ylib-wecom-openclaw-plugin 2026.4.29

package/dist/src/proactive-markdown-send.d.ts

@@ -0,0 +1,14 @@
+import type { WSClient } from "@wecom/aibot-node-sdk";
+import type { RuntimeEnv } from "ylib-openclaw/plugin-sdk";
+export declare function sendWeComMarkdownMessageChunks(params: {
+    wsClient: WSClient;
+    chatId: string;
+    text: string;
+    runtime?: RuntimeEnv;
+    accountId?: string;
+    label?: string;
+    timeoutMs?: number;
+}): Promise<{
+    messageId: string;
+    chunkCount: number;
+}>;

package/dist/src/proactive-markdown-send.js

@@ -0,0 +1,205 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+exports.__esModule = true;
+exports.sendWeComMarkdownMessageChunks = void 0;
+var const_js_1 = require("./const.js");
+var im_runtime_telemetry_js_1 = require("./im-runtime-telemetry.js");
+var markdown_chunk_js_1 = require("./markdown-chunk.js");
+var timeout_js_1 = require("./timeout.js");
+var IS_TEST_ENV = process.env.VITEST === "true" || process.env.NODE_ENV === "test";
+var INTER_CHUNK_DELAY_MIN_MS = IS_TEST_ENV ? 0 : 200;
+var INTER_CHUNK_DELAY_MAX_MS = IS_TEST_ENV ? 0 : 500;
+var RATE_LIMIT_BACKOFF_MS = IS_TEST_ENV ? [0, 0, 0] : [500, 1000, 2000];
+function sleep(ms) {
+    return new Promise(function (resolve) { return setTimeout(resolve, ms); });
+}
+function randomIntInclusive(min, max) {
+    if (max <= min)
+        return min;
+    return min + Math.floor(Math.random() * (max - min + 1));
+}
+function maybeDelayBetweenChunks() {
+    return __awaiter(this, void 0, void 0, function () {
+        var ms;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (INTER_CHUNK_DELAY_MAX_MS <= 0)
+                        return [2 /*return*/];
+                    ms = randomIntInclusive(INTER_CHUNK_DELAY_MIN_MS, INTER_CHUNK_DELAY_MAX_MS);
+                    if (!(ms > 0)) return [3 /*break*/, 2];
+                    return [4 /*yield*/, sleep(ms)];
+                case 1:
+                    _a.sent();
+                    _a.label = 2;
+                case 2: return [2 /*return*/];
+            }
+        });
+    });
+}
+function isRateLimitedError(err) {
+    var raw = err instanceof Error
+        ? err.name + " " + err.message
+        : typeof err === "object" && err
+            ? JSON.stringify(err)
+            : String(err);
+    var msg = raw.toLowerCase();
+    return (msg.includes("429") ||
+        msg.includes("rate limit") ||
+        msg.includes("too many") ||
+        msg.includes("freq out of limit") ||
+        msg.includes("ret=-19") ||
+        msg.includes("errcode=-19") ||
+        msg.includes("errcode 45009") ||
+        msg.includes("errcode=45009"));
+}
+function buildChunks(text) {
+    var chunks = markdown_chunk_js_1.splitMarkdownIntoSafeChunks(text, const_js_1.TEXT_CHUNK_LIMIT);
+    return chunks.length > 0 ? chunks : [""];
+}
+function sendWeComMarkdownMessageChunks(params) {
+    var _a, _b, _c, _d, _e, _f;
+    return __awaiter(this, void 0, void 0, function () {
+        var wsClient, chatId, runtime, accountId, label, timeoutMs, chunks, lastReqId, _loop_1, i;
+        var _this = this;
+        return __generator(this, function (_g) {
+            switch (_g.label) {
+                case 0:
+                    wsClient = params.wsClient, chatId = params.chatId, runtime = params.runtime, accountId = params.accountId;
+                    label = params.label || "sendWeComMarkdownMessageChunks";
+                    timeoutMs = (_a = params.timeoutMs) !== null && _a !== void 0 ? _a : const_js_1.REPLY_SEND_TIMEOUT_MS;
+                    chunks = buildChunks(params.text || "当前没有可展示的回复内容");
+                    lastReqId = "wecom-" + Date.now();
+                    _loop_1 = function (i) {
+                        var chunk, sendOnce, err_1, retried, retryIndex, delayMs, retryErr_1;
+                        return __generator(this, function (_a) {
+                            switch (_a.label) {
+                                case 0:
+                                    chunk = (_b = chunks[i]) !== null && _b !== void 0 ? _b : "";
+                                    sendOnce = function () { return __awaiter(_this, void 0, void 0, function () {
+                                        var result;
+                                        var _a, _b;
+                                        return __generator(this, function (_c) {
+                                            switch (_c.label) {
+                                                case 0: return [4 /*yield*/, timeout_js_1.withTimeout(wsClient.sendMessage(chatId, {
+                                                        msgtype: "markdown",
+                                                        markdown: { content: chunk }
+                                                    }), timeoutMs, label + " timed out chunk=" + (i + 1) + "/" + chunks.length)];
+                                                case 1:
+                                                    result = _c.sent();
