fix(feishu): support text tag and nested arrays in interactive card parsing

[taozengabc]

Problem

parseInteractiveCardContent only recognizes div, markdown, lark_md, and plain_text element tags. Two common card formats fall through to the [Interactive Card] placeholder:

1. text tag elements — used by custom cards (e.g. monitoring alert cards built with CardKit):

   { "tag": "text", "text": "Service health check failed" }

2. Nested array layouts — table-like row structures common in monitoring/status cards:

   {
     "elements": [
       [{"tag": "text", "text": "Service"}, {"tag": "text", "text": "eip-admin-api"}],
       [{"tag": "text", "text": "Alert"}, {"tag": "text", "text": "Health check failed 3 times"}]
     ]
   }

This causes loss of context when users quote-reply to card messages — the agent receives [Interactive Card] instead of the actual card content.

Impact in production: 33 occurrences over 4 weeks in our Feishu deployment, primarily in SLA monitoring groups where users quote alert cards to ask the agent for analysis.

Fix

Two minimal changes in extensions/feishu/src/send.ts:

1. Add text tag support in extractInteractiveElementText — extracts element.text when tag === "text" and text is a string
2. Flatten nested arrays in extractInteractiveElementsText — when an element is itself an array (row of cells), iterate its children instead of skipping

Both changes are additive and do not affect existing parsing behavior for div, markdown, lark_md, or plain_text tags.

Tests

Added two test cases in send.test.ts:

• Nested array elements (table-like card layout)
• text tag elements mixed with markdown elements

Related

• [Feishu] Interactive Card message content parsing missing #41609 — reports the same underlying issue
• fix(feishu): improve interactive card text extraction for all card formats #45936 — a broader fix attempt (DFS traversal + sanitization); this PR is a targeted minimal fix

[greptile-apps]

Greptile Summary

Adds two additive improvements to parseInteractiveCardContent in send.ts: support for the text tag (used by custom CardKit-based monitoring cards) and one-level flattening of nested array element rows (table-like layouts). Both changes are backward-compatible and covered by new test cases.

Confidence Score: 5/5

Safe to merge — changes are additive, correctly guarded, and well-tested.

Both changes are minimal and additive: the text tag branch is properly guarded by typeof element.text === "string", and the array flattening correctly delegates to the existing single-element extractor. No existing branches are modified, and two new test cases validate the new paths. No security or data-integrity concerns identified.

No files require special attention.

_{Reviews (1): Last reviewed commit: "fix(feishu): support text tag and nested..." | Re-trigger Greptile}

[vincentkoc]

ProjectClownfish pushed a narrow repair to this branch so the original contributor path can stay canonical.

Source PR: #73203
Validation: pnpm -s vitest run extensions/feishu/src/send.test.ts; pnpm check:changed
Contributor credit is preserved in the branch history and PR context.

[clawsweeper]

Codex review: needs changes before merge.

Summary
The PR updates Feishu replied interactive-card parsing to extract direct text tag elements, walk nested array cells, and add focused regression tests plus a changelog entry.

Reproducibility: yes. A mocked getMessageFeishu response with msg_type: "interactive" and either elements: [{"tag":"text","text":"..."}] or elements: [[{"tag":"text","text":"..."}]] reproduces the missing extraction on current main.

Next step before merge
This is a narrow repair on an already-useful PR branch: keep the parser/test intent and fix the traversal-safety blocker.

Security
Needs attention: No workflow, dependency, lockfile, secret, or publishing surface changed, but the parser change introduces an external-input denial-of-service concern.

Review findings

• [P2] Bound recursive card traversal — extensions/feishu/src/send.ts:256-260

Review details

Best possible solution:

Keep the narrow Feishu-local text tag support and regression coverage, but replace recursive traversal with the stated one-level row flattening or a bounded iterative traversal before merge.

Do we have a high-confidence way to reproduce the issue?

