OpenClaw Agent Feishu Onboarding

Standardize creation of new OpenClaw agents and Feishu route binding.
Use this skill for operational execution with strict confirmations.

Runtime Prerequisites

- Required binaries:

- openclaw (CLI available in PATH) - python (3.x, used by scripts/validate_feishu_bindings.py)

- Preflight checks:

- openclaw --version - python --version

- Data access behavior:

- Reads local OpenClaw config (openclaw.json / OPENCLAW_CONFIG_PATH) - May write local agent and routing state (agents.list[], bindings[]) - Do not run on machines where local config access is not permitted

Core Scope

- Create a new agent (agents.list + workspace + identity).
Confirm Feishu route target fields before any write.
Bind routing using bindings.match with channel/accountId/peer.
Verify final route and provide rollback steps.

Required Inputs

- Agent intent:

- Agent purpose and responsibility boundary. - Explicit out-of-scope items.

- Agent spec:

- agentId (lowercase, digits, hyphen). - workspace path. - model id. - Identity object in agents.list[]: - use identity object (for example identity.name, identity.emoji, identity.theme) - do not rely on top-level name only

- Feishu route spec:

- match.channel: feishu - match.accountId: for example main - match.peer.kind: group (or dm when needed) - match.peer.id: Feishu session id (group id like oc_xxx or dm id)

Hard Validation Gates (Must Pass)

- agents.list[] entry for new agent must include identity object.
INLINECODE32 must be set for human-readable routing/debug checks.
INLINECODE33 must be one of channels.feishu.accounts keys (for example main).
Never put Feishu group/session id (oc_xxx) into match.accountId.
Group routing must include match.peer = { kind: "group", id: "oc_xxx" }.
If routing is for a specific group but match.peer is missing, abort and correct config before continuing.
Before write, print the final binding object and require explicit confirmation.

Multi-Step Confirmation Protocol

Do not skip confirmations. Ask and confirm in this exact order.

1. Confirmation A: Agent Goal

- Confirm what this agent should do. - Confirm what this agent must not do.

2. Confirmation B: Agent Configuration

- Confirm agentId, workspace, model, identity fields. - Confirm naming conventions and collision check (agentId uniqueness).

3. Confirmation C: Feishu Routing Target

- Confirm accountId. - Confirm peer.kind. - Confirm peer.id (explicitly state this is the Feishu session id). - Confirm whether this is a precise peer binding or account-level fallback.

4. Confirmation D: Execution Approval

- Summarize all fields in one compact block. - Ask for final go/no-go before writing config.

Execution Workflow

1. Discover current state:

- openclaw agents list - openclaw config get agents.list --json - openclaw config get channels.feishu.accounts --json - openclaw directory groups list --channel feishu --account <account-id> --query "<keyword>" --json - openclaw config get bindings --json

2. Create agent:

- openclaw agents add ... - Optional: openclaw agents set-identity ...

3. Apply routing:

- Use openclaw agents bind for account-scoped binding when needed. - Ensure peer-precise rule exists in top-level bindings[] with match.peer.

4. Validate:

- python -X utf8 ./scripts/validate_feishu_bindings.py --config <openclaw.json-path> - openclaw config validate --json - ensure target agents.list[] entry has identity.name - Check bindings[] entry content and ordering. - Ensure every group-targeted rule has match.peer.kind = "group" and match.peer.id = "oc_xxx".

5. Reload/restart gateway if required by deployment policy.

Routing Rules

- peer rule is the precise route key for a specific Feishu conversation.
Use match.peer.id to bind a specific session (group oc_xxx).
If both peer-level and account-level bindings exist, keep peer rule first.
Avoid broad fallback rules until peer-specific routes are confirmed.
Wrong example (forbidden): match.accountId: "oc_xxx" without match.peer.

Agent list entry should follow this shape:

CODEBLOCK0

Canonical peer binding object:

CODEBLOCK1

Safety and Rollback

- Never delete agents unless explicitly requested.
Before changing bindings, capture current bindings snapshot.
If wrong route is applied, revert to previous binding set and re-validate.
Prefer reversible, explicit changes and post-change verification.

Why It Still Routes to `main`

- Binding did not match the real incoming peer.id (most common).
INLINECODE72 was written but gateway runtime did not reload the latest config.
INLINECODE73 mismatched current Feishu account key.
Target agent exists but agents.list[] entry is malformed (missing required fields such as identity object expected by your convention).
Message arrived in a different conversation than the configured group.