+                                                    lastReqId = (_b = (_a = result === null || result === void 0 ? void 0 : result.headers) === null || _a === void 0 ? void 0 : _a.req_id) !== null && _b !== void 0 ? _b : lastReqId;
+                                                    return [2 /*return*/];
+                                            }
+                                        });
+                                    }); };
+                                    _a.label = 1;
+                                case 1:
+                                    _a.trys.push([1, 3, , 11]);
+                                    return [4 /*yield*/, sendOnce()];
+                                case 2:
+                                    _a.sent();
+                                    return [3 /*break*/, 11];
+                                case 3:
+                                    err_1 = _a.sent();
+                                    if (!isRateLimitedError(err_1)) {
+                                        (_c = runtime === null || runtime === void 0 ? void 0 : runtime.error) === null || _c === void 0 ? void 0 : _c.call(runtime, "[wecom] " + label + ": failed chatId=" + chatId + " chunk=" + (i + 1) + "/" + chunks.length + " err=" + String(err_1));
+                                        throw err_1;
+                                    }
+                                    retried = false;
+                                    retryIndex = 0;
+                                    _a.label = 4;
+                                case 4:
+                                    if (!(retryIndex < RATE_LIMIT_BACKOFF_MS.length)) return [3 /*break*/, 10];
+                                    delayMs = (_d = RATE_LIMIT_BACKOFF_MS[retryIndex]) !== null && _d !== void 0 ? _d : 0;
+                                    (_e = runtime === null || runtime === void 0 ? void 0 : runtime.log) === null || _e === void 0 ? void 0 : _e.call(runtime, "[wecom] " + label + ": rate limited, retry=" + (retryIndex + 1) + "/" + RATE_LIMIT_BACKOFF_MS.length + " chatId=" + chatId + " delay=" + delayMs + "ms");
+                                    if (!(delayMs > 0)) return [3 /*break*/, 6];
+                                    return [4 /*yield*/, sleep(delayMs)];
+                                case 5:
+                                    _a.sent();
+                                    _a.label = 6;
+                                case 6:
+                                    _a.trys.push([6, 8, , 9]);
+                                    return [4 /*yield*/, sendOnce()];
+                                case 7:
+                                    _a.sent();
+                                    retried = true;
+                                    return [3 /*break*/, 10];
+                                case 8:
+                                    retryErr_1 = _a.sent();
+                                    if (!isRateLimitedError(retryErr_1)) {
+                                        (_f = runtime === null || runtime === void 0 ? void 0 : runtime.error) === null || _f === void 0 ? void 0 : _f.call(runtime, "[wecom] " + label + ": retry failed chatId=" + chatId + " chunk=" + (i + 1) + "/" + chunks.length + " err=" + String(retryErr_1));
+                                        throw retryErr_1;
+                                    }
+                                    return [3 /*break*/, 9];
+                                case 9:
+                                    retryIndex++;
+                                    return [3 /*break*/, 4];
+                                case 10:
+                                    if (!retried)
+                                        throw err_1;
+                                    return [3 /*break*/, 11];
+                                case 11:
+                                    if (accountId) {
+                                        im_runtime_telemetry_js_1.imRuntimeRecordChannelActivity("wecom", accountId, "outbound");
+                                    }
+                                    if (!(i < chunks.length - 1)) return [3 /*break*/, 13];
+                                    return [4 /*yield*/, maybeDelayBetweenChunks()];
+                                case 12:
+                                    _a.sent();
+                                    _a.label = 13;
+                                case 13: return [2 /*return*/];
+                            }
+                        });
+                    };
+                    i = 0;
+                    _g.label = 1;
+                case 1:
+                    if (!(i < chunks.length)) return [3 /*break*/, 4];
+                    return [5 /*yield**/, _loop_1(i)];
+                case 2:
+                    _g.sent();
+                    _g.label = 3;
+                case 3:
+                    i++;
+                    return [3 /*break*/, 1];
+                case 4: return [2 /*return*/, { messageId: lastReqId, chunkCount: chunks.length }];
+            }
+        });
+    });
+}
+exports.sendWeComMarkdownMessageChunks = sendWeComMarkdownMessageChunks;