Yes. A mocked getMessageFeishu response with msg_type: "interactive" and either elements: [{"tag":"text","text":"..."}] or elements: [[{"tag":"text","text":"..."}]] reproduces the missing extraction on current main.

Is this the best way to solve the issue?

No, not yet. Direct text extraction is the right narrow fix, but the nested-array traversal should be one-level as described or bounded with depth/node/output guards for external card JSON.

Full review comments:

• [P2] Bound recursive card traversal — extensions/feishu/src/send.ts:256-260
collectText recursively walks nested arrays from Feishu card JSON without any depth, node-count, or output cap. A deeply nested elements array that current main would skip can overflow the JS stack or spend unbounded work during quoted-message parsing, so make this traversal iterative or bounded before landing.
  Confidence: 0.78

Overall correctness: patch is incorrect
Overall confidence: 0.82

Security concerns:

• [medium] Unbounded recursive parsing of external card JSON — extensions/feishu/src/send.ts:256
  Feishu card content is external message data, and the PR recursively descends nested arrays without depth or node limits. A malformed or adversarial card can exhaust stack or CPU during message parsing.
  Confidence: 0.76

Acceptance criteria:

• pnpm test extensions/feishu/src/send.test.ts
• pnpm check:changed

What I checked:

• Current main lacks direct text-tag extraction: extractInteractiveElementText handles div, markdown/lark_md, and plain_text, then returns undefined; there is no tag === "text" branch. (extensions/feishu/src/send.ts:230, a53be2d2ce8c)
• Current main skips nested element rows: extractInteractiveElementsText iterates only top-level elements and passes each item to the record-only extractor, so an array row contributes no text. (extensions/feishu/src/send.ts:252, a53be2d2ce8c)
• Existing tests cover adjacent card shapes only: Current Feishu send tests cover markdown/div extraction, empty element fallback, locale variants, and post fallback, but not direct text elements or nested row arrays. (extensions/feishu/src/send.test.ts:134, a53be2d2ce8c)
• PR diff introduces unbounded recursion: The PR adds collectText and recursively descends nested arrays from Feishu card JSON without depth, node-count, or output bounds. (extensions/feishu/src/send.ts:256, bf6f95446e93)
• Related work does not supersede this exact PR: The provided timeline shows [Feishu] Interactive Card message content parsing missing #41609 and Feature Request: Add Feishu Interactive Card Parsing support #48281  #56795 remain open, while fix(feishu): improve interactive card text extraction for all card formats #45936 was closed unmerged; fix(feishu): repair interactive card content extraction #72397 merged adjacent fallback work but explicitly did not close broader Feishu interactive-card parsing.

Likely related people:

• vincentkoc: Recent merged Feishu interactive-card extraction repair and current-main blame for the parser/test snapshot point here; the PR discussion also says Vincent pushed the narrow repair commit to this branch. (role: recent maintainer; confidence: high; commits: bc0f89074f, c6cf37068cae, bf6f95446e93; files: extensions/feishu/src/send.ts, extensions/feishu/src/send.test.ts)
• Peter Steinberger: Local Feishu send history shows repeated recent parser, routing, and refactor touches in the same files, making this a useful secondary route for current-main integration context. (role: adjacent maintainer; confidence: medium; commits: 270630ba35, 88b394ba1b, ddd0fcdc83; files: extensions/feishu/src/send.ts, extensions/feishu/src/send.test.ts)
• Yifeng Wang: History shows the Feishu plugin was originally synced/replaced from the community plugin by Yifeng Wang, so this is a lower-confidence origin signal for the extension boundary rather than the current parser change. (role: introduced behavior; confidence: low; commits: 5c2cb6c591, 5f6e1c19bd, 2267d58afc; files: extensions/feishu/src/send.ts)

Remaining risk / open question:

• The PR recursively parses untrusted Feishu card JSON without an explicit traversal bound, so a malformed nested array can overflow the stack or consume unbounded CPU during quoted-message parsing.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a53be2d2ce8c.