83D\uDC40 已扫码，在微信继续操作...
+`);
+            scannedPrinted = true;
+          }
+          break;
+        case "expired": {
+          qrRefreshCount++;
+          if (qrRefreshCount > MAX_QR_REFRESH_COUNT) {
+            logger.warn(`waitForWeixinLogin: QR expired ${MAX_QR_REFRESH_COUNT} times, giving up sessionKey=${opts.sessionKey}`);
+            activeLogins.delete(opts.sessionKey);
+            return {
+              connected: false,
+              message: "登录超时：二维码多次过期，请重新开始登录流程。"
+            };
+          }
+          process.stdout.write(`
+⏳ 二维码已过期，正在刷新...(${qrRefreshCount}/${MAX_QR_REFRESH_COUNT})
+`);
+          logger.info(`waitForWeixinLogin: QR expired, refreshing (${qrRefreshCount}/${MAX_QR_REFRESH_COUNT})`);
+          try {
+            const botType = opts.botType || DEFAULT_ILINK_BOT_TYPE;
+            const qrResponse = await fetchQRCode(FIXED_BASE_URL, botType);
+            activeLogin.qrcode = qrResponse.qrcode;
+            activeLogin.qrcodeUrl = qrResponse.qrcode_img_content;
+            activeLogin.startedAt = Date.now();
+            scannedPrinted = false;
+            logger.info(`waitForWeixinLogin: new QR code obtained qrcode=${redactToken(qrResponse.qrcode)}`);
+            process.stdout.write(`\uD83D\uDD04 新二维码已生成，请重新扫描
+`);
+            try {
+              const qrterm = await Promise.resolve().then(() => __toESM(require_main(), 1));
+              qrterm.default.generate(qrResponse.qrcode_img_content, { small: true });
+              process.stdout.write(`如果二维码未能成功展示，请用浏览器打开以下链接扫码：
+`);
+              process.stdout.write(`${qrResponse.qrcode_img_content}
+`);
+            } catch {
+              process.stdout.write(`二维码未加载成功，请用浏览器打开以下链接扫码：
+`);
+              process.stdout.write(`${qrResponse.qrcode_img_content}
+`);
+            }
+          } catch (refreshErr) {
+            logger.error(`waitForWeixinLogin: failed to refresh QR code: ${String(refreshErr)}`);
+            activeLogins.delete(opts.sessionKey);
+            return {
+              connected: false,
+              message: `刷新二维码失败: ${String(refreshErr)}`
+            };
+          }
+          break;
+        }
+        case "scaned_but_redirect": {
+          const redirectHost = statusResponse.redirect_host;
+          if (redirectHost) {
+            const newBaseUrl = `https://${redirectHost}`;
+            activeLogin.currentApiBaseUrl = newBaseUrl;
+            logger.info(`waitForWeixinLogin: IDC redirect, switching polling host to ${redirectHost}`);
+          } else {
+            logger.warn(`waitForWeixinLogin: received scaned_but_redirect but redirect_host is missing, continuing with current host`);
+          }
+          break;
+        }
+        case "confirmed": {
+          if (!statusResponse.ilink_bot_id) {
+            activeLogins.delete(opts.sessionKey);
+            logger.error("Login confirmed but ilink_bot_id missing from response");
+            return {
+              connected: false,
+              message: "登录失败：服务器未返回 ilink_bot_id。"
+            };
+          }
+          activeLogin.botToken = statusResponse.bot_token;
+          activeLogins.delete(opts.sessionKey);
+          logger.info(`✅ Login confirmed! ilink_bot_id=${statusResponse.ilink_bot_id} ilink_user_id=${redactToken(statusResponse.ilink_user_id)}`);
+          return {
+            connected: true,
+            botToken: statusResponse.bot_token,
+            accountId: statusResponse.ilink_bot_id,
+            baseUrl: statusResponse.baseurl,
+            userId: statusResponse.ilink_user_id,
+            message: "✅ 与微信连接成功！"
+          };
+        }
+      }
+    } catch (err) {
+      logger.error(`Error polling QR status: ${String(err)}`);
+      activeLogins.delete(opts.sessionKey);
+      return {
+        connected: false,
+        message: `Login failed: ${String(err)}`
+      };
+    }
+    await new Promise((r) => setTimeout(r, 1000));
+  }
+  logger.warn(`waitForWeixinLogin: timed out waiting for QR scan sessionKey=${opts.sessionKey} timeoutMs=${timeoutMs}`);
+  activeLogins.delete(opts.sessionKey);
+  return {
+    connected: false,
+    message: "登录超时，请重试。"
+  };
+}
+var ACTIVE_LOGIN_TTL_MS, GET_QRCODE_TIMEOUT_MS = 5000, QR_LONG_POLL_TIMEOUT_MS = 35000, DEFAULT_ILINK_BOT_TYPE = "3", FIXED_BASE_URL = "https://ilinkai.weixin.qq.com", activeLogins, MAX_QR_REFRESH_COUNT = 3;
+var init_login_qr = __esm(() => {
+  init_api();
+  init_logger();
+  ACTIVE_LOGIN_TTL_MS = 5 * 60000;
+  activeLogins = new Map;
+});
+// src/login.ts
+var exports_login = {};
+__export(exports_login, {
+  main: () => main,
+  loginWithQrRendering: () => loginWithQrRendering
+});
+async function loginWithQrRendering() {
+  const apiBaseUrl = DEFAULT_BASE_URL;
+  console.log("正在启动微信扫码登录...");
+  const startResult = await startWeixinLoginWithQr({
+    apiBaseUrl,
+    botType: DEFAULT_ILINK_BOT_TYPE
+  });
+  if (!startResult.qrcodeUrl) {
+    throw new Error(startResult.message);
+  }
+  console.log(`
+使用微信扫描以下二维码，以完成连接：
+`);
+  await new Promise((resolve) => {
+    import_qrcode_terminal.default.generate(startResult.qrcodeUrl, { small: true }, (qr) => {
+      console.log(qr);
+      resolve();
+    });
+  });
+  console.log(`
+等待扫码...
+`);
+  const waitResult = await waitForWeixinLogin({
+    sessionKey: startResult.sessionKey,
+    apiBaseUrl,
+    timeoutMs: 480000,
+    botType: DEFAULT_ILINK_BOT_TYPE
+  });
+  if (!waitResult.connected || !waitResult.botToken || !waitResult.accountId) {
+    throw new Error(waitResult.message);
+  }
+  const normalizedId = normalizeAccountId(waitResult.accountId);
+  saveWeixinAccount(normalizedId, {
+    token: waitResult.botToken,
+    baseUrl: waitResult.baseUrl,
+    userId: waitResult.userId
+  });
+  registerWeixinAccountId(normalizedId);
+  console.log(`
+✅ 与微信连接成功！`);
+}
+async function main() {
+  await loginWithQrRendering();
+}
+var import_qrcode_terminal;
+var init_login = __esm(async () => {
+  init_accounts();
+  init_login_qr();
+  import_qrcode_terminal = __toESM(require_main(), 1);
+  if (false) {}
+});
+// src/weixin/api/config-cache.ts
+class WeixinConfigManager {
+  apiOpts;
+  log;
+  cache = new Map;
+  constructor(apiOpts, log) {
+    this.apiOpts = apiOpts;
+    this.log = log;
+  }
+  async getForUser(userId, contextToken) {
+    const now = Date.now();
+    const entry = this.cache.get(userId);
+    const shouldFetch = !entry || now >= entry.nextFetchAt;
+    if (shouldFetch) {
+      let fetchOk = false;
+      try {
+        const resp = await getConfig({
+          baseUrl: this.apiOpts.baseUrl,
+          token: this.apiOpts.token,
+          ilinkUserId: userId,
+          contextToken
+        });
+        if (resp.ret === 0) {
+          this.cache.set(userId, {
+            config: { typingTicket: resp.typing_ticket ?? "" },
+            everSucceeded: true,
+            nextFetchAt: now + Math.random() * CONFIG_CACHE_TTL_MS,
+            retryDelayMs: CONFIG_CACHE_INITIAL_RETRY_MS
+          });
+          this.log(`[weixin] config ${entry?.everSucceeded ? "refreshed" : "cached"} for ${userId}`);
+          fetchOk = true;
+        }
+      } catch (err) {
+        this.log(`[weixin] getConfig failed for ${userId} (ignored): ${String(err)}`);
+      }
+      if (!fetchOk) {
+        const prevDelay = entry?.retryDelayMs ?? CONFIG_CACHE_INITIAL_RETRY_MS;
+        const nextDelay = Math.min(prevDelay * 2, CONFIG_CACHE_MAX_RETRY_MS);
+        if (entry) {
+          entry.nextFetchAt = now + nextDelay;
+          entry.retryDelayMs = nextDelay;
+        } else {
+          this.cache.set(userId, {
+            config: { typingTicket: "" },
+            everSucceeded: false,
+            nextFetchAt: now + CONFIG_CACHE_INITIAL_RETRY_MS,
+            retryDelayMs: CONFIG_CACHE_INITIAL_RETRY_MS
+          });
+        }
+      }
+    }
+    return this.cache.get(userId)?.config ?? { typingTicket: "" };
+  }
+}
+var CONFIG_CACHE_TTL_MS, CONFIG_CACHE_INITIAL_RETRY_MS = 2000, CONFIG_CACHE_MAX_RETRY_MS;
+var init_config_cache = __esm(() => {
+  init_api();
+  CONFIG_CACHE_TTL_MS = 24 * 60 * 60 * 1000;
+  CONFIG_CACHE_MAX_RETRY_MS = 60 * 60 * 1000;
+});
+// src/weixin/api/session-guard.ts
+function pauseSession(accountId) {
+  const until = Date.now() + SESSION_PAUSE_DURATION_MS;
+  pauseUntilMap.set(accountId, until);
+  logger.info(`session-guard: paused accountId=${accountId} until=${new Date(until).toISOString()} (${SESSION_PAUSE_DURATION_MS / 1000}s)`);
+}
+function getRemainingPauseMs(accountId) {
+  const until = pauseUntilMap.get(accountId);
+  if (until === undefined)
+    return 0;
+  const remaining = until - Date.now();
+  if (remaining <= 0) {
+    pauseUntilMap.delete(accountId);
+    return 0;
+  }
+  return remaining;
+}
+var SESSION_PAUSE_DURATION_MS, SESSION_EXPIRED_ERRCODE = -14, pauseUntilMap;
+var init_session_guard = __esm(() => {
+  init_logger();
+  SESSION_PAUSE_DURATION_MS = 60 * 60 * 1000;
+  pauseUntilMap = new Map;
+});
+// src/weixin/api/types.ts
+var UploadMediaType, MessageType, MessageItemType, MessageState, TypingStatus;
+var init_types = __esm(() => {
+  UploadMediaType = {
+    IMAGE: 1,
+    VIDEO: 2,
+    FILE: 3,
+    VOICE: 4
+  };
+  MessageType = {
+    NONE: 0,
+    USER: 1,
+    BOT: 2
+  };
+  MessageItemType = {
+    NONE: 0,
+    TEXT: 1,
+    IMAGE: 2,
+    VOICE: 3,
+    FILE: 4,
+    VIDEO: 5
+  };
+  MessageState = {
+    NEW: 0,
+    GENERATING: 1,
+    FINISH: 2
+  };
+  TypingStatus = {
+    TYPING: 1,
+    CANCEL: 2
+  };
+});
+// src/weixin/cdn/aes-ecb.ts
+import { createCipheriv, createDecipheriv } from "node:crypto";
+function encryptAesEcb(plaintext, key) {
+  const cipher = createCipheriv("aes-128-ecb", key, null);
+  return Buffer.concat([cipher.update(plaintext), cipher.final()]);
+}
+function decryptAesEcb(ciphertext, key) {
+  const decipher = createDecipheriv("aes-128-ecb", key, null);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+function aesEcbPaddedSize(plaintextSize) {
+  return Math.ceil((plaintextSize + 1) / 16) * 16;
+}
+var init_aes_ecb = () => {};
+// src/weixin/cdn/cdn-url.ts
+function buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl) {
+  return `${cdnBaseUrl}/download?encrypted_query_param=${encodeURIComponent(encryptedQueryParam)}`;
+}
+function buildCdnUploadUrl(params) {
+  return `${params.cdnBaseUrl}/upload?encrypted_query_param=${encodeURIComponent(params.uploadParam)}&filekey=${encodeURIComponent(params.filekey)}`;
+}
+// src/weixin/cdn/cdn-upload.ts
+async function uploadBufferToCdn(params) {
+  const { buf, uploadFullUrl, uploadParam, filekey, cdnBaseUrl, label, aeskey } = params;
+  const ciphertext = encryptAesEcb(buf, aeskey);
+  const trimmedFull = uploadFullUrl?.trim();
+  let cdnUrl;
+  if (trimmedFull) {
+    cdnUrl = trimmedFull;
+  } else if (uploadParam) {
+    cdnUrl = buildCdnUploadUrl({ cdnBaseUrl, uploadParam, filekey });
+  } else {
+    throw new Error(`${label}: CDN upload URL missing (need upload_full_url or upload_param)`);
+  }
+  logger.debug(`${label}: CDN POST url=${redactUrl(cdnUrl)} ciphertextSize=${ciphertext.length}`);
+  let downloadParam;
+  let lastError;
+  for (let attempt = 1;attempt <= UPLOAD_MAX_RETRIES; attempt++) {
+    try {
+      const res = await fetch(cdnUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/octet-stream" },
+        body: new Uint8Array(ciphertext)
+      });
+      if (res.status >= 400 && res.status < 500) {
+        const errMsg = res.headers.get("x-error-message") ?? await res.text();
+        logger.error(`${label}: CDN client error attempt=${attempt} status=${res.status} errMsg=${errMsg}`);
+        throw new Error(`CDN upload client error ${res.status}: ${errMsg}`);
+      }
+      if (res.status !== 200) {
+        const errMsg = res.headers.get("x-error-message") ?? `status ${res.status}`;
+        logger.error(`${label}: CDN server error attempt=${attempt} status=${res.status} errMsg=${errMsg}`);
+        throw new Error(`CDN upload server error: ${errMsg}`);
+      }
+      downloadParam = res.headers.get("x-encrypted-param") ?? undefined;
