feat: 接入内建 weixin channel(同 #301 重构版本) (#303)

* feat: 接入 weixin 服务层与命令入口 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * feat: 注册内建 weixin channel 插件 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修正 channel permission relay 路由与能力判定 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修复 builtin channel 的 ChannelsNotice 误报 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * docs: 补充内建 weixin channel 使用说明 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * docs: 更新微信 channel 接入计划状态 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 延迟加载 weixin 登录二维码依赖 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 改用 qrcode 生成 weixin 登录二维码 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: 修正 vite 构建的 Windows 路径解析 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * chore: 删除临时规划文档 wx_channel.md 并还原 package.json 排序 wx_channel.md 内容已整合到 docs/features/channels.md，不再需要。 package.json 中 @ant/model-provider 位置从原始位置被无意移动，还原。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: 将 weixin 模块从 src/ 迁移至 packages/weixin 工作区包将 src/services/weixin/ 中的纯业务逻辑迁入 @claude-code-best/weixin workspace 包，降低 src/ 耦合度。仅保留 server.ts 作为薄适配层。 - 迁移 7 个无修改的纯模块 (types/api/accounts/login/pairing/media/send) - monitor.ts 内联 PERMISSION_REPLY_RE 正则，解除对 src/ 的依赖 - permissions.ts 本地定义 ChannelPermissionRequestParams 接口 - cli.ts 拆分：serve 子命令通过回调注入，login/access 保留在包内 - server.ts 重写为从 @claude-code-best/weixin 导入 - 新增 cli-serve.ts 作为 serve 入口薄壳 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修正 weixin barrel export 中 interface 的导出方式 ChannelPermissionRequestParams 是纯类型，必须用 export type 导出，否则 Bun 运行时会报 "export not found" 错误。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: 将 server.ts 迁入 packages/weixin，彻底移除 src/services/weixin/ 通过依赖注入（WeixinServerDeps）解耦 src/ 依赖（analytics、config、 MCP channel schema），server.ts 完全移入包内。cli.tsx 入口处一次性注入所有依赖。 src/services/weixin/ 目录已完全删除。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: 修复 markdownToPlainText 中代码块正则的 ReDoS 风险用非正则的线性扫描替代 \`\`\`[\s\S]*?\n([\s\S]*?)\`\`\` 匹配，避免在含有大量重复 \`\`\` 序列的输入上触发多项式回溯。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: 1111 <11111@asd.c> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-22 08:15:53 +00:00 · 2026-04-19 21:33:27 +08:00
parent b83c3008d0
commit 494eab7204
39 changed files with 2616 additions and 19 deletions
--- a/packages/weixin/src/tests/accounts.test.ts
+++ b/packages/weixin/src/tests/accounts.test.ts
@@ -0,0 +1,54 @@
+import { afterEach, describe, expect, test } from 'bun:test'
+import { mkdtempSync, rmSync, statSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+
+const testDir = mkdtempSync(join(tmpdir(), 'weixin-test-accounts-'))
+process.env.WEIXIN_STATE_DIR = testDir
+
+import { clearAccount, loadAccount, saveAccount } from '../accounts.js'
+
+afterEach(() => {
+  rmSync(testDir, { recursive: true, force: true })
+})
+
+describe('account storage', () => {
+  test('loadAccount returns null when no account exists', () => {
+    expect(loadAccount()).toBeNull()
+  })
+
+  test('saveAccount and loadAccount round-trip', () => {
+    const data = {
+      token: 'test-token',
+      baseUrl: 'https://example.com',
+      userId: 'user1',
+      savedAt: '2025-01-01T00:00:00.000Z',
+    }
+    saveAccount(data)
+    expect(loadAccount()).toEqual(data)
+  })
+
+  test('saveAccount sets file permissions to 0600', () => {
+    saveAccount({
+      token: 'test',
+      baseUrl: 'https://example.com',
+      savedAt: new Date().toISOString(),
+    })
+    const stats = statSync(join(testDir, 'account.json'))
+    if (process.platform === 'win32') {
+      expect(stats.isFile()).toBe(true)
+      return
+    }
+    expect(stats.mode & 0o777).toBe(0o600)
+  })
+
+  test('clearAccount removes the file', () => {
+    saveAccount({
+      token: 'test',
+      baseUrl: 'https://example.com',
+      savedAt: new Date().toISOString(),
+    })
+    clearAccount()
+    expect(loadAccount()).toBeNull()
+  })
+})
--- a/packages/weixin/src/tests/media.test.ts
+++ b/packages/weixin/src/tests/media.test.ts
@@ -0,0 +1,90 @@
+import { describe, expect, test } from 'bun:test'
+import { randomBytes } from 'node:crypto'
+import {
+  aesEcbPaddedSize,
+  buildCdnDownloadUrl,
+  buildCdnUploadUrl,
+  decryptAesEcb,
+  encryptAesEcb,
+  guessMediaType,
+  parseAesKey,
+} from '../media.js'
+import { UploadMediaType } from '../types.js'
+
+describe('AES-128-ECB', () => {
+  test('encrypt then decrypt returns original data', () => {
+    const key = randomBytes(16)
+    const plaintext = Buffer.from('hello world test data!!')
