fix(feishu-adapter): reuse one approval card per run

Author: Cai-Tang-www

internal/cli/feishu_adapter_command_test.go

@@ -245,6 +245,9 @@ func (stubFeishuMessenger) SendText(context.Context, string, string) error { ret
 func (stubFeishuMessenger) SendPermissionCard(context.Context, string, feishuadapter.PermissionCardPayload) (string, error) {
 	return "", nil
 }
+func (stubFeishuMessenger) UpdatePendingPermissionCard(context.Context, string, feishuadapter.PermissionCardPayload) error {
+	return nil
+}
 func (stubFeishuMessenger) UpdatePermissionCard(context.Context, string, feishuadapter.ResolvedPermissionCardPayload) error {
 	return nil
 }

internal/feishuadapter/adapter.go

@@ -66,12 +66,13 @@ type Adapter struct {
 
 	nowFn func() time.Time
 
-	mu              sync.RWMutex
-	activeRuns      map[string]sessionBinding
-	sessionChats    map[string]string
-	requestRuns     map[string]string
-	lastProgressAt  map[string]time.Time
-	permissionCards map[string]string // requestID -> card message_id
+	mu                 sync.RWMutex
+	activeRuns         map[string]sessionBinding
+	sessionChats       map[string]string
+	requestRuns        map[string]string
+	lastProgressAt     map[string]time.Time
+	permissionCards    map[string]string // requestID -> card message_id
+	runPermissionCards map[string]string // runKey -> card message_id
 	// resolvedPermissions 记录已完成审批的 request_id，避免重复事件将状态回滚为 pending。
 	resolvedPermissions map[string]string // requestID -> decision
 	userQuestionCards   map[string]string // requestID -> card message_id
@@ -106,6 +107,7 @@ func New(cfg Config, gateway GatewayClient, messenger Messenger, logger *log.Log
 		requestRuns:                make(map[string]string),
 		lastProgressAt:             make(map[string]time.Time),
 		permissionCards:            make(map[string]string),
+		runPermissionCards:         make(map[string]string),
 		resolvedPermissions:        make(map[string]string),
 		userQuestionCards:          make(map[string]string),
 		pendingQuestions:           make(map[string]userQuestionEntry),
@@ -353,6 +355,7 @@ func (a *Adapter) untrackRun(sessionID string, runID string) {
 				delete(a.pendingQuestions, requestID)
 			}
 		}
+		delete(a.runPermissionCards, key)
 		delete(a.lastProgressAt, key)
 		_ = binding
 	}
@@ -412,19 +415,19 @@ func (a *Adapter) handleGatewayEvent(ctx context.Context, raw json.RawMessage) {
 					requestID, toolName, operation, target, reason := extractPermissionRequest(envelope)
 					if requestID != "" {
 						if a.markPermissionPending(sessionID, runID, requestID, toolName, reason) {
-							cardID, err := a.messenger.SendPermissionCard(ctx, chatID, PermissionCardPayload{
-								RequestID: requestID,
-								ToolName:  toolName,
-								Operation: operation,
-								Target:    target,
-								Message:   reason,
-							})
-							if err == nil && strings.TrimSpace(cardID) != "" {
-								a.mu.Lock()
-								a.permissionCards[requestID] = cardID
-								a.mu.Unlock()
-								a.safeLog("permission card created request_id=%s card_id=%s runtime_type=%s", requestID, strings.TrimSpace(cardID), runtimeType)
-							}
+							a.upsertPermissionCard(
+								ctx,
+								sessionID,
+								runID,
+								chatID,
+								PermissionCardPayload{
+									RequestID: requestID,
+									ToolName:  toolName,
+									Operation: operation,
+									Target:    target,
+									Message:   reason,
+								},
+							)
 						}
 						return
 					}
@@ -675,7 +678,7 @@ func (a *Adapter) handleRunProgressCard(ctx context.Context, sessionID string, r
 	}
 }
 
-// markPermissionPending 将权限请求映射到 run 卡片，返回是否需要发送审批按钮卡片。
+// markPermissionPending 将权限请求映射到 run 卡片，返回当前事件是否应继续刷新审批交互卡片。
 func (a *Adapter) markPermissionPending(sessionID string, runID string, requestID string, toolName string, reason string) bool {
 	normalizedRequestID := strings.TrimSpace(requestID)
 	if normalizedRequestID == "" {
@@ -693,14 +696,15 @@ func (a *Adapter) markPermissionPending(sessionID string, runID string, requestI
 		return false
 	}
 
