Invoke nativeExports.setVerbose(true) immediately after loading the QQ wrapper so the native module emits verbose logs (uses optional chaining so it’s safe if the symbol is absent). Also includes an updated napi2native.win32.x64.node binary. This helps with debugging native bypass behavior.
Introduce NAPCAT_DISABLE_BYPASS to conditionally skip calling napi2nativeLoader.nativeExports.enableAllBypasses. Updates in napcat-framework/napcat.ts and napcat-shell/base.ts: bypass is enabled by default, but if NAPCAT_DISABLE_BYPASS is set to '1' the bypass call is skipped and a log message indicates it was disabled via environment variable. Keeps existing log when bypass is successfully enabled.
Add cleanupOrphanedProcesses to terminate leftover child processes when running in Electron. The function imports Electron at runtime, uses app.getAppMetrics() to enumerate processes, excludes the main and provided worker PIDs, and sends SIGTERM to stray PIDs while ignoring already-dead processes and API errors. Also invoke this cleanup in restartWorker after starting the new worker to avoid lingering processes after restarts. Includes @ts-ignore for the dynamic Electron import and debug logging on failure.
Add ffmpeg.dll to the napi2native package and update the prebuilt Windows x64 native addon (napi2native.win32.x64.node). This bundles the FFmpeg runtime with the native package and includes a rebuilt/updated native binary for Windows x64 to ensure compatibility with the new dependency or recent native changes.
Expose an optional enableAllBypasses export in the Napi2Native loader and invoke it during initialization in both napcat-framework and napcat-shell to enable bypasses (logs when enabled). Pre-initialize native modules earlier in the shell startup flow and await nativePacketHandler.init. Also update config o3HookMode from 1 to 0, apply a small signature whitespace fix in clientContext.sendOidbPacket, and include an updated native binary.
Add multiple NodeIKernel service interface files and tighten up method signatures and types across napcat-core. New interfaces added (e.g. NodeIKernelAVSDKService, NodeIKernelAddBuddyService, NodeIKernelBdhUploadService, NodeIKernelConfigMgrService, NodeIKernelDirectSessionService, NodeIKernelEmojiService, NodeIKernelFeedService, NodeIKernelFileBridgeClientService, NodeIKernelFileBridgeHostService, etc.). Updated existing interfaces with clearer parameter and return types, consistent spacing/semicolons, improved complex return shapes (AlbumService, CollectionService), listener methods, isNull checks, and many other method signature refinements (Avatar, Buddy, DbTools, ECDH, FileAssistant, FlashTransfer, GroupService, and more) to improve type safety and readability.
Add end-to-end support for reading/writing Linux machine-info and computing GUIDs.
Backend: - Introduce MachineInfoUtils (TS) for machine-info path lookup, ROT13 serialization, read/write/delete, backups, and MD5-based GUID computation. - Add a Python utility (guid.py) for CLI inspection, encode/decode, dump, and GUID computation. - Extend QQLogin API with new handlers: GetPlatformInfo, GetLinuxMAC, SetLinuxMAC, GetLinuxMachineId, ComputeLinuxGUID, GetLinuxMachineInfoBackups, CreateLinuxMachineInfoBackup, RestoreLinuxMachineInfoBackup, ResetLinuxDeviceID. Handlers include automatic backup behavior and error handling.
Router: Register new QQLogin routes for platform info and Linux machine-info operations.
Frontend: - Enhance guid_manager UI to detect platform and provide Linux-specific workflow (display machine-id, show/edit MAC, preview computed GUID via MD5, backup/restore/delete machine-info, and restart actions). - Add client-side MD5 (crypto-js) usage and new QQManager API methods to call the new backend endpoints.
This change enables cross-platform GUID management (Windows and Linux), includes CLI tooling for low-level inspection, and adds frontend workflows for Linux device-id management.
Introduce tools and UI to read, write, backup and restore QQ Registry20 GUIDs using Windows DPAPI. Adds a Python CLI (guid_tool.py) for local Registry20 operations and a new TypeScript package napcat-dpapi with native bindings for DPAPI. Implements Registry20Utils in the webui-backend to protect/unprotect Registry20, plus backup/restore/delete helpers. Exposes new backend API handlers and routes (get/set GUID, backups, restore, reset, restart) and integrates frontend GUIDManager component and qq_manager controller methods. Propagates QQ data path via WebUiDataRuntime (setter/getter) and wires it up in framework/shell; updates Vite alias and package.json to include the new dpapi workspace. Includes native addon binaries for win32 x64/arm64 and basic tsconfig/readme/license for the new package.