+      if (!downloadParam) {
+        logger.error(`${label}: CDN response missing x-encrypted-param header attempt=${attempt}`);
+        throw new Error("CDN upload response missing x-encrypted-param header");
+      }
+      logger.debug(`${label}: CDN upload success attempt=${attempt}`);
+      break;
+    } catch (err) {
+      lastError = err;
+      if (err instanceof Error && err.message.includes("client error"))
+        throw err;
+      if (attempt < UPLOAD_MAX_RETRIES) {
+        logger.error(`${label}: attempt ${attempt} failed, retrying... err=${String(err)}`);
+      } else {
+        logger.error(`${label}: all ${UPLOAD_MAX_RETRIES} attempts failed err=${String(err)}`);
+      }
+    }
+  }
+  if (!downloadParam) {
+    throw lastError instanceof Error ? lastError : new Error(`CDN upload failed after ${UPLOAD_MAX_RETRIES} attempts`);
+  }
+  return { downloadParam };
+}
+var UPLOAD_MAX_RETRIES = 3;
+var init_cdn_upload = __esm(() => {
+  init_aes_ecb();
+  init_logger();
+});
+// src/weixin/media/mime.ts
+import path5 from "node:path";
+function getMimeFromFilename(filename) {
+  const ext = path5.extname(filename).toLowerCase();
+  return EXTENSION_TO_MIME[ext] ?? "application/octet-stream";
+}
+function getExtensionFromMime(mimeType) {
+  const ct = (mimeType.split(";")[0] ?? "").trim().toLowerCase();
+  return MIME_TO_EXTENSION[ct] ?? ".bin";
+}
+function getExtensionFromContentTypeOrUrl(contentType, url) {
+  if (contentType) {
+    const ext2 = getExtensionFromMime(contentType);
+    if (ext2 !== ".bin")
+      return ext2;
+  }
+  const ext = path5.extname(new URL(url).pathname).toLowerCase();
+  const knownExts = new Set(Object.keys(EXTENSION_TO_MIME));
+  return knownExts.has(ext) ? ext : ".bin";
+}
+var EXTENSION_TO_MIME, MIME_TO_EXTENSION;
+var init_mime = __esm(() => {
+  EXTENSION_TO_MIME = {
+    ".pdf": "application/pdf",
+    ".doc": "application/msword",
+    ".docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+    ".xls": "application/vnd.ms-excel",
+    ".xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+    ".ppt": "application/vnd.ms-powerpoint",
+    ".pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+    ".txt": "text/plain",
+    ".csv": "text/csv",
+    ".zip": "application/zip",
+    ".tar": "application/x-tar",
+    ".gz": "application/gzip",
+    ".mp3": "audio/mpeg",
+    ".ogg": "audio/ogg",
+    ".wav": "audio/wav",
+    ".mp4": "video/mp4",
+    ".mov": "video/quicktime",
+    ".webm": "video/webm",
+    ".mkv": "video/x-matroska",
+    ".avi": "video/x-msvideo",
+    ".png": "image/png",
+    ".jpg": "image/jpeg",
+    ".jpeg": "image/jpeg",
+    ".gif": "image/gif",
+    ".webp": "image/webp",
+    ".bmp": "image/bmp"
+  };
+  MIME_TO_EXTENSION = {
+    "image/jpeg": ".jpg",
+    "image/jpg": ".jpg",
+    "image/png": ".png",
+    "image/gif": ".gif",
+    "image/webp": ".webp",
+    "image/bmp": ".bmp",
+    "video/mp4": ".mp4",
+    "video/quicktime": ".mov",
+    "video/webm": ".webm",
+    "video/x-matroska": ".mkv",
+    "video/x-msvideo": ".avi",
+    "audio/mpeg": ".mp3",
+    "audio/ogg": ".ogg",
+    "audio/wav": ".wav",
+    "application/pdf": ".pdf",
+    "application/zip": ".zip",
+    "application/x-tar": ".tar",
+    "application/gzip": ".gz",
+    "text/plain": ".txt",
+    "text/csv": ".csv"
+  };
+});
+// src/weixin/util/random.ts
+import crypto2 from "node:crypto";
+function generateId(prefix) {
+  return `${prefix}:${Date.now()}-${crypto2.randomBytes(4).toString("hex")}`;
+}
+function tempFileName(prefix, ext) {
+  return `${prefix}-${Date.now()}-${crypto2.randomBytes(4).toString("hex")}${ext}`;
+}
+var init_random = () => {};
+// src/weixin/cdn/upload.ts
+import crypto3 from "node:crypto";
+import fs4 from "node:fs/promises";
+import path6 from "node:path";
+async function downloadRemoteImageToTemp(url, destDir) {
+  logger.debug(`downloadRemoteImageToTemp: fetching url=${url}`);
+  const res = await fetch(url);
+  if (!res.ok) {
+    const msg = `remote media download failed: ${res.status} ${res.statusText} url=${url}`;
+    logger.error(`downloadRemoteImageToTemp: ${msg}`);
+    throw new Error(msg);
+  }
+  const buf = Buffer.from(await res.arrayBuffer());
+  logger.debug(`downloadRemoteImageToTemp: downloaded ${buf.length} bytes`);
+  await fs4.mkdir(destDir, { recursive: true });
+  const ext = getExtensionFromContentTypeOrUrl(res.headers.get("content-type"), url);
+  const name = tempFileName("weixin-remote", ext);
+  const filePath = path6.join(destDir, name);
+  await fs4.writeFile(filePath, buf);
+  logger.debug(`downloadRemoteImageToTemp: saved to ${filePath} ext=${ext}`);
+  return filePath;
+}
+async function uploadMediaToCdn(params) {
+  const { filePath, toUserId, opts, cdnBaseUrl, mediaType, label } = params;
+  const plaintext = await fs4.readFile(filePath);
+  const rawsize = plaintext.length;
+  const rawfilemd5 = crypto3.createHash("md5").update(plaintext).digest("hex");
+  const filesize = aesEcbPaddedSize(rawsize);
+  const filekey = crypto3.randomBytes(16).toString("hex");
+  const aeskey = crypto3.randomBytes(16);
+  logger.debug(`${label}: file=${filePath} rawsize=${rawsize} filesize=${filesize} md5=${rawfilemd5} filekey=${filekey}`);
+  const uploadUrlResp = await getUploadUrl({
+    ...opts,
+    filekey,
+    media_type: mediaType,
+    to_user_id: toUserId,
+    rawsize,
+    rawfilemd5,
+    filesize,
+    no_need_thumb: true,
+    aeskey: aeskey.toString("hex")
+  });
+  const uploadFullUrl = uploadUrlResp.upload_full_url?.trim();
+  const uploadParam = uploadUrlResp.upload_param;
+  if (!uploadFullUrl && !uploadParam) {
+    logger.error(`${label}: getUploadUrl returned no upload URL (need upload_full_url or upload_param), resp=${JSON.stringify(uploadUrlResp)}`);
+    throw new Error(`${label}: getUploadUrl returned no upload URL`);
+  }
+  const { downloadParam: downloadEncryptedQueryParam } = await uploadBufferToCdn({
+    buf: plaintext,
+    uploadFullUrl: uploadFullUrl || undefined,
+    uploadParam: uploadParam ?? undefined,
+    filekey,
+    cdnBaseUrl,
+    aeskey,
+    label: `${label}[orig filekey=${filekey}]`
+  });
+  return {
+    filekey,
+    downloadEncryptedQueryParam,
+    aeskey: aeskey.toString("hex"),
+    fileSize: rawsize,
+    fileSizeCiphertext: filesize
+  };
+}
+async function uploadFileToWeixin(params) {
+  return uploadMediaToCdn({
+    ...params,
+    mediaType: UploadMediaType.IMAGE,
+    label: "uploadFileToWeixin"
+  });
+}
+async function uploadVideoToWeixin(params) {
+  return uploadMediaToCdn({
+    ...params,
+    mediaType: UploadMediaType.VIDEO,
+    label: "uploadVideoToWeixin"
+  });
+}
+async function uploadFileAttachmentToWeixin(params) {
+  return uploadMediaToCdn({
+    ...params,
+    mediaType: UploadMediaType.FILE,
+    label: "uploadFileAttachmentToWeixin"
+  });
+}
+var init_upload = __esm(() => {
+  init_api();
+  init_aes_ecb();
+  init_cdn_upload();
+  init_logger();
+  init_mime();
+  init_random();
+  init_types();
+});
+// src/weixin/cdn/pic-decrypt.ts
+async function fetchCdnBytes(url, label) {
+  let res;
+  try {
+    res = await fetch(url);
+  } catch (err) {
+    const cause = err.cause ?? err.code ?? "(no cause)";
+    logger.error(`${label}: fetch network error url=${url} err=${String(err)} cause=${String(cause)}`);
+    throw err;
+  }
+  logger.debug(`${label}: response status=${res.status} ok=${res.ok}`);
+  if (!res.ok) {
+    const body = await res.text().catch(() => "(unreadable)");
+    const msg = `${label}: CDN download ${res.status} ${res.statusText} body=${body}`;
+    logger.error(msg);
+    throw new Error(msg);
+  }
+  return Buffer.from(await res.arrayBuffer());
+}
+function parseAesKey(aesKeyBase64, label) {
+  const decoded = Buffer.from(aesKeyBase64, "base64");
+  if (decoded.length === 16) {
+    return decoded;
+  }
+  if (decoded.length === 32 && /^[0-9a-fA-F]{32}$/.test(decoded.toString("ascii"))) {
+    return Buffer.from(decoded.toString("ascii"), "hex");
+  }
+  const msg = `${label}: aes_key must decode to 16 raw bytes or 32-char hex string, got ${decoded.length} bytes (base64="${aesKeyBase64}")`;
+  logger.error(msg);
+  throw new Error(msg);
+}
+async function downloadAndDecryptBuffer(encryptedQueryParam, aesKeyBase64, cdnBaseUrl, label, fullUrl) {
+  const key = parseAesKey(aesKeyBase64, label);
+  const url = fullUrl || buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl);
+  logger.debug(`${label}: fetching url=${url}`);
+  const encrypted = await fetchCdnBytes(url, label);
+  logger.debug(`${label}: downloaded ${encrypted.byteLength} bytes, decrypting`);
+  const decrypted = decryptAesEcb(encrypted, key);
+  logger.debug(`${label}: decrypted ${decrypted.length} bytes`);
+  return decrypted;
+}
+async function downloadPlainCdnBuffer(encryptedQueryParam, cdnBaseUrl, label, fullUrl) {
+  const url = fullUrl || buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl);
+  logger.debug(`${label}: fetching url=${url}`);
+  return fetchCdnBytes(url, label);
+}
+var init_pic_decrypt = __esm(() => {
+  init_aes_ecb();
+  init_logger();
+});
+// src/weixin/media/silk-transcode.ts
+function pcmBytesToWav(pcm, sampleRate) {
+  const pcmBytes = pcm.byteLength;
+  const totalSize = 44 + pcmBytes;
+  const buf = Buffer.allocUnsafe(totalSize);
+  let offset = 0;
+  buf.write("RIFF", offset);
+  offset += 4;
+  buf.writeUInt32LE(totalSize - 8, offset);
+  offset += 4;
+  buf.write("WAVE", offset);
+  offset += 4;
+  buf.write("fmt ", offset);
+  offset += 4;
+  buf.writeUInt32LE(16, offset);
+  offset += 4;
+  buf.writeUInt16LE(1, offset);
+  offset += 2;
+  buf.writeUInt16LE(1, offset);
+  offset += 2;
+  buf.writeUInt32LE(sampleRate, offset);
+  offset += 4;
+  buf.writeUInt32LE(sampleRate * 2, offset);
+  offset += 4;
+  buf.writeUInt16LE(2, offset);
+  offset += 2;
+  buf.writeUInt16LE(16, offset);
+  offset += 2;
+  buf.write("data", offset);
+  offset += 4;
+  buf.writeUInt32LE(pcmBytes, offset);
+  offset += 4;
+  Buffer.from(pcm.buffer, pcm.byteOffset, pcm.byteLength).copy(buf, offset);
+  return buf;
+}
+async function silkToWav(silkBuf) {
+  try {
+    const { decode } = await import("silk-wasm");
+    logger.debug(`silkToWav: decoding ${silkBuf.length} bytes of SILK`);
+    const result = await decode(silkBuf, SILK_SAMPLE_RATE);
+    logger.debug(`silkToWav: decoded duration=${result.duration}ms pcmBytes=${result.data.byteLength}`);
+    const wav = pcmBytesToWav(result.data, SILK_SAMPLE_RATE);
+    logger.debug(`silkToWav: WAV size=${wav.length}`);
+    return wav;
+  } catch (err) {
+    logger.warn(`silkToWav: transcode failed, will use raw silk err=${String(err)}`);
+    return null;
+  }
+}
+var SILK_SAMPLE_RATE = 24000;
+var init_silk_transcode = __esm(() => {
+  init_logger();
+});
+// src/weixin/media/media-download.ts
+async function downloadMediaFromItem(item, deps) {
+  const { cdnBaseUrl, saveMedia, log, errLog, label } = deps;
+  const result = {};
+  if (item.type === MessageItemType.IMAGE) {
+    const img = item.image_item;
+    if (!img?.media?.encrypt_query_param && !img?.media?.full_url)
+      return result;
+    const aesKeyBase64 = img.aeskey ? Buffer.from(img.aeskey, "hex").toString("base64") : img.media.aes_key;
+    logger.debug(`${label} image: encrypt_query_param=${(img.media.encrypt_query_param ?? "").slice(0, 40)}... hasAesKey=${Boolean(aesKeyBase64)} aeskeySource=${img.aeskey ? "image_item.aeskey" : "media.aes_key"} full_url=${Boolean(img.media.full_url)}`);
+    try {
+      const buf = aesKeyBase64 ? await downloadAndDecryptBuffer(img.media.encrypt_query_param ?? "", aesKeyBase64, cdnBaseUrl, `${label} image`, img.media.full_url) : await downloadPlainCdnBuffer(img.media.encrypt_query_param ?? "", cdnBaseUrl, `${label} image-plain`, img.media.full_url);
+      const saved = await saveMedia(buf, undefined, "inbound", WEIXIN_MEDIA_MAX_BYTES);
+      result.decryptedPicPath = saved.path;
+      logger.debug(`${label} image saved: ${saved.path}`);
+    } catch (err) {
+      logger.error(`${label} image download/decrypt failed: ${String(err)}`);