-	shouldSendCard := strings.TrimSpace(a.permissionCards[normalizedRequestID]) == ""
+	alreadyPending := false
 	binding.ApprovalStatus = "pending"
 	found := false
 	for i := range binding.ApprovalRecords {
 		if binding.ApprovalRecords[i].RequestID != normalizedRequestID {
 			continue
 		}
 		found = true
+		alreadyPending = isApprovalPendingDecision(binding.ApprovalRecords[i].Decision)
 		if strings.TrimSpace(binding.ApprovalRecords[i].ToolName) == "" && strings.TrimSpace(toolName) != "" {
 			binding.ApprovalRecords[i].ToolName = strings.TrimSpace(toolName)
 		}
@@ -720,14 +724,6 @@ func (a *Adapter) markPermissionPending(sessionID string, runID string, requestI
 	if strings.TrimSpace(reason) != "" {
 		binding.LastSummary = strings.TrimSpace(reason)
 	}
-	pendingCount := 0
-	for _, entry := range binding.ApprovalRecords {
-		if isApprovalPendingDecision(entry.Decision) {
-			pendingCount++
-		}
-	}
-	// 同一 run 仅展示一张待审批交互卡，后续审批排队等待前一条处理完成。
-	shouldSendCard = shouldSendCard && pendingCount == 1
 	a.activeRuns[key] = binding
 	a.requestRuns[normalizedRequestID] = key
 
@@ -741,7 +737,54 @@ func (a *Adapter) markPermissionPending(sessionID string, runID string, requestI
 			a.safeLog("update pending approval card failed: %v", err)
 		}
 	}
-	return shouldSendCard
+	return !(found && alreadyPending)
+}
+
+// upsertPermissionCard 在同一 run 内复用一张审批卡片，后续审批请求覆盖刷新该卡片。
+func (a *Adapter) upsertPermissionCard(
+	ctx context.Context,
+	sessionID string,
+	runID string,
+	chatID string,
+	payload PermissionCardPayload,
+) {
+	key := runBindingKey(sessionID, runID)
+	normalizedRequestID := strings.TrimSpace(payload.RequestID)
+	if key == "|" || normalizedRequestID == "" {
+		return
+	}
+
+	a.mu.RLock()
+	existingCardID := strings.TrimSpace(a.runPermissionCards[key])
+	a.mu.RUnlock()
+
+	if existingCardID == "" {
+		cardID, err := a.messenger.SendPermissionCard(ctx, chatID, payload)
+		if err != nil {
+			a.safeLog("permission card create failed request_id=%s err=%v", normalizedRequestID, err)
+			return
+		}
+		cardID = strings.TrimSpace(cardID)
+		if cardID == "" {
+			return
+		}
+		a.mu.Lock()
+		a.runPermissionCards[key] = cardID
+		a.permissionCards[normalizedRequestID] = cardID
+		a.mu.Unlock()
+		a.safeLog("permission card created request_id=%s card_id=%s run_key=%s", normalizedRequestID, cardID, key)
+		return
+	}
+
+	a.safeLog("permission card update start request_id=%s card_id=%s", normalizedRequestID, existingCardID)
+	if err := a.messenger.UpdatePendingPermissionCard(ctx, existingCardID, payload); err != nil {
+		a.safeLog("permission card update failed request_id=%s card_id=%s err=%v", normalizedRequestID, existingCardID, err)
+		return
+	}
+	a.mu.Lock()
+	a.permissionCards[normalizedRequestID] = existingCardID
+	a.mu.Unlock()
+	a.safeLog("permission card update done request_id=%s card_id=%s", normalizedRequestID, existingCardID)
 }
 