Add parseAppidFromMajorV2 to napcat-common to scan a Major file for the "QQAppId/" marker and extract a null-terminated numeric AppID. Update qq-basic-info to import and prefer this new parser (falling back to the existing parseAppidFromMajor). Also correct the getMajorPath argument order when obtaining the major file path. This enables detection of AppID from a newer Major format while preserving legacy fallback behavior.
Add a new mapping to packages/napcat-core/external/appid.json for version 9.9.27-45758 (Windows). The entry sets appid to 537340213 and qua to "V1_WIN_NQ_9.9.27_45758_GW_B".
Correct the appid entry in packages/napcat-core/external/appid.json for version 3.2.25-45758, changing it from 537314197 to 537340249 to ensure the build is identified correctly. (File now lacks a trailing newline.)
Rename the object key in packages/napcat-core/external/appid.json from "3.2.25-45627" to "3.2.25-45758" to register the new build. The appid (537340249) and qua string were not modified in this change; please verify whether the qua should also be updated to match the new build identifier.
Add a new entry to packages/napcat-core/external/appid.json for version 3.2.25-45627 with appid 537340249 and qua "V1_LNX_NQ_3.2.25_45627_GW_B". This registers the Linux build identifier in the appid mapping.
Merge and simplify the QQ and Node.js download steps in .github/workflows/release.yml: remove the actions/cache step and related QQ cache logic, always download the QQ x64 installer directly, and assemble/extract using a single temporary directory (TMPDIR). Also rename the step to "Download and Assemble NapCat.Shell.Windows.Node.zip" and switch NODE_EXTRACT to use TMPDIR instead of WORK_TMPDIR. This reduces workflow complexity and avoids maintaining a local cache for the QQ installer.
Update external mapping files to include new build entries. Added send/recv addresses for 3.2.25-45758 (x64 and arm64) and 9.9.27-45758-x64 in packages/napcat-core/external/napi2native.json and packages/napcat-core/external/packet.json. No functional code changes — just registry updates for new builds.
Pass JSON.stringify(...) as the codeString prop to Snippet so structured message/response objects are rendered as pretty-printed JSON and can be copied via the tooltip. Changes applied in show_structed_message.tsx, display_card/render.tsx, and display_card/response.tsx.
Update NTQQFriendApi to use a lower minimum NTQQ build threshold (39038) when deciding which buddyListV2 API path to call. The change replaces occurrences of '41679' with '39038' in packages/napcat-core/apis/friend.ts (affecting getBuddyV2SimpleInfoMap and the buddyListV2 retrieval logic) to broaden compatibility with older NTQQ builds.
Update dashboard extension UI to prevent title overflow: add truncate and max-width to the tab title, include the plugin name in the title tooltip, and hide the plugin-name label on small screens (visible from md+). Also add a '/plugin' proxy entry to the Vite dev server config so plugin requests are forwarded to the backend debug URL.
Add externalVersion boolean to LoginInitConfig and pass false at initialization; bump appid qua for 9.9.27 entry. Refine several IPC/wrapper typings to use Promise return types, adjust pathIsReadableAndWriteable signature to accept a type and return Promise<number>, and update NodeIKernelNodeMiscService method signatures (styling) while adding getQimei36WithNewSdk(). These changes improve type accuracy for async/native calls and add a new SDK helper.
Update GitHub Actions release workflow to use a cached QQ x64 installer (updated NT_URL), add cache key generation and actions/cache usage, and implement a download-and-extract step that reuses the cache. Adjust temporary directory usage (WORK_TMPDIR/NODE_EXTRACT), add LightQuic.dll to copy targets, and copy specific win64 files into an OUT_DIR/win64 folder.
Update packages/napcat-develop/loadNapCat.cjs to recognize and copy win64 artifacts: add TARGET_WIN64_DIR, include LightQuic.dll, define win64ItemsToCopy (SSOShareInfoHelper64.dll, parent-ipc-core-x64.dll), validate their presence, ensure target directories, and copy win64 files into dist/win64. These changes speed CI by caching the installer and ensure required win64 DLLs are packaged alongside the main distribution.
