sycommon-python-lib 0.2.5a1__py3-none-any.whl → 0.2.5a2__py3-none-any.whl

sycommon/agent/mcp/tool_loader.py

@@ -72,8 +72,36 @@ def wrap_tool_with_error_handler(
     return tool
 
 
+def _make_user_id_interceptor(user_id: str):
+    """创建 MCP 工具调用拦截器，注入 X-User-Id 和 X-OA-Session-Id header"""
+    from langchain_mcp_adapters.interceptors import MCPToolCallRequest, MCPToolCallResult
+    from typing import Callable, Awaitable
+
+    async def inject_user_id(
+        request: MCPToolCallRequest,
+        handler: Callable[[MCPToolCallRequest], Awaitable[MCPToolCallResult]],
+    ) -> MCPToolCallResult:
+        headers = dict(request.headers or {})
+        headers["X-User-Id"] = user_id
+
+        # 自动获取 OA session_id 注入 header
+        try:
+            from sycommon.auth.oa_cache import oa_login_with_cache
+            success, _, session_id = await oa_login_with_cache(user_id)
+            if success and session_id:
+                headers["X-OA-Session-Id"] = session_id
+        except Exception:
+            pass
+
+        request = request.override(headers=headers)
+        return await handler(request)
+
+    return inject_user_id
+
+
 async def load_mcp_tools(
     configs: List[MCPServerConfig],
+    user_id: str = None,
     on_tool_success: Optional[Callable[[str, str], Awaitable[None]]] = None,
     on_tool_error: Optional[Callable[[str, str, str], Awaitable[None]]] = None,
     on_batch_available: Optional[Callable[[str, list], Awaitable[None]]] = None,
@@ -85,6 +113,7 @@ async def load_mcp_tools(
 
     Args:
         configs: MCP 服务器配置列表（仅 enabled 的会被处理）
+        user_id: 当前用户 ID，通过 interceptor 注入到每次 MCP 工具调用的 header 中
         on_tool_success: 单个工具调用成功回调
         on_tool_error: 单个工具调用失败回调
         on_batch_available: 服务器连接成功后批量标记工具可用回调 (config_id, tool_names)
@@ -94,10 +123,16 @@ async def load_mcp_tools(
     if not enabled_configs:
         return []
 
+    # 构建 interceptor 链
+    interceptors = []
+    if user_id:
+        interceptors.append(_make_user_id_interceptor(user_id))
+
     all_tools = []
     for config in enabled_configs:
         try:
             from langchain_mcp_adapters.client import MultiServerMCPClient
+            from langchain_mcp_adapters.tools import load_mcp_tools as _load_tools
 
             key = sanitize_name(config.name)
             client_config = {
@@ -109,22 +144,37 @@ async def load_mcp_tools(
             }
 
             client = MultiServerMCPClient(client_config)
-            tools = await client.get_tools()
+            session = await client.session_for(key)
+            await session.initialize()
+
+            from langchain_mcp_adapters.tools import _list_all_tools
+            raw_tools = await _list_all_tools(session)
 
             original_names = []
-            for tool in tools:
+            for tool in raw_tools:
                 original_name = tool.name
                 original_names.append(original_name)
-                tool.name = f"mcp__{key}__{original_name}"
-                if tool.description and not tool.description.startswith("[MCP"):
-                    tool.description = f"[MCP:{config.name}] {tool.description}"
+
+                # 使用 convert_mcp_tool_to_langchain_tool 带 interceptors
+                from langchain_mcp_adapters.tools import convert_mcp_tool_to_langchain_tool
+                lc_tool = convert_mcp_tool_to_langchain_tool(
+                    session,
+                    tool,
+                    connection=client_config[key],
+                    tool_interceptors=interceptors if interceptors else None,
+                    server_name=config.name,
+                    tool_name_prefix=False,
+                )
+
+                lc_tool.name = f"mcp__{key}__{original_name}"
+                if lc_tool.description and not lc_tool.description.startswith("[MCP"):
+                    lc_tool.description = f"[MCP:{config.name}] {lc_tool.description}"
                 wrap_tool_with_error_handler(
-                    tool, config.id, config.name, original_name,
+                    lc_tool, config.id, config.name, original_name,
                     on_tool_success=on_tool_success,
                     on_tool_error=on_tool_error,
                 )
-
-            all_tools.extend(tools)
+                all_tools.append(lc_tool)
 
             if on_batch_available:
                 try:
@@ -132,7 +182,7 @@ async def load_mcp_tools(
                 except Exception as e:
                     SYLogger.warning(f"[MCP] 写入工具状态失败: {e}")
 