 // markUserQuestionPending 记录 ask_user 待回答问题，并挂接到 run 状态卡上下文。
@@ -840,6 +883,11 @@ func (a *Adapter) updateApprovalStatus(requestID string, decision string) {
 		return
 	}
 	a.mu.Lock()
+	if alreadyDecision, resolved := a.resolvedPermissions[normalizedRequestID]; resolved &&
+		normalizeApprovalDecision(alreadyDecision) == normalizedDecision {
+		a.mu.Unlock()
+		return
+	}
 	key := a.requestRuns[normalizedRequestID]
 	binding, ok := a.activeRuns[key]
 	var resolvedApproval *approvalEntry
@@ -885,6 +933,9 @@ func (a *Adapter) updateApprovalStatus(requestID string, decision string) {
 		statusPayload = binding.statusCardPayload()
 	}
 	permCardID := strings.TrimSpace(a.permissionCards[normalizedRequestID])
+	if permCardID == "" {
+		permCardID = strings.TrimSpace(a.runPermissionCards[key])
+	}
 	a.resolvedPermissions[normalizedRequestID] = normalizedDecision
 	a.mu.Unlock()
 

internal/feishuadapter/adapter_test.go

@@ -111,6 +111,7 @@ type sentMessage struct {
 	kind                 string
 	text                 string
 	card                 PermissionCardPayload
+	updatedPendingCard   *PermissionCardPayload
 	userQuestionCard     UserQuestionCardPayload
 	runCard              StatusCardPayload
 	cardID               string
@@ -151,6 +152,13 @@ func (m *fakeMessenger) UpdatePermissionCard(_ context.Context, cardID string, p
 	return nil
 }
 
+func (m *fakeMessenger) UpdatePendingPermissionCard(_ context.Context, cardID string, payload PermissionCardPayload) error {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	m.messages = append(m.messages, sentMessage{chatID: cardID, kind: "update_pending_perm_card", updatedPendingCard: &payload})
+	return nil
+}
+
 func (m *fakeMessenger) DeleteMessage(_ context.Context, messageID string) error {
 	m.mu.Lock()
 	defer m.mu.Unlock()
@@ -807,6 +815,73 @@ func TestPermissionApprovalsDoNotAutoPushQueuedCardOnResolve(t *testing.T) {
 	}
 }
 
+func TestPermissionCardReusedAcrossSequentialRequests(t *testing.T) {
+	adapter := newTestAdapter(t)
+	if err := adapter.bindThenRun(context.Background(), "session-reuse", "run-reuse", "chat-reuse", "执行审批复用任务"); err != nil {
+		t.Fatalf("bindThenRun: %v", err)
+	}
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	go adapter.consumeGatewayEvents(ctx)
+
+	pushGatewayEvent(t, adapterTestGateway(adapter), "session-reuse", "run-reuse", "run_progress", map[string]any{
+		"runtime_event_type": "permission_requested",
+		"payload": map[string]any{
+			"request_id": "perm-reuse-1",
+			"reason":     "审批一",
+		},
+	})
+	time.Sleep(30 * time.Millisecond)
+
+	if err := adapter.HandleCardAction(context.Background(), FeishuCardActionEvent{
+		RequestID: "perm-reuse-1",
+		Decision:  "allow_once",
+	}); err != nil {
+		t.Fatalf("handle first card action: %v", err)
+	}
+	time.Sleep(30 * time.Millisecond)
+
+	pushGatewayEvent(t, adapterTestGateway(adapter), "session-reuse", "run-reuse", "run_progress", map[string]any{
+		"runtime_event_type": "permission_requested",
+		"payload": map[string]any{
+			"request_id": "perm-reuse-2",
+			"reason":     "审批二",
+		},
+	})
+	time.Sleep(40 * time.Millisecond)
+
+	msgs := adapterTestMessenger(adapter).snapshot()
+	cardSends := 0
+	pendingUpdates := 0
+	resolvedUpdates := 0
+	lastPendingRequestID := ""
+	for _, message := range msgs {
+		switch message.kind {
+		case "card":
+			cardSends++
+		case "update_pending_perm_card":
+			pendingUpdates++
+			if message.updatedPendingCard != nil {
+				lastPendingRequestID = message.updatedPendingCard.RequestID
+			}
+		case "update_perm_card":
+			resolvedUpdates++
+		}
+	}
+	if cardSends != 1 {
+		t.Fatalf("permission card sends = %d, want 1; msgs=%#v", cardSends, msgs)
+	}
+	if pendingUpdates < 1 {
+		t.Fatalf("expected pending permission card update for second request, msgs=%#v", msgs)
+	}
+	if resolvedUpdates < 1 {
+		t.Fatalf("expected resolved permission card update for first request, msgs=%#v", msgs)
+	}
+	if lastPendingRequestID != "perm-reuse-2" {
+		t.Fatalf("last pending request id = %q, want perm-reuse-2; msgs=%#v", lastPendingRequestID, msgs)
+	}
+}
+
 func TestPermissionResolvedEventUpdatesPermissionCard(t *testing.T) {
 	adapter := newTestAdapter(t)
 	if err := adapter.bindThenRun(context.Background(), "session-resolve", "run-resolve", "chat-resolve", "执行审批事件任务"); err != nil {

internal/feishuadapter/messenger.go

@@ -73,32 +73,14 @@ func (m *feishuMessenger) SendPermissionCard(ctx context.Context, chatID string,
 	return m.sendMessage(ctx, chatID, "interactive", string(content))
 }
 