package/dist/src/reqid-store.d.ts

@@ -0,0 +1,23 @@
+/** Store 配置 */
+interface ReqIdStoreOptions {
+    /** TTL 毫秒数，超时的 reqId 视为过期（默认 7 天） */
+    ttlMs?: number;
+    /** 内存最大条目数（默认 200） */
+    memoryMaxSize?: number;
+}
+export interface PersistentReqIdStore {
+    /** 设置 chatId 对应的 reqId（仅写入内存） */
+    set(chatId: string, reqId: string): void;
+    /** 获取 chatId 对应的 reqId（仅内存） */
+    get(chatId: string): Promise<string | undefined>;
+    /** 同步获取 chatId 对应的 reqId（仅内存） */
+    getSync(chatId: string): string | undefined;
+    /** 删除 chatId 对应的 reqId */
+    delete(chatId: string): void;
+    /** 清空内存缓存 */
+    clearMemory(): void;
+    /** 返回内存中的条目数 */
+    memorySize(): number;
+}
+export declare function createPersistentReqIdStore(accountId: string, options?: ReqIdStoreOptions): PersistentReqIdStore;
+export {};

package/dist/src/reqid-store.js

@@ -0,0 +1,136 @@
+"use strict";
+// ============================================================================
+// 类型定义
+// ============================================================================
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __spreadArrays = (this && this.__spreadArrays) || function () {
+    for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length;
+    for (var r = Array(s), k = 0, i = 0; i < il; i++)
+        for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)
+            r[k] = a[j];
+    return r;
+};
+exports.__esModule = true;
+exports.createPersistentReqIdStore = void 0;
+// ============================================================================
+// 常量
+// ============================================================================
+var DEFAULT_TTL_MS = 7 * 24 * 60 * 60 * 1000; // 7 天
+var DEFAULT_MEMORY_MAX_SIZE = 200;
+// ============================================================================
+// 核心实现
+// ============================================================================
+function createPersistentReqIdStore(accountId, options) {
+    var _a, _b;
+    var ttlMs = (_a = options === null || options === void 0 ? void 0 : options.ttlMs) !== null && _a !== void 0 ? _a : DEFAULT_TTL_MS;
+    var memoryMaxSize = (_b = options === null || options === void 0 ? void 0 : options.memoryMaxSize) !== null && _b !== void 0 ? _b : DEFAULT_MEMORY_MAX_SIZE;
+    // 内存层：chatId → ReqIdEntry
+    var memory = new Map();
+    // ========== 内部辅助函数 ==========
+    /** 检查条目是否过期 */
+    function isExpired(entry, now) {
+        return ttlMs > 0 && now - entry.ts >= ttlMs;
+    }
+    /**
+     * 内存容量控制：淘汰最旧的条目。
+     * 利用 Map 的插入顺序 + touch(先 delete 再 set) 实现类 LRU 效果。
+     */
+    function pruneMemory() {
+        if (memory.size <= memoryMaxSize)
+            return;
+        var sorted = __spreadArrays(memory.entries()).sort(function (a, b) { return a[1].ts - b[1].ts; });
+        var toRemove = sorted.slice(0, memory.size - memoryMaxSize);
+        for (var _i = 0, toRemove_1 = toRemove; _i < toRemove_1.length; _i++) {
+            var key = toRemove_1[_i][0];
+            memory["delete"](key);
+        }
+    }
+    // ========== 公开 API ==========
+    function set(chatId, reqId) {
