Skip to content

fix(wecom): support pic_url and fix AES key base64 padding for image …#12390

Open
zogwei wants to merge 1 commit into
NousResearch:mainfrom
zogwei:fix/wecom-image-decryption
Open

fix(wecom): support pic_url and fix AES key base64 padding for image …#12390
zogwei wants to merge 1 commit into
NousResearch:mainfrom
zogwei:fix/wecom-image-decryption

Conversation

@zogwei

@zogwei zogwei commented Apr 19, 2026

Copy link
Copy Markdown

…decryption

WeCom AI Bot sends image URLs in the pic_url field (not url). Additionally, the aeskey is 43-character base64 without standard padding, causing base64.b64decode() to raise Incorrect padding.

Changes:

  • Recognize pic_url in inbound media references
  • Add _decode_wecom_aes_key() to handle unpadded base64
  • Use the new decoder in _decrypt_file_bytes()
  • Add _try_decrypt_variants() as fallback for different AES modes

What does this PR do?

Related Issue

Fixes #

Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)
  • ✨ New feature (non-breaking change that adds functionality)
  • 🔒 Security fix
  • 📝 Documentation update
  • ✅ Tests (adding or improving test coverage)
  • ♻️ Refactor (no behavior change)
  • 🎯 New skill (bundled or hub)

Changes Made

How to Test

Checklist

Code

  • I've read the Contributing Guide
  • My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
  • I searched for existing PRs to make sure this isn't a duplicate
  • My PR contains only changes related to this fix/feature (no unrelated commits)
  • I've run pytest tests/ -q and all tests pass
  • I've added tests for my changes (required for bug fixes, strongly encouraged for features)
  • I've tested on my platform:

Documentation & Housekeeping

  • I've updated relevant documentation (README, docs/, docstrings) — or N/A
  • I've updated cli-config.yaml.example if I added/changed config keys — or N/A
  • I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
  • I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
  • I've updated tool descriptions/schemas if I changed tool behavior — or N/A

For New Skills

  • This skill is broadly useful to most users (if bundled) — see Contributing Guide
  • SKILL.md follows the standard format (frontmatter, trigger conditions, steps, pitfalls)
  • No external dependencies that aren't already available (prefer stdlib, curl, existing Hermes tools)
  • I've tested the skill end-to-end: hermes --toolsets skills -q "Use the X skill to do Y"

Screenshots / Logs

@zogwei
fix(wecom): support pic_url and fix AES key base64 padding for image …
0399a9d 
…decryption

WeCom AI Bot sends image URLs in the `pic_url` field (not `url`).
Additionally, the `aeskey` is 43-character base64 without standard
padding, causing base64.b64decode() to raise Incorrect padding.

Changes:
- Recognize `pic_url` in inbound media references
- Add `_decode_wecom_aes_key()` to handle unpadded base64
- Use the new decoder in `_decrypt_file_bytes()`
- Add `_try_decrypt_variants()` as fallback for different AES modes
@alt-glitch alt-glitch added type/bug Something isn't working P2 Medium — degraded but workaround exists platform/wecom WeCom / WeChat Work adapter comp/gateway Gateway runner, session dispatch, delivery labels Apr 23, 2026
@alt-glitch

alt-glitch commented Apr 23, 2026

Copy link
Copy Markdown
Collaborator

Related to #11890, #11447, #11899, #10085 — all address WeCom AES key decoding/image handling. Check if #11899 already covers this fix.

@alt-glitch alt-glitch mentioned this pull request Apr 23, 2026
Open
@sunday866 sunday866 mentioned this pull request Apr 29, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp/gateway Gateway runner, session dispatch, delivery P2 Medium — degraded but workaround exists platform/wecom WeCom / WeChat Work adapter type/bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zogwei @alt-glitch