+    const ciphertext = encryptAesEcb(plaintext, key)
+    expect(decryptAesEcb(ciphertext, key)).toEqual(plaintext)
+  })
+
+  test('different keys produce different ciphertext', () => {
+    const plaintext = Buffer.from('test data')
+    expect(
+      encryptAesEcb(plaintext, randomBytes(16)),
+    ).not.toEqual(encryptAesEcb(plaintext, randomBytes(16)))
+  })
+})
+
+describe('aesEcbPaddedSize', () => {
+  test('pads to next 16-byte boundary', () => {
+    expect(aesEcbPaddedSize(1)).toBe(16)
+    expect(aesEcbPaddedSize(16)).toBe(32)
+    expect(aesEcbPaddedSize(17)).toBe(32)
+    expect(aesEcbPaddedSize(32)).toBe(48)
+  })
+})
+
+describe('parseAesKey', () => {
+  test('parses 16 raw bytes from base64', () => {
+    const raw = randomBytes(16)
+    expect(parseAesKey(raw.toString('base64'))).toEqual(raw)
+  })
+
+  test('parses hex-encoded key from base64', () => {
+    const raw = randomBytes(16)
+    const b64 = Buffer.from(raw.toString('hex'), 'ascii').toString('base64')
+    expect(parseAesKey(b64)).toEqual(raw)
+  })
+
+  test('throws on invalid key length', () => {
+    expect(() => parseAesKey(Buffer.from('short').toString('base64'))).toThrow(
+      'Invalid aes_key',
+    )
+  })
+})
+
+describe('CDN URL builders', () => {
+  test('buildCdnDownloadUrl encodes param', () => {
+    expect(buildCdnDownloadUrl('abc=123', 'https://cdn.example.com')).toBe(
+      'https://cdn.example.com/download?encrypted_query_param=abc%3D123',
+    )
+  })
+
+  test('buildCdnUploadUrl encodes params', () => {
+    expect(
+      buildCdnUploadUrl('https://cdn.example.com', 'param1', 'key1'),
+    ).toBe(
+      'https://cdn.example.com/upload?encrypted_query_param=param1&filekey=key1',
+    )
+  })
+})
+
+describe('guessMediaType', () => {
+  test('detects image extensions', () => {
+    expect(guessMediaType('photo.jpg')).toBe(UploadMediaType.IMAGE)
+    expect(guessMediaType('photo.png')).toBe(UploadMediaType.IMAGE)
+    expect(guessMediaType('photo.webp')).toBe(UploadMediaType.IMAGE)
+  })
+
+  test('detects video extensions', () => {
+    expect(guessMediaType('video.mp4')).toBe(UploadMediaType.VIDEO)
+    expect(guessMediaType('video.mov')).toBe(UploadMediaType.VIDEO)
+  })
+
+  test('defaults to FILE for unknown extensions', () => {
+    expect(guessMediaType('doc.pdf')).toBe(UploadMediaType.FILE)
+    expect(guessMediaType('archive.zip')).toBe(UploadMediaType.FILE)
+  })
+})
--- a/packages/weixin/src/tests/monitor.test.ts
+++ b/packages/weixin/src/tests/monitor.test.ts
@@ -0,0 +1,22 @@
+import { describe, expect, test } from 'bun:test'
+import { extractPermissionReply } from '../monitor.js'
+
+describe('extractPermissionReply', () => {
+  test('parses allow replies', () => {
+    expect(extractPermissionReply('yes abcde')).toEqual({
+      requestId: 'abcde',
+      behavior: 'allow',
+    })
+  })
+
+  test('parses deny replies', () => {
+    expect(extractPermissionReply('No abcde')).toEqual({
+      requestId: 'abcde',
+      behavior: 'deny',
+    })
+  })
+
+  test('ignores unrelated text', () => {
+    expect(extractPermissionReply('yes please do it')).toBeNull()
+  })
+})
--- a/packages/weixin/src/tests/pairing.test.ts
+++ b/packages/weixin/src/tests/pairing.test.ts
@@ -0,0 +1,78 @@
+import { afterEach, describe, expect, test } from 'bun:test'
+import { mkdtempSync, rmSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+
+const testDir = mkdtempSync(join(tmpdir(), 'weixin-test-pairing-'))
+process.env.WEIXIN_STATE_DIR = testDir
+
+import {
+  addPendingPairing,
+  confirmPairing,
+  isAllowed,
+  loadAccessConfig,
+  saveAccessConfig,
+} from '../pairing.js'
+
+afterEach(() => {
+  rmSync(testDir, { recursive: true, force: true })
+})
+
+describe('loadAccessConfig', () => {
+  test('returns default config when no file exists', () => {
+    const config = loadAccessConfig()
+    expect(config.policy).toBe('pairing')
+    expect(config.allowFrom).toEqual([])
+  })
+