+        var entry = { reqId: reqId, ts: Date.now() };
+        // touch：先删再设，保持 Map 插入顺序（类 LRU）
+        memory["delete"](chatId);
+        memory.set(chatId, entry);
+        pruneMemory();
+    }
+    function get(chatId) {
+        return __awaiter(this, void 0, void 0, function () {
+            var now, memEntry;
+            return __generator(this, function (_a) {
+                now = Date.now();
+                memEntry = memory.get(chatId);
+                if (memEntry && !isExpired(memEntry, now)) {
+                    return [2 /*return*/, memEntry.reqId];
+                }
+                if (memEntry) {
+                    memory["delete"](chatId); // 过期则删除
+                }
+                return [2 /*return*/, undefined];
+            });
+        });
+    }
+    function getSync(chatId) {
+        var now = Date.now();
+        var entry = memory.get(chatId);
+        if (entry && !isExpired(entry, now)) {
+            return entry.reqId;
+        }
+        if (entry) {
+            memory["delete"](chatId);
+        }
+        return undefined;
+    }
+    function del(chatId) {
+        memory["delete"](chatId);
+    }
+    function clearMemory() {
+        memory.clear();
+    }
+    function memorySize() {
+        return memory.size;
+    }
+    return {
+        set: set,
+        get: get,
+        getSync: getSync,
+        "delete": del,
+        clearMemory: clearMemory,
+        memorySize: memorySize
+    };
+}
+exports.createPersistentReqIdStore = createPersistentReqIdStore;

package/dist/src/runtime.d.ts

@@ -0,0 +1,2 @@
+declare const setWeComRuntime: any, getWeComRuntime: any;
+export { setWeComRuntime, getWeComRuntime };

package/dist/src/runtime.js

@@ -0,0 +1,7 @@
+"use strict";
+exports.__esModule = true;
+exports.getWeComRuntime = exports.setWeComRuntime = void 0;
+var plugin_sdk_1 = require("ylib-openclaw/plugin-sdk");
+var _a = plugin_sdk_1.createPluginRuntimeStore("WeCom runtime not initialized"), setWeComRuntime = _a.setRuntime, getWeComRuntime = _a.getRuntime;
+exports.setWeComRuntime = setWeComRuntime;
+exports.getWeComRuntime = getWeComRuntime;

package/dist/src/shared/command-auth.d.ts

@@ -0,0 +1,23 @@
+import type { OpenClawConfig, PluginRuntime } from "ylib-openclaw/plugin-sdk";
+import type { WecomAgentConfig, WecomBotConfig } from "../types/index.js";
+declare type WecomCommandAuthAccountConfig = Pick<WecomBotConfig, "dmPolicy" | "allowFrom"> | Pick<WecomAgentConfig, "dmPolicy" | "allowFrom">;
+export declare function resolveWecomCommandAuthorization(params: {
+    core: PluginRuntime;
+    cfg: OpenClawConfig;
+    accountConfig: WecomCommandAuthAccountConfig;
+    rawBody: string;
+    senderUserId: string;
+}): Promise<{
+    shouldComputeAuth: boolean;
+    dmPolicy: "pairing" | "allowlist" | "open" | "disabled";
+    senderAllowed: boolean;
+    authorizerConfigured: boolean;
+    commandAuthorized: boolean | undefined;
+    effectiveAllowFrom: string[];
+}>;
+export declare function buildWecomUnauthorizedCommandPrompt(params: {
+    senderUserId: string;
+    dmPolicy: "pairing" | "allowlist" | "open" | "disabled";
+    scope: "bot" | "agent";
+}): string;
+export {};