+      errLog(`weixin ${label} image download/decrypt failed: ${String(err)}`);
+    }
+  } else if (item.type === MessageItemType.VOICE) {
+    const voice = item.voice_item;
+    if (!voice?.media?.encrypt_query_param && !voice?.media?.full_url || !voice?.media?.aes_key)
+      return result;
+    try {
+      const silkBuf = await downloadAndDecryptBuffer(voice.media.encrypt_query_param ?? "", voice.media.aes_key, cdnBaseUrl, `${label} voice`, voice.media.full_url);
+      logger.debug(`${label} voice: decrypted ${silkBuf.length} bytes, attempting silk transcode`);
+      const wavBuf = await silkToWav(silkBuf);
+      if (wavBuf) {
+        const saved = await saveMedia(wavBuf, "audio/wav", "inbound", WEIXIN_MEDIA_MAX_BYTES);
+        result.decryptedVoicePath = saved.path;
+        result.voiceMediaType = "audio/wav";
+        logger.debug(`${label} voice: saved WAV to ${saved.path}`);
+      } else {
+        const saved = await saveMedia(silkBuf, "audio/silk", "inbound", WEIXIN_MEDIA_MAX_BYTES);
+        result.decryptedVoicePath = saved.path;
+        result.voiceMediaType = "audio/silk";
+        logger.debug(`${label} voice: silk transcode unavailable, saved raw SILK to ${saved.path}`);
+      }
+    } catch (err) {
+      logger.error(`${label} voice download/transcode failed: ${String(err)}`);
+      errLog(`weixin ${label} voice download/transcode failed: ${String(err)}`);
+    }
+  } else if (item.type === MessageItemType.FILE) {
+    const fileItem = item.file_item;
+    if (!fileItem?.media?.encrypt_query_param && !fileItem?.media?.full_url || !fileItem?.media?.aes_key)
+      return result;
+    try {
+      const buf = await downloadAndDecryptBuffer(fileItem.media.encrypt_query_param ?? "", fileItem.media.aes_key, cdnBaseUrl, `${label} file`, fileItem.media.full_url);
+      const mime = getMimeFromFilename(fileItem.file_name ?? "file.bin");
+      const saved = await saveMedia(buf, mime, "inbound", WEIXIN_MEDIA_MAX_BYTES, fileItem.file_name ?? undefined);
+      result.decryptedFilePath = saved.path;
+      result.fileMediaType = mime;
+      logger.debug(`${label} file: saved to ${saved.path} mime=${mime}`);
+    } catch (err) {
+      logger.error(`${label} file download failed: ${String(err)}`);
+      errLog(`weixin ${label} file download failed: ${String(err)}`);
+    }
+  } else if (item.type === MessageItemType.VIDEO) {
+    const videoItem = item.video_item;
+    if (!videoItem?.media?.encrypt_query_param && !videoItem?.media?.full_url || !videoItem?.media?.aes_key)
+      return result;
+    try {
+      const buf = await downloadAndDecryptBuffer(videoItem.media.encrypt_query_param ?? "", videoItem.media.aes_key, cdnBaseUrl, `${label} video`, videoItem.media.full_url);
+      const saved = await saveMedia(buf, "video/mp4", "inbound", WEIXIN_MEDIA_MAX_BYTES);
+      result.decryptedVideoPath = saved.path;
+      logger.debug(`${label} video: saved to ${saved.path}`);
+    } catch (err) {
+      logger.error(`${label} video download failed: ${String(err)}`);
+      errLog(`weixin ${label} video download failed: ${String(err)}`);
+    }
+  }
+  return result;
+}
+var WEIXIN_MEDIA_MAX_BYTES;
+var init_media_download = __esm(() => {
+  init_logger();
+  init_mime();
+  init_pic_decrypt();
+  init_silk_transcode();
+  init_types();
+  WEIXIN_MEDIA_MAX_BYTES = 100 * 1024 * 1024;
+});
+// src/weixin/messaging/inbound.ts
+function contextTokenKey(accountId, userId) {
+  return `${accountId}:${userId}`;
+}
+function setContextToken(accountId, userId, token) {
+  const k = contextTokenKey(accountId, userId);
+  logger.debug(`setContextToken: key=${k}`);
+  contextTokenStore.set(k, token);
+}
+function getContextToken(accountId, userId) {
+  const k = contextTokenKey(accountId, userId);
+  const val = contextTokenStore.get(k);
+  logger.debug(`getContextToken: key=${k} found=${val !== undefined} storeSize=${contextTokenStore.size}`);
+  return val;
+}
+function isMediaItem(item) {
+  return item.type === MessageItemType.IMAGE || item.type === MessageItemType.VIDEO || item.type === MessageItemType.FILE || item.type === MessageItemType.VOICE;
+}
+function bodyFromItemList(itemList) {
+  if (!itemList?.length)
+    return "";
+  for (const item of itemList) {
+    if (item.type === MessageItemType.TEXT && item.text_item?.text != null) {
+      const text = String(item.text_item.text);
+      const ref = item.ref_msg;
+      if (!ref)
+        return text;
+      if (ref.message_item && isMediaItem(ref.message_item))
+        return text;
+      const parts = [];
+      if (ref.title)
+        parts.push(ref.title);
+      if (ref.message_item) {
+        const refBody = bodyFromItemList([ref.message_item]);
+        if (refBody)
+          parts.push(refBody);
+      }
+      if (!parts.length)
+        return text;
+      return `[引用: ${parts.join(" | ")}]
+${text}`;
+    }
+    if (item.type === MessageItemType.VOICE && item.voice_item?.text) {
+      return item.voice_item.text;
+    }
+  }
+  return "";
+}
+var contextTokenStore;
+var init_inbound = __esm(() => {
+  init_logger();
+  init_random();
+  init_types();
+  contextTokenStore = new Map;
+});
+// src/weixin/messaging/send.ts
+function generateClientId() {
+  return generateId("openclaw-weixin");
+}
+function markdownToPlainText(text) {
+  let result = text;
+  result = result.replace(/```[^\n]*\n?([\s\S]*?)```/g, (_, code) => code.trim());
+  result = result.replace(/!\[[^\]]*\]\([^)]*\)/g, "");
+  result = result.replace(/\[([^\]]+)\]\([^)]*\)/g, "$1");
+  result = result.replace(/^\|[\s:|-]+\|$/gm, "");
+  result = result.replace(/^\|(.+)\|$/gm, (_, inner) => inner.split("|").map((cell) => cell.trim()).join("  "));
+  result = result.replace(/\*\*(.+?)\*\*/g, "$1").replace(/\*(.+?)\*/g, "$1").replace(/__(.+?)__/g, "$1").replace(/_(.+?)_/g, "$1").replace(/~~(.+?)~~/g, "$1").replace(/`(.+?)`/g, "$1");
+  return result;
+}
+function buildTextMessageReq(params) {
+  const { to, text, contextToken, clientId } = params;
+  const item_list = text ? [{ type: MessageItemType.TEXT, text_item: { text } }] : [];
+  return {
+    msg: {
+      from_user_id: "",
+      to_user_id: to,
+      client_id: clientId,
+      message_type: MessageType.BOT,
+      message_state: MessageState.FINISH,
+      item_list: item_list.length ? item_list : undefined,
+      context_token: contextToken ?? undefined
+    }
+  };
+}
+function buildSendMessageReq(params) {
+  const { to, contextToken, text, clientId } = params;
+  return buildTextMessageReq({ to, text, contextToken, clientId });
+}
+async function sendMessageWeixin(params) {
+  const { to, text, opts } = params;
+  if (!opts.contextToken) {
+    logger.error(`sendMessageWeixin: contextToken missing, refusing to send to=${to}`);
+    throw new Error("sendMessageWeixin: contextToken is required");
+  }
+  const clientId = generateClientId();
+  const req = buildSendMessageReq({
+    to,
+    contextToken: opts.contextToken,
+    text,
+    clientId
+  });
+  try {
+    await sendMessage({
+      baseUrl: opts.baseUrl,
+      token: opts.token,
+      timeoutMs: opts.timeoutMs,
+      body: req
+    });
+  } catch (err) {
+    logger.error(`sendMessageWeixin: failed to=${to} clientId=${clientId} err=${String(err)}`);
+    throw err;
+  }
+  return { messageId: clientId };
+}
+async function sendMediaItems(params) {
+  const { to, text, mediaItem, opts, label } = params;
+  const items = [];
+  if (text) {
+    items.push({ type: MessageItemType.TEXT, text_item: { text } });
+  }
+  items.push(mediaItem);
+  let lastClientId = "";
+  for (const item of items) {
+    lastClientId = generateClientId();
+    const req = {
+      msg: {
+        from_user_id: "",
+        to_user_id: to,
+        client_id: lastClientId,
+        message_type: MessageType.BOT,
+        message_state: MessageState.FINISH,
+        item_list: [item],
+        context_token: opts.contextToken ?? undefined
+      }
+    };
+    try {
+      await sendMessage({
+        baseUrl: opts.baseUrl,
+        token: opts.token,
+        timeoutMs: opts.timeoutMs,
+        body: req
+      });
+    } catch (err) {
+      logger.error(`${label}: failed to=${to} clientId=${lastClientId} err=${String(err)}`);
+      throw err;
+    }
+  }
+  logger.debug(`${label}: success to=${to} clientId=${lastClientId}`);
+  return { messageId: lastClientId };
+}
+async function sendImageMessageWeixin(params) {
+  const { to, text, uploaded, opts } = params;
+  if (!opts.contextToken) {
+    logger.error(`sendImageMessageWeixin: contextToken missing, refusing to send to=${to}`);
+    throw new Error("sendImageMessageWeixin: contextToken is required");
+  }
+  logger.debug(`sendImageMessageWeixin: to=${to} filekey=${uploaded.filekey} fileSize=${uploaded.fileSize} aeskey=present`);
+  const imageItem = {
+    type: MessageItemType.IMAGE,
+    image_item: {
+      media: {
+        encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+        aes_key: Buffer.from(uploaded.aeskey).toString("base64"),
+        encrypt_type: 1
+      },
+      mid_size: uploaded.fileSizeCiphertext
+    }
+  };
+  return sendMediaItems({ to, text, mediaItem: imageItem, opts, label: "sendImageMessageWeixin" });
+}
+async function sendVideoMessageWeixin(params) {
+  const { to, text, uploaded, opts } = params;
+  if (!opts.contextToken) {
+    logger.error(`sendVideoMessageWeixin: contextToken missing, refusing to send to=${to}`);
+    throw new Error("sendVideoMessageWeixin: contextToken is required");
+  }
+  const videoItem = {
+    type: MessageItemType.VIDEO,
+    video_item: {
+      media: {
+        encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+        aes_key: Buffer.from(uploaded.aeskey).toString("base64"),
+        encrypt_type: 1
+      },
+      video_size: uploaded.fileSizeCiphertext
+    }
+  };
+  return sendMediaItems({ to, text, mediaItem: videoItem, opts, label: "sendVideoMessageWeixin" });
+}
+async function sendFileMessageWeixin(params) {
+  const { to, text, fileName, uploaded, opts } = params;
+  if (!opts.contextToken) {
+    logger.error(`sendFileMessageWeixin: contextToken missing, refusing to send to=${to}`);
+    throw new Error("sendFileMessageWeixin: contextToken is required");
+  }
+  const fileItem = {
+    type: MessageItemType.FILE,
+    file_item: {
+      media: {
+        encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+        aes_key: Buffer.from(uploaded.aeskey).toString("base64"),
+        encrypt_type: 1
+      },
+      file_name: fileName,
+      len: String(uploaded.fileSize)
+    }
+  };
+  return sendMediaItems({ to, text, mediaItem: fileItem, opts, label: "sendFileMessageWeixin" });
+}
+var init_send = __esm(() => {
+  init_api();
+  init_logger();
+  init_random();
+  init_types();
+});
+// src/weixin/messaging/error-notice.ts
+async function sendWeixinErrorNotice(params) {
+  if (!params.contextToken) {
+    logger.warn(`sendWeixinErrorNotice: no contextToken for to=${params.to}, cannot notify user`);
+    return;
+  }
+  try {
+    await sendMessageWeixin({ to: params.to, text: params.message, opts: {
+      baseUrl: params.baseUrl,
+      token: params.token,
+      contextToken: params.contextToken
+    } });
+    logger.debug(`sendWeixinErrorNotice: sent to=${params.to}`);
+  } catch (err) {
+    params.errLog(`[weixin] sendWeixinErrorNotice failed to=${params.to}: ${String(err)}`);
+  }
+}
+var init_error_notice = __esm(() => {
+  init_logger();
+  init_send();
+});
+// src/weixin/messaging/send-media.ts
+import path7 from "node:path";
+async function sendWeixinMediaFile(params) {
+  const { filePath, to, text, opts, cdnBaseUrl } = params;
+  const mime = getMimeFromFilename(filePath);
+  const uploadOpts = { baseUrl: opts.baseUrl, token: opts.token };
+  if (mime.startsWith("video/")) {
+    logger.info(`[weixin] sendWeixinMediaFile: uploading video filePath=${filePath} to=${to}`);
+    const uploaded2 = await uploadVideoToWeixin({
+      filePath,
+      toUserId: to,
+      opts: uploadOpts,
+      cdnBaseUrl
+    });