+  test('round-trips saved config', () => {
+    saveAccessConfig({ policy: 'allowlist', allowFrom: ['user1'] })
+    const config = loadAccessConfig()
+    expect(config.policy).toBe('allowlist')
+    expect(config.allowFrom).toEqual(['user1'])
+  })
+})
+
+describe('isAllowed', () => {
+  test('returns false for unknown user under pairing policy', () => {
+    expect(isAllowed('unknown')).toBe(false)
+  })
+
+  test('returns true for allowed user', () => {
+    saveAccessConfig({ policy: 'pairing', allowFrom: ['user1'] })
+    expect(isAllowed('user1')).toBe(true)
+  })
+
+  test('returns true for any user under disabled policy', () => {
+    saveAccessConfig({ policy: 'disabled', allowFrom: [] })
+    expect(isAllowed('anyone')).toBe(true)
+  })
+})
+
+describe('pairing flow', () => {
+  test('generates 6-digit code', () => {
+    expect(addPendingPairing('user1')).toMatch(/^\d{6}$/)
+  })
+
+  test('returns same code for same user', () => {
+    const code1 = addPendingPairing('user1')
+    const code2 = addPendingPairing('user1')
+    expect(code1).toBe(code2)
+  })
+
+  test('confirm adds user to allowlist', () => {
+    const code = addPendingPairing('user1')
+    expect(confirmPairing(code)).toBe('user1')
+    expect(isAllowed('user1')).toBe(true)
+  })
+
+  test('confirm returns null for invalid code', () => {
+    expect(confirmPairing('000000')).toBeNull()
+  })
+
+  test('code cannot be reused after confirmation', () => {
+    const code = addPendingPairing('user1')
+    confirmPairing(code)
+    expect(confirmPairing(code)).toBeNull()
+  })
+})
--- a/packages/weixin/src/tests/permissions.test.ts
+++ b/packages/weixin/src/tests/permissions.test.ts
@@ -0,0 +1,43 @@
+import { afterEach, describe, expect, test } from 'bun:test'
+import {
+  clearPermissionStateForTests,
+  consumePendingPermission,
+  getActivePermissionChat,
+  savePendingPermission,
+  setActivePermissionChat,
+} from '../permissions.js'
+
+afterEach(() => {
+  clearPermissionStateForTests()
+})
+
+describe('permission state', () => {
+  test('tracks active permission chat', () => {
+    setActivePermissionChat('user-1', 'ctx-1')
+    expect(getActivePermissionChat()).toEqual({
+      chatId: 'user-1',
+      contextToken: 'ctx-1',
+      updatedAt: expect.any(Number),
+    })
+  })
+
+  test('consumes pending permission only for matching user', () => {
+    savePendingPermission(
+      {
+        request_id: 'abcde',
+        tool_name: 'Bash',
+        description: 'Run a command',
+        input_preview: '{"command":"pwd"}',
+      },
+      'user-1',
+      'ctx-1',
+    )
+
+    expect(consumePendingPermission('abcde', 'user-2')).toBeNull()
+    expect(consumePendingPermission('ABCDE', 'user-1')).toMatchObject({
+      request_id: 'abcde',
+      chatId: 'user-1',
+    })
+    expect(consumePendingPermission('abcde', 'user-1')).toBeNull()
+  })
+})
--- a/packages/weixin/src/tests/send.test.ts
+++ b/packages/weixin/src/tests/send.test.ts
@@ -0,0 +1,32 @@
+import { describe, expect, test } from 'bun:test'
+import { markdownToPlainText } from '../send.js'
+
+describe('markdownToPlainText', () => {
+  test('removes bold markers', () => {
+    expect(markdownToPlainText('**bold**')).toBe('bold')
+  })
+
+  test('removes italic markers', () => {
+    expect(markdownToPlainText('*italic*')).toBe('italic')
+  })
+
+  test('removes inline code backticks', () => {
+    expect(markdownToPlainText('`code`')).toBe('code')
+  })
+
+  test('removes code block fences', () => {
+    expect(markdownToPlainText("```js\nconsole.log('hi');\n```"))
+      .toBe("console.log('hi');")
+  })
+
+  test('converts links to text with URL', () => {
+    expect(markdownToPlainText('[click](https://example.com)')).toBe(
+      'click (https://example.com)',
+    )
+  })
+
+  test('handles mixed markdown', () => {
+    expect(markdownToPlainText('# Hello\n\n**bold** and *italic* with `code`'))
+      .toBe('Hello\n\nbold and italic with code')
+  })
+})