Conversation
Backend
- New WeixinChannel plugin (flocks/channel/builtin/weixin/):
- Long-poll getupdates drives inbound; AES-128-ECB CDN protocol for
image / video / file / voice media download and upload
- QR-code login flow (qr_login.py): start_qr_login / poll_qr_status
with regional redirect support
- Per-peer context_token continuity, content-addressed media cache,
message deduplication with TTL, sync_buf cursor persistence
- Default state directory: ~/.flocks/workspace/channels/weixin/
- API routes (server/routes/channel.py):
- POST /api/channel/weixin/qr-login/start
- GET /api/channel/weixin/qr-login/status
Frontend
- WeixinPanel: QR modal with polling, auto-fills token + accountId +
baseUrl on confirmed scan, auto-enables and restarts the channel
- zh-CN / en-US i18n entries for all WeChat-specific UI text
- WeChat channel icon (webui/public/channel-weixin.png)
- qrcode.react dependency for in-browser QR rendering
Fix: inbound media for non-Feishu channels
- _append_user_message (dispatcher.py) previously skipped media
attachment for any channel other than Feishu; generalised to handle
local file:// URIs (URL-decoded to support non-ASCII filenames)
produced by channel plugins that pre-download inbound media
- Add InboundMessage.media_mime so downstream consumers receive the
MIME type without re-guessing from the file extension
Co-authored-by: Cursor <cursoragent@cursor.com>
- New groupPolicy field ("all" | "disabled" | "allowlist", default "all"):
replaces the implicit always-mentioned=True workaround so group chat
handling is explicit and configurable
- New groupAllowFrom field: list of permitted group / room IDs for
allowlist mode
- _is_group_allowed() helper mirrors _is_dm_allowed() pattern
- Fix msg.mentioned: was hardcoded True for every group message which
conflated "all group messages" with "bot was @mentioned"; now False by
default — pair with groupPolicy="all" (which bypasses the dispatcher's
groupTrigger check at the channel level) for the intended behaviour
- Frontend: WeixinPanel shows groupPolicy Select + conditional
groupAllowFrom TagsInput; defaultWeixinConfig sets groupPolicy="all"
- i18n: zh-CN / en-US entries for groupPolicy, groupPolicyAll/Allowlist/
Disabled, groupAllowFrom, groupAllowFromHint, groupAllowFromPlaceholder
Co-authored-by: Cursor <cursoragent@cursor.com>
…inary group messages QR-login creates an iLink bot identity (...@im.bot) which can only receive messages via the iLink bot DM entry. Ordinary WeChat group messages are not delivered by the iLink API regardless of groupPolicy — add a startup WARNING log so users are not misled into debugging allowlists or restarts for a capability the iLink bot account type does not support. See also: NousResearch/hermes-agent#17094 Co-authored-by: Cursor <cursoragent@cursor.com>
feature/add weixin channel
Ensure new flocks.db instances consistently enter WAL mode and route all shared SQLite access paths through the same timeout and foreign key configuration so task, auth, usage, memory, and sync migration flows do not drift or reintroduce lock contention.
…253) * feat(updater): Windows webui npm fallback and Session ownerUsername - Retry frontend install/build with system npm when bundled npm fails or times out - Add ownerUsername to webui Session type - Extend updater tests for Windows npm retry paths * fix(updater): reset staged webui before npm fallback retry - Remove node_modules and dist before switching npm candidate - Avoid duplicate system npm candidate on non-Windows when bundled exists - Extend tests for workspace cleanup and Linux candidate list
Route installer-created desktop and Start menu launchers through an elevated PowerShell helper so Windows prompts for UAC before starting Flocks. This keeps the shared flocks.cmd wrapper as the real entrypoint while preventing updater failures caused by insufficient permissions. Co-authored-by: Cursor <cursoragent@cursor.com>
…vation fix(windows-installer): require elevation for installer shortcuts
…aging (#256) - Pin CPython 3.12.12 in versions.manifest.json with standalone archive metadata - Download and extract install-only tarball in build-staging.ps1 (mirror env support) - Configure PATH and UV_* env vars in bootstrap-windows.ps1 for bundled Python - Assert bundled Python in Windows packaging CI workflows - Extend manifest and bootstrap script contract tests
_http_session_send was posting to /api/channel/session-send without an Authorization header, so the server-side auth middleware rejected it as a non-browser request and returned HTTP 401. Read the API token from the secret manager (server_api_token) and inject it as Authorization: Bearer <token>. If no token is configured locally and the server still returns 401, silently fall back to the in-process delivery path so the tool keeps working in unauthenticated setups. Co-authored-by: Cursor <cursoragent@cursor.com>
…back - Import API_TOKEN_SECRET_ID from flocks.server.auth instead of hardcoding "server_api_token" so the client and server-side auth middleware cannot drift out of sync and silently start failing 401. - Refine the comment on the 401 fallback: distinguish "client did not obtain a token" from "server has no token configured", and make it explicit that when we DID send a token but it was rejected we do not fall back, surfacing the server detail so misconfiguration is visible. Co-authored-by: Cursor <cursoragent@cursor.com>
fix/channel message auth token
Document the contribution workflow in English, link it from the READMEs, and allow docs markdown files to be tracked in git.
) * feat(server,webui): phased startup, route timing, session/tools UX - Run server startup in timed phases; defer non-critical work to background tasks and cancel them on shutdown; log blocking startup duration - Add duration logging for session list, tools list/refresh, task dashboard APIs - Export workflow filesystem sync helper for startup - WebUI: stop auto-selecting first session; enable live/SSE only with session id; reorder tools refresh vs list; reduce loading flicker on polling hooks; drop redundant task queue refetch from Task page - TUI: inline tsconfig compiler options (drop extends) - Add useTools tests and adjust Session page tests * fix(mcp): owner task for session lifecycle and serialized RPC - Run remote/stdio MCP I/O in one asyncio task with a command queue so list/call/read/disconnect share the same ClientSession context - Use streamable_http_client transport factory pattern; improve cleanup and pending-command failure handling on disconnect - Update MCP client/SSE tests for owner-task wiring; add same-task assertions - Simplify browser-use SKILL CDP fallback instructions * fix(mcp): normalize client timeout when config is missing or invalid Default to 30s for None/non-numeric/<=0 values so connect wait_for uses a finite bound; add regression test for timeout=None. * feat(server): log slow route timings at INFO; fix(mcp) stdio stderr lifecycle - Add log_route_timing helper: fast requests emit DEBUG, >=300ms emit INFO - Wire session list, task dashboard routes, and tools list/refresh to helper - MCP: wrap stdio stderr TemporaryFile in context manager; drop unused _streams_context; add regression test ensuring stderr file closes on failure - Clarify SSE-first shutdown comment in app lifespan
Co-authored-by: Cursor <cursoragent@cursor.com>
chore: bump package version to v2026.5.12
xiami762
approved these changes
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.