claude-code-best
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bun.lock‎
Lines changed: 10 additions & 0 deletions b/‎bun.lock‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎docs/features/channels.md‎
Lines changed: 37 additions & 0 deletions b/‎docs/features/channels.md‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 0 deletions b/‎package.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/weixin/package.json‎
Lines changed: 11 additions & 0 deletions b/‎packages/weixin/package.json‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎packages/weixin/src/__tests__/accounts.test.ts‎
Lines changed: 54 additions & 0 deletions b/‎packages/weixin/src/__tests__/accounts.test.ts‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎packages/weixin/src/__tests__/media.test.ts‎
Lines changed: 90 additions & 0 deletions b/‎packages/weixin/src/__tests__/media.test.ts‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎packages/weixin/src/__tests__/monitor.test.ts‎
Lines changed: 22 additions & 0 deletions b/‎packages/weixin/src/__tests__/monitor.test.ts‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎packages/weixin/src/__tests__/pairing.test.ts‎
Lines changed: 78 additions & 0 deletions b/‎packages/weixin/src/__tests__/pairing.test.ts‎
Lines changed: 78 additions & 0 deletions
@@ -22,7 +22,7 @@
 | **Langfuse 监控** | 企业级 Agent 监控, 可以清晰看到每次 agent loop 细节, 可以一键转化为数据集 | [文档](https://ccb.agent-aura.top/docs/features/langfuse-monitoring) |
 | **Web Search** | 内置网页搜索工具, 支持 bing 和 brave 搜索 | [文档](https://ccb.agent-aura.top/docs/features/web-browser-tool) |
 | **Poor Mode** | 穷鬼模式，关闭记忆提取和键入建议,大幅度减少并发请求 | /poor 可以开关 |
-| **Channels 频道通知** | MCP 服务器推送外部消息到会话（飞书/Slack/Discord 等），`--channels plugin:name@marketplace` 启用 | [文档](https://ccb.agent-aura.top/docs/features/channels) |
+| **Channels 频道通知** | MCP 服务器推送外部消息到会话（飞书/Slack/Discord/微信等），`--channels plugin:name@marketplace` 启用 | [文档](https://ccb.agent-aura.top/docs/features/channels) |
 | **自定义模型供应商** | OpenAI/Anthropic/Gemini/Grok 兼容 | [文档](https://ccb.agent-aura.top/docs/features/custom-platform-login) |
 | Voice Mode | Push-to-Talk 语音输入 | [文档](https://ccb.agent-aura.top/docs/features/voice-mode) |
 | Computer Use | 屏幕截图、键鼠控制 | [文档](https://ccb.agent-aura.top/docs/features/computer-use) |
 
@@ -10,12 +10,18 @@ Channel 是一个 MCP 服务器，它将外部事件推送到你运行中的 Cla
 - **官方文档**：[使用 channels 将事件推送到运行中的会话](https://code.claude.com/docs/zh-CN/channels)
 - **飞书插件**：[claude-code-feishu-channel](https://github.com/whobot-ai/claude-code-feishu-channel) — 社区首个飞书 Channel 插件，支持双向消息、配对认证、群组聊天、文件附件
 
+本仓库现在内置了 **微信 WeChat channel**，不需要单独安装外部 marketplace 插件。
+
 ## 快速开始
 
 ```bash
 # 启用频道监听（plugin 格式）
 ccb --channels plugin:feishu@claude-code-feishu-channel
 
+# 启用内置微信 channel
+ccb weixin login
+ccb --channels plugin:weixin@builtin
+
 # 启用频道监听（server 格式）
 ccb --channels server:my-slack-bridge
 
@@ -34,6 +40,37 @@ ccb --dangerously-load-development-channels server:my-custom-channel
 | **Discord** | 官方 Discord Bot 集成 | `/plugin install discord@claude-plugins-official` |
 | **iMessage** | macOS 原生消息 | `/plugin install imessage@claude-plugins-official` |
 | **飞书 (Feishu/Lark)** | 双向消息、群组聊天、文件附件 | `/plugin install feishu@claude-code-feishu-channel` |
+| **微信 (WeChat)** | 内置 channel，支持扫码登录、双向消息、附件透传 | `ccb weixin login` + `ccb --channels plugin:weixin@builtin` |
+
+## 微信内置 Channel
+
+### 登录
+
+```bash
+ccb weixin login
+```
+
+已登录状态可清除：
+
+```bash
+ccb weixin login clear
+```
+
+### 会话启用
+
+```bash
+ccb --channels plugin:weixin@builtin
+```
+
+### 配对授权
+
+首次收到未授权微信用户消息时，weixin channel 会回一条 6 位 pairing code。运营侧可在终端执行：
+
+```bash
+ccb weixin access pair <code>
+```
+
+确认后，该微信用户后续消息才会进入 Claude Code 会话。
 
 ## 相关文件
 
 
@@ -90,6 +90,7 @@
     "@claude-code-best/agent-tools": "workspace:*",
     "@claude-code-best/builtin-tools": "workspace:*",
     "@claude-code-best/mcp-client": "workspace:*",
