feat(feishu): add updateable turn state cards

[pengx17]

Context

这是 RFC 0001 Slack/Feishu dual-platform 长线 PR 的完成态更新：目标不是只把 Feishu 接进来，而是把 Slack/Feishu 的产品语义、dashboard 可见性、自回归证据和最终验收门禁都收敛到同一套可验证路径。

本轮之前，PR 已经覆盖 Feishu 长连接、群消息/非 @ follow-up、rich/card/file/co-author callback、dashboard 平台过滤、shared self-regression runner、Feishu observe evidence、真实 Codex coding smoke evidence。最后缺口是 Slack #xp-test 的真实 self-regression drive，以及 Slack/Feishu 同进程时 Codex app-server 端口争用导致的 runtime 抖动。本轮已经补齐 Slack drive evidence，并让 pnpm rfc:feishu-completion-audit -- --json 变成绿灯。

协作过程

sequenceDiagram
    participant User as 用户
    participant RFC as RFC 0001
    participant Feishu as 飞书开放平台
    participant Slack as Slack #xp-test
    participant Broker as Broker runtime
    participant Audit as Completion audit
    participant PR as PR #73

    User->>RFC: 要求 Slack/Feishu 产品差异、dashboard 差异、自回归验收
    User->>Feishu: 创建自建应用、开机器人、长连接、权限、加群
    Broker->>Feishu: 跑真实 observe evidence
    User->>Slack: 提供新 Slack app/token 并把 bot 加入 #xp-test
    Broker->>Slack: 真实 drive 发受控用户消息和文件
    Slack-->>Broker: accepted / status / outbound file evidence 全部出现
    Broker->>Broker: 修复 Feishu legacy broker 与 Slack auth-profile app-server 端口隔离
    Broker->>Broker: 修复 Slack recovery/backfill 扫 Feishu legacy session 的串台风险
    Audit->>Audit: 聚合 RFC audit、test-plan、Slack drive、Feishu observe、Codex coding smoke
    Audit-->>PR: completion audit pass

Loading

Note: 关键转折是把“代码能跑”和“RFC 完成”拆成机器可验证的 evidence gates。Slack drive、Feishu observe、Codex coding smoke 三个真实证据包缺任何一个，completion audit 都会 fail closed；本轮补齐后才把 RFC 0001 验收到完成。

方案讨论

• 平台分叉：没有继续扩大 Slack-only / Feishu-only 路径，而是让 dashboard、chat routes、self-regression、completion audit 走平台参数和 shared evidence schema。
• Feishu real-tenant：保留人工 observe，因为 app-only credentials 不能伪装成人类群成员；但 evidence 必须带 manual-action provenance，避免拿陈旧日志冒充 smoke。
• Slack real-tenant：用 #xp-test auto-drive 跑受控用户消息、session accepted、file upload、outbound reply、status/typing evidence，证明 Slack 自回归不是只 mock。
• App-server 端口：Feishu bridge 仍用 shared legacy Codex broker，Slack auth-profile runtime 需要从 base port + 1 开始，避免同进程抢同一个 Codex app-server。
• Slack recovery 串台：旧 Feishu session 可能没有 platform 字段但 key 以 feishu: 开头，所以 Slack startup recovery/backfill 必须同时排除 platform=feishu 和 legacy feishu: key。
• Completion audit 测试：不能依赖仓库当前 evidence 状态测试“缺 Slack evidence 时 fail closed”，改成临时 evidence bundle，避免真实 evidence 进入仓库后测试假绿/假红。

最终方案

sequenceDiagram
    participant SlackDrive as Slack self-regression drive
    participant FeishuObserve as Feishu self-regression observe
    participant CodingSmoke as Real Codex coding smoke
    participant Runtime as Dual-platform runtime
    participant Evidence as evidence/*
    participant Completion as rfc:feishu-completion-audit

    Runtime->>Runtime: Feishu base port, Slack profile ports from base+1
    Runtime->>Runtime: Slack recovery only scans Slack sessions
    SlackDrive->>Evidence: evidence/self-regression/slack/*
    FeishuObserve->>Evidence: evidence/self-regression/feishu/*
    CodingSmoke->>Evidence: evidence/codex-coding-smoke/*
    Evidence->>Completion: replay sanitized reports/manifests
    Completion-->>Completion: pass only when all required evidence is present