Implement password-based QQ login across the stack: add a PasswordLogin React component, integrate it into the QQ login page, and add a frontend controller method to call a new /QQLogin/PasswordLogin API. On the backend, add QQPasswordLoginHandler, router entry, and WebUiDataRuntime hooks (setPasswordLoginCall / requestPasswordLogin) plus a default handler. Register a password login callback in the shell (base.ts) that calls the kernel login service, handles common error cases and falls back to QR code when needed. Update types to include onPasswordLoginRequested and adjust NodeIKernelLoginService method signatures (including passwordLogin return type changed to Promise<QuickLoginResult>) and minor formatting fixes.
Introduce support for plugin API routes that do not require WebUI authentication. Updates include:
- napcat-onebot: Add apiNoAuth route storage and helpers (apiNoAuth, getNoAuth, postNoAuth, putNoAuth, deleteNoAuth), hasApiNoAuthRoutes, buildApiNoAuthRouter, and clear handling in PluginRouterRegistryImpl.
- napcat-onebot types: Extend PluginRouterRegistry interface with no-auth API methods and document that authenticated APIs remain separate.
- napcat-webui-backend: Mount a new unauthenticated plugin route handler at /plugin/:pluginId/api that looks up the plugin router and dispatches requests to the plugin's no-auth router, returning appropriate errors when context or routes are missing.
- napcat-plugin-builtin: Add example no-auth endpoints (public/info and health) and update logger messages to reflect both auth and no-auth API paths.
- Bump napcat-types version to 0.0.16 and update napcat-plugin-builtin dependency accordingly.
These changes enable plugins to expose public endpoints (e.g. health checks or public metadata) under /plugin/{pluginId}/api/ while keeping existing authenticated APIs under /api/Plugin/ext/{pluginId}/.
Serialize non-function properties of server-side objects as cachedProps so simple property reads don't require additional RPCs. Added cachedProps to SerializedValue, have RpcServer.storeObjectRef serialize and attach cachedProps (skipping functions), updated serializer to deserialize cachedProps and pass them to proxyCreator, and updated client proxy creation to accept cachedProps and return cached top-level properties directly. Tests updated to expect direct property access for serialized/simple objects and arrays.
Introduce remote object references (refId) and deep proxy support across client, server, serializer and types. Key changes:
- Add refId propagation in client proxies so child proxies inherit and include refId on RPC requests.
- Extend serializer to handle a new SerializedValueType.OBJECT_REF, add refResolver and pass refId to proxyCreator.
- Server: store object references in a Map with generated ref IDs, resolve paths with optional refId, serialize results to OBJECT_REF when shouldProxyResult returns true, and release cleans up references. Add defaultShouldProxyResult heuristic to decide which return values should remain proxied (class instances and objects with methods).
- Types: add refId fields and ObjectRef shape, expose shouldProxyResult option on RpcServerOptions, and include refId in ProxyMeta and serialized values.
- Tests updated across the suite to expect proxied return values (arrays/objects/class instances) and to await property access or method calls; add comprehensive tests for deep return value proxying, chained calls, callbacks, constructors on returned proxies, and lifecycle of remote object proxies.
These changes enable returning live/proxied remote objects (including class instances and objects with methods) from RPC calls, preserving remote behavior and allowing subsequent operations to target the same server-side object.
Introduce a new napcat-rpc package implementing a deep-proxy RPC system. Adds client (createDeepProxy, proxy helpers), server (RpcServer, createRpcServer), serializer (serialize/deserialize, callback registry), and transport layers (LocalTransport, MessageTransport, message server handler), plus an easy API (createRpcPair, mockRemote, createServer, createClient). Includes TypeScript types, tsconfig and package.json. Wire-up: add package alias in napcat-schema vite config and add napcat-rpc dependency to napcat-test along with comprehensive rpc tests.
Return a 400 error when the /call-plugin/:pluginId route is requested without a pluginId to avoid calling getPluginExports with an undefined id (packages/napcat-plugin-builtin/index.ts).
Update the dashboard UI to read the auth token from localStorage (same-origin) instead of relying on a URL parameter; a comment about legacy webui_token in the URL was added while the implementation currently prefers localStorage.getItem('token') (packages/napcat-plugin-builtin/webui/dashboard.html).
Add a public route to serve plugin extension pages without auth and update related pieces accordingly. Backend: register GET /plugin/:pluginId/page/:pagePath to locate the plugin router, validate page and HTML file existence, and send the file (returns appropriate 4xx/5xx errors). Frontend: switch iframe and new-window URLs to the new unauthenticated route (remove webui_token usage). Builtin plugin: clarify page registration comment and add a log line for the extension page URL. Minor formatting whitespace tweaks in plugin manager type annotations.