package/dist/src/shared/command-auth.js

@@ -0,0 +1,112 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+exports.__esModule = true;
+exports.buildWecomUnauthorizedCommandPrompt = exports.resolveWecomCommandAuthorization = void 0;
+function normalizeWecomAllowFromEntry(raw) {
+    return raw
+        .trim()
+        .toLowerCase()
+        .replace(/^wecom:/, "")
+        .replace(/^user:/, "")
+        .replace(/^userid:/, "");
+}
+function isWecomSenderAllowed(senderUserId, allowFrom) {
+    var list = allowFrom.map(function (entry) { return normalizeWecomAllowFromEntry(entry); }).filter(Boolean);
+    if (list.includes("*"))
+        return true;
+    var normalizedSender = normalizeWecomAllowFromEntry(senderUserId);
+    if (!normalizedSender)
+        return false;
+    return list.includes(normalizedSender);
+}
+function resolveWecomCommandAuthorization(params) {
+    var _a, _b, _c;
+    return __awaiter(this, void 0, void 0, function () {
+        var core, cfg, accountConfig, rawBody, senderUserId, dmPolicy, configAllowFrom, shouldComputeAuth, effectiveAllowFrom, senderAllowed, allowAllConfigured, authorizerConfigured, useAccessGroups, commandAuthorized;
+        return __generator(this, function (_d) {
+            core = params.core, cfg = params.cfg, accountConfig = params.accountConfig, rawBody = params.rawBody, senderUserId = params.senderUserId;
+            dmPolicy = ((_a = accountConfig.dmPolicy) !== null && _a !== void 0 ? _a : "pairing");
+            configAllowFrom = ((_b = accountConfig.allowFrom) !== null && _b !== void 0 ? _b : []).map(function (v) { return String(v); });
+            shouldComputeAuth = core.channel.commands.shouldComputeCommandAuthorized(rawBody, cfg);
+            effectiveAllowFrom = dmPolicy === "open" ? ["*"] : configAllowFrom;
+            senderAllowed = isWecomSenderAllowed(senderUserId, effectiveAllowFrom);
+            allowAllConfigured = effectiveAllowFrom.some(function (entry) { return normalizeWecomAllowFromEntry(entry) === "*"; });
+            authorizerConfigured = allowAllConfigured || effectiveAllowFrom.length > 0;
+            useAccessGroups = ((_c = cfg.commands) === null || _c === void 0 ? void 0 : _c.useAccessGroups) !== false;
+            commandAuthorized = shouldComputeAuth
+                ? core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
+                    useAccessGroups: useAccessGroups,
+                    authorizers: [{ configured: authorizerConfigured, allowed: senderAllowed }]
+                })
+                : undefined;
+            return [2 /*return*/, {
+                    shouldComputeAuth: shouldComputeAuth,
+                    dmPolicy: dmPolicy,
+                    senderAllowed: senderAllowed,
+                    authorizerConfigured: authorizerConfigured,
+                    commandAuthorized: commandAuthorized,
+                    effectiveAllowFrom: effectiveAllowFrom
+                }];
+        });
+    });
+}
+exports.resolveWecomCommandAuthorization = resolveWecomCommandAuthorization;
+function buildWecomUnauthorizedCommandPrompt(params) {
+    var user = params.senderUserId || "unknown";
+    var policy = params.dmPolicy;
+    var scopeLabel = params.scope === "bot" ? "Bot（智能机器人）" : "Agent（自建应用）";
+    var dmPrefix = params.scope === "bot" ? "channels.wecom.bot" : "channels.wecom.agent";
+    var allowCmd = function (value) { return "openclaw config set " + dmPrefix + ".allowFrom '" + value + "'"; };
+    var policyCmd = function (value) { return "openclaw config set " + dmPrefix + ".dmPolicy \"" + value + "\""; };
+    if (policy === "disabled") {
+        return [
+            "\u65E0\u6743\u9650\u6267\u884C\u547D\u4EE4\uFF08" + scopeLabel + " \u5DF2\u7981\u7528\uFF1AdmPolicy=disabled\uFF09",
+            "\u89E6\u53D1\u8005\uFF1A" + user,
+            "\u7BA1\u7406\u5458\uFF1A" + policyCmd("open") + "\uFF08\u5168\u653E\u5F00\uFF09\u6216 " + policyCmd("allowlist") + "\uFF08\u767D\u540D\u5355\uFF09",
+        ].join("\n");
+    }
+    // WeCom 不支持 pairing CLI，因此这里统一给出“open / allowlist”两种明确的配置指令
+    return [
+        "\u65E0\u6743\u9650\u6267\u884C\u547D\u4EE4\uFF08\u5165\u53E3\uFF1A" + scopeLabel + "\uFF0Cuserid\uFF1A" + user + "\uFF09",
+        "\u7BA1\u7406\u5458\u5168\u653E\u5F00\uFF1A" + policyCmd("open"),
+        "\u7BA1\u7406\u5458\u653E\u884C\u8BE5\u7528\u6237\uFF1A" + policyCmd("allowlist"),
+        "\u7136\u540E\u8BBE\u7F6E\u767D\u540D\u5355\uFF1A" + allowCmd(JSON.stringify([user])),
+        "\u5982\u679C\u4ECD\u88AB\u62E6\u622A\uFF1A\u68C0\u67E5 commands.useAccessGroups/\u8BBF\u95EE\u7EC4",
+    ].join("\n");
+}
+exports.buildWecomUnauthorizedCommandPrompt = buildWecomUnauthorizedCommandPrompt;