-            SYLogger.info(f"[MCP] 服务器 '{config.name}' 加载了 {len(tools)} 个工具")
+            SYLogger.info(f"[MCP] 服务器 '{config.name}' 加载了 {len(raw_tools)} 个工具")
 
         except Exception as e:
             SYLogger.warning(f"[MCP] 服务器 '{config.name}' ({config.server_url}) 连接失败，跳过: {e}")

sycommon/agent/sandbox/http_sandbox_backend.py

@@ -110,6 +110,10 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
         self._auto_sync = auto_sync
         self._synced = False
         self._workspace_verified = False
+        self._local_mode: Optional[bool] = None
+
+        # Token authentication
+        self._token = os.environ.get("SANDBOX_TOKEN", "")
 
         # Nacos 配置（用于故障转移）
         self._nacos_service_name = nacos_service_name
@@ -309,6 +313,16 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
         finally:
             self._in_failover = False
 
+    def _build_headers(self) -> dict:
+        """Build common headers for all requests (trace ID + token auth)."""
+        headers = {}
+        trace_id = SYLogger.get_trace_id()
+        if trace_id:
+            headers["x-traceid-header"] = str(trace_id)
+        if self._token:
+            headers["X-Sandbox-Token"] = self._token
+        return headers
+
     def _post_sync_with_failover(self, endpoint: str, data: dict, timeout: int = None) -> dict:
         """带故障转移的同步 POST 请求"""
         actual_timeout = timeout if timeout is not None else self._timeout
@@ -320,10 +334,7 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
             http_timeout = actual_timeout + 30
         max_retries = 3
 
-        trace_id = SYLogger.get_trace_id()
-        headers = {}
-        if trace_id:
-            headers["x-traceid-header"] = str(trace_id)
+        headers = self._build_headers()
 
         url = f"{self._base_url}{endpoint}"
         SYLogger.info(f"[Sandbox] POST 请求开始: {url}, timeout={http_timeout}s, command_timeout={actual_timeout}s")
@@ -376,6 +387,8 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
         headers = {"Content-Type": "application/json"}
         if trace_id:
             headers["x-traceid-header"] = str(trace_id)
+        if self._token:
+            headers["X-Sandbox-Token"] = self._token
 
         url = f"{self._base_url}{endpoint}"
         SYLogger.info(f"[Sandbox] Async POST 请求开始: {url}, timeout={http_timeout}s")
@@ -1275,10 +1288,7 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
 
     def health_check(self, timeout: int = 10) -> dict:
         """健康检查（快速检查，默认10秒超时）"""
-        trace_id = SYLogger.get_trace_id()
-        headers = {}
-        if trace_id:
-            headers["x-traceid-header"] = str(trace_id)
+        headers = self._build_headers()
 
         url = f"{self._base_url}{SANDBOX_API_PREFIX}/health"
         SYLogger.info(f"[Sandbox] 健康检查: {url}, timeout={timeout}s")
@@ -1299,11 +1309,12 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
     async def ahealth_check(self, timeout: int = 10) -> dict:
         """异步健康检查"""
         try:
+            headers = self._build_headers()
             url = f"{self._base_url}{SANDBOX_API_PREFIX}/health"
             timeout_obj = aiohttp.ClientTimeout(total=timeout)
             connector = aiohttp.TCPConnector(ssl=_SSL_CONTEXT)
             async with aiohttp.ClientSession(connector=connector) as session:
-                async with session.get(url, timeout=timeout_obj) as resp:
+                async with session.get(url, headers=headers, timeout=timeout_obj) as resp:
                     resp.raise_for_status()
                     result = await resp.json()
                     SYLogger.info(f"[Sandbox] 异步健康检查成功: {result}")
@@ -1320,3 +1331,25 @@ class HTTPSandboxBackend(FileOperationsMixin, SandboxBackendProtocol):
         except Exception as e:
             SYLogger.warning(f"[Sandbox] 沙箱不可用: {e}")
             return False
+
+    def is_local_mode(self) -> bool:
+        """检查沙箱是否运行在 LocalMode（本地直接访问文件系统，跳过上传/同步）"""
+        if self._local_mode is not None:
+            return self._local_mode
+        try:
+            result = self.health_check(timeout=5)
+            self._local_mode = result.get("mode") == "local"
+        except Exception:
+            self._local_mode = False
+        return self._local_mode
+
+    async def ais_local_mode(self) -> bool:
+        """异步检查沙箱是否运行在 LocalMode"""
+        if self._local_mode is not None:
+            return self._local_mode
+        try:
+            result = await self.ahealth_check(timeout=5)
+            self._local_mode = result.get("mode") == "local"
+        except Exception:
+            self._local_mode = False
+        return self._local_mode

sycommon/auth/__init__.py

@@ -34,6 +34,20 @@ from sycommon.auth.wecom_ldap_service import (
     LDAPFullUser,
 )
 