Loading

本次新增/更新：

• src/services/agent-runtime/session-auth-profile-runtime.ts：Feishu enabled 时给 legacy Codex broker 保留 base app-server port，Slack auth-profile runtime 从下一端口开始。
• src/services/codex/app-server-process.ts：并发 start() 合并为同一个启动 promise，避免重复拉起 app-server。
• src/services/slack/slack-conversation-utils.ts / slack-conversation-service-layer*.ts / slack-agent-bridge.ts：Slack recovery/backfill 只处理 Slack session，排除 platform=feishu 和 legacy feishu: key。
• evidence/self-regression/slack/*：新增 Slack #xp-test drive evidence，覆盖 controlled user message、broker accepted、file upload、Socket Mode ready、outbound file reply、assistant status。
• test/rfc-0001-completion-audit.test.ts：completion audit 的 fail-closed 测试改用临时 evidence bundle，避免被仓库真实 Slack evidence 污染。
• test/app-server-process.test.ts / test/session-auth-profile-runtime.test.ts / test/slack-conversation-utils.test.ts：覆盖并发启动、Feishu 端口保留、legacy Feishu session 排除。

验证情况

本次会话实际跑过：

• pnpm manual:self-regression -- --platform slack --drive --env-file .env --base-url http://127.0.0.1:3001 --output-dir evidence/self-regression/slack --json --wait-ms 180000 --interval-ms 3000：pass，写入 Slack drive evidence bundle
• pnpm rfc:feishu-completion-audit -- --json：pass，completion.rfc_audit_full / completion.test_plan_verified / Slack drive / Feishu observe / Codex coding smoke 全部 pass
• pnpm test test/session-auth-profile-runtime.test.ts
• pnpm test test/app-server-process.test.ts
• pnpm test test/slack-conversation-utils.test.ts test/e2e-broker-part2.test.ts
• pnpm test test/rfc-0001-completion-audit.test.ts
• pnpm test test/self-regression-runner.test.ts test/rfc-0001-docs.test.ts test/session-auth-profile-runtime.test.ts test/app-server-process.test.ts
• pnpm format:check
• git diff --check
• pnpm lint
• pnpm build
• pnpm test：95 files / 779 tests passed
• Evidence secret/path scan over evidence/self-regression/slack、evidence/self-regression/feishu、evidence/codex-coding-smoke：no matches
• 本地 broker 启动确认：Slack/Feishu ready；端口拆分为 Feishu legacy 4591、Slack auth-profile 4592；不再出现 Feishu conversation 被 Slack conversations.info 扫描的 channel_not_found warning

已知局限 / 后续工作

• Feishu unattended auto-drive 仍不是本 PR 范围；当前是人工 observe + provenance 的真实租户验收模式。
• Slack evidence 的 connectionMode=unknown 来自 admin status 字段缺省，但同一 report 已通过 chat.platform.ready platform=slack source=socket_mode 证明 Socket Mode ready。
• PR 很重，后续适合把 Slack/Feishu shared runtime 与 platform adapter 继续拆小，但本次先以 RFC 0001 completion gate 为收束点。

[pengx17]

Found one blocker.

pnpm rfc:feishu-completion-audit -- --json is documented as the final gate that should pass once the saved Slack drive, Feishu observe, and Codex coding-smoke bundles are present, but in this checkout those checked-in bundles are present and the command still exits 1. The default completion audit includes rfcAuditCheck / testPlanCheck, and both call the full RFC audit path, which requires untracked live Feishu rollout credentials via .env/process env. Observed output:

completion.rfc_audit_full: status=missing evidence=[ok=false, localOk=true, realTenantOk=false]
completion.test_plan_verified: status=missing evidence=[ok=false, checks=7]
nextAction=real.preflight: Provide Slack and Feishu rollout credentials...

pnpm rfc:feishu-test-plan -- --json fails the same way via testplan.rfc_audit. The new completion-audit tests don't catch this because they pass includeBaseAudits: false.

Please either make the advertised completion gate validate the saved evidence without requiring live local secrets, or explicitly add/document an env-file/secret requirement and cover the actual CLI/default path in tests.

[pengx17]

Rechecked latest head 9b1946c; the previous RFC audit/test-plan blocker is resolved.

Verified:

• pnpm rfc:feishu-completion-audit -- --json passes.
• pnpm rfc:feishu-test-plan -- --json passes.
• GitHub Build and test passes on this head.
• Local pnpm lint && pnpm build && pnpm test passes (95 files / 787 tests).
• git diff --check origin/main...HEAD passes.

No further blockers from my review.