LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-13 23:56:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(feishu): keep setup entry off runtime SDK (#70339)

Browse Source 
Load Feishu setup surfaces through a setup-only barrel so onboarding does not import the Lark SDK before bundled runtime deps are staged.\n\nThanks @andrejtr.\n\nCo-authored-by: andrejtr <64274971+andrejtr@users.noreply.github.com>
This commit is contained in:
Andrej Trogrlić
2026-04-23 19:42:06 +02:00
committed by GitHub
parent 184c4e3788
commit 23c90aeed4
4 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -9,6 +9,7 @@ Docs: https://docs.openclaw.ai
### Fixes
- MCP/tools: stop the ACPX OpenClaw tools bridge from listing or invoking owner-only tools such as `cron`, closing a privilege-escalation path for non-owner MCP callers. (#70698) Thanks @vincentkoc.
- Feishu/onboarding: load Feishu setup surfaces through a setup-only barrel so first-run setup no longer imports Feishu's Lark SDK before bundled runtime deps are staged. (#70339) Thanks @andrejtr.
- WhatsApp/security: keep contact/vCard/location structured-object free text out of the inline message body and render it through fenced untrusted metadata JSON, limiting hidden prompt-injection payloads in names, phone fields, and location labels/comments.
- Group-chat/security: keep channel-sourced group names and participant labels out of inline group system prompts and render them through fenced untrusted metadata JSON.
- Plugins/startup: restore bundled plugin `openclaw/plugin-sdk/*` resolution from packaged installs and external runtime-deps stage roots, so Telegram/Discord no longer crash-loop with `Cannot find package 'openclaw'` after missing dependency repair.

1
extensions/feishu/setup-api.ts
View File

@@ -1,2 +1,3 @@
export { feishuPlugin } from "./src/channel.js";
export { feishuSetupAdapter } from "./src/setup-core.js";
export { feishuSetupWizard } from "./src/setup-surface.js";

14
extensions/feishu/setup-entry.test.ts Normal file
View File

@@ -0,0 +1,14 @@
import { describe, expect, it, vi } from "vitest";
vi.mock("@larksuiteoapi/node-sdk", () => {
throw new Error("setup entry must not load the Feishu SDK");
});
describe("feishu setup entry", () => {
it("loads the setup plugin without importing Feishu runtime dependencies", async () => {
const { default: setupEntry } = await import("./setup-entry.js");
expect(setupEntry.kind).toBe("bundled-channel-setup-entry");
expect(setupEntry.loadSetupPlugin({ installRuntimeDeps: false })?.id).toBe("feishu");
});
});

2
extensions/feishu/setup-entry.ts
View File

@@ -3,7 +3,7 @@ import { defineBundledChannelSetupEntry } from "openclaw/plugin-sdk/channel-entr
export default defineBundledChannelSetupEntry({
importMetaUrl: import.meta.url,
plugin: {
specifier: "./api.js",
specifier: "./setup-api.js",
exportName: "feishuPlugin",
},
secrets: {