+    "@claude-code-best/weixin": "workspace:*",
     "@commander-js/extra-typings": "^14.0.0",
     "@growthbook/growthbook": "^1.6.5",
     "@langfuse/otel": "^5.1.0",
 
@@ -0,0 +1,11 @@
+{
+  "name": "@claude-code-best/weixin",
+  "version": "1.0.0",
+  "private": true,
+  "type": "module",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "dependencies": {
+    "qrcode": "^1.5.4"
+  }
+}
@@ -0,0 +1,54 @@
+import { afterEach, describe, expect, test } from 'bun:test'
+import { mkdtempSync, rmSync, statSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+
+const testDir = mkdtempSync(join(tmpdir(), 'weixin-test-accounts-'))
+process.env.WEIXIN_STATE_DIR = testDir
+
+import { clearAccount, loadAccount, saveAccount } from '../accounts.js'
+
+afterEach(() => {
+  rmSync(testDir, { recursive: true, force: true })
+})
+
+describe('account storage', () => {
+  test('loadAccount returns null when no account exists', () => {
+    expect(loadAccount()).toBeNull()
+  })
+
+  test('saveAccount and loadAccount round-trip', () => {
+    const data = {
+      token: 'test-token',
+      baseUrl: 'https://example.com',
+      userId: 'user1',
+      savedAt: '2025-01-01T00:00:00.000Z',
+    }
+    saveAccount(data)
+    expect(loadAccount()).toEqual(data)
+  })
+
+  test('saveAccount sets file permissions to 0600', () => {
+    saveAccount({
+      token: 'test',
+      baseUrl: 'https://example.com',
+      savedAt: new Date().toISOString(),
+    })
+    const stats = statSync(join(testDir, 'account.json'))
+    if (process.platform === 'win32') {
+      expect(stats.isFile()).toBe(true)
+      return
+    }
+    expect(stats.mode & 0o777).toBe(0o600)
+  })
+
+  test('clearAccount removes the file', () => {
+    saveAccount({
+      token: 'test',
+      baseUrl: 'https://example.com',
+      savedAt: new Date().toISOString(),
+    })
+    clearAccount()
+    expect(loadAccount()).toBeNull()
+  })
+})
@@ -0,0 +1,90 @@
+import { describe, expect, test } from 'bun:test'
+import { randomBytes } from 'node:crypto'
+import {
+  aesEcbPaddedSize,
+  buildCdnDownloadUrl,
+  buildCdnUploadUrl,
+  decryptAesEcb,
+  encryptAesEcb,
+  guessMediaType,
+  parseAesKey,
+} from '../media.js'
+import { UploadMediaType } from '../types.js'
+
+describe('AES-128-ECB', () => {
+  test('encrypt then decrypt returns original data', () => {
+    const key = randomBytes(16)
+    const plaintext = Buffer.from('hello world test data!!')
+    const ciphertext = encryptAesEcb(plaintext, key)
+    expect(decryptAesEcb(ciphertext, key)).toEqual(plaintext)
+  })
+
+  test('different keys produce different ciphertext', () => {
+    const plaintext = Buffer.from('test data')
+    expect(
+      encryptAesEcb(plaintext, randomBytes(16)),
+    ).not.toEqual(encryptAesEcb(plaintext, randomBytes(16)))
+  })
+})
+
+describe('aesEcbPaddedSize', () => {
+  test('pads to next 16-byte boundary', () => {
+    expect(aesEcbPaddedSize(1)).toBe(16)
+    expect(aesEcbPaddedSize(16)).toBe(32)
+    expect(aesEcbPaddedSize(17)).toBe(32)
+    expect(aesEcbPaddedSize(32)).toBe(48)
+  })
+})
+
+describe('parseAesKey', () => {
+  test('parses 16 raw bytes from base64', () => {
+    const raw = randomBytes(16)
+    expect(parseAesKey(raw.toString('base64'))).toEqual(raw)
+  })
+
+  test('parses hex-encoded key from base64', () => {
+    const raw = randomBytes(16)
+    const b64 = Buffer.from(raw.toString('hex'), 'ascii').toString('base64')
+    expect(parseAesKey(b64)).toEqual(raw)
+  })
+
+  test('throws on invalid key length', () => {
+    expect(() => parseAesKey(Buffer.from('short').toString('base64'))).toThrow(
+      'Invalid aes_key',
+    )
+  })
+})
+
+describe('CDN URL builders', () => {
+  test('buildCdnDownloadUrl encodes param', () => {
+    expect(buildCdnDownloadUrl('abc=123', 'https://cdn.example.com')).toBe(
+      'https://cdn.example.com/download?encrypted_query_param=abc%3D123',