+from sycommon.auth.oa_service import (
+    OAConfig,
+    OAAuthService,
+    OAUser,
+    OAAuthResult,
+)
+from sycommon.auth.oa_cache import (
+    set_oa_credential,
+    get_oa_credential,
+    delete_oa_credential,
+    has_oa_credential,
+    oa_login_with_cache,
+)
+
 __all__ = [
     "LDAPConfig",
     "LDAPAuthService",
@@ -43,4 +57,13 @@ __all__ = [
     "WeComLDAPService",
     "WeComLDAPUser",
     "LDAPFullUser",
+    "OAConfig",
+    "OAAuthService",
+    "OAUser",
+    "OAAuthResult",
+    "set_oa_credential",
+    "get_oa_credential",
+    "delete_oa_credential",
+    "has_oa_credential",
+    "oa_login_with_cache",
 ]

sycommon/auth/oa_cache.py

@@ -0,0 +1,95 @@
+"""OA 凭据 Redis 缓存服务
+
+加密存储用户 LDAP 凭据到 Redis，供 OA 登录使用。
+每次写入覆盖旧值。
+OA session_id 也缓存到 Redis，避免重复登录。
+"""
+
+from typing import Optional
+
+from sycommon.auth.oa_crypto import encrypt_credential, decrypt_credential
+from sycommon.logging.kafka_log import SYLogger
+
+_CRED_PREFIX = "digital_work:oa_credential"
+_SESSION_PREFIX = "digital_work:oa_session"
+
+
+def _cred_key(user_id: str) -> str:
+    return f"{_CRED_PREFIX}:{user_id}"
+
+
+def _session_key(user_id: str) -> str:
+    return f"{_SESSION_PREFIX}:{user_id}"
+
+
+async def set_oa_credential(user_id: str, login_id: str, password: str) -> None:
+    """加密存储 LDAP 凭据到 Redis（覆盖）"""
+    from sycommon.database.redis_service import RedisService
+    encrypted = encrypt_credential({"login_id": login_id, "password": password})
+    await RedisService.set(_cred_key(user_id), encrypted)
+    SYLogger.info(f"[OA] 已缓存用户 {user_id} 的 LDAP 凭据")
+
+
+async def get_oa_credential(user_id: str) -> Optional[dict]:
+    """从 Redis 读取并解密 LDAP 凭据"""
+    from sycommon.database.redis_service import RedisService
+    raw = await RedisService.get(_cred_key(user_id))
+    if not raw:
+        return None
+    return decrypt_credential(raw)
+
+
+async def delete_oa_credential(user_id: str) -> None:
+    """删除 Redis 中的 LDAP 凭据和 session"""
+    from sycommon.database.redis_service import RedisService
+    await RedisService.delete(_cred_key(user_id))
+    await RedisService.delete(_session_key(user_id))
+    SYLogger.info(f"[OA] 已删除用户 {user_id} 的 LDAP 凭据")
+
+
+async def has_oa_credential(user_id: str) -> bool:
+    """检查用户是否已有缓存的 LDAP 凭据"""
+    from sycommon.database.redis_service import RedisService
+    raw = await RedisService.get(_cred_key(user_id))
+    return raw is not None
+
+
+async def set_oa_session(user_id: str, session_id: str) -> None:
+    """缓存 OA session_id 到 Redis（30 分钟过期，与 OA 服务端保持一致）"""
+    from sycommon.database.redis_service import RedisService
+    await RedisService.set(_session_key(user_id), session_id, ex=1800)
+
+
+async def get_cached_oa_session(user_id: str) -> Optional[str]:
+    """获取缓存的 OA session_id（可能已过期）"""
+    from sycommon.database.redis_service import RedisService
+    return await RedisService.get(_session_key(user_id))
+
+
+async def oa_login_with_cache(user_id: str) -> tuple[bool, str, Optional[str]]:
+    """从 Redis 获取 OA session，过期则重新登录。
+
+    Returns:
+        (success, message, session_id)
+    """
+    # 优先使用缓存的 session
+    cached_session = await get_cached_oa_session(user_id)
+    if cached_session:
+        return True, "OA session有效", cached_session
+
+    # 缓存过期，重新登录
+    cred = await get_oa_credential(user_id)
+    if not cred:
+        return False, "NEED_OA_AUTH", None
+
+    from sycommon.auth.oa_service import OAConfig, OAAuthService
+    config = OAConfig(login_id=cred["login_id"], password=cred["password"])
+    result = await OAAuthService(config).login()
+
+    if result.success:
+        await set_oa_session(user_id, result.user.session_id)
+        SYLogger.info(f"[OA] 用户 {user_id} 登录成功")
+        return True, "OA登录成功", result.user.session_id
+    else:
+        SYLogger.warning(f"[OA] 用户 {user_id} 登录失败: {result.error}")
+        return False, f"OA登录失败: {result.error}", None

sycommon/auth/oa_crypto.py

@@ -0,0 +1,60 @@
+"""OA 凭据加密工具
+
+使用 AES-256-GCM 加密 LDAP 凭据，密钥从 Nacos 配置或环境变量读取。
+"""
+
+import base64
+import json
+import os
+from typing import Optional
+
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+from sycommon.logging.kafka_log import SYLogger
+
+NONCE_SIZE = 12
+_ENV_KEY = "OA_CREDENTIAL_ENCRYPT_KEY"
+
+
+def _get_key() -> bytes:
+    """获取加密密钥（优先环境变量，其次 Nacos 配置）"""
+    b64 = os.environ.get(_ENV_KEY)
+    if not b64:
+        try:
+            from sycommon.config.Config import Config
+            b64 = Config().config.get("llm", {}).get("OA", {}).get("credential_encrypt_key", "")
+        except Exception:
+            pass
+    if not b64:
+        raise ValueError(
+            f"未配置 OA 凭据加密密钥，请设置环境变量 {_ENV_KEY} 或 Nacos 配置 OA.credential_encrypt_key"
+        )
+    key = base64.b64decode(b64)
+    if len(key) != 32:
+        raise ValueError("加密密钥长度必须为 32 字节 (AES-256)")
+    return key
+
+
+def encrypt_credential(data: dict) -> str:
+    """加密凭据字典，返回 base64 编码的密文"""
+    key = _get_key()
+    plaintext = json.dumps(data, ensure_ascii=False).encode("utf-8")
+    aesgcm = AESGCM(key)
+    nonce = os.urandom(NONCE_SIZE)
+    ciphertext = aesgcm.encrypt(nonce, plaintext, None)
+    return base64.b64encode(nonce + ciphertext).decode("ascii")
+
+
+def decrypt_credential(raw: str) -> Optional[dict]:
+    """解密 base64 编码的密文，返回凭据字典"""
+    try:
+        key = _get_key()
+        blob = base64.b64decode(raw)
+        nonce = blob[:NONCE_SIZE]
+        ciphertext = blob[NONCE_SIZE:]
+        aesgcm = AESGCM(key)
+        plaintext = aesgcm.decrypt(nonce, ciphertext, None)
+        return json.loads(plaintext)
+    except Exception as e:
+        SYLogger.error(f"[OA] 凭据解密失败: {e}")
+        return None

sycommon/auth/oa_service.py

@@ -0,0 +1,201 @@
+"""
+OA 登录服务
+
+提供基于 SOAP 协议的 OA 系统登录认证功能。
+"""
+
+import asyncio
+from typing import Optional
+from pydantic import BaseModel
+
+from sycommon.logging.kafka_log import SYLogger
+
+
+class OAConfig(BaseModel):
+    """OA 配置"""
+
+    base_url: str = "https://oa.syholdings.com"
+    doc_service: Optional[str] = None
+    login_id: str = ""
+    password: str = ""
+
+    @property
+    def doc_service_url(self) -> str:
+        if self.doc_service:
+            return self.doc_service
+        return f"{self.base_url}/services/DocService"
+
+    @classmethod
+    def from_config(cls) -> "OAConfig":
+        from sycommon.config.Config import Config
+
+        oa_config = Config().config.get("OA", {})
+        return cls(
+            base_url=oa_config.get("base_url", "https://oa.syholdings.com"),
+            doc_service=oa_config.get("doc_service"),
+            login_id=oa_config.get("login_id", ""),
+            password=oa_config.get("password", ""),
+        )
+
+
+class OAUser(BaseModel):
+    """OA 用户信息"""
+
+    session_id: Optional[str] = None
+    login_id: str
+
+
+class OAAuthResult(BaseModel):
+    """OA 登录结果"""
+
+    success: bool
+    user: Optional[OAUser] = None
+    error: Optional[str] = None
+
+
+class OAAuthService:
+    """OA 认证服务
+
+    使用示例::
+
+        config = OAConfig(
+            base_url="https://oa.syholdings.com",
+            login_id="username",
+            password="password",
+        )
+        service = OAAuthService(config)
+        result = await service.login()
+        if result.success:
+            print(f"登录成功, session: {result.user.session_id}")
+    """
+
+    def __init__(self, config: OAConfig):
+        self.config = config
+
+    def _build_login_xml(self, login_id: Optional[str] = None,
+                         password: Optional[str] = None) -> str:
+        """构建登录 SOAP 请求体"""
+        lid = login_id or self.config.login_id
+        pwd = password or self.config.password
+        return f"""<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+                  xmlns:doc="http://localhost/services/DocService">
+<soapenv:Body>
+<doc:login>
+<doc:in0>{lid}</doc:in0>
+<doc:in1>{pwd}</doc:in1>
+<doc:in2>2</doc:in2>
+<doc:in3>127.0.0.1</doc:in3>
+</doc:login>
+</soapenv:Body>
+</soapenv:Envelope>"""
+
+    def _parse_login_response(self, response_text: str) -> OAAuthResult:
+        """解析登录响应"""
+        import xml.etree.ElementTree as ET
+
+        try:
+            root = ET.fromstring(response_text)
+        except ET.ParseError as e:
+            SYLogger.error(f"[OA] 响应 XML 解析失败: {e}")
+            return OAAuthResult(success=False, error=f"XML 解析失败: {e}")
+
+        # SOAP 命名空间
+        ns = {
+            "soapenv": "http://schemas.xmlsoap.org/soap/envelope/",
+        }
+
+        body = root.find("soapenv:Body", ns)
+        if body is None:
+            return OAAuthResult(success=False, error="响应缺少 Body")
+
+        # 查找登录返回值（可能是 loginReturn 或 out）
+        login_return = None
+        for child in body:
+            for sub in child:
+                if sub.tag.endswith("loginReturn") or sub.tag.endswith("out"):
+                    login_return = sub
+                    break
+
+        if login_return is None:
+            return OAAuthResult(success=False, error="响应缺少 loginReturn")
+
+        session_id = login_return.text
+
+        if not session_id:
+            return OAAuthResult(success=False, error="登录返回空 session")
+
+        SYLogger.info(f"[OA] 用户 {self.config.login_id} 登录成功")
+        return OAAuthResult(
+            success=True,
+            user=OAUser(session_id=session_id, login_id=self.config.login_id),
+        )
+
+    async def login(self, login_id: Optional[str] = None,
+                    password: Optional[str] = None) -> OAAuthResult:
+        """执行 OA 登录
+
+        Args:
+            login_id: 登录账号（可选，默认使用配置中的账号）
+            password: 登录密码（可选，默认使用配置中的密码）
+
+        Returns:
+            OAAuthResult: 登录结果
+        """
+        try:
+            result = await asyncio.get_event_loop().run_in_executor(
+                None,
+                self._login_sync,
+                login_id,
+                password,
+            )
+            return result
+        except Exception as e:
+            SYLogger.error(f"[OA] 登录异常: {e}")
+            return OAAuthResult(success=False, error=str(e))
+
+    def _login_sync(self, login_id: Optional[str],
+                    password: Optional[str]) -> OAAuthResult:
+        """同步执行 OA 登录"""
+        import urllib.request
+        import urllib.error
+
+        soap_xml = self._build_login_xml(login_id, password)
+
+        headers = {
+            "Content-Type": "text/xml; charset=UTF-8",
+            "SOAPAction": "",
+        }
+
+        req = urllib.request.Request(
+            self.config.doc_service_url,
+            data=soap_xml.encode("utf-8"),
+            headers=headers,
+            method="POST",
+        )
+
+        try:
+            # 禁用 SSL 验证（OA 可能使用自签名证书）
+            import ssl
+            ctx = ssl.create_default_context()
+            ctx.check_hostname = False
+            ctx.verify_mode = ssl.CERT_NONE
+
+            with urllib.request.urlopen(req, context=ctx, timeout=15) as resp:
+                response_text = resp.read().decode("utf-8")
+
+            return self._parse_login_response(response_text)
+
+        except urllib.error.HTTPError as e:
+            body = e.read().decode("utf-8", errors="replace")
+            SYLogger.error(f"[OA] HTTP 错误 {e.code}: {body[:500]}")
+            return OAAuthResult(
+                success=False,
+                error=f"HTTP {e.code}: {body[:200]}",
+            )
+        except urllib.error.URLError as e:
+            SYLogger.error(f"[OA] 连接失败: {e.reason}")
+            return OAAuthResult(success=False, error=f"连接失败: {e.reason}")
+        except Exception as e:
+            SYLogger.error(f"[OA] 登录请求异常: {e}")
+            return OAAuthResult(success=False, error=str(e))

sycommon/tests/test_oa_login.py

@@ -0,0 +1,229 @@
+"""
+OA 登录功能测试
+
+使用方式:
+    cd sycommon-python-lib
+    python -m src.sycommon.tests.test_oa_login
+"""
+
+import asyncio
+from sycommon.auth.oa_service import OAConfig, OAAuthService
+
+# TODO: 改成你的 OA 账号密码
+OA_LOGIN_ID = "Osulcode.xiao"
+OA_PASSWORD = "Keb$7wq^"
+
+OA_BASE = "https://oa.syholdings.com"
+DOC_SERVICE = f"{OA_BASE}/services/DocService"
+
+
+def test_config():
+    """测试 OAConfig 基本配置"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id=OA_LOGIN_ID,
+        password=OA_PASSWORD,
+    )
+    assert config.base_url == OA_BASE
+    assert config.login_id == OA_LOGIN_ID
+    assert config.password == OA_PASSWORD
+    assert config.doc_service_url == f"{OA_BASE}/services/DocService"
+    print("[PASS] OAConfig 基本配置正确")
+
+
+def test_config_custom_doc_service():
+    """测试自定义 DocService URL"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        doc_service="http://custom/service",
+        login_id="test",
+        password="test",
+    )
+    assert config.doc_service_url == "http://custom/service"
+    print("[PASS] 自定义 DocService URL 正确")
+
+
+def test_build_login_xml():
+    """测试 SOAP XML 构建"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id="testuser",
+        password="testpass",
+    )
+    service = OAAuthService(config)
+    xml = service._build_login_xml()
+
+    assert "testuser" in xml
+    assert "testpass" in xml
+    assert "soapenv:Envelope" in xml
+    assert "doc:login" in xml
+    assert "doc:in0" in xml
+    assert "doc:in1" in xml
+    assert "doc:in2" in xml
+    assert "doc:in3" in xml
+    print("[PASS] SOAP XML 构建正确")
+
+
+def test_parse_login_response_success():
+    """测试成功响应解析"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id="testuser",
+        password="testpass",
+    )
+    service = OAAuthService(config)
+
+    mock_response = """<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+<soapenv:Body>
+<ns:loginResponse xmlns:ns="http://localhost/services/DocService">
+<ns:loginReturn>abc123sessionid</ns:loginReturn>
+</ns:loginResponse>
+</soapenv:Body>
+</soapenv:Envelope>"""
+
+    result = service._parse_login_response(mock_response)
+    assert result.success is True
+    assert result.user is not None
+    assert result.user.session_id == "abc123sessionid"
+    assert result.user.login_id == "testuser"
+    print("[PASS] 成功响应解析正确")
+
+
+def test_parse_login_response_empty_session():
+    """测试空 session 响应"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id="testuser",
+        password="testpass",
+    )
+    service = OAAuthService(config)
+
+    mock_response = """<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+<soapenv:Body>
+<ns:loginResponse xmlns:ns="http://localhost/services/DocService">
+<ns:loginReturn></ns:loginReturn>
+</ns:loginResponse>
+</soapenv:Body>
+</soapenv:Envelope>"""
+
+    result = service._parse_login_response(mock_response)
+    assert result.success is False
+    assert "空 session" in result.error
+    print("[PASS] 空 session 响应处理正确")
+
+
+def test_parse_login_response_invalid_xml():
+    """测试无效 XML 响应"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id="testuser",
+        password="testpass",
+    )
+    service = OAAuthService(config)
+
+    result = service._parse_login_response("not xml at all")
+    assert result.success is False
+    assert "XML 解析失败" in result.error
+    print("[PASS] 无效 XML 响应处理正确")
+
+
+async def test_real_login():
+    """测试真实 OA 登录"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id=OA_LOGIN_ID,
+        password=OA_PASSWORD,
+    )
+    service = OAAuthService(config)
+
+    print(f"\n正在登录 OA: {OA_LOGIN_ID}@{OA_BASE} ...")
+    result = await service.login()
+
+    if result.success:
+        print(f"[PASS] 登录成功!")
+        print(f"  session_id: {result.user.session_id}")
+        print(f"  login_id:   {result.user.login_id}")
+    else:
+        print(f"[FAIL] 登录失败: {result.error}")
+
+    return result
+
+
+async def test_real_login_with_params():
+    """测试使用参数覆盖配置的登录"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id="placeholder",
+        password="placeholder",
+    )
+    service = OAAuthService(config)
+
+    print(f"\n正在使用参数登录 OA: {OA_LOGIN_ID} ...")
+    result = await service.login(
+        login_id=OA_LOGIN_ID,
+        password=OA_PASSWORD,
+    )
+
+    if result.success:
+        print(f"[PASS] 参数登录成功!")
+        print(f"  session_id: {result.user.session_id}")
+    else:
+        print(f"[FAIL] 参数登录失败: {result.error}")
+
+    return result
+
+
+async def test_real_login_wrong_password():
+    """测试错误密码登录"""
+    config = OAConfig(
+        base_url=OA_BASE,
+        login_id=OA_LOGIN_ID,
+        password="wrong_password_123",
+    )
+    service = OAAuthService(config)
+
+    print("\n正在使用错误密码登录 OA ...")
+    result = await service.login()
+
+    if not result.success:
+        print(f"[PASS] 错误密码被正确拒绝: {result.error}")
+    else:
+        print(f"[WARN] 错误密码竟然登录成功了? session: {result.user.session_id}")
+
+    return result
+
+
+def run_unit_tests():
+    """运行单元测试（不需要网络）"""
+    print("=" * 60)
+    print("OA 登录 - 单元测试")
+    print("=" * 60)
+
+    test_config()
+    test_config_custom_doc_service()
+    test_build_login_xml()
+    test_parse_login_response_success()
+    test_parse_login_response_empty_session()
+    test_parse_login_response_invalid_xml()
+
+    print("\n全部单元测试通过!\n")
+
+
+async def run_integration_tests():
+    """运行集成测试（需要网络连接 OA）"""
+    print("=" * 60)
+    print("OA 登录 - 集成测试（真实 OA 请求）")
+    print("=" * 60)
+
+    await test_real_login()
+    await test_real_login_with_params()
+    await test_real_login_wrong_password()
+
+    print("\n集成测试完成!")
+
+
+if __name__ == "__main__":
+    run_unit_tests()
+    asyncio.run(run_integration_tests())

{sycommon_python_lib-0.2.5a1.dist-info → sycommon_python_lib-0.2.5a2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: sycommon-python-lib
-Version: 0.2.5a1
+Version: 0.2.5a2
 Summary: Add your description here
 Requires-Python: >=3.11
 Description-Content-Type: text/markdown

{sycommon_python_lib-0.2.5a1.dist-info → sycommon_python_lib-0.2.5a2.dist-info}/RECORD

@@ -134,16 +134,19 @@ sycommon/agent/multi_agent_team.py,sha256=NHmsUNwe3huguUUzbeoiOjgo9wh4-eXH0AjPDv
 sycommon/agent/summarization_utils.py,sha256=PRCIFtYBrH0bbSxsIc-qpC4iEXJzk72UuR7u5mQTt2w,7360
 sycommon/agent/mcp/__init__.py,sha256=iKrdDhIrFsNIkqG_kgcwNe-nOiM6uVfolKv44LfQ-FQ,636
 sycommon/agent/mcp/models.py,sha256=RBAIbGETNXkqD3wQZT7eKS4ozkgE9DQEneF1WKZf1C0,1355
-sycommon/agent/mcp/tool_loader.py,sha256=SEny14f7Bm9I17pT-9PJWMbhi9Ki77wvCR0KRNEJmyM,6428
+sycommon/agent/mcp/tool_loader.py,sha256=3c9jt4-kx78JunG62SBHoiSJTG5NhxQ_4lOqFJD3Tjc,8484
 sycommon/agent/sandbox/__init__.py,sha256=jR7LlkD4J4Y6QYyRXQClkwmqDBCCPmycV_hQV9p9YHw,4621
 sycommon/agent/sandbox/file_ops.py,sha256=0PEhmK1OcMq1Qe33JmQwphj670Tih7HQLNuAb1snIjI,24028
-sycommon/agent/sandbox/http_sandbox_backend.py,sha256=kwuPEmrOMyxfrRu20AEGqWD9t38L-DrtKSFp6CWt44o,56877
+sycommon/agent/sandbox/http_sandbox_backend.py,sha256=qDtJyGHY6tnQkTxi3CZiLXNuz8S_ynxSGzLB-HgFCxQ,58158
 sycommon/agent/sandbox/minio_sync.py,sha256=d1kuWllvyAvAMsFZCP0OdHEQtXN9BEIgHbupC31BjSk,20000
 sycommon/agent/sandbox/sandbox_pool.py,sha256=eMn8sLakCWf90l6ni2-333QM8oBdX1CflV-WzneFp_k,9133
 sycommon/agent/sandbox/sandbox_recovery.py,sha256=X-eDODx1tmGMh_iTngV6e1ppfDBHpTdkPreJusN5MHY,7358
 sycommon/agent/sandbox/session.py,sha256=TjzC3yFC-VaJ75UwCyL26QX4PRTGNNfQae1FKFuOsYI,2365
-sycommon/auth/__init__.py,sha256=W814cfHlLXFymmxeTi3pIreFb4nhKnQ7NY1H38x1Gic,974
+sycommon/auth/__init__.py,sha256=3_wNNe-rt2qvAWjam2hBP1fIodTDDLIiHmhOeTn2u88,1439
 sycommon/auth/ldap_service.py,sha256=fOcpVov5LWJkBk62qbTaltks1c4la7JsbD104KfdBOI,10102
+sycommon/auth/oa_cache.py,sha256=u673y-mK-xo24pSqvfjL68_YFASO2zoxd_iAQ0HetCo,3491
+sycommon/auth/oa_crypto.py,sha256=xpY1R1Bj3KLENXB0TuThB6Eku1E9PYjcoSpOdgDmCgc,1898
+sycommon/auth/oa_service.py,sha256=kLepV9zgqpZoaB73DRPpMA5tJJQjoaDtQPdzBcGXeak,6235
 sycommon/auth/wecom_ldap_service.py,sha256=eniwHP8FpTdOle4XMZDmAsnKrBYDEta1LtmNhcZI_SQ,17066
 sycommon/config/Config.py,sha256=J5VjolqHmhYTBZwTyfSHv9X5cHMfN6kqY2ryHF4LJPw,6785
 sycommon/config/DatabaseConfig.py,sha256=ILiUuYT9_xJZE2W-RYuC3JCt_YLKc1sbH13-MHIOPhg,804
@@ -252,6 +255,7 @@ sycommon/tests/deep_agent_server.py,sha256=t7snT2J6KWZrjJsYVi4TU5jpfvXNz4iuzMk4c
 sycommon/tests/test_deep_agent.py,sha256=34gP2KL8SSmtqqhaA9OV97OAl_I0T4TfEutZrR_0srM,5874
 sycommon/tests/test_email.py,sha256=-oPtYVGQzJ3Cv-op3ZNRMeyYOF-UNidGJC35CHRgjGQ,5442
 sycommon/tests/test_mq.py,sha256=Gpr9Eep-osRkcnlwGeshROEf83Ai3qYbAMHwpoML68o,4366
+sycommon/tests/test_oa_login.py,sha256=5psNnmUst20x-LdjPa_liunhMLGky2uTDVpQzefBnQE,6239
 sycommon/tests/test_real_summarization.py,sha256=7B89es7-UwULk-kq9xUiWH1ylXUO3QDJm4oZWzJNPk0,6193
 sycommon/tests/test_summarization_config.py,sha256=Ztb-eJXt2NrpBXNp7xST4Cwq4x8DK9pFuC7-bXUUOaE,16860
 sycommon/tests/test_summarization_real.py,sha256=iTwwA_xQd5Zgkn849lu2M0zIHPnMp-3szsIGrg6G9J4,12406
@@ -265,8 +269,8 @@ sycommon/tools/syemail.py,sha256=BDFhgf7WDOQeTcjxJEQdu0dQhnHFPO_p3eI0-Ni3LhQ,561
 sycommon/tools/timing.py,sha256=OiiE7P07lRoMzX9kzb8sZU9cDb0zNnqIlY5pWqHcnkY,2064
 sycommon/xxljob/__init__.py,sha256=7eoBlQxv-B39IfRSCY2bkqdGYs1QRe1umAWd88VMEEM,86
 sycommon/xxljob/xxljob_service.py,sha256=JIEJaGXhqrTLcyxlyynSrsHg9bBnDNzX-D4qIWLRPUE,6815
-sycommon_python_lib-0.2.5a1.dist-info/METADATA,sha256=vBcO5P_E9TQkwz2NeIX9FYdobYd1uFECsIAQWwcDEkk,7879
-sycommon_python_lib-0.2.5a1.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
-sycommon_python_lib-0.2.5a1.dist-info/entry_points.txt,sha256=gsR4SssKxDWjRU8ggidzNcdMXDPRSKRS7UaGyNP84Qg,92
-sycommon_python_lib-0.2.5a1.dist-info/top_level.txt,sha256=RgphKrg7nJyZ7irJqbxFr-5H2LUYTvI7ivoWZH2hcD0,29
-sycommon_python_lib-0.2.5a1.dist-info/RECORD,,
+sycommon_python_lib-0.2.5a2.dist-info/METADATA,sha256=Al8QcJtx8mGbEePjfphPJ827JvyX_shWGbxwIKY1taU,7879
+sycommon_python_lib-0.2.5a2.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+sycommon_python_lib-0.2.5a2.dist-info/entry_points.txt,sha256=gsR4SssKxDWjRU8ggidzNcdMXDPRSKRS7UaGyNP84Qg,92
+sycommon_python_lib-0.2.5a2.dist-info/top_level.txt,sha256=RgphKrg7nJyZ7irJqbxFr-5H2LUYTvI7ivoWZH2hcD0,29
+sycommon_python_lib-0.2.5a2.dist-info/RECORD,,