+    logger.info(`[weixin] sendWeixinMediaFile: video upload done filekey=${uploaded2.filekey} size=${uploaded2.fileSize}`);
+    return sendVideoMessageWeixin({ to, text, uploaded: uploaded2, opts });
+  }
+  if (mime.startsWith("image/")) {
+    logger.info(`[weixin] sendWeixinMediaFile: uploading image filePath=${filePath} to=${to}`);
+    const uploaded2 = await uploadFileToWeixin({
+      filePath,
+      toUserId: to,
+      opts: uploadOpts,
+      cdnBaseUrl
+    });
+    logger.info(`[weixin] sendWeixinMediaFile: image upload done filekey=${uploaded2.filekey} size=${uploaded2.fileSize}`);
+    return sendImageMessageWeixin({ to, text, uploaded: uploaded2, opts });
+  }
+  const fileName = path7.basename(filePath);
+  logger.info(`[weixin] sendWeixinMediaFile: uploading file attachment filePath=${filePath} name=${fileName} to=${to}`);
+  const uploaded = await uploadFileAttachmentToWeixin({
+    filePath,
+    fileName,
+    toUserId: to,
+    opts: uploadOpts,
+    cdnBaseUrl
+  });
+  logger.info(`[weixin] sendWeixinMediaFile: file upload done filekey=${uploaded.filekey} size=${uploaded.fileSize}`);
+  return sendFileMessageWeixin({ to, text, fileName, uploaded, opts });
+}
+var init_send_media = __esm(() => {
+  init_logger();
+  init_mime();
+  init_send();
+  init_upload();
+});
+// src/weixin/messaging/debug-mode.ts
+import fs5 from "node:fs";
+import path8 from "node:path";
+function resolveDebugModePath() {
+  return path8.join(resolveStateDir(), "openclaw-weixin", "debug-mode.json");
+}
+function loadState() {
+  try {
+    const raw = fs5.readFileSync(resolveDebugModePath(), "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed.accounts === "object")
+      return parsed;
+  } catch {}
+  return { accounts: {} };
+}
+function saveState(state) {
+  const filePath = resolveDebugModePath();
+  fs5.mkdirSync(path8.dirname(filePath), { recursive: true });
+  fs5.writeFileSync(filePath, JSON.stringify(state, null, 2), "utf-8");
+}
+function toggleDebugMode(accountId) {
+  const state = loadState();
+  const next = !state.accounts[accountId];
+  state.accounts[accountId] = next;
+  try {
+    saveState(state);
+  } catch (err) {
+    logger.error(`debug-mode: failed to persist state: ${String(err)}`);
+  }
+  return next;
+}
+var init_debug_mode = __esm(() => {
+  init_state_dir();
+  init_logger();
 });
-function buildWeixinSdkImportCandidates(explicitPath, _moduleUrl = import.meta.url) {
-  const candidates = [];
-  if (explicitPath) {
-    candidates.push(explicitPath);
+// src/weixin/messaging/slash-commands.ts
+async function sendReply(ctx, text) {
+  const opts = {
+    baseUrl: ctx.baseUrl,
+    token: ctx.token,
+    contextToken: ctx.contextToken
+  };
+  await sendMessageWeixin({ to: ctx.to, text, opts });
+}
+async function handleEcho(ctx, args, receivedAt, eventTimestamp) {
+  const message = args.trim();
+  if (message) {
+    await sendReply(ctx, message);
+  }
+  const eventTs = eventTimestamp ?? 0;
+  const platformDelay = eventTs > 0 ? `${receivedAt - eventTs}ms` : "N/A";
+  const timing = [
+    "⏱ 通道耗时",
+    `├ 事件时间: ${eventTs > 0 ? new Date(eventTs).toISOString() : "N/A"}`,
+    `├ 平台→插件: ${platformDelay}`,
+    `└ 插件处理: ${Date.now() - receivedAt}ms`
+  ].join(`
+`);
+  await sendReply(ctx, timing);
+}
+async function handleSlashCommand(content, ctx, receivedAt, eventTimestamp) {
+  const trimmed = content.trim();
+  if (!trimmed.startsWith("/")) {
+    return { handled: false };
+  }
+  const spaceIdx = trimmed.indexOf(" ");
+  const command = spaceIdx === -1 ? trimmed.toLowerCase() : trimmed.slice(0, spaceIdx).toLowerCase();
+  const args = spaceIdx === -1 ? "" : trimmed.slice(spaceIdx + 1);
+  logger.info(`[weixin] Slash command: ${command}, args: ${args.slice(0, 50)}`);
+  try {
+    switch (command) {
+      case "/echo":
+        await handleEcho(ctx, args, receivedAt, eventTimestamp);
+        return { handled: true };
+      case "/toggle-debug": {
+        const enabled = toggleDebugMode(ctx.accountId);
+        await sendReply(ctx, enabled ? "Debug 模式已开启" : "Debug 模式已关闭");
+        return { handled: true };
+      }
+      case "/clear": {
+        ctx.onClear?.();
+        await sendReply(ctx, "✅ 会话已清除，重新开始对话");
+        return { handled: true };
+      }
+      case "/logout": {
+        if (listWeixinAccountIds().length === 0) {
+          await sendReply(ctx, "当前没有已登录的账号");
+          return { handled: true };
+        }
+        clearAllWeixinAccounts();
+        await sendReply(ctx, "✅ 已退出登录，清除所有账号凭证");
+        return { handled: true };
+      }
+      default:
+        return { handled: false };
+    }
+  } catch (err) {
+    logger.error(`[weixin] Slash command error: ${String(err)}`);
+    try {
+      await sendReply(ctx, `❌ 指令执行失败: ${String(err).slice(0, 200)}`);
+    } catch {}
+    return { handled: true };
   }
-  candidates.push("weixin-agent-sdk");
-  return candidates;
 }
-function buildWeixinSdkSourceCandidates(explicitPath, _moduleUrl = import.meta.url) {
-  if (explicitPath) {
-    return [explicitPath];
+var init_slash_commands = __esm(() => {
+  init_accounts();
+  init_logger();
+  init_debug_mode();
+  init_send();
+});
+// src/weixin/messaging/process-message.ts
+import crypto4 from "node:crypto";
+import fs6 from "node:fs/promises";
+import path9 from "node:path";
+async function saveMediaBuffer(buffer, contentType, subdir, _maxBytes, originalFilename) {
+  const dir = path9.join(MEDIA_TEMP_DIR, subdir ?? "");
+  await fs6.mkdir(dir, { recursive: true });
+  let ext = ".bin";
+  if (originalFilename) {
+    ext = path9.extname(originalFilename) || ".bin";
+  } else if (contentType) {
+    ext = getExtensionFromMime(contentType);
+  }
+  const name = `${Date.now()}-${crypto4.randomBytes(4).toString("hex")}${ext}`;
+  const filePath = path9.join(dir, name);
+  await fs6.writeFile(filePath, buffer);
+  return { path: filePath };
+}
+function extractTextBody(itemList) {
+  if (!itemList?.length)
+    return "";
+  for (const item of itemList) {
+    if (item.type === MessageItemType.TEXT && item.text_item?.text != null) {
+      return String(item.text_item.text);
+    }
   }
-  return [];
+  return "";
 }
-async function loadWeixinSdk() {
-  const candidates = buildWeixinSdkImportCandidates(process.env.WEACPX_WEIXIN_SDK, import.meta.url);
-  const errors = [];
-  for (const candidate of candidates) {
+function findMediaItem(itemList) {
+  if (!itemList?.length)
+    return;
+  const direct = itemList.find((i) => i.type === MessageItemType.IMAGE && hasDownloadableMedia(i.image_item?.media)) ?? itemList.find((i) => i.type === MessageItemType.VIDEO && hasDownloadableMedia(i.video_item?.media)) ?? itemList.find((i) => i.type === MessageItemType.FILE && hasDownloadableMedia(i.file_item?.media)) ?? itemList.find((i) => i.type === MessageItemType.VOICE && hasDownloadableMedia(i.voice_item?.media) && !i.voice_item?.text);
+  if (direct)
+    return direct;
+  const refItem = itemList.find((i) => i.type === MessageItemType.TEXT && i.ref_msg?.message_item && isMediaItem(i.ref_msg.message_item));
+  return refItem?.ref_msg?.message_item ?? undefined;
+}
+async function processOneMessage(full, deps) {
+  const receivedAt = Date.now();
+  const textBody = extractTextBody(full.item_list);
+  if (textBody.startsWith("/")) {
+    const conversationId = full.from_user_id ?? "";
+    const slashResult = await handleSlashCommand(textBody, {
+      to: conversationId,
+      contextToken: full.context_token,
+      baseUrl: deps.baseUrl,
+      token: deps.token,
+      accountId: deps.accountId,
+      log: deps.log,
+      errLog: deps.errLog,
+      onClear: () => deps.agent.clearSession?.(conversationId)
+    }, receivedAt, full.create_time_ms);
+    if (slashResult.handled)
+      return;
+  }
+  const contextToken = full.context_token;
+  if (contextToken) {
+    setContextToken(deps.accountId, full.from_user_id ?? "", contextToken);
+  }
+  let media;
+  const mediaItem = findMediaItem(full.item_list);
+  if (mediaItem) {
     try {
-      return await import(candidate);
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      errors.push(`${candidate}: ${message}`);
+      const downloaded = await downloadMediaFromItem(mediaItem, {
+        cdnBaseUrl: deps.cdnBaseUrl,
+        saveMedia: saveMediaBuffer,
+        log: deps.log,
+        errLog: deps.errLog,
+        label: "inbound"
+      });
+      if (downloaded.decryptedPicPath) {
+        media = { type: "image", filePath: downloaded.decryptedPicPath, mimeType: "image/*" };
+      } else if (downloaded.decryptedVideoPath) {
+        media = { type: "video", filePath: downloaded.decryptedVideoPath, mimeType: "video/mp4" };
+      } else if (downloaded.decryptedFilePath) {
+        media = {
+          type: "file",
+          filePath: downloaded.decryptedFilePath,
+          mimeType: downloaded.fileMediaType ?? "application/octet-stream"
+        };
+      } else if (downloaded.decryptedVoicePath) {
+        media = {
+          type: "audio",
+          filePath: downloaded.decryptedVoicePath,
+          mimeType: downloaded.voiceMediaType ?? "audio/wav"
+        };
+      }
+    } catch (err) {
+      logger.error(`media download failed: ${String(err)}`);
+    }
+  }
+  const to = full.from_user_id ?? "";
+  const reply = async (text) => {
+    try {
+      await sendMessageWeixin({
+        to,
+        text: markdownToPlainText(text),
+        opts: { baseUrl: deps.baseUrl, token: deps.token, contextToken }
+      });
+    } catch (err) {
+      logger.error(`intermediate reply failed: ${String(err)}`);
+    }
+  };
+  const request = {
+    conversationId: full.from_user_id ?? "",
+    text: bodyFromItemList(full.item_list),
+    media,
+    reply
+  };
+  let typingTimer;
+  const startTyping = () => {
+    if (!deps.typingTicket)
+      return;
+    sendTyping({
+      baseUrl: deps.baseUrl,
+      token: deps.token,
+      body: {
+        ilink_user_id: to,
+        typing_ticket: deps.typingTicket,
+        status: TypingStatus.TYPING
+      }
+    }).catch(() => {});
+  };
+  if (deps.typingTicket) {
+    startTyping();
+    typingTimer = setInterval(startTyping, 1e4);
+  }
+  try {
+    const response = await deps.agent.chat(request);
+    if (response.media) {
+      let filePath;
+      const mediaUrl = response.media.url;
+      if (mediaUrl.startsWith("http://") || mediaUrl.startsWith("https://")) {
+        filePath = await downloadRemoteImageToTemp(mediaUrl, path9.join(MEDIA_TEMP_DIR, "outbound"));
+      } else {
+        filePath = path9.isAbsolute(mediaUrl) ? mediaUrl : path9.resolve(mediaUrl);
+      }
+      await sendWeixinMediaFile({
+        filePath,
+        to,
+        text: response.text ? markdownToPlainText(response.text) : "",
+        opts: { baseUrl: deps.baseUrl, token: deps.token, contextToken },
+        cdnBaseUrl: deps.cdnBaseUrl
+      });
+    } else if (response.text) {
+      await sendMessageWeixin({
+        to,
+        text: markdownToPlainText(response.text),
+        opts: { baseUrl: deps.baseUrl, token: deps.token, contextToken }
+      });
+    }
+  } catch (err) {
+    logger.error(`processOneMessage: agent or send failed: ${err instanceof Error ? err.stack ?? err.message : JSON.stringify(err)}`);
+    sendWeixinErrorNotice({
+      to,
+      contextToken,
+      message: `⚠️ 过程失败：${err instanceof Error ? err.message : JSON.stringify(err)}`,
+      baseUrl: deps.baseUrl,
+      token: deps.token,
+      errLog: deps.errLog
+    });
+  } finally {
+    if (typingTimer)
+      clearInterval(typingTimer);
+    if (deps.typingTicket) {
+      sendTyping({
+        baseUrl: deps.baseUrl,
+        token: deps.token,
+        body: {
+          ilink_user_id: to,
+          typing_ticket: deps.typingTicket,
+          status: TypingStatus.CANCEL
+        }
+      }).catch(() => {});
     }
   }
-  throw new Error([
-    "Unable to load weixin-agent-sdk.",
-    "Tried:",
-    ...errors.map((entry) => `- ${entry}`),
-    'Set WEACPX_WEIXIN_SDK to a local SDK entry file, or install the "weixin-agent-sdk" package.'
