diff --git a/.memory/worklog.json b/.memory/worklog.json
index 8b462fc..a7e54e6 100644
--- a/.memory/worklog.json
+++ b/.memory/worklog.json
@@ -1,26 +1,5 @@
 {
   "entries": [
-    {
-      "files_changed": 1,
-      "hash": "5a1c037",
-      "message": "auto-save 2026-05-07 14:11 (~1)",
-      "ts": "2026-05-07T14:11:53+08:00",
-      "type": "commit"
-    },
-    {
-      "files_changed": 1,
-      "hash": "fd9a182",
-      "message": "auto-save 2026-05-07 14:17 (~1)",
-      "ts": "2026-05-07T14:17:23+08:00",
-      "type": "commit"
-    },
-    {
-      "files_changed": 1,
-      "hash": "a56952f",
-      "message": "auto-save 2026-05-07 14:22 (~1)",
-      "ts": "2026-05-07T14:22:53+08:00",
-      "type": "commit"
-    },
     {
       "files_changed": 1,
       "hash": "cc2ef87",
@@ -3481,6 +3460,25 @@
       "type": "session-heartbeat",
       "message": "Codex 会话活跃 · 最近命令：codex · 分支 master · 1 项未提交变更 · 最近提交：auto-save 2026-05-09 17:08 (~1)",
       "files_changed": 1
+    },
+    {
+      "ts": "2026-05-09T17:13:44+08:00",
+      "type": "commit",
+      "message": "auto-save 2026-05-09 17:13 (~1)",
+      "hash": "a08ef20",
+      "files_changed": 1
+    },
+    {
+      "ts": "2026-05-09T09:15:52Z",
+      "type": "session-heartbeat",
+      "message": "Codex 会话活跃 · 最近命令：codex · 分支 master · 2 项未提交变更 · 最近提交：auto-save 2026-05-09 17:13 (~1)",
+      "files_changed": 2
+    },
+    {
+      "ts": "2026-05-09T09:18:27Z",
+      "type": "session-heartbeat",
+      "message": "Codex 会话活跃 · 最近命令：codex · 分支 master · 2 项未提交变更 · 最近提交：auto-save 2026-05-09 17:13 (~1)",
+      "files_changed": 2
     }
   ]
 }
diff --git a/server/feishu_bridge.py b/server/feishu_bridge.py
index 661f5cb..01f0054 100644
--- a/server/feishu_bridge.py
+++ b/server/feishu_bridge.py
@@ -11,6 +11,7 @@ from __future__ import annotations
 import json
 import logging
 import os
+import hashlib
 import threading
 import time
 import traceback
@@ -175,13 +176,34 @@ def resolve_app_id(path: str, body: dict[str, Any] | None = None) -> str:
     return Config.default_feishu_app_id
 
 
+def callback_token(body: dict[str, Any]) -> str:
+    return str(body.get("token") or body.get("header", {}).get("token") or "")
+
+
+def token_digest(value: str) -> str:
+    if not value:
+        return "(empty)"
+    return f"len={len(value)} sha256={hashlib.sha256(value.encode('utf-8')).hexdigest()[:12]}"
+
+
 def verify_callback_token(body: dict[str, Any], app_id: str) -> bool:
     app = Config.feishu_apps.get(app_id, {})
     expected = app.get("verification_token", "")
     if not expected:
         return True
-    token = body.get("token") or body.get("header", {}).get("token")
-    return token == expected
+    token = callback_token(body)
+    ok = token == expected
+    if not ok:
+        logging.warning(
+            "invalid Feishu verification token app_id=%s got=%s expected=%s body_keys=%s header_keys=%s event_keys=%s",
+            app_id,
+            token_digest(token),
+            token_digest(expected),
+            sorted(body.keys()),
+            sorted(body.get("header", {}).keys()) if isinstance(body.get("header"), dict) else [],
+            sorted(body.get("event", {}).keys()) if isinstance(body.get("event"), dict) else [],
+        )
+    return ok
 
 
 def remember_event(event_id: str) -> bool: