diff --git a/src/components/settings/provider-presets.tsx b/src/components/settings/provider-presets.tsx
index 646bda91..fb6f7410 100644
--- a/src/components/settings/provider-presets.tsx
+++ b/src/components/settings/provider-presets.tsx
@@ -14,6 +14,7 @@ import Bedrock from "@lobehub/icons/es/Bedrock";
import Google from "@lobehub/icons/es/Google";
import Volcengine from "@lobehub/icons/es/Volcengine";
import Bailian from "@lobehub/icons/es/Bailian";
+import XiaomiMiMo from "@lobehub/icons/es/XiaomiMiMo";
// ---------------------------------------------------------------------------
// Brand icon resolver
@@ -34,6 +35,8 @@ export function getProviderIcon(name: string, baseUrl: string): ReactNode {
return
;
if (url.includes("dashscope") || lower.includes("bailian") || lower.includes("百炼") || lower.includes("aliyun"))
return
;
+ if (url.includes("xiaomimimo") || lower.includes("mimo") || lower.includes("小米"))
+ return
;
if (lower.includes("bedrock")) return
;
if (lower.includes("vertex") || lower.includes("google")) return
;
if (lower.includes("aws")) return
;
@@ -171,8 +174,8 @@ export const QUICK_PRESETS: QuickPreset[] = [
icon:
,
provider_type: "anthropic",
protocol: "anthropic",
- base_url: "https://api.minimaxi.com/anthropic/v1",
- extra_env: '{"API_TIMEOUT_MS":"3000000","CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC":"1","ANTHROPIC_AUTH_TOKEN":"","ANTHROPIC_MODEL":"MiniMax-M2.5","ANTHROPIC_DEFAULT_SONNET_MODEL":"MiniMax-M2.5","ANTHROPIC_DEFAULT_OPUS_MODEL":"MiniMax-M2.5","ANTHROPIC_DEFAULT_HAIKU_MODEL":"MiniMax-M2.5"}',
+ base_url: "https://api.minimaxi.com/anthropic",
+ extra_env: '{"API_TIMEOUT_MS":"3000000","CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC":"1","ANTHROPIC_AUTH_TOKEN":""}',
fields: ["api_key"],
},
{
@@ -184,7 +187,7 @@ export const QUICK_PRESETS: QuickPreset[] = [
provider_type: "anthropic",
protocol: "anthropic",
base_url: "https://api.minimax.io/anthropic",
- extra_env: '{"API_TIMEOUT_MS":"3000000","CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC":"1","ANTHROPIC_AUTH_TOKEN":"","ANTHROPIC_MODEL":"MiniMax-M2.5","ANTHROPIC_DEFAULT_SONNET_MODEL":"MiniMax-M2.5","ANTHROPIC_DEFAULT_OPUS_MODEL":"MiniMax-M2.5","ANTHROPIC_DEFAULT_HAIKU_MODEL":"MiniMax-M2.5"}',
+ extra_env: '{"API_TIMEOUT_MS":"3000000","CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC":"1","ANTHROPIC_AUTH_TOKEN":""}',
fields: ["api_key"],
},
{
@@ -199,6 +202,18 @@ export const QUICK_PRESETS: QuickPreset[] = [
extra_env: '{"ANTHROPIC_AUTH_TOKEN":""}',
fields: ["api_key", "model_names"],
},
+ {
+ key: "xiaomi-mimo",
+ name: "Xiaomi MiMo",
+ description: "Xiaomi MiMo Coding Plan — MiMo-V2-Pro",
+ descriptionZh: "小米 MiMo 编程套餐 — MiMo-V2-Pro",
+ icon:
,
+ provider_type: "anthropic",
+ protocol: "anthropic",
+ base_url: "https://api.xiaomimimo.com/anthropic",
+ extra_env: '{"ANTHROPIC_AUTH_TOKEN":""}',
+ fields: ["api_key"],
+ },
{
key: "bailian",
name: "Aliyun Bailian",
diff --git a/src/components/ui/icon.tsx b/src/components/ui/icon.tsx
index 8621e501..fd993119 100644
--- a/src/components/ui/icon.tsx
+++ b/src/components/ui/icon.tsx
@@ -29,6 +29,7 @@ export {
Columns,
Copy,
Desktop,
+ DotsThree,
DotOutline,
DownloadSimple,
Eye,
@@ -38,6 +39,7 @@ export {
FloppyDisk,
FileZip,
Folder,
+ FolderMinus,
FolderOpen,
Funnel,
GameController,
diff --git a/src/components/ui/select.tsx b/src/components/ui/select.tsx
index 3d4bb51d..9cefff99 100644
--- a/src/components/ui/select.tsx
+++ b/src/components/ui/select.tsx
@@ -53,8 +53,8 @@ function SelectTrigger({
function SelectContent({
className,
children,
- position = "item-aligned",
- align = "center",
+ position = "popper",
+ align = "start",
...props
}: React.ComponentProps
) {
return (
@@ -62,9 +62,8 @@ function SelectContent({
{children}
diff --git a/src/hooks/useAssistantTrigger.ts b/src/hooks/useAssistantTrigger.ts
index c2522d52..9d3df9fc 100644
--- a/src/hooks/useAssistantTrigger.ts
+++ b/src/hooks/useAssistantTrigger.ts
@@ -166,7 +166,7 @@ export function useAssistantTrigger({
const today = getLocalDateString();
const needsOnboarding = !state.onboardingComplete;
- const needsCheckIn = state.onboardingComplete && state.lastCheckInDate !== today;
+ const needsCheckIn = state.onboardingComplete && state.dailyCheckInEnabled === true && state.lastCheckInDate !== today;
if (!needsOnboarding && !needsCheckIn) return;
diff --git a/src/hooks/useBridgeStatus.ts b/src/hooks/useBridgeStatus.ts
index 22e6aa5e..b198d603 100644
--- a/src/hooks/useBridgeStatus.ts
+++ b/src/hooks/useBridgeStatus.ts
@@ -22,7 +22,7 @@ export function useBridgeStatus(): {
bridgeStatus: BridgeStatus | null;
starting: boolean;
stopping: boolean;
- startBridge: () => Promise;
+ startBridge: () => Promise;
stopBridge: () => Promise;
refreshStatus: () => Promise;
} {
@@ -62,17 +62,22 @@ export function useBridgeStatus(): {
};
}, [bridgeStatus?.running, refreshStatus]);
- const startBridge = useCallback(async () => {
+ const startBridge = useCallback(async (): Promise => {
setStarting(true);
try {
- await fetch("/api/bridge", {
+ const res = await fetch("/api/bridge", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ action: "start" }),
});
+ const data = await res.json();
await refreshStatus();
+ if (!data.ok && data.reason) {
+ return data.reason;
+ }
+ return null;
} catch {
- // ignore
+ return 'network_error';
} finally {
setStarting(false);
}
diff --git a/src/hooks/useProviderModels.ts b/src/hooks/useProviderModels.ts
index 5c1baddb..5d6ef500 100644
--- a/src/hooks/useProviderModels.ts
+++ b/src/hooks/useProviderModels.ts
@@ -13,6 +13,10 @@ export interface UseProviderModelsReturn {
currentProviderIdValue: string;
modelOptions: typeof DEFAULT_MODEL_OPTIONS;
currentModelOption: (typeof DEFAULT_MODEL_OPTIONS)[number];
+ /** Global default model (model value) */
+ globalDefaultModel: string | undefined;
+ /** Global default model's provider ID */
+ globalDefaultProvider: string | undefined;
}
export function useProviderModels(
@@ -21,8 +25,10 @@ export function useProviderModels(
): UseProviderModelsReturn {
const [providerGroups, setProviderGroups] = useState([]);
const [defaultProviderId, setDefaultProviderId] = useState('');
+ const [globalDefaultModel, setGlobalDefaultModel] = useState();
+ const [globalDefaultProvider, setGlobalDefaultProvider] = useState();
- const fetchProviderModels = useCallback(() => {
+ const fetchAll = useCallback(() => {
fetch('/api/providers/models')
.then((r) => r.json())
.then((data) => {
@@ -47,18 +53,28 @@ export function useProviderModels(
}]);
setDefaultProviderId('');
});
+
+ // Fetch global default model
+ fetch('/api/providers/options?providerId=__global__')
+ .then(r => r.ok ? r.json() : null)
+ .then(data => {
+ setGlobalDefaultModel(data?.options?.default_model || undefined);
+ setGlobalDefaultProvider(data?.options?.default_model_provider || undefined);
+ })
+ .catch(() => {});
}, []);
- // Load models on mount and listen for provider changes
+ // Load on mount and listen for provider changes
useEffect(() => {
- fetchProviderModels();
- const handler = () => fetchProviderModels();
+ fetchAll();
+ const handler = () => fetchAll();
window.addEventListener('provider-changed', handler);
return () => window.removeEventListener('provider-changed', handler);
- }, [fetchProviderModels]);
+ }, [fetchAll]);
// Derive flat model list for current provider
- const currentProviderIdValue = providerId || defaultProviderId || (providerGroups[0]?.provider_id ?? '');
+ // Use globalDefaultProvider as fallback instead of the legacy default_provider_id
+ const currentProviderIdValue = providerId || globalDefaultProvider || defaultProviderId || (providerGroups[0]?.provider_id ?? '');
const currentGroup = providerGroups.find(g => g.provider_id === currentProviderIdValue) || providerGroups[0];
const modelOptions = (currentGroup?.models && currentGroup.models.length > 0)
? currentGroup.models
@@ -75,5 +91,7 @@ export function useProviderModels(
currentProviderIdValue,
modelOptions,
currentModelOption,
+ globalDefaultModel,
+ globalDefaultProvider,
};
}
diff --git a/src/hooks/useSSEStream.ts b/src/hooks/useSSEStream.ts
index a04b1a1b..79df5882 100644
--- a/src/hooks/useSSEStream.ts
+++ b/src/hooks/useSSEStream.ts
@@ -207,7 +207,7 @@ function handleSSEEvent(
'CLI_NOT_FOUND', 'UNSUPPORTED_FEATURE',
]);
if (diagCategories.has(parsed.category)) {
- errorDisplay += '\n\n💡 Go to **Settings → Providers → Run Diagnostics** for detailed troubleshooting.';
+ errorDisplay += '\n\n💡 [Run Provider Diagnostics](/settings#providers) to troubleshoot, or check the [Provider Setup Guide](https://www.codepilot.sh/docs/providers).';
}
} else {
errorDisplay = event.data;
diff --git a/src/hooks/useUpdate.ts b/src/hooks/useUpdate.ts
index da1ed3ef..00f28439 100644
--- a/src/hooks/useUpdate.ts
+++ b/src/hooks/useUpdate.ts
@@ -9,11 +9,17 @@ export interface UpdateInfo {
releaseName: string;
releaseNotes: string;
releaseUrl: string;
+ downloadUrl?: string;
+ downloadAssetName?: string;
publishedAt: string;
downloadProgress: number | null;
readyToInstall: boolean;
isNativeUpdate: boolean;
lastError: string | null;
+ detectedPlatform?: string;
+ detectedArch?: string;
+ hostArch?: string;
+ runningUnderRosetta?: boolean;
}
export interface UpdateContextValue {
diff --git a/src/i18n/en.ts b/src/i18n/en.ts
index 479d50f5..7120b44f 100644
--- a/src/i18n/en.ts
+++ b/src/i18n/en.ts
@@ -22,6 +22,12 @@ const en = {
'chatList.daysAgo': '{n}d',
'chatList.newConversation': 'New Conversation',
'chatList.delete': 'Delete',
+ 'chatList.deleteConversation': 'Delete Conversation',
+ 'chatList.copySessionId': 'Copy Conversation ID',
+ 'chatList.renameConversation': 'Rename Conversation',
+ 'chatList.removeProject': 'Remove Project',
+ 'chatList.openFolder': 'Open Folder',
+ 'chatList.copyFolderPath': 'Copy Folder Path',
'chatList.searchSessions': 'Search sessions...',
'chatList.noSessions': 'No sessions yet',
'chatList.importFromCli': 'Import from Claude Code',
@@ -375,6 +381,9 @@ const en = {
'update.readyToInstall': 'CodePilot v{version} is ready — restart to update',
'update.installUpdate': 'Download & Install',
'update.later': 'Later',
+ 'update.rosettaWarning': 'CodePilot is running through Rosetta on this Apple Silicon Mac. Install the arm64 build for better responsiveness.',
+ 'update.recommendedAsset': 'Recommended download: {asset}',
+ 'update.getRecommendedBuild': 'Get Recommended Build',
// ── Image Generation ──────────────────────────────────────
'imageGen.toggle': 'Image Generation',
@@ -685,6 +694,15 @@ const en = {
'bridge.qqChannelDesc': 'Receive and respond to messages via QQ Bot (private chat)',
'bridge.qqSettings': 'QQ Settings',
'bridge.qqSettingsDesc': 'Configure QQ Bot credentials for bridge',
+ 'bridge.weixinChannel': 'WeChat',
+ 'bridge.weixinChannelDesc': 'Receive and respond to messages via WeChat (QR login)',
+ 'bridge.weixinSettings': 'WeChat Settings',
+ 'bridge.weixinSettingsDesc': 'Configure WeChat accounts for bridge',
+ 'bridge.errorNotEnabled': 'Bridge is not enabled. Turn on the toggle first.',
+ 'bridge.errorNoChannels': 'No channels enabled. Enable at least one channel (Telegram, Feishu, Discord, QQ, or WeChat).',
+ 'bridge.errorNoAdapters': 'No adapters started. Check channel configuration.',
+ 'bridge.errorAdapterConfig': 'Channel configuration is invalid. Check settings for each enabled channel.',
+ 'bridge.errorNetwork': 'Network error while starting bridge.',
// ── Settings: Discord Bridge ─────────────────────────────────
'discord.credentials': 'Bot Credentials',
@@ -752,6 +770,45 @@ const en = {
'qq.step4': 'Go back to the Bridge page, enable the QQ channel toggle, and start the bridge',
'qq.step5': 'Add your QQ bot as a friend and send it a message to start chatting',
+ // ── Settings: WeChat Bridge ──────────────────────────────────
+ 'weixin.accounts': 'Accounts',
+ 'weixin.accountsDesc': 'Manage your linked WeChat accounts',
+ 'weixin.addAccount': 'Add Account',
+ 'weixin.noAccounts': 'No WeChat accounts linked yet',
+ 'weixin.accountLabel': 'Label',
+ 'weixin.accountStatus': 'Status',
+ 'weixin.accountActive': 'Active',
+ 'weixin.accountPaused': 'Paused',
+ 'weixin.accountExpired': 'Session Expired',
+ 'weixin.accountUpdateFailed': 'Failed to update WeChat account',
+ 'weixin.accountUpdateSavedRestartFailed': 'Account updated, but bridge restart failed',
+ 'weixin.accountDeleteFailed': 'Failed to remove WeChat account',
+ 'weixin.accountDeleteSavedRestartFailed': 'Account removed, but bridge restart failed',
+ 'weixin.deleteAccount': 'Remove Account',
+ 'weixin.deleteConfirm': 'Are you sure you want to remove this WeChat account?',
+ 'weixin.allowedUsers': 'Allowed Users',
+ 'weixin.allowedUsersDesc': 'Comma-separated user IDs allowed to use this account',
+ 'weixin.allowedUsersHint': 'Leave empty to allow all users',
+ 'weixin.qrLogin': 'QR Code Login',
+ 'weixin.qrLoginDesc': 'Scan the QR code with your WeChat to link an account',
+ 'weixin.qrWaiting': 'Waiting for scan...',
+ 'weixin.qrScanned': 'Scanned! Confirm on your phone...',
+ 'weixin.qrConfirmed': 'Login successful!',
+ 'weixin.qrConfirmedRestartFailed': 'Account linked, but bridge restart failed',
+ 'weixin.qrExpired': 'QR code expired, refreshing...',
+ 'weixin.qrFailed': 'Login failed',
+ 'weixin.riskWarning': 'This feature uses the WeChat OpenClaw plugin protocol to connect to a non-OpenClaw product. This may violate WeChat\'s terms of service and could carry account risk. Use at your own discretion.',
+ 'weixin.setupGuide': 'Setup Guide',
+ 'weixin.step1': 'Click "Add Account" to generate a QR code',
+ 'weixin.step2': 'Open WeChat on your phone and scan the QR code',
+ 'weixin.step3': 'Confirm the login on your phone',
+ 'weixin.step4': 'Go back to the Bridge page, enable the WeChat channel toggle, and start the bridge',
+ 'weixin.step5': 'Send a message to the linked WeChat account to start chatting',
+ 'weixin.baseUrl': 'API Base URL',
+ 'weixin.cdnBaseUrl': 'CDN Base URL',
+ 'weixin.mediaEnabled': 'Media Support',
+ 'weixin.mediaEnabledDesc': 'Download and process media attachments from WeChat messages',
+
// ── Assistant Workspace ──────────────────────────────
'settings.assistant': 'Assistant',
'assistant.workspaceTitle': 'Assistant Workspace',
@@ -917,6 +974,9 @@ const en = {
'mcp.noRuntimeStatus': 'No runtime status available',
'mcp.reconnect': 'Reconnect',
'mcp.enable': 'Enable',
+ 'mcp.enabled': 'Enabled',
+ 'mcp.disabled': 'Disabled',
+ 'mcp.managerDesc': 'Toggle controls CodePilot MCP injection. Servers in your Claude Code config may still be loaded by the SDK via its own settings sources.',
// ── SDK Capabilities: Thinking ────────────────────────────
'settings.thinkingMode': 'Thinking Mode',
@@ -924,6 +984,9 @@ const en = {
'settings.thinkingAdaptive': 'Adaptive',
'settings.thinkingEnabled': 'Enabled',
'settings.thinkingDisabled': 'Disabled',
+ 'settings.defaultModel': 'Default Model',
+ 'settings.defaultModelDesc': 'Only affects new conversations. Existing conversations keep their selected model.',
+ 'settings.defaultModelAuto': 'Auto (first in list)',
// ── SDK Capabilities: Account ─────────────────────────────
'settings.accountInfo': 'Account Information',
diff --git a/src/i18n/zh.ts b/src/i18n/zh.ts
index c239873d..3a87b977 100644
--- a/src/i18n/zh.ts
+++ b/src/i18n/zh.ts
@@ -19,6 +19,12 @@ const zh: Record = {
'chatList.daysAgo': '{n}天',
'chatList.newConversation': '新对话',
'chatList.delete': '删除',
+ 'chatList.deleteConversation': '删除对话',
+ 'chatList.copySessionId': '复制对话 ID',
+ 'chatList.renameConversation': '重命名对话',
+ 'chatList.removeProject': '移出项目',
+ 'chatList.openFolder': '打开文件夹',
+ 'chatList.copyFolderPath': '复制文件夹路径',
'chatList.searchSessions': '搜索会话...',
'chatList.noSessions': '暂无会话',
'chatList.importFromCli': '从 Claude Code 导入',
@@ -372,6 +378,9 @@ const zh: Record = {
'update.readyToInstall': 'CodePilot v{version} 已就绪 — 重启以完成更新',
'update.installUpdate': '下载并安装',
'update.later': '稍后',
+ 'update.rosettaWarning': 'CodePilot 当前正通过 Rosetta 在这台 Apple Silicon Mac 上运行。安装 arm64 版本可获得更好的响应速度。',
+ 'update.recommendedAsset': '推荐下载:{asset}',
+ 'update.getRecommendedBuild': '下载推荐版本',
// ── Image Generation ──────────────────────────────────────
'imageGen.toggle': '图片生成',
@@ -682,6 +691,15 @@ const zh: Record = {
'bridge.qqChannelDesc': '通过 QQ 机器人接收和回复私聊消息',
'bridge.qqSettings': 'QQ 设置',
'bridge.qqSettingsDesc': '配置桥接使用的 QQ 机器人凭据',
+ 'bridge.weixinChannel': '微信',
+ 'bridge.weixinChannelDesc': '通过微信收发消息(扫码登录)',
+ 'bridge.weixinSettings': '微信设置',
+ 'bridge.weixinSettingsDesc': '配置微信账号用于 Bridge 桥接',
+ 'bridge.errorNotEnabled': '桥接未启用,请先打开桥接开关。',
+ 'bridge.errorNoChannels': '没有启用任何渠道,请至少启用一个渠道(Telegram、飞书、Discord、QQ 或微信)。',
+ 'bridge.errorNoAdapters': '没有适配器成功启动,请检查渠道配置。',
+ 'bridge.errorAdapterConfig': '渠道配置无效,请检查已启用渠道的设置。',
+ 'bridge.errorNetwork': '启动桥接时网络错误。',
// ── Settings: Discord Bridge ─────────────────────────────────
'discord.credentials': 'Bot 凭据',
@@ -749,6 +767,45 @@ const zh: Record = {
'qq.step4': '回到桥接主页,打开 QQ 渠道开关,启动桥接',
'qq.step5': '添加 QQ 机器人为好友并发送消息开始聊天',
+ // ── Settings: WeChat Bridge ──────────────────────────────────
+ 'weixin.accounts': '账号管理',
+ 'weixin.accountsDesc': '管理已关联的微信账号',
+ 'weixin.addAccount': '添加账号',
+ 'weixin.noAccounts': '暂未关联任何微信账号',
+ 'weixin.accountLabel': '标签',
+ 'weixin.accountStatus': '状态',
+ 'weixin.accountActive': '活跃',
+ 'weixin.accountPaused': '已暂停',
+ 'weixin.accountExpired': '会话过期',
+ 'weixin.accountUpdateFailed': '更新微信账号失败',
+ 'weixin.accountUpdateSavedRestartFailed': '账号已更新,但 Bridge 重启失败',
+ 'weixin.accountDeleteFailed': '移除微信账号失败',
+ 'weixin.accountDeleteSavedRestartFailed': '账号已移除,但 Bridge 重启失败',
+ 'weixin.deleteAccount': '移除账号',
+ 'weixin.deleteConfirm': '确定要移除此微信账号吗?',
+ 'weixin.allowedUsers': '允许的用户',
+ 'weixin.allowedUsersDesc': '允许使用此账号的用户 ID,逗号分隔',
+ 'weixin.allowedUsersHint': '留空表示允许所有用户',
+ 'weixin.qrLogin': '扫码登录',
+ 'weixin.qrLoginDesc': '使用微信扫描二维码以关联账号',
+ 'weixin.qrWaiting': '等待扫码...',
+ 'weixin.qrScanned': '已扫码!请在手机上确认...',
+ 'weixin.qrConfirmed': '登录成功!',
+ 'weixin.qrConfirmedRestartFailed': '账号已关联,但 Bridge 重启失败',
+ 'weixin.qrExpired': '二维码已过期,正在刷新...',
+ 'weixin.qrFailed': '登录失败',
+ 'weixin.riskWarning': '本功能通过微信 OpenClaw 插件协议连接非 OpenClaw 产品,严格来看可能违反微信使用协议,存在账号风险,请谨慎使用。',
+ 'weixin.setupGuide': '设置指南',
+ 'weixin.step1': '点击"添加账号"生成二维码',
+ 'weixin.step2': '打开手机微信扫描二维码',
+ 'weixin.step3': '在手机上确认登录',
+ 'weixin.step4': '返回 Bridge 页面,开启微信通道开关并启动 Bridge',
+ 'weixin.step5': '向已关联的微信账号发送消息即可开始聊天',
+ 'weixin.baseUrl': 'API 基础 URL',
+ 'weixin.cdnBaseUrl': 'CDN 基础 URL',
+ 'weixin.mediaEnabled': '媒体支持',
+ 'weixin.mediaEnabledDesc': '下载和处理微信消息中的媒体附件',
+
// ── Assistant Workspace ──────────────────────────────
'settings.assistant': '助理',
'assistant.workspaceTitle': '助理工作区',
@@ -914,6 +971,9 @@ const zh: Record = {
'mcp.noRuntimeStatus': '暂无运行状态信息',
'mcp.reconnect': '重连',
'mcp.enable': '启用',
+ 'mcp.enabled': '已启用',
+ 'mcp.disabled': '已禁用',
+ 'mcp.managerDesc': '开关控制 CodePilot 注入的 MCP 服务。Claude Code 自身配置中的服务仍可能被 SDK 通过 settingSources 自动加载。',
// ── SDK Capabilities: Thinking ────────────────────────────
'settings.thinkingMode': '思考模式',
@@ -921,6 +981,9 @@ const zh: Record = {
'settings.thinkingAdaptive': '自适应',
'settings.thinkingEnabled': '启用',
'settings.thinkingDisabled': '禁用',
+ 'settings.defaultModel': '默认模型',
+ 'settings.defaultModelDesc': '仅影响新对话,已有对话保持其已选模型不变',
+ 'settings.defaultModelAuto': '自动(列表中第一个)',
// ── SDK Capabilities: Account ─────────────────────────────
'settings.accountInfo': '账户信息',
diff --git a/src/lib/agent-sdk-capabilities.ts b/src/lib/agent-sdk-capabilities.ts
index 81f9e504..c5aa8078 100644
--- a/src/lib/agent-sdk-capabilities.ts
+++ b/src/lib/agent-sdk-capabilities.ts
@@ -61,6 +61,18 @@ function getOrCreateCache(providerId: string): ProviderCapabilityCache {
return cache;
}
+// ==========================================
+// Cache freshness
+// ==========================================
+
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+/** Check if the capability cache for a provider is still fresh (within TTL). */
+export function isCacheFresh(providerId: string = 'env'): boolean {
+ const cache = getCacheMap().get(providerId);
+ return !!cache && cache.capturedAt > 0 && (Date.now() - cache.capturedAt) < CACHE_TTL_MS;
+}
+
// ==========================================
// Capture
// ==========================================
diff --git a/src/lib/assistant-workspace.ts b/src/lib/assistant-workspace.ts
index aaad3199..f17dcf22 100644
--- a/src/lib/assistant-workspace.ts
+++ b/src/lib/assistant-workspace.ts
@@ -6,7 +6,8 @@ import { getLocalDateString } from '@/lib/utils';
const DEFAULT_STATE: AssistantWorkspaceState = {
onboardingComplete: false,
lastCheckInDate: null,
- schemaVersion: 3,
+ schemaVersion: 4,
+ dailyCheckInEnabled: false,
};
const STATE_DIR = '.assistant';
@@ -160,6 +161,28 @@ export function migrateStateV2ToV3(dir: string): void {
saveState(dir, state);
}
+/**
+ * v3→v4 migration: reset dailyCheckInEnabled to false for all users.
+ * Previously the default was implicitly "enabled" (undefined treated as true).
+ * Now the default is explicitly false — users must opt-in.
+ */
+export function migrateStateV3ToV4(dir: string): void {
+ let state: AssistantWorkspaceState;
+ try {
+ const statePath = path.join(dir, STATE_DIR, STATE_FILE);
+ const raw = fs.readFileSync(statePath, 'utf-8');
+ state = JSON.parse(raw) as AssistantWorkspaceState;
+ } catch {
+ return;
+ }
+
+ if (state.schemaVersion >= 4) return;
+
+ state.dailyCheckInEnabled = false;
+ state.schemaVersion = 4;
+ saveState(dir, state);
+}
+
// ==========================================
// Root Docs
// ==========================================
@@ -316,6 +339,7 @@ export function initializeWorkspace(dir: string): string[] {
// Migrate existing state through all schema versions
migrateStateV1ToV2(dir);
migrateStateV2ToV3(dir);
+ migrateStateV3ToV4(dir);
}
// For existing directories, generate root docs and infer taxonomy
@@ -511,6 +535,10 @@ export function loadState(dir: string): AssistantWorkspaceState {
migrateStateV2ToV3(dir);
migrated = true;
}
+ if (state.schemaVersion < 4) {
+ migrateStateV3ToV4(dir);
+ migrated = true;
+ }
if (migrated) {
return loadState(dir); // Reload after migration
}
@@ -534,7 +562,7 @@ export function saveState(dir: string, state: AssistantWorkspaceState): void {
export function needsDailyCheckIn(state: AssistantWorkspaceState, now?: Date): boolean {
if (!state.onboardingComplete) return false;
- if (state.dailyCheckInEnabled === false) return false;
+ if (state.dailyCheckInEnabled !== true) return false;
const d = now ?? new Date();
const localToday = getLocalDateString(d);
if (state.lastCheckInDate === localToday) return false;
diff --git a/src/lib/bridge/adapters/index.ts b/src/lib/bridge/adapters/index.ts
index d0cfdeb0..32e3bd45 100644
--- a/src/lib/bridge/adapters/index.ts
+++ b/src/lib/bridge/adapters/index.ts
@@ -13,3 +13,4 @@ import './telegram-adapter';
import './feishu-adapter';
import './discord-adapter';
import './qq-adapter';
+import './weixin-adapter';
diff --git a/src/lib/bridge/adapters/weixin-adapter.ts b/src/lib/bridge/adapters/weixin-adapter.ts
new file mode 100644
index 00000000..0e77d0ae
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin-adapter.ts
@@ -0,0 +1,525 @@
+/**
+ * WeChat Adapter — implements BaseChannelAdapter for WeChat ilink bot API.
+ *
+ * Uses HTTP long-polling (one worker per enabled account) for real-time
+ * message consumption. Text-only outbound. No streaming preview.
+ * No inline buttons — permission handled via /perm text command.
+ *
+ * Multi-account: each QR-linked account runs its own poll loop.
+ * Synthetic chatId format: weixin::::
+ */
+
+import type {
+ ChannelType,
+ InboundMessage,
+ OutboundMessage,
+ SendResult,
+} from '../types';
+import type { FileAttachment } from '@/types';
+import { BaseChannelAdapter, registerAdapterFactory } from '../channel-adapter';
+import {
+ listWeixinAccounts,
+ getWeixinAccount,
+ getWeixinContextToken,
+ upsertWeixinContextToken,
+ getChannelOffset,
+ setChannelOffset,
+ insertAuditLog,
+ getSetting,
+} from '../../db';
+import type { WeixinAccountRow } from '../../db';
+import { getUpdates, sendTextMessage, sendTyping as apiSendTyping, getConfig } from './weixin/weixin-api';
+import type { WeixinCredentials, WeixinMessage, MessageItem, GetUpdatesResponse } from './weixin/weixin-types';
+import { MessageItemType, TypingStatus, ERRCODE_SESSION_EXPIRED } from './weixin/weixin-types';
+import { encodeWeixinChatId, decodeWeixinChatId } from './weixin/weixin-ids';
+import { downloadMediaFromItem } from './weixin/weixin-media';
+import { isPaused, setPaused, clearAllPauses } from './weixin/weixin-session-guard';
+
+/** Max number of message_ids to keep for dedup per account. */
+const DEDUP_MAX = 500;
+
+/** Backoff after consecutive failures. */
+const BACKOFF_BASE_MS = 2_000;
+const BACKOFF_MAX_MS = 30_000;
+
+export class WeixinAdapter extends BaseChannelAdapter {
+ readonly channelType: ChannelType = 'weixin';
+
+ private _running = false;
+ private queue: InboundMessage[] = [];
+ private waiters: Array<(msg: InboundMessage | null) => void> = [];
+ private pollAborts = new Map();
+ private seenMessageIds = new Map>();
+ private consecutiveFailures = new Map();
+ private typingTickets = new Map();
+
+ // Per-batch cursor ack tracking: hold cursor in memory until all
+ // messages in the batch are acknowledged by bridge-manager.
+ private pendingCursors = new Map();
+ private nextBatchId = 1;
+
+ // ── Lifecycle ───────────────────────────────────────────────
+
+ async start(): Promise {
+ if (this._running) return;
+ this._running = true;
+ clearAllPauses();
+
+ const accounts = listWeixinAccounts().filter(a => a.enabled === 1);
+ if (accounts.length === 0) {
+ console.log('[weixin-adapter] No enabled accounts, adapter started but idle');
+ }
+
+ for (const account of accounts) {
+ this.startAccountWorker(account);
+ }
+
+ console.log(`[weixin-adapter] Started with ${accounts.length} account(s)`);
+ }
+
+ async stop(): Promise {
+ if (!this._running) return;
+ this._running = false;
+
+ // Abort all poll loops
+ for (const [, controller] of this.pollAborts) {
+ controller.abort();
+ }
+ this.pollAborts.clear();
+
+ // Wake up pending consumeOne() calls
+ for (const waiter of this.waiters) {
+ waiter(null);
+ }
+ this.waiters = [];
+ this.queue = [];
+ this.seenMessageIds.clear();
+ this.consecutiveFailures.clear();
+ this.typingTickets.clear();
+ this.pendingCursors.clear();
+
+ console.log('[weixin-adapter] Stopped');
+ }
+
+ isRunning(): boolean {
+ return this._running;
+ }
+
+ /**
+ * Called by bridge-manager after handleMessage completes for a message.
+ * Decrements the batch counter; when all messages in the batch are done,
+ * commits the poll cursor to DB.
+ */
+ acknowledgeUpdate(updateId: number): void {
+ const batch = this.pendingCursors.get(updateId);
+ if (!batch) return;
+ batch.remaining = Math.max(0, batch.remaining - 1);
+ this.maybeCommitPendingCursor(updateId);
+ }
+
+ // ── Message Queue ────────────────────────────────────────────
+
+ async consumeOne(): Promise {
+ if (this.queue.length > 0) {
+ return this.queue.shift()!;
+ }
+ if (!this._running) return null;
+
+ return new Promise((resolve) => {
+ this.waiters.push(resolve);
+ });
+ }
+
+ private enqueue(msg: InboundMessage): void {
+ if (this.waiters.length > 0) {
+ const waiter = this.waiters.shift()!;
+ waiter(msg);
+ } else {
+ this.queue.push(msg);
+ }
+ }
+
+ // ── Send ────────────────────────────────────────────────────
+
+ async send(message: OutboundMessage): Promise {
+ try {
+ const decoded = decodeWeixinChatId(message.address.chatId);
+ if (!decoded) {
+ return { ok: false, error: 'Invalid WeChat chatId format' };
+ }
+
+ const { accountId, peerUserId } = decoded;
+ const account = getWeixinAccount(accountId);
+ if (!account) {
+ return { ok: false, error: `WeChat account ${accountId} not found` };
+ }
+
+ const contextToken = getWeixinContextToken(accountId, peerUserId);
+ if (!contextToken) {
+ return { ok: false, error: `No context_token for peer ${peerUserId} on account ${accountId}` };
+ }
+
+ const creds = this.accountToCreds(account);
+
+ // Strip HTML/Markdown — WeChat only supports plain text
+ let content = message.text;
+ if (message.parseMode === 'HTML') {
+ content = content.replace(/<[^>]+>/g, '');
+ }
+ // Simple markdown strip
+ content = content
+ .replace(/\*\*(.*?)\*\*/g, '$1')
+ .replace(/__(.*?)__/g, '$1')
+ .replace(/\*(.*?)\*/g, '$1')
+ .replace(/_(.*?)_/g, '$1')
+ .replace(/`{3}[\s\S]*?`{3}/g, (m) => m.replace(/`{3}\w*\n?/g, '').replace(/`{3}/g, ''))
+ .replace(/`([^`]+)`/g, '$1')
+ .replace(/\[([^\]]+)\]\([^)]+\)/g, '$1');
+
+ // sendTextMessage returns local clientId; HTTP errors throw
+ const { clientId } = await sendTextMessage(creds, peerUserId, content, contextToken);
+
+ return { ok: true, messageId: clientId };
+ } catch (err) {
+ return { ok: false, error: err instanceof Error ? err.message : String(err) };
+ }
+ }
+
+ // ── Typing ────────────────────────────────────────────────
+
+ onMessageStart(chatId: string): void {
+ this.sendTypingIndicator(chatId, TypingStatus.TYPING).catch(() => {});
+ }
+
+ onMessageEnd(chatId: string): void {
+ this.sendTypingIndicator(chatId, TypingStatus.CANCEL).catch(() => {});
+ }
+
+ private async sendTypingIndicator(chatId: string, status: number): Promise {
+ const decoded = decodeWeixinChatId(chatId);
+ if (!decoded) return;
+
+ const { accountId, peerUserId } = decoded;
+ const account = getWeixinAccount(accountId);
+ if (!account) return;
+
+ const contextToken = getWeixinContextToken(accountId, peerUserId);
+ if (!contextToken) return;
+
+ const creds = this.accountToCreds(account);
+
+ // Get or fetch typing ticket (per-user, requires context_token)
+ const ticketKey = `${accountId}:${peerUserId}`;
+ let ticket = this.typingTickets.get(ticketKey);
+ if (!ticket) {
+ try {
+ const config = await getConfig(creds, peerUserId, contextToken);
+ if (config.typing_ticket) {
+ ticket = config.typing_ticket;
+ this.typingTickets.set(ticketKey, ticket);
+ }
+ } catch {
+ return; // Best effort
+ }
+ }
+ if (!ticket) return;
+
+ await apiSendTyping(creds, peerUserId, ticket, status);
+ }
+
+ // ── Config & Auth ──────────────────────────────────────────
+
+ validateConfig(): string | null {
+ const accounts = listWeixinAccounts().filter(a => a.enabled === 1);
+ if (accounts.length === 0) {
+ return 'No enabled WeChat accounts. Add an account via QR code login first.';
+ }
+ // Check that at least one account has a token
+ const hasToken = accounts.some(a => a.token && a.token.length > 0);
+ if (!hasToken) {
+ return 'No WeChat accounts have valid tokens. Re-login via QR code.';
+ }
+ return null;
+ }
+
+ isAuthorized(_userId: string, chatId: string): boolean {
+ // Decode the synthetic chatId to get accountId
+ const decoded = decodeWeixinChatId(chatId);
+ if (!decoded) return false;
+
+ // Check per-account allowed_users (stored in settings)
+ // For now, all users are allowed (WeChat bot already restricts to paired users)
+ return true;
+ }
+
+ // ── Per-Account Poll Loop ──────────────────────────────────
+
+ private startAccountWorker(account: WeixinAccountRow): void {
+ const controller = new AbortController();
+ this.pollAborts.set(account.account_id, controller);
+ this.seenMessageIds.set(account.account_id, new Set());
+ this.consecutiveFailures.set(account.account_id, 0);
+
+ // Fire-and-forget async poll loop
+ this.runPollLoop(account.account_id, this.accountToCreds(account), controller.signal);
+ }
+
+ private async runPollLoop(
+ accountId: string,
+ creds: WeixinCredentials,
+ signal: AbortSignal,
+ ): Promise {
+ console.log(`[weixin-adapter] Poll loop started for account ${accountId}`);
+
+ while (this._running && !signal.aborted) {
+ // Check pause state
+ if (isPaused(accountId)) {
+ await this.sleep(10_000, signal);
+ continue;
+ }
+
+ try {
+ // Read persisted poll cursor (default '0' from db means no cursor yet)
+ const offsetKey = `weixin:${accountId}`;
+ const rawOffset = getChannelOffset(offsetKey);
+ const buf = rawOffset === '0' ? '' : rawOffset;
+
+ const resp: GetUpdatesResponse = await getUpdates(creds, buf);
+
+ // Check for session expiry
+ if (resp.errcode === ERRCODE_SESSION_EXPIRED) {
+ setPaused(accountId, 'Session expired (errcode -14)');
+ console.warn(`[weixin-adapter] Account ${accountId} session expired, pausing`);
+ continue;
+ }
+
+ // Check for other API errors
+ if (resp.errcode && resp.errcode !== 0) {
+ throw new Error(`API error: ${resp.errcode} ${resp.errmsg || ''}`);
+ }
+
+ // Process messages — assign a batch ID so the cursor is only
+ // committed after bridge-manager finishes handleMessage for ALL
+ // messages in this batch (via acknowledgeUpdate).
+ let batchId: number | undefined;
+ let batchCompleted = false;
+
+ if (resp.msgs && resp.msgs.length > 0 && resp.get_updates_buf) {
+ batchId = this.nextBatchId++;
+ this.pendingCursors.set(batchId, {
+ offsetKey: `weixin:${accountId}`,
+ cursor: resp.get_updates_buf,
+ remaining: 0,
+ sealed: false,
+ });
+ for (const msg of resp.msgs) {
+ await this.processMessage(accountId, creds, msg, batchId);
+ }
+ batchCompleted = true;
+ } else if (resp.msgs && resp.msgs.length > 0) {
+ // No new cursor — process without batch tracking
+ for (const msg of resp.msgs) {
+ await this.processMessage(accountId, creds, msg);
+ }
+ }
+
+ // Only seal successful batches. If processing failed mid-batch, drop the
+ // pending cursor so the upstream cursor is not advanced and messages can
+ // be retried on the next poll.
+ if (batchId !== undefined && resp.get_updates_buf) {
+ const batch = this.pendingCursors.get(batchId);
+ if (batchCompleted && batch) {
+ batch.sealed = true;
+ this.maybeCommitPendingCursor(batchId);
+ } else if (!batchCompleted) {
+ this.pendingCursors.delete(batchId);
+ }
+ }
+
+ // Reset failure counter on success
+ this.consecutiveFailures.set(accountId, 0);
+
+ } catch (err) {
+ if (signal.aborted) break;
+
+ const failures = (this.consecutiveFailures.get(accountId) || 0) + 1;
+ this.consecutiveFailures.set(accountId, failures);
+
+ const backoff = Math.min(
+ BACKOFF_BASE_MS * Math.pow(2, failures - 1),
+ BACKOFF_MAX_MS,
+ );
+
+ console.error(
+ `[weixin-adapter] Poll error for ${accountId} (failure ${failures}):`,
+ err instanceof Error ? err.message : err,
+ );
+
+ await this.sleep(backoff, signal);
+ }
+ }
+
+ console.log(`[weixin-adapter] Poll loop ended for account ${accountId}`);
+ }
+
+ private async processMessage(
+ accountId: string,
+ creds: WeixinCredentials,
+ msg: WeixinMessage,
+ batchId?: number,
+ ): Promise {
+ if (!msg.from_user_id) return;
+
+ // Dedup by message_id or seq
+ const msgKey = msg.message_id || `seq_${msg.seq}`;
+ const seen = this.seenMessageIds.get(accountId);
+ if (seen?.has(msgKey)) return;
+ seen?.add(msgKey);
+
+ // Trim dedup set
+ if (seen && seen.size > DEDUP_MAX) {
+ const arr = Array.from(seen);
+ for (let i = 0; i < arr.length - DEDUP_MAX; i++) {
+ seen.delete(arr[i]);
+ }
+ }
+
+ // Persist context_token
+ if (msg.context_token) {
+ upsertWeixinContextToken(accountId, msg.from_user_id, msg.context_token);
+ }
+
+ // Extract text from item_list
+ let text = '';
+ const items = msg.item_list || [];
+ for (const item of items) {
+ if (item.type === MessageItemType.TEXT && item.text_item?.text) {
+ text += item.text_item.text;
+ }
+ }
+
+ // Handle quoted/referenced messages
+ if (msg.ref_message) {
+ const refParts: string[] = [];
+ if (msg.ref_message.title) refParts.push(msg.ref_message.title);
+ if (msg.ref_message.content) refParts.push(msg.ref_message.content);
+ if (refParts.length > 0) {
+ text = `[引用: ${refParts.join(' | ')}]\n${text}`;
+ }
+ }
+
+ // Build synthetic chatId
+ const chatId = encodeWeixinChatId(accountId, msg.from_user_id);
+
+ // Download media attachments
+ let attachments: FileAttachment[] | undefined;
+ const mediaEnabled = getSetting('bridge_weixin_media_enabled') !== 'false';
+ if (mediaEnabled) {
+ attachments = await this.downloadMediaItems(items, creds.cdnBaseUrl, accountId);
+ }
+
+ const inbound: InboundMessage = {
+ messageId: msg.message_id || `weixin_${accountId}_${msg.seq || Date.now()}`,
+ address: {
+ channelType: 'weixin',
+ chatId,
+ userId: msg.from_user_id,
+ displayName: msg.from_user_id.slice(0, 8),
+ },
+ text: text.trim(),
+ timestamp: msg.create_time ? msg.create_time * 1000 : Date.now(),
+ attachments,
+ raw: { accountId, originalMessage: msg },
+ updateId: batchId,
+ };
+
+ // Only enqueue if we have text or attachments
+ if (inbound.text || (inbound.attachments && inbound.attachments.length > 0)) {
+ if (batchId !== undefined) {
+ const batch = this.pendingCursors.get(batchId);
+ if (batch) {
+ batch.remaining++;
+ }
+ }
+ this.enqueue(inbound);
+ }
+
+ insertAuditLog({
+ channelType: 'weixin',
+ chatId,
+ direction: 'inbound',
+ messageId: inbound.messageId,
+ summary: text.slice(0, 200),
+ });
+ }
+
+ private async downloadMediaItems(
+ items: MessageItem[],
+ cdnBaseUrl: string,
+ accountId: string,
+ ): Promise {
+ const results: FileAttachment[] = [];
+
+ for (const item of items) {
+ if (item.type === MessageItemType.TEXT) continue;
+
+ try {
+ const media = await downloadMediaFromItem(item, cdnBaseUrl);
+ if (media) {
+ const id = `weixin_${accountId}_${Date.now()}_${Math.random().toString(36).slice(2, 6)}`;
+ results.push({
+ id,
+ name: media.filename,
+ type: media.mimeType,
+ size: media.data.length,
+ data: media.data.toString('base64'),
+ });
+ }
+ } catch (err) {
+ console.error(`[weixin-adapter] Media download failed:`, err instanceof Error ? err.message : err);
+ // Continue processing other items
+ }
+ }
+
+ return results;
+ }
+
+ // ── Helpers ────────────────────────────────────────────────
+
+ private accountToCreds(account: WeixinAccountRow): WeixinCredentials {
+ return {
+ botToken: account.token,
+ ilinkBotId: account.account_id,
+ baseUrl: account.base_url || 'https://ilinkai.weixin.qq.com',
+ cdnBaseUrl: account.cdn_base_url || 'https://novac2c.cdn.weixin.qq.com/c2c',
+ };
+ }
+
+ private sleep(ms: number, signal?: AbortSignal): Promise {
+ return new Promise((resolve) => {
+ const timer = setTimeout(resolve, ms);
+ signal?.addEventListener('abort', () => {
+ clearTimeout(timer);
+ resolve();
+ }, { once: true });
+ });
+ }
+
+ private maybeCommitPendingCursor(updateId: number): void {
+ const batch = this.pendingCursors.get(updateId);
+ if (!batch || !batch.sealed || batch.remaining > 0) {
+ return;
+ }
+ setChannelOffset(batch.offsetKey, batch.cursor);
+ this.pendingCursors.delete(updateId);
+ }
+}
+
+// ── Self-Registration ──────────────────────────────────────
+
+registerAdapterFactory('weixin', () => new WeixinAdapter());
diff --git a/src/lib/bridge/adapters/weixin/weixin-api.ts b/src/lib/bridge/adapters/weixin/weixin-api.ts
new file mode 100644
index 00000000..49bc38e3
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin/weixin-api.ts
@@ -0,0 +1,268 @@
+/**
+ * WeChat HTTP protocol client.
+ *
+ * Pure protocol layer — no business logic or state management.
+ * Derived from OpenClaw weixin plugin reference (protocol only, not runtime dependency).
+ */
+
+import crypto from 'crypto';
+import type {
+ WeixinCredentials,
+ GetUpdatesResponse,
+ GetUploadUrlResponse,
+ GetConfigResponse,
+ MessageItem,
+ QrCodeStartResponse,
+ QrCodeStatusResponse,
+} from './weixin-types';
+import {
+ DEFAULT_BASE_URL,
+ MessageType,
+ MessageState,
+ MessageItemType,
+} from './weixin-types';
+
+const CHANNEL_VERSION = 'codepilot-weixin-bridge/1.0';
+const LONG_POLL_TIMEOUT_MS = 35_000;
+const API_TIMEOUT_MS = 15_000;
+const CONFIG_TIMEOUT_MS = 10_000;
+
+/**
+ * Generate X-WECHAT-UIN header value: random uint32 encoded as base64.
+ */
+function generateWechatUin(): string {
+ const buf = crypto.randomBytes(4);
+ return buf.toString('base64');
+}
+
+/**
+ * Build auth headers for WeChat ilink bot API.
+ */
+function buildHeaders(creds: WeixinCredentials, routeTag?: string): Record {
+ const headers: Record = {
+ 'Content-Type': 'application/json',
+ 'AuthorizationType': 'ilink_bot_token',
+ 'Authorization': `Bearer ${creds.botToken}`,
+ 'X-WECHAT-UIN': generateWechatUin(),
+ };
+ if (routeTag) {
+ headers['SKRouteTag'] = routeTag;
+ }
+ return headers;
+}
+
+/**
+ * Core HTTP request helper.
+ */
+async function weixinRequest(
+ creds: WeixinCredentials,
+ endpoint: string,
+ body: unknown,
+ timeoutMs: number = API_TIMEOUT_MS,
+ routeTag?: string,
+): Promise {
+ const baseUrl = creds.baseUrl || DEFAULT_BASE_URL;
+ const url = `${baseUrl}/ilink/bot/${endpoint}`;
+
+ const res = await fetch(url, {
+ method: 'POST',
+ headers: buildHeaders(creds, routeTag),
+ body: JSON.stringify(body),
+ signal: AbortSignal.timeout(timeoutMs),
+ });
+
+ if (!res.ok) {
+ throw new Error(`WeChat API error: ${res.status} ${res.statusText}`);
+ }
+
+ const rawText = await res.text();
+ if (!rawText.trim()) {
+ return {} as T;
+ }
+
+ try {
+ return JSON.parse(rawText) as T;
+ } catch (err) {
+ throw new Error(
+ `WeChat API returned non-JSON body for ${endpoint}: ${err instanceof Error ? err.message : String(err)}`,
+ );
+ }
+}
+
+/**
+ * Long-poll for updates.
+ */
+export async function getUpdates(
+ creds: WeixinCredentials,
+ getUpdatesBuf: string,
+ timeoutMs: number = LONG_POLL_TIMEOUT_MS,
+): Promise {
+ try {
+ return await weixinRequest(
+ creds,
+ 'getupdates',
+ {
+ get_updates_buf: getUpdatesBuf ?? '',
+ base_info: { channel_version: CHANNEL_VERSION },
+ },
+ timeoutMs + 5_000, // client timeout slightly longer than server timeout
+ );
+ } catch (err) {
+ // Timeout is normal for long-polling — return empty response
+ if (err instanceof Error && err.name === 'TimeoutError') {
+ return { msgs: [], get_updates_buf: getUpdatesBuf };
+ }
+ throw err;
+ }
+}
+
+/**
+ * Generate a unique client_id for outbound messages.
+ */
+function generateClientId(): string {
+ return `codepilot-wx-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
+}
+
+/**
+ * Send a message using the correct protocol structure.
+ * Body: { msg: WeixinMessage, base_info }
+ * Returns the local client_id as messageId (server response is empty).
+ */
+export async function sendMessage(
+ creds: WeixinCredentials,
+ toUserId: string,
+ items: MessageItem[],
+ contextToken: string,
+): Promise<{ clientId: string }> {
+ const clientId = generateClientId();
+ await weixinRequest>(creds, 'sendmessage', {
+ msg: {
+ from_user_id: '',
+ to_user_id: toUserId,
+ client_id: clientId,
+ message_type: MessageType.BOT,
+ message_state: MessageState.FINISH,
+ item_list: items.length > 0 ? items : undefined,
+ context_token: contextToken || undefined,
+ },
+ base_info: { channel_version: CHANNEL_VERSION },
+ });
+ return { clientId };
+}
+
+/**
+ * Send a text message (convenience wrapper).
+ */
+export async function sendTextMessage(
+ creds: WeixinCredentials,
+ toUserId: string,
+ text: string,
+ contextToken: string,
+): Promise<{ clientId: string }> {
+ return sendMessage(creds, toUserId, [
+ { type: MessageItemType.TEXT, text_item: { text } },
+ ], contextToken);
+}
+
+/**
+ * Get CDN upload URL.
+ */
+export async function getUploadUrl(
+ creds: WeixinCredentials,
+ fileKey: string,
+ fileType: number,
+ fileSize: number,
+ fileMd5: string,
+ cipherFileSize: number,
+): Promise {
+ return weixinRequest(creds, 'getuploadurl', {
+ file_key: fileKey,
+ file_type: fileType,
+ file_size: fileSize,
+ file_md5: fileMd5,
+ cipher_file_size: cipherFileSize,
+ });
+}
+
+/**
+ * Get account configuration (typing ticket, route tag, etc.).
+ * Requires ilink_user_id + context_token per reference implementation.
+ */
+export async function getConfig(
+ creds: WeixinCredentials,
+ ilinkUserId?: string,
+ contextToken?: string,
+): Promise {
+ return weixinRequest(
+ creds,
+ 'getconfig',
+ {
+ ilink_user_id: ilinkUserId,
+ context_token: contextToken,
+ base_info: { channel_version: CHANNEL_VERSION },
+ },
+ CONFIG_TIMEOUT_MS,
+ );
+}
+
+/**
+ * Send typing indicator.
+ * Uses ilink_user_id + typing_ticket + status per reference implementation.
+ */
+export async function sendTyping(
+ creds: WeixinCredentials,
+ ilinkUserId: string,
+ typingTicket: string,
+ typingStatus: number,
+): Promise {
+ try {
+ await weixinRequest>(
+ creds,
+ 'sendtyping',
+ {
+ ilink_user_id: ilinkUserId,
+ typing_ticket: typingTicket,
+ status: typingStatus,
+ base_info: { channel_version: CHANNEL_VERSION },
+ },
+ CONFIG_TIMEOUT_MS,
+ );
+ } catch {
+ // Typing indicator is best-effort — never block the main flow
+ }
+}
+
+// ── QR Login API ─────────────────────────────────────────────
+
+const QR_LOGIN_BASE_URL = 'https://ilinkai.weixin.qq.com';
+const QR_LOGIN_TIMEOUT_MS = 40_000;
+
+/**
+ * Start QR code login — returns base64 QR image and qrcode identifier.
+ */
+export async function startLoginQr(): Promise {
+ const url = `${QR_LOGIN_BASE_URL}/ilink/bot/get_bot_qrcode?bot_type=3`;
+ const res = await fetch(url, {
+ method: 'GET',
+ signal: AbortSignal.timeout(API_TIMEOUT_MS),
+ });
+ if (!res.ok) {
+ throw new Error(`QR login start failed: ${res.status}`);
+ }
+ return (await res.json()) as QrCodeStartResponse;
+}
+
+/**
+ * Poll QR code login status.
+ */
+export async function pollLoginQrStatus(qrcode: string): Promise {
+ const url = `${QR_LOGIN_BASE_URL}/ilink/bot/get_qrcode_status?qrcode=${encodeURIComponent(qrcode)}`;
+ const res = await fetch(url, {
+ method: 'GET',
+ signal: AbortSignal.timeout(QR_LOGIN_TIMEOUT_MS),
+ });
+ if (!res.ok) {
+ throw new Error(`QR status poll failed: ${res.status}`);
+ }
+ return (await res.json()) as QrCodeStatusResponse;
+}
diff --git a/src/lib/bridge/adapters/weixin/weixin-auth.ts b/src/lib/bridge/adapters/weixin/weixin-auth.ts
new file mode 100644
index 00000000..8162039a
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin/weixin-auth.ts
@@ -0,0 +1,173 @@
+/**
+ * WeChat QR code login flow.
+ *
+ * Manages QR code generation, status polling, and credential persistence.
+ * Active login sessions are stored in globalThis to survive Next.js HMR.
+ */
+
+import QRCode from 'qrcode';
+import { startLoginQr, pollLoginQrStatus } from './weixin-api';
+import { upsertWeixinAccount } from '../../../db';
+import type { QrCodeStatusResponse } from './weixin-types';
+import { DEFAULT_BASE_URL, DEFAULT_CDN_BASE_URL } from './weixin-types';
+
+export interface QrLoginSession {
+ qrcode: string;
+ qrImage: string; // base64
+ startedAt: number;
+ refreshCount: number;
+ status: 'waiting' | 'scanned' | 'confirmed' | 'expired' | 'failed';
+ accountId?: string;
+ error?: string;
+}
+
+const MAX_REFRESHES = 3;
+const QR_TTL_MS = 5 * 60_000;
+
+// Use globalThis to store active login sessions, surviving HMR
+const GLOBAL_KEY = '__weixin_login_sessions__';
+
+function getLoginSessions(): Map {
+ const g = globalThis as Record;
+ if (!g[GLOBAL_KEY]) {
+ g[GLOBAL_KEY] = new Map();
+ }
+ return g[GLOBAL_KEY] as Map;
+}
+
+/**
+ * Start a new QR login session.
+ * Returns a session ID that can be used to poll status.
+ */
+export async function startQrLoginSession(): Promise<{ sessionId: string; qrImage: string }> {
+ const resp = await startLoginQr();
+
+ if (!resp.qrcode || !resp.qrcode_img_content) {
+ throw new Error('Failed to get QR code from WeChat server');
+ }
+
+ // qrcode_img_content is a URL, generate a data URL for the frontend
+ const qrDataUrl = await QRCode.toDataURL(resp.qrcode_img_content, { width: 256, margin: 2 });
+
+ const sessionId = `qr_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+ const session: QrLoginSession = {
+ qrcode: resp.qrcode,
+ qrImage: qrDataUrl,
+ startedAt: Date.now(),
+ refreshCount: 0,
+ status: 'waiting',
+ };
+
+ getLoginSessions().set(sessionId, session);
+
+ // Auto-cleanup after 10 minutes
+ setTimeout(() => {
+ getLoginSessions().delete(sessionId);
+ }, 10 * 60_000);
+
+ return { sessionId, qrImage: qrDataUrl };
+}
+
+/**
+ * Poll the status of a QR login session.
+ */
+export async function pollQrLoginStatus(sessionId: string): Promise {
+ const sessions = getLoginSessions();
+ const session = sessions.get(sessionId);
+ if (!session) {
+ return { qrcode: '', qrImage: '', startedAt: 0, refreshCount: 0, status: 'failed', error: 'Session not found' };
+ }
+
+ if (session.status === 'confirmed' || session.status === 'failed') {
+ return session;
+ }
+
+ // Check if QR has expired (5 minutes)
+ if (Date.now() - session.startedAt > QR_TTL_MS) {
+ if (session.refreshCount >= MAX_REFRESHES) {
+ session.status = 'failed';
+ session.error = 'QR code expired after maximum refreshes';
+ return session;
+ }
+
+ // Refresh QR code
+ try {
+ const resp = await startLoginQr();
+ if (resp.qrcode && resp.qrcode_img_content) {
+ session.qrcode = resp.qrcode;
+ session.qrImage = await QRCode.toDataURL(resp.qrcode_img_content, { width: 256, margin: 2 });
+ session.startedAt = Date.now();
+ session.refreshCount++;
+ session.status = 'waiting';
+ }
+ } catch (err) {
+ session.status = 'failed';
+ session.error = `QR refresh failed: ${err instanceof Error ? err.message : String(err)}`;
+ }
+ return session;
+ }
+
+ // Poll WeChat server for QR status
+ try {
+ const resp: QrCodeStatusResponse = await pollLoginQrStatus(session.qrcode);
+
+ switch (resp.status) {
+ case 'wait':
+ session.status = 'waiting';
+ break;
+
+ case 'scaned':
+ session.status = 'scanned';
+ break;
+
+ case 'confirmed': {
+ session.status = 'confirmed';
+
+ if (resp.bot_token && resp.ilink_bot_id) {
+ // Normalize account ID (replace unsafe chars)
+ const accountId = (resp.ilink_bot_id || '').replace(/[@.]/g, '-');
+ session.accountId = accountId;
+
+ // Persist to database
+ upsertWeixinAccount({
+ accountId,
+ userId: resp.ilink_user_id || '',
+ baseUrl: resp.baseurl || DEFAULT_BASE_URL,
+ cdnBaseUrl: DEFAULT_CDN_BASE_URL,
+ token: resp.bot_token,
+ name: accountId,
+ enabled: true,
+ });
+
+ console.log(`[weixin-auth] Login successful, account ${accountId} saved`);
+ }
+ break;
+ }
+
+ case 'expired':
+ session.status = 'expired';
+ // Will be refreshed on next poll
+ session.startedAt = 0; // Force refresh on next poll
+ break;
+
+ default:
+ // Unknown status — keep waiting
+ break;
+ }
+ } catch (err) {
+ // Timeout on poll is normal — just return current status
+ if (err instanceof Error && err.name === 'TimeoutError') {
+ return session;
+ }
+ console.error(`[weixin-auth] Poll error:`, err);
+ }
+
+ return session;
+}
+
+/**
+ * Cancel and cleanup a login session.
+ */
+export function cancelQrLoginSession(sessionId: string): void {
+ getLoginSessions().delete(sessionId);
+}
diff --git a/src/lib/bridge/adapters/weixin/weixin-ids.ts b/src/lib/bridge/adapters/weixin/weixin-ids.ts
new file mode 100644
index 00000000..1296dec9
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin/weixin-ids.ts
@@ -0,0 +1,29 @@
+/**
+ * Synthetic chatId encode/decode for WeChat multi-account isolation.
+ *
+ * Format: weixin::::
+ * This ensures each (account, peer) pair maps to a unique channel_bindings row
+ * without modifying the existing schema.
+ */
+
+const WEIXIN_PREFIX = 'weixin::';
+const SEPARATOR = '::';
+
+export function encodeWeixinChatId(accountId: string, peerUserId: string): string {
+ return `${WEIXIN_PREFIX}${accountId}${SEPARATOR}${peerUserId}`;
+}
+
+export function decodeWeixinChatId(chatId: string): { accountId: string; peerUserId: string } | null {
+ if (!chatId.startsWith(WEIXIN_PREFIX)) return null;
+ const rest = chatId.slice(WEIXIN_PREFIX.length);
+ const sepIdx = rest.indexOf(SEPARATOR);
+ if (sepIdx < 0) return null;
+ const accountId = rest.slice(0, sepIdx);
+ const peerUserId = rest.slice(sepIdx + SEPARATOR.length);
+ if (!accountId || !peerUserId) return null;
+ return { accountId, peerUserId };
+}
+
+export function isWeixinChatId(chatId: string): boolean {
+ return chatId.startsWith(WEIXIN_PREFIX) && decodeWeixinChatId(chatId) !== null;
+}
diff --git a/src/lib/bridge/adapters/weixin/weixin-media.ts b/src/lib/bridge/adapters/weixin/weixin-media.ts
new file mode 100644
index 00000000..c5f93bfe
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin/weixin-media.ts
@@ -0,0 +1,194 @@
+/**
+ * WeChat media handling — AES-128-ECB encryption/decryption for CDN.
+ *
+ * WeChat CDN requires media to be encrypted before upload and
+ * decrypted after download using AES-128-ECB with PKCS7 padding.
+ */
+
+import crypto from 'crypto';
+import type { WeixinCredentials, MessageItem, CDNMedia } from './weixin-types';
+import { MessageItemType, UploadMediaType } from './weixin-types';
+import { getUploadUrl } from './weixin-api';
+
+const MAX_MEDIA_SIZE = 100 * 1024 * 1024; // 100 MB
+
+/**
+ * Generate a random 16-byte AES key.
+ */
+export function generateMediaKey(): Buffer {
+ return crypto.randomBytes(16);
+}
+
+/**
+ * AES-128-ECB encrypt with PKCS7 padding.
+ */
+export function encryptMedia(data: Buffer, key: Buffer): Buffer {
+ const cipher = crypto.createCipheriv('aes-128-ecb', key, null);
+ return Buffer.concat([cipher.update(data), cipher.final()]);
+}
+
+/**
+ * AES-128-ECB decrypt with PKCS7 unpadding.
+ */
+export function decryptMedia(data: Buffer, key: Buffer): Buffer {
+ const decipher = crypto.createDecipheriv('aes-128-ecb', key, null);
+ return Buffer.concat([decipher.update(data), decipher.final()]);
+}
+
+/**
+ * Compute padded ciphertext size for AES-128-ECB.
+ */
+export function aesEcbPaddedSize(plaintextSize: number): number {
+ return Math.ceil((plaintextSize + 1) / 16) * 16;
+}
+
+/**
+ * Parse AES key from a message item. Handles both hex (aeskey field)
+ * and base64 (media.aes_key field) formats.
+ */
+function parseAesKey(item: { aeskey?: string; media?: CDNMedia }): Buffer | null {
+ // Prefer aeskey (hex format) if available
+ if (item.aeskey && item.aeskey.length === 32) {
+ return Buffer.from(item.aeskey, 'hex');
+ }
+ // Fallback to media.aes_key (base64 format)
+ if (item.media?.aes_key) {
+ return Buffer.from(item.media.aes_key, 'base64');
+ }
+ return null;
+}
+
+/**
+ * Download and decrypt media from CDN.
+ */
+export async function downloadAndDecryptMedia(
+ cdnUrl: string,
+ aesKey: Buffer,
+ label: string = 'media',
+): Promise {
+ const res = await fetch(cdnUrl, {
+ signal: AbortSignal.timeout(60_000),
+ });
+
+ if (!res.ok) {
+ throw new Error(`CDN download failed for ${label}: ${res.status}`);
+ }
+
+ const encrypted = Buffer.from(await res.arrayBuffer());
+
+ if (encrypted.length > MAX_MEDIA_SIZE) {
+ throw new Error(`Media too large: ${encrypted.length} bytes (max ${MAX_MEDIA_SIZE})`);
+ }
+
+ return decryptMedia(encrypted, aesKey);
+}
+
+/**
+ * Extract downloadable media from a message item.
+ * Returns null if no media is present or key is missing.
+ */
+export async function downloadMediaFromItem(
+ item: MessageItem,
+ cdnBaseUrl: string,
+): Promise<{ data: Buffer; mimeType: string; filename: string } | null> {
+ let encryptParam: string | undefined;
+ let aesKey: Buffer | null = null;
+ let mimeType = 'application/octet-stream';
+ let filename = 'file';
+
+ switch (item.type) {
+ case MessageItemType.IMAGE:
+ if (item.image_item) {
+ encryptParam = item.image_item.media?.encrypt_query_param;
+ aesKey = parseAesKey(item.image_item as { aeskey?: string; media?: CDNMedia });
+ mimeType = 'image/jpeg';
+ filename = `image_${Date.now()}.jpg`;
+ }
+ break;
+
+ case MessageItemType.VOICE:
+ if (item.voice_item) {
+ encryptParam = item.voice_item.media?.encrypt_query_param;
+ aesKey = parseAesKey(item.voice_item as { aeskey?: string; media?: CDNMedia });
+ mimeType = 'audio/silk';
+ filename = `voice_${Date.now()}.silk`;
+ }
+ break;
+
+ case MessageItemType.FILE:
+ if (item.file_item) {
+ encryptParam = item.file_item.media?.encrypt_query_param;
+ aesKey = parseAesKey(item.file_item as { aeskey?: string; media?: CDNMedia });
+ filename = item.file_item.file_name || `file_${Date.now()}`;
+ // Try to guess MIME from filename
+ const ext = filename.split('.').pop()?.toLowerCase();
+ if (ext) {
+ const mimeMap: Record = {
+ pdf: 'application/pdf', doc: 'application/msword', docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+ xls: 'application/vnd.ms-excel', xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+ txt: 'text/plain', zip: 'application/zip', png: 'image/png', jpg: 'image/jpeg', jpeg: 'image/jpeg',
+ };
+ mimeType = mimeMap[ext] || mimeType;
+ }
+ }
+ break;
+
+ case MessageItemType.VIDEO:
+ if (item.video_item) {
+ encryptParam = item.video_item.media?.encrypt_query_param;
+ aesKey = parseAesKey(item.video_item as { aeskey?: string; media?: CDNMedia });
+ mimeType = 'video/mp4';
+ filename = `video_${Date.now()}.mp4`;
+ }
+ break;
+ }
+
+ if (!encryptParam || !aesKey) return null;
+
+ const cdnUrl = `${cdnBaseUrl}?${encryptParam}`;
+ const data = await downloadAndDecryptMedia(cdnUrl, aesKey, filename);
+ return { data, mimeType, filename };
+}
+
+/**
+ * Encrypt and upload media to CDN.
+ * Returns the download reference parameters for inclusion in sendMessage.
+ */
+export async function uploadMediaToCdn(
+ creds: WeixinCredentials,
+ data: Buffer,
+ filename: string,
+ mediaType: number,
+): Promise<{ encryptQueryParam: string; aesKeyBase64: string; cipherSize: number }> {
+ const plainMd5 = crypto.createHash('md5').update(data).digest('hex');
+ const aesKey = generateMediaKey();
+ const fileKey = crypto.randomBytes(16).toString('hex');
+ const cipherSize = aesEcbPaddedSize(data.length);
+
+ // Get pre-signed upload URL
+ const urlResp = await getUploadUrl(creds, fileKey, mediaType, data.length, plainMd5, cipherSize);
+ if (!urlResp.upload_param) {
+ throw new Error('Failed to get upload URL from WeChat');
+ }
+
+ // Encrypt
+ const encrypted = encryptMedia(data, aesKey);
+
+ // Upload to CDN
+ const cdnUrl = `${creds.cdnBaseUrl}?${urlResp.upload_param}`;
+ const uploadRes = await fetch(cdnUrl, {
+ method: 'PUT',
+ body: new Uint8Array(encrypted),
+ signal: AbortSignal.timeout(60_000),
+ });
+
+ if (!uploadRes.ok) {
+ throw new Error(`CDN upload failed: ${uploadRes.status}`);
+ }
+
+ return {
+ encryptQueryParam: urlResp.upload_param,
+ aesKeyBase64: aesKey.toString('base64'),
+ cipherSize: encrypted.length,
+ };
+}
diff --git a/src/lib/bridge/adapters/weixin/weixin-session-guard.ts b/src/lib/bridge/adapters/weixin/weixin-session-guard.ts
new file mode 100644
index 00000000..89b5afd4
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin/weixin-session-guard.ts
@@ -0,0 +1,71 @@
+/**
+ * Session guard for WeChat accounts.
+ *
+ * Tracks pause state per account (e.g., after errcode -14 session expired).
+ * Pause durations are per-account and stored in memory.
+ */
+
+const PAUSE_DURATION_MS = 60 * 60 * 1000; // 60 minutes
+
+interface AccountPauseState {
+ pausedAt: number;
+ resumeAt: number;
+ reason: string;
+}
+
+const pauseStates = new Map();
+
+/**
+ * Check if an account is currently paused.
+ */
+export function isPaused(accountId: string): boolean {
+ const state = pauseStates.get(accountId);
+ if (!state) return false;
+ if (Date.now() >= state.resumeAt) {
+ // Pause expired — auto-clear
+ pauseStates.delete(accountId);
+ return false;
+ }
+ return true;
+}
+
+/**
+ * Get remaining pause time in milliseconds, or 0 if not paused.
+ */
+export function getPauseRemainingMs(accountId: string): number {
+ const state = pauseStates.get(accountId);
+ if (!state) return 0;
+ const remaining = state.resumeAt - Date.now();
+ if (remaining <= 0) {
+ pauseStates.delete(accountId);
+ return 0;
+ }
+ return remaining;
+}
+
+/**
+ * Pause an account for the default duration (60 minutes).
+ */
+export function setPaused(accountId: string, reason: string = 'Session expired'): void {
+ const now = Date.now();
+ pauseStates.set(accountId, {
+ pausedAt: now,
+ resumeAt: now + PAUSE_DURATION_MS,
+ reason,
+ });
+ console.log(`[weixin-session-guard] Account ${accountId} paused for 60 min: ${reason}`);
+}
+
+/**
+ * Clear pause state for an account.
+ */
+export function clearPause(accountId: string): void {
+ pauseStates.delete(accountId);
+}
+
+/**
+ * Clear all pause states.
+ */
+export function clearAllPauses(): void {
+ pauseStates.clear();
+}
diff --git a/src/lib/bridge/adapters/weixin/weixin-types.ts b/src/lib/bridge/adapters/weixin/weixin-types.ts
new file mode 100644
index 00000000..db917c7a
--- /dev/null
+++ b/src/lib/bridge/adapters/weixin/weixin-types.ts
@@ -0,0 +1,188 @@
+/**
+ * WeChat protocol types — derived from OpenClaw weixin plugin reference.
+ * Used as protocol specification only, not runtime dependency.
+ */
+
+export const MessageType = {
+ NONE: 0,
+ USER: 1,
+ BOT: 2,
+} as const;
+
+export const MessageItemType = {
+ TEXT: 1,
+ IMAGE: 2,
+ VOICE: 3,
+ FILE: 4,
+ VIDEO: 5,
+} as const;
+
+export const MessageState = {
+ NEW: 0,
+ GENERATING: 1,
+ FINISH: 2,
+} as const;
+
+export const TypingStatus = {
+ TYPING: 1,
+ CANCEL: 2,
+} as const;
+
+export const UploadMediaType = {
+ IMAGE: 1,
+ VIDEO: 2,
+ FILE: 3,
+ VOICE: 4,
+} as const;
+
+export interface CDNMedia {
+ encrypt_query_param: string;
+ aes_key: string; // base64 encoded
+ encrypt_type: number;
+}
+
+export interface TextItem {
+ text: string;
+}
+
+export interface ImageItem {
+ media?: CDNMedia;
+ aeskey?: string; // hex
+ mid_size?: number;
+}
+
+export interface VoiceItem {
+ media?: CDNMedia;
+ voice_length_ms?: number;
+}
+
+export interface FileItem {
+ media?: CDNMedia;
+ file_name?: string;
+ file_size?: number;
+}
+
+export interface VideoItem {
+ media?: CDNMedia;
+ video_length_s?: number;
+}
+
+export interface MessageItem {
+ type: number;
+ text_item?: TextItem;
+ image_item?: ImageItem;
+ voice_item?: VoiceItem;
+ file_item?: FileItem;
+ video_item?: VideoItem;
+}
+
+export interface WeixinMessage {
+ seq?: number;
+ message_id?: string;
+ msg_type?: number;
+ from_user_id: string;
+ to_user_id?: string;
+ item_list?: MessageItem[];
+ context_token?: string;
+ create_time?: number;
+ state?: number;
+ ref_message?: {
+ title?: string;
+ content?: string;
+ item_list?: MessageItem[];
+ };
+}
+
+export interface GetUpdatesRequest {
+ get_updates_buf?: string;
+ timeout_ms?: number;
+}
+
+export interface GetUpdatesResponse {
+ errcode?: number;
+ errmsg?: string;
+ msgs?: WeixinMessage[];
+ get_updates_buf?: string;
+ longpolling_timeout_ms?: number;
+}
+
+/** SendMessage request: wraps a single WeixinMessage + base_info. */
+export interface SendMessageRequest {
+ msg: {
+ from_user_id: string;
+ to_user_id: string;
+ client_id: string;
+ message_type: number;
+ message_state: number;
+ item_list?: MessageItem[];
+ context_token?: string;
+ };
+ base_info?: { channel_version?: string };
+}
+
+/** SendMessage response is effectively empty on success. */
+export interface SendMessageResponse {
+ errcode?: number;
+ errmsg?: string;
+}
+
+export interface GetUploadUrlRequest {
+ file_key: string;
+ file_type: number;
+ file_size: number;
+ file_md5: string;
+ cipher_file_size: number;
+}
+
+export interface GetUploadUrlResponse {
+ errcode?: number;
+ errmsg?: string;
+ upload_param?: string;
+}
+
+export interface GetConfigResponse {
+ errcode?: number;
+ errmsg?: string;
+ typing_ticket?: string;
+ route_tag?: string;
+}
+
+/** SendTyping request: uses ilink_user_id + typing_ticket + status. */
+export interface SendTypingRequest {
+ ilink_user_id: string;
+ typing_ticket: string;
+ status: number;
+}
+
+export interface QrCodeStartResponse {
+ errcode?: number;
+ errmsg?: string;
+ qrcode?: string;
+ qrcode_img_content?: string; // URL to QR code image
+}
+
+export interface QrCodeStatusResponse {
+ errcode?: number;
+ errmsg?: string;
+ status?: 'wait' | 'scaned' | 'confirmed' | 'expired';
+ bot_token?: string;
+ ilink_bot_id?: string;
+ baseurl?: string;
+ ilink_user_id?: string;
+}
+
+export interface WeixinCredentials {
+ botToken: string;
+ ilinkBotId: string;
+ baseUrl: string;
+ cdnBaseUrl: string;
+}
+
+/** Error code indicating the session has expired */
+export const ERRCODE_SESSION_EXPIRED = -14;
+
+/** Default base URL */
+export const DEFAULT_BASE_URL = 'https://ilinkai.weixin.qq.com';
+
+/** Default CDN base URL */
+export const DEFAULT_CDN_BASE_URL = 'https://novac2c.cdn.weixin.qq.com/c2c';
diff --git a/src/lib/bridge/bridge-manager.ts b/src/lib/bridge/bridge-manager.ts
index d3d8fbe7..6c9b6fdf 100644
--- a/src/lib/bridge/bridge-manager.ts
+++ b/src/lib/bridge/bridge-manager.ts
@@ -162,6 +162,27 @@ async function deliverResponse(
}
return { ok: true };
}
+ if (adapter.channelType === 'weixin') {
+ // WeChat plain text only, 4096 chars per chunk, max 5 chunks.
+ const WEIXIN_MAX_CHUNKS = 5;
+ const limit = limits.weixin || 4096;
+ const chunks = chunkText(responseText, limit);
+
+ const effectiveChunks = chunks.length > WEIXIN_MAX_CHUNKS
+ ? [...chunks.slice(0, WEIXIN_MAX_CHUNKS - 1), chunks.slice(WEIXIN_MAX_CHUNKS - 1).join('\n').slice(0, limit - 30) + '\n\n[... response truncated]']
+ : chunks;
+
+ for (let i = 0; i < effectiveChunks.length; i++) {
+ const result = await deliver(adapter, {
+ address,
+ text: effectiveChunks[i],
+ parseMode: 'plain',
+ replyToMessageId,
+ }, { sessionId });
+ if (!result.ok) return result;
+ }
+ return { ok: true };
+ }
// Generic fallback: deliver as plain text
return deliver(adapter, {
@@ -228,24 +249,33 @@ function processWithSessionLock(sessionId: string, fn: () => Promise): Pro
return current;
}
+export interface StartResult {
+ started: boolean;
+ reason?: string;
+}
+
/**
* Start the bridge system.
* Checks feature flags, registers enabled adapters, starts polling loops.
+ * Returns a result indicating success/failure with a reason.
*/
-export async function start(): Promise {
+export async function start(): Promise {
const state = getState();
- if (state.running) return;
+ if (state.running) return { started: true };
const bridgeEnabled = getSetting('remote_bridge_enabled') === 'true';
if (!bridgeEnabled) {
console.log('[bridge-manager] Bridge not enabled (remote_bridge_enabled != true)');
- return;
+ return { started: false, reason: 'bridge_not_enabled' };
}
// Iterate all registered adapter types and create those that are enabled
+ const configErrors: string[] = [];
+ let enabledCount = 0;
for (const channelType of getRegisteredTypes()) {
const settingKey = `bridge_${channelType}_enabled`;
if (getSetting(settingKey) !== 'true') continue;
+ enabledCount++;
const adapter = createAdapter(channelType);
if (!adapter) continue;
@@ -255,9 +285,14 @@ export async function start(): Promise {
registerAdapter(adapter);
} else {
console.warn(`[bridge-manager] ${channelType} adapter not valid:`, configError);
+ configErrors.push(`${channelType}: ${configError}`);
}
}
+ if (enabledCount === 0) {
+ return { started: false, reason: 'no_channels_enabled' };
+ }
+
// Start all registered adapters, track how many succeeded
let startedCount = 0;
for (const [type, adapter] of state.adapters) {
@@ -275,7 +310,10 @@ export async function start(): Promise {
console.warn('[bridge-manager] No adapters started successfully, bridge not activated');
state.adapters.clear();
state.adapterMeta.clear();
- return;
+ const reason = configErrors.length > 0
+ ? `adapter_config_invalid: ${configErrors.join('; ')}`
+ : 'no_adapters_started';
+ return { started: false, reason };
}
// Mark running BEFORE starting consumer loops — runAdapterLoop checks
@@ -294,6 +332,7 @@ export async function start(): Promise {
}
console.log(`[bridge-manager] Bridge started with ${startedCount} adapter(s)`);
+ return { started: true };
}
/**
@@ -333,6 +372,18 @@ export async function stop(): Promise {
console.log('[bridge-manager] Bridge stopped');
}
+/**
+ * Restart the bridge (stop + start). Useful when adapter config changes
+ * at runtime, e.g. a new WeChat account is linked while the bridge is running.
+ */
+export async function restart(): Promise {
+ const state = getState();
+ if (state.running) {
+ await stop();
+ }
+ return start();
+}
+
/**
* Lazy auto-start: checks bridge_auto_start setting once and starts if enabled.
* Called from POST /api/bridge with action 'auto-start' (triggered by Electron on startup).
diff --git a/src/lib/bridge/channel-router.ts b/src/lib/bridge/channel-router.ts
index b1ec5aa4..d1c49212 100644
--- a/src/lib/bridge/channel-router.ts
+++ b/src/lib/bridge/channel-router.ts
@@ -15,18 +15,69 @@ import {
createSession,
getSetting,
updateSessionProviderId,
+ updateSessionWorkingDirectory,
+ updateSdkSessionId,
} from '../db';
+import { resolveWorkingDirectory } from '../working-directory';
+
+function shouldResetResumeForSource(source: string): boolean {
+ return source === 'setting' || source === 'home' || source === 'process';
+}
/**
* Resolve an inbound address to a ChannelBinding.
* If no binding exists, auto-creates a new session and binding.
+ * Self-heals stale workingDirectory / sdkSessionId in existing bindings.
*/
export function resolve(address: ChannelAddress): ChannelBinding {
const existing = getChannelBinding(address.channelType, address.chatId);
if (existing) {
- // Verify the linked session still exists; if not, create a new one
const session = getSession(existing.codepilotSessionId);
- if (session) return existing;
+ if (session) {
+ const resolved = resolveWorkingDirectory([
+ { path: session.sdk_cwd, source: 'session_sdk_cwd' },
+ { path: existing.workingDirectory, source: 'binding' },
+ { path: session.working_directory, source: 'session_working_directory' },
+ { path: getSetting('bridge_default_work_dir'), source: 'setting' },
+ ]);
+ const shouldResetResume = shouldResetResumeForSource(resolved.source);
+ const updates: Partial> = {};
+
+ if (resolved.invalidCandidates.length > 0) {
+ console.warn('[channel-router] Healed invalid bridge working directory', {
+ channelType: existing.channelType,
+ chatId: existing.chatId,
+ sessionId: existing.codepilotSessionId,
+ selected: resolved.path,
+ source: resolved.source,
+ invalidCandidates: resolved.invalidCandidates,
+ });
+ }
+
+ if (existing.workingDirectory !== resolved.path) {
+ updates.workingDirectory = resolved.path;
+ existing.workingDirectory = resolved.path;
+ }
+
+ if (shouldResetResume && existing.sdkSessionId) {
+ updates.sdkSessionId = '';
+ existing.sdkSessionId = '';
+ }
+
+ if (Object.keys(updates).length > 0) {
+ updateChannelBinding(existing.id, updates);
+ }
+
+ if (session.working_directory !== resolved.path || session.sdk_cwd !== resolved.path) {
+ updateSessionWorkingDirectory(session.id, resolved.path);
+ }
+
+ if (shouldResetResume && session.sdk_session_id) {
+ updateSdkSessionId(session.id, '');
+ }
+
+ return existing;
+ }
// Session was deleted — recreate
return createBinding(address);
}
@@ -40,10 +91,11 @@ export function createBinding(
address: ChannelAddress,
workingDirectory?: string,
): ChannelBinding {
- const defaultCwd = workingDirectory
- || getSetting('bridge_default_work_dir')
- || process.env.HOME
- || '';
+ const resolved = resolveWorkingDirectory([
+ { path: workingDirectory, source: 'requested' },
+ { path: getSetting('bridge_default_work_dir'), source: 'setting' },
+ ]);
+ const defaultCwd = resolved.path;
const defaultModel = getSetting('bridge_default_model') || '';
const defaultProviderId = getSetting('bridge_default_provider_id') || '';
@@ -81,12 +133,22 @@ export function bindToSession(
const session = getSession(codepilotSessionId);
if (!session) return null;
+ const resolved = resolveWorkingDirectory([
+ { path: session.sdk_cwd, source: 'session_sdk_cwd' },
+ { path: session.working_directory, source: 'session_working_directory' },
+ { path: getSetting('bridge_default_work_dir'), source: 'setting' },
+ ]);
+
+ if (session.working_directory !== resolved.path || session.sdk_cwd !== resolved.path) {
+ updateSessionWorkingDirectory(session.id, resolved.path);
+ }
+
return upsertChannelBinding({
channelType: address.channelType,
chatId: address.chatId,
codepilotSessionId,
sdkSessionId: '',
- workingDirectory: session.working_directory,
+ workingDirectory: resolved.path,
model: session.model,
mode: 'code',
});
diff --git a/src/lib/bridge/conversation-engine.ts b/src/lib/bridge/conversation-engine.ts
index 005b31ea..ce036ccc 100644
--- a/src/lib/bridge/conversation-engine.ts
+++ b/src/lib/bridge/conversation-engine.ts
@@ -10,7 +10,7 @@ import fs from 'fs';
import path from 'path';
import os from 'os';
import type { ChannelBinding } from './types';
-import type { SSEEvent, TokenUsage, MessageContentBlock, FileAttachment, MCPServerConfig } from '@/types';
+import type { SSEEvent, TokenUsage, MessageContentBlock, FileAttachment } from '@/types';
import { streamClaude } from '../claude-client';
import {
addMessage,
@@ -26,42 +26,10 @@ import {
getSetting,
} from '../db';
import { resolveProvider as resolveProviderUnified } from '../provider-resolver';
+import { loadCodePilotMcpServers } from '../mcp-loader';
+import { assembleContext } from '../context-assembler';
import crypto from 'crypto';
-/** Read MCP server configs from ~/.claude.json and ~/.claude/settings.json */
-function loadMcpServers(): Record | undefined {
- try {
- const readJson = (p: string): Record => {
- if (!fs.existsSync(p)) return {};
- try { return JSON.parse(fs.readFileSync(p, 'utf-8')); } catch { return {}; }
- };
- const userConfig = readJson(path.join(os.homedir(), '.claude.json'));
- const settings = readJson(path.join(os.homedir(), '.claude', 'settings.json'));
- // Also read project-level .mcp.json
- const projectMcp = readJson(path.join(process.cwd(), '.mcp.json'));
- const merged = {
- ...((userConfig.mcpServers || {}) as Record),
- ...((settings.mcpServers || {}) as Record),
- ...((projectMcp.mcpServers || {}) as Record),
- };
- // Resolve ${...} placeholders in env values against DB settings
- for (const server of Object.values(merged)) {
- if (server.env) {
- for (const [key, value] of Object.entries(server.env)) {
- if (typeof value === 'string' && value.startsWith('${') && value.endsWith('}')) {
- const settingKey = value.slice(2, -1);
- const resolved = getSetting(settingKey);
- server.env[key] = resolved || '';
- }
- }
- }
- }
- return Object.keys(merged).length > 0 ? merged : undefined;
- } catch {
- return undefined;
- }
-}
-
export interface PermissionRequestInfo {
permissionRequestId: string;
toolName: string;
@@ -100,6 +68,17 @@ export interface ConversationResult {
sdkSessionId: string | null;
}
+/**
+ * Resolve and validate working directory from multiple candidates.
+ * Returns the first existing directory, or HOME as last resort.
+ */
+function resolveWorkingDirectory(...candidates: (string | undefined | null)[]): string {
+ for (const dir of candidates) {
+ if (dir && fs.existsSync(dir)) return dir;
+ }
+ return os.homedir();
+}
+
/**
* Process an inbound message: send to Claude, consume the response stream,
* save to DB, and return the result.
@@ -212,17 +191,42 @@ export async function processMessage(
}
}
- // Load MCP servers from Claude config files so the SDK has access to
- // user-level MCP tools, matching the desktop chat route behavior.
- const mcpServers = loadMcpServers();
+ // Load only MCP servers needing CodePilot-specific processing (${...} env placeholders).
+ // All other MCP servers are auto-loaded by the SDK via settingSources.
+ const mcpServers = loadCodePilotMcpServers();
+
+ // Unified context assembly — adds CLI tools context (and workspace prompt if applicable)
+ const assembled = await assembleContext({
+ session: session!,
+ entryPoint: 'bridge',
+ userPrompt: text,
+ conversationHistory: historyMsgs,
+ });
+
+ // Resolve a valid working directory from multiple candidates
+ const effectiveCwd = resolveWorkingDirectory(
+ binding.workingDirectory,
+ session?.working_directory,
+ getSetting('bridge_default_work_dir'),
+ );
+
+ // If the effective cwd differs from what the binding/session had, the
+ // original directory is gone — clear sdkSessionId to prevent stale resume.
+ const originalCwd = binding.workingDirectory || session?.working_directory;
+ const cwdChanged = originalCwd && effectiveCwd !== originalCwd;
+ const effectiveSdkSessionId = cwdChanged ? undefined : (binding.sdkSessionId || undefined);
+
+ if (cwdChanged) {
+ console.log(`[conversation-engine] CWD changed from "${originalCwd}" to "${effectiveCwd}", clearing sdkSessionId`);
+ }
const stream = streamClaude({
prompt: text,
sessionId,
- sdkSessionId: binding.sdkSessionId || undefined,
+ sdkSessionId: effectiveSdkSessionId,
model: effectiveModel,
- systemPrompt: session?.system_prompt || undefined,
- workingDirectory: binding.workingDirectory || session?.working_directory || undefined,
+ systemPrompt: assembled.systemPrompt,
+ workingDirectory: effectiveCwd,
abortController,
permissionMode,
provider: resolvedProvider,
@@ -231,6 +235,12 @@ export async function processMessage(
conversationHistory: historyMsgs,
files,
bypassPermissions,
+ // Bridge-specific SDK options
+ thinking: { type: 'disabled' as const },
+ effort: 'medium' as const,
+ generativeUI: false,
+ enableFileCheckpointing: false,
+ context1m: false,
onRuntimeStatusChange: (status: string) => {
try { setSessionRuntimeStatus(sessionId, status); } catch { /* best effort */ }
},
@@ -385,10 +395,17 @@ async function consumeStream(
break;
}
- case 'error':
+ case 'error': {
hasError = true;
- errorMessage = event.data || 'Unknown error';
+ // Parse structured error JSON to extract a user-friendly message
+ try {
+ const errObj = JSON.parse(event.data);
+ errorMessage = errObj.userMessage || errObj._formattedMessage || errObj.message || event.data;
+ } catch {
+ errorMessage = event.data || 'Unknown error';
+ }
break;
+ }
case 'result': {
try {
diff --git a/src/lib/bridge/permission-broker.ts b/src/lib/bridge/permission-broker.ts
index 395a1245..2e343a1d 100644
--- a/src/lib/bridge/permission-broker.ts
+++ b/src/lib/bridge/permission-broker.ts
@@ -68,7 +68,7 @@ export async function forwardPermissionRequest(
// Channels without inline button support (e.g. QQ) need text-based
// permission commands. Check if the adapter ignores inlineButtons.
- const supportsButtons = adapter.channelType !== 'qq';
+ const supportsButtons = !['qq', 'weixin'].includes(adapter.channelType);
const textLines = [
`Permission Required`,
diff --git a/src/lib/bridge/types.ts b/src/lib/bridge/types.ts
index 69b780f1..37dc9eda 100644
--- a/src/lib/bridge/types.ts
+++ b/src/lib/bridge/types.ts
@@ -173,4 +173,5 @@ export const PLATFORM_LIMITS: Record = {
slack: 40000,
feishu: 30000,
qq: 2000,
+ weixin: 4096,
};
diff --git a/src/lib/claude-client.ts b/src/lib/claude-client.ts
index 9979e91e..d31b7ac8 100644
--- a/src/lib/claude-client.ts
+++ b/src/lib/claude-client.ts
@@ -17,12 +17,13 @@ import type { ClaudeStreamOptions, SSEEvent, TokenUsage, MCPServerConfig, Permis
import { isImageFile } from '@/types';
import { registerPendingPermission } from './permission-registry';
import { registerConversation, unregisterConversation } from './conversation-registry';
-import { captureCapabilities, setCachedPlugins } from './agent-sdk-capabilities';
+import { captureCapabilities, isCacheFresh, setCachedPlugins } from './agent-sdk-capabilities';
import { getSetting, updateSdkSessionId, createPermissionRequest } from './db';
import { resolveForClaudeCode, toClaudeCodeEnv } from './provider-resolver';
import { findClaudeBinary, findGitBash, getExpandedPath, invalidateClaudePathCache } from './platform';
import { notifyPermissionRequest, notifyGeneric } from './telegram-bot';
import { classifyError, formatClassifiedError } from './error-classifier';
+import { resolveWorkingDirectory } from './working-directory';
import os from 'os';
import fs from 'fs';
import path from 'path';
@@ -409,6 +410,16 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream {
const widgetKeywords = /可视化|图表|流程图|时间线|架构图|对比|visualiz|diagram|chart|flowchart|timeline|infographic|interactive|widget|show-widget|hierarchy|dashboard/i;
- // Check current prompt
+ // Check current user prompt
if (widgetKeywords.test(prompt)) return true;
// Check if conversation already has widgets (resume context)
if (conversationHistory?.some(m => m.content.includes('show-widget'))) return true;
- // Check system prompt for image/widget agent mode
- if (systemPrompt && widgetKeywords.test(systemPrompt)) return true;
+ // Check explicit widget/image-agent mode
+ if (imageAgentMode) return true;
return false;
})();
@@ -542,9 +553,10 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream 0) {
- const workDir = workingDirectory || os.homedir();
+ const workDir = resolvedWorkingDirectory.path;
const savedPaths = getUploadedFilePaths(nonImageFiles, workDir);
const fileReferences = savedPaths
.map((p, i) => `[User attached file: ${p} (${nonImageFiles[i].name})]`)
@@ -716,7 +739,7 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream {
- const workDir = workingDirectory || os.homedir();
+ const workDir = resolvedWorkingDirectory.path;
const imagePaths = getUploadedFilePaths(imageFiles, workDir);
const imageReferences = imagePaths
.map((p, i) => `[User attached image: ${p} (${imageFiles[i].name})]`)
@@ -814,12 +837,10 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream {
- console.warn('[claude-client] Capability capture failed:', err);
- });
+ let capturePending = !isCacheFresh(capProviderId);
let tokenUsage: TokenUsage | null = null;
// Track pending TodoWrite tool_use_ids so we can sync after successful execution
@@ -831,6 +852,13 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream {
+ console.warn('[claude-client] Deferred capability capture failed:', err);
+ });
+ }
const assistantMsg = message as SDKAssistantMessage;
// Text deltas are handled by stream_event for real-time streaming.
// Here we only process tool_use blocks.
diff --git a/src/lib/context-assembler.ts b/src/lib/context-assembler.ts
new file mode 100644
index 00000000..01807347
--- /dev/null
+++ b/src/lib/context-assembler.ts
@@ -0,0 +1,230 @@
+/**
+ * Context Assembler — unified system prompt assembly for all entry points.
+ *
+ * Extracts the 5-layer prompt assembly logic from route.ts into a pure async
+ * function. Both browser chat (route.ts) and bridge (conversation-engine.ts)
+ * call this, ensuring consistent context regardless of entry point.
+ *
+ * Layer injection is controlled by entry point type:
+ * Desktop: workspace + session + assistant instructions + CLI tools + widget
+ * Bridge: workspace + session + assistant instructions + CLI tools (no widget)
+ */
+
+import type { ChatSession, SearchResult } from '@/types';
+import { getSetting } from '@/lib/db';
+
+// ── Types ────────────────────────────────────────────────────────────
+
+export interface ContextAssemblyConfig {
+ /** The session from DB */
+ session: ChatSession;
+ /** Entry point: controls which layers are injected */
+ entryPoint: 'desktop' | 'bridge';
+ /** Current user prompt (used for workspace retrieval + widget keyword detection) */
+ userPrompt: string;
+ /** Per-request system prompt append (e.g., skill injection for image generation) */
+ systemPromptAppend?: string;
+ /** Conversation history (for widget keyword detection in resume context) */
+ conversationHistory?: Array<{ role: string; content: string }>;
+ /** Whether this is an image agent mode call */
+ imageAgentMode?: boolean;
+}
+
+export interface AssembledContext {
+ /** Final assembled system prompt string, or undefined if no layers produced content */
+ systemPrompt: string | undefined;
+ /** Whether generative UI is enabled (affects widget MCP server + streamClaude param) */
+ generativeUIEnabled: boolean;
+ /** Whether widget MCP server should be registered (keyword-gated) */
+ needsWidgetMcp: boolean;
+ /** Onboarding/checkin instructions (route.ts uses this for server-side completion detection) */
+ assistantProjectInstructions: string;
+ /** Whether this session is in the assistant workspace */
+ isAssistantProject: boolean;
+}
+
+// ── Main function ────────────────────────────────────────────────────
+
+export async function assembleContext(config: ContextAssemblyConfig): Promise {
+ const { session, entryPoint, userPrompt, systemPromptAppend, conversationHistory, imageAgentMode } = config;
+ const t0 = Date.now();
+
+ let workspacePrompt = '';
+ let assistantProjectInstructions = '';
+ let isAssistantProject = false;
+
+ // ── Layer 1: Workspace prompt (if assistant project session) ──────
+ try {
+ const workspacePath = getSetting('assistant_workspace_path');
+ if (workspacePath) {
+ const sessionWd = session.working_directory || '';
+ isAssistantProject = sessionWd === workspacePath;
+
+ if (isAssistantProject) {
+ const { loadWorkspaceFiles, assembleWorkspacePrompt, loadState, needsDailyCheckIn } =
+ await import('@/lib/assistant-workspace');
+
+ // Incremental reindex BEFORE search so current turn sees latest content
+ try {
+ const { indexWorkspace } = await import('@/lib/workspace-indexer');
+ indexWorkspace(workspacePath);
+ } catch {
+ // indexer not available, skip
+ }
+
+ const files = loadWorkspaceFiles(workspacePath);
+
+ // Retrieval: search workspace index for relevant context
+ let retrievalResults: SearchResult[] | undefined;
+ try {
+ const { searchWorkspace, updateHotset } = await import('@/lib/workspace-retrieval');
+ if (userPrompt.length > 10) {
+ retrievalResults = searchWorkspace(workspacePath, userPrompt, { limit: 5 });
+ if (retrievalResults.length > 0) {
+ updateHotset(workspacePath, retrievalResults.map(r => r.path));
+ }
+ }
+ } catch {
+ // retrieval module not available, skip
+ }
+
+ workspacePrompt = assembleWorkspacePrompt(files, retrievalResults);
+
+ const state = loadState(workspacePath);
+
+ if (!state.onboardingComplete) {
+ assistantProjectInstructions = buildOnboardingInstructions();
+ } else if (needsDailyCheckIn(state)) {
+ assistantProjectInstructions = buildCheckinInstructions();
+ }
+ }
+ }
+ } catch (e) {
+ console.warn('[context-assembler] Failed to load assistant workspace:', e);
+ }
+
+ // ── Layer 2: Session prompt + per-request append ──────────────────
+ let finalSystemPrompt: string | undefined = session.system_prompt || undefined;
+ if (systemPromptAppend) {
+ finalSystemPrompt = (finalSystemPrompt || '') + '\n\n' + systemPromptAppend;
+ }
+
+ // Workspace prompt goes first (base personality), session prompt after (task override)
+ if (workspacePrompt) {
+ finalSystemPrompt = workspacePrompt + '\n\n' + (finalSystemPrompt || '');
+ }
+
+ // ── Layer 3: Assistant project instructions ───────────────────────
+ if (assistantProjectInstructions) {
+ finalSystemPrompt = (finalSystemPrompt || '') + '\n\n' + assistantProjectInstructions;
+ }
+
+ // ── Layer 4: CLI tools context (always, both desktop and bridge) ──
+ const t1 = Date.now();
+ try {
+ const { buildCliToolsContext } = await import('@/lib/cli-tools-context');
+ const cliToolsCtx = await buildCliToolsContext();
+ const t2 = Date.now();
+ console.log(`[context-assembler] CLI tools detection: ${t2 - t1}ms`);
+ if (cliToolsCtx) {
+ finalSystemPrompt = (finalSystemPrompt || '') + '\n\n' + cliToolsCtx;
+ }
+ } catch {
+ // CLI tools context injection failed — don't block
+ }
+
+ // ── Layer 5: Widget system prompt (desktop only) ──────────────────
+ const generativeUISetting = getSetting('generative_ui_enabled');
+ const generativeUIEnabled = entryPoint === 'desktop' && generativeUISetting !== 'false';
+
+ if (generativeUIEnabled) {
+ try {
+ const { WIDGET_SYSTEM_PROMPT } = await import('@/lib/widget-guidelines');
+ finalSystemPrompt = (finalSystemPrompt || '') + '\n\n' + WIDGET_SYSTEM_PROMPT;
+ } catch {
+ // Widget prompt injection failed — don't block
+ }
+ }
+
+ // ── Widget MCP keyword detection (desktop only) ───────────────────
+ let needsWidgetMcp = false;
+ if (generativeUIEnabled) {
+ const widgetKeywords = /可视化|图表|流程图|时间线|架构图|对比|visualiz|diagram|chart|flowchart|timeline|infographic|interactive|widget|show-widget|hierarchy|dashboard/i;
+ if (widgetKeywords.test(userPrompt)) needsWidgetMcp = true;
+ else if (conversationHistory?.some(m => m.content.includes('show-widget'))) needsWidgetMcp = true;
+ else if (imageAgentMode) needsWidgetMcp = true;
+ }
+
+ console.log(`[context-assembler] total: ${Date.now() - t0}ms (entry=${entryPoint}, prompt=${finalSystemPrompt?.length ?? 0} chars)`);
+
+ return {
+ systemPrompt: finalSystemPrompt,
+ generativeUIEnabled,
+ needsWidgetMcp,
+ assistantProjectInstructions,
+ isAssistantProject,
+ };
+}
+
+// ── Instruction templates ────────────────────────────────────────────
+
+function buildOnboardingInstructions(): string {
+ return `
+You are now in the assistant workspace onboarding session. Your task is to interview the user to build their profile.
+
+Ask the following 13 questions ONE AT A TIME. Wait for the user's answer before asking the next question. Be conversational and friendly.
+
+1. How should I address you?
+2. What name should I use for myself?
+3. Do you prefer "concise and direct" or "detailed explanations"?
+4. Do you prefer "minimal interruptions" or "proactive suggestions"?
+5. What are your three hard boundaries?
+6. What are your three most important current goals?
+7. Do you prefer output as "lists", "reports", or "conversation summaries"?
+8. What information may be written to long-term memory?
+9. What information must never be written to long-term memory?
+10. What three things should I do first when entering a project?
+11. How do you organize your materials? (by project / time / topic / mixed)
+12. Where should new information go by default?
+13. How should completed tasks be archived?
+
+After the user answers the LAST question (Q13), you MUST immediately output the completion block below. Do NOT wait for the user to say anything else. Do NOT ask for confirmation. Just output the block right after your response to Q13.
+
+CRITICAL FORMATTING RULES for the completion block:
+- Each value must be a single line (replace any newlines with spaces)
+- Escape all double quotes inside values with backslash: \\"
+- Do NOT use single quotes for JSON keys or values
+- Do NOT add trailing commas
+- The JSON must be on a SINGLE line
+
+\`\`\`onboarding-complete
+{"q1":"answer1","q2":"answer2","q3":"answer3","q4":"answer4","q5":"answer5","q6":"answer6","q7":"answer7","q8":"answer8","q9":"answer9","q10":"answer10","q11":"answer11","q12":"answer12","q13":"answer13"}
+\`\`\`
+
+After outputting the completion block, tell the user that the setup is complete and the system is now initializing their workspace. Keep this message brief and friendly.
+
+Do NOT try to write files yourself. The system will automatically generate soul.md, user.md, claude.md, memory.md, config.json, and taxonomy.json from your collected answers.
+
+Start by greeting the user and asking the first question.
+`;
+}
+
+function buildCheckinInstructions(): string {
+ return `
+You are now in the assistant workspace daily check-in session. Ask the user these 3 questions ONE AT A TIME:
+
+1. What did you work on or accomplish today?
+2. Any changes to your current priorities or goals?
+3. Anything you'd like me to remember going forward?
+
+After collecting all 3 answers, output a summary in exactly this format:
+
+\`\`\`checkin-complete
+{"q1":"answer1","q2":"answer2","q3":"answer3"}
+\`\`\`
+
+Do NOT try to write files yourself. The system will automatically write a daily memory entry and update user.md from your collected answers.
+
+Start by greeting the user and asking the first question.
+`;
+}
diff --git a/src/lib/db.ts b/src/lib/db.ts
index 7329197b..f6d83b58 100644
--- a/src/lib/db.ts
+++ b/src/lib/db.ts
@@ -711,6 +711,33 @@ function migrateDb(db: Database.Database): void {
UNIQUE(channel_type, account_id)
);
`);
+
+ // WeChat: bot accounts for multi-account support
+ db.exec(`
+ CREATE TABLE IF NOT EXISTS weixin_accounts (
+ account_id TEXT PRIMARY KEY,
+ user_id TEXT NOT NULL DEFAULT '',
+ base_url TEXT NOT NULL DEFAULT '',
+ cdn_base_url TEXT NOT NULL DEFAULT '',
+ token TEXT NOT NULL DEFAULT '',
+ name TEXT NOT NULL DEFAULT '',
+ enabled INTEGER NOT NULL DEFAULT 1,
+ last_login_at TEXT,
+ created_at TEXT NOT NULL DEFAULT (datetime('now')),
+ updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+ );
+ `);
+
+ // WeChat: per-peer context token persistence
+ db.exec(`
+ CREATE TABLE IF NOT EXISTS weixin_context_tokens (
+ account_id TEXT NOT NULL,
+ peer_user_id TEXT NOT NULL,
+ context_token TEXT NOT NULL,
+ updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+ PRIMARY KEY(account_id, peer_user_id)
+ );
+ `);
}
// ==========================================
@@ -804,17 +831,29 @@ export function updateSessionProviderId(id: string, providerId: string): void {
}
export function getDefaultProviderId(): string | undefined {
+ // Primary source: derived from global default model's provider
+ const globalProvider = getSetting('global_default_model_provider');
+ if (globalProvider) return globalProvider;
+ // Legacy fallback: old default_provider_id setting (for migration)
return getSetting('default_provider_id') || undefined;
}
export function setDefaultProviderId(id: string): void {
+ // Write legacy setting
setSetting('default_provider_id', id);
+ // Also write the primary key so getDefaultProviderId() sees the change.
+ // Clear global_default_model at the same time — the old model belonged to
+ // the previous provider and is no longer valid. The UI will fall back to
+ // the provider's first model until the user picks a new default.
+ setSetting('global_default_model_provider', id);
+ setSetting('global_default_model', '');
}
export function updateSessionWorkingDirectory(id: string, workingDirectory: string): void {
const db = getDb();
const projectName = path.basename(workingDirectory);
- db.prepare('UPDATE chat_sessions SET working_directory = ?, project_name = ? WHERE id = ?').run(workingDirectory, projectName, id);
+ // Sync sdk_cwd + clear sdk_session_id — old session context is invalid
+ db.prepare('UPDATE chat_sessions SET working_directory = ?, sdk_cwd = ?, project_name = ?, sdk_session_id = ? WHERE id = ?').run(workingDirectory, workingDirectory, projectName, '', id);
}
export function updateSessionMode(id: string, mode: string): void {
@@ -1157,10 +1196,21 @@ export function deleteProvider(id: string): boolean {
* For DB providers, reads from options_json column.
*/
export function getProviderOptions(providerId: string): import('@/types').ProviderOptions {
+ if (providerId === '__global__') {
+ const defaultModel = getSetting('global_default_model') || undefined;
+ const defaultModelProvider = getSetting('global_default_model_provider') || undefined;
+ return {
+ ...(defaultModel ? { default_model: defaultModel } : {}),
+ ...(defaultModelProvider ? { default_model_provider: defaultModelProvider } : {}),
+ };
+ }
if (providerId === 'env') {
const thinkingMode = getSetting('thinking_mode') || 'adaptive';
const context1m = getSetting('context_1m') === 'true';
- return { thinking_mode: thinkingMode as 'adaptive' | 'enabled' | 'disabled', context_1m: context1m };
+ return {
+ thinking_mode: thinkingMode as 'adaptive' | 'enabled' | 'disabled',
+ context_1m: context1m,
+ };
}
const provider = getProvider(providerId);
if (!provider) return {};
@@ -1174,6 +1224,15 @@ export function getProviderOptions(providerId: string): import('@/types').Provid
* For DB providers, writes to options_json column.
*/
export function setProviderOptions(providerId: string, options: import('@/types').ProviderOptions): void {
+ if (providerId === '__global__') {
+ if (options.default_model !== undefined) setSetting('global_default_model', options.default_model);
+ if (options.default_model_provider !== undefined) setSetting('global_default_model_provider', options.default_model_provider);
+ // Sync legacy default_provider_id so backend consumers (doctor, repair, etc.) stay consistent
+ if ((options as Record).legacy_default_provider_id !== undefined) {
+ setSetting('default_provider_id', (options as Record).legacy_default_provider_id as string);
+ }
+ return;
+ }
if (providerId === 'env') {
if (options.thinking_mode !== undefined) setSetting('thinking_mode', options.thinking_mode);
if (options.context_1m !== undefined) setSetting('context_1m', options.context_1m ? 'true' : '');
@@ -2094,6 +2153,112 @@ export function markPermissionLinkResolved(permissionRequestId: string): boolean
return result.changes > 0;
}
+// ==========================================
+// WeChat Account Operations
+// ==========================================
+
+export interface WeixinAccountRow {
+ account_id: string;
+ user_id: string;
+ base_url: string;
+ cdn_base_url: string;
+ token: string;
+ name: string;
+ enabled: number;
+ last_login_at: string | null;
+ created_at: string;
+ updated_at: string;
+}
+
+export function listWeixinAccounts(): WeixinAccountRow[] {
+ const db = getDb();
+ return db.prepare('SELECT * FROM weixin_accounts ORDER BY created_at DESC').all() as WeixinAccountRow[];
+}
+
+export function getWeixinAccount(accountId: string): WeixinAccountRow | undefined {
+ const db = getDb();
+ return db.prepare('SELECT * FROM weixin_accounts WHERE account_id = ?').get(accountId) as WeixinAccountRow | undefined;
+}
+
+export function upsertWeixinAccount(params: {
+ accountId: string;
+ userId?: string;
+ baseUrl?: string;
+ cdnBaseUrl?: string;
+ token?: string;
+ name?: string;
+ enabled?: boolean;
+}): void {
+ const db = getDb();
+ const now = new Date().toISOString().replace('T', ' ').split('.')[0];
+ db.prepare(`
+ INSERT INTO weixin_accounts (account_id, user_id, base_url, cdn_base_url, token, name, enabled, last_login_at, created_at, updated_at)
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+ ON CONFLICT(account_id) DO UPDATE SET
+ user_id = COALESCE(excluded.user_id, weixin_accounts.user_id),
+ base_url = COALESCE(excluded.base_url, weixin_accounts.base_url),
+ cdn_base_url = COALESCE(excluded.cdn_base_url, weixin_accounts.cdn_base_url),
+ token = COALESCE(excluded.token, weixin_accounts.token),
+ name = COALESCE(excluded.name, weixin_accounts.name),
+ enabled = excluded.enabled,
+ last_login_at = excluded.last_login_at,
+ updated_at = excluded.updated_at
+ `).run(
+ params.accountId,
+ params.userId || '',
+ params.baseUrl || '',
+ params.cdnBaseUrl || '',
+ params.token || '',
+ params.name || '',
+ params.enabled !== false ? 1 : 0,
+ now,
+ now,
+ now,
+ );
+}
+
+export function deleteWeixinAccount(accountId: string): boolean {
+ const db = getDb();
+ // Also clean up context tokens and offsets
+ db.prepare('DELETE FROM weixin_context_tokens WHERE account_id = ?').run(accountId);
+ db.prepare('DELETE FROM channel_offsets WHERE channel_type = ?').run(`weixin:${accountId}`);
+ const result = db.prepare('DELETE FROM weixin_accounts WHERE account_id = ?').run(accountId);
+ return result.changes > 0;
+}
+
+export function setWeixinAccountEnabled(accountId: string, enabled: boolean): void {
+ const db = getDb();
+ const now = new Date().toISOString().replace('T', ' ').split('.')[0];
+ db.prepare(
+ 'UPDATE weixin_accounts SET enabled = ?, updated_at = ? WHERE account_id = ?'
+ ).run(enabled ? 1 : 0, now, accountId);
+}
+
+export function getWeixinContextToken(accountId: string, peerUserId: string): string | undefined {
+ const db = getDb();
+ const row = db.prepare(
+ 'SELECT context_token FROM weixin_context_tokens WHERE account_id = ? AND peer_user_id = ?'
+ ).get(accountId, peerUserId) as { context_token: string } | undefined;
+ return row?.context_token;
+}
+
+export function upsertWeixinContextToken(accountId: string, peerUserId: string, contextToken: string): void {
+ const db = getDb();
+ const now = new Date().toISOString().replace('T', ' ').split('.')[0];
+ db.prepare(`
+ INSERT INTO weixin_context_tokens (account_id, peer_user_id, context_token, updated_at)
+ VALUES (?, ?, ?, ?)
+ ON CONFLICT(account_id, peer_user_id) DO UPDATE SET
+ context_token = excluded.context_token,
+ updated_at = excluded.updated_at
+ `).run(accountId, peerUserId, contextToken, now);
+}
+
+export function deleteWeixinContextTokensByAccount(accountId: string): void {
+ const db = getDb();
+ db.prepare('DELETE FROM weixin_context_tokens WHERE account_id = ?').run(accountId);
+}
+
// ==========================================
// Graceful Shutdown
// ==========================================
diff --git a/src/lib/error-classifier.ts b/src/lib/error-classifier.ts
index 89bb5879..c2e4e50a 100644
--- a/src/lib/error-classifier.ts
+++ b/src/lib/error-classifier.ts
@@ -23,6 +23,7 @@ export type ClaudeErrorCategory =
| 'CLI_INSTALL_CONFLICT'
| 'MISSING_GIT_BASH'
| 'RESUME_FAILED'
+ | 'SESSION_STATE_ERROR'
| 'PROVIDER_NOT_APPLIED'
| 'PROCESS_CRASH'
| 'UNKNOWN';
@@ -201,14 +202,47 @@ const ERROR_PATTERNS: ErrorPattern[] = [
},
// ── Resume failed ──
+ // Must be before PROCESS_CRASH so session-related crashes don't get
+ // misclassified as provider configuration problems.
{
category: 'RESUME_FAILED',
- patterns: ['resume failed', 'session not found', 'invalid session', 'session expired'],
+ patterns: [
+ 'resume failed',
+ 'session not found',
+ 'invalid session',
+ 'session expired',
+ 'could not resume',
+ 'failed to resume',
+ 'resume_failed',
+ 'conversation not found',
+ /session\s+id\s+.*\s*(invalid|expired|not found|missing)/,
+ ],
userMessage: () => 'Failed to resume previous conversation.',
actionHint: () => 'The conversation will start fresh automatically. No action needed.',
retryable: false,
},
+ // ── Session state error ──
+ // Catches stale/corrupt session state that causes CLI crashes.
+ // Must be before PROCESS_CRASH to prevent misclassification as provider issues.
+ {
+ category: 'SESSION_STATE_ERROR',
+ patterns: [
+ 'stale session',
+ 'stale sdk_session',
+ 'session state',
+ 'session_state',
+ 'corrupt session',
+ 'session mismatch',
+ 'session context',
+ /sdk_session_id.*(?:invalid|stale|expired|corrupt|mismatch)/,
+ /(?:invalid|stale|expired|corrupt)\s*(?:session|sdk_session)/,
+ ],
+ userMessage: () => 'Session state is invalid or corrupted.',
+ actionHint: () => 'The stored session state has become stale. Please start a new conversation, or retry — the session will be automatically reset.',
+ retryable: true,
+ },
+
// ── Process crash (exit code) ──
{
category: 'PROCESS_CRASH',
@@ -228,6 +262,14 @@ const ERROR_PATTERNS: ErrorPattern[] = [
},
];
+// ── Session-related keywords for PROCESS_CRASH refinement ────
+// When a process crash stderr contains these keywords, the error is likely
+// a session state issue rather than a provider configuration problem.
+const SESSION_RELATED_KEYWORDS = [
+ 'resume', 'session', 'sdk_session', 'conversation_id',
+ 'stale', 'corrupt', 'session_id',
+];
+
// ── Classifier ──────────────────────────────────────────────────
/**
@@ -260,6 +302,25 @@ export function classifyError(ctx: ErrorContext): ClassifiedError {
});
if (matched) {
+ // Refinement: if matched as PROCESS_CRASH but stderr contains
+ // session-related keywords, reclassify as SESSION_STATE_ERROR
+ // to avoid misleading "check API Key / Base URL" prompts.
+ if (pattern.category === 'PROCESS_CRASH') {
+ const hasSessionKeywords = SESSION_RELATED_KEYWORDS.some(kw =>
+ searchText.includes(kw),
+ );
+ if (hasSessionKeywords) {
+ return {
+ category: 'SESSION_STATE_ERROR',
+ userMessage: 'Session state is invalid or corrupted.',
+ actionHint: 'The stored session state has become stale. Please start a new conversation, or retry — the session will be automatically reset.',
+ rawMessage,
+ providerName: ctx.providerName,
+ details: extraDetail || undefined,
+ retryable: true,
+ };
+ }
+ }
return buildResult(pattern, ctx, rawMessage, extraDetail);
}
}
diff --git a/src/lib/mcp-loader.ts b/src/lib/mcp-loader.ts
new file mode 100644
index 00000000..b3b2360b
--- /dev/null
+++ b/src/lib/mcp-loader.ts
@@ -0,0 +1,136 @@
+/**
+ * MCP Server Loader — shared module for loading MCP server configurations.
+ *
+ * The SDK auto-loads MCP servers from settingSources (['user', 'project', 'local']).
+ * We only manually pass servers that need CodePilot-specific processing:
+ * ${...} env placeholder resolution from the CodePilot DB.
+ *
+ * This eliminates redundant config passing and reduces initialization overhead.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import type { MCPServerConfig } from '@/types';
+import { getSetting } from '@/lib/db';
+
+// ── Cache ────────────────────────────────────────────────────────────
+
+interface CachedMcpConfig {
+ allServers: Record;
+ codepilotServers: Record; // Only servers with resolved ${...} placeholders
+ timestamp: number;
+}
+
+const CACHE_TTL_MS = 30_000; // 30 seconds
+let _cache: CachedMcpConfig | null = null;
+
+/** Invalidate the cache (e.g., after adding/removing a server via UI). */
+export function invalidateMcpCache(): void {
+ _cache = null;
+}
+
+// ── Internal helpers ─────────────────────────────────────────────────
+
+function readJson(p: string): Record {
+ if (!fs.existsSync(p)) return {};
+ try { return JSON.parse(fs.readFileSync(p, 'utf-8')); } catch { return {}; }
+}
+
+function loadAndMerge(): CachedMcpConfig {
+ // Check cache
+ if (_cache && Date.now() - _cache.timestamp < CACHE_TTL_MS) {
+ return _cache;
+ }
+
+ const userConfig = readJson(path.join(os.homedir(), '.claude.json'));
+ const settings = readJson(path.join(os.homedir(), '.claude', 'settings.json'));
+ const projectMcp = readJson(path.join(process.cwd(), '.mcp.json'));
+
+ const merged: Record = {
+ ...((userConfig.mcpServers || {}) as Record),
+ ...((settings.mcpServers || {}) as Record),
+ ...((projectMcp.mcpServers || {}) as Record),
+ };
+
+ // Apply persistent enabled overrides for project-level servers
+ const settingsOverrides = (settings.mcpServerOverrides || {}) as Record;
+ for (const [name, override] of Object.entries(settingsOverrides)) {
+ if (merged[name] && override.enabled !== undefined) {
+ merged[name] = { ...merged[name], enabled: override.enabled };
+ }
+ }
+
+ // Resolve ${...} placeholders and track which servers needed resolution
+ const codepilotServers: Record = {};
+
+ for (const [name, server] of Object.entries(merged)) {
+ if (server.env) {
+ let hasPlaceholder = false;
+ for (const [key, value] of Object.entries(server.env)) {
+ if (typeof value === 'string' && value.startsWith('${') && value.endsWith('}')) {
+ hasPlaceholder = true;
+ const settingKey = value.slice(2, -1);
+ const resolved = getSetting(settingKey);
+ server.env[key] = resolved || '';
+ }
+ }
+ // Only include in codepilotServers if it had placeholders
+ if (hasPlaceholder && server.enabled !== false) {
+ codepilotServers[name] = server;
+ }
+ }
+ }
+
+ // Filter out persistently disabled servers from allServers
+ for (const [name, server] of Object.entries(merged)) {
+ if (server.enabled === false) {
+ delete merged[name];
+ }
+ }
+
+ _cache = {
+ allServers: merged,
+ codepilotServers,
+ timestamp: Date.now(),
+ };
+
+ return _cache;
+}
+
+// ── Public API ───────────────────────────────────────────────────────
+
+/**
+ * Load MCP servers that need CodePilot-specific processing.
+ *
+ * Returns only servers with ${...} env placeholders that were resolved
+ * against the CodePilot DB. Returns undefined when no such servers exist
+ * (the common case), letting the SDK load everything natively.
+ *
+ * Used by: route.ts, conversation-engine.ts — passed to streamClaude().
+ */
+export function loadCodePilotMcpServers(): Record | undefined {
+ try {
+ const { codepilotServers } = loadAndMerge();
+ return Object.keys(codepilotServers).length > 0 ? codepilotServers : undefined;
+ } catch {
+ return undefined;
+ }
+}
+
+/**
+ * Load ALL MCP servers (for UI display in MCP Manager).
+ *
+ * Returns the full merged config from all sources with overrides applied.
+ * NOT intended for passing to the SDK — use loadCodePilotMcpServers() instead.
+ *
+ * Used by: MCP Manager UI, diagnostics.
+ */
+export function loadAllMcpServers(): Record | undefined {
+ try {
+ const { allServers } = loadAndMerge();
+ return Object.keys(allServers).length > 0 ? allServers : undefined;
+ } catch {
+ return undefined;
+ }
+}
diff --git a/src/lib/onboarding-processor.ts b/src/lib/onboarding-processor.ts
index 5dfb81c2..400fb1f1 100644
--- a/src/lib/onboarding-processor.ts
+++ b/src/lib/onboarding-processor.ts
@@ -171,6 +171,6 @@ Keep it under 2000 characters. Use markdown headers and bullet points.\n\n${qaTe
const state = loadState(workspacePath);
state.onboardingComplete = true;
state.lastCheckInDate = today;
- state.schemaVersion = 3;
+ state.schemaVersion = 4;
saveState(workspacePath, state);
}
diff --git a/src/lib/platform.ts b/src/lib/platform.ts
index b3e90126..7f2b8762 100644
--- a/src/lib/platform.ts
+++ b/src/lib/platform.ts
@@ -9,6 +9,13 @@ const execFileAsync = promisify(execFile);
export const isWindows = process.platform === 'win32';
export const isMac = process.platform === 'darwin';
+export interface RuntimeArchitectureInfo {
+ platform: NodeJS.Platform;
+ processArch: string;
+ hostArch: string;
+ runningUnderRosetta: boolean;
+}
+
/**
* Whether the given binary path requires shell execution.
* On Windows, .cmd/.bat files cannot be executed directly by execFileSync.
@@ -17,6 +24,40 @@ function needsShell(binPath: string): boolean {
return isWindows && /\.(cmd|bat)$/i.test(binPath);
}
+function readSysctlValue(name: string): string | null {
+ try {
+ return execFileSync('/usr/sbin/sysctl', ['-in', name], {
+ encoding: 'utf-8',
+ timeout: 1000,
+ stdio: ['ignore', 'pipe', 'ignore'],
+ }).trim();
+ } catch {
+ return null;
+ }
+}
+
+export function getRuntimeArchitectureInfo(): RuntimeArchitectureInfo {
+ const processArch = process.arch;
+ let hostArch = processArch;
+ let runningUnderRosetta = false;
+
+ if (isMac) {
+ const armCapable = readSysctlValue('hw.optional.arm64');
+ if (armCapable === '1') {
+ hostArch = 'arm64';
+ }
+
+ runningUnderRosetta = readSysctlValue('sysctl.proc_translated') === '1';
+ }
+
+ return {
+ platform: process.platform,
+ processArch,
+ hostArch,
+ runningUnderRosetta,
+ };
+}
+
/**
* Extra PATH directories to search for Claude CLI and other tools.
*/
diff --git a/src/lib/provider-catalog.ts b/src/lib/provider-catalog.ts
index e8d97fa0..236ff332 100644
--- a/src/lib/provider-catalog.ts
+++ b/src/lib/provider-catalog.ts
@@ -251,19 +251,21 @@ export const VENDOR_PRESETS: VendorPreset[] = [
descriptionZh: 'MiniMax 编程套餐 — 中国区',
protocol: 'anthropic',
authStyle: 'auth_token',
- baseUrl: 'https://api.minimaxi.com/anthropic/v1',
+ baseUrl: 'https://api.minimaxi.com/anthropic',
defaultEnvOverrides: {
API_TIMEOUT_MS: '3000000',
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
ANTHROPIC_AUTH_TOKEN: '',
- ANTHROPIC_MODEL: 'MiniMax-M2.5',
- ANTHROPIC_DEFAULT_SONNET_MODEL: 'MiniMax-M2.5',
- ANTHROPIC_DEFAULT_OPUS_MODEL: 'MiniMax-M2.5',
- ANTHROPIC_DEFAULT_HAIKU_MODEL: 'MiniMax-M2.5',
},
defaultModels: [
- { modelId: 'sonnet', displayName: 'MiniMax-M2.5', role: 'default' },
+ { modelId: 'sonnet', upstreamModelId: 'MiniMax-M2.7', displayName: 'MiniMax-M2.7', role: 'default' },
],
+ defaultRoleModels: {
+ default: 'MiniMax-M2.7',
+ sonnet: 'MiniMax-M2.7',
+ opus: 'MiniMax-M2.7',
+ haiku: 'MiniMax-M2.7',
+ },
fields: ['api_key'],
iconKey: 'minimax',
sdkProxyOnly: true,
@@ -282,14 +284,16 @@ export const VENDOR_PRESETS: VendorPreset[] = [
API_TIMEOUT_MS: '3000000',
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
ANTHROPIC_AUTH_TOKEN: '',
- ANTHROPIC_MODEL: 'MiniMax-M2.5',
- ANTHROPIC_DEFAULT_SONNET_MODEL: 'MiniMax-M2.5',
- ANTHROPIC_DEFAULT_OPUS_MODEL: 'MiniMax-M2.5',
- ANTHROPIC_DEFAULT_HAIKU_MODEL: 'MiniMax-M2.5',
},
defaultModels: [
- { modelId: 'sonnet', displayName: 'MiniMax-M2.5', role: 'default' },
+ { modelId: 'sonnet', upstreamModelId: 'MiniMax-M2.7', displayName: 'MiniMax-M2.7', role: 'default' },
],
+ defaultRoleModels: {
+ default: 'MiniMax-M2.7',
+ sonnet: 'MiniMax-M2.7',
+ opus: 'MiniMax-M2.7',
+ haiku: 'MiniMax-M2.7',
+ },
fields: ['api_key'],
iconKey: 'minimax',
sdkProxyOnly: true,
@@ -311,6 +315,32 @@ export const VENDOR_PRESETS: VendorPreset[] = [
sdkProxyOnly: true,
},
+ // ── Xiaomi MiMo ──
+ {
+ key: 'xiaomi-mimo',
+ name: 'Xiaomi MiMo',
+ description: 'Xiaomi MiMo Coding Plan — MiMo-V2-Pro',
+ descriptionZh: '小米 MiMo 编程套餐 — MiMo-V2-Pro',
+ protocol: 'anthropic',
+ authStyle: 'auth_token',
+ baseUrl: 'https://api.xiaomimimo.com/anthropic',
+ defaultEnvOverrides: {
+ ANTHROPIC_AUTH_TOKEN: '',
+ },
+ defaultModels: [
+ { modelId: 'sonnet', upstreamModelId: 'mimo-v2-pro', displayName: 'MiMo-V2-Pro', role: 'default' },
+ ],
+ defaultRoleModels: {
+ default: 'mimo-v2-pro',
+ sonnet: 'mimo-v2-pro',
+ opus: 'mimo-v2-pro',
+ haiku: 'mimo-v2-pro',
+ },
+ fields: ['api_key'],
+ iconKey: 'xiaomi-mimo',
+ sdkProxyOnly: true,
+ },
+
// ── Aliyun Bailian ──
{
key: 'bailian',
@@ -460,6 +490,7 @@ export function inferProtocolFromLegacy(
'minimaxi.com', 'minimax.io', // MiniMax
'volces.com', 'volcengine.com', // Volcengine
'dashscope.aliyuncs.com', // Bailian
+ 'xiaomimimo.com', // Xiaomi MiMo
];
const urlLower = baseUrl.toLowerCase();
if (anthropicUrls.some(u => urlLower.includes(u))) {
@@ -497,8 +528,11 @@ export function inferAuthStyleFromLegacy(
/**
* Find a matching vendor preset for a legacy provider.
* Matches by base_url first, then by provider_type.
+ * When `protocol` is provided, fuzzy (hostname) matching is restricted to
+ * presets with the same protocol to avoid misclassifying cross-protocol
+ * providers that share the same host (e.g. dashscope OpenAI-compatible vs Bailian Anthropic).
*/
-export function findPresetForLegacy(baseUrl: string, providerType: string): VendorPreset | undefined {
+export function findPresetForLegacy(baseUrl: string, providerType: string, protocol?: Protocol): VendorPreset | undefined {
// Exact base_url match (most specific)
if (baseUrl) {
const match = VENDOR_PRESETS.find(p => p.baseUrl === baseUrl);
@@ -509,6 +543,7 @@ export function findPresetForLegacy(baseUrl: string, providerType: string): Vend
const urlLower = baseUrl.toLowerCase();
const fuzzy = VENDOR_PRESETS.find(p => {
if (!p.baseUrl) return false;
+ if (protocol && p.protocol !== protocol) return false;
try {
const presetHost = new URL(p.baseUrl).hostname;
return urlLower.includes(presetHost);
@@ -538,7 +573,7 @@ export function getDefaultModelsForProvider(
protocol: Protocol,
baseUrl: string,
): CatalogModel[] {
- // Try to find a preset by base_url
+ // Try to find a preset by exact base_url
const preset = VENDOR_PRESETS.find(p => p.baseUrl && p.baseUrl === baseUrl);
if (preset) {
// Preset matched — return its models even if empty (e.g. Volcengine
@@ -546,6 +581,22 @@ export function getDefaultModelsForProvider(
return preset.defaultModels;
}
+ // Fuzzy match: legacy providers may have old URLs (e.g. minimaxi.com/anthropic/v1
+ // before the /v1 suffix was removed). Match by domain substring against presets,
+ // but only when the protocol matches to avoid misclassifying custom OpenAI-compatible
+ // providers that share the same host (e.g. dashscope.aliyuncs.com/compatible-mode/v1).
+ if (baseUrl) {
+ const urlLower = baseUrl.toLowerCase();
+ const fuzzy = VENDOR_PRESETS.find(p => {
+ if (!p.baseUrl || p.protocol !== protocol) return false;
+ try {
+ const presetHost = new URL(p.baseUrl).hostname;
+ return urlLower.includes(presetHost);
+ } catch { return false; }
+ });
+ if (fuzzy) return fuzzy.defaultModels;
+ }
+
// Protocol-based defaults (only when no preset matched)
if (protocol === 'anthropic' || protocol === 'openrouter' || protocol === 'bedrock' || protocol === 'vertex') {
return ANTHROPIC_DEFAULT_MODELS;
diff --git a/src/lib/provider-doctor.ts b/src/lib/provider-doctor.ts
index b1619553..987600bc 100644
--- a/src/lib/provider-doctor.ts
+++ b/src/lib/provider-doctor.ts
@@ -11,8 +11,9 @@ import {
findAllClaudeBinaries,
isWindows,
findGitBash,
+ getExpandedPath,
} from '@/lib/platform';
-import { resolveProvider } from '@/lib/provider-resolver';
+import { resolveProvider, resolveForClaudeCode, toClaudeCodeEnv } from '@/lib/provider-resolver';
import {
getAllProviders,
getDefaultProviderId,
@@ -23,8 +24,15 @@ import {
import {
getDefaultModelsForProvider,
inferProtocolFromLegacy,
+ findPresetForLegacy,
type Protocol,
} from '@/lib/provider-catalog';
+import { classifyError, type ClassifiedError } from '@/lib/error-classifier';
+import { query } from '@anthropic-ai/claude-agent-sdk';
+import type { Options, SDKResultSuccess } from '@anthropic-ai/claude-agent-sdk';
+import os from 'os';
+import path from 'path';
+import fs from 'fs';
// ── Types ───────────────────────────────────────────────────────
@@ -371,6 +379,44 @@ async function runProviderProbe(): Promise {
detail: `Provider ID: ${p.id}. This provider's catalog has no default models. Add at least one model via role_models_json.default or provider model settings.`,
});
}
+
+ // Check A: Third-party Anthropic provider without explicit model
+ if (
+ protocol === 'anthropic' &&
+ p.base_url &&
+ p.base_url !== 'https://api.anthropic.com' &&
+ !hasRoleDefault &&
+ !hasEnvModel
+ ) {
+ // Check if a matched preset provides its own model names (not ANTHROPIC_DEFAULT_MODELS).
+ // If the preset has sdkProxyOnly or has its own models, the preset itself handles naming.
+ // But for generic anthropic-thirdparty or unmatched presets, warn.
+ const matchedPreset = findPresetForLegacy(p.base_url, p.provider_type, protocol as Protocol);
+ const presetHandlesModels = matchedPreset && (
+ matchedPreset.key === 'anthropic-official' ||
+ matchedPreset.defaultRoleModels?.default ||
+ matchedPreset.defaultEnvOverrides?.ANTHROPIC_MODEL
+ );
+ if (!presetHandlesModels) {
+ findings.push({
+ severity: 'warn',
+ code: 'provider.no-explicit-model',
+ message: `Provider "${p.name}" uses a third-party Anthropic endpoint but relies on default model names (sonnet/opus/haiku) which may not be supported. Set an explicit model name in provider settings.`,
+ detail: `Provider ID: ${p.id}. Base URL: ${p.base_url}. Third-party endpoints often use different model identifiers. Configure role_models_json.default or set ANTHROPIC_MODEL in env overrides.`,
+ });
+ }
+ }
+
+ // Check B: sdkProxyOnly provider warning
+ const matchedPreset = findPresetForLegacy(p.base_url, p.provider_type, protocol as Protocol);
+ if (matchedPreset?.sdkProxyOnly) {
+ findings.push({
+ severity: 'ok',
+ code: 'provider.sdk-proxy-only',
+ message: `Provider "${p.name}" uses an Anthropic-compatible proxy. Some Claude Code features (thinking, context1m, code mode) may not be fully supported.`,
+ detail: `Matched preset: ${matchedPreset.name}. This provider proxies requests through the Anthropic wire protocol but the upstream model may not support all features.`,
+ });
+ }
}
// Check resolve path
@@ -379,11 +425,20 @@ async function runProviderProbe(): Promise {
const label = resolved.provider
? `"${resolved.provider.name}" (${resolved.protocol})`
: 'environment variables';
+ const isEnvMode = !resolved.provider;
+ const isOfficialAnthropic = resolved.provider?.base_url === 'https://api.anthropic.com';
+ // Warn about missing model for non-env, non-official-Anthropic providers
+ const modelMissingSeverity: Severity =
+ !resolved.model && !isEnvMode && !isOfficialAnthropic ? 'warn' : 'ok';
findings.push({
- severity: 'ok',
+ severity: modelMissingSeverity,
code: 'provider.resolve-ok',
message: `Provider resolution path: ${label}`,
- detail: resolved.model ? `Model: ${resolved.model}` : 'No model selected',
+ detail: resolved.model
+ ? `Model: ${resolved.model}`
+ : isEnvMode || isOfficialAnthropic
+ ? 'No model selected (will use provider defaults)'
+ : 'No model selected — third-party providers may require an explicit model name',
});
} catch (err) {
findings.push({
@@ -576,6 +631,232 @@ async function runNetworkProbe(): Promise {
};
}
+// ── Live Probe ──────────────────────────────────────────────────
+
+/** Last classified error from the live probe, exposed for the export route. */
+let lastLiveProbeError: ClassifiedError | null = null;
+
+export function getLastLiveProbeError(): ClassifiedError | null {
+ return lastLiveProbeError;
+}
+
+/** Cached last diagnosis result so export doesn't re-run (especially the live probe). */
+let lastDiagnosisResult: DiagnosisResult | null = null;
+
+export function getLastDiagnosisResult(): DiagnosisResult | null {
+ return lastDiagnosisResult;
+}
+
+export function setLastDiagnosisResult(result: DiagnosisResult): void {
+ lastDiagnosisResult = result;
+}
+
+/**
+ * Sanitize env values: strip control chars and drop non-string values.
+ */
+function sanitizeEnvForProbe(env: Record): Record {
+ const clean: Record = {};
+ for (const [key, value] of Object.entries(env)) {
+ if (typeof value === 'string') {
+ clean[key] = value.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '');
+ }
+ }
+ return clean;
+}
+
+/**
+ * On Windows, resolve .cmd wrapper to the underlying .js script.
+ */
+function resolveScriptFromCmd(cmdPath: string): string | undefined {
+ try {
+ const content = fs.readFileSync(cmdPath, 'utf-8');
+ const cmdDir = path.dirname(cmdPath);
+ const patterns = [
+ /"%~dp0\\([^"]*claude[^"]*\.js)"/i,
+ /%~dp0\\(\S*claude\S*\.js)/i,
+ /"%dp0%\\([^"]*claude[^"]*\.js)"/i,
+ ];
+ for (const re of patterns) {
+ const m = content.match(re);
+ if (m) {
+ const resolved = path.normalize(path.join(cmdDir, m[1]));
+ if (fs.existsSync(resolved)) return resolved;
+ }
+ }
+ } catch {
+ // ignore read errors
+ }
+ return undefined;
+}
+
+/**
+ * Live probe — spawns a minimal Claude Code process to verify the
+ * provider actually works at runtime, not just in config.
+ */
+async function runLiveProbe(): Promise {
+ const findings: Finding[] = [];
+ const start = Date.now();
+ lastLiveProbeError = null;
+
+ // 1. Resolve the current provider
+ let resolved;
+ try {
+ resolved = resolveForClaudeCode();
+ } catch (err) {
+ findings.push({
+ severity: 'warn',
+ code: 'live.resolve-failed',
+ message: 'Live probe skipped — could not resolve provider',
+ detail: err instanceof Error ? err.message : String(err),
+ });
+ return { probe: 'live', severity: probeSeverity(findings), findings, durationMs: Date.now() - start };
+ }
+
+ // 2. Skip if no credentials
+ if (!resolved.hasCredentials) {
+ findings.push({
+ severity: 'ok',
+ code: 'live.skipped',
+ message: 'Live probe skipped — no credentials configured',
+ });
+ return { probe: 'live', severity: probeSeverity(findings), findings, durationMs: Date.now() - start };
+ }
+
+ // 3. Skip if no CLI binary
+ const claudePath = findClaudeBinary();
+ if (!claudePath) {
+ findings.push({
+ severity: 'warn',
+ code: 'live.no-cli',
+ message: 'Live probe skipped — Claude CLI binary not found',
+ });
+ return { probe: 'live', severity: probeSeverity(findings), findings, durationMs: Date.now() - start };
+ }
+
+ // 4. Build env
+ const sdkEnv: Record = { ...process.env as Record };
+ if (!sdkEnv.HOME) sdkEnv.HOME = os.homedir();
+ if (!sdkEnv.USERPROFILE) sdkEnv.USERPROFILE = os.homedir();
+ sdkEnv.PATH = getExpandedPath();
+ delete sdkEnv.CLAUDECODE;
+
+ if (process.platform === 'win32' && !process.env.CLAUDE_CODE_GIT_BASH_PATH) {
+ const gitBashPath = findGitBash();
+ if (gitBashPath) sdkEnv.CLAUDE_CODE_GIT_BASH_PATH = gitBashPath;
+ }
+
+ const resolvedEnv = toClaudeCodeEnv(sdkEnv, resolved);
+ Object.assign(sdkEnv, resolvedEnv);
+
+ // 5. Build query options
+ const LIVE_PROBE_TIMEOUT = 15_000;
+ const abortController = new AbortController();
+ const timeoutId = setTimeout(() => abortController.abort(), LIVE_PROBE_TIMEOUT);
+
+ // Capture stderr (last 500 chars)
+ let stderrBuf = '';
+ const stderrCallback = (data: string) => {
+ stderrBuf += data;
+ if (stderrBuf.length > 500) {
+ stderrBuf = stderrBuf.slice(-500);
+ }
+ };
+
+ const queryOptions: Options = {
+ cwd: os.tmpdir(),
+ abortController,
+ permissionMode: 'default',
+ env: sanitizeEnvForProbe(sdkEnv),
+ maxTurns: 1,
+ stderr: stderrCallback,
+ };
+
+ // Resolve executable path (handle Windows .cmd wrappers)
+ const ext = path.extname(claudePath).toLowerCase();
+ if (ext === '.cmd' || ext === '.bat') {
+ const scriptPath = resolveScriptFromCmd(claudePath);
+ if (scriptPath) queryOptions.pathToClaudeCodeExecutable = scriptPath;
+ } else {
+ queryOptions.pathToClaudeCodeExecutable = claudePath;
+ }
+
+ // 6. Run the probe
+ try {
+ const conversation = query({
+ prompt: 'Say OK',
+ options: queryOptions,
+ });
+
+ let gotResult = false;
+ for await (const msg of conversation) {
+ if (msg.type === 'result' && 'result' in msg) {
+ const result = (msg as SDKResultSuccess).result || '';
+ gotResult = !!result;
+ }
+ }
+
+ clearTimeout(timeoutId);
+
+ if (gotResult) {
+ findings.push({
+ severity: 'ok',
+ code: 'live.passed',
+ message: 'Live test passed — model responded',
+ detail: resolved.provider
+ ? `Provider: "${resolved.provider.name}" (${resolved.protocol})`
+ : `Environment mode (${resolved.protocol})`,
+ });
+ } else {
+ findings.push({
+ severity: 'warn',
+ code: 'live.empty-response',
+ message: 'Live test completed but model returned empty response',
+ detail: stderrBuf ? `stderr: ${stderrBuf}` : undefined,
+ });
+ }
+ } catch (err) {
+ clearTimeout(timeoutId);
+
+ // Check if it was our timeout
+ const wasTimeout = abortController.signal.aborted;
+
+ if (wasTimeout) {
+ findings.push({
+ severity: 'warn',
+ code: 'live.timeout',
+ message: `Live probe timed out after ${LIVE_PROBE_TIMEOUT / 1000}s`,
+ detail: stderrBuf ? `stderr: ${stderrBuf}` : 'The provider may be slow or unresponsive',
+ });
+ } else {
+ // Classify the error
+ const classified = classifyError({
+ error: err,
+ stderr: stderrBuf,
+ providerName: resolved.provider?.name,
+ baseUrl: resolved.provider?.base_url,
+ });
+ lastLiveProbeError = classified;
+
+ findings.push({
+ severity: 'error',
+ code: 'live.failed',
+ message: `Live test failed — ${classified.category}: ${classified.userMessage}`,
+ detail: [
+ classified.actionHint,
+ stderrBuf ? `stderr: ${stderrBuf}` : '',
+ ].filter(Boolean).join('\n'),
+ });
+ }
+ }
+
+ return {
+ probe: 'live',
+ severity: probeSeverity(findings),
+ findings,
+ durationMs: Date.now() - start,
+ };
+}
+
// ── Repair Actions ──────────────────────────────────────────────
const REPAIR_ACTIONS: RepairAction[] = [
@@ -703,6 +984,13 @@ function attachRepairsToFindings(probes: ProbeResult[]): void {
/**
* Run all diagnostic probes and return a unified diagnosis.
*/
+/**
+ * Run all diagnostic probes and return a unified diagnosis.
+ *
+ * The live probe (real CLI spawn) is run separately and NOT included by
+ * default because it takes up to 15s and would block the Doctor UI.
+ * Call runDiagnosisWithLiveProbe() or runLiveProbe() separately if needed.
+ */
export async function runDiagnosis(): Promise {
const start = Date.now();
@@ -720,15 +1008,22 @@ export async function runDiagnosis(): Promise {
}
const repairs = computeRepairs(probes);
-
- // Attach repair actions to individual findings for frontend rendering
attachRepairsToFindings(probes);
- return {
+ const result: DiagnosisResult = {
overallSeverity,
probes,
repairs,
timestamp: new Date().toISOString(),
durationMs: Date.now() - start,
};
+
+ lastDiagnosisResult = result;
+ return result;
}
+
+/**
+ * Run the live probe separately. Returns the probe result which can be
+ * appended to an existing diagnosis. Does NOT re-run the other probes.
+ */
+export { runLiveProbe };
diff --git a/src/lib/provider-resolver.ts b/src/lib/provider-resolver.ts
index f8da6e9e..1511e89d 100644
--- a/src/lib/provider-resolver.ts
+++ b/src/lib/provider-resolver.ts
@@ -23,6 +23,7 @@ import {
getActiveProvider,
getSetting,
getModelsForProvider,
+ getProviderOptions,
} from './db';
// ── Resolution result ───────────────────────────────────────────
@@ -461,7 +462,13 @@ function buildResolution(
process.env.ANTHROPIC_AUTH_TOKEN ||
getSetting('anthropic_auth_token')
);
- const model = opts.model || opts.sessionModel || getSetting('default_model') || undefined;
+ // Read user-configured global default model — only use it if it's an env-provider model
+ const globalDefaultModel = getSetting('global_default_model') || undefined;
+ const globalDefaultProvider = getSetting('global_default_model_provider') || undefined;
+ // Only apply global default when it belongs to the env provider (or no provider is specified)
+ const applicableGlobalDefault = (globalDefaultModel && (!globalDefaultProvider || globalDefaultProvider === 'env'))
+ ? globalDefaultModel : undefined;
+ const model = opts.model || opts.sessionModel || applicableGlobalDefault || getSetting('default_model') || undefined;
// Env mode uses short aliases (sonnet/opus/haiku) in the UI.
// Map them to full Anthropic model IDs so toAiSdkConfig can resolve correctly.
@@ -499,6 +506,17 @@ function buildResolution(
const envOverrides = safeParseJson(provider.env_overrides_json || provider.extra_env);
let roleModels = safeParseJson(provider.role_models_json) as RoleModels;
+ // Fall back to catalog preset's defaultRoleModels when DB has no role mappings.
+ // This ensures sdkProxyOnly providers (MiniMax, Xiaomi MiMo, etc.) get correct
+ // ANTHROPIC_MODEL / ANTHROPIC_DEFAULT_*_MODEL env vars even when role_models_json
+ // was saved as '{}' by the preset connect dialog.
+ if (!roleModels.default && !roleModels.sonnet) {
+ const preset = findPresetForLegacy(provider.base_url, provider.provider_type, protocol);
+ if (preset?.defaultRoleModels) {
+ roleModels = { ...preset.defaultRoleModels, ...roleModels };
+ }
+ }
+
// Get available models: DB provider_models take priority, then catalog defaults
let availableModels = getDefaultModelsForProvider(protocol, provider.base_url);
try {
@@ -517,12 +535,22 @@ function buildResolution(
}
} catch { /* provider_models table may not exist in old DBs */ }
+ // Read per-provider options
+ const providerOpts = getProviderOptions(provider.id);
+
+ // Read global default model — only use it if it belongs to THIS provider
+ const globalDefaultModel = getSetting('global_default_model') || undefined;
+ const globalDefaultProvider = getSetting('global_default_model_provider') || undefined;
+ const applicableGlobalDefault = (globalDefaultModel && globalDefaultProvider === provider.id)
+ ? globalDefaultModel : undefined;
+
// Resolve model — priority:
// 1. Explicit request model (opts.model)
// 2. Session's stored model (opts.sessionModel)
- // 3. Provider's roleModels.default (configured per-provider default, e.g. "ark-code-latest")
- // 4. Global default_model setting
- const requestedModel = opts.model || opts.sessionModel || roleModels.default || getSetting('default_model') || undefined;
+ // 3. Global default model (only if it belongs to this provider)
+ // 4. Provider's roleModels.default (preset default, e.g. "ark-code-latest")
+ // 5. Global default_model setting (legacy)
+ const requestedModel = opts.model || opts.sessionModel || applicableGlobalDefault || roleModels.default || getSetting('default_model') || undefined;
let model = requestedModel;
let upstreamModel: string | undefined;
let modelDisplayName: string | undefined;
@@ -591,8 +619,9 @@ function inferProtocolFromProvider(provider: ApiProvider): Protocol {
}
function inferAuthStyleFromProvider(provider: ApiProvider): AuthStyle {
- // Check preset match first
- const preset = findPresetForLegacy(provider.base_url, provider.provider_type);
+ // Check preset match first — pass protocol to avoid cross-protocol fuzzy mismatches
+ const protocol = inferProtocolFromProvider(provider);
+ const preset = findPresetForLegacy(provider.base_url, provider.provider_type, protocol);
if (preset) return preset.authStyle;
return inferAuthStyleFromLegacy(provider.provider_type, provider.extra_env);
diff --git a/src/lib/update-release.ts b/src/lib/update-release.ts
new file mode 100644
index 00000000..6956cc83
--- /dev/null
+++ b/src/lib/update-release.ts
@@ -0,0 +1,76 @@
+import type { RuntimeArchitectureInfo } from './platform';
+
+export interface ReleaseAsset {
+ name: string;
+ browser_download_url: string;
+}
+
+function normalizeArch(value: string | undefined): string {
+ if (!value) return '';
+ const normalized = value.toLowerCase();
+ if (normalized === 'aarch64') return 'arm64';
+ if (normalized === 'amd64' || normalized === 'x86_64') return 'x64';
+ return normalized;
+}
+
+function scoreMacAsset(name: string, targetArch: string): number {
+ if (!name.endsWith('.dmg') && !name.endsWith('.zip')) return -1;
+
+ let score = name.endsWith('.dmg') ? 40 : 20;
+ if (name.includes(`-${targetArch}.`)) score += 100;
+ else if (name.includes(targetArch)) score += 50;
+
+ if (targetArch === 'arm64' && name.includes('universal')) score += 80;
+ return score;
+}
+
+function scoreWindowsAsset(name: string): number {
+ return name.endsWith('.exe') ? 100 : -1;
+}
+
+function scoreLinuxAsset(name: string, targetArch: string): number {
+ if (!name.endsWith('.appimage') && !name.endsWith('.deb') && !name.endsWith('.rpm')) {
+ return -1;
+ }
+
+ let score = 0;
+ if (name.endsWith('.appimage')) score += 40;
+ else if (name.endsWith('.deb')) score += 30;
+ else if (name.endsWith('.rpm')) score += 20;
+
+ if (name.includes(targetArch)) score += 100;
+ return score;
+}
+
+export function selectRecommendedReleaseAsset(
+ assets: ReleaseAsset[],
+ runtime: Pick,
+): ReleaseAsset | null {
+ const targetArch = normalizeArch(runtime.hostArch || runtime.processArch);
+ const normalizedAssets = assets.filter(
+ (asset) => typeof asset.name === 'string' && typeof asset.browser_download_url === 'string',
+ );
+
+ let best: ReleaseAsset | null = null;
+ let bestScore = -1;
+
+ for (const asset of normalizedAssets) {
+ const name = asset.name.toLowerCase();
+ let score = -1;
+
+ if (runtime.platform === 'darwin') {
+ score = scoreMacAsset(name, targetArch);
+ } else if (runtime.platform === 'win32') {
+ score = scoreWindowsAsset(name);
+ } else if (runtime.platform === 'linux') {
+ score = scoreLinuxAsset(name, targetArch);
+ }
+
+ if (score > bestScore) {
+ best = asset;
+ bestScore = score;
+ }
+ }
+
+ return bestScore >= 0 ? best : null;
+}
diff --git a/src/lib/working-directory.ts b/src/lib/working-directory.ts
new file mode 100644
index 00000000..8c7f5ff4
--- /dev/null
+++ b/src/lib/working-directory.ts
@@ -0,0 +1,73 @@
+import fs from 'fs';
+import os from 'os';
+
+export type WorkingDirectorySource =
+ | 'requested'
+ | 'binding'
+ | 'session_sdk_cwd'
+ | 'session_working_directory'
+ | 'setting'
+ | 'home'
+ | 'process';
+
+export interface WorkingDirectoryCandidate {
+ path?: string | null;
+ source: Exclude;
+}
+
+export interface ResolvedWorkingDirectory {
+ path: string;
+ source: WorkingDirectorySource;
+ invalidCandidates: Array<{
+ source: WorkingDirectoryCandidate['source'];
+ path: string;
+ }>;
+}
+
+export function isExistingDirectory(pathValue?: string | null): pathValue is string {
+ if (typeof pathValue !== 'string') return false;
+ const trimmed = pathValue.trim();
+ if (!trimmed) return false;
+
+ try {
+ return fs.statSync(trimmed).isDirectory();
+ } catch {
+ return false;
+ }
+}
+
+export function resolveWorkingDirectory(
+ candidates: WorkingDirectoryCandidate[],
+): ResolvedWorkingDirectory {
+ const invalidCandidates: ResolvedWorkingDirectory['invalidCandidates'] = [];
+
+ for (const candidate of candidates) {
+ const value = typeof candidate.path === 'string' ? candidate.path.trim() : '';
+ if (!value) continue;
+
+ if (isExistingDirectory(value)) {
+ return {
+ path: value,
+ source: candidate.source,
+ invalidCandidates,
+ };
+ }
+
+ invalidCandidates.push({ source: candidate.source, path: value });
+ }
+
+ const homeDir = os.homedir();
+ if (isExistingDirectory(homeDir)) {
+ return {
+ path: homeDir,
+ source: 'home',
+ invalidCandidates,
+ };
+ }
+
+ return {
+ path: process.cwd(),
+ source: 'process',
+ invalidCandidates,
+ };
+}
diff --git a/src/types/index.ts b/src/types/index.ts
index 424f08ff..33d1cda7 100644
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -249,10 +249,14 @@ export interface UpdateProviderRequest {
sort_order?: number;
}
-/** Per-provider options stored in options_json */
+/** Provider options stored in options_json (per-provider) or settings (global) */
export interface ProviderOptions {
thinking_mode?: 'adaptive' | 'enabled' | 'disabled';
context_1m?: boolean;
+ /** Global default model ID — used for new sessions */
+ default_model?: string;
+ /** Global default model's provider ID — which provider the default model belongs to */
+ default_model_provider?: string;
}
export interface ProvidersResponse {
@@ -536,6 +540,8 @@ export interface MCPServerConfig {
type?: 'stdio' | 'sse' | 'http';
url?: string;
headers?: Record;
+ /** Persistent enable/disable. undefined or true = enabled; false = disabled. */
+ enabled?: boolean;
}
export interface MCPConfig {
@@ -1080,3 +1086,27 @@ export interface GitWorktree {
bare: boolean;
dirty: boolean;
}
+
+// ==========================================
+// WeChat Bridge Types
+// ==========================================
+
+export interface WeixinAccount {
+ accountId: string;
+ userId: string;
+ baseUrl: string;
+ cdnBaseUrl: string;
+ token: string;
+ name: string;
+ enabled: boolean;
+ lastLoginAt: string | null;
+ createdAt: string;
+ updatedAt: string;
+}
+
+export interface WeixinContextTokenRecord {
+ accountId: string;
+ peerUserId: string;
+ contextToken: string;
+ updatedAt: string;
+}
diff --git a/tsconfig.json b/tsconfig.json
index d3205693..edb04df8 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -30,5 +30,15 @@
".next/dev/types/**/*.ts",
"**/*.mts"
],
- "exclude": ["node_modules", "electron", "dist-electron", "scripts", "release", "apps", "packages"]
+ "exclude": [
+ "node_modules",
+ "electron",
+ "dist-electron",
+ "scripts",
+ "release",
+ "apps",
+ "packages",
+ ".claude",
+ "资料"
+ ]
}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-cli/openclaw-weixin-cli-1.0.2.tgz" "b/\350\265\204\346\226\231/weixin-openclaw-cli/openclaw-weixin-cli-1.0.2.tgz"
new file mode 100644
index 00000000..bf0a3ae4
Binary files /dev/null and "b/\350\265\204\346\226\231/weixin-openclaw-cli/openclaw-weixin-cli-1.0.2.tgz" differ
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-cli/package/LICENSE" "b/\350\265\204\346\226\231/weixin-openclaw-cli/package/LICENSE"
new file mode 100644
index 00000000..6fb845f1
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-cli/package/LICENSE"
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tencent Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-cli/package/cli.mjs" "b/\350\265\204\346\226\231/weixin-openclaw-cli/package/cli.mjs"
new file mode 100755
index 00000000..217dda67
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-cli/package/cli.mjs"
@@ -0,0 +1,124 @@
+#!/usr/bin/env node
+
+import { execSync, spawnSync } from "node:child_process";
+
+const PLUGIN_SPEC = "@tencent-weixin/openclaw-weixin";
+const CHANNEL_ID = "openclaw-weixin";
+
+// ── helpers ──────────────────────────────────────────────────────────────────
+
+function log(msg) {
+ console.log(`\x1b[36m[openclaw-weixin]\x1b[0m ${msg}`);
+}
+
+function error(msg) {
+ console.error(`\x1b[31m[openclaw-weixin]\x1b[0m ${msg}`);
+}
+
+function run(cmd, { silent = true } = {}) {
+ const stdio = silent ? ["pipe", "pipe", "pipe"] : "inherit";
+ const result = spawnSync(cmd, { shell: true, stdio });
+ if (result.status !== 0) {
+ const err = new Error(`Command failed with exit code ${result.status}: ${cmd}`);
+ err.stderr = silent ? (result.stderr || "").toString() : "";
+ throw err;
+ }
+ return silent ? (result.stdout || "").toString().trim() : "";
+}
+
+function which(bin) {
+ try {
+ return execSync(`which ${bin}`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+ } catch {
+ return null;
+ }
+}
+
+// ── commands ─────────────────────────────────────────────────────────────────
+
+function install() {
+ // 1. Check openclaw is installed
+ if (!which("openclaw")) {
+ error("未找到 openclaw,请先安装:");
+ console.log(" npm install -g openclaw");
+ console.log(" 详见 https://docs.openclaw.ai/install");
+ process.exit(1);
+ }
+ log("已找到本地安装的 openclaw");
+
+ // 2. Install plugin via openclaw
+ log("正在安装插件...");
+ try {
+ const installOut = run(`openclaw plugins install "${PLUGIN_SPEC}"`);
+ if (installOut) log(installOut);
+ } catch (installErr) {
+ if (installErr.stderr && installErr.stderr.includes("already exists")) {
+ log("检测到本地已安装,正在更新...");
+ try {
+ const updateOut = run(`openclaw plugins update "${CHANNEL_ID}"`);
+ if (updateOut) log(updateOut);
+ } catch (updateErr) {
+ error("插件更新失败,请手动执行:");
+ if (updateErr.stderr) console.error(updateErr.stderr);
+ console.log(` openclaw plugins update "${CHANNEL_ID}"`);
+ process.exit(1);
+ }
+ } else {
+ error("插件安装失败,请手动执行:");
+ if (installErr.stderr) console.error(installErr.stderr);
+ console.log(` openclaw plugins install "${PLUGIN_SPEC}"`);
+ process.exit(1);
+ }
+ }
+
+ // 3. Login (interactive QR scan)
+ log("插件就绪,开始首次连接...");
+ try {
+ run(`openclaw channels login --channel ${CHANNEL_ID}`, { silent: false });
+ } catch {
+ console.log();
+ error("首次连接未完成,可稍后手动重试:");
+ console.log(` openclaw channels login --channel ${CHANNEL_ID}`);
+ }
+
+ // 4. Restart gateway so it picks up the new account
+ log("正在重启 OpenClaw Gateway...");
+ try {
+ run(`openclaw gateway restart`, { silent: false });
+ } catch {
+ error("重启失败,可手动执行:");
+ console.log(` openclaw gateway restart`);
+ }
+
+}
+
+function help() {
+ console.log(`
+ 用法: npx -y @tencent-weixin/openclaw-weixin-cli <命令>
+
+ 命令:
+ install 安装微信插件并扫码连接
+ help 显示帮助信息
+`);
+}
+
+// ── main ─────────────────────────────────────────────────────────────────────
+
+const command = process.argv[2];
+
+switch (command) {
+ case "install":
+ install();
+ break;
+ case "help":
+ case "--help":
+ case "-h":
+ help();
+ break;
+ default:
+ if (command) {
+ error(`未知命令: ${command}`);
+ }
+ help();
+ process.exit(command ? 1 : 0);
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-cli/package/package.json" "b/\350\265\204\346\226\231/weixin-openclaw-cli/package/package.json"
new file mode 100644
index 00000000..3cfad757
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-cli/package/package.json"
@@ -0,0 +1,17 @@
+{
+ "name": "@tencent-weixin/openclaw-weixin-cli",
+ "version": "1.0.2",
+ "description": "Lightweight installer for the OpenClaw Weixin channel plugin",
+ "license": "MIT",
+ "author": "Tencent",
+ "type": "module",
+ "bin": {
+ "weixin-installer": "./cli.mjs"
+ },
+ "files": [
+ "cli.mjs"
+ ],
+ "engines": {
+ "node": ">=22"
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/openclaw-weixin-1.0.2.tgz" "b/\350\265\204\346\226\231/weixin-openclaw-package/openclaw-weixin-1.0.2.tgz"
new file mode 100644
index 00000000..50141bc2
Binary files /dev/null and "b/\350\265\204\346\226\231/weixin-openclaw-package/openclaw-weixin-1.0.2.tgz" differ
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/CHANGELOG.md" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/CHANGELOG.md"
new file mode 100644
index 00000000..b13322f0
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/CHANGELOG.md"
@@ -0,0 +1,5 @@
+# Changelog
+
+[简体中文](CHANGELOG.zh_CN.md)
+
+This project follows the [Keep a Changelog](https://keepachangelog.com/) format.
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/CHANGELOG.zh_CN.md" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/CHANGELOG.zh_CN.md"
new file mode 100644
index 00000000..3c9f87af
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/CHANGELOG.zh_CN.md"
@@ -0,0 +1,3 @@
+# 变更日志
+
+本项目遵循 [Keep a Changelog](https://keepachangelog.com/) 格式。
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/LICENSE" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/LICENSE"
new file mode 100644
index 00000000..6fb845f1
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/LICENSE"
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Tencent Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/README.md" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/README.md"
new file mode 100644
index 00000000..4d3dca50
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/README.md"
@@ -0,0 +1,271 @@
+# WeChat
+
+[简体中文](./README.zh_CN.md)
+
+OpenClaw's WeChat channel plugin, supporting login authorization via QR code scanning.
+
+## Prerequisites
+
+[OpenClaw](https://docs.openclaw.ai/install) must be installed (the `openclaw` CLI needs to be available).
+
+## Quick Install
+
+```bash
+npx -y @tencent-weixin/openclaw-weixin-cli install
+```
+
+## Manual Installation
+
+If the quick install doesn't work, follow these steps manually:
+
+### 1. Install the plugin
+
+```bash
+openclaw plugins install "@tencent-weixin/openclaw-weixin"
+```
+
+### 2. Enable the plugin
+
+```bash
+openclaw config set plugins.entries.openclaw-weixin.enabled true
+```
+
+### 3. QR code login
+
+```bash
+openclaw channels login --channel openclaw-weixin
+```
+
+A QR code will appear in the terminal. Scan it with your phone and confirm the authorization. Once confirmed, the login credentials will be saved locally automatically — no further action is needed.
+
+### 4. Restart the gateway
+
+```bash
+openclaw gateway restart
+```
+
+## Adding More WeChat Accounts
+
+```bash
+openclaw channels login --channel openclaw-weixin
+```
+
+Each QR code login creates a new account entry, supporting multiple WeChat accounts online simultaneously.
+
+## Multi-Account Context Isolation
+
+By default, all channels share the same AI conversation context. To isolate conversation context for each WeChat account:
+
+```bash
+openclaw config set agents.mode per-channel-per-peer
+```
+
+This gives each "WeChat account + message sender" combination its own independent AI memory, preventing context cross-talk between accounts.
+
+## Backend API Protocol
+
+This plugin communicates with the backend gateway via HTTP JSON API. Developers integrating with their own backend need to implement the following interfaces.
+
+All endpoints use `POST` with JSON request and response bodies. Common request headers:
+
+| Header | Description |
+|--------|-------------|
+| `Content-Type` | `application/json` |
+| `AuthorizationType` | Fixed value `ilink_bot_token` |
+| `Authorization` | `Bearer ` (obtained after login) |
+| `X-WECHAT-UIN` | Base64-encoded random uint32 |
+
+### Endpoint List
+
+| Endpoint | Path | Description |
+|----------|------|-------------|
+| getUpdates | `getupdates` | Long-poll for new messages |
+| sendMessage | `sendmessage` | Send a message (text/image/video/file) |
+| getUploadUrl | `getuploadurl` | Get CDN upload pre-signed URL |
+| getConfig | `getconfig` | Get account config (typing ticket, etc.) |
+| sendTyping | `sendtyping` | Send/cancel typing status indicator |
+
+### getUpdates
+
+Long-polling endpoint. The server responds when new messages arrive or on timeout.
+
+**Request body:**
+
+```json
+{
+ "get_updates_buf": ""
+}
+```
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `get_updates_buf` | `string` | Sync cursor from the previous response; empty string for the first request |
+
+**Response body:**
+
+```json
+{
+ "ret": 0,
+ "msgs": [...],
+ "get_updates_buf": "",
+ "longpolling_timeout_ms": 35000
+}
+```
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `ret` | `number` | Return code, `0` = success |
+| `errcode` | `number?` | Error code (e.g., `-14` = session timeout) |
+| `errmsg` | `string?` | Error description |
+| `msgs` | `WeixinMessage[]` | Message list (structure below) |
+| `get_updates_buf` | `string` | New sync cursor to pass in the next request |
+| `longpolling_timeout_ms` | `number?` | Server-suggested long-poll timeout for the next request (ms) |
+
+### sendMessage
+
+Send a message to a user.
+
+**Request body:**
+
+```json
+{
+ "msg": {
+ "to_user_id": "",
+ "context_token": "",
+ "item_list": [
+ {
+ "type": 1,
+ "text_item": { "text": "Hello" }
+ }
+ ]
+ }
+}
+```
+
+### getUploadUrl
+
+Get CDN upload pre-signed parameters. Call this endpoint before uploading a file to obtain `upload_param` and `thumb_upload_param`.
+
+**Request body:**
+
+```json
+{
+ "filekey": "",
+ "media_type": 1,
+ "to_user_id": "",
+ "rawsize": 12345,
+ "rawfilemd5": "<![CDATA[",
+ "filesize": 12352,
+ "thumb_rawsize": 1024,
+ "thumb_rawfilemd5": "<thumbnail plaintext MD5>",
+ "thumb_filesize": 1040
+}
+```
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `media_type` | `number` | `1` = IMAGE, `2` = VIDEO, `3` = FILE |
+| `rawsize` | `number` | Original file plaintext size |
+| `rawfilemd5` | `string` | Original file plaintext MD5 |
+| `filesize` | `number` | Ciphertext size after AES-128-ECB encryption |
+| `thumb_rawsize` | `number?` | Thumbnail plaintext size (required for IMAGE/VIDEO) |
+| `thumb_rawfilemd5` | `string?` | Thumbnail plaintext MD5 (required for IMAGE/VIDEO) |
+| `thumb_filesize` | `number?` | Thumbnail ciphertext size (required for IMAGE/VIDEO) |
+
+**Response body:**
+
+```json
+{
+ "upload_param": "<original image upload encrypted parameters>",
+ "thumb_upload_param": "<thumbnail upload encrypted parameters>"
+}
+```
+
+### getConfig
+
+Get account configuration, including the typing ticket.
+
+**Request body:**
+
+```json
+{
+ "ilink_user_id": "<user ID>",
+ "context_token": "<optional, conversation context token>"
+}
+```
+
+**Response body:**
+
+```json
+{
+ "ret": 0,
+ "typing_ticket": "<base64-encoded typing ticket>"
+}
+```
+
+### sendTyping
+
+Send or cancel the typing status indicator.
+
+**Request body:**
+
+```json
+{
+ "ilink_user_id": "<user ID>",
+ "typing_ticket": "<obtained from getConfig>",
+ "status": 1
+}
+```
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `status` | `number` | `1` = typing, `2` = cancel typing |
+
+### Message Structure
+
+#### WeixinMessage
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `seq` | `number?` | Message sequence number |
+| `message_id` | `number?` | Unique message ID |
+| `from_user_id` | `string?` | Sender ID |
+| `to_user_id` | `string?` | Receiver ID |
+| `create_time_ms` | `number?` | Creation timestamp (ms) |
+| `session_id` | `string?` | Session ID |
+| `message_type` | `number?` | `1` = USER, `2` = BOT |
+| `message_state` | `number?` | `0` = NEW, `1` = GENERATING, `2` = FINISH |
+| `item_list` | `MessageItem[]?` | Message content list |
+| `context_token` | `string?` | Conversation context token, must be passed back when replying |
+
+#### MessageItem
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `type` | `number` | `1` TEXT, `2` IMAGE, `3` VOICE, `4` FILE, `5` VIDEO |
+| `text_item` | `{ text: string }?` | Text content |
+| `image_item` | `ImageItem?` | Image (with CDN reference and AES key) |
+| `voice_item` | `VoiceItem?` | Voice (SILK encoded) |
+| `file_item` | `FileItem?` | File attachment |
+| `video_item` | `VideoItem?` | Video |
+| `ref_msg` | `RefMessage?` | Referenced message |
+
+#### CDN Media Reference (CDNMedia)
+
+All media types (image/voice/file/video) are transferred via CDN using AES-128-ECB encryption:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `encrypt_query_param` | `string?` | Encrypted parameters for CDN download/upload |
+| `aes_key` | `string?` | Base64-encoded AES-128 key |
+
+### CDN Upload Flow
+
+1. Calculate the file's plaintext size, MD5, and ciphertext size after AES-128-ECB encryption
+2. If a thumbnail is needed (image/video), calculate the thumbnail's plaintext and ciphertext parameters as well
+3. Call `getUploadUrl` to get `upload_param` (and `thumb_upload_param`)
+4. Encrypt the file content with AES-128-ECB and PUT upload to the CDN URL
+5. Encrypt and upload the thumbnail in the same way
+6. Use the returned `encrypt_query_param` to construct a `CDNMedia` reference, include it in the `MessageItem`, and send
+
+> For complete type definitions, see [`src/api/types.ts`](src/api/types.ts). For API call implementations, see [`src/api/api.ts`](src/api/api.ts).
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/README.zh_CN.md" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/README.zh_CN.md"
new file mode 100644
index 00000000..576284fb
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/README.zh_CN.md"
@@ -0,0 +1,271 @@
+# 微信
+
+[English](./README.md)
+
+OpenClaw 的微信渠道插件,支持通过扫码完成登录授权。
+
+## 前提条件
+
+已安装 [OpenClaw](https://docs.openclaw.ai/install)(需要 `openclaw` CLI 可用)。
+
+## 一键安装
+
+```bash
+npx -y @tencent-weixin/openclaw-weixin-cli install
+```
+
+## 手动安装
+
+如果一键安装不适用,可以按以下步骤手动操作:
+
+### 1. 安装插件
+
+```bash
+openclaw plugins install "@tencent-weixin/openclaw-weixin"
+```
+
+### 2. 启用插件
+
+```bash
+openclaw config set plugins.entries.openclaw-weixin.enabled true
+```
+
+### 3. 扫码登录
+
+```bash
+openclaw channels login --channel openclaw-weixin
+```
+
+终端会显示一个二维码,用手机扫码并在手机上确认授权。确认后,登录凭证会自动保存到本地,无需额外操作。
+
+### 4. 重启 gateway
+
+```bash
+openclaw gateway restart
+```
+
+## 添加更多微信账号
+
+```bash
+openclaw channels login --channel openclaw-weixin
+```
+
+每次扫码登录都会创建一个新的账号条目,支持多个微信号同时在线。
+
+## 多账号上下文隔离
+
+默认情况下,所有渠道的 AI 会话共享同一个上下文。如果希望每个微信账号的对话上下文相互隔离:
+
+```bash
+openclaw config set agents.mode per-channel-per-peer
+```
+
+这样每个「微信账号 + 发消息用户」组合都会拥有独立的 AI 记忆,账号之间不会串台。
+
+## 后端 API 协议
+
+本插件通过 HTTP JSON API 与后端网关通信。二次开发者若需对接自有后端,需实现以下接口。
+
+所有接口均为 `POST`,请求和响应均为 JSON。通用请求头:
+
+| Header | 说明 |
+|--------|------|
+| `Content-Type` | `application/json` |
+| `AuthorizationType` | 固定值 `ilink_bot_token` |
+| `Authorization` | `Bearer <token>`(登录后获取) |
+| `X-WECHAT-UIN` | 随机 uint32 的 base64 编码 |
+
+### 接口列表
+
+| 接口 | 路径 | 说明 |
+|------|------|------|
+| getUpdates | `getupdates` | 长轮询获取新消息 |
+| sendMessage | `sendmessage` | 发送消息(文本/图片/视频/文件) |
+| getUploadUrl | `getuploadurl` | 获取 CDN 上传预签名 URL |
+| getConfig | `getconfig` | 获取账号配置(typing ticket 等) |
+| sendTyping | `sendtyping` | 发送/取消输入状态指示 |
+
+### getUpdates
+
+长轮询接口。服务端在有新消息或超时后返回。
+
+**请求体:**
+
+```json
+{
+ "get_updates_buf": ""
+}
+```
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `get_updates_buf` | `string` | 上次响应返回的同步游标,首次请求传空字符串 |
+
+**响应体:**
+
+```json
+{
+ "ret": 0,
+ "msgs": [...],
+ "get_updates_buf": "<新游标>",
+ "longpolling_timeout_ms": 35000
+}
+```
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `ret` | `number` | 返回码,`0` = 成功 |
+| `errcode` | `number?` | 错误码(如 `-14` = 会话超时) |
+| `errmsg` | `string?` | 错误描述 |
+| `msgs` | `WeixinMessage[]` | 消息列表(结构见下方) |
+| `get_updates_buf` | `string` | 新的同步游标,下次请求时回传 |
+| `longpolling_timeout_ms` | `number?` | 服务端建议的下次长轮询超时(ms) |
+
+### sendMessage
+
+发送一条消息给用户。
+
+**请求体:**
+
+```json
+{
+ "msg": {
+ "to_user_id": "<目标用户 ID>",
+ "context_token": "<会话上下文令牌>",
+ "item_list": [
+ {
+ "type": 1,
+ "text_item": { "text": "你好" }
+ }
+ ]
+ }
+}
+```
+
+### getUploadUrl
+
+获取 CDN 上传预签名参数。上传文件前需先调用此接口获取 `upload_param` 和 `thumb_upload_param`。
+
+**请求体:**
+
+```json
+{
+ "filekey": "<文件标识>",
+ "media_type": 1,
+ "to_user_id": "<目标用户 ID>",
+ "rawsize": 12345,
+ "rawfilemd5": "<明文 MD5>",
+ "filesize": 12352,
+ "thumb_rawsize": 1024,
+ "thumb_rawfilemd5": "<缩略图明文 MD5>",
+ "thumb_filesize": 1040
+}
+```
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `media_type` | `number` | `1` = IMAGE, `2` = VIDEO, `3` = FILE |
+| `rawsize` | `number` | 原文件明文大小 |
+| `rawfilemd5` | `string` | 原文件明文 MD5 |
+| `filesize` | `number` | AES-128-ECB 加密后的密文大小 |
+| `thumb_rawsize` | `number?` | 缩略图明文大小(IMAGE/VIDEO 时必填) |
+| `thumb_rawfilemd5` | `string?` | 缩略图明文 MD5(IMAGE/VIDEO 时必填) |
+| `thumb_filesize` | `number?` | 缩略图密文大小(IMAGE/VIDEO 时必填) |
+
+**响应体:**
+
+```json
+{
+ "upload_param": "<原图上传加密参数>",
+ "thumb_upload_param": "<缩略图上传加密参数>"
+}
+```
+
+### getConfig
+
+获取账号配置,包括 typing ticket。
+
+**请求体:**
+
+```json
+{
+ "ilink_user_id": "<用户 ID>",
+ "context_token": "<可选,会话上下文令牌>"
+}
+```
+
+**响应体:**
+
+```json
+{
+ "ret": 0,
+ "typing_ticket": "<base64 编码的 typing ticket>"
+}
+```
+
+### sendTyping
+
+发送或取消输入状态指示。
+
+**请求体:**
+
+```json
+{
+ "ilink_user_id": "<用户 ID>",
+ "typing_ticket": "<从 getConfig 获取>",
+ "status": 1
+}
+```
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `status` | `number` | `1` = 正在输入,`2` = 取消输入 |
+
+### 消息结构
+
+#### WeixinMessage
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `seq` | `number?` | 消息序列号 |
+| `message_id` | `number?` | 消息唯一 ID |
+| `from_user_id` | `string?` | 发送者 ID |
+| `to_user_id` | `string?` | 接收者 ID |
+| `create_time_ms` | `number?` | 创建时间戳(ms) |
+| `session_id` | `string?` | 会话 ID |
+| `message_type` | `number?` | `1` = USER, `2` = BOT |
+| `message_state` | `number?` | `0` = NEW, `1` = GENERATING, `2` = FINISH |
+| `item_list` | `MessageItem[]?` | 消息内容列表 |
+| `context_token` | `string?` | 会话上下文令牌,回复时需回传 |
+
+#### MessageItem
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `type` | `number` | `1` TEXT, `2` IMAGE, `3` VOICE, `4` FILE, `5` VIDEO |
+| `text_item` | `{ text: string }?` | 文本内容 |
+| `image_item` | `ImageItem?` | 图片(含 CDN 引用和 AES 密钥) |
+| `voice_item` | `VoiceItem?` | 语音(SILK 编码) |
+| `file_item` | `FileItem?` | 文件附件 |
+| `video_item` | `VideoItem?` | 视频 |
+| `ref_msg` | `RefMessage?` | 引用消息 |
+
+#### CDN 媒体引用 (CDNMedia)
+
+所有媒体类型(图片/语音/文件/视频)通过 CDN 传输,使用 AES-128-ECB 加密:
+
+| 字段 | 类型 | 说明 |
+|------|------|------|
+| `encrypt_query_param` | `string?` | CDN 下载/上传的加密参数 |
+| `aes_key` | `string?` | base64 编码的 AES-128 密钥 |
+
+### CDN 上传流程
+
+1. 计算文件明文大小、MD5,以及 AES-128-ECB 加密后的密文大小
+2. 如需缩略图(图片/视频),同样计算缩略图的明文和密文参数
+3. 调用 `getUploadUrl` 获取 `upload_param`(和 `thumb_upload_param`)
+4. 使用 AES-128-ECB 加密文件内容,PUT 上传到 CDN URL
+5. 缩略图同理加密并上传
+6. 使用返回的 `encrypt_query_param` 构造 `CDNMedia` 引用,放入 `MessageItem` 发送
+
+> 完整的类型定义见 [`src/api/types.ts`](src/api/types.ts),API 调用实现见 [`src/api/api.ts`](src/api/api.ts)。
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/index.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/index.ts"
new file mode 100644
index 00000000..046a8210
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/index.ts"
@@ -0,0 +1,27 @@
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
+import { buildChannelConfigSchema } from "openclaw/plugin-sdk";
+
+import { weixinPlugin } from "./src/channel.js";
+import { WeixinConfigSchema } from "./src/config/config-schema.js";
+import { registerWeixinCli } from "./src/log-upload.js";
+import { setWeixinRuntime } from "./src/runtime.js";
+
+const plugin = {
+ id: "openclaw-weixin",
+ name: "Weixin",
+ description: "Weixin channel (getUpdates long-poll + sendMessage)",
+ configSchema: buildChannelConfigSchema(WeixinConfigSchema),
+ register(api: OpenClawPluginApi) {
+ if (!api?.runtime) {
+ throw new Error("[weixin] api.runtime is not available in register()");
+ }
+ setWeixinRuntime(api.runtime);
+
+ api.registerChannel({ plugin: weixinPlugin });
+ api.registerCli(({ program, config }) => registerWeixinCli({ program, config }), {
+ commands: ["openclaw-weixin"],
+ });
+ },
+};
+
+export default plugin;
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/openclaw.plugin.json" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/openclaw.plugin.json"
new file mode 100644
index 00000000..88e6cf53
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/openclaw.plugin.json"
@@ -0,0 +1,9 @@
+{
+ "id": "openclaw-weixin",
+ "channels": ["openclaw-weixin"],
+ "configSchema": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {}
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/package.json" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/package.json"
new file mode 100644
index 00000000..81257c62
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/package.json"
@@ -0,0 +1,55 @@
+{
+ "name": "@tencent-weixin/openclaw-weixin",
+ "version": "1.0.2",
+ "description": "OpenClaw Weixin channel",
+ "license": "MIT",
+ "author": "Tencent",
+ "type": "module",
+ "files": [
+ "src/",
+ "!src/**/*.test.ts",
+ "!src/**/node_modules/",
+ "index.ts",
+ "openclaw.plugin.json",
+ "README.md",
+ "README.zh_CN.md",
+ "CHANGELOG.md",
+ "CHANGELOG.zh_CN.md"
+ ],
+ "scripts": {
+ "test": "vitest run --coverage",
+ "typecheck": "tsc --noEmit",
+ "build": "tsc",
+ "prepublishOnly": "npm run typecheck && npm run build"
+ },
+ "engines": {
+ "node": ">=22"
+ },
+ "dependencies": {
+ "qrcode-terminal": "0.12.0",
+ "zod": "4.3.6"
+ },
+ "devDependencies": {
+ "@vitest/coverage-v8": "^3.1.0",
+ "typescript": "^5.8.0",
+ "vitest": "^3.1.0"
+ },
+ "openclaw": {
+ "extensions": [
+ "./index.ts"
+ ],
+ "channel": {
+ "id": "openclaw-weixin",
+ "label": "openclaw-weixin",
+ "selectionLabel": "openclaw-weixin",
+ "docsPath": "/channels/openclaw-weixin",
+ "docsLabel": "openclaw-weixin",
+ "blurb": "Weixin channel",
+ "order": 75
+ },
+ "install": {
+ "npmSpec": "@tencent-weixin/openclaw-weixin",
+ "defaultChoice": "npm"
+ }
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/api.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/api.ts"
new file mode 100644
index 00000000..8e2a6c76
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/api.ts"
@@ -0,0 +1,240 @@
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+import { loadConfigRouteTag } from "../auth/accounts.js";
+import { logger } from "../util/logger.js";
+import { redactBody, redactUrl } from "../util/redact.js";
+
+import type {
+ BaseInfo,
+ GetUploadUrlReq,
+ GetUploadUrlResp,
+ GetUpdatesReq,
+ GetUpdatesResp,
+ SendMessageReq,
+ SendTypingReq,
+ GetConfigResp,
+} from "./types.js";
+
+export type WeixinApiOptions = {
+ baseUrl: string;
+ token?: string;
+ timeoutMs?: number;
+ /** Long-poll timeout for getUpdates (server may hold the request up to this). */
+ longPollTimeoutMs?: number;
+};
+
+// ---------------------------------------------------------------------------
+// BaseInfo — attached to every outgoing CGI request
+// ---------------------------------------------------------------------------
+
+function readChannelVersion(): string {
+ try {
+ const dir = path.dirname(fileURLToPath(import.meta.url));
+ const pkgPath = path.resolve(dir, "..", "..", "package.json");
+ const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8")) as { version?: string };
+ return pkg.version ?? "unknown";
+ } catch {
+ return "unknown";
+ }
+}
+
+const CHANNEL_VERSION = readChannelVersion();
+
+/** Build the `base_info` payload included in every API request. */
+export function buildBaseInfo(): BaseInfo {
+ return { channel_version: CHANNEL_VERSION };
+}
+
+/** Default timeout for long-poll getUpdates requests. */
+const DEFAULT_LONG_POLL_TIMEOUT_MS = 35_000;
+/** Default timeout for regular API requests (sendMessage, getUploadUrl). */
+const DEFAULT_API_TIMEOUT_MS = 15_000;
+/** Default timeout for lightweight API requests (getConfig, sendTyping). */
+const DEFAULT_CONFIG_TIMEOUT_MS = 10_000;
+
+function ensureTrailingSlash(url: string): string {
+ return url.endsWith("/") ? url : `${url}/`;
+}
+
+/** X-WECHAT-UIN header: random uint32 -> decimal string -> base64. */
+function randomWechatUin(): string {
+ const uint32 = crypto.randomBytes(4).readUInt32BE(0);
+ return Buffer.from(String(uint32), "utf-8").toString("base64");
+}
+
+function buildHeaders(opts: { token?: string; body: string }): Record<string, string> {
+ const headers: Record<string, string> = {
+ "Content-Type": "application/json",
+ AuthorizationType: "ilink_bot_token",
+ "Content-Length": String(Buffer.byteLength(opts.body, "utf-8")),
+ "X-WECHAT-UIN": randomWechatUin(),
+ };
+ if (opts.token?.trim()) {
+ headers.Authorization = `Bearer ${opts.token.trim()}`;
+ }
+ const routeTag = loadConfigRouteTag();
+ if (routeTag) {
+ headers.SKRouteTag = routeTag;
+ }
+ logger.debug(
+ `requestHeaders: ${JSON.stringify({ ...headers, Authorization: headers.Authorization ? "Bearer ***" : undefined })}`,
+ );
+ return headers;
+}
+
+/**
+ * Common fetch wrapper: POST JSON to a Weixin API endpoint with timeout + abort.
+ * Returns the raw response text on success; throws on HTTP error or timeout.
+ */
+async function apiFetch(params: {
+ baseUrl: string;
+ endpoint: string;
+ body: string;
+ token?: string;
+ timeoutMs: number;
+ label: string;
+}): Promise<string> {
+ const base = ensureTrailingSlash(params.baseUrl);
+ const url = new URL(params.endpoint, base);
+ const hdrs = buildHeaders({ token: params.token, body: params.body });
+ logger.debug(`POST ${redactUrl(url.toString())} body=${redactBody(params.body)}`);
+
+ const controller = new AbortController();
+ const t = setTimeout(() => controller.abort(), params.timeoutMs);
+ try {
+ const res = await fetch(url.toString(), {
+ method: "POST",
+ headers: hdrs,
+ body: params.body,
+ signal: controller.signal,
+ });
+ clearTimeout(t);
+ const rawText = await res.text();
+ logger.debug(`${params.label} status=${res.status} raw=${redactBody(rawText)}`);
+ if (!res.ok) {
+ throw new Error(`${params.label} ${res.status}: ${rawText}`);
+ }
+ return rawText;
+ } catch (err) {
+ clearTimeout(t);
+ throw err;
+ }
+}
+
+/**
+ * Long-poll getUpdates. Server should hold the request until new messages or timeout.
+ *
+ * On client-side timeout (no server response within timeoutMs), returns an empty response
+ * with ret=0 so the caller can simply retry. This is normal for long-poll.
+ */
+export async function getUpdates(
+ params: GetUpdatesReq & {
+ baseUrl: string;
+ token?: string;
+ timeoutMs?: number;
+ },
+): Promise<GetUpdatesResp> {
+ const timeout = params.timeoutMs ?? DEFAULT_LONG_POLL_TIMEOUT_MS;
+ try {
+ const rawText = await apiFetch({
+ baseUrl: params.baseUrl,
+ endpoint: "ilink/bot/getupdates",
+ body: JSON.stringify({
+ get_updates_buf: params.get_updates_buf ?? "",
+ base_info: buildBaseInfo(),
+ }),
+ token: params.token,
+ timeoutMs: timeout,
+ label: "getUpdates",
+ });
+ const resp: GetUpdatesResp = JSON.parse(rawText);
+ return resp;
+ } catch (err) {
+ // Long-poll timeout is normal; return empty response so caller can retry
+ if (err instanceof Error && err.name === "AbortError") {
+ logger.debug(`getUpdates: client-side timeout after ${timeout}ms, returning empty response`);
+ return { ret: 0, msgs: [], get_updates_buf: params.get_updates_buf };
+ }
+ throw err;
+ }
+}
+
+/** Get a pre-signed CDN upload URL for a file. */
+export async function getUploadUrl(
+ params: GetUploadUrlReq & WeixinApiOptions,
+): Promise<GetUploadUrlResp> {
+ const rawText = await apiFetch({
+ baseUrl: params.baseUrl,
+ endpoint: "ilink/bot/getuploadurl",
+ body: JSON.stringify({
+ filekey: params.filekey,
+ media_type: params.media_type,
+ to_user_id: params.to_user_id,
+ rawsize: params.rawsize,
+ rawfilemd5: params.rawfilemd5,
+ filesize: params.filesize,
+ thumb_rawsize: params.thumb_rawsize,
+ thumb_rawfilemd5: params.thumb_rawfilemd5,
+ thumb_filesize: params.thumb_filesize,
+ no_need_thumb: params.no_need_thumb,
+ aeskey: params.aeskey,
+ base_info: buildBaseInfo(),
+ }),
+ token: params.token,
+ timeoutMs: params.timeoutMs ?? DEFAULT_API_TIMEOUT_MS,
+ label: "getUploadUrl",
+ });
+ const resp: GetUploadUrlResp = JSON.parse(rawText);
+ return resp;
+}
+
+/** Send a single message downstream. */
+export async function sendMessage(
+ params: WeixinApiOptions & { body: SendMessageReq },
+): Promise<void> {
+ await apiFetch({
+ baseUrl: params.baseUrl,
+ endpoint: "ilink/bot/sendmessage",
+ body: JSON.stringify({ ...params.body, base_info: buildBaseInfo() }),
+ token: params.token,
+ timeoutMs: params.timeoutMs ?? DEFAULT_API_TIMEOUT_MS,
+ label: "sendMessage",
+ });
+}
+
+/** Fetch bot config (includes typing_ticket) for a given user. */
+export async function getConfig(
+ params: WeixinApiOptions & { ilinkUserId: string; contextToken?: string },
+): Promise<GetConfigResp> {
+ const rawText = await apiFetch({
+ baseUrl: params.baseUrl,
+ endpoint: "ilink/bot/getconfig",
+ body: JSON.stringify({
+ ilink_user_id: params.ilinkUserId,
+ context_token: params.contextToken,
+ base_info: buildBaseInfo(),
+ }),
+ token: params.token,
+ timeoutMs: params.timeoutMs ?? DEFAULT_CONFIG_TIMEOUT_MS,
+ label: "getConfig",
+ });
+ const resp: GetConfigResp = JSON.parse(rawText);
+ return resp;
+}
+
+/** Send a typing indicator to a user. */
+export async function sendTyping(
+ params: WeixinApiOptions & { body: SendTypingReq },
+): Promise<void> {
+ await apiFetch({
+ baseUrl: params.baseUrl,
+ endpoint: "ilink/bot/sendtyping",
+ body: JSON.stringify({ ...params.body, base_info: buildBaseInfo() }),
+ token: params.token,
+ timeoutMs: params.timeoutMs ?? DEFAULT_CONFIG_TIMEOUT_MS,
+ label: "sendTyping",
+ });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/config-cache.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/config-cache.ts"
new file mode 100644
index 00000000..cad9d0f9
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/config-cache.ts"
@@ -0,0 +1,79 @@
+import { getConfig } from "./api.js";
+
+/** Subset of getConfig fields that we actually need; add new fields here as needed. */
+export interface CachedConfig {
+ typingTicket: string;
+}
+
+const CONFIG_CACHE_TTL_MS = 24 * 60 * 60 * 1000;
+const CONFIG_CACHE_INITIAL_RETRY_MS = 2_000;
+const CONFIG_CACHE_MAX_RETRY_MS = 60 * 60 * 1000;
+
+interface ConfigCacheEntry {
+ config: CachedConfig;
+ everSucceeded: boolean;
+ nextFetchAt: number;
+ retryDelayMs: number;
+}
+
+/**
+ * Per-user getConfig cache with periodic random refresh (within 24h) and
+ * exponential-backoff retry (up to 1h) on failure.
+ */
+export class WeixinConfigManager {
+ private cache = new Map<string, ConfigCacheEntry>();
+
+ constructor(
+ private apiOpts: { baseUrl: string; token?: string },
+ private log: (msg: string) => void,
+ ) {}
+
+ async getForUser(userId: string, contextToken?: string): Promise<CachedConfig> {
+ const now = Date.now();
+ const entry = this.cache.get(userId);
+ const shouldFetch = !entry || now >= entry.nextFetchAt;
+
+ if (shouldFetch) {
+ let fetchOk = false;
+ try {
+ const resp = await getConfig({
+ baseUrl: this.apiOpts.baseUrl,
+ token: this.apiOpts.token,
+ ilinkUserId: userId,
+ contextToken,
+ });
+ if (resp.ret === 0) {
+ this.cache.set(userId, {
+ config: { typingTicket: resp.typing_ticket ?? "" },
+ everSucceeded: true,
+ nextFetchAt: now + Math.random() * CONFIG_CACHE_TTL_MS,
+ retryDelayMs: CONFIG_CACHE_INITIAL_RETRY_MS,
+ });
+ this.log(
+ `[weixin] config ${entry?.everSucceeded ? "refreshed" : "cached"} for ${userId}`,
+ );
+ fetchOk = true;
+ }
+ } catch (err) {
+ this.log(`[weixin] getConfig failed for ${userId} (ignored): ${String(err)}`);
+ }
+ if (!fetchOk) {
+ const prevDelay = entry?.retryDelayMs ?? CONFIG_CACHE_INITIAL_RETRY_MS;
+ const nextDelay = Math.min(prevDelay * 2, CONFIG_CACHE_MAX_RETRY_MS);
+ if (entry) {
+ entry.nextFetchAt = now + nextDelay;
+ entry.retryDelayMs = nextDelay;
+ } else {
+ this.cache.set(userId, {
+ config: { typingTicket: "" },
+ everSucceeded: false,
+ nextFetchAt: now + CONFIG_CACHE_INITIAL_RETRY_MS,
+ retryDelayMs: CONFIG_CACHE_INITIAL_RETRY_MS,
+ });
+ }
+ }
+ }
+
+ return this.cache.get(userId)?.config ?? { typingTicket: "" };
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/session-guard.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/session-guard.ts"
new file mode 100644
index 00000000..e31094cb
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/session-guard.ts"
@@ -0,0 +1,58 @@
+import { logger } from "../util/logger.js";
+
+const SESSION_PAUSE_DURATION_MS = 60 * 60 * 1000;
+
+/** Error code returned by the server when the bot session has expired. */
+export const SESSION_EXPIRED_ERRCODE = -14;
+
+const pauseUntilMap = new Map<string, number>();
+
+/** Pause all inbound/outbound API calls for `accountId` for one hour. */
+export function pauseSession(accountId: string): void {
+ const until = Date.now() + SESSION_PAUSE_DURATION_MS;
+ pauseUntilMap.set(accountId, until);
+ logger.info(
+ `session-guard: paused accountId=${accountId} until=${new Date(until).toISOString()} (${SESSION_PAUSE_DURATION_MS / 1000}s)`,
+ );
+}
+
+/** Returns `true` when the bot is still within its one-hour cooldown window. */
+export function isSessionPaused(accountId: string): boolean {
+ const until = pauseUntilMap.get(accountId);
+ if (until === undefined) return false;
+ if (Date.now() >= until) {
+ pauseUntilMap.delete(accountId);
+ return false;
+ }
+ return true;
+}
+
+/** Milliseconds remaining until the pause expires (0 when not paused). */
+export function getRemainingPauseMs(accountId: string): number {
+ const until = pauseUntilMap.get(accountId);
+ if (until === undefined) return 0;
+ const remaining = until - Date.now();
+ if (remaining <= 0) {
+ pauseUntilMap.delete(accountId);
+ return 0;
+ }
+ return remaining;
+}
+
+/** Throw if the session is currently paused. Call before any API request. */
+export function assertSessionActive(accountId: string): void {
+ if (isSessionPaused(accountId)) {
+ const remainingMin = Math.ceil(getRemainingPauseMs(accountId) / 60_000);
+ throw new Error(
+ `session paused for accountId=${accountId}, ${remainingMin} min remaining (errcode ${SESSION_EXPIRED_ERRCODE})`,
+ );
+ }
+}
+
+/**
+ * Reset internal state — only for tests.
+ * @internal
+ */
+export function _resetForTest(): void {
+ pauseUntilMap.clear();
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/types.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/types.ts"
new file mode 100644
index 00000000..52cb694f
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/api/types.ts"
@@ -0,0 +1,222 @@
+/**
+ * Weixin protocol types (mirrors proto: GetUpdatesReq/Resp, WeixinMessage, SendMessageReq).
+ * API uses JSON over HTTP; bytes fields are base64 strings in JSON.
+ */
+
+/** Common request metadata attached to every CGI request. */
+export interface BaseInfo {
+ channel_version?: string;
+}
+
+/** proto: UploadMediaType */
+export const UploadMediaType = {
+ IMAGE: 1,
+ VIDEO: 2,
+ FILE: 3,
+ VOICE: 4,
+} as const;
+
+export interface GetUploadUrlReq {
+ filekey?: string;
+ /** proto field 2: media_type, see UploadMediaType */
+ media_type?: number;
+ to_user_id?: string;
+ /** 原文件明文大小 */
+ rawsize?: number;
+ /** 原文件明文 MD5 */
+ rawfilemd5?: string;
+ /** 原文件密文大小(AES-128-ECB 加密后) */
+ filesize?: number;
+ /** 缩略图明文大小(IMAGE/VIDEO 时必填) */
+ thumb_rawsize?: number;
+ /** 缩略图明文 MD5(IMAGE/VIDEO 时必填) */
+ thumb_rawfilemd5?: string;
+ /** 缩略图密文大小(IMAGE/VIDEO 时必填) */
+ thumb_filesize?: number;
+ /** 不需要缩略图上传 URL,默认 false */
+ no_need_thumb?: boolean;
+ /** 加密 key */
+ aeskey?: string;
+}
+
+export interface GetUploadUrlResp {
+ /** 原图上传加密参数 */
+ upload_param?: string;
+ /** 缩略图上传加密参数,无缩略图时为空 */
+ thumb_upload_param?: string;
+}
+
+export const MessageType = {
+ NONE: 0,
+ USER: 1,
+ BOT: 2,
+} as const;
+
+export const MessageItemType = {
+ NONE: 0,
+ TEXT: 1,
+ IMAGE: 2,
+ VOICE: 3,
+ FILE: 4,
+ VIDEO: 5,
+} as const;
+
+export const MessageState = {
+ NEW: 0,
+ GENERATING: 1,
+ FINISH: 2,
+} as const;
+
+export interface TextItem {
+ text?: string;
+}
+
+/** CDN media reference; aes_key is base64-encoded bytes in JSON. */
+export interface CDNMedia {
+ encrypt_query_param?: string;
+ aes_key?: string;
+ /** 加密类型: 0=只加密fileid, 1=打包缩略图/中图等信息 */
+ encrypt_type?: number;
+}
+
+export interface ImageItem {
+ /** 原图 CDN 引用 */
+ media?: CDNMedia;
+ /** 缩略图 CDN 引用 */
+ thumb_media?: CDNMedia;
+ /** Raw AES-128 key as hex string (16 bytes); preferred over media.aes_key for inbound decryption. */
+ aeskey?: string;
+ url?: string;
+ mid_size?: number;
+ thumb_size?: number;
+ thumb_height?: number;
+ thumb_width?: number;
+ hd_size?: number;
+}
+
+export interface VoiceItem {
+ media?: CDNMedia;
+ /** 语音编码类型:1=pcm 2=adpcm 3=feature 4=speex 5=amr 6=silk 7=mp3 8=ogg-speex */
+ encode_type?: number;
+ bits_per_sample?: number;
+ /** 采样率 (Hz) */
+ sample_rate?: number;
+ /** 语音长度 (毫秒) */
+ playtime?: number;
+ /** 语音转文字内容 */
+ text?: string;
+}
+
+export interface FileItem {
+ media?: CDNMedia;
+ file_name?: string;
+ md5?: string;
+ len?: string;
+}
+
+export interface VideoItem {
+ media?: CDNMedia;
+ video_size?: number;
+ play_length?: number;
+ video_md5?: string;
+ thumb_media?: CDNMedia;
+ thumb_size?: number;
+ thumb_height?: number;
+ thumb_width?: number;
+}
+
+export interface RefMessage {
+ message_item?: MessageItem;
+ title?: string; // 摘要
+}
+
+export interface MessageItem {
+ type?: number;
+ create_time_ms?: number;
+ update_time_ms?: number;
+ is_completed?: boolean;
+ msg_id?: string;
+ ref_msg?: RefMessage;
+ text_item?: TextItem;
+ image_item?: ImageItem;
+ voice_item?: VoiceItem;
+ file_item?: FileItem;
+ video_item?: VideoItem;
+}
+
+/** Unified message (proto: WeixinMessage). Replaces the old split Message + MessageContent + FullMessage. */
+export interface WeixinMessage {
+ seq?: number;
+ message_id?: number;
+ from_user_id?: string;
+ to_user_id?: string;
+ client_id?: string;
+ create_time_ms?: number;
+ update_time_ms?: number;
+ delete_time_ms?: number;
+ session_id?: string;
+ group_id?: string;
+ message_type?: number;
+ message_state?: number;
+ item_list?: MessageItem[];
+ context_token?: string;
+}
+
+/** GetUpdates request: bytes fields are base64 strings in JSON. */
+export interface GetUpdatesReq {
+ /** @deprecated compat only, will be removed */
+ sync_buf?: string;
+ /** Full context buf cached locally; send "" when none (first request or after reset). */
+ get_updates_buf?: string;
+}
+
+/** GetUpdates response: bytes fields are base64 strings in JSON. */
+export interface GetUpdatesResp {
+ ret?: number;
+ /** Error code returned by the server (e.g. -14 = session timeout). Present when request fails. */
+ errcode?: number;
+ errmsg?: string;
+ msgs?: WeixinMessage[];
+ /** @deprecated compat only */
+ sync_buf?: string;
+ /** Full context buf to cache locally and send on next request. */
+ get_updates_buf?: string;
+ /** Server-suggested timeout (ms) for the next getUpdates long-poll. */
+ longpolling_timeout_ms?: number;
+}
+
+/** SendMessage request: wraps a single WeixinMessage. */
+export interface SendMessageReq {
+ msg?: WeixinMessage;
+}
+
+export interface SendMessageResp {
+ // empty
+}
+
+/** Typing status: 1 = typing (default), 2 = cancel typing. */
+export const TypingStatus = {
+ TYPING: 1,
+ CANCEL: 2,
+} as const;
+
+/** SendTyping request: send a typing indicator to a user. */
+export interface SendTypingReq {
+ ilink_user_id?: string;
+ typing_ticket?: string;
+ /** 1=typing (default), 2=cancel typing */
+ status?: number;
+}
+
+export interface SendTypingResp {
+ ret?: number;
+ errmsg?: string;
+}
+
+/** GetConfig response: bot config including typing_ticket. */
+export interface GetConfigResp {
+ ret?: number;
+ errmsg?: string;
+ /** Base64-encoded typing ticket for sendTyping. */
+ typing_ticket?: string;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/accounts.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/accounts.ts"
new file mode 100644
index 00000000..e36b4549
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/accounts.ts"
@@ -0,0 +1,289 @@
+import fs from "node:fs";
+import path from "node:path";
+
+import { normalizeAccountId } from "openclaw/plugin-sdk";
+import type { OpenClawConfig } from "openclaw/plugin-sdk";
+
+import { getWeixinRuntime } from "../runtime.js";
+import { resolveStateDir } from "../storage/state-dir.js";
+import { logger } from "../util/logger.js";
+
+export const DEFAULT_BASE_URL = "https://ilinkai.weixin.qq.com";
+export const CDN_BASE_URL = "https://novac2c.cdn.weixin.qq.com/c2c";
+
+
+// ---------------------------------------------------------------------------
+// Account ID compatibility (legacy raw ID → normalized ID)
+// ---------------------------------------------------------------------------
+
+/**
+ * Pattern-based reverse of normalizeWeixinAccountId for known weixin ID suffixes.
+ * Used only as a compatibility fallback when loading accounts / sync bufs stored
+ * under the old raw ID.
+ * e.g. "b0f5860fdecb-im-bot" → "b0f5860fdecb@im.bot"
+ */
+export function deriveRawAccountId(normalizedId: string): string | undefined {
+ if (normalizedId.endsWith("-im-bot")) {
+ return `${normalizedId.slice(0, -7)}@im.bot`;
+ }
+ if (normalizedId.endsWith("-im-wechat")) {
+ return `${normalizedId.slice(0, -10)}@im.wechat`;
+ }
+ return undefined;
+}
+
+// ---------------------------------------------------------------------------
+// Account index (persistent list of registered account IDs)
+// ---------------------------------------------------------------------------
+
+function resolveWeixinStateDir(): string {
+ return path.join(resolveStateDir(), "openclaw-weixin");
+}
+
+function resolveAccountIndexPath(): string {
+ return path.join(resolveWeixinStateDir(), "accounts.json");
+}
+
+/** Returns all accountIds registered via QR login. */
+export function listIndexedWeixinAccountIds(): string[] {
+ const filePath = resolveAccountIndexPath();
+ try {
+ if (!fs.existsSync(filePath)) return [];
+ const raw = fs.readFileSync(filePath, "utf-8");
+ const parsed = JSON.parse(raw);
+ if (!Array.isArray(parsed)) return [];
+ return parsed.filter((id): id is string => typeof id === "string" && id.trim() !== "");
+ } catch {
+ return [];
+ }
+}
+
+/** Add accountId to the persistent index (no-op if already present). */
+export function registerWeixinAccountId(accountId: string): void {
+ const dir = resolveWeixinStateDir();
+ fs.mkdirSync(dir, { recursive: true });
+
+ const existing = listIndexedWeixinAccountIds();
+ if (existing.includes(accountId)) return;
+
+ const updated = [...existing, accountId];
+ fs.writeFileSync(resolveAccountIndexPath(), JSON.stringify(updated, null, 2), "utf-8");
+}
+
+// ---------------------------------------------------------------------------
+// Account store (per-account credential files)
+// ---------------------------------------------------------------------------
+
+/** Unified per-account data: token + baseUrl in one file. */
+export type WeixinAccountData = {
+ token?: string;
+ savedAt?: string;
+ baseUrl?: string;
+ /** Last linked Weixin user id from QR login (optional). */
+ userId?: string;
+};
+
+function resolveAccountsDir(): string {
+ return path.join(resolveWeixinStateDir(), "accounts");
+}
+
+function resolveAccountPath(accountId: string): string {
+ return path.join(resolveAccountsDir(), `${accountId}.json`);
+}
+
+/**
+ * Legacy single-file token: `credentials/openclaw-weixin/credentials.json` (pre per-account files).
+ */
+function loadLegacyToken(): string | undefined {
+ const legacyPath = path.join(resolveStateDir(), "credentials", "openclaw-weixin", "credentials.json");
+ try {
+ if (!fs.existsSync(legacyPath)) return undefined;
+ const raw = fs.readFileSync(legacyPath, "utf-8");
+ const parsed = JSON.parse(raw) as { token?: string };
+ return typeof parsed.token === "string" ? parsed.token : undefined;
+ } catch {
+ return undefined;
+ }
+}
+
+function readAccountFile(filePath: string): WeixinAccountData | null {
+ try {
+ if (fs.existsSync(filePath)) {
+ return JSON.parse(fs.readFileSync(filePath, "utf-8")) as WeixinAccountData;
+ }
+ } catch {
+ // ignore
+ }
+ return null;
+}
+
+/** Load account data by ID, with compatibility fallbacks. */
+export function loadWeixinAccount(accountId: string): WeixinAccountData | null {
+ // Primary: try given accountId (normalized IDs written after this change).
+ const primary = readAccountFile(resolveAccountPath(accountId));
+ if (primary) return primary;
+
+ // Compatibility: if the given ID is normalized, derive the old raw filename
+ // (e.g. "b0f5860fdecb-im-bot" → "b0f5860fdecb@im.bot") for existing installs.
+ const rawId = deriveRawAccountId(accountId);
+ if (rawId) {
+ const compat = readAccountFile(resolveAccountPath(rawId));
+ if (compat) return compat;
+ }
+
+ // Legacy fallback: read token from old single-account credentials file.
+ const token = loadLegacyToken();
+ if (token) return { token };
+
+ return null;
+}
+
+/**
+ * Persist account data after QR login (merges into existing file).
+ * - token: overwritten when provided.
+ * - baseUrl: stored when non-empty; resolveWeixinAccount falls back to DEFAULT_BASE_URL.
+ * - userId: set when `update.userId` is provided; omitted from file when cleared to empty.
+ */
+export function saveWeixinAccount(
+ accountId: string,
+ update: { token?: string; baseUrl?: string; userId?: string },
+): void {
+ const dir = resolveAccountsDir();
+ fs.mkdirSync(dir, { recursive: true });
+
+ const existing = loadWeixinAccount(accountId) ?? {};
+
+ const token = update.token?.trim() || existing.token;
+ const baseUrl = update.baseUrl?.trim() || existing.baseUrl;
+ const userId =
+ update.userId !== undefined
+ ? update.userId.trim() || undefined
+ : existing.userId?.trim() || undefined;
+
+ const data: WeixinAccountData = {
+ ...(token ? { token, savedAt: new Date().toISOString() } : {}),
+ ...(baseUrl ? { baseUrl } : {}),
+ ...(userId ? { userId } : {}),
+ };
+
+ const filePath = resolveAccountPath(accountId);
+ fs.writeFileSync(filePath, JSON.stringify(data, null, 2), "utf-8");
+ try {
+ fs.chmodSync(filePath, 0o600);
+ } catch {
+ // best-effort
+ }
+}
+
+/** Remove account data file. */
+export function clearWeixinAccount(accountId: string): void {
+ try {
+ fs.unlinkSync(resolveAccountPath(accountId));
+ } catch {
+ // ignore if not found
+ }
+}
+
+/**
+ * Resolve the openclaw.json config file path.
+ * Checks OPENCLAW_CONFIG env var, then state dir.
+ */
+function resolveConfigPath(): string {
+ const envPath = process.env.OPENCLAW_CONFIG?.trim();
+ if (envPath) return envPath;
+ return path.join(resolveStateDir(), "openclaw.json");
+}
+
+/**
+ * Read `routeTag` from openclaw.json (for callers without an `OpenClawConfig` object).
+ * Checks per-account `channels.<id>.accounts[accountId].routeTag` first, then section-level
+ * `channels.<id>.routeTag`. Matches `feat_weixin_extension` behavior; channel key is `"openclaw-weixin"`.
+ */
+export function loadConfigRouteTag(accountId?: string): string | undefined {
+ try {
+ const configPath = resolveConfigPath();
+ if (!fs.existsSync(configPath)) return undefined;
+ const raw = fs.readFileSync(configPath, "utf-8");
+ const cfg = JSON.parse(raw) as Record<string, unknown>;
+ const channels = cfg.channels as Record<string, unknown> | undefined;
+ const section = channels?.["openclaw-weixin"] as Record<string, unknown> | undefined;
+ if (!section) return undefined;
+ if (accountId) {
+ const accounts = section.accounts as Record<string, Record<string, unknown>> | undefined;
+ const tag = accounts?.[accountId]?.routeTag;
+ if (typeof tag === "number") return String(tag);
+ if (typeof tag === "string" && tag.trim()) return tag.trim();
+ }
+ if (typeof section.routeTag === "number") return String(section.routeTag);
+ return typeof section.routeTag === "string" && section.routeTag.trim()
+ ? section.routeTag.trim()
+ : undefined;
+ } catch {
+ return undefined;
+ }
+}
+
+/**
+ * No-op stub — config reload is now handled externally via `openclaw gateway restart`.
+ */
+export async function triggerWeixinChannelReload(): Promise<void> {}
+
+// ---------------------------------------------------------------------------
+// Account resolution (merge config + stored credentials)
+// ---------------------------------------------------------------------------
+
+export type ResolvedWeixinAccount = {
+ accountId: string;
+ baseUrl: string;
+ cdnBaseUrl: string;
+ token?: string;
+ enabled: boolean;
+ /** true when a token has been obtained via QR login. */
+ configured: boolean;
+ name?: string;
+};
+
+type WeixinAccountConfig = {
+ name?: string;
+ enabled?: boolean;
+ cdnBaseUrl?: string;
+ /** Optional SKRouteTag source; read from openclaw.json when `accountId` is passed to `loadConfigRouteTag`. */
+ routeTag?: number | string;
+};
+
+type WeixinSectionConfig = WeixinAccountConfig & {
+ accounts?: Record<string, WeixinAccountConfig>;
+};
+
+/** List accountIds from the index file (written at QR login). */
+export function listWeixinAccountIds(_cfg: OpenClawConfig): string[] {
+ return listIndexedWeixinAccountIds();
+}
+
+/** Resolve a weixin account by ID, merging config and stored credentials. */
+export function resolveWeixinAccount(
+ cfg: OpenClawConfig,
+ accountId?: string | null,
+): ResolvedWeixinAccount {
+ const raw = accountId?.trim();
+ if (!raw) {
+ throw new Error("weixin: accountId is required (no default account)");
+ }
+ const id = normalizeAccountId(raw);
+ const section = cfg.channels?.["openclaw-weixin"] as WeixinSectionConfig | undefined;
+ const accountCfg: WeixinAccountConfig = section?.accounts?.[id] ?? section ?? {};
+
+ const accountData = loadWeixinAccount(id);
+ const token = accountData?.token?.trim() || undefined;
+ const stateBaseUrl = accountData?.baseUrl?.trim() || "";
+
+ return {
+ accountId: id,
+ baseUrl: stateBaseUrl || DEFAULT_BASE_URL,
+ cdnBaseUrl: accountCfg.cdnBaseUrl?.trim() || CDN_BASE_URL,
+ token,
+ enabled: accountCfg.enabled !== false,
+ configured: Boolean(token),
+ name: accountCfg.name?.trim() || undefined,
+ };
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/login-qr.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/login-qr.ts"
new file mode 100644
index 00000000..1ca8d5ba
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/login-qr.ts"
@@ -0,0 +1,333 @@
+import { randomUUID } from "node:crypto";
+
+import { loadConfigRouteTag } from "./accounts.js";
+import { logger } from "../util/logger.js";
+import { redactToken } from "../util/redact.js";
+
+type ActiveLogin = {
+ sessionKey: string;
+ id: string;
+ qrcode: string;
+ qrcodeUrl: string;
+ startedAt: number;
+ botToken?: string;
+ status?: "wait" | "scaned" | "confirmed" | "expired";
+ error?: string;
+};
+
+const ACTIVE_LOGIN_TTL_MS = 5 * 60_000;
+/** Client-side timeout for the long-poll get_qrcode_status request. */
+const QR_LONG_POLL_TIMEOUT_MS = 35_000;
+
+/** Default `bot_type` for ilink get_bot_qrcode / get_qrcode_status (this channel build). */
+export const DEFAULT_ILINK_BOT_TYPE = "3";
+
+const activeLogins = new Map<string, ActiveLogin>();
+
+interface QRCodeResponse {
+ qrcode: string;
+ qrcode_img_content: string;
+}
+
+interface StatusResponse {
+ status: "wait" | "scaned" | "confirmed" | "expired";
+ bot_token?: string;
+ ilink_bot_id?: string;
+ baseurl?: string;
+ /** The user ID of the person who scanned the QR code. */
+ ilink_user_id?: string;
+}
+
+function isLoginFresh(login: ActiveLogin): boolean {
+ return Date.now() - login.startedAt < ACTIVE_LOGIN_TTL_MS;
+}
+
+/** Remove all expired entries from the activeLogins map to prevent memory leaks. */
+function purgeExpiredLogins(): void {
+ for (const [id, login] of activeLogins) {
+ if (!isLoginFresh(login)) {
+ activeLogins.delete(id);
+ }
+ }
+}
+
+async function fetchQRCode(apiBaseUrl: string, botType: string): Promise<QRCodeResponse> {
+ const base = apiBaseUrl.endsWith("/") ? apiBaseUrl : `${apiBaseUrl}/`;
+ const url = new URL(`ilink/bot/get_bot_qrcode?bot_type=${encodeURIComponent(botType)}`, base);
+ logger.info(`Fetching QR code from: ${url.toString()}`);
+
+ const headers: Record<string, string> = {};
+ const routeTag = loadConfigRouteTag();
+ if (routeTag) {
+ headers.SKRouteTag = routeTag;
+ }
+
+ const response = await fetch(url.toString(), { headers });
+ if (!response.ok) {
+ const body = await response.text().catch(() => "(unreadable)");
+ logger.error(`QR code fetch failed: ${response.status} ${response.statusText} body=${body}`);
+ throw new Error(`Failed to fetch QR code: ${response.status} ${response.statusText}`);
+ }
+ return await response.json();
+}
+
+async function pollQRStatus(apiBaseUrl: string, qrcode: string): Promise<StatusResponse> {
+ const base = apiBaseUrl.endsWith("/") ? apiBaseUrl : `${apiBaseUrl}/`;
+ const url = new URL(`ilink/bot/get_qrcode_status?qrcode=${encodeURIComponent(qrcode)}`, base);
+ logger.debug(`Long-poll QR status from: ${url.toString()}`);
+
+ const headers: Record<string, string> = {
+ "iLink-App-ClientVersion": "1",
+ };
+ const routeTag = loadConfigRouteTag();
+ if (routeTag) {
+ headers.SKRouteTag = routeTag;
+ }
+
+ const controller = new AbortController();
+ const timer = setTimeout(() => controller.abort(), QR_LONG_POLL_TIMEOUT_MS);
+ try {
+ const response = await fetch(url.toString(), { headers, signal: controller.signal });
+ clearTimeout(timer);
+ logger.debug(`pollQRStatus: HTTP ${response.status}, reading body...`);
+ const rawText = await response.text();
+ logger.debug(`pollQRStatus: body=${rawText.substring(0, 200)}`);
+ if (!response.ok) {
+ logger.error(`QR status poll failed: ${response.status} ${response.statusText} body=${rawText}`);
+ throw new Error(`Failed to poll QR status: ${response.status} ${response.statusText}`);
+ }
+ return JSON.parse(rawText) as StatusResponse;
+ } catch (err) {
+ clearTimeout(timer);
+ if (err instanceof Error && err.name === "AbortError") {
+ logger.debug(`pollQRStatus: client-side timeout after ${QR_LONG_POLL_TIMEOUT_MS}ms, returning wait`);
+ return { status: "wait" };
+ }
+ throw err;
+ }
+}
+
+export type WeixinQrStartResult = {
+ qrcodeUrl?: string;
+ message: string;
+ sessionKey: string;
+};
+
+export type WeixinQrWaitResult = {
+ connected: boolean;
+ botToken?: string;
+ accountId?: string;
+ baseUrl?: string;
+ /** The user ID of the person who scanned the QR code; add to allowFrom. */
+ userId?: string;
+ message: string;
+};
+
+export async function startWeixinLoginWithQr(opts: {
+ verbose?: boolean;
+ timeoutMs?: number;
+ force?: boolean;
+ accountId?: string;
+ apiBaseUrl: string;
+ botType?: string;
+}): Promise<WeixinQrStartResult> {
+ const sessionKey = opts.accountId || randomUUID();
+
+ purgeExpiredLogins();
+
+ const existing = activeLogins.get(sessionKey);
+ if (!opts.force && existing && isLoginFresh(existing) && existing.qrcodeUrl) {
+ return {
+ qrcodeUrl: existing.qrcodeUrl,
+ message: "二维码已就绪,请使用微信扫描。",
+ sessionKey,
+ };
+ }
+
+ try {
+ const botType = opts.botType || DEFAULT_ILINK_BOT_TYPE;
+ logger.info(`Starting Weixin login with bot_type=${botType}`);
+
+ if (!opts.apiBaseUrl) {
+ return {
+ message:
+ "No baseUrl configured. Add channels.openclaw-weixin.baseUrl to your config before logging in.",
+ sessionKey,
+ };
+ }
+
+ const qrResponse = await fetchQRCode(opts.apiBaseUrl, botType);
+ logger.info(
+ `QR code received, qrcode=${redactToken(qrResponse.qrcode)} imgContentLen=${qrResponse.qrcode_img_content?.length ?? 0}`,
+ );
+ logger.info(`二维码链接: ${qrResponse.qrcode_img_content}`);
+
+ const login: ActiveLogin = {
+ sessionKey,
+ id: randomUUID(),
+ qrcode: qrResponse.qrcode,
+ qrcodeUrl: qrResponse.qrcode_img_content,
+ startedAt: Date.now(),
+ };
+
+ activeLogins.set(sessionKey, login);
+
+ return {
+ qrcodeUrl: qrResponse.qrcode_img_content,
+ message: "使用微信扫描以下二维码,以完成连接。",
+ sessionKey,
+ };
+ } catch (err) {
+ logger.error(`Failed to start Weixin login: ${String(err)}`);
+ return {
+ message: `Failed to start login: ${String(err)}`,
+ sessionKey,
+ };
+ }
+}
+
+const MAX_QR_REFRESH_COUNT = 3;
+
+export async function waitForWeixinLogin(opts: {
+ timeoutMs?: number;
+ verbose?: boolean;
+ sessionKey: string;
+ apiBaseUrl: string;
+ botType?: string;
+}): Promise<WeixinQrWaitResult> {
+ let activeLogin = activeLogins.get(opts.sessionKey);
+
+ if (!activeLogin) {
+ logger.warn(`waitForWeixinLogin: no active login sessionKey=${opts.sessionKey}`);
+ return {
+ connected: false,
+ message: "当前没有进行中的登录,请先发起登录。",
+ };
+ }
+
+ if (!isLoginFresh(activeLogin)) {
+ logger.warn(`waitForWeixinLogin: login QR expired sessionKey=${opts.sessionKey}`);
+ activeLogins.delete(opts.sessionKey);
+ return {
+ connected: false,
+ message: "二维码已过期,请重新生成。",
+ };
+ }
+
+ const timeoutMs = Math.max(opts.timeoutMs ?? 480_000, 1000);
+ const deadline = Date.now() + timeoutMs;
+ let scannedPrinted = false;
+ let qrRefreshCount = 1;
+
+ logger.info("Starting to poll QR code status...");
+
+ while (Date.now() < deadline) {
+ try {
+ const statusResponse = await pollQRStatus(opts.apiBaseUrl, activeLogin.qrcode);
+ logger.debug(`pollQRStatus: status=${statusResponse.status} hasBotToken=${Boolean(statusResponse.bot_token)} hasBotId=${Boolean(statusResponse.ilink_bot_id)}`);
+ activeLogin.status = statusResponse.status;
+
+ switch (statusResponse.status) {
+ case "wait":
+ if (opts.verbose) {
+ process.stdout.write(".");
+ }
+ break;
+ case "scaned":
+ if (!scannedPrinted) {
+ process.stdout.write("\n👀 已扫码,在微信继续操作...\n");
+ scannedPrinted = true;
+ }
+ break;
+ case "expired": {
+ qrRefreshCount++;
+ if (qrRefreshCount > MAX_QR_REFRESH_COUNT) {
+ logger.warn(
+ `waitForWeixinLogin: QR expired ${MAX_QR_REFRESH_COUNT} times, giving up sessionKey=${opts.sessionKey}`,
+ );
+ activeLogins.delete(opts.sessionKey);
+ return {
+ connected: false,
+ message: "登录超时:二维码多次过期,请重新开始登录流程。",
+ };
+ }
+
+ process.stdout.write(`\n⏳ 二维码已过期,正在刷新...(${qrRefreshCount}/${MAX_QR_REFRESH_COUNT})\n`);
+ logger.info(
+ `waitForWeixinLogin: QR expired, refreshing (${qrRefreshCount}/${MAX_QR_REFRESH_COUNT})`,
+ );
+
+ try {
+ const botType = opts.botType || DEFAULT_ILINK_BOT_TYPE;
+ const qrResponse = await fetchQRCode(opts.apiBaseUrl, botType);
+ activeLogin.qrcode = qrResponse.qrcode;
+ activeLogin.qrcodeUrl = qrResponse.qrcode_img_content;
+ activeLogin.startedAt = Date.now();
+ scannedPrinted = false;
+ logger.info(`waitForWeixinLogin: new QR code obtained qrcode=${redactToken(qrResponse.qrcode)}`);
+ process.stdout.write(`🔄 新二维码已生成,请重新扫描\n\n`);
+ try {
+ const qrterm = await import("qrcode-terminal");
+ qrterm.default.generate(qrResponse.qrcode_img_content, { small: true });
+ } catch {
+ process.stdout.write(`QR Code URL: ${qrResponse.qrcode_img_content}\n`);
+ }
+ } catch (refreshErr) {
+ logger.error(`waitForWeixinLogin: failed to refresh QR code: ${String(refreshErr)}`);
+ activeLogins.delete(opts.sessionKey);
+ return {
+ connected: false,
+ message: `刷新二维码失败: ${String(refreshErr)}`,
+ };
+ }
+ break;
+ }
+ case "confirmed": {
+ if (!statusResponse.ilink_bot_id) {
+ activeLogins.delete(opts.sessionKey);
+ logger.error("Login confirmed but ilink_bot_id missing from response");
+ return {
+ connected: false,
+ message: "登录失败:服务器未返回 ilink_bot_id。",
+ };
+ }
+
+ activeLogin.botToken = statusResponse.bot_token;
+ activeLogins.delete(opts.sessionKey);
+
+ logger.info(
+ `✅ Login confirmed! ilink_bot_id=${statusResponse.ilink_bot_id} ilink_user_id=${redactToken(statusResponse.ilink_user_id)}`,
+ );
+
+ return {
+ connected: true,
+ botToken: statusResponse.bot_token,
+ accountId: statusResponse.ilink_bot_id,
+ baseUrl: statusResponse.baseurl,
+ userId: statusResponse.ilink_user_id,
+ message: "✅ 与微信连接成功!",
+ };
+ }
+ }
+
+ } catch (err) {
+ logger.error(`Error polling QR status: ${String(err)}`);
+ activeLogins.delete(opts.sessionKey);
+ return {
+ connected: false,
+ message: `Login failed: ${String(err)}`,
+ };
+ }
+
+ await new Promise((r) => setTimeout(r, 1000));
+ }
+
+ logger.warn(
+ `waitForWeixinLogin: timed out waiting for QR scan sessionKey=${opts.sessionKey} timeoutMs=${timeoutMs}`,
+ );
+ activeLogins.delete(opts.sessionKey);
+ return {
+ connected: false,
+ message: "登录超时,请重试。",
+ };
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/pairing.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/pairing.ts"
new file mode 100644
index 00000000..eb4a9dca
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/auth/pairing.ts"
@@ -0,0 +1,120 @@
+import fs from "node:fs";
+import path from "node:path";
+
+import { withFileLock } from "openclaw/plugin-sdk";
+
+import { resolveStateDir } from "../storage/state-dir.js";
+import { logger } from "../util/logger.js";
+
+/**
+ * Resolve the framework credentials directory (mirrors core resolveOAuthDir).
+ * Path: $OPENCLAW_OAUTH_DIR || $OPENCLAW_STATE_DIR/credentials || ~/.openclaw/credentials
+ */
+function resolveCredentialsDir(): string {
+ const override = process.env.OPENCLAW_OAUTH_DIR?.trim();
+ if (override) return override;
+ return path.join(resolveStateDir(), "credentials");
+}
+
+/**
+ * Sanitize a channel/account key for safe use in filenames (mirrors core safeChannelKey).
+ */
+function safeKey(raw: string): string {
+ const trimmed = raw.trim().toLowerCase();
+ if (!trimmed) throw new Error("invalid key for allowFrom path");
+ const safe = trimmed.replace(/[\\/:*?"<>|]/g, "_").replace(/\.\./g, "_");
+ if (!safe || safe === "_") throw new Error("invalid key for allowFrom path");
+ return safe;
+}
+
+/**
+ * Resolve the framework allowFrom file path for a given account.
+ * Mirrors: `resolveAllowFromPath(channel, env, accountId)` from core.
+ * Path: `<credDir>/openclaw-weixin-<accountId>-allowFrom.json`
+ */
+export function resolveFrameworkAllowFromPath(accountId: string): string {
+ const base = safeKey("openclaw-weixin");
+ const safeAccount = safeKey(accountId);
+ return path.join(resolveCredentialsDir(), `${base}-${safeAccount}-allowFrom.json`);
+}
+
+type AllowFromFileContent = {
+ version: number;
+ allowFrom: string[];
+};
+
+/**
+ * Read the framework allowFrom list for an account (user IDs authorized via pairing).
+ * Returns an empty array when the file is missing or unreadable.
+ */
+export function readFrameworkAllowFromList(accountId: string): string[] {
+ const filePath = resolveFrameworkAllowFromPath(accountId);
+ try {
+ if (!fs.existsSync(filePath)) return [];
+ const raw = fs.readFileSync(filePath, "utf-8");
+ const parsed = JSON.parse(raw) as AllowFromFileContent;
+ if (Array.isArray(parsed.allowFrom)) {
+ return parsed.allowFrom.filter((id): id is string => typeof id === "string" && id.trim() !== "");
+ }
+ } catch {
+ // best-effort
+ }
+ return [];
+}
+
+/** File lock options matching the framework's pairing store lock settings. */
+const LOCK_OPTIONS = {
+ retries: { retries: 3, factor: 2, minTimeout: 100, maxTimeout: 2000 },
+ stale: 10_000,
+};
+
+/**
+ * Register a user ID in the framework's channel allowFrom store.
+ * This writes directly to the same JSON file that `readChannelAllowFromStore` reads,
+ * making the user visible to the framework authorization pipeline.
+ *
+ * Uses file locking to avoid races with concurrent readers/writers.
+ */
+export async function registerUserInFrameworkStore(params: {
+ accountId: string;
+ userId: string;
+}): Promise<{ changed: boolean }> {
+ const { accountId, userId } = params;
+ const trimmedUserId = userId.trim();
+ if (!trimmedUserId) return { changed: false };
+
+ const filePath = resolveFrameworkAllowFromPath(accountId);
+
+ const dir = path.dirname(filePath);
+ fs.mkdirSync(dir, { recursive: true });
+
+ // Ensure the file exists before locking
+ if (!fs.existsSync(filePath)) {
+ const initial: AllowFromFileContent = { version: 1, allowFrom: [] };
+ fs.writeFileSync(filePath, JSON.stringify(initial, null, 2), "utf-8");
+ }
+
+ return await withFileLock(filePath, LOCK_OPTIONS, async () => {
+ let content: AllowFromFileContent = { version: 1, allowFrom: [] };
+ try {
+ const raw = fs.readFileSync(filePath, "utf-8");
+ const parsed = JSON.parse(raw) as AllowFromFileContent;
+ if (Array.isArray(parsed.allowFrom)) {
+ content = parsed;
+ }
+ } catch {
+ // If read/parse fails, start fresh
+ }
+
+ if (content.allowFrom.includes(trimmedUserId)) {
+ return { changed: false };
+ }
+
+ content.allowFrom.push(trimmedUserId);
+ fs.writeFileSync(filePath, JSON.stringify(content, null, 2), "utf-8");
+ logger.info(
+ `registerUserInFrameworkStore: added userId=${trimmedUserId} accountId=${accountId} path=${filePath}`,
+ );
+ return { changed: true };
+ });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/aes-ecb.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/aes-ecb.ts"
new file mode 100644
index 00000000..1a977439
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/aes-ecb.ts"
@@ -0,0 +1,21 @@
+/**
+ * Shared AES-128-ECB crypto utilities for CDN upload and download.
+ */
+import { createCipheriv, createDecipheriv } from "node:crypto";
+
+/** Encrypt buffer with AES-128-ECB (PKCS7 padding is default). */
+export function encryptAesEcb(plaintext: Buffer, key: Buffer): Buffer {
+ const cipher = createCipheriv("aes-128-ecb", key, null);
+ return Buffer.concat([cipher.update(plaintext), cipher.final()]);
+}
+
+/** Decrypt buffer with AES-128-ECB (PKCS7 padding). */
+export function decryptAesEcb(ciphertext: Buffer, key: Buffer): Buffer {
+ const decipher = createDecipheriv("aes-128-ecb", key, null);
+ return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+
+/** Compute AES-128-ECB ciphertext size (PKCS7 padding to 16-byte boundary). */
+export function aesEcbPaddedSize(plaintextSize: number): number {
+ return Math.ceil((plaintextSize + 1) / 16) * 16;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/cdn-upload.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/cdn-upload.ts"
new file mode 100644
index 00000000..407fad95
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/cdn-upload.ts"
@@ -0,0 +1,77 @@
+import { encryptAesEcb } from "./aes-ecb.js";
+import { buildCdnUploadUrl } from "./cdn-url.js";
+import { logger } from "../util/logger.js";
+import { redactUrl } from "../util/redact.js";
+
+/** Maximum retry attempts for CDN upload. */
+const UPLOAD_MAX_RETRIES = 3;
+
+/**
+ * Upload one buffer to the Weixin CDN with AES-128-ECB encryption.
+ * Returns the download encrypted_query_param from the CDN response.
+ * Retries up to UPLOAD_MAX_RETRIES times on server errors; client errors (4xx) abort immediately.
+ */
+export async function uploadBufferToCdn(params: {
+ buf: Buffer;
+ uploadParam: string;
+ filekey: string;
+ cdnBaseUrl: string;
+ label: string;
+ aeskey: Buffer;
+}): Promise<{ downloadParam: string }> {
+ const { buf, uploadParam, filekey, cdnBaseUrl, label, aeskey } = params;
+ const ciphertext = encryptAesEcb(buf, aeskey);
+ const cdnUrl = buildCdnUploadUrl({ cdnBaseUrl, uploadParam, filekey });
+ logger.debug(`${label}: CDN POST url=${redactUrl(cdnUrl)} ciphertextSize=${ciphertext.length}`);
+
+ let downloadParam: string | undefined;
+ let lastError: unknown;
+
+ for (let attempt = 1; attempt <= UPLOAD_MAX_RETRIES; attempt++) {
+ try {
+ const res = await fetch(cdnUrl, {
+ method: "POST",
+ headers: { "Content-Type": "application/octet-stream" },
+ body: new Uint8Array(ciphertext),
+ });
+ if (res.status >= 400 && res.status < 500) {
+ const errMsg = res.headers.get("x-error-message") ?? (await res.text());
+ logger.error(
+ `${label}: CDN client error attempt=${attempt} status=${res.status} errMsg=${errMsg}`,
+ );
+ throw new Error(`CDN upload client error ${res.status}: ${errMsg}`);
+ }
+ if (res.status !== 200) {
+ const errMsg = res.headers.get("x-error-message") ?? `status ${res.status}`;
+ logger.error(
+ `${label}: CDN server error attempt=${attempt} status=${res.status} errMsg=${errMsg}`,
+ );
+ throw new Error(`CDN upload server error: ${errMsg}`);
+ }
+ downloadParam = res.headers.get("x-encrypted-param") ?? undefined;
+ if (!downloadParam) {
+ logger.error(
+ `${label}: CDN response missing x-encrypted-param header attempt=${attempt}`,
+ );
+ throw new Error("CDN upload response missing x-encrypted-param header");
+ }
+ logger.debug(`${label}: CDN upload success attempt=${attempt}`);
+ break;
+ } catch (err) {
+ lastError = err;
+ if (err instanceof Error && err.message.includes("client error")) throw err;
+ if (attempt < UPLOAD_MAX_RETRIES) {
+ logger.error(`${label}: attempt ${attempt} failed, retrying... err=${String(err)}`);
+ } else {
+ logger.error(`${label}: all ${UPLOAD_MAX_RETRIES} attempts failed err=${String(err)}`);
+ }
+ }
+ }
+
+ if (!downloadParam) {
+ throw lastError instanceof Error
+ ? lastError
+ : new Error(`CDN upload failed after ${UPLOAD_MAX_RETRIES} attempts`);
+ }
+ return { downloadParam };
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/cdn-url.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/cdn-url.ts"
new file mode 100644
index 00000000..b03d5b0b
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/cdn-url.ts"
@@ -0,0 +1,17 @@
+/**
+ * Unified CDN URL construction for Weixin CDN upload/download.
+ */
+
+/** Build a CDN download URL from encrypt_query_param. */
+export function buildCdnDownloadUrl(encryptedQueryParam: string, cdnBaseUrl: string): string {
+ return `${cdnBaseUrl}/download?encrypted_query_param=${encodeURIComponent(encryptedQueryParam)}`;
+}
+
+/** Build a CDN upload URL from upload_param and filekey. */
+export function buildCdnUploadUrl(params: {
+ cdnBaseUrl: string;
+ uploadParam: string;
+ filekey: string;
+}): string {
+ return `${params.cdnBaseUrl}/upload?encrypted_query_param=${encodeURIComponent(params.uploadParam)}&filekey=${encodeURIComponent(params.filekey)}`;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/pic-decrypt.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/pic-decrypt.ts"
new file mode 100644
index 00000000..1fe995cb
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/pic-decrypt.ts"
@@ -0,0 +1,85 @@
+import { decryptAesEcb } from "./aes-ecb.js";
+import { buildCdnDownloadUrl } from "./cdn-url.js";
+import { logger } from "../util/logger.js";
+
+/**
+ * Download raw bytes from the CDN (no decryption).
+ */
+async function fetchCdnBytes(url: string, label: string): Promise<Buffer> {
+ let res: Response;
+ try {
+ res = await fetch(url);
+ } catch (err) {
+ const cause =
+ (err as NodeJS.ErrnoException).cause ?? (err as NodeJS.ErrnoException).code ?? "(no cause)";
+ logger.error(
+ `${label}: fetch network error url=${url} err=${String(err)} cause=${String(cause)}`,
+ );
+ throw err;
+ }
+ logger.debug(`${label}: response status=${res.status} ok=${res.ok}`);
+ if (!res.ok) {
+ const body = await res.text().catch(() => "(unreadable)");
+ const msg = `${label}: CDN download ${res.status} ${res.statusText} body=${body}`;
+ logger.error(msg);
+ throw new Error(msg);
+ }
+ return Buffer.from(await res.arrayBuffer());
+}
+
+/**
+ * Parse CDNMedia.aes_key into a raw 16-byte AES key.
+ *
+ * Two encodings are seen in the wild:
+ * - base64(raw 16 bytes) → images (aes_key from media field)
+ * - base64(hex string of 16 bytes) → file / voice / video
+ *
+ * In the second case, base64-decoding yields 32 ASCII hex chars which must
+ * then be parsed as hex to recover the actual 16-byte key.
+ */
+function parseAesKey(aesKeyBase64: string, label: string): Buffer {
+ const decoded = Buffer.from(aesKeyBase64, "base64");
+ if (decoded.length === 16) {
+ return decoded;
+ }
+ if (decoded.length === 32 && /^[0-9a-fA-F]{32}$/.test(decoded.toString("ascii"))) {
+ // hex-encoded key: base64 → hex string → raw bytes
+ return Buffer.from(decoded.toString("ascii"), "hex");
+ }
+ const msg = `${label}: aes_key must decode to 16 raw bytes or 32-char hex string, got ${decoded.length} bytes (base64="${aesKeyBase64}")`;
+ logger.error(msg);
+ throw new Error(msg);
+}
+
+/**
+ * Download and AES-128-ECB decrypt a CDN media file. Returns plaintext Buffer.
+ * aesKeyBase64: CDNMedia.aes_key JSON field (see parseAesKey for supported formats).
+ */
+export async function downloadAndDecryptBuffer(
+ encryptedQueryParam: string,
+ aesKeyBase64: string,
+ cdnBaseUrl: string,
+ label: string,
+): Promise<Buffer> {
+ const key = parseAesKey(aesKeyBase64, label);
+ const url = buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl);
+ logger.debug(`${label}: fetching url=${url}`);
+ const encrypted = await fetchCdnBytes(url, label);
+ logger.debug(`${label}: downloaded ${encrypted.byteLength} bytes, decrypting`);
+ const decrypted = decryptAesEcb(encrypted, key);
+ logger.debug(`${label}: decrypted ${decrypted.length} bytes`);
+ return decrypted;
+}
+
+/**
+ * Download plain (unencrypted) bytes from the CDN. Returns the raw Buffer.
+ */
+export async function downloadPlainCdnBuffer(
+ encryptedQueryParam: string,
+ cdnBaseUrl: string,
+ label: string,
+): Promise<Buffer> {
+ const url = buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl);
+ logger.debug(`${label}: fetching url=${url}`);
+ return fetchCdnBytes(url, label);
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/upload.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/upload.ts"
new file mode 100644
index 00000000..9e3177a7
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/cdn/upload.ts"
@@ -0,0 +1,155 @@
+import crypto from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+
+import { getUploadUrl } from "../api/api.js";
+import type { WeixinApiOptions } from "../api/api.js";
+import { aesEcbPaddedSize } from "./aes-ecb.js";
+import { uploadBufferToCdn } from "./cdn-upload.js";
+import { logger } from "../util/logger.js";
+import { getExtensionFromContentTypeOrUrl } from "../media/mime.js";
+import { tempFileName } from "../util/random.js";
+import { UploadMediaType } from "../api/types.js";
+
+export type UploadedFileInfo = {
+ filekey: string;
+ /** 由 upload_param 上传后 CDN 返回的下载加密参数; fill into ImageItem.media.encrypt_query_param */
+ downloadEncryptedQueryParam: string;
+ /** AES-128-ECB key, hex-encoded; convert to base64 for CDNMedia.aes_key */
+ aeskey: string;
+ /** Plaintext file size in bytes */
+ fileSize: number;
+ /** Ciphertext file size in bytes (AES-128-ECB with PKCS7 padding); use for ImageItem.hd_size / mid_size */
+ fileSizeCiphertext: number;
+};
+
+/**
+ * Download a remote media URL (image, video, file) to a local temp file in destDir.
+ * Returns the local file path; extension is inferred from Content-Type / URL.
+ */
+export async function downloadRemoteImageToTemp(url: string, destDir: string): Promise<string> {
+ logger.debug(`downloadRemoteImageToTemp: fetching url=${url}`);
+ const res = await fetch(url);
+ if (!res.ok) {
+ const msg = `remote media download failed: ${res.status} ${res.statusText} url=${url}`;
+ logger.error(`downloadRemoteImageToTemp: ${msg}`);
+ throw new Error(msg);
+ }
+ const buf = Buffer.from(await res.arrayBuffer());
+ logger.debug(`downloadRemoteImageToTemp: downloaded ${buf.length} bytes`);
+ await fs.mkdir(destDir, { recursive: true });
+ const ext = getExtensionFromContentTypeOrUrl(res.headers.get("content-type"), url);
+ const name = tempFileName("weixin-remote", ext);
+ const filePath = path.join(destDir, name);
+ await fs.writeFile(filePath, buf);
+ logger.debug(`downloadRemoteImageToTemp: saved to ${filePath} ext=${ext}`);
+ return filePath;
+}
+
+/**
+ * Common upload pipeline: read file → hash → gen aeskey → getUploadUrl → uploadBufferToCdn → return info.
+ */
+async function uploadMediaToCdn(params: {
+ filePath: string;
+ toUserId: string;
+ opts: WeixinApiOptions;
+ cdnBaseUrl: string;
+ mediaType: (typeof UploadMediaType)[keyof typeof UploadMediaType];
+ label: string;
+}): Promise<UploadedFileInfo> {
+ const { filePath, toUserId, opts, cdnBaseUrl, mediaType, label } = params;
+
+ const plaintext = await fs.readFile(filePath);
+ const rawsize = plaintext.length;
+ const rawfilemd5 = crypto.createHash("md5").update(plaintext).digest("hex");
+ const filesize = aesEcbPaddedSize(rawsize);
+ const filekey = crypto.randomBytes(16).toString("hex");
+ const aeskey = crypto.randomBytes(16);
+
+ logger.debug(
+ `${label}: file=${filePath} rawsize=${rawsize} filesize=${filesize} md5=${rawfilemd5} filekey=${filekey}`,
+ );
+
+ const uploadUrlResp = await getUploadUrl({
+ ...opts,
+ filekey,
+ media_type: mediaType,
+ to_user_id: toUserId,
+ rawsize,
+ rawfilemd5,
+ filesize,
+ no_need_thumb: true,
+ aeskey: aeskey.toString("hex"),
+ });
+
+ const uploadParam = uploadUrlResp.upload_param;
+ if (!uploadParam) {
+ logger.error(
+ `${label}: getUploadUrl returned no upload_param, resp=${JSON.stringify(uploadUrlResp)}`,
+ );
+ throw new Error(`${label}: getUploadUrl returned no upload_param`);
+ }
+
+ const { downloadParam: downloadEncryptedQueryParam } = await uploadBufferToCdn({
+ buf: plaintext,
+ uploadParam,
+ filekey,
+ cdnBaseUrl,
+ aeskey,
+ label: `${label}[orig filekey=${filekey}]`,
+ });
+
+ return {
+ filekey,
+ downloadEncryptedQueryParam,
+ aeskey: aeskey.toString("hex"),
+ fileSize: rawsize,
+ fileSizeCiphertext: filesize,
+ };
+}
+
+/** Upload a local image file to the Weixin CDN with AES-128-ECB encryption. */
+export async function uploadFileToWeixin(params: {
+ filePath: string;
+ toUserId: string;
+ opts: WeixinApiOptions;
+ cdnBaseUrl: string;
+}): Promise<UploadedFileInfo> {
+ return uploadMediaToCdn({
+ ...params,
+ mediaType: UploadMediaType.IMAGE,
+ label: "uploadFileToWeixin",
+ });
+}
+
+/** Upload a local video file to the Weixin CDN. */
+export async function uploadVideoToWeixin(params: {
+ filePath: string;
+ toUserId: string;
+ opts: WeixinApiOptions;
+ cdnBaseUrl: string;
+}): Promise<UploadedFileInfo> {
+ return uploadMediaToCdn({
+ ...params,
+ mediaType: UploadMediaType.VIDEO,
+ label: "uploadVideoToWeixin",
+ });
+}
+
+/**
+ * Upload a local file attachment (non-image, non-video) to the Weixin CDN.
+ * Uses media_type=FILE; no thumbnail required.
+ */
+export async function uploadFileAttachmentToWeixin(params: {
+ filePath: string;
+ fileName: string;
+ toUserId: string;
+ opts: WeixinApiOptions;
+ cdnBaseUrl: string;
+}): Promise<UploadedFileInfo> {
+ return uploadMediaToCdn({
+ ...params,
+ mediaType: UploadMediaType.FILE,
+ label: "uploadFileAttachmentToWeixin",
+ });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/channel.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/channel.ts"
new file mode 100644
index 00000000..dae8a7cc
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/channel.ts"
@@ -0,0 +1,380 @@
+import path from "node:path";
+
+import type { ChannelPlugin, OpenClawConfig } from "openclaw/plugin-sdk";
+import { normalizeAccountId } from "openclaw/plugin-sdk";
+
+import {
+ registerWeixinAccountId,
+ loadWeixinAccount,
+ saveWeixinAccount,
+ listWeixinAccountIds,
+ resolveWeixinAccount,
+ triggerWeixinChannelReload,
+ DEFAULT_BASE_URL,
+} from "./auth/accounts.js";
+import type { ResolvedWeixinAccount } from "./auth/accounts.js";
+import { assertSessionActive } from "./api/session-guard.js";
+import { getContextToken } from "./messaging/inbound.js";
+import { logger } from "./util/logger.js";
+import {
+ DEFAULT_ILINK_BOT_TYPE,
+ startWeixinLoginWithQr,
+ waitForWeixinLogin,
+} from "./auth/login-qr.js";
+import type { WeixinQrStartResult, WeixinQrWaitResult } from "./auth/login-qr.js";
+import { monitorWeixinProvider } from "./monitor/monitor.js";
+import { sendWeixinMediaFile } from "./messaging/send-media.js";
+import { sendMessageWeixin } from "./messaging/send.js";
+import { downloadRemoteImageToTemp } from "./cdn/upload.js";
+
+/** Returns true when mediaUrl refers to a local filesystem path (absolute or relative). */
+function isLocalFilePath(mediaUrl: string): boolean {
+ // Treat anything without a URL scheme (no "://") as a local path.
+ return !mediaUrl.includes("://");
+}
+
+function isRemoteUrl(mediaUrl: string): boolean {
+ return mediaUrl.startsWith("http://") || mediaUrl.startsWith("https://");
+}
+
+const MEDIA_OUTBOUND_TEMP_DIR = "/tmp/openclaw/weixin/media/outbound-temp";
+
+/** Resolve any local path scheme to an absolute filesystem path. */
+function resolveLocalPath(mediaUrl: string): string {
+ if (mediaUrl.startsWith("file://")) return new URL(mediaUrl).pathname;
+ // Resolve any relative path (./foo, ../foo, .openclaw/foo, foo/bar) against cwd
+ if (!path.isAbsolute(mediaUrl)) return path.resolve(mediaUrl);
+ return mediaUrl;
+}
+
+async function sendWeixinOutbound(params: {
+ cfg: OpenClawConfig;
+ to: string;
+ text: string;
+ accountId?: string | null;
+ contextToken?: string;
+ mediaUrl?: string;
+}): Promise<{ channel: string; messageId: string }> {
+ const account = resolveWeixinAccount(params.cfg, params.accountId);
+ const aLog = logger.withAccount(account.accountId);
+ assertSessionActive(account.accountId);
+ if (!account.configured) {
+ aLog.error(`sendWeixinOutbound: account not configured`);
+ throw new Error("weixin not configured: please run `openclaw channels login --channel openclaw-weixin`");
+ }
+ if (!params.contextToken) {
+ aLog.error(`sendWeixinOutbound: contextToken missing, refusing to send to=${params.to}`);
+ throw new Error("sendWeixinOutbound: contextToken is required");
+ }
+ const result = await sendMessageWeixin({ to: params.to, text: params.text, opts: {
+ baseUrl: account.baseUrl,
+ token: account.token,
+ contextToken: params.contextToken,
+ }});
+ return { channel: "openclaw-weixin", messageId: result.messageId };
+}
+
+export const weixinPlugin: ChannelPlugin<ResolvedWeixinAccount> = {
+ id: "openclaw-weixin",
+ meta: {
+ id: "openclaw-weixin",
+ label: "openclaw-weixin",
+ selectionLabel: "openclaw-weixin (long-poll)",
+ docsPath: "/channels/openclaw-weixin",
+ docsLabel: "openclaw-weixin",
+ blurb: "getUpdates long-poll upstream, sendMessage downstream; token auth.",
+ order: 75,
+ },
+ configSchema: {
+ schema: {
+ type: "object",
+ additionalProperties: false,
+ properties: {},
+ },
+ },
+ capabilities: {
+ chatTypes: ["direct"],
+ media: true,
+ },
+ messaging: {
+ targetResolver: {
+ // Weixin user IDs always end with @im.wechat; treat as direct IDs, skip directory lookup.
+ looksLikeId: (raw) => raw.endsWith("@im.wechat"),
+ },
+ },
+ agentPrompt: {
+ messageToolHints: () => [
+ "To send an image or file to the current user, use the message tool with action='send' and set 'media' to a local file path or a remote URL. You do not need to specify 'to' — the current conversation recipient is used automatically.",
+ "When the user asks you to find an image from the web, use a web search or browser tool to find a suitable image URL, then send it using the message tool with 'media' set to that HTTPS image URL — do NOT download the image first.",
+ "IMPORTANT: When generating or saving a file to send, always use an absolute path (e.g. /tmp/photo.png), never a relative path like ./photo.png. Relative paths cannot be resolved and the file will not be delivered.",
+ "IMPORTANT: When creating a cron job (scheduled task) for the current Weixin user, you MUST set delivery.to to the user's Weixin ID (the xxx@im.wechat address from the current conversation). Without an explicit 'to', the cron delivery will fail with 'requires target'. Example: delivery: { mode: 'announce', channel: 'openclaw-weixin', to: '<current_user_id@im.wechat>' }.",
+ ],
+ },
+ reload: { configPrefixes: ["channels.openclaw-weixin"] },
+ config: {
+ listAccountIds: (cfg) => listWeixinAccountIds(cfg),
+ resolveAccount: (cfg, accountId) => resolveWeixinAccount(cfg, accountId),
+ isConfigured: (account) => account.configured,
+ describeAccount: (account) => ({
+ accountId: account.accountId,
+ name: account.name,
+ enabled: account.enabled,
+ configured: account.configured,
+ }),
+ },
+ outbound: {
+ deliveryMode: "direct",
+ textChunkLimit: 4000,
+ sendText: async (ctx) => {
+ const result = await sendWeixinOutbound({
+ cfg: ctx.cfg,
+ to: ctx.to,
+ text: ctx.text,
+ accountId: ctx.accountId,
+ contextToken: getContextToken(ctx.accountId!, ctx.to),
+ });
+ return result;
+ },
+ sendMedia: async (ctx) => {
+ const account = resolveWeixinAccount(ctx.cfg, ctx.accountId);
+ const aLog = logger.withAccount(account.accountId);
+ assertSessionActive(account.accountId);
+ if (!account.configured) {
+ aLog.error(`sendMedia: account not configured`);
+ throw new Error(
+ "weixin not configured: please run `openclaw channels login --channel openclaw-weixin`",
+ );
+ }
+
+ const mediaUrl = ctx.mediaUrl;
+
+ if (mediaUrl && (isLocalFilePath(mediaUrl) || isRemoteUrl(mediaUrl))) {
+ let filePath: string;
+ if (isLocalFilePath(mediaUrl)) {
+ filePath = resolveLocalPath(mediaUrl);
+ aLog.debug(`sendMedia: uploading local file ${filePath}`);
+ } else {
+ aLog.debug(`sendMedia: downloading remote mediaUrl=${mediaUrl.slice(0, 80)}...`);
+ filePath = await downloadRemoteImageToTemp(mediaUrl, MEDIA_OUTBOUND_TEMP_DIR);
+ aLog.debug(`sendMedia: remote image downloaded to ${filePath}`);
+ }
+ const contextToken = getContextToken(account.accountId, ctx.to);
+ const result = await sendWeixinMediaFile({
+ filePath,
+ to: ctx.to,
+ text: ctx.text ?? "",
+ opts: { baseUrl: account.baseUrl, token: account.token, contextToken },
+ cdnBaseUrl: account.cdnBaseUrl,
+ });
+ return { channel: "openclaw-weixin", messageId: result.messageId };
+ }
+
+ const result = await sendWeixinOutbound({
+ cfg: ctx.cfg,
+ to: ctx.to,
+ text: ctx.text ?? "",
+ accountId: ctx.accountId,
+ contextToken: getContextToken(ctx.accountId!, ctx.to),
+ });
+ return result;
+ },
+ },
+ status: {
+ defaultRuntime: {
+ accountId: "",
+ lastError: null,
+ lastInboundAt: null,
+ lastOutboundAt: null,
+ },
+ collectStatusIssues: () => [],
+ buildChannelSummary: ({ snapshot }) => ({
+ configured: snapshot.configured ?? false,
+ lastError: snapshot.lastError ?? null,
+ lastInboundAt: snapshot.lastInboundAt ?? null,
+ lastOutboundAt: snapshot.lastOutboundAt ?? null,
+ }),
+ buildAccountSnapshot: ({ account, runtime }) => ({
+ ...runtime,
+ accountId: account.accountId,
+ name: account.name,
+ enabled: account.enabled,
+ configured: account.configured,
+ }),
+ },
+ auth: {
+ login: async ({ cfg, accountId, verbose, runtime }) => {
+ const account = resolveWeixinAccount(cfg, accountId);
+
+ const log = (msg: string) => {
+ runtime?.log?.(msg);
+ };
+
+ log(`正在启动微信扫码登录...`);
+ const startResult: WeixinQrStartResult = await startWeixinLoginWithQr({
+ accountId: account.accountId,
+ apiBaseUrl: account.baseUrl,
+ botType: DEFAULT_ILINK_BOT_TYPE,
+ verbose: Boolean(verbose),
+ });
+
+ if (!startResult.qrcodeUrl) {
+ logger.warn(
+ `auth.login: failed to get QR code accountId=${account.accountId} message=${startResult.message}`,
+ );
+ log(startResult.message);
+ throw new Error(startResult.message);
+ }
+
+ log(`\n使用微信扫描以下二维码,以完成连接:\n`);
+ try {
+ const qrcodeterminal = await import("qrcode-terminal");
+ await new Promise<void>((resolve) => {
+ qrcodeterminal.default.generate(startResult.qrcodeUrl!, { small: true }, (qr: string) => {
+ console.log(qr);
+ resolve();
+ });
+ });
+ } catch (err) {
+ logger.warn(
+ `auth.login: qrcode-terminal unavailable, falling back to URL err=${String(err)}`,
+ );
+ log(`二维码链接: ${startResult.qrcodeUrl}`);
+ }
+
+ const loginTimeoutMs = 480_000;
+ log(`\n等待连接结果...\n`);
+
+ const waitResult: WeixinQrWaitResult = await waitForWeixinLogin({
+ sessionKey: startResult.sessionKey,
+ apiBaseUrl: account.baseUrl,
+ timeoutMs: loginTimeoutMs,
+ verbose: Boolean(verbose),
+ botType: DEFAULT_ILINK_BOT_TYPE,
+ });
+
+ if (waitResult.connected && waitResult.botToken && waitResult.accountId) {
+ try {
+ // Normalize the raw ilink_bot_id (e.g. "hex@im.bot") to a filesystem-safe
+ // key (e.g. "hex-im-bot") so account files have no special chars.
+ const normalizedId = normalizeAccountId(waitResult.accountId);
+ saveWeixinAccount(normalizedId, {
+ token: waitResult.botToken,
+ baseUrl: waitResult.baseUrl,
+ userId: waitResult.userId,
+ });
+ registerWeixinAccountId(normalizedId);
+ void triggerWeixinChannelReload();
+ log(`\n✅ 与微信连接成功!`);
+ } catch (err) {
+ logger.error(
+ `auth.login: failed to save account data accountId=${waitResult.accountId} err=${String(err)}`,
+ );
+ log(`⚠️ 保存账号数据失败: ${String(err)}`);
+ }
+ } else {
+ logger.warn(
+ `auth.login: login did not complete accountId=${account.accountId} message=${waitResult.message}`,
+ );
+ // log(waitResult.message);
+ throw new Error(waitResult.message);
+ }
+ },
+ },
+ gateway: {
+ startAccount: async (ctx) => {
+ logger.debug(`startAccount entry`);
+ if (!ctx) {
+ logger.warn(`gateway.startAccount: called with undefined ctx, skipping`);
+ return;
+ }
+ const account = ctx.account;
+ const aLog = logger.withAccount(account.accountId);
+ aLog.debug(`about to call monitorWeixinProvider`);
+ aLog.info(`starting weixin webhook`);
+
+ ctx.setStatus?.({
+ accountId: account.accountId,
+ running: true,
+ lastStartAt: Date.now(),
+ lastEventAt: Date.now(),
+ });
+
+ if (!account.configured) {
+ aLog.error(`account not configured`);
+ ctx.log?.error?.(
+ `[${account.accountId}] weixin not logged in — run: openclaw channels login --channel openclaw-weixin`,
+ );
+ ctx.setStatus?.({ accountId: account.accountId, running: false });
+ throw new Error("weixin not configured: missing token");
+ }
+
+ ctx.log?.info?.(`[${account.accountId}] starting weixin provider (${DEFAULT_BASE_URL})`);
+
+ const logPath = aLog.getLogFilePath();
+ ctx.log?.info?.(`[${account.accountId}] weixin logs: ${logPath}`);
+
+ return monitorWeixinProvider({
+ baseUrl: account.baseUrl,
+ cdnBaseUrl: account.cdnBaseUrl,
+ token: account.token,
+ accountId: account.accountId,
+ config: ctx.cfg,
+ runtime: ctx.runtime,
+ abortSignal: ctx.abortSignal,
+ setStatus: ctx.setStatus,
+ });
+ },
+ loginWithQrStart: async ({ accountId, force, timeoutMs, verbose }) => {
+ // For re-login: use saved baseUrl from account data; fall back to default for new accounts.
+ const savedBaseUrl = accountId ? loadWeixinAccount(accountId)?.baseUrl?.trim() : "";
+ const result: WeixinQrStartResult = await startWeixinLoginWithQr({
+ accountId: accountId ?? undefined,
+ apiBaseUrl: savedBaseUrl || DEFAULT_BASE_URL,
+ botType: DEFAULT_ILINK_BOT_TYPE,
+ force,
+ timeoutMs,
+ verbose,
+ });
+ // Return sessionKey so the client can pass it back in loginWithQrWait.
+ return {
+ qrDataUrl: result.qrcodeUrl,
+ message: result.message,
+ sessionKey: result.sessionKey,
+ } as { qrDataUrl?: string; message: string };
+ },
+ loginWithQrWait: async (params) => {
+ // sessionKey is forwarded by the client after loginWithQrStart (runtime param extension).
+ const sessionKey = (params as { sessionKey?: string }).sessionKey || params.accountId || "";
+ const savedBaseUrl = params.accountId
+ ? loadWeixinAccount(params.accountId)?.baseUrl?.trim()
+ : "";
+ const result: WeixinQrWaitResult = await waitForWeixinLogin({
+ sessionKey,
+ apiBaseUrl: savedBaseUrl || DEFAULT_BASE_URL,
+ timeoutMs: params.timeoutMs,
+ });
+
+ if (result.connected && result.botToken && result.accountId) {
+ try {
+ const normalizedId = normalizeAccountId(result.accountId);
+ saveWeixinAccount(normalizedId, {
+ token: result.botToken,
+ baseUrl: result.baseUrl,
+ userId: result.userId,
+ });
+ registerWeixinAccountId(normalizedId);
+ triggerWeixinChannelReload();
+ logger.info(`loginWithQrWait: saved account data for accountId=${normalizedId}`);
+ } catch (err) {
+ logger.error(`loginWithQrWait: failed to save account data err=${String(err)}`);
+ }
+ }
+
+ return {
+ connected: result.connected,
+ message: result.message,
+ accountId: result.accountId,
+ } as { connected: boolean; message: string };
+ },
+ },
+};
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/config/config-schema.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/config/config-schema.ts"
new file mode 100644
index 00000000..e23c67c9
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/config/config-schema.ts"
@@ -0,0 +1,22 @@
+import { z } from "zod";
+
+import { CDN_BASE_URL, DEFAULT_BASE_URL } from "../auth/accounts.js";
+
+// ---------------------------------------------------------------------------
+// Zod config schema
+// ---------------------------------------------------------------------------
+
+const weixinAccountSchema = z.object({
+ name: z.string().optional(),
+ enabled: z.boolean().optional(),
+ baseUrl: z.string().default(DEFAULT_BASE_URL),
+ cdnBaseUrl: z.string().default(CDN_BASE_URL),
+ routeTag: z.number().optional(),
+});
+
+/** Top-level weixin config schema (token is stored in credentials file, not config). */
+export const WeixinConfigSchema = weixinAccountSchema.extend({
+ accounts: z.record(z.string(), weixinAccountSchema).optional(),
+ /** Default URL for `openclaw openclaw-weixin logs-upload`. Set via `openclaw config set channels.openclaw-weixin.logUploadUrl <url>`. */
+ logUploadUrl: z.string().optional(),
+});
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/log-upload.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/log-upload.ts"
new file mode 100644
index 00000000..c7adaaaf
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/log-upload.ts"
@@ -0,0 +1,126 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+
+import type { OpenClawConfig } from "openclaw/plugin-sdk";
+
+
+/** Minimal subset of commander's Command used by registerWeixinCli. */
+type CliCommand = {
+ command(name: string): CliCommand;
+ description(str: string): CliCommand;
+ option(flags: string, description: string): CliCommand;
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
+ action(fn: (...args: any[]) => void | Promise<void>): CliCommand;
+};
+
+function currentDayLogFileName(): string {
+ const now = new Date();
+ const offsetMs = -now.getTimezoneOffset() * 60_000;
+ const dateKey = new Date(now.getTime() + offsetMs).toISOString().slice(0, 10);
+ return `openclaw-${dateKey}.log`;
+}
+
+/**
+ * Parse --file argument: accepts a short 8-digit date (YYYYMMDD)
+ * like "20260316", a full filename like "openclaw-2026-03-16.log",
+ * or a legacy 10-digit hour timestamp "2026031614".
+ */
+function resolveLogFileName(file: string): string {
+ if (/^\d{8}$/.test(file)) {
+ const yyyy = file.slice(0, 4);
+ const mm = file.slice(4, 6);
+ const dd = file.slice(6, 8);
+ return `openclaw-${yyyy}-${mm}-${dd}.log`;
+ }
+ if (/^\d{10}$/.test(file)) {
+ const yyyy = file.slice(0, 4);
+ const mm = file.slice(4, 6);
+ const dd = file.slice(6, 8);
+ return `openclaw-${yyyy}-${mm}-${dd}.log`;
+ }
+ return file;
+}
+
+function mainLogDir(): string {
+ return path.join("/tmp", "openclaw");
+}
+
+function getConfiguredUploadUrl(config: OpenClawConfig): string | undefined {
+ const section = config.channels?.["openclaw-weixin"] as { logUploadUrl?: string } | undefined;
+ return section?.logUploadUrl;
+}
+
+/** Register the `openclaw openclaw-weixin logs-upload` CLI subcommand. */
+export function registerWeixinCli(params: { program: CliCommand; config: OpenClawConfig }): void {
+ const { program, config } = params;
+
+ const root = program.command("openclaw-weixin").description("Weixin channel utilities");
+
+ root
+ .command("logs-upload")
+ .description("Upload a Weixin log file to a remote URL via HTTP POST")
+ .option("--url <url>", "Remote URL to POST the log file to (overrides config)")
+ .option(
+ "--file <file>",
+ "Log file to upload: full filename or 8-digit date YYYYMMDD (default: today)",
+ )
+ .action(async (options: { url?: string; file?: string }) => {
+ const uploadUrl = options.url ?? getConfiguredUploadUrl(config);
+ if (!uploadUrl) {
+ console.error(
+ `[weixin] No upload URL specified. Pass --url or set it with:\n openclaw config set channels.openclaw-weixin.logUploadUrl <url>`,
+ );
+ process.exit(1);
+ }
+
+ const logDir = mainLogDir();
+ const rawFile = options.file ?? currentDayLogFileName();
+ const fileName = resolveLogFileName(rawFile);
+ const filePath = path.isAbsolute(fileName) ? fileName : path.join(logDir, fileName);
+
+ let content: Buffer;
+ try {
+ content = await fs.readFile(filePath);
+ } catch (err) {
+ console.error(`[weixin] Failed to read log file: ${filePath}\n ${String(err)}`);
+ process.exit(1);
+ }
+
+ console.log(`[weixin] Uploading ${filePath} (${content.length} bytes) to ${uploadUrl} ...`);
+
+ const formData = new FormData();
+ formData.append("file", new Blob([new Uint8Array(content)], { type: "text/plain" }), fileName);
+
+ let res: Response;
+ try {
+ res = await fetch(uploadUrl, { method: "POST", body: formData });
+ } catch (err) {
+ console.error(`[weixin] Upload request failed: ${String(err)}`);
+ process.exit(1);
+ }
+
+ const responseBody = await res.text().catch(() => "");
+ if (!res.ok) {
+ console.error(
+ `[weixin] Upload failed: HTTP ${res.status} ${res.statusText}\n ${responseBody}`,
+ );
+ process.exit(1);
+ }
+
+ console.log(`[weixin] Upload succeeded (HTTP ${res.status})`);
+ const fileid = res.headers.get("fileid");
+ if (fileid) {
+ console.log(`fileid: ${fileid}`);
+ } else {
+ // fileid not found; dump all headers for diagnosis
+ const headers: Record<string, string> = {};
+ res.headers.forEach((value, key) => {
+ headers[key] = value;
+ });
+ console.log("headers:", JSON.stringify(headers, null, 2));
+ }
+ if (responseBody) {
+ console.log("body:", responseBody);
+ }
+ });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/media-download.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/media-download.ts"
new file mode 100644
index 00000000..38eeb2fc
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/media-download.ts"
@@ -0,0 +1,141 @@
+import type { WeixinInboundMediaOpts } from "../messaging/inbound.js";
+import { logger } from "../util/logger.js";
+import { getMimeFromFilename } from "./mime.js";
+import {
+ downloadAndDecryptBuffer,
+ downloadPlainCdnBuffer,
+} from "../cdn/pic-decrypt.js";
+import { silkToWav } from "./silk-transcode.js";
+import type { WeixinMessage } from "../api/types.js";
+import { MessageItemType } from "../api/types.js";
+
+const WEIXIN_MEDIA_MAX_BYTES = 100 * 1024 * 1024;
+
+/** Persist a buffer via the framework's unified media store. */
+type SaveMediaFn = (
+ buffer: Buffer,
+ contentType?: string,
+ subdir?: string,
+ maxBytes?: number,
+ originalFilename?: string,
+) => Promise<{ path: string }>;
+
+/**
+ * Download and decrypt media from a single MessageItem.
+ * Returns the populated WeixinInboundMediaOpts fields; empty object on unsupported type or failure.
+ */
+export async function downloadMediaFromItem(
+ item: WeixinMessage["item_list"] extends (infer T)[] | undefined ? T : never,
+ deps: {
+ cdnBaseUrl: string;
+ saveMedia: SaveMediaFn;
+ log: (msg: string) => void;
+ errLog: (msg: string) => void;
+ label: string;
+ },
+): Promise<WeixinInboundMediaOpts> {
+ const { cdnBaseUrl, saveMedia, log, errLog, label } = deps;
+ const result: WeixinInboundMediaOpts = {};
+
+ if (item.type === MessageItemType.IMAGE) {
+ const img = item.image_item;
+ if (!img?.media?.encrypt_query_param) return result;
+ const aesKeyBase64 = img.aeskey
+ ? Buffer.from(img.aeskey, "hex").toString("base64")
+ : img.media.aes_key;
+ logger.debug(
+ `${label} image: encrypt_query_param=${img.media.encrypt_query_param.slice(0, 40)}... hasAesKey=${Boolean(aesKeyBase64)} aeskeySource=${img.aeskey ? "image_item.aeskey" : "media.aes_key"}`,
+ );
+ try {
+ const buf = aesKeyBase64
+ ? await downloadAndDecryptBuffer(
+ img.media.encrypt_query_param,
+ aesKeyBase64,
+ cdnBaseUrl,
+ `${label} image`,
+ )
+ : await downloadPlainCdnBuffer(
+ img.media.encrypt_query_param,
+ cdnBaseUrl,
+ `${label} image-plain`,
+ );
+ const saved = await saveMedia(buf, undefined, "inbound", WEIXIN_MEDIA_MAX_BYTES);
+ result.decryptedPicPath = saved.path;
+ logger.debug(`${label} image saved: ${saved.path}`);
+ } catch (err) {
+ logger.error(`${label} image download/decrypt failed: ${String(err)}`);
+ errLog(`weixin ${label} image download/decrypt failed: ${String(err)}`);
+ }
+ } else if (item.type === MessageItemType.VOICE) {
+ const voice = item.voice_item;
+ if (!voice?.media?.encrypt_query_param || !voice.media.aes_key) return result;
+ try {
+ const silkBuf = await downloadAndDecryptBuffer(
+ voice.media.encrypt_query_param,
+ voice.media.aes_key,
+ cdnBaseUrl,
+ `${label} voice`,
+ );
+ logger.debug(`${label} voice: decrypted ${silkBuf.length} bytes, attempting silk transcode`);
+ const wavBuf = await silkToWav(silkBuf);
+ if (wavBuf) {
+ const saved = await saveMedia(wavBuf, "audio/wav", "inbound", WEIXIN_MEDIA_MAX_BYTES);
+ result.decryptedVoicePath = saved.path;
+ result.voiceMediaType = "audio/wav";
+ logger.debug(`${label} voice: saved WAV to ${saved.path}`);
+ } else {
+ const saved = await saveMedia(silkBuf, "audio/silk", "inbound", WEIXIN_MEDIA_MAX_BYTES);
+ result.decryptedVoicePath = saved.path;
+ result.voiceMediaType = "audio/silk";
+ logger.debug(`${label} voice: silk transcode unavailable, saved raw SILK to ${saved.path}`);
+ }
+ } catch (err) {
+ logger.error(`${label} voice download/transcode failed: ${String(err)}`);
+ errLog(`weixin ${label} voice download/transcode failed: ${String(err)}`);
+ }
+ } else if (item.type === MessageItemType.FILE) {
+ const fileItem = item.file_item;
+ if (!fileItem?.media?.encrypt_query_param || !fileItem.media.aes_key) return result;
+ try {
+ const buf = await downloadAndDecryptBuffer(
+ fileItem.media.encrypt_query_param,
+ fileItem.media.aes_key,
+ cdnBaseUrl,
+ `${label} file`,
+ );
+ const mime = getMimeFromFilename(fileItem.file_name ?? "file.bin");
+ const saved = await saveMedia(
+ buf,
+ mime,
+ "inbound",
+ WEIXIN_MEDIA_MAX_BYTES,
+ fileItem.file_name ?? undefined,
+ );
+ result.decryptedFilePath = saved.path;
+ result.fileMediaType = mime;
+ logger.debug(`${label} file: saved to ${saved.path} mime=${mime}`);
+ } catch (err) {
+ logger.error(`${label} file download failed: ${String(err)}`);
+ errLog(`weixin ${label} file download failed: ${String(err)}`);
+ }
+ } else if (item.type === MessageItemType.VIDEO) {
+ const videoItem = item.video_item;
+ if (!videoItem?.media?.encrypt_query_param || !videoItem.media.aes_key) return result;
+ try {
+ const buf = await downloadAndDecryptBuffer(
+ videoItem.media.encrypt_query_param,
+ videoItem.media.aes_key,
+ cdnBaseUrl,
+ `${label} video`,
+ );
+ const saved = await saveMedia(buf, "video/mp4", "inbound", WEIXIN_MEDIA_MAX_BYTES);
+ result.decryptedVideoPath = saved.path;
+ logger.debug(`${label} video: saved to ${saved.path}`);
+ } catch (err) {
+ logger.error(`${label} video download failed: ${String(err)}`);
+ errLog(`weixin ${label} video download failed: ${String(err)}`);
+ }
+ }
+
+ return result;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/mime.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/mime.ts"
new file mode 100644
index 00000000..08f39e26
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/mime.ts"
@@ -0,0 +1,76 @@
+import path from "node:path";
+
+const EXTENSION_TO_MIME: Record<string, string> = {
+ ".pdf": "application/pdf",
+ ".doc": "application/msword",
+ ".docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+ ".xls": "application/vnd.ms-excel",
+ ".xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+ ".ppt": "application/vnd.ms-powerpoint",
+ ".pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+ ".txt": "text/plain",
+ ".csv": "text/csv",
+ ".zip": "application/zip",
+ ".tar": "application/x-tar",
+ ".gz": "application/gzip",
+ ".mp3": "audio/mpeg",
+ ".ogg": "audio/ogg",
+ ".wav": "audio/wav",
+ ".mp4": "video/mp4",
+ ".mov": "video/quicktime",
+ ".webm": "video/webm",
+ ".mkv": "video/x-matroska",
+ ".avi": "video/x-msvideo",
+ ".png": "image/png",
+ ".jpg": "image/jpeg",
+ ".jpeg": "image/jpeg",
+ ".gif": "image/gif",
+ ".webp": "image/webp",
+ ".bmp": "image/bmp",
+};
+
+const MIME_TO_EXTENSION: Record<string, string> = {
+ "image/jpeg": ".jpg",
+ "image/jpg": ".jpg",
+ "image/png": ".png",
+ "image/gif": ".gif",
+ "image/webp": ".webp",
+ "image/bmp": ".bmp",
+ "video/mp4": ".mp4",
+ "video/quicktime": ".mov",
+ "video/webm": ".webm",
+ "video/x-matroska": ".mkv",
+ "video/x-msvideo": ".avi",
+ "audio/mpeg": ".mp3",
+ "audio/ogg": ".ogg",
+ "audio/wav": ".wav",
+ "application/pdf": ".pdf",
+ "application/zip": ".zip",
+ "application/x-tar": ".tar",
+ "application/gzip": ".gz",
+ "text/plain": ".txt",
+ "text/csv": ".csv",
+};
+
+/** Get MIME type from filename extension. Returns "application/octet-stream" for unknown extensions. */
+export function getMimeFromFilename(filename: string): string {
+ const ext = path.extname(filename).toLowerCase();
+ return EXTENSION_TO_MIME[ext] ?? "application/octet-stream";
+}
+
+/** Get file extension from MIME type. Returns ".bin" for unknown types. */
+export function getExtensionFromMime(mimeType: string): string {
+ const ct = mimeType.split(";")[0].trim().toLowerCase();
+ return MIME_TO_EXTENSION[ct] ?? ".bin";
+}
+
+/** Get file extension from Content-Type header or URL path. Returns ".bin" for unknown. */
+export function getExtensionFromContentTypeOrUrl(contentType: string | null, url: string): string {
+ if (contentType) {
+ const ext = getExtensionFromMime(contentType);
+ if (ext !== ".bin") return ext;
+ }
+ const ext = path.extname(new URL(url).pathname).toLowerCase();
+ const knownExts = new Set(Object.keys(EXTENSION_TO_MIME));
+ return knownExts.has(ext) ? ext : ".bin";
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/silk-transcode.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/silk-transcode.ts"
new file mode 100644
index 00000000..473458aa
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/media/silk-transcode.ts"
@@ -0,0 +1,74 @@
+import { logger } from "../util/logger.js";
+
+/** Default sample rate for Weixin voice messages. */
+const SILK_SAMPLE_RATE = 24_000;
+
+/**
+ * Wrap raw pcm_s16le bytes in a WAV container.
+ * Mono channel, 16-bit signed little-endian.
+ */
+function pcmBytesToWav(pcm: Uint8Array, sampleRate: number): Buffer {
+ const pcmBytes = pcm.byteLength;
+ const totalSize = 44 + pcmBytes;
+ const buf = Buffer.allocUnsafe(totalSize);
+ let offset = 0;
+
+ buf.write("RIFF", offset);
+ offset += 4;
+ buf.writeUInt32LE(totalSize - 8, offset);
+ offset += 4;
+ buf.write("WAVE", offset);
+ offset += 4;
+
+ buf.write("fmt ", offset);
+ offset += 4;
+ buf.writeUInt32LE(16, offset);
+ offset += 4; // fmt chunk size
+ buf.writeUInt16LE(1, offset);
+ offset += 2; // PCM format
+ buf.writeUInt16LE(1, offset);
+ offset += 2; // mono
+ buf.writeUInt32LE(sampleRate, offset);
+ offset += 4;
+ buf.writeUInt32LE(sampleRate * 2, offset);
+ offset += 4; // byte rate (mono 16-bit)
+ buf.writeUInt16LE(2, offset);
+ offset += 2; // block align
+ buf.writeUInt16LE(16, offset);
+ offset += 2; // bits per sample
+
+ buf.write("data", offset);
+ offset += 4;
+ buf.writeUInt32LE(pcmBytes, offset);
+ offset += 4;
+
+ Buffer.from(pcm.buffer, pcm.byteOffset, pcm.byteLength).copy(buf, offset);
+
+ return buf;
+}
+
+/**
+ * Try to transcode a SILK audio buffer to WAV using silk-wasm.
+ * silk-wasm's decode() returns { data: Uint8Array (pcm_s16le), duration: number }.
+ *
+ * Returns a WAV Buffer on success, or null if silk-wasm is unavailable or decoding fails.
+ * Callers should fall back to passing the raw SILK file when null is returned.
+ */
+export async function silkToWav(silkBuf: Buffer): Promise<Buffer | null> {
+ try {
+ const { decode } = await import("silk-wasm");
+
+ logger.debug(`silkToWav: decoding ${silkBuf.length} bytes of SILK`);
+ const result = await decode(silkBuf, SILK_SAMPLE_RATE);
+ logger.debug(
+ `silkToWav: decoded duration=${result.duration}ms pcmBytes=${result.data.byteLength}`,
+ );
+
+ const wav = pcmBytesToWav(result.data, SILK_SAMPLE_RATE);
+ logger.debug(`silkToWav: WAV size=${wav.length}`);
+ return wav;
+ } catch (err) {
+ logger.warn(`silkToWav: transcode failed, will use raw silk err=${String(err)}`);
+ return null;
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/debug-mode.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/debug-mode.ts"
new file mode 100644
index 00000000..7d4ce097
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/debug-mode.ts"
@@ -0,0 +1,69 @@
+/**
+ * Per-bot debug mode toggle, persisted to disk so it survives gateway restarts.
+ *
+ * State file: `<stateDir>/openclaw-weixin/debug-mode.json`
+ * Format: `{ "accounts": { "<accountId>": true, ... } }`
+ *
+ * When enabled, processOneMessage appends a timing summary after each
+ * AI reply is delivered to the user.
+ */
+import fs from "node:fs";
+import path from "node:path";
+
+import { resolveStateDir } from "../storage/state-dir.js";
+import { logger } from "../util/logger.js";
+
+interface DebugModeState {
+ accounts: Record<string, boolean>;
+}
+
+function resolveDebugModePath(): string {
+ return path.join(resolveStateDir(), "openclaw-weixin", "debug-mode.json");
+}
+
+function loadState(): DebugModeState {
+ try {
+ const raw = fs.readFileSync(resolveDebugModePath(), "utf-8");
+ const parsed = JSON.parse(raw) as DebugModeState;
+ if (parsed && typeof parsed.accounts === "object") return parsed;
+ } catch {
+ // missing or corrupt — start fresh
+ }
+ return { accounts: {} };
+}
+
+function saveState(state: DebugModeState): void {
+ const filePath = resolveDebugModePath();
+ fs.mkdirSync(path.dirname(filePath), { recursive: true });
+ fs.writeFileSync(filePath, JSON.stringify(state, null, 2), "utf-8");
+}
+
+/** Toggle debug mode for a bot account. Returns the new state. */
+export function toggleDebugMode(accountId: string): boolean {
+ const state = loadState();
+ const next = !state.accounts[accountId];
+ state.accounts[accountId] = next;
+ try {
+ saveState(state);
+ } catch (err) {
+ logger.error(`debug-mode: failed to persist state: ${String(err)}`);
+ }
+ return next;
+}
+
+/** Check whether debug mode is active for a bot account. */
+export function isDebugMode(accountId: string): boolean {
+ return loadState().accounts[accountId] === true;
+}
+
+/**
+ * Reset internal state — only for tests.
+ * @internal
+ */
+export function _resetForTest(): void {
+ try {
+ fs.unlinkSync(resolveDebugModePath());
+ } catch {
+ // ignore if not present
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/error-notice.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/error-notice.ts"
new file mode 100644
index 00000000..00e0fa02
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/error-notice.ts"
@@ -0,0 +1,31 @@
+import { logger } from "../util/logger.js";
+import { sendMessageWeixin } from "./send.js";
+
+/**
+ * Send a plain-text error notice back to the user.
+ * Fire-and-forget: errors are logged but never thrown, so callers stay unaffected.
+ * No-op when contextToken is absent (we have no conversation reference to reply into).
+ */
+export async function sendWeixinErrorNotice(params: {
+ to: string;
+ contextToken: string | undefined;
+ message: string;
+ baseUrl: string;
+ token?: string;
+ errLog: (m: string) => void;
+}): Promise<void> {
+ if (!params.contextToken) {
+ logger.warn(`sendWeixinErrorNotice: no contextToken for to=${params.to}, cannot notify user`);
+ return;
+ }
+ try {
+ await sendMessageWeixin({ to: params.to, text: params.message, opts: {
+ baseUrl: params.baseUrl,
+ token: params.token,
+ contextToken: params.contextToken,
+ }});
+ logger.debug(`sendWeixinErrorNotice: sent to=${params.to}`);
+ } catch (err) {
+ params.errLog(`[weixin] sendWeixinErrorNotice failed to=${params.to}: ${String(err)}`);
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/inbound.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/inbound.ts"
new file mode 100644
index 00000000..86ee190f
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/inbound.ts"
@@ -0,0 +1,171 @@
+import { logger } from "../util/logger.js";
+import { generateId } from "../util/random.js";
+import type { WeixinMessage, MessageItem } from "../api/types.js";
+import { MessageItemType } from "../api/types.js";
+
+// ---------------------------------------------------------------------------
+// Context token store (in-process cache: accountId+userId → contextToken)
+// ---------------------------------------------------------------------------
+
+/**
+ * contextToken is issued per-message by the Weixin getupdates API and must
+ * be echoed verbatim in every outbound send. It is not persisted: the monitor
+ * loop populates this map on each inbound message, and the outbound adapter
+ * reads it back when the agent sends a reply.
+ */
+const contextTokenStore = new Map<string, string>();
+
+function contextTokenKey(accountId: string, userId: string): string {
+ return `${accountId}:${userId}`;
+}
+
+/** Store a context token for a given account+user pair. */
+export function setContextToken(accountId: string, userId: string, token: string): void {
+ const k = contextTokenKey(accountId, userId);
+ logger.debug(`setContextToken: key=${k}`);
+ contextTokenStore.set(k, token);
+}
+
+/** Retrieve the cached context token for a given account+user pair. */
+export function getContextToken(accountId: string, userId: string): string | undefined {
+ const k = contextTokenKey(accountId, userId);
+ const val = contextTokenStore.get(k);
+ logger.debug(
+ `getContextToken: key=${k} found=${val !== undefined} storeSize=${contextTokenStore.size}`,
+ );
+ return val;
+}
+
+// ---------------------------------------------------------------------------
+// Message ID generation
+// ---------------------------------------------------------------------------
+
+function generateMessageSid(): string {
+ return generateId("openclaw-weixin");
+}
+
+/** Inbound context passed to the OpenClaw core pipeline (matches MsgContext shape). */
+export type WeixinMsgContext = {
+ Body: string;
+ From: string;
+ To: string;
+ AccountId: string;
+ OriginatingChannel: "openclaw-weixin";
+ OriginatingTo: string;
+ MessageSid: string;
+ Timestamp?: number;
+ Provider: "openclaw-weixin";
+ ChatType: "direct";
+ /** Set by monitor after resolveAgentRoute so dispatchReplyFromConfig uses the correct session. */
+ SessionKey?: string;
+ context_token?: string;
+ MediaUrl?: string;
+ MediaPath?: string;
+ MediaType?: string;
+ /** Raw message body for framework command authorization. */
+ CommandBody?: string;
+ /** Whether the sender is authorized to execute slash commands. */
+ CommandAuthorized?: boolean;
+};
+
+/** Returns true if the message item is a media type (image, video, file, or voice). */
+export function isMediaItem(item: MessageItem): boolean {
+ return (
+ item.type === MessageItemType.IMAGE ||
+ item.type === MessageItemType.VIDEO ||
+ item.type === MessageItemType.FILE ||
+ item.type === MessageItemType.VOICE
+ );
+}
+
+function bodyFromItemList(itemList?: MessageItem[]): string {
+ if (!itemList?.length) return "";
+ for (const item of itemList) {
+ if (item.type === MessageItemType.TEXT && item.text_item?.text != null) {
+ const text = String(item.text_item.text);
+ const ref = item.ref_msg;
+ if (!ref) return text;
+ // Quoted media is passed as MediaPath; only include the current text as body.
+ if (ref.message_item && isMediaItem(ref.message_item)) return text;
+ // Build quoted context from both title and message_item content.
+ const parts: string[] = [];
+ if (ref.title) parts.push(ref.title);
+ if (ref.message_item) {
+ const refBody = bodyFromItemList([ref.message_item]);
+ if (refBody) parts.push(refBody);
+ }
+ if (!parts.length) return text;
+ return `[引用: ${parts.join(" | ")}]\n${text}`;
+ }
+ // 语音转文字:如果语音消息有 text 字段,直接使用文字内容
+ if (item.type === MessageItemType.VOICE && item.voice_item?.text) {
+ return item.voice_item.text;
+ }
+ }
+ return "";
+}
+
+export type WeixinInboundMediaOpts = {
+ /** Local path to decrypted image file. */
+ decryptedPicPath?: string;
+ /** Local path to transcoded/raw voice file (.wav or .silk). */
+ decryptedVoicePath?: string;
+ /** MIME type for the voice file (e.g. "audio/wav" or "audio/silk"). */
+ voiceMediaType?: string;
+ /** Local path to decrypted file attachment. */
+ decryptedFilePath?: string;
+ /** MIME type for the file attachment (guessed from file_name). */
+ fileMediaType?: string;
+ /** Local path to decrypted video file. */
+ decryptedVideoPath?: string;
+};
+
+/**
+ * Convert a WeixinMessage from getUpdates to the inbound MsgContext for the core pipeline.
+ * Media: only pass MediaPath (local file, after CDN download + decrypt).
+ * We never pass MediaUrl — the upstream CDN URL is encrypted/auth-only.
+ * Priority when multiple media types present: image > video > file > voice.
+ */
+export function weixinMessageToMsgContext(
+ msg: WeixinMessage,
+ accountId: string,
+ opts?: WeixinInboundMediaOpts,
+): WeixinMsgContext {
+ const from_user_id = msg.from_user_id ?? "";
+ const ctx: WeixinMsgContext = {
+ Body: bodyFromItemList(msg.item_list),
+ From: from_user_id,
+ To: from_user_id,
+ AccountId: accountId,
+ OriginatingChannel: "openclaw-weixin",
+ OriginatingTo: from_user_id,
+ MessageSid: generateMessageSid(),
+ Timestamp: msg.create_time_ms,
+ Provider: "openclaw-weixin",
+ ChatType: "direct",
+ };
+ if (msg.context_token) {
+ ctx.context_token = msg.context_token;
+ }
+
+ if (opts?.decryptedPicPath) {
+ ctx.MediaPath = opts.decryptedPicPath;
+ ctx.MediaType = "image/*";
+ } else if (opts?.decryptedVideoPath) {
+ ctx.MediaPath = opts.decryptedVideoPath;
+ ctx.MediaType = "video/mp4";
+ } else if (opts?.decryptedFilePath) {
+ ctx.MediaPath = opts.decryptedFilePath;
+ ctx.MediaType = opts.fileMediaType ?? "application/octet-stream";
+ } else if (opts?.decryptedVoicePath) {
+ ctx.MediaPath = opts.decryptedVoicePath;
+ ctx.MediaType = opts.voiceMediaType ?? "audio/wav";
+ }
+
+ return ctx;
+}
+
+/** Extract the context_token from an inbound WeixinMsgContext. */
+export function getContextTokenFromMsgContext(ctx: WeixinMsgContext): string | undefined {
+ return ctx.context_token;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/process-message.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/process-message.ts"
new file mode 100644
index 00000000..d9d9508f
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/process-message.ts"
@@ -0,0 +1,481 @@
+import path from "node:path";
+
+import {
+ createTypingCallbacks,
+ resolveSenderCommandAuthorizationWithRuntime,
+ resolveDirectDmAuthorizationOutcome,
+ resolvePreferredOpenClawTmpDir,
+} from "openclaw/plugin-sdk";
+import type { PluginRuntime } from "openclaw/plugin-sdk";
+
+import { sendTyping } from "../api/api.js";
+import type { WeixinMessage } from "../api/types.js";
+import { MessageItemType, TypingStatus } from "../api/types.js";
+import { loadWeixinAccount } from "../auth/accounts.js";
+import { readFrameworkAllowFromList } from "../auth/pairing.js";
+import { downloadRemoteImageToTemp } from "../cdn/upload.js";
+import { downloadMediaFromItem } from "../media/media-download.js";
+import { logger } from "../util/logger.js";
+import { redactBody, redactToken } from "../util/redact.js";
+
+import { isDebugMode } from "./debug-mode.js";
+import { sendWeixinErrorNotice } from "./error-notice.js";
+import {
+ setContextToken,
+ weixinMessageToMsgContext,
+ getContextTokenFromMsgContext,
+ isMediaItem,
+} from "./inbound.js";
+import type { WeixinInboundMediaOpts } from "./inbound.js";
+import { sendWeixinMediaFile } from "./send-media.js";
+import { markdownToPlainText, sendMessageWeixin } from "./send.js";
+import { handleSlashCommand } from "./slash-commands.js";
+
+const MEDIA_OUTBOUND_TEMP_DIR = path.join(resolvePreferredOpenClawTmpDir(), "weixin/media/outbound-temp");
+
+/** Dependencies for processOneMessage, injected by the monitor loop. */
+export type ProcessMessageDeps = {
+ accountId: string;
+ config: import("openclaw/plugin-sdk/core").OpenClawConfig;
+ channelRuntime: PluginRuntime["channel"];
+ baseUrl: string;
+ cdnBaseUrl: string;
+ token?: string;
+ typingTicket?: string;
+ log: (msg: string) => void;
+ errLog: (m: string) => void;
+};
+
+/** Extract text body from item_list (for slash command detection). */
+function extractTextBody(itemList?: import("../api/types.js").MessageItem[]): string {
+ if (!itemList?.length) return "";
+ for (const item of itemList) {
+ if (item.type === MessageItemType.TEXT && item.text_item?.text != null) {
+ return String(item.text_item.text);
+ }
+ }
+ return "";
+}
+
+/**
+ * Process a single inbound message: route → download media → dispatch reply.
+ * Extracted from the monitor loop to keep monitoring and message handling separate.
+ */
+export async function processOneMessage(
+ full: WeixinMessage,
+ deps: ProcessMessageDeps,
+): Promise<void> {
+ if (!deps?.channelRuntime) {
+ logger.error(
+ `processOneMessage: channelRuntime is undefined, skipping message from=${full.from_user_id}`,
+ );
+ deps.errLog("processOneMessage: channelRuntime is undefined, skip");
+ return;
+ }
+
+ const receivedAt = Date.now();
+ const debug = isDebugMode(deps.accountId);
+ const debugTrace: string[] = [];
+ const debugTs: Record<string, number> = { received: receivedAt };
+
+ const textBody = extractTextBody(full.item_list);
+ if (textBody.startsWith("/")) {
+ const slashResult = await handleSlashCommand(textBody, {
+ to: full.from_user_id ?? "",
+ contextToken: full.context_token,
+ baseUrl: deps.baseUrl,
+ token: deps.token,
+ accountId: deps.accountId,
+ log: deps.log,
+ errLog: deps.errLog,
+ }, receivedAt, full.create_time_ms);
+ if (slashResult.handled) {
+ logger.info(`[weixin] Slash command handled, skipping AI pipeline`);
+ return;
+ }
+ }
+
+ if (debug) {
+ const itemTypes = full.item_list?.map((i) => i.type).join(",") ?? "none";
+ debugTrace.push(
+ "── 收消息 ──",
+ `│ seq=${full.seq ?? "?"} msgId=${full.message_id ?? "?"} from=${full.from_user_id ?? "?"}`,
+ `│ body="${textBody.slice(0, 40)}${textBody.length > 40 ? "…" : ""}" (len=${textBody.length}) itemTypes=[${itemTypes}]`,
+ `│ sessionId=${full.session_id ?? "?"} contextToken=${full.context_token ? "present" : "none"}`,
+ );
+ }
+
+ const mediaOpts: WeixinInboundMediaOpts = {};
+
+ // Find the first downloadable media item (priority: IMAGE > VIDEO > FILE > VOICE).
+ // When none found in the main item_list, fall back to media referenced via a quoted message.
+ const mainMediaItem =
+ full.item_list?.find(
+ (i) => i.type === MessageItemType.IMAGE && i.image_item?.media?.encrypt_query_param,
+ ) ??
+ full.item_list?.find(
+ (i) => i.type === MessageItemType.VIDEO && i.video_item?.media?.encrypt_query_param,
+ ) ??
+ full.item_list?.find(
+ (i) => i.type === MessageItemType.FILE && i.file_item?.media?.encrypt_query_param,
+ ) ??
+ full.item_list?.find(
+ (i) =>
+ i.type === MessageItemType.VOICE &&
+ i.voice_item?.media?.encrypt_query_param &&
+ !i.voice_item.text,
+ );
+ const refMediaItem = !mainMediaItem
+ ? full.item_list?.find(
+ (i) =>
+ i.type === MessageItemType.TEXT &&
+ i.ref_msg?.message_item &&
+ isMediaItem(i.ref_msg.message_item!),
+ )?.ref_msg?.message_item
+ : undefined;
+
+ const mediaDownloadStart = Date.now();
+ const mediaItem = mainMediaItem ?? refMediaItem;
+ if (mediaItem) {
+ const label = refMediaItem ? "ref" : "inbound";
+ const downloaded = await downloadMediaFromItem(mediaItem, {
+ cdnBaseUrl: deps.cdnBaseUrl,
+ saveMedia: deps.channelRuntime.media.saveMediaBuffer,
+ log: deps.log,
+ errLog: deps.errLog,
+ label,
+ });
+ Object.assign(mediaOpts, downloaded);
+ }
+ const mediaDownloadMs = Date.now() - mediaDownloadStart;
+
+ if (debug) {
+ debugTrace.push(mediaItem
+ ? `│ mediaDownload: type=${mediaItem.type} cost=${mediaDownloadMs}ms`
+ : "│ mediaDownload: none",
+ );
+ }
+
+ const ctx = weixinMessageToMsgContext(full, deps.accountId, mediaOpts);
+
+ // --- Framework command authorization ---
+ const rawBody = ctx.Body?.trim() ?? "";
+ ctx.CommandBody = rawBody;
+
+ const senderId = full.from_user_id ?? "";
+
+ const { senderAllowedForCommands, commandAuthorized } =
+ await resolveSenderCommandAuthorizationWithRuntime({
+ cfg: deps.config,
+ rawBody,
+ isGroup: false,
+ dmPolicy: "pairing",
+ configuredAllowFrom: [],
+ configuredGroupAllowFrom: [],
+ senderId,
+ isSenderAllowed: (id: string, list: string[]) => list.length === 0 || list.includes(id),
+ /** Pairing: framework credentials `*-allowFrom.json`, with account `userId` fallback for legacy installs. */
+ readAllowFromStore: async () => {
+ const fromStore = readFrameworkAllowFromList(deps.accountId);
+ if (fromStore.length > 0) return fromStore;
+ const uid = loadWeixinAccount(deps.accountId)?.userId?.trim();
+ return uid ? [uid] : [];
+ },
+ runtime: deps.channelRuntime.commands,
+ });
+
+ const directDmOutcome = resolveDirectDmAuthorizationOutcome({
+ isGroup: false,
+ dmPolicy: "pairing",
+ senderAllowedForCommands,
+ });
+
+ if (directDmOutcome === "disabled" || directDmOutcome === "unauthorized") {
+ logger.info(
+ `authorization: dropping message from=${senderId} outcome=${directDmOutcome}`,
+ );
+ return;
+ }
+
+ ctx.CommandAuthorized = commandAuthorized;
+ logger.debug(
+ `authorization: senderId=${senderId} commandAuthorized=${String(commandAuthorized)} senderAllowed=${String(senderAllowedForCommands)}`,
+ );
+
+ if (debug) {
+ debugTrace.push(
+ "── 鉴权 & 路由 ──",
+ `│ auth: cmdAuthorized=${String(commandAuthorized)} senderAllowed=${String(senderAllowedForCommands)}`,
+ );
+ }
+
+ const route = deps.channelRuntime.routing.resolveAgentRoute({
+ cfg: deps.config,
+ channel: "openclaw-weixin",
+ accountId: deps.accountId,
+ peer: { kind: "direct", id: ctx.To },
+ });
+ logger.debug(
+ `resolveAgentRoute: agentId=${route.agentId ?? "(none)"} sessionKey=${route.sessionKey ?? "(none)"} mainSessionKey=${route.mainSessionKey ?? "(none)"}`,
+ );
+ if (!route.agentId) {
+ logger.error(
+ `resolveAgentRoute: no agentId resolved for peer=${ctx.To} accountId=${deps.accountId} — message will not be dispatched`,
+ );
+ }
+
+ if (debug) {
+ debugTrace.push(
+ `│ route: agent=${route.agentId ?? "none"} session=${route.sessionKey ?? "none"}`,
+ );
+ debugTs.preDispatch = Date.now();
+ }
+ // Propagate the resolved session key into ctx so dispatchReplyFromConfig uses
+ // the correct session (matching the dmScope from config) instead of falling back
+ // to agent:main:main.
+ ctx.SessionKey = route.sessionKey;
+ const storePath = deps.channelRuntime.session.resolveStorePath(deps.config.session?.store, {
+ agentId: route.agentId,
+ });
+ const finalized = deps.channelRuntime.reply.finalizeInboundContext(
+ ctx as Parameters<typeof deps.channelRuntime.reply.finalizeInboundContext>[0],
+ );
+
+ logger.info(
+ `inbound: from=${finalized.From} to=${finalized.To} bodyLen=${(finalized.Body ?? "").length} hasMedia=${Boolean(finalized.MediaPath ?? finalized.MediaUrl)}`,
+ );
+ logger.debug(`inbound context: ${redactBody(JSON.stringify(finalized))}`);
+
+ await deps.channelRuntime.session.recordInboundSession({
+ storePath,
+ sessionKey: route.sessionKey,
+ ctx: finalized as Parameters<typeof deps.channelRuntime.session.recordInboundSession>[0]["ctx"],
+ updateLastRoute: {
+ sessionKey: route.mainSessionKey,
+ channel: "openclaw-weixin",
+ to: ctx.To,
+ accountId: deps.accountId,
+ },
+ onRecordError: (err) => deps.errLog(`recordInboundSession: ${String(err)}`),
+ });
+ logger.debug(
+ `recordInboundSession: done storePath=${storePath} sessionKey=${route.sessionKey ?? "(none)"}`,
+ );
+
+ const contextToken = getContextTokenFromMsgContext(ctx);
+ if (contextToken) {
+ setContextToken(deps.accountId, full.from_user_id ?? "", contextToken);
+ }
+ const humanDelay = deps.channelRuntime.reply.resolveHumanDelayConfig(deps.config, route.agentId);
+
+ const hasTypingTicket = Boolean(deps.typingTicket);
+ const typingCallbacks = createTypingCallbacks({
+ start: hasTypingTicket
+ ? () =>
+ sendTyping({
+ baseUrl: deps.baseUrl,
+ token: deps.token,
+ body: {
+ ilink_user_id: ctx.To,
+ typing_ticket: deps.typingTicket!,
+ status: TypingStatus.TYPING,
+ },
+ })
+ : async () => {},
+ stop: hasTypingTicket
+ ? () =>
+ sendTyping({
+ baseUrl: deps.baseUrl,
+ token: deps.token,
+ body: {
+ ilink_user_id: ctx.To,
+ typing_ticket: deps.typingTicket!,
+ status: TypingStatus.CANCEL,
+ },
+ })
+ : async () => {},
+ onStartError: (err) => deps.log(`[weixin] typing send error: ${String(err)}`),
+ onStopError: (err) => deps.log(`[weixin] typing cancel error: ${String(err)}`),
+ keepaliveIntervalMs: 5000,
+ });
+
+ /** Delivery records populated synchronously at deliver() entry, safe to read in finally. */
+ const debugDeliveries: Array<{ textLen: number; media: string; preview: string; ts: number }> = [];
+
+ const { dispatcher, replyOptions, markDispatchIdle } =
+ deps.channelRuntime.reply.createReplyDispatcherWithTyping({
+ humanDelay,
+ typingCallbacks,
+ deliver: async (payload) => {
+ const text = markdownToPlainText(payload.text ?? "");
+ const mediaUrl = payload.mediaUrl ?? payload.mediaUrls?.[0];
+ logger.debug(`outbound payload: ${redactBody(JSON.stringify(payload))}`);
+ logger.info(
+ `outbound: to=${ctx.To} contextToken=${redactToken(contextToken)} textLen=${text.length} mediaUrl=${mediaUrl ? "present" : "none"}`,
+ );
+
+ if (debug) {
+ debugDeliveries.push({
+ textLen: text.length,
+ media: mediaUrl ? "present" : "none",
+ preview: `${text.slice(0, 60)}${text.length > 60 ? "…" : ""}`,
+ ts: Date.now(),
+ });
+ }
+
+ try {
+ if (mediaUrl) {
+ let filePath: string;
+ if (!mediaUrl.includes("://") || mediaUrl.startsWith("file://")) {
+ // Local path: absolute, relative, or file:// URL
+ if (mediaUrl.startsWith("file://")) {
+ filePath = new URL(mediaUrl).pathname;
+ } else if (!path.isAbsolute(mediaUrl)) {
+ filePath = path.resolve(mediaUrl);
+ logger.debug(`outbound: resolved relative path ${mediaUrl} -> ${filePath}`);
+ } else {
+ filePath = mediaUrl;
+ }
+ logger.debug(`outbound: local file path resolved filePath=${filePath}`);
+ } else if (mediaUrl.startsWith("http://") || mediaUrl.startsWith("https://")) {
+ logger.debug(`outbound: downloading remote mediaUrl=${mediaUrl.slice(0, 80)}...`);
+ filePath = await downloadRemoteImageToTemp(mediaUrl, MEDIA_OUTBOUND_TEMP_DIR);
+ logger.debug(`outbound: remote image downloaded to filePath=${filePath}`);
+ } else {
+ logger.warn(
+ `outbound: unrecognized mediaUrl scheme, sending text only mediaUrl=${mediaUrl.slice(0, 80)}`,
+ );
+ await sendMessageWeixin({ to: ctx.To, text, opts: {
+ baseUrl: deps.baseUrl,
+ token: deps.token,
+ contextToken,
+ }});
+ logger.info(`outbound: text sent to=${ctx.To}`);
+ return;
+ }
+ await sendWeixinMediaFile({
+ filePath,
+ to: ctx.To,
+ text,
+ opts: { baseUrl: deps.baseUrl, token: deps.token, contextToken },
+ cdnBaseUrl: deps.cdnBaseUrl,
+ });
+ logger.info(`outbound: media sent OK to=${ctx.To}`);
+ } else {
+ logger.debug(`outbound: sending text message to=${ctx.To}`);
+ await sendMessageWeixin({ to: ctx.To, text, opts: {
+ baseUrl: deps.baseUrl,
+ token: deps.token,
+ contextToken,
+ }});
+ logger.info(`outbound: text sent OK to=${ctx.To}`);
+ }
+ } catch (err) {
+ logger.error(
+ `outbound: FAILED to=${ctx.To} mediaUrl=${mediaUrl ?? "none"} err=${String(err)} stack=${(err as Error).stack ?? ""}`,
+ );
+ throw err;
+ }
+ },
+ onError: (err, info) => {
+ deps.errLog(`weixin reply ${info.kind}: ${String(err)}`);
+ const errMsg = err instanceof Error ? err.message : String(err);
+ let notice: string;
+ if (errMsg.includes("contextToken is required")) {
+ // No contextToken means we cannot send a notice either; just log.
+ logger.warn(`onError: contextToken missing, cannot send error notice to=${ctx.To}`);
+ return;
+ } else if (errMsg.includes("remote media download failed") || errMsg.includes("fetch")) {
+ notice = `⚠️ 媒体文件下载失败,请检查链接是否可访问。`;
+ } else if (
+ errMsg.includes("getUploadUrl") ||
+ errMsg.includes("CDN upload") ||
+ errMsg.includes("upload_param")
+ ) {
+ notice = `⚠️ 媒体文件上传失败,请稍后重试。`;
+ } else {
+ notice = `⚠️ 消息发送失败:${errMsg}`;
+ }
+ void sendWeixinErrorNotice({
+ to: ctx.To,
+ contextToken,
+ message: notice,
+ baseUrl: deps.baseUrl,
+ token: deps.token,
+ errLog: deps.errLog,
+ });
+ },
+ });
+
+ logger.debug(`dispatchReplyFromConfig: starting agentId=${route.agentId ?? "(none)"}`);
+ try {
+ await deps.channelRuntime.reply.withReplyDispatcher({
+ dispatcher,
+ run: () =>
+ deps.channelRuntime.reply.dispatchReplyFromConfig({
+ ctx: finalized,
+ cfg: deps.config,
+ dispatcher,
+ replyOptions,
+ }),
+ });
+ logger.debug(`dispatchReplyFromConfig: done agentId=${route.agentId ?? "(none)"}`);
+ } catch (err) {
+ logger.error(
+ `dispatchReplyFromConfig: error agentId=${route.agentId ?? "(none)"} err=${String(err)}`,
+ );
+ throw err;
+ } finally {
+ markDispatchIdle();
+
+ logger.info(
+ `debug-check: accountId=${deps.accountId} debug=${String(debug)} hasContextToken=${Boolean(contextToken)} stateDir=${process.env.OPENCLAW_STATE_DIR ?? "(unset)"}`,
+ );
+
+ if (debug && contextToken) {
+ const dispatchDoneAt = Date.now();
+ const eventTs = full.create_time_ms ?? 0;
+ const platformDelay = eventTs > 0 ? `${receivedAt - eventTs}ms` : "N/A";
+ const inboundProcessMs = (debugTs.preDispatch ?? receivedAt) - receivedAt;
+ const aiMs = dispatchDoneAt - (debugTs.preDispatch ?? receivedAt);
+ const totalTime = eventTs > 0 ? `${dispatchDoneAt - eventTs}ms` : `${dispatchDoneAt - receivedAt}ms`;
+
+ if (debugDeliveries.length > 0) {
+ debugTrace.push("── 回复 ──");
+ for (const d of debugDeliveries) {
+ debugTrace.push(
+ `│ textLen=${d.textLen} media=${d.media}`,
+ `│ text="${d.preview}"`,
+ );
+ }
+ const firstTs = debugDeliveries[0].ts;
+ debugTrace.push(`│ deliver耗时: ${dispatchDoneAt - firstTs}ms`);
+ } else {
+ debugTrace.push("── 回复 ──", "│ (deliver未捕获)");
+ }
+
+ debugTrace.push(
+ "── 耗时 ──",
+ `├ 平台→插件: ${platformDelay}`,
+ `├ 入站处理(auth+route+media): ${inboundProcessMs}ms (mediaDownload: ${mediaDownloadMs}ms)`,
+ `├ AI生成+回复: ${aiMs}ms`,
+ `├ 总耗时: ${totalTime}`,
+ `└ eventTime: ${eventTs > 0 ? new Date(eventTs).toISOString() : "N/A"}`,
+ );
+
+ const timingText = `⏱ Debug 全链路\n${debugTrace.join("\n")}`;
+
+ logger.info(`debug-timing: sending to=${ctx.To}`);
+ try {
+ await sendMessageWeixin({
+ to: ctx.To,
+ text: timingText,
+ opts: { baseUrl: deps.baseUrl, token: deps.token, contextToken },
+ });
+ logger.info(`debug-timing: sent OK`);
+ } catch (debugErr) {
+ logger.error(`debug-timing: send FAILED err=${String(debugErr)}`);
+ }
+ }
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/send-media.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/send-media.ts"
new file mode 100644
index 00000000..df56a270
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/send-media.ts"
@@ -0,0 +1,72 @@
+import path from "node:path";
+import type { WeixinApiOptions } from "../api/api.js";
+import { logger } from "../util/logger.js";
+import { getMimeFromFilename } from "../media/mime.js";
+import { sendFileMessageWeixin, sendImageMessageWeixin, sendVideoMessageWeixin } from "./send.js";
+import { uploadFileAttachmentToWeixin, uploadFileToWeixin, uploadVideoToWeixin } from "../cdn/upload.js";
+
+/**
+ * Upload a local file and send it as a weixin message, routing by MIME type:
+ * video/* → uploadVideoToWeixin + sendVideoMessageWeixin
+ * image/* → uploadFileToWeixin + sendImageMessageWeixin
+ * else → uploadFileAttachmentToWeixin + sendFileMessageWeixin
+ *
+ * Used by both the auto-reply deliver path (monitor.ts) and the outbound
+ * sendMedia path (channel.ts) so they stay in sync.
+ */
+export async function sendWeixinMediaFile(params: {
+ filePath: string;
+ to: string;
+ text: string;
+ opts: WeixinApiOptions & { contextToken?: string };
+ cdnBaseUrl: string;
+}): Promise<{ messageId: string }> {
+ const { filePath, to, text, opts, cdnBaseUrl } = params;
+ const mime = getMimeFromFilename(filePath);
+ const uploadOpts: WeixinApiOptions = { baseUrl: opts.baseUrl, token: opts.token };
+
+ if (mime.startsWith("video/")) {
+ logger.info(`[weixin] sendWeixinMediaFile: uploading video filePath=${filePath} to=${to}`);
+ const uploaded = await uploadVideoToWeixin({
+ filePath,
+ toUserId: to,
+ opts: uploadOpts,
+ cdnBaseUrl,
+ });
+ logger.info(
+ `[weixin] sendWeixinMediaFile: video upload done filekey=${uploaded.filekey} size=${uploaded.fileSize}`,
+ );
+ return sendVideoMessageWeixin({ to, text, uploaded, opts });
+ }
+
+ if (mime.startsWith("image/")) {
+ logger.info(`[weixin] sendWeixinMediaFile: uploading image filePath=${filePath} to=${to}`);
+ const uploaded = await uploadFileToWeixin({
+ filePath,
+ toUserId: to,
+ opts: uploadOpts,
+ cdnBaseUrl,
+ });
+ logger.info(
+ `[weixin] sendWeixinMediaFile: image upload done filekey=${uploaded.filekey} size=${uploaded.fileSize}`,
+ );
+ return sendImageMessageWeixin({ to, text, uploaded, opts });
+ }
+
+ // File attachment: pdf, doc, zip, etc.
+ const fileName = path.basename(filePath);
+ logger.info(
+ `[weixin] sendWeixinMediaFile: uploading file attachment filePath=${filePath} name=${fileName} to=${to}`,
+ );
+ const uploaded = await uploadFileAttachmentToWeixin({
+ filePath,
+ fileName,
+ toUserId: to,
+ opts: uploadOpts,
+ cdnBaseUrl,
+ });
+ logger.info(
+ `[weixin] sendWeixinMediaFile: file upload done filekey=${uploaded.filekey} size=${uploaded.fileSize}`,
+ );
+ return sendFileMessageWeixin({ to, text, fileName, uploaded, opts });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/send.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/send.ts"
new file mode 100644
index 00000000..5c2a2afd
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/send.ts"
@@ -0,0 +1,267 @@
+import type { ReplyPayload } from "openclaw/plugin-sdk";
+import { stripMarkdown } from "openclaw/plugin-sdk";
+
+import { sendMessage as sendMessageApi } from "../api/api.js";
+import type { WeixinApiOptions } from "../api/api.js";
+import { logger } from "../util/logger.js";
+import { generateId } from "../util/random.js";
+import type { MessageItem, SendMessageReq } from "../api/types.js";
+import { MessageItemType, MessageState, MessageType } from "../api/types.js";
+import type { UploadedFileInfo } from "../cdn/upload.js";
+
+function generateClientId(): string {
+ return generateId("openclaw-weixin");
+}
+
+/**
+ * Convert markdown-formatted model reply to plain text for Weixin delivery.
+ * Preserves newlines; strips markdown syntax.
+ */
+export function markdownToPlainText(text: string): string {
+ let result = text;
+ // Code blocks: strip fences, keep code content
+ result = result.replace(/```[^\n]*\n?([\s\S]*?)```/g, (_, code: string) => code.trim());
+ // Images: remove entirely
+ result = result.replace(/!\[[^\]]*\]\([^)]*\)/g, "");
+ // Links: keep display text only
+ result = result.replace(/\[([^\]]+)\]\([^)]*\)/g, "$1");
+ // Tables: remove separator rows, then strip leading/trailing pipes and convert inner pipes to spaces
+ result = result.replace(/^\|[\s:|-]+\|$/gm, "");
+ result = result.replace(/^\|(.+)\|$/gm, (_, inner: string) =>
+ inner.split("|").map((cell) => cell.trim()).join(" "),
+ );
+ result = stripMarkdown(result);
+ return result;
+}
+
+
+/** Build a SendMessageReq containing a single text message. */
+function buildTextMessageReq(params: {
+ to: string;
+ text: string;
+ contextToken?: string;
+ clientId: string;
+}): SendMessageReq {
+ const { to, text, contextToken, clientId } = params;
+ const item_list: MessageItem[] = text
+ ? [{ type: MessageItemType.TEXT, text_item: { text } }]
+ : [];
+ return {
+ msg: {
+ from_user_id: "",
+ to_user_id: to,
+ client_id: clientId,
+ message_type: MessageType.BOT,
+ message_state: MessageState.FINISH,
+ item_list: item_list.length ? item_list : undefined,
+ context_token: contextToken ?? undefined,
+ },
+ };
+}
+
+/** Build a SendMessageReq from a reply payload (text only; image send uses sendImageMessageWeixin). */
+function buildSendMessageReq(params: {
+ to: string;
+ contextToken?: string;
+ payload: ReplyPayload;
+ clientId: string;
+}): SendMessageReq {
+ const { to, contextToken, payload, clientId } = params;
+ return buildTextMessageReq({
+ to,
+ text: payload.text ?? "",
+ contextToken,
+ clientId,
+ });
+}
+
+/**
+ * Send a plain text message downstream.
+ * contextToken is required for all reply sends; missing it breaks conversation association.
+ */
+export async function sendMessageWeixin(params: {
+ to: string;
+ text: string;
+ opts: WeixinApiOptions & { contextToken?: string };
+}): Promise<{ messageId: string }> {
+ const { to, text, opts } = params;
+ if (!opts.contextToken) {
+ logger.error(`sendMessageWeixin: contextToken missing, refusing to send to=${to}`);
+ throw new Error("sendMessageWeixin: contextToken is required");
+ }
+ const clientId = generateClientId();
+ const req = buildSendMessageReq({
+ to,
+ contextToken: opts.contextToken,
+ payload: { text },
+ clientId,
+ });
+ try {
+ await sendMessageApi({
+ baseUrl: opts.baseUrl,
+ token: opts.token,
+ timeoutMs: opts.timeoutMs,
+ body: req,
+ });
+ } catch (err) {
+ logger.error(`sendMessageWeixin: failed to=${to} clientId=${clientId} err=${String(err)}`);
+ throw err;
+ }
+ return { messageId: clientId };
+}
+
+/**
+ * Send one or more MessageItems (optionally preceded by a text caption) downstream.
+ * Each item is sent as its own request so that item_list always has exactly one entry.
+ */
+async function sendMediaItems(params: {
+ to: string;
+ text: string;
+ mediaItem: MessageItem;
+ opts: WeixinApiOptions & { contextToken?: string };
+ label: string;
+}): Promise<{ messageId: string }> {
+ const { to, text, mediaItem, opts, label } = params;
+
+ const items: MessageItem[] = [];
+ if (text) {
+ items.push({ type: MessageItemType.TEXT, text_item: { text } });
+ }
+ items.push(mediaItem);
+
+ let lastClientId = "";
+ for (const item of items) {
+ lastClientId = generateClientId();
+ const req: SendMessageReq = {
+ msg: {
+ from_user_id: "",
+ to_user_id: to,
+ client_id: lastClientId,
+ message_type: MessageType.BOT,
+ message_state: MessageState.FINISH,
+ item_list: [item],
+ context_token: opts.contextToken ?? undefined,
+ },
+ };
+ try {
+ await sendMessageApi({
+ baseUrl: opts.baseUrl,
+ token: opts.token,
+ timeoutMs: opts.timeoutMs,
+ body: req,
+ });
+ } catch (err) {
+ logger.error(
+ `${label}: failed to=${to} clientId=${lastClientId} err=${String(err)}`,
+ );
+ throw err;
+ }
+ }
+
+ logger.debug(`${label}: success to=${to} clientId=${lastClientId}`);
+ return { messageId: lastClientId };
+}
+
+/**
+ * Send an image message downstream using a previously uploaded file.
+ * Optionally include a text caption as a separate TEXT item before the image.
+ *
+ * ImageItem fields:
+ * - media.encrypt_query_param: CDN download param
+ * - media.aes_key: AES key, base64-encoded
+ * - mid_size: original ciphertext file size
+ */
+export async function sendImageMessageWeixin(params: {
+ to: string;
+ text: string;
+ uploaded: UploadedFileInfo;
+ opts: WeixinApiOptions & { contextToken?: string };
+}): Promise<{ messageId: string }> {
+ const { to, text, uploaded, opts } = params;
+ if (!opts.contextToken) {
+ logger.error(`sendImageMessageWeixin: contextToken missing, refusing to send to=${to}`);
+ throw new Error("sendImageMessageWeixin: contextToken is required");
+ }
+ logger.debug(
+ `sendImageMessageWeixin: to=${to} filekey=${uploaded.filekey} fileSize=${uploaded.fileSize} aeskey=present`,
+ );
+
+ const imageItem: MessageItem = {
+ type: MessageItemType.IMAGE,
+ image_item: {
+ media: {
+ encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+ aes_key: Buffer.from(uploaded.aeskey).toString("base64"),
+ encrypt_type: 1,
+ },
+ mid_size: uploaded.fileSizeCiphertext,
+ },
+ };
+
+ return sendMediaItems({ to, text, mediaItem: imageItem, opts, label: "sendImageMessageWeixin" });
+}
+
+/**
+ * Send a video message downstream using a previously uploaded file.
+ * VideoItem: media (CDN ref), video_size (ciphertext bytes).
+ * Includes an optional text caption sent as a separate TEXT item first.
+ */
+export async function sendVideoMessageWeixin(params: {
+ to: string;
+ text: string;
+ uploaded: UploadedFileInfo;
+ opts: WeixinApiOptions & { contextToken?: string };
+}): Promise<{ messageId: string }> {
+ const { to, text, uploaded, opts } = params;
+ if (!opts.contextToken) {
+ logger.error(`sendVideoMessageWeixin: contextToken missing, refusing to send to=${to}`);
+ throw new Error("sendVideoMessageWeixin: contextToken is required");
+ }
+
+ const videoItem: MessageItem = {
+ type: MessageItemType.VIDEO,
+ video_item: {
+ media: {
+ encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+ aes_key: Buffer.from(uploaded.aeskey).toString("base64"),
+ encrypt_type: 1,
+ },
+ video_size: uploaded.fileSizeCiphertext,
+ },
+ };
+
+ return sendMediaItems({ to, text, mediaItem: videoItem, opts, label: "sendVideoMessageWeixin" });
+}
+
+/**
+ * Send a file attachment downstream using a previously uploaded file.
+ * FileItem: media (CDN ref), file_name, len (plaintext bytes as string).
+ * Includes an optional text caption sent as a separate TEXT item first.
+ */
+export async function sendFileMessageWeixin(params: {
+ to: string;
+ text: string;
+ fileName: string;
+ uploaded: UploadedFileInfo;
+ opts: WeixinApiOptions & { contextToken?: string };
+}): Promise<{ messageId: string }> {
+ const { to, text, fileName, uploaded, opts } = params;
+ if (!opts.contextToken) {
+ logger.error(`sendFileMessageWeixin: contextToken missing, refusing to send to=${to}`);
+ throw new Error("sendFileMessageWeixin: contextToken is required");
+ }
+ const fileItem: MessageItem = {
+ type: MessageItemType.FILE,
+ file_item: {
+ media: {
+ encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+ aes_key: Buffer.from(uploaded.aeskey).toString("base64"),
+ encrypt_type: 1,
+ },
+ file_name: fileName,
+ len: String(uploaded.fileSize),
+ },
+ };
+
+ return sendMediaItems({ to, text, mediaItem: fileItem, opts, label: "sendFileMessageWeixin" });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/slash-commands.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/slash-commands.ts"
new file mode 100644
index 00000000..9d2160e5
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/messaging/slash-commands.ts"
@@ -0,0 +1,110 @@
+/**
+ * Weixin 斜杠指令处理模块
+ *
+ * 支持的指令:
+ * - /echo <message> 直接回复消息(不经过 AI),并附带通道耗时统计
+ * - /toggle-debug 开关 debug 模式,启用后每条 AI 回复追加全链路耗时
+ */
+import type { WeixinApiOptions } from "../api/api.js";
+import { logger } from "../util/logger.js";
+
+import { toggleDebugMode, isDebugMode } from "./debug-mode.js";
+import { sendMessageWeixin } from "./send.js";
+
+export interface SlashCommandResult {
+ /** 是否是斜杠指令(true 表示已处理,不需要继续走 AI) */
+ handled: boolean;
+}
+
+export interface SlashCommandContext {
+ to: string;
+ contextToken?: string;
+ baseUrl: string;
+ token?: string;
+ accountId: string;
+ log: (msg: string) => void;
+ errLog: (msg: string) => void;
+}
+
+/** 发送回复消息 */
+async function sendReply(ctx: SlashCommandContext, text: string): Promise<void> {
+ const opts: WeixinApiOptions & { contextToken?: string } = {
+ baseUrl: ctx.baseUrl,
+ token: ctx.token,
+ contextToken: ctx.contextToken,
+ };
+ await sendMessageWeixin({ to: ctx.to, text, opts });
+}
+
+/** 处理 /echo 指令 */
+async function handleEcho(
+ ctx: SlashCommandContext,
+ args: string,
+ receivedAt: number,
+ eventTimestamp?: number,
+): Promise<void> {
+ const message = args.trim();
+ if (message) {
+ await sendReply(ctx, message);
+ }
+ const eventTs = eventTimestamp ?? 0;
+ const platformDelay = eventTs > 0 ? `${receivedAt - eventTs}ms` : "N/A";
+ const timing = [
+ "⏱ 通道耗时",
+ `├ 事件时间: ${eventTs > 0 ? new Date(eventTs).toISOString() : "N/A"}`,
+ `├ 平台→插件: ${platformDelay}`,
+ `└ 插件处理: ${Date.now() - receivedAt}ms`,
+ ].join("\n");
+ await sendReply(ctx, timing);
+}
+
+/**
+ * 尝试处理斜杠指令
+ *
+ * @returns handled=true 表示该消息已作为指令处理,不需要继续走 AI 管道
+ */
+export async function handleSlashCommand(
+ content: string,
+ ctx: SlashCommandContext,
+ receivedAt: number,
+ eventTimestamp?: number,
+): Promise<SlashCommandResult> {
+ const trimmed = content.trim();
+ if (!trimmed.startsWith("/")) {
+ return { handled: false };
+ }
+
+ const spaceIdx = trimmed.indexOf(" ");
+ const command = spaceIdx === -1 ? trimmed.toLowerCase() : trimmed.slice(0, spaceIdx).toLowerCase();
+ const args = spaceIdx === -1 ? "" : trimmed.slice(spaceIdx + 1);
+
+ logger.info(`[weixin] Slash command: ${command}, args: ${args.slice(0, 50)}`);
+
+ try {
+ switch (command) {
+ case "/echo":
+ await handleEcho(ctx, args, receivedAt, eventTimestamp);
+ return { handled: true };
+ case "/toggle-debug": {
+ const enabled = toggleDebugMode(ctx.accountId);
+ await sendReply(
+ ctx,
+ enabled
+ ? "Debug 模式已开启"
+ : "Debug 模式已关闭",
+ );
+ return { handled: true };
+ }
+ default:
+ return { handled: false };
+ }
+ } catch (err) {
+ logger.error(`[weixin] Slash command error: ${String(err)}`);
+ try {
+ await sendReply(ctx, `❌ 指令执行失败: ${String(err).slice(0, 200)}`);
+ } catch {
+ // 发送错误消息也失败了,只能记日志
+ }
+ return { handled: true };
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/monitor/monitor.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/monitor/monitor.ts"
new file mode 100644
index 00000000..385cef34
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/monitor/monitor.ts"
@@ -0,0 +1,221 @@
+import type { ChannelAccountSnapshot, PluginRuntime } from "openclaw/plugin-sdk";
+
+import { getUpdates } from "../api/api.js";
+import { WeixinConfigManager } from "../api/config-cache.js";
+import { SESSION_EXPIRED_ERRCODE, pauseSession, getRemainingPauseMs } from "../api/session-guard.js";
+import { processOneMessage } from "../messaging/process-message.js";
+import { getWeixinRuntime, waitForWeixinRuntime } from "../runtime.js";
+import { getSyncBufFilePath, loadGetUpdatesBuf, saveGetUpdatesBuf } from "../storage/sync-buf.js";
+import { logger } from "../util/logger.js";
+import type { Logger } from "../util/logger.js";
+import { redactBody } from "../util/redact.js";
+
+const DEFAULT_LONG_POLL_TIMEOUT_MS = 35_000;
+const MAX_CONSECUTIVE_FAILURES = 3;
+const BACKOFF_DELAY_MS = 30_000;
+const RETRY_DELAY_MS = 2_000;
+
+export type MonitorWeixinOpts = {
+ baseUrl: string;
+ cdnBaseUrl: string;
+ token?: string;
+ accountId: string;
+ /** When non-empty, only messages whose from_user_id is in this list are processed. */
+ allowFrom?: string[];
+ config: import("openclaw/plugin-sdk/core").OpenClawConfig;
+ runtime?: { log?: (msg: string) => void; error?: (msg: string) => void };
+ abortSignal?: AbortSignal;
+ longPollTimeoutMs?: number;
+ /** Gateway status callback — called on each successful poll and inbound message. */
+ setStatus?: (next: ChannelAccountSnapshot) => void;
+};
+
+/**
+ * Long-poll loop: getUpdates -> normalize -> recordInboundSession -> dispatchReplyFromConfig.
+ * Runs until abort.
+ */
+export async function monitorWeixinProvider(opts: MonitorWeixinOpts): Promise<void> {
+ const {
+ baseUrl,
+ cdnBaseUrl,
+ token,
+ accountId,
+ config,
+ abortSignal,
+ longPollTimeoutMs,
+ setStatus,
+ } = opts;
+ const log = opts.runtime?.log ?? (() => {});
+ const errLog = opts.runtime?.error ?? ((m: string) => log(m));
+ const aLog: Logger = logger.withAccount(accountId);
+
+ aLog.info(`waiting for Weixin runtime...`);
+ let channelRuntime: PluginRuntime["channel"];
+ try {
+ const pluginRuntime = await waitForWeixinRuntime();
+ channelRuntime = pluginRuntime.channel;
+ aLog.info(`Weixin runtime acquired, channelRuntime type: ${typeof channelRuntime}`);
+ } catch (err) {
+ aLog.error(`waitForWeixinRuntime() failed: ${String(err)}`);
+ throw err;
+ }
+
+ log(`weixin monitor started (${baseUrl}, account=${accountId})`);
+ aLog.info(
+ `Monitor started: baseUrl=${baseUrl} timeoutMs=${longPollTimeoutMs ?? DEFAULT_LONG_POLL_TIMEOUT_MS}`,
+ );
+
+ const syncFilePath = getSyncBufFilePath(accountId);
+ aLog.debug(`syncFilePath: ${syncFilePath}`);
+
+ const previousGetUpdatesBuf = loadGetUpdatesBuf(syncFilePath);
+ let getUpdatesBuf = previousGetUpdatesBuf ?? "";
+
+ if (previousGetUpdatesBuf) {
+ log(`[weixin] resuming from previous sync buf (${getUpdatesBuf.length} bytes)`);
+ aLog.debug(`Using previous get_updates_buf (${getUpdatesBuf.length} bytes)`);
+ } else {
+ log(`[weixin] no previous sync buf, starting fresh`);
+ aLog.info(`No previous get_updates_buf found, starting fresh`);
+ }
+
+ const configManager = new WeixinConfigManager({ baseUrl, token }, log);
+
+ let nextTimeoutMs = longPollTimeoutMs ?? DEFAULT_LONG_POLL_TIMEOUT_MS;
+ let consecutiveFailures = 0;
+
+ while (!abortSignal?.aborted) {
+ try {
+ aLog.debug(
+ `getUpdates: get_updates_buf=${getUpdatesBuf.substring(0, 50)}..., timeoutMs=${nextTimeoutMs}`,
+ );
+ const resp = await getUpdates({
+ baseUrl,
+ token,
+ get_updates_buf: getUpdatesBuf,
+ timeoutMs: nextTimeoutMs,
+ });
+ aLog.debug(
+ `getUpdates response: ret=${resp.ret}, msgs=${resp.msgs?.length ?? 0}, get_updates_buf_length=${resp.get_updates_buf?.length ?? 0}`,
+ );
+
+ if (resp.longpolling_timeout_ms != null && resp.longpolling_timeout_ms > 0) {
+ nextTimeoutMs = resp.longpolling_timeout_ms;
+ aLog.debug(`Updated next poll timeout: ${nextTimeoutMs}ms`);
+ }
+ const isApiError =
+ (resp.ret !== undefined && resp.ret !== 0) ||
+ (resp.errcode !== undefined && resp.errcode !== 0);
+ if (isApiError) {
+ const isSessionExpired =
+ resp.errcode === SESSION_EXPIRED_ERRCODE || resp.ret === SESSION_EXPIRED_ERRCODE;
+
+ if (isSessionExpired) {
+ pauseSession(accountId);
+ const pauseMs = getRemainingPauseMs(accountId);
+ errLog(
+ `weixin getUpdates: session expired (errcode ${SESSION_EXPIRED_ERRCODE}), pausing bot for ${Math.ceil(pauseMs / 60_000)} min`,
+ );
+ aLog.error(
+ `getUpdates: session expired (errcode=${resp.errcode} ret=${resp.ret}), pausing all requests for ${Math.ceil(pauseMs / 60_000)} min`,
+ );
+ consecutiveFailures = 0;
+ await sleep(pauseMs, abortSignal);
+ continue;
+ }
+
+ consecutiveFailures += 1;
+ errLog(
+ `weixin getUpdates failed: ret=${resp.ret} errcode=${resp.errcode} errmsg=${resp.errmsg ?? ""} (${consecutiveFailures}/${MAX_CONSECUTIVE_FAILURES})`,
+ );
+ aLog.error(
+ `getUpdates failed: ret=${resp.ret} errcode=${resp.errcode} errmsg=${resp.errmsg} response=${redactBody(JSON.stringify(resp))}`,
+ );
+ if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+ errLog(
+ `weixin getUpdates: ${MAX_CONSECUTIVE_FAILURES} consecutive failures, backing off 30s`,
+ );
+ aLog.error(
+ `getUpdates: ${MAX_CONSECUTIVE_FAILURES} consecutive failures, backing off 30s`,
+ );
+ consecutiveFailures = 0;
+ await sleep(BACKOFF_DELAY_MS, abortSignal);
+ } else {
+ await sleep(RETRY_DELAY_MS, abortSignal);
+ }
+ continue;
+ }
+ consecutiveFailures = 0;
+ setStatus?.({ accountId, lastEventAt: Date.now() });
+ if (resp.get_updates_buf != null && resp.get_updates_buf !== "") {
+ saveGetUpdatesBuf(syncFilePath, resp.get_updates_buf);
+ getUpdatesBuf = resp.get_updates_buf;
+ aLog.debug(`Saved new get_updates_buf (${getUpdatesBuf.length} bytes)`);
+ }
+ const list = resp.msgs ?? [];
+ for (const full of list) {
+ aLog.info(
+ `inbound message: from=${full.from_user_id} types=${full.item_list?.map((i) => i.type).join(",") ?? "none"}`,
+ );
+
+ const now = Date.now();
+ setStatus?.({ accountId, lastEventAt: now, lastInboundAt: now });
+
+ // allowFrom filtering is delegated to processOneMessage via the framework
+ // authorization pipeline (resolveSenderCommandAuthorizationWithRuntime).
+
+ const fromUserId = full.from_user_id ?? "";
+ const cachedConfig = await configManager.getForUser(fromUserId, full.context_token);
+
+ await processOneMessage(full, {
+ accountId,
+ config,
+ channelRuntime,
+ baseUrl,
+ cdnBaseUrl,
+ token,
+ typingTicket: cachedConfig.typingTicket,
+ log: opts.runtime?.log ?? (() => {}),
+ errLog,
+ });
+ }
+ } catch (err) {
+ if (abortSignal?.aborted) {
+ aLog.info(`Monitor stopped (aborted)`);
+ return;
+ }
+ consecutiveFailures += 1;
+ errLog(
+ `weixin getUpdates error (${consecutiveFailures}/${MAX_CONSECUTIVE_FAILURES}): ${String(err)}`,
+ );
+ aLog.error(`getUpdates error: ${String(err)}, stack=${(err as Error).stack}`);
+ if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+ errLog(
+ `weixin getUpdates: ${MAX_CONSECUTIVE_FAILURES} consecutive failures, backing off 30s`,
+ );
+ aLog.error(
+ `getUpdates: ${MAX_CONSECUTIVE_FAILURES} consecutive failures, backing off 30s`,
+ );
+ consecutiveFailures = 0;
+ await sleep(30_000, abortSignal);
+ } else {
+ await sleep(2000, abortSignal);
+ }
+ }
+ }
+ aLog.info(`Monitor ended`);
+}
+
+function sleep(ms: number, signal?: AbortSignal): Promise<void> {
+ return new Promise((resolve, reject) => {
+ const t = setTimeout(resolve, ms);
+ signal?.addEventListener(
+ "abort",
+ () => {
+ clearTimeout(t);
+ reject(new Error("aborted"));
+ },
+ { once: true },
+ );
+ });
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/runtime.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/runtime.ts"
new file mode 100644
index 00000000..3f806a79
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/runtime.ts"
@@ -0,0 +1,70 @@
+import type { PluginRuntime } from "openclaw/plugin-sdk";
+
+import { logger } from "./util/logger.js";
+
+let pluginRuntime: PluginRuntime | null = null;
+
+export type PluginChannelRuntime = PluginRuntime["channel"];
+
+/**
+ * Sets the global Weixin runtime (called from plugin register).
+ */
+export function setWeixinRuntime(next: PluginRuntime): void {
+ pluginRuntime = next;
+ logger.info(`[runtime] setWeixinRuntime called, runtime set successfully`);
+}
+
+/**
+ * Gets the global Weixin runtime (throws if not initialized).
+ */
+export function getWeixinRuntime(): PluginRuntime {
+ if (!pluginRuntime) {
+ throw new Error("Weixin runtime not initialized");
+ }
+ return pluginRuntime;
+}
+
+const WAIT_INTERVAL_MS = 100;
+const DEFAULT_TIMEOUT_MS = 10_000;
+
+/**
+ * Waits for the Weixin runtime to be initialized (async polling).
+ */
+export async function waitForWeixinRuntime(
+ timeoutMs = DEFAULT_TIMEOUT_MS,
+): Promise<PluginRuntime> {
+ const start = Date.now();
+ while (!pluginRuntime) {
+ if (Date.now() - start > timeoutMs) {
+ throw new Error("Weixin runtime initialization timeout");
+ }
+ await new Promise((resolve) => setTimeout(resolve, WAIT_INTERVAL_MS));
+ }
+ return pluginRuntime;
+}
+
+/**
+ * Resolves `PluginRuntime["channel"]` for the long-poll monitor.
+ *
+ * Prefer the gateway-injected `channelRuntime` on `ChannelGatewayContext` when present (avoids
+ * races with the module-global from `register()`). Fall back to the global set by `setWeixinRuntime()`,
+ * then to a short wait for legacy hosts.
+ */
+export async function resolveWeixinChannelRuntime(params: {
+ channelRuntime?: PluginChannelRuntime;
+ waitTimeoutMs?: number;
+}): Promise<PluginChannelRuntime> {
+ if (params.channelRuntime) {
+ logger.debug("[runtime] channelRuntime from gateway context");
+ return params.channelRuntime;
+ }
+ if (pluginRuntime) {
+ logger.debug("[runtime] channelRuntime from register() global");
+ return pluginRuntime.channel;
+ }
+ logger.warn(
+ "[runtime] no channelRuntime on ctx and no global runtime yet; waiting for register()",
+ );
+ const pr = await waitForWeixinRuntime(params.waitTimeoutMs ?? DEFAULT_TIMEOUT_MS);
+ return pr.channel;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/storage/state-dir.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/storage/state-dir.ts"
new file mode 100644
index 00000000..f5662a7c
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/storage/state-dir.ts"
@@ -0,0 +1,11 @@
+import os from "node:os";
+import path from "node:path";
+
+/** Resolve the OpenClaw state directory (mirrors core logic in src/infra). */
+export function resolveStateDir(): string {
+ return (
+ process.env.OPENCLAW_STATE_DIR?.trim() ||
+ process.env.CLAWDBOT_STATE_DIR?.trim() ||
+ path.join(os.homedir(), ".openclaw")
+ );
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/storage/sync-buf.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/storage/sync-buf.ts"
new file mode 100644
index 00000000..ba4f199b
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/storage/sync-buf.ts"
@@ -0,0 +1,81 @@
+import fs from "node:fs";
+import path from "node:path";
+
+import { deriveRawAccountId } from "../auth/accounts.js";
+
+import { resolveStateDir } from "./state-dir.js";
+
+function resolveAccountsDir(): string {
+ return path.join(resolveStateDir(), "openclaw-weixin", "accounts");
+}
+
+/**
+ * Path to the persistent get_updates_buf file for an account.
+ * Stored alongside account data: ~/.openclaw/openclaw-weixin/accounts/{accountId}.sync.json
+ */
+export function getSyncBufFilePath(accountId: string): string {
+ return path.join(resolveAccountsDir(), `${accountId}.sync.json`);
+}
+
+/** Legacy single-account syncbuf (pre multi-account): `.openclaw-weixin-sync/default.json`. */
+function getLegacySyncBufDefaultJsonPath(): string {
+ return path.join(
+ resolveStateDir(),
+ "agents",
+ "default",
+ "sessions",
+ ".openclaw-weixin-sync",
+ "default.json",
+ );
+}
+
+export type SyncBufData = {
+ get_updates_buf: string;
+};
+
+function readSyncBufFile(filePath: string): string | undefined {
+ try {
+ const raw = fs.readFileSync(filePath, "utf-8");
+ const data = JSON.parse(raw) as { get_updates_buf?: string };
+ if (typeof data.get_updates_buf === "string") {
+ return data.get_updates_buf;
+ }
+ } catch {
+ // file not found or invalid
+ }
+ return undefined;
+}
+
+/**
+ * Load persisted get_updates_buf.
+ * Falls back in order:
+ * 1. Primary path (normalized accountId, new installs)
+ * 2. Compat path (raw accountId derived from pattern, old installs)
+ * 3. Legacy single-account path (very old installs without multi-account support)
+ */
+export function loadGetUpdatesBuf(filePath: string): string | undefined {
+ const value = readSyncBufFile(filePath);
+ if (value !== undefined) return value;
+
+ // Compat: if given path uses a normalized accountId (e.g. "b0f5860fdecb-im-bot.sync.json"),
+ // also try the old raw-ID filename (e.g. "b0f5860fdecb@im.bot.sync.json").
+ const accountId = path.basename(filePath, ".sync.json");
+ const rawId = deriveRawAccountId(accountId);
+ if (rawId) {
+ const compatPath = path.join(resolveAccountsDir(), `${rawId}.sync.json`);
+ const compatValue = readSyncBufFile(compatPath);
+ if (compatValue !== undefined) return compatValue;
+ }
+
+ // Legacy fallback: old single-account installs stored syncbuf without accountId.
+ return readSyncBufFile(getLegacySyncBufDefaultJsonPath());
+}
+
+/**
+ * Persist get_updates_buf. Creates parent dir if needed.
+ */
+export function saveGetUpdatesBuf(filePath: string, getUpdatesBuf: string): void {
+ const dir = path.dirname(filePath);
+ fs.mkdirSync(dir, { recursive: true });
+ fs.writeFileSync(filePath, JSON.stringify({ get_updates_buf: getUpdatesBuf }, null, 0), "utf-8");
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/logger.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/logger.ts"
new file mode 100644
index 00000000..cbb1ccc1
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/logger.ts"
@@ -0,0 +1,143 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+/**
+ * Plugin logger — writes JSON lines to the main openclaw log file:
+ * /tmp/openclaw/openclaw-YYYY-MM-DD.log
+ * Same file and format used by all other channels.
+ */
+
+const MAIN_LOG_DIR = path.join("/tmp", "openclaw");
+const SUBSYSTEM = "gateway/channels/openclaw-weixin";
+const RUNTIME = "node";
+const RUNTIME_VERSION = process.versions.node;
+const HOSTNAME = os.hostname() || "unknown";
+const PARENT_NAMES = ["openclaw"];
+
+/** tslog-compatible level IDs (higher = more severe). */
+const LEVEL_IDS: Record<string, number> = {
+ TRACE: 1,
+ DEBUG: 2,
+ INFO: 3,
+ WARN: 4,
+ ERROR: 5,
+ FATAL: 6,
+};
+
+const DEFAULT_LOG_LEVEL = "INFO";
+
+function resolveMinLevel(): number {
+ const env = process.env.OPENCLAW_LOG_LEVEL?.toUpperCase();
+ if (env && env in LEVEL_IDS) return LEVEL_IDS[env];
+ return LEVEL_IDS[DEFAULT_LOG_LEVEL];
+}
+
+let minLevelId = resolveMinLevel();
+
+/** Dynamically change the minimum log level at runtime. */
+export function setLogLevel(level: string): void {
+ const upper = level.toUpperCase();
+ if (!(upper in LEVEL_IDS)) {
+ throw new Error(`Invalid log level: ${level}. Valid levels: ${Object.keys(LEVEL_IDS).join(", ")}`);
+ }
+ minLevelId = LEVEL_IDS[upper];
+}
+
+/** Shift a Date into local time so toISOString() renders local clock digits. */
+function toLocalISO(now: Date): string {
+ const offsetMs = -now.getTimezoneOffset() * 60_000;
+ const sign = offsetMs >= 0 ? "+" : "-";
+ const abs = Math.abs(now.getTimezoneOffset());
+ const offStr = `${sign}${String(Math.floor(abs / 60)).padStart(2, "0")}:${String(abs % 60).padStart(2, "0")}`;
+ return new Date(now.getTime() + offsetMs).toISOString().replace("Z", offStr);
+}
+
+function localDateKey(now: Date): string {
+ return toLocalISO(now).slice(0, 10);
+}
+
+function resolveMainLogPath(): string {
+ const dateKey = localDateKey(new Date());
+ return path.join(MAIN_LOG_DIR, `openclaw-${dateKey}.log`);
+}
+
+let logDirEnsured = false;
+
+export type Logger = {
+ info(message: string): void;
+ debug(message: string): void;
+ warn(message: string): void;
+ error(message: string): void;
+ /** Returns a child logger whose messages are prefixed with `[accountId]`. */
+ withAccount(accountId: string): Logger;
+ /** Returns the current main log file path. */
+ getLogFilePath(): string;
+ close(): void;
+};
+
+function buildLoggerName(accountId?: string): string {
+ return accountId ? `${SUBSYSTEM}/${accountId}` : SUBSYSTEM;
+}
+
+function writeLog(level: string, message: string, accountId?: string): void {
+ const levelId = LEVEL_IDS[level] ?? LEVEL_IDS.INFO;
+ if (levelId < minLevelId) return;
+
+ const now = new Date();
+ const loggerName = buildLoggerName(accountId);
+ const prefixedMessage = accountId ? `[${accountId}] ${message}` : message;
+ const entry = JSON.stringify({
+ "0": loggerName,
+ "1": prefixedMessage,
+ _meta: {
+ runtime: RUNTIME,
+ runtimeVersion: RUNTIME_VERSION,
+ hostname: HOSTNAME,
+ name: loggerName,
+ parentNames: PARENT_NAMES,
+ date: now.toISOString(),
+ logLevelId: LEVEL_IDS[level] ?? LEVEL_IDS.INFO,
+ logLevelName: level,
+ },
+ time: toLocalISO(now),
+ });
+ try {
+ if (!logDirEnsured) {
+ fs.mkdirSync(MAIN_LOG_DIR, { recursive: true });
+ logDirEnsured = true;
+ }
+ fs.appendFileSync(resolveMainLogPath(), `${entry}\n`, "utf-8");
+ } catch {
+ // Best-effort; never block on logging failures.
+ }
+}
+
+/** Creates a logger instance, optionally bound to a specific account. */
+function createLogger(accountId?: string): Logger {
+ return {
+ info(message: string): void {
+ writeLog("INFO", message, accountId);
+ },
+ debug(message: string): void {
+ writeLog("DEBUG", message, accountId);
+ },
+ warn(message: string): void {
+ writeLog("WARN", message, accountId);
+ },
+ error(message: string): void {
+ writeLog("ERROR", message, accountId);
+ },
+ withAccount(id: string): Logger {
+ return createLogger(id);
+ },
+ getLogFilePath(): string {
+ return resolveMainLogPath();
+ },
+ close(): void {
+ // No-op: appendFileSync has no persistent handle to close.
+ },
+ };
+}
+
+export const logger: Logger = createLogger();
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/random.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/random.ts"
new file mode 100644
index 00000000..194124da
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/random.ts"
@@ -0,0 +1,17 @@
+import crypto from "node:crypto";
+
+/**
+ * Generate a prefixed unique ID using timestamp + crypto random bytes.
+ * Format: `{prefix}:{timestamp}-{8-char hex}`
+ */
+export function generateId(prefix: string): string {
+ return `${prefix}:${Date.now()}-${crypto.randomBytes(4).toString("hex")}`;
+}
+
+/**
+ * Generate a temporary file name with random suffix.
+ * Format: `{prefix}-{timestamp}-{8-char hex}{ext}`
+ */
+export function tempFileName(prefix: string, ext: string): string {
+ return `${prefix}-${Date.now()}-${crypto.randomBytes(4).toString("hex")}${ext}`;
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/redact.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/redact.ts"
new file mode 100644
index 00000000..2b0491d9
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/util/redact.ts"
@@ -0,0 +1,46 @@
+const DEFAULT_BODY_MAX_LEN = 200;
+const DEFAULT_TOKEN_PREFIX_LEN = 6;
+
+/**
+ * Truncate a string, appending a length indicator when trimmed.
+ * Returns `""` for empty/undefined input.
+ */
+export function truncate(s: string | undefined, max: number): string {
+ if (!s) return "";
+ if (s.length <= max) return s;
+ return `${s.slice(0, max)}…(len=${s.length})`;
+}
+
+/**
+ * Redact a token/secret: show only the first few chars + total length.
+ * Returns `"(none)"` when absent.
+ */
+export function redactToken(token: string | undefined, prefixLen = DEFAULT_TOKEN_PREFIX_LEN): string {
+ if (!token) return "(none)";
+ if (token.length <= prefixLen) return `****(len=${token.length})`;
+ return `${token.slice(0, prefixLen)}…(len=${token.length})`;
+}
+
+/**
+ * Truncate a JSON body string to `maxLen` chars for safe logging.
+ * Appends original length so the reader knows how much was dropped.
+ */
+export function redactBody(body: string | undefined, maxLen = DEFAULT_BODY_MAX_LEN): string {
+ if (!body) return "(empty)";
+ if (body.length <= maxLen) return body;
+ return `${body.slice(0, maxLen)}…(truncated, totalLen=${body.length})`;
+}
+
+/**
+ * Strip query string (which often contains signatures/tokens) from a URL,
+ * keeping only origin + pathname.
+ */
+export function redactUrl(rawUrl: string): string {
+ try {
+ const u = new URL(rawUrl);
+ const base = `${u.origin}${u.pathname}`;
+ return u.search ? `${base}?<redacted>` : base;
+ } catch {
+ return truncate(rawUrl, 80);
+ }
+}
diff --git "a/\350\265\204\346\226\231/weixin-openclaw-package/package/src/vendor.d.ts" "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/vendor.d.ts"
new file mode 100644
index 00000000..996acea2
--- /dev/null
+++ "b/\350\265\204\346\226\231/weixin-openclaw-package/package/src/vendor.d.ts"
@@ -0,0 +1,25 @@
+declare module "qrcode-terminal" {
+ const qrcodeTerminal: {
+ generate(
+ text: string,
+ options?: { small?: boolean },
+ callback?: (qr: string) => void,
+ ): void;
+ };
+ export default qrcodeTerminal;
+}
+
+declare module "fluent-ffmpeg" {
+ interface FfmpegCommand {
+ setFfmpegPath(path: string): FfmpegCommand;
+ seekInput(time: number): FfmpegCommand;
+ frames(n: number): FfmpegCommand;
+ outputOptions(opts: string[]): FfmpegCommand;
+ output(path: string): FfmpegCommand;
+ on(event: "end", cb: () => void): FfmpegCommand;
+ on(event: "error", cb: (err: Error) => void): FfmpegCommand;
+ run(): void;
+ }
+ function ffmpeg(input: string): FfmpegCommand;
+ export default ffmpeg;
+}
]]></plaintext></target></file></conversation></target></new></token></string,></workingdirectorysource,></runtimearchitectureinfo,></diagnosisresult></diagnosisresult></string,></string,></proberesult></string,></string,></string,></proberesult></proberesult></proberesult></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></string,></assembledcontext></strin></strin></strin></strin></string,></string,></string,></string,></string,></string,></channelbinding,></pick></startresult></void></void></void></void></startresult></void></void></string,></string,></buffer></peeruserid></accountid></qrloginsession></string,></string,></string,></string,></qrcodestatusresponse></qrcodestartresponse></string,></record></void></getconfigresponse></getconfigresponse></getuploadurlresponse></getuploadurlresponse></string,></record></getupdatesresponse></getupdatesresponse></t></t></string,></string,></void></fileattachment[]></void></void></void></sendresult></inboundmessage></inboundmessage></void></void></number,></string,></string,></string></string,></string,></peeruserid></accountid></translationkey,></translationkey,></translationkey,></translationkey,></translationkey,></translationkey,></string></string></string></providermodelgroup[]></string></void></void></string></void></selectprimitive.content></typeof></div></div>