-  ].join(`
-`));
 }
+var MEDIA_TEMP_DIR = "/tmp/weixin-agent/media", hasDownloadableMedia = (m) => m?.encrypt_query_param || m?.full_url;
+var init_process_message = __esm(() => {
+  init_api();
+  init_types();
+  init_upload();
+  init_media_download();
+  init_mime();
+  init_logger();
+  init_inbound();
+  init_error_notice();
+  init_send_media();
+  init_send();
+  init_slash_commands();
+});
-// src/login.ts
-var exports_login = {};
-__export(exports_login, {
-  main: () => main,
-  loginWithQrRendering: () => loginWithQrRendering
+// src/weixin/storage/sync-buf.ts
+import fs7 from "node:fs";
+import path10 from "node:path";
+function resolveAccountsDir2() {
+  return path10.join(resolveStateDir(), "openclaw-weixin", "accounts");
+}
+function getSyncBufFilePath(accountId) {
+  return path10.join(resolveAccountsDir2(), `${accountId}.sync.json`);
+}
+function getLegacySyncBufDefaultJsonPath() {
+  return path10.join(resolveStateDir(), "agents", "default", "sessions", ".openclaw-weixin-sync", "default.json");
+}
+function readSyncBufFile(filePath) {
+  try {
+    const raw = fs7.readFileSync(filePath, "utf-8");
+    const data = JSON.parse(raw);
+    if (typeof data.get_updates_buf === "string") {
+      return data.get_updates_buf;
+    }
+  } catch {}
+  return;
+}
+function loadGetUpdatesBuf(filePath) {
+  const value = readSyncBufFile(filePath);
+  if (value !== undefined)
+    return value;
+  const accountId = path10.basename(filePath, ".sync.json");
+  const rawId = deriveRawAccountId(accountId);
+  if (rawId) {
+    const compatPath = path10.join(resolveAccountsDir2(), `${rawId}.sync.json`);
+    const compatValue = readSyncBufFile(compatPath);
+    if (compatValue !== undefined)
+      return compatValue;
+  }
+  return readSyncBufFile(getLegacySyncBufDefaultJsonPath());
+}
+function saveGetUpdatesBuf(filePath, getUpdatesBuf) {
+  const dir = path10.dirname(filePath);
+  fs7.mkdirSync(dir, { recursive: true });
+  fs7.writeFileSync(filePath, JSON.stringify({ get_updates_buf: getUpdatesBuf }, null, 0), "utf-8");
+}
+var init_sync_buf = __esm(() => {
+  init_accounts();
+  init_state_dir();
 });
-async function loadQrLoginSupport() {
-  const candidates = buildWeixinSdkSourceCandidates(process.env.WEACPX_WEIXIN_SDK);
-  for (const candidate of candidates) {
+// src/weixin/monitor/monitor.ts
+async function monitorWeixinProvider(opts) {
+  const {
+    baseUrl,
+    cdnBaseUrl,
+    token,
+    accountId,
+    agent,
+    abortSignal,
+    longPollTimeoutMs
+  } = opts;
+  const log = opts.log ?? ((msg) => console.log(msg));
+  const errLog = (msg) => {
+    log(msg);
+    logger.error(msg);
+  };
+  const aLog = logger.withAccount(accountId);
+  log(`[weixin] monitor started (${baseUrl}, account=${accountId})`);
+  aLog.info(`Monitor started: baseUrl=${baseUrl}`);
+  const syncFilePath = getSyncBufFilePath(accountId);
+  const previousGetUpdatesBuf = loadGetUpdatesBuf(syncFilePath);
+  let getUpdatesBuf = previousGetUpdatesBuf ?? "";
+  if (previousGetUpdatesBuf) {
+    log(`[weixin] resuming from previous sync buf (${getUpdatesBuf.length} bytes)`);
+  } else {
+    log(`[weixin] no previous sync buf, starting fresh`);
+  }
+  const configManager = new WeixinConfigManager({ baseUrl, token }, log);
+  let nextTimeoutMs = longPollTimeoutMs ?? DEFAULT_LONG_POLL_TIMEOUT_MS2;
+  let consecutiveFailures = 0;
+  while (!abortSignal?.aborted) {
     try {
-      const sourceUrl = candidate.startsWith("file:") ? candidate : new URL(candidate, import.meta.url).href;
-      const accounts = await import(new URL("./src/auth/accounts.ts", sourceUrl).href);
-      const loginQr = await import(new URL("./src/auth/login-qr.ts", sourceUrl).href);
-      return { accounts, loginQr };
-    } catch {}
+      const resp = await getUpdates({
+        baseUrl,
+        token,
+        get_updates_buf: getUpdatesBuf,
+        timeoutMs: nextTimeoutMs,
+        abortSignal
+      });
+      if (resp.longpolling_timeout_ms != null && resp.longpolling_timeout_ms > 0) {
+        nextTimeoutMs = resp.longpolling_timeout_ms;
+      }
+      const isApiError = resp.ret !== undefined && resp.ret !== 0 || resp.errcode !== undefined && resp.errcode !== 0;
+      if (isApiError) {
+        const isSessionExpired = resp.errcode === SESSION_EXPIRED_ERRCODE || resp.ret === SESSION_EXPIRED_ERRCODE;
+        if (isSessionExpired) {
+          pauseSession(accountId);
+          const pauseMs = getRemainingPauseMs(accountId);
+          errLog(`[weixin] session expired (errcode ${SESSION_EXPIRED_ERRCODE}), pausing for ${Math.ceil(pauseMs / 60000)} min. Please run \`npx weixin-acp login\` to re-login.`);
+          consecutiveFailures = 0;
+          await sleep(pauseMs, abortSignal);
+          continue;
+        }
+        consecutiveFailures += 1;
+        errLog(`[weixin] getUpdates failed: ret=${resp.ret} errcode=${resp.errcode} errmsg=${resp.errmsg ?? ""} (${consecutiveFailures}/${MAX_CONSECUTIVE_FAILURES})`);
+        if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+          errLog(`[weixin] ${MAX_CONSECUTIVE_FAILURES} consecutive failures, backing off 30s`);
+          consecutiveFailures = 0;
+          await sleep(BACKOFF_DELAY_MS, abortSignal);
+        } else {
+          await sleep(RETRY_DELAY_MS, abortSignal);
+        }
+        continue;
+      }
+      consecutiveFailures = 0;
+      if (resp.get_updates_buf != null && resp.get_updates_buf !== "") {
+        saveGetUpdatesBuf(syncFilePath, resp.get_updates_buf);
+        getUpdatesBuf = resp.get_updates_buf;
+      }
+      const list = resp.msgs ?? [];
+      for (const full of list) {
+        aLog.info(`inbound: from=${full.from_user_id} types=${full.item_list?.map((i) => i.type).join(",") ?? "none"}`);
+        const fromUserId = full.from_user_id ?? "";
+        const cachedConfig = await configManager.getForUser(fromUserId, full.context_token);
+        await processOneMessage(full, {
+          accountId,
+          agent,
+          baseUrl,
+          cdnBaseUrl,
+          token,
+          typingTicket: cachedConfig.typingTicket,
+          log,
+          errLog
+        });
+      }
+    } catch (err) {
+      if (abortSignal?.aborted) {
+        aLog.info(`Monitor stopped (aborted)`);
+        return;
+      }
+      consecutiveFailures += 1;
+      errLog(`[weixin] getUpdates error (${consecutiveFailures}/${MAX_CONSECUTIVE_FAILURES}): ${String(err)}`);
+      if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+        consecutiveFailures = 0;
+        await sleep(BACKOFF_DELAY_MS, abortSignal);
+      } else {
+        await sleep(RETRY_DELAY_MS, abortSignal);
+      }
+    }
   }
-  return null;
+  aLog.info(`Monitor ended`);
 }
-async function loginWithQrRendering() {
-  const support = await loadQrLoginSupport();
-  if (!support) {
-    const { login } = await loadWeixinSdk();
-    await login();
-    return;
-  }
-  const { accounts, loginQr } = support;
-  const apiBaseUrl = accounts.DEFAULT_BASE_URL;
-  console.log("正在启动微信扫码登录...");
-  const startResult = await loginQr.startWeixinLoginWithQr({
+function sleep(ms, signal) {
+  return new Promise((resolve, reject) => {
+    const t = setTimeout(resolve, ms);
+    signal?.addEventListener("abort", () => {
+      clearTimeout(t);
+      reject(new Error("aborted"));
+    }, { once: true });
+  });
+}
+var DEFAULT_LONG_POLL_TIMEOUT_MS2 = 35000, MAX_CONSECUTIVE_FAILURES = 3, BACKOFF_DELAY_MS = 30000, RETRY_DELAY_MS = 2000;
+var init_monitor = __esm(() => {
+  init_api();
+  init_config_cache();
+  init_session_guard();
+  init_process_message();
+  init_sync_buf();
+  init_logger();
+});
+// src/weixin/bot.ts
+async function login(opts) {
+  const log = opts?.log ?? console.log;
+  const apiBaseUrl = opts?.baseUrl ?? DEFAULT_BASE_URL;
+  log("正在启动微信扫码登录...");
+  const startResult = await startWeixinLoginWithQr({
     apiBaseUrl,
-    botType: loginQr.DEFAULT_ILINK_BOT_TYPE
+    botType: DEFAULT_ILINK_BOT_TYPE
   });
   if (!startResult.qrcodeUrl) {
     throw new Error(startResult.message);
   }
-  console.log(`
+  log(`
 使用微信扫描以下二维码，以完成连接：
 `);
-  await new Promise((resolve) => {
-    import_qrcode_terminal.default.generate(startResult.qrcodeUrl, { small: true }, (qr) => {
-      console.log(qr);
-      resolve();
+  try {
+    const qrcodeterminal = await Promise.resolve().then(() => __toESM(require_main(), 1));
+    await new Promise((resolve) => {
+      qrcodeterminal.default.generate(startResult.qrcodeUrl, { small: true }, (qr) => {
+        console.log(qr);
+        resolve();
+      });
     });
-  });
-  console.log(`
+  } catch {
+    log(`二维码链接: ${startResult.qrcodeUrl}`);
+  }
+  log(`
 等待扫码...
 `);
-  const waitResult = await loginQr.waitForWeixinLogin({
+  const waitResult = await waitForWeixinLogin({
     sessionKey: startResult.sessionKey,
     apiBaseUrl,
     timeoutMs: 480000,
-    botType: loginQr.DEFAULT_ILINK_BOT_TYPE
+    botType: DEFAULT_ILINK_BOT_TYPE
   });
   if (!waitResult.connected || !waitResult.botToken || !waitResult.accountId) {
     throw new Error(waitResult.message);
   }
-  const normalizedId = accounts.normalizeAccountId(waitResult.accountId);
-  accounts.saveWeixinAccount(normalizedId, {
+  const normalizedId = normalizeAccountId(waitResult.accountId);
+  saveWeixinAccount(normalizedId, {
     token: waitResult.botToken,
     baseUrl: waitResult.baseUrl,
     userId: waitResult.userId
   });
-  accounts.registerWeixinAccountId(normalizedId);
-  console.log(`
+  registerWeixinAccountId(normalizedId);
+  log(`
 ✅ 与微信连接成功！`);
+  return normalizedId;
 }
-async function main() {
-  await loginWithQrRendering();
+function logout(opts) {
+  const log = opts?.log ?? console.log;
+  const ids = listWeixinAccountIds();
+  if (ids.length === 0) {
+    log("当前没有已登录的账号");
+    return;
+  }
+  clearAllWeixinAccounts();
+  log("✅ 已退出登录");
 }
-var import_qrcode_terminal;
-var init_login = __esm(async () => {
-  import_qrcode_terminal = __toESM(require_main(), 1);
-  if (false) {}
+function isLoggedIn() {
+  const ids = listWeixinAccountIds();
+  if (ids.length === 0)
+    return false;
+  const account = resolveWeixinAccount(ids[0]);
+  return account.configured;
+}
+async function start(agent, opts) {
+  const log = opts?.log ?? console.log;
+  let accountId = opts?.accountId;
+  if (!accountId) {
+    const ids = listWeixinAccountIds();
+    if (ids.length === 0) {
+      throw new Error("没有已登录的账号，请先运行 login");
+    }
+    accountId = ids[0];
+    if (ids.length > 1) {
+      log(`[weixin] 检测到多个账号，使用第一个: ${accountId}`);
+    }
+  }
+  const account = resolveWeixinAccount(accountId);
+  if (!account.configured) {
+    throw new Error(`账号 ${accountId} 未配置 (缺少 token)，请先运行 login`);
+  }
+  log(`[weixin] 启动 bot, account=${account.accountId}`);
+  await monitorWeixinProvider({
+    baseUrl: account.baseUrl,
+    cdnBaseUrl: account.cdnBaseUrl,
+    token: account.token,
+    accountId: account.accountId,
+    agent,
+    abortSignal: opts?.abortSignal,
+    log
+  });
+}
+var init_bot = __esm(() => {
+  init_accounts();
+  init_login_qr();
+  init_monitor();
+});
+// src/weixin/index.ts
+var exports_weixin = {};
+__export(exports_weixin, {
+  start: () => start,
+  sendMessageWeixin: () => sendMessageWeixin,
+  resolveWeixinAccount: () => resolveWeixinAccount,
+  markdownToPlainText: () => markdownToPlainText,
+  logout: () => logout,
+  login: () => login,
+  listWeixinAccountIds: () => listWeixinAccountIds,
+  isLoggedIn: () => isLoggedIn,
+  getContextToken: () => getContextToken,
+  clearAllWeixinAccounts: () => clearAllWeixinAccounts
+});
+var init_weixin = __esm(() => {
+  init_bot();
+  init_send();
+  init_inbound();
+  init_accounts();
+});
+// src/weixin-sdk.ts
+var exports_weixin_sdk = {};
+__export(exports_weixin_sdk, {
+  start: () => start,
+  resolveWeixinAccount: () => resolveWeixinAccount,
+  logout: () => logout,
+  login: () => login,
+  loadWeixinSdk: () => loadWeixinSdk,
+  listWeixinAccountIds: () => listWeixinAccountIds,
+  isLoggedIn: () => isLoggedIn,
+  clearAllWeixinAccounts: () => clearAllWeixinAccounts
+});
+async function loadWeixinSdk() {
+  const { login: login2, start: start2, isLoggedIn: isLoggedIn2 } = await Promise.resolve().then(() => (init_weixin(), exports_weixin));
+  return { login: login2, start: start2, isLoggedIn: isLoggedIn2 };
+}
+var init_weixin_sdk = __esm(() => {
+  init_weixin();
+  init_weixin();
 });
 // src/config/agent-templates.ts
@@ -1204,6 +3351,9 @@ function renderHelpText() {
     "/ss new <agent> -d <path>",
     "/ss new <alias> -a <name> --ws <name>",
     "/ss attach <alias> -a <name> --ws <name> --name <transport-session>",
+    "/pm 或 /permission",
+    "/pm set <allow|read|deny>",
+    "/pm auto [allow|deny|fail]",
     "/use <alias>",
     "/status",
     "/cancel 或 /stop"
@@ -1242,19 +3392,19 @@ function createAppLogger(options) {
   const now = options.now ?? (() => new Date);
   return {
     debug: async (event, message, context) => {
-      await writeLog("debug", event, message, context);
+      await writeLog2("debug", event, message, context);
     },
     info: async (event, message, context) => {
-      await writeLog("info", event, message, context);
+      await writeLog2("info", event, message, context);
     },
     error: async (event, message, context) => {
-      await writeLog("error", event, message, context);
+      await writeLog2("error", event, message, context);
     },
     cleanup: async () => {
       await cleanupExpiredRotatedLogs(options.filePath, options.retentionDays, now);
     }
   };
-  async function writeLog(level, event, message, context = {}) {
+  async function writeLog2(level, event, message, context = {}) {
     if (LEVEL_ORDER[level] > LEVEL_ORDER[options.level]) {
       return;
     }