package/dist/src/shared/xml-parser.d.ts

@@ -0,0 +1,46 @@
+/**
+ * WeCom XML 解析器
+ * 用于 Agent 模式解析 XML 格式消息
+ */
+import type { WecomAgentInboundMessage } from "../types/index.js";
+/**
+ * 解析 XML 字符串为消息对象
+ */
+export declare function parseXml(xml: string): WecomAgentInboundMessage;
+/**
+ * 从 XML 中提取消息类型
+ */
+export declare function extractMsgType(msg: WecomAgentInboundMessage): string;
+/**
+ * 从 XML 中提取发送者 ID
+ */
+export declare function extractFromUser(msg: WecomAgentInboundMessage): string;
+/**
+ * 从 XML 中提取文件名（主要用于 file 消息）
+ */
+export declare function extractFileName(msg: WecomAgentInboundMessage): string | undefined;
+/**
+ * 从 XML 中提取接收者 ID (CorpID)
+ */
+export declare function extractToUser(msg: WecomAgentInboundMessage): string;
+/**
+ * 从 XML 中提取群聊 ID
+ */
+export declare function extractChatId(msg: WecomAgentInboundMessage): string | undefined;
+/**
+ * 从 XML 中提取 AgentID（兼容 AgentID/agentid 等大小写）
+ */
+export declare function extractAgentId(msg: WecomAgentInboundMessage): string | number | undefined;
+/**
+ * 从 XML 中提取消息内容
+ */
+export declare function extractContent(msg: WecomAgentInboundMessage): string;
+/**
+ * 从 XML 中提取媒体 ID (Image, Voice, Video)
+ * 根据官方文档，MediaId 在 Agent 回调中直接位于根节点
+ */
+export declare function extractMediaId(msg: WecomAgentInboundMessage): string | undefined;
+/**
+ * 从 XML 中提取 MsgId（用于去重）
+ */
+export declare function extractMsgId(msg: WecomAgentInboundMessage): string | undefined;