+// UpdatePendingPermissionCard 根据 card_id 覆盖更新审批卡片为新的待审批请求。
+func (m *feishuMessenger) UpdatePendingPermissionCard(ctx context.Context, cardID string, payload PermissionCardPayload) error {
+	return m.patchInteractiveCard(ctx, cardID, buildPermissionCard(payload))
+}
+
 // UpdatePermissionCard 根据 card_id 覆盖更新审批卡片为已处理状态。
 func (m *feishuMessenger) UpdatePermissionCard(ctx context.Context, cardID string, payload ResolvedPermissionCardPayload) error {
-	token, err := m.tenantAccessToken(ctx)
-	if err != nil {
-		return err
-	}
-	card := buildResolvedPermissionCard(payload)
-	content, err := json.Marshal(card)
-	if err != nil {
-		return err
-	}
-	body := map[string]string{
-		"content": string(content),
-	}
-	data, err := json.Marshal(body)
-	if err != nil {
-		return err
-	}
-	url := strings.TrimRight(m.baseURL, "/") + "/open-apis/im/v1/messages/" + cardID
-	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, url, bytes.NewReader(data))
-	if err != nil {
-		return err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", "Bearer "+token)
-	return m.doJSONRequest(req)
+	return m.patchInteractiveCard(ctx, cardID, buildResolvedPermissionCard(payload))
 }
 
 // DeleteMessage 根据 message_id 删除飞书消息，常用于审批卡片在完成后收起。
@@ -169,29 +151,7 @@ func (m *feishuMessenger) SendStatusCard(ctx context.Context, chatID string, pay
 
 // UpdateCard 根据 card_id 覆盖更新当前 run 的状态卡片内容。
 func (m *feishuMessenger) UpdateCard(ctx context.Context, cardID string, payload StatusCardPayload) error {
-	token, err := m.tenantAccessToken(ctx)
-	if err != nil {
-		return err
-	}
-	content, err := json.Marshal(buildStatusCard(payload))
-	if err != nil {
-		return err
-	}
-	body := map[string]string{
-		"content": string(content),
-	}
-	data, err := json.Marshal(body)
-	if err != nil {
-		return err
-	}
-	url := strings.TrimRight(m.baseURL, "/") + "/open-apis/im/v1/messages/" + cardID
-	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, url, bytes.NewReader(data))
-	if err != nil {
-		return err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", "Bearer "+token)
-	return m.doJSONRequest(req)
+	return m.patchInteractiveCard(ctx, cardID, buildStatusCard(payload))
 }
 
 // sendMessage 统一封装飞书消息发送请求，复用鉴权与错误处理。
@@ -249,6 +209,33 @@ func (m *feishuMessenger) doJSONRequest(req *http.Request) error {
 	return err
 }
 
+// patchInteractiveCard 复用飞书消息 PATCH 接口更新交互卡片内容。
+func (m *feishuMessenger) patchInteractiveCard(ctx context.Context, cardID string, card map[string]any) error {
+	token, err := m.tenantAccessToken(ctx)
+	if err != nil {
+		return err
+	}
+	content, err := json.Marshal(card)
+	if err != nil {
+		return err
+	}
+	body := map[string]string{
+		"content": string(content),
+	}
+	data, err := json.Marshal(body)
+	if err != nil {
+		return err
+	}
+	url := strings.TrimRight(m.baseURL, "/") + "/open-apis/im/v1/messages/" + cardID
+	req, err := http.NewRequestWithContext(ctx, http.MethodPatch, url, bytes.NewReader(data))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+token)
+	return m.doJSONRequest(req)
+}
+
 // tenantAccessToken 获取并缓存 tenant access token，避免每次发送都重复换取。
 func (m *feishuMessenger) tenantAccessToken(ctx context.Context) (string, error) {
 	m.mu.Lock()