@@ -1326,24 +3476,156 @@ function formatLogLine(time, level, event, message, context) {
   return `${time.toISOString()} ${level.toUpperCase()} ${event} message=${formatValue(message)}${suffix}
 `;
 }
-function formatValue(value) {
-  if (value === null) {
-    return "null";
+function formatValue(value) {
+  if (value === null) {
+    return "null";
+  }
+  if (typeof value === "number" || typeof value === "boolean") {
+    return String(value);
+  }
+  return JSON.stringify(value);
+}
+function isMissingFileError(error) {
+  return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}
+var LEVEL_ORDER;
+var init_app_logger = __esm(() => {
+  LEVEL_ORDER = {
+    error: 0,
+    info: 1,
+    debug: 2
+  };
+});
+// src/transport/prompt-output.ts
+function getPromptText(result) {
+  const stdoutOutput = extractPromptOutput(result.stdout);
+  if (result.code === 0) {
+    return sanitizePromptText(stdoutOutput.text);
+  }
+  const preferredError = extractPromptFailureMessage(result);
+  if (preferredError) {
+    throw new PromptCommandError(preferredError, result);
+  }
+  const stderrOutput = extractPromptOutput(result.stderr);
+  const partialReply = [stdoutOutput, stderrOutput].filter((output) => output.hasAgentMessage && output.text.length > 0).map((output) => sanitizePromptText(output.text)).find((text) => text.length > 0);
+  if (partialReply) {
+    return partialReply;
+  }
+  throw new PromptCommandError(`command failed with exit code ${result.code}`, result);
+}
+function normalizeCommandError(result) {
+  const preferredError = extractPromptFailureMessage(result);
+  if (preferredError) {
+    return preferredError;
+  }
+  return result.stdout.trim() || null;
+}
+function extractPromptFailureMessage(result) {
+  const rpcMessages = extractJsonRpcErrorMessages(result.stderr).concat(extractJsonRpcErrorMessages(result.stdout)).filter((message) => message.length > 0);
+  const preferredMessage = [...rpcMessages].reverse().find((message) => message !== "Resource not found");
+  if (preferredMessage) {
+    return preferredMessage;
+  }
+  if (rpcMessages.length > 0) {
+    return rpcMessages[rpcMessages.length - 1] ?? null;
+  }
+  const stderrText = result.stderr.trim();
+  if (stderrText.length > 0) {
+    return stderrText;
+  }
+  return null;
+}
+function extractPromptOutput(output) {
+  const lines = output.split(`
+`).map((line) => line.trim()).filter((line) => line.length > 0);
+  const messageSegments = [];
+  let currentSegment = "";
+  let hasAgentMessage = false;
+  for (const line of lines) {
+    try {
+      const event = JSON.parse(line);
+      const isMessageChunk = event.method === "session/update" && event.params?.update?.sessionUpdate === "agent_message_chunk" && event.params.update.content?.type === "text" && typeof event.params.update.content.text === "string";
+      if (isMessageChunk) {
+        hasAgentMessage = true;
+        const chunk = event.params.update.content.text ?? "";
+        if (chunk.length > 0) {
+          currentSegment += chunk;
+        }
+        continue;
+      }
+      if (currentSegment.trim().length > 0) {
+        messageSegments.push(currentSegment.trim());
+      }
+      currentSegment = "";
+    } catch {
+      if (currentSegment.trim().length > 0) {
+        messageSegments.push(currentSegment.trim());
+        currentSegment = "";
+      }
+    }
+  }
+  if (currentSegment.trim().length > 0) {
+    messageSegments.push(currentSegment.trim());
+  }
+  if (messageSegments.length > 0) {
+    return {
+      text: messageSegments[messageSegments.length - 1],
+      hasAgentMessage
+    };
+  }
+  return {
+    text: output.trim(),
+    hasAgentMessage
+  };
+}
+function sanitizePromptText(text) {
+  const trimmed = text.trim();
+  const paragraphs = trimmed.split(/\n\s*\n/);
+  if (paragraphs.length < 2) {
+    return trimmed;
   }
-  if (typeof value === "number" || typeof value === "boolean") {
-    return String(value);
+  const firstParagraph = paragraphs[0].trim().replace(/\s+/g, " ").toLowerCase();
+  if (!looksLikeWorkflowPreamble(firstParagraph)) {
+    return trimmed;
   }
-  return JSON.stringify(value);
+  return paragraphs.slice(1).join(`
+`).trim();
 }
-function isMissingFileError(error) {
-  return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+function looksLikeWorkflowPreamble(paragraph) {
+  if (!paragraph.startsWith("using ")) {
+    return false;
+  }
+  return paragraph.includes("using-superpowers") || paragraph.includes("repo workflow requirement") || paragraph.includes("workflow requirement") || paragraph.includes("before responding") || paragraph.includes("skill check");
 }
-var LEVEL_ORDER;
-var init_app_logger = __esm(() => {
-  LEVEL_ORDER = {
-    error: 0,
-    info: 1,
-    debug: 2
+function extractJsonRpcErrorMessages(output) {
+  return output.split(`
+`).map((line) => line.trim()).filter((line) => line.length > 0).flatMap((line) => {
+    try {
+      const payload = JSON.parse(line);
+      if (typeof payload.error?.message === "string" && payload.error.message.length > 0) {
+        return [payload.error.message];
+      }
+    } catch {
+      return [];
+    }
+    return [];
+  });
+}
+var PromptCommandError;
+var init_prompt_output = __esm(() => {
+  PromptCommandError = class PromptCommandError extends Error {
+    exitCode;
+    stdout;
+    stderr;
+    constructor(message, result) {
+      super(message);
+      this.name = "PromptCommandError";
+      this.exitCode = result.code;
+      this.stdout = result.stdout;
+      this.stderr = result.stderr;
+    }
   };
 });
@@ -1367,10 +3649,27 @@ function parseCommand(input) {
     return { kind: "status" };
   if (command === "/cancel")
     return { kind: "cancel" };
+  if (command === "/permission" && parts.length === 1)
+    return { kind: "permission.status" };
   if (command === "/session" && parts.length === 1)
     return { kind: "sessions" };
   if (command === "/workspace" && parts.length === 1)
     return { kind: "workspaces" };
+  if (command === "/permission" && parts[1] === "set") {
+    const mode = toPermissionMode(parts[2] ?? "");
+    if (mode) {
+      return { kind: "permission.mode.set", mode };
+    }
+  }
+  if (command === "/permission" && parts[1] === "auto") {
+    if (parts.length === 2) {
+      return { kind: "permission.auto.status" };
+    }
+    const policy = toNonInteractivePermission(parts[2] ?? "");
+    if (policy) {
+      return { kind: "permission.auto.set", policy };
+    }
+  }
   if (command === "/use" && parts[1]) {
     return { kind: "session.use", alias: parts[1] };
   }
@@ -1461,6 +3760,8 @@ function normalizeCommand(command) {
     return "/session";
   if (command === "/ws")
     return "/workspace";
+  if (command === "/pm")
+    return "/permission";
   if (command === "/stop")
     return "/cancel";
   return command;
@@ -1468,6 +3769,21 @@ function normalizeCommand(command) {
 function isRecognizedCommand(command) {
   return RECOGNIZED_COMMANDS.has(command);
 }
+function toPermissionMode(value) {
+  if (value === "allow")
+    return "approve-all";
+  if (value === "read")
+    return "approve-reads";
+  if (value === "deny")
+    return "deny-all";
+  return null;
+}
+function toNonInteractivePermission(value) {
+  if (value === "allow" || value === "deny" || value === "fail") {
+    return value;
+  }
+  return null;
+}
 function tokenizeCommand(input) {
   const tokens = [];
   let current = "";
@@ -1508,6 +3824,7 @@ var init_parse_command = __esm(() => {
     "/sessions",
     "/status",
     "/cancel",
+    "/permission",
     "/session",
     "/workspace",
     "/use",
@@ -1526,14 +3843,14 @@ class CommandRouter {
   config;
   configStore;
   logger;
-  constructor(sessions, transport, config, configStore, logger) {
+  constructor(sessions, transport, config, configStore, logger2) {
     this.sessions = sessions;
     this.transport = transport;
     this.config = config;
     this.configStore = configStore;
-    this.logger = logger ?? createNoopAppLogger();
+    this.logger = logger2 ?? createNoopAppLogger();
   }
-  async handle(chatKey, input) {
+  async handle(chatKey, input, reply) {
     const startedAt = Date.now();
     const command = parseCommand(input);
     await this.logger.debug("command.parsed", "parsed inbound command", {
@@ -1582,6 +3899,30 @@ class CommandRouter {
           this.replaceConfig(updated);
           return { text: `Agent「${command.name}」已删除` };
         }
+        case "permission.status":
+          return { text: this.renderPermissionStatus("当前权限模式：") };
+        case "permission.mode.set": {
+          if (!this.config || !this.configStore) {
+            return { text: "当前没有加载可写入的配置。" };
+          }
+          const updated = await this.configStore.updateTransport({
+            permissionMode: command.mode
+          });
+          this.replaceConfig(updated);
+          return { text: this.renderPermissionStatus("权限模式已更新：") };
+        }
+        case "permission.auto.status":
+          return { text: this.renderPermissionStatus("当前非交互策略：") };
+        case "permission.auto.set": {
+          if (!this.config || !this.configStore) {
+            return { text: "当前没有加载可写入的配置。" };
+          }
+          const updated = await this.configStore.updateTransport({
+            nonInteractivePermissions: command.policy
+          });
+          this.replaceConfig(updated);
+          return { text: this.renderPermissionStatus("非交互策略已更新：") };
+        }
         case "workspaces":
           return { text: this.config ? renderWorkspaces(this.config) : "No config loaded." };
         case "workspace.new": {
@@ -1703,8 +4044,8 @@ class CommandRouter {
             return { text: "当前还没有选中的会话。请先执行 /session new ... 或 /use <alias>。" };
           }
           try {
-            const reply = await this.promptTransportSession(session, command.text);
-            return { text: reply.text };
+            const result = await this.promptTransportSession(session, command.text, reply);
+            return { text: result.text };
           } catch (error) {
             return this.renderTransportError(session, error);
           }
@@ -1779,6 +4120,12 @@ class CommandRouter {
     this.config.agents = { ...updated.agents };
     this.config.workspaces = { ...updated.workspaces };
   }
+  renderPermissionStatus(title) {
+    const permissionMode = this.config?.transport.permissionMode ?? "approve-all";
+    const nonInteractivePermissions = this.config?.transport.nonInteractivePermissions ?? "fail";
+    return [title, `- mode: ${permissionMode}`, `- auto: ${nonInteractivePermissions}`].join(`
+`);
+  }
   renderTransportError(session, error) {
     const message = error instanceof Error ? error.message : String(error);
     if (message.includes("No acpx session found")) {
@@ -1897,8 +4244,8 @@ class CommandRouter {
   async checkTransportSession(session) {
     return await this.measureTransportCall("has_session", session, () => this.transport.hasSession(session));
   }
-  async promptTransportSession(session, text) {
-    return await this.measureTransportCall("prompt", session, () => this.transport.prompt(session, text));
+  async promptTransportSession(session, text, reply) {
+    return await this.measureTransportCall("prompt", session, () => this.transport.prompt(session, text, reply));
   }
   async cancelTransportSession(session) {
     return await this.measureTransportCall("cancel", session, () => this.transport.cancel(session));
@@ -1916,28 +4263,40 @@ class CommandRouter {
       });
       return result;
     } catch (error) {
+      const diagnosticContext = error instanceof PromptCommandError ? {
+        exitCode: error.exitCode,
+        stdoutPreview: summarizeTransportDiagnostic(error.stdout),
+        stdoutTailPreview: summarizeTransportDiagnosticTail(error.stdout),
+        stdoutLength: error.stdout.length,
+        ...summarizeTransportNdjson(error.stdout, "stdout"),
+        stderrPreview: summarizeTransportDiagnostic(error.stderr),
+        stderrTailPreview: summarizeTransportDiagnosticTail(error.stderr),
+        stderrLength: error.stderr.length,
+        ...summarizeTransportNdjson(error.stderr, "stderr")
+      } : {};
       await this.logger.error(`transport.${operation}.failed`, "transport operation failed", {
         operation,
         agent: session.agent,
         workspace: session.workspace,
         alias: session.alias,
         durationMs: Date.now() - startedAt,
-        error: error instanceof Error ? error.message : String(error)
+        error: error instanceof Error ? error.message : String(error),
+        ...diagnosticContext
       });
       throw error;
     }
   }
 }
-async function pathExists(path) {
+async function pathExists(path11) {
   try {
-    await access(path);
+    await access(path11);
     return true;
   } catch {
     return false;
   }
 }
-function normalizePathForWorkspace(path) {
-  const expanded = path.startsWith("~") ? homedir() + path.slice(1) : path;
+function normalizePathForWorkspace(path11) {
+  const expanded = path11.startsWith("~") ? homedir() + path11.slice(1) : path11;
   return normalize(expanded);
 }
 function sameWorkspacePath(left, right) {
@@ -1951,12 +4310,66 @@ function sameWorkspacePath(left, right) {
 function summarizeTransportError(message) {
   return message.replace(/\s+/g, " ").trim().slice(0, 200);
 }
+function summarizeTransportDiagnostic(output) {
+  const trimmed = output.replace(/\s+/g, " ").trim();
+  if (trimmed.length === 0) {
+    return;
+  }
+  return trimmed.slice(0, 200);
+}
+function summarizeTransportDiagnosticTail(output) {
+  const trimmed = output.replace(/\s+/g, " ").trim();
+  if (trimmed.length === 0) {
+    return;
+  }
+  return trimmed.slice(-200);
+}
+function summarizeTransportNdjson(output, prefix) {
+  const lines = output.split(`