+    )
+  })
+
+  test('buildCdnUploadUrl encodes params', () => {
+    expect(
+      buildCdnUploadUrl('https://cdn.example.com', 'param1', 'key1'),
+    ).toBe(
+      'https://cdn.example.com/upload?encrypted_query_param=param1&filekey=key1',
+    )
+  })
+})
+
+describe('guessMediaType', () => {
+  test('detects image extensions', () => {
+    expect(guessMediaType('photo.jpg')).toBe(UploadMediaType.IMAGE)
+    expect(guessMediaType('photo.png')).toBe(UploadMediaType.IMAGE)
+    expect(guessMediaType('photo.webp')).toBe(UploadMediaType.IMAGE)
+  })
+
+  test('detects video extensions', () => {
+    expect(guessMediaType('video.mp4')).toBe(UploadMediaType.VIDEO)
+    expect(guessMediaType('video.mov')).toBe(UploadMediaType.VIDEO)
+  })
+
+  test('defaults to FILE for unknown extensions', () => {
+    expect(guessMediaType('doc.pdf')).toBe(UploadMediaType.FILE)
+    expect(guessMediaType('archive.zip')).toBe(UploadMediaType.FILE)
+  })
+})
@@ -0,0 +1,22 @@
+import { describe, expect, test } from 'bun:test'
+import { extractPermissionReply } from '../monitor.js'
+
+describe('extractPermissionReply', () => {
+  test('parses allow replies', () => {
+    expect(extractPermissionReply('yes abcde')).toEqual({
+      requestId: 'abcde',
+      behavior: 'allow',
+    })
+  })
+
+  test('parses deny replies', () => {
+    expect(extractPermissionReply('No abcde')).toEqual({
+      requestId: 'abcde',
+      behavior: 'deny',
+    })
+  })
+
+  test('ignores unrelated text', () => {
+    expect(extractPermissionReply('yes please do it')).toBeNull()
+  })
+})
@@ -0,0 +1,78 @@
+import { afterEach, describe, expect, test } from 'bun:test'
+import { mkdtempSync, rmSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+
+const testDir = mkdtempSync(join(tmpdir(), 'weixin-test-pairing-'))
+process.env.WEIXIN_STATE_DIR = testDir
+
+import {
+  addPendingPairing,
+  confirmPairing,
+  isAllowed,
+  loadAccessConfig,
+  saveAccessConfig,
+} from '../pairing.js'
+
+afterEach(() => {
+  rmSync(testDir, { recursive: true, force: true })
+})
+
+describe('loadAccessConfig', () => {
+  test('returns default config when no file exists', () => {
+    const config = loadAccessConfig()
+    expect(config.policy).toBe('pairing')
+    expect(config.allowFrom).toEqual([])
+  })
+
+  test('round-trips saved config', () => {
+    saveAccessConfig({ policy: 'allowlist', allowFrom: ['user1'] })
+    const config = loadAccessConfig()
+    expect(config.policy).toBe('allowlist')
+    expect(config.allowFrom).toEqual(['user1'])
+  })
+})
+
+describe('isAllowed', () => {
+  test('returns false for unknown user under pairing policy', () => {
+    expect(isAllowed('unknown')).toBe(false)
+  })
+
+  test('returns true for allowed user', () => {
+    saveAccessConfig({ policy: 'pairing', allowFrom: ['user1'] })
+    expect(isAllowed('user1')).toBe(true)
+  })
+
+  test('returns true for any user under disabled policy', () => {
+    saveAccessConfig({ policy: 'disabled', allowFrom: [] })
+    expect(isAllowed('anyone')).toBe(true)
+  })
+})
+
+describe('pairing flow', () => {
+  test('generates 6-digit code', () => {
+    expect(addPendingPairing('user1')).toMatch(/^\d{6}$/)
+  })
+
+  test('returns same code for same user', () => {
+    const code1 = addPendingPairing('user1')
+    const code2 = addPendingPairing('user1')
+    expect(code1).toBe(code2)
+  })
+
+  test('confirm adds user to allowlist', () => {
+    const code = addPendingPairing('user1')
+    expect(confirmPairing(code)).toBe('user1')
+    expect(isAllowed('user1')).toBe(true)
+  })
+
+  test('confirm returns null for invalid code', () => {
+    expect(confirmPairing('000000')).toBeNull()
+  })
+
+  test('code cannot be reused after confirmation', () => {
+    const code = addPendingPairing('user1')
+    confirmPairing(code)
+    expect(confirmPairing(code)).toBeNull()
+  })
+})