References

- Command examples and rollback snippets: commands.md
Chinese runbook and confirmation checklist: usage-zh.md
Auto-check script: validatefeishu_bindings.py

OpenClaw Agent Feishu 入职流程

标准化创建新的 OpenClaw Agent 及飞书路由绑定。
使用此技能进行需严格确认的操作执行。

运行时前置条件

- 必需二进制文件：

- openclaw（CLI 工具，需在 PATH 中） - python（3.x 版本，用于 scripts/validatefeishubindings.py 脚本）

- 预检检查：

- openclaw --version - python --version

- 数据访问行为：

- 读取本地 OpenClaw 配置（openclaw.json / OPENCLAWCONFIGPATH） - 可能写入本地 Agent 和路由状态（agents.list[]、bindings[]） - 禁止在未授权访问本地配置的机器上运行

核心范围

- 创建新 Agent（agents.list + 工作空间 + 身份标识）。
在写入前确认飞书路由目标字段。
使用带 channel/accountId/peer 的 bindings.match 绑定路由。
验证最终路由并提供回滚步骤。

必需输入

- Agent 意图：

- Agent 用途和职责边界。 - 明确说明超出范围的事项。

- Agent 规格：

- agentId（小写字母、数字、连字符）。 - workspace 路径。 - model ID。 - agents.list[] 中的身份对象： - 使用 identity 对象（例如 identity.name、identity.emoji、identity.theme） - 不要仅依赖顶层 name 字段

- 飞书路由规格：

- match.channel：feishu - match.accountId：例如 main - match.peer.kind：group（或需要时使用 dm） - match.peer.id：飞书会话 ID（群组 ID 如 oc_xxx 或私聊 ID）

硬性验证门禁（必须通过）

- 新 Agent 的 agents.list[] 条目必须包含 identity 对象。
必须设置 identity.name 以便人工可读的路由/调试检查。
match.accountId 必须是 channels.feishu.accounts 的键之一（例如 main）。
切勿将飞书群组/会话 ID（ocxxx）填入 match.accountId。
群组路由必须包含 match.peer = { kind: group, id: ocxxx }。
如果路由针对特定群组但缺少 match.peer，则中止并在继续前修正配置。
写入前，打印最终绑定对象并要求明确确认。

多步确认协议

不要跳过确认步骤。按以下顺序依次询问并确认。

1. 确认 A：Agent 目标

- 确认此 Agent 应执行的任务。 - 确认此 Agent 禁止执行的任务。

2. 确认 B：Agent 配置

- 确认 agentId、workspace、模型、身份字段。 - 确认命名规范和冲突检查（agentId 唯一性）。

3. 确认 C：飞书路由目标

- 确认 accountId。 - 确认 peer.kind。 - 确认 peer.id（明确说明这是飞书会话 ID）。 - 确认这是精确对等绑定还是账户级别回退。

4. 确认 D：执行批准

- 在一个紧凑块中汇总所有字段。 - 在写入配置前询问最终执行/不执行决定。

执行工作流

1. 发现当前状态：

- openclaw agents list - openclaw config get agents.list --json - openclaw config get channels.feishu.accounts --json - openclaw directory groups list --channel feishu --account --query --json - openclaw config get bindings --json

2. 创建 Agent：

- openclaw agents add ... - 可选：openclaw agents set-identity ...

3. 应用路由：

- 需要时使用 openclaw agents bind 进行账户范围绑定。 - 确保在顶层 bindings[] 中存在带 match.peer 的对等精确规则。

4. 验证：

- python -X utf8 ./scripts/validatefeishubindings.py --config - openclaw config validate --json - 确保目标 agents.list[] 条目包含 identity.name - 检查 bindings[] 条目内容和顺序。 - 确保每个针对群组的规则都有 match.peer.kind = group 和 match.peer.id = oc_xxx。

5. 根据部署策略需要重新加载/重启网关。

路由规则

- peer 规则是特定飞书会话的精确路由键。
使用 match.peer.id 绑定特定会话（群组 ocxxx）。
如果同时存在对等级别和账户级别绑定，将对等规则放在前面。
在确认对等特定路由之前，避免使用宽泛的回退规则。
错误示例（禁止）：match.accountId: ocxxx 缺少 match.peer。

Agent 列表条目应遵循以下格式：

json
{
id: data-analyst,
workspace: C:\\Users\\Administrator\\.openclaw\\workspace-dataAnalysis,
agentDir: C:\\Users\\Administrator\\.openclaw\\agents\\data-analyst\\agent,
identity: {
name: data-analyst
}
}

规范的对等绑定对象：

json
{
agentId: ,
match: {
channel: feishu,
accountId: main,
peer: {
kind: group,
id: oc_xxx
}
}
}

安全与回滚

- 除非明确要求，否则切勿删除 Agent。
在更改 bindings 之前，捕获当前 bindings 快照。
如果应用了错误的路由，恢复到之前的绑定集并重新验证。
优先使用可逆、明确的更改，并在更改后进行验证。

为何仍路由到 main

- 绑定未匹配实际传入的 peer.id（最常见原因）。
bindings[] 已写入但网关运行时未重新加载最新配置。
match.accountId 与当前飞书账户键不匹配。
目标 Agent 存在但 agents.list[] 条目格式错误（缺少必需字段，如按约定应包含的 identity 对象）。
消息到达的会话与配置的群组不同。

参考资料

- 命令示例和回滚片段：commands.md
中文操作手册和确认清单：usage-zh.md
自动检查脚本：validatefeishu_bindings.py

openclaw-agent-feishu-onboarding飞书代理创建