+`).map((line) => line.trim()).filter((line) => line.length > 0);
+  if (lines.length === 0) {
+    return {};
+  }
+  const methods = new Set;
+  let agentMessageChunkCount = 0;
+  let stopReason;
+  for (const line of lines) {
+    try {
+      const payload = JSON.parse(line);
+      if (typeof payload.method === "string" && payload.method.length > 0) {
+        methods.add(payload.method);
+      }
+      if (payload.params?.update?.sessionUpdate === "agent_message_chunk") {
+        agentMessageChunkCount += 1;
+      }
+      if (typeof payload.result?.stopReason === "string" && payload.result.stopReason.length > 0) {
+        stopReason = payload.result.stopReason;
+      }
+    } catch {
+      continue;
+    }
+  }
+  const summary = {
+    [`${prefix}LineCount`]: lines.length
+  };
+  if (methods.size > 0) {
+    summary[`${prefix}Methods`] = [...methods].join(",");
+  }
+  if (agentMessageChunkCount > 0) {
+    summary[`${prefix}AgentMessageChunkCount`] = agentMessageChunkCount;
+  }
+  if (stopReason) {
+    summary[`${prefix}StopReason`] = stopReason;
+  }
+  return summary;
+}
 function isPartialPromptOutputError(message) {
   return message.includes("未收到最终回复");
 }
 var init_command_router = __esm(() => {
   init_agent_templates();
   init_app_logger();
+  init_prompt_output();
   init_parse_command();
 });
@@ -1980,8 +4393,8 @@ import { readFile as readFile3 } from "node:fs/promises";
 function isRecord(value) {
   return typeof value === "object" && value !== null;
 }
-async function loadConfig(path, options = {}) {
-  const raw = JSON.parse(await readFile3(path, "utf8"));
+async function loadConfig(path11, options = {}) {
+  const raw = JSON.parse(await readFile3(path11, "utf8"));
   return parseConfig(raw, options);
 }
 function parseConfig(raw, options = {}) {
@@ -1998,6 +4411,12 @@ function parseConfig(raw, options = {}) {
   if ("sessionInitTimeoutMs" in transport && (typeof transport.sessionInitTimeoutMs !== "number" || !Number.isFinite(transport.sessionInitTimeoutMs) || transport.sessionInitTimeoutMs <= 0)) {
     throw new Error("transport.sessionInitTimeoutMs must be a positive number");
   }
+  if ("permissionMode" in transport && transport.permissionMode !== "approve-all" && transport.permissionMode !== "approve-reads" && transport.permissionMode !== "deny-all") {
+    throw new Error("transport.permissionMode must be approve-all, approve-reads, or deny-all");
+  }
+  if ("nonInteractivePermissions" in transport && transport.nonInteractivePermissions !== "allow" && transport.nonInteractivePermissions !== "deny" && transport.nonInteractivePermissions !== "fail") {
+    throw new Error("transport.nonInteractivePermissions must be allow, deny, or fail");
+  }
   if (!isRecord(raw.agents)) {
     throw new Error("agents must be an object");
   }
@@ -2032,8 +4451,9 @@ function parseConfig(raw, options = {}) {
       throw new Error(`workspace "${name}" allowed_agents must be an array of strings`);
     }
   }
+  const rawAgents = raw.agents;
   const agents = {};
-  for (const [name, agent] of Object.entries(raw.agents)) {
+  for (const [name, agent] of Object.entries(rawAgents)) {
     const driver = agent.driver;
     const command = typeof agent.command === "string" ? resolveAgentCommand(driver, agent.command) : undefined;
     agents[name] = {
@@ -2041,21 +4461,29 @@ function parseConfig(raw, options = {}) {
       ...command ? { command } : {}
     };
   }
+  const rawWorkspaces = raw.workspaces;
   const workspaces = {};
-  for (const [name, workspace] of Object.entries(raw.workspaces)) {
+  for (const [name, workspace] of Object.entries(rawWorkspaces)) {
     workspaces[name] = {
       cwd: workspace.cwd,
       ...typeof workspace.description === "string" ? { description: workspace.description } : {}
     };
   }
+  const transportType = transport.type === "acpx-cli" || transport.type === "acpx-bridge" ? transport.type : "acpx-bridge";
+  const permissionMode = transport.permissionMode === "approve-all" || transport.permissionMode === "approve-reads" || transport.permissionMode === "deny-all" ? transport.permissionMode : DEFAULT_PERMISSION_MODE;
+  const nonInteractivePermissions = transport.nonInteractivePermissions === "allow" || transport.nonInteractivePermissions === "deny" || transport.nonInteractivePermissions === "fail" ? transport.nonInteractivePermissions : DEFAULT_NON_INTERACTIVE_PERMISSIONS;
+  const loggingLevel = logging?.level;
+  const resolvedLoggingLevel = loggingLevel === "error" || loggingLevel === "info" || loggingLevel === "debug" ? loggingLevel : options.defaultLoggingLevel ?? DEFAULT_LOGGING_CONFIG.level;
   return {
     transport: {
       ...typeof transport.command === "string" ? { command: transport.command } : {},
       ...typeof transport.sessionInitTimeoutMs === "number" ? { sessionInitTimeoutMs: transport.sessionInitTimeoutMs } : {},
-      type: transport.type ?? "acpx-bridge"
+      type: transportType,
+      permissionMode,
+      nonInteractivePermissions
     },
     logging: {
-      level: typeof logging?.level === "string" ? logging.level : options.defaultLoggingLevel ?? DEFAULT_LOGGING_CONFIG.level,
+      level: resolvedLoggingLevel,
       maxSizeBytes: typeof logging?.maxSizeBytes === "number" ? logging.maxSizeBytes : DEFAULT_LOGGING_CONFIG.maxSizeBytes,
       maxFiles: typeof logging?.maxFiles === "number" ? logging.maxFiles : DEFAULT_LOGGING_CONFIG.maxFiles,
       retentionDays: typeof logging?.retentionDays === "number" ? logging.retentionDays : DEFAULT_LOGGING_CONFIG.retentionDays
@@ -2064,7 +4492,7 @@ function parseConfig(raw, options = {}) {
     workspaces
   };
 }
-var DEFAULT_LOGGING_CONFIG;
+var DEFAULT_LOGGING_CONFIG, DEFAULT_PERMISSION_MODE = "approve-all", DEFAULT_NON_INTERACTIVE_PERMISSIONS = "fail";
 var init_load_config = __esm(() => {
   DEFAULT_LOGGING_CONFIG = {
     level: "info",
@@ -2080,8 +4508,8 @@ import { dirname as dirname5 } from "node:path";
 class ConfigStore {
   path;
-  constructor(path) {
-    this.path = path;
+  constructor(path11) {
+    this.path = path11;
   }
   async load() {
     return await loadConfig(this.path);
@@ -2119,6 +4547,15 @@ class ConfigStore {
     await this.save(config);
     return config;
   }
+  async updateTransport(transport) {
+    const config = await this.load();
+    config.transport = {
+      ...config.transport,
+      ...transport
+    };
+    await this.save(config);
+    return config;
+  }
 }
 var init_config_store = __esm(() => {
   init_load_config();
@@ -2126,14 +4563,14 @@ var init_config_store = __esm(() => {
 // src/config/ensure-config.ts
 import { readFile as readFile4 } from "node:fs/promises";
-async function ensureConfigExists(path) {
+async function ensureConfigExists(path11) {
   try {
-    await loadConfig(path);
+    await loadConfig(path11);
   } catch (error) {
     if (!isMissingFileError2(error)) {
       throw error;
     }
-    const store = new ConfigStore(path);
+    const store = new ConfigStore(path11);
     await store.save(await loadDefaultConfigTemplate());
   }
 }
@@ -2170,7 +4607,7 @@ function resolveAcpxCommand(options = {}) {
   }
   const platform = options.platform ?? process.platform;
   const resolvePackageJson = options.resolvePackageJson ?? ((id) => require2.resolve(id));
-  const readPackageJson = options.readPackageJson ?? ((path) => JSON.parse(readFileSync(path, "utf8")));
+  const readPackageJson = options.readPackageJson ?? ((path11) => JSON.parse(readFileSync(path11, "utf8")));
   try {
     const packageJsonPath = resolvePackageJson("acpx/package.json");
     const pkg = readPackageJson(packageJsonPath);
@@ -2192,9 +4629,9 @@ var init_resolve_acpx_command = __esm(() => {
 class ConsoleAgent {
   router;
   logger;
-  constructor(router, logger) {
+  constructor(router, logger2) {
     this.router = router;
-    this.logger = logger ?? createNoopAppLogger();
+    this.logger = logger2 ?? createNoopAppLogger();
   }
   async chat(request) {
     if (!request.text.trim()) {
@@ -2205,7 +4642,7 @@ class ConsoleAgent {
       kind: request.text.trim().startsWith("/") ? "command" : "prompt",
       text: summarizeText(request.text)
     });
-    return await this.router.handle(request.conversationId, request.text);
+    return await this.router.handle(request.conversationId, request.text, request.reply);
   }
 }
 function summarizeText(text) {
@@ -2332,8 +4769,8 @@ import { dirname as dirname6 } from "node:path";
 class StateStore {
   path;
-  constructor(path) {
-    this.path = path;
+  constructor(path11) {
+    this.path = path11;
   }
   async load() {
     try {
@@ -2377,6 +4814,10 @@ async function runConsole(paths, deps) {
         deps.daemonRuntime?.heartbeat().catch(() => {});
       }, deps.heartbeatIntervalMs ?? 30000);
     }
+    if (!sdk.isLoggedIn()) {
+      console.log("[weacpx] 未检测到登录凭证，正在启动扫码登录...");
+      await sdk.login();
+    }
     await sdk.start(runtime.agent);
   } finally {
     let disposeError = null;
@@ -2405,7 +4846,7 @@ function encodeBridgeRequest(request) {
 // src/transport/acpx-bridge/acpx-bridge-client.ts
 import { spawn as spawn2 } from "node:child_process";
-import { fileURLToPath } from "node:url";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
 import { createInterface } from "node:readline";
 class AcpxBridgeClient {
@@ -2419,7 +4860,10 @@ class AcpxBridgeClient {
     const id = String(this.nextId);
     this.nextId += 1;
     return awaitable((resolve, reject) => {
-      this.pending.set(id, { resolve, reject });
+      this.pending.set(id, {
+        resolve: (value) => resolve(value),
+        reject
+      });
       this.writeLine(encodeBridgeRequest({
         id,
         method,
@@ -2438,6 +4882,14 @@ class AcpxBridgeClient {
       pending.resolve(response.result);
       return;
     }
+    if (response.error.details?.exitCode !== undefined) {
+      pending.reject(new PromptCommandError(response.error.message, {
+        code: response.error.details.exitCode,
+        stdout: response.error.details.stdout ?? "",
+        stderr: response.error.details.stderr ?? ""
+      }));
+      return;
+    }
     pending.reject(new Error(response.error.message));
   }
   handleExit(error) {
@@ -2461,7 +4913,7 @@ function buildBridgeSpawnSpec(options) {
   };
 }
 async function spawnAcpxBridgeClient(options = {}) {
-  const bridgeEntryPath = options.bridgeEntryPath ?? fileURLToPath(new URL("../../bridge/bridge-main.ts", import.meta.url));
+  const bridgeEntryPath = options.bridgeEntryPath ?? fileURLToPath2(new URL("../../bridge/bridge-main.ts", import.meta.url));
   const spawnSpec = buildBridgeSpawnSpec({
     execPath: process.execPath,
     bridgeEntryPath
@@ -2470,7 +4922,9 @@ async function spawnAcpxBridgeClient(options = {}) {
     cwd: options.cwd ?? process.cwd(),
     env: {
       ...process.env,
-      WEACPX_BRIDGE_ACPX_COMMAND: options.acpxCommand ?? "acpx"
+      WEACPX_BRIDGE_ACPX_COMMAND: options.acpxCommand ?? "acpx",
+      WEACPX_BRIDGE_PERMISSION_MODE: options.permissionMode ?? "approve-all",
+      WEACPX_BRIDGE_NON_INTERACTIVE_PERMISSIONS: options.nonInteractivePermissions ?? "fail"
     },
     stdio: ["pipe", "pipe", "inherit"]
   });
@@ -2510,7 +4964,9 @@ function awaitable(executor) {
     executor(resolve, reject);
   });
 }
-var init_acpx_bridge_client = () => {};
+var init_acpx_bridge_client = __esm(() => {
+  init_prompt_output();
+});
 // src/transport/acpx-bridge/acpx-bridge-transport.ts
 class AcpxBridgeTransport {
@@ -2521,7 +4977,7 @@ class AcpxBridgeTransport {
   async ensureSession(session) {
     await this.client.request("ensureSession", this.toParams(session));
   }
-  async prompt(session, text) {
+  async prompt(session, text, _reply) {
     return await this.client.request("prompt", {
       ...this.toParams(session),
       text
@@ -2565,121 +5021,62 @@ var init_spawn_command = __esm(() => {
   SCRIPT_FILE_PATTERN = /\.(c|m)?js$/i;
 });
-// src/transport/prompt-output.ts
-function getPromptText(result) {
-  const stdoutOutput = extractPromptOutput(result.stdout);
-  if (result.code === 0) {
-    return sanitizePromptText(stdoutOutput.text);
-  }
-  const preferredError = extractPromptFailureMessage(result);
-  if (preferredError) {
-    throw new Error(preferredError);
-  }
-  const stderrOutput = extractPromptOutput(result.stderr);
-  const partialReply = [stdoutOutput, stderrOutput].filter((output) => output.hasAgentMessage && output.text.length > 0).map((output) => sanitizePromptText(output.text)).find((text) => text.length > 0);
-  if (partialReply) {
-    return partialReply;
-  }
-  throw new Error(`command failed with exit code ${result.code}`);
-}
-function normalizeCommandError(result) {
-  const preferredError = extractPromptFailureMessage(result);
-  if (preferredError) {
-    return preferredError;
-  }
-  return result.stdout.trim() || null;
-}
-function extractPromptFailureMessage(result) {
-  const rpcMessages = extractJsonRpcErrorMessages(result.stderr).concat(extractJsonRpcErrorMessages(result.stdout)).filter((message) => message.length > 0);
-  const preferredMessage = [...rpcMessages].reverse().find((message) => message !== "Resource not found");
-  if (preferredMessage) {
-    return preferredMessage;
-  }
-  if (rpcMessages.length > 0) {
-    return rpcMessages[rpcMessages.length - 1] ?? null;
-  }
-  const stderrText = result.stderr.trim();
-  if (stderrText.length > 0) {
-    return stderrText;
-  }
-  return null;
-}
-function extractPromptOutput(output) {
-  const lines = output.split(`
-`).map((line) => line.trim()).filter((line) => line.length > 0);
-  const messageSegments = [];
-  let currentSegment = "";
-  let hasAgentMessage = false;
-  for (const line of lines) {
-    try {
-      const event = JSON.parse(line);
