fix: honor feishu default account setup policy

extensions/feishu/src/setup-surface.test.ts

@@ -220,6 +220,39 @@ describe("feishu setup wizard status", () => {
     expect(status.statusLines).toEqual(["Feishu: needs app credentials"]);
   });
 
+  it("uses configured defaultAccount for omitted DM policy account context", async () => {
+    const { feishuSetupWizard } = await import("./setup-surface.js");
+    const cfg = {
+      channels: {
+        feishu: {
+          allowFrom: ["ou_root"],
+          defaultAccount: "work",
+          accounts: {
+            work: {
+              appId: "work-app",
+              appSecret: "work-secret", // pragma: allowlist secret
+              dmPolicy: "allowlist",
+              allowFrom: ["ou_work"],
+            },
+          },
+        },
+      },
+    } as const;
+
+    expect(feishuSetupWizard.dmPolicy?.getCurrent?.(cfg as never)).toBe("allowlist");
+    expect(feishuSetupWizard.dmPolicy?.resolveConfigKeys?.(cfg as never)).toEqual({
+      policyKey: "channels.feishu.accounts.work.dmPolicy",
+      allowFromKey: "channels.feishu.accounts.work.allowFrom",
+    });
+
+    const next = feishuSetupWizard.dmPolicy?.setPolicy?.(cfg as never, "open");
+
+    expect(next?.channels?.feishu?.dmPolicy).toBeUndefined();
+    expect(next?.channels?.feishu?.allowFrom).toEqual(["ou_root"]);
+    expect(next?.channels?.feishu?.accounts?.work?.dmPolicy).toBe("open");
+    expect(next?.channels?.feishu?.accounts?.work?.allowFrom).toEqual(["ou_work", "*"]);
+  });
+
   it("treats env SecretRef appId as not configured when env var is missing", async () => {
     const appIdKey = "FEISHU_APP_ID_STATUS_MISSING_TEST";
     const appSecretKey = "FEISHU_APP_CREDENTIAL_STATUS_MISSING_TEST"; // pragma: allowlist secret

extensions/feishu/src/setup-surface.ts

@@ -16,6 +16,7 @@ import {
 import {
   inspectFeishuCredentials,
   listFeishuAccountIds,
+  resolveDefaultFeishuAccountId,
   resolveFeishuAccount,
 } from "./accounts.js";
 import { probeFeishu } from "./probe.js";
@@ -190,23 +191,25 @@ const feishuDmPolicy: ChannelSetupDmPolicy = {
   channel,
   policyKey: "channels.feishu.dmPolicy",
   allowFromKey: "channels.feishu.allowFrom",
-  resolveConfigKeys: (_cfg, accountId) =>
-    accountId && accountId !== DEFAULT_ACCOUNT_ID
+  resolveConfigKeys: (_cfg, accountId) => {
+    const resolvedAccountId = accountId ?? resolveDefaultFeishuAccountId(_cfg);
+    return resolvedAccountId !== DEFAULT_ACCOUNT_ID
       ? {
-          policyKey: `channels.feishu.accounts.${accountId}.dmPolicy`,
-          allowFromKey: `channels.feishu.accounts.${accountId}.allowFrom`,
+          policyKey: `channels.feishu.accounts.${resolvedAccountId}.dmPolicy`,
+          allowFromKey: `channels.feishu.accounts.${resolvedAccountId}.allowFrom`,
         }
       : {
           policyKey: "channels.feishu.dmPolicy",
           allowFromKey: "channels.feishu.allowFrom",
-        },
+        };
+  },
   getCurrent: (cfg, accountId) =>
     resolveFeishuAccount({
       cfg,
-      accountId: accountId ?? DEFAULT_ACCOUNT_ID,
+      accountId: accountId ?? resolveDefaultFeishuAccountId(cfg),
     }).config.dmPolicy ?? "pairing",
   setPolicy: (cfg, policy, accountId) => {
-    const resolvedAccountId = accountId ?? DEFAULT_ACCOUNT_ID;
+    const resolvedAccountId = accountId ?? resolveDefaultFeishuAccountId(cfg);
     const currentAllowFrom = resolveFeishuAccount({
       cfg,
       accountId: resolvedAccountId,
@@ -219,7 +222,7 @@ const feishuDmPolicy: ChannelSetupDmPolicy = {
   promptAllowFrom: async ({ cfg, accountId, prompter }) =>
     await promptFeishuAllowFrom({
       cfg,
-      accountId: accountId ?? DEFAULT_ACCOUNT_ID,
+      accountId: accountId ?? resolveDefaultFeishuAccountId(cfg),
       prompter,
     }),
 };