-      const isMessageChunk = event.method === "session/update" && event.params?.update?.sessionUpdate === "agent_message_chunk" && event.params.update.content?.type === "text" && typeof event.params.update.content.text === "string";
-      if (isMessageChunk) {
-        hasAgentMessage = true;
-        const chunk = event.params.update.content.text ?? "";
-        if (chunk.length > 0) {
-          currentSegment += chunk;
-        }
-        continue;
-      }
-      if (currentSegment.trim().length > 0) {
-        messageSegments.push(currentSegment.trim());
-      }
-      currentSegment = "";
-    } catch {
-      if (currentSegment.trim().length > 0) {
-        messageSegments.push(currentSegment.trim());
-        currentSegment = "";
+// src/transport/streaming-prompt.ts
+function createStreamingPromptState() {
+  return {
+    buffer: "",
+    segments: [],
+    hasAgentMessage: false,
+    pendingLine: "",
+    finalize() {
+      if (this.pendingLine.trim().length > 0) {
+        parseStreamingChunks(this, this.pendingLine);
       }
+      const remaining = this.buffer.trim();
+      this.buffer = "";
+      this.pendingLine = "";
+      return remaining;
     }
-  }
-  if (currentSegment.trim().length > 0) {
-    messageSegments.push(currentSegment.trim());
-  }
-  if (messageSegments.length > 0) {
-    return {
-      text: messageSegments[messageSegments.length - 1],
-      hasAgentMessage
-    };
-  }
-  return {
-    text: output.trim(),
-    hasAgentMessage
   };
 }
-function sanitizePromptText(text) {
-  const trimmed = text.trim();
-  const paragraphs = trimmed.split(/\n\s*\n/);
-  if (paragraphs.length < 2) {
-    return trimmed;
-  }
-  const firstParagraph = paragraphs[0].trim().replace(/\s+/g, " ").toLowerCase();
-  if (!looksLikeWorkflowPreamble(firstParagraph)) {
-    return trimmed;
+function parseStreamingDataChunk(state, chunk) {
+  state.pendingLine += chunk;
+  let boundary;
+  while ((boundary = state.pendingLine.indexOf(`
+`)) !== -1) {
+    const line = state.pendingLine.slice(0, boundary);
+    state.pendingLine = state.pendingLine.slice(boundary + 1);
+    parseStreamingChunks(state, line);
   }
-  return paragraphs.slice(1).join(`
-`).trim();
 }
-function looksLikeWorkflowPreamble(paragraph) {
-  if (!paragraph.startsWith("using ")) {
-    return false;
+function parseStreamingChunks(state, line) {
+  const trimmed = line.trim();
+  if (trimmed.length === 0)
+    return;
+  let event;
+  try {
+    event = JSON.parse(trimmed);
+  } catch {
+    return;
   }
-  return paragraph.includes("using-superpowers") || paragraph.includes("repo workflow requirement") || paragraph.includes("workflow requirement") || paragraph.includes("before responding") || paragraph.includes("skill check");
-}
-function extractJsonRpcErrorMessages(output) {
-  return output.split(`
-`).map((line) => line.trim()).filter((line) => line.length > 0).flatMap((line) => {
-    try {
-      const payload = JSON.parse(line);
-      if (typeof payload.error?.message === "string" && payload.error.message.length > 0) {
-        return [payload.error.message];
-      }
-    } catch {
-      return [];
+  const isMessageChunk = event.method === "session/update" && event.params?.update?.sessionUpdate === "agent_message_chunk" && event.params.update.content?.type === "text" && typeof event.params.update.content.text === "string";
+  if (!isMessageChunk)
+    return;
+  state.hasAgentMessage = true;
+  const chunk = event.params.update.content.text ?? "";
+  if (chunk.length === 0)
+    return;
+  state.buffer += chunk;
+  let boundary;
+  while ((boundary = state.buffer.indexOf(`
+`)) !== -1) {
+    const segment = state.buffer.slice(0, boundary).trim();
+    state.buffer = state.buffer.slice(boundary + 2);
+    if (segment.length > 0) {
+      state.segments.push(segment);
     }
-    return [];
-  });
+  }
 }
 // src/transport/acpx-cli/node-pty-helper.ts
@@ -2769,11 +5166,15 @@ async function defaultPtyRunner(command, args, options) {
 class AcpxCliTransport {
   command;
   sessionInitTimeoutMs;
+  permissionMode;
+  nonInteractivePermissions;
   runCommand;
   runPtyCommand;
   constructor(options, runCommand = defaultRunner, runPtyCommand = defaultPtyRunner) {
     this.command = options.command ?? "acpx";
     this.sessionInitTimeoutMs = options.sessionInitTimeoutMs ?? 120000;
+    this.permissionMode = options.permissionMode ?? "approve-all";
+    this.nonInteractivePermissions = options.nonInteractivePermissions ?? "fail";
     this.runCommand = runCommand;
     this.runPtyCommand = runPtyCommand;
   }
@@ -2789,8 +5190,13 @@ class AcpxCliTransport {
       timeoutMs: this.sessionInitTimeoutMs
     });
   }
-  async prompt(session, text) {
-    const result = await this.runCommand(this.command, this.buildPromptArgs(session, text));
+  async prompt(session, text, reply) {
+    const args = this.buildPromptArgs(session, text);
+    if (reply) {
+      const result2 = await this.runStreamingPrompt(this.command, args, reply);
+      return { text: getPromptText(result2) };
+    }
+    const result = await this.runCommand(this.command, args);
     return { text: getPromptText(result) };
   }
   async cancel(session) {
@@ -2849,26 +5255,93 @@ class AcpxCliTransport {
       })
     ]);
   }
+  async runStreamingPrompt(command, args, reply, maxSegmentWaitMs = 30000) {
+    return await new Promise((resolve, reject) => {
+      const spawnSpec = resolveSpawnCommand(command, args);
+      const child = spawn3(spawnSpec.command, spawnSpec.args, { stdio: ["ignore", "pipe", "pipe"] });
+      let stdout = "";
+      let stderr = "";
+      const state = createStreamingPromptState();
+      let lastReplyAt = Date.now();
+      const flushBuffer = () => {
+        const remaining = state.buffer.trim();
+        if (remaining.length > 0) {
+          state.buffer = "";
+          reply(remaining).catch(() => {});
+          lastReplyAt = Date.now();
+        }
+      };
+      const timer = setInterval(() => {
+        if (state.buffer.trim().length > 0 && Date.now() - lastReplyAt >= maxSegmentWaitMs) {
+          flushBuffer();
+        }
+      }, 5000);
+      child.stdout.setEncoding("utf8");
+      child.stdout.on("data", (chunk) => {
+        stdout += String(chunk);
+        parseStreamingDataChunk(state, String(chunk));
+        for (const segment of state.segments.splice(0)) {
+          reply(segment).catch(() => {});
+          lastReplyAt = Date.now();
+        }
+      });
+      child.stderr.on("data", (chunk) => {
+        stderr += String(chunk);
+      });
+      child.on("error", (err) => {
+        clearInterval(timer);
+        reject(err);
+      });
+      child.on("close", (code) => {
+        clearInterval(timer);
+        const remaining = state.finalize();
+        if (remaining.length > 0) {
+          reply(remaining).catch(() => {});
+        }
+        resolve({ code: code ?? 1, stdout, stderr });
+      });
+    });
+  }
   buildArgs(session, tail) {
-    const prefix = ["--format", "quiet", "--cwd", session.cwd];
+    const prefix = [
+      "--format",
+      "quiet",
+      "--cwd",
+      session.cwd,
+      ...this.buildPermissionArgs()
+    ];
     if (session.agentCommand) {
       return [...prefix, "--agent", session.agentCommand, ...tail];
     }
     return [...prefix, session.agent, ...tail];
   }
   buildPromptArgs(session, text) {
-    const prefix = ["--format", "json", "--json-strict", "--cwd", session.cwd];
+    const prefix = [
+      "--format",
+      "json",
+      "--json-strict",
+      "--cwd",
+      session.cwd,
+      ...this.buildPermissionArgs()
+    ];
     const tail = ["prompt", "-s", session.transportSession, text];
     if (session.agentCommand) {
       return [...prefix, "--agent", session.agentCommand, ...tail];
     }
     return [...prefix, session.agent, ...tail];
   }
+  buildPermissionArgs() {
+    const modeFlag = this.permissionMode === "approve-reads" ? "--approve-reads" : this.permissionMode === "deny-all" ? "--deny-all" : "--approve-all";
+    return [modeFlag, "--non-interactive-permissions", this.nonInteractivePermissions];
+  }
 }
 function renderCommandForError(args) {
   const rendered = [];
   for (let index = 0;index < args.length; index += 1) {
     const arg = args[index];
+    if (arg === undefined) {
+      continue;
+    }
     if (arg === "--format") {
       index += 1;
       continue;
@@ -2884,6 +5357,7 @@ function renderCommandForError(args) {
 var require3;
 var init_acpx_cli_transport = __esm(() => {
   init_spawn_command();
+  init_prompt_output();
   init_node_pty_helper();
   require3 = createRequire3(import.meta.url);
 });
@@ -2897,14 +5371,14 @@ __export(exports_main, {
 });
 import { homedir as homedir2 } from "node:os";
 import { dirname as dirname8, join as join4 } from "node:path";
-import { fileURLToPath as fileURLToPath2 } from "node:url";
+import { fileURLToPath as fileURLToPath3 } from "node:url";
 async function buildApp(paths, deps = {}) {
   await ensureConfigExists(paths.configPath);
   const configStore = new ConfigStore(paths.configPath);
   const config = await loadConfig(paths.configPath, {
     defaultLoggingLevel: deps.defaultLoggingLevel
   });
-  const logger = createAppLogger({
+  const logger2 = createAppLogger({
     filePath: resolveAppLogPath(paths.configPath),
     level: config.logging.level,
     maxSizeBytes: config.logging.maxSizeBytes,
@@ -2912,24 +5386,26 @@ async function buildApp(paths, deps = {}) {
     retentionDays: config.logging.retentionDays,
     now: deps.loggerNow
   });
-  await logger.cleanup();
+  await logger2.cleanup();
   const acpxCommand = resolveAcpxCommand({ configuredCommand: config.transport.command });
   const stateStore = new StateStore(paths.statePath);
   const state = await stateStore.load();
   const sessions = new SessionService(config, stateStore, state);
   const transport = config.transport.type === "acpx-bridge" ? await (deps.createBridgeTransport?.() ?? Promise.resolve(new AcpxBridgeTransport(await spawnAcpxBridgeClient({
     acpxCommand,
-    bridgeEntryPath: resolveBridgeEntryPath()
+    bridgeEntryPath: resolveBridgeEntryPath(),
+    permissionMode: config.transport.permissionMode,
+    nonInteractivePermissions: config.transport.nonInteractivePermissions
   })))) : deps.createCliTransport?.(acpxCommand) ?? new AcpxCliTransport({ ...config.transport, command: acpxCommand });
-  const router = new CommandRouter(sessions, transport, config, configStore, logger);
-  const agent = new ConsoleAgent(router, logger);
+  const router = new CommandRouter(sessions, transport, config, configStore, logger2);
+  const agent = new ConsoleAgent(router, logger2);
   return {
     agent,
     router,
     sessions,
     stateStore,
     configStore,
-    logger,
+    logger: logger2,
     dispose: async () => {
       if ("dispose" in transport && typeof transport.dispose === "function") {
         await transport.dispose();
@@ -2967,9 +5443,9 @@ function resolveRuntimePaths() {
 }
 function resolveBridgeEntryPath() {
   if (import.meta.url.includes("/dist/")) {
-    return fileURLToPath2(new URL("./bridge/bridge-main.js", import.meta.url));
+    return fileURLToPath3(new URL("./bridge/bridge-main.js", import.meta.url));
   }
-  return fileURLToPath2(new URL("./bridge/bridge-main.ts", import.meta.url));
+  return fileURLToPath3(new URL("./bridge/bridge-main.ts", import.meta.url));
 }
 function resolveAppLogPath(configPath) {
   const rootDir = dirname8(configPath);
@@ -2988,13 +5464,14 @@ var init_main = __esm(async () => {
   init_state_store();
   init_acpx_bridge_client();
   init_acpx_cli_transport();
+  init_weixin_sdk();
   if (false) {}
 });
 // src/cli.ts
 import { homedir as homedir3 } from "node:os";
 import { sep } from "node:path";
-import { fileURLToPath as fileURLToPath3 } from "node:url";
+import { fileURLToPath as fileURLToPath4 } from "node:url";
 // src/daemon/create-daemon-controller.ts
 import { mkdir as mkdir3, open } from "node:fs/promises";
@@ -3366,7 +5843,7 @@ class DaemonRuntime {
 }
 // src/cli.ts
-var HELP_LINES = ["用法：", "weacpx login", "weacpx run", "weacpx start", "weacpx status", "weacpx stop"];
+var HELP_LINES = ["用法：", "weacpx login", "weacpx logout", "weacpx run", "weacpx start", "weacpx status", "weacpx stop"];
 async function runCli(args, deps = {}) {
   const command = args[0];
   const print = deps.print ?? ((line) => console.log(line));
@@ -3375,6 +5852,9 @@ async function runCli(args, deps = {}) {
     case "login":
       await (deps.login ?? defaultLogin)();
       return 0;
+    case "logout":
+      await (deps.logout ?? defaultLogout)();
+      return 0;
     case "run":
       await (deps.run ?? defaultRun)();
       return 0;
@@ -3426,10 +5906,14 @@ async function defaultLogin() {
   const { main: main3 } = await init_login().then(() => exports_login);
   await main3();
 }
+async function defaultLogout() {
+  const { logout: logout2 } = await Promise.resolve().then(() => (init_weixin_sdk(), exports_weixin_sdk));
+  logout2();
+}
 async function defaultRun() {
   const [{ buildApp: buildApp2, resolveRuntimePaths: resolveRuntimePaths2 }, { loadWeixinSdk: loadWeixinSdk2 }, { runConsole: runConsole2 }] = await Promise.all([
     init_main().then(() => exports_main),
-    Promise.resolve().then(() => exports_weixin_sdk),
+    Promise.resolve().then(() => (init_weixin_sdk(), exports_weixin_sdk)),
     Promise.resolve().then(() => exports_run_console)
   ]);
   const runtimePaths = resolveRuntimePaths2();
@@ -3463,7 +5947,7 @@ function resolveCliEntryPath() {
   if (process.argv[1]) {
     return process.argv[1];
   }
-  return fileURLToPath3(import.meta.url);
+  return fileURLToPath4(import.meta.url);
 }
 if (__require.main == __require.module) {
   process.exitCode = await runCli(process.argv.slice(2));