@claudelaw/taichu 0.6.0

package/docs/zh/guides/deploy.md

@@ -0,0 +1,75 @@
+# 部署指南
+
+## Docker
+
+```bash
+docker pull registry.cn-hangzhou.aliyuncs.com/caludelaw/taichu:latest
+docker run -d -p 3120:3120 -v taichu-data:/app/.taichu \
+  -e TAICHU_STORAGE=sqlite \
+  --name taichu \
+  registry.cn-hangzhou.aliyuncs.com/caludelaw/taichu:latest
+```
+
+## 阿里云 ECS
+
+```bash
+# 安装 Node.js 22+
+curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
+sudo apt-get install -y nodejs
+
+# 克隆并启动
+git clone https://gitee.com/Caludelaw/Taichu.git
+cd Taichu
+
+# 配置环境变量
+cat > .env << EOF
+TAICHU_STORAGE=sqlite
+TAICHU_PORT=3120
+TAICHU_HOST=0.0.0.0
+TAICHU_JWT_SECRET=$(node -e "console.log(require('crypto').randomBytes(32).toString('hex'))")
+EOF
+
+# 持久化运行
+npm install -g pm2
+pm2 start packages/server/src/index.js --name taichu
+pm2 save
+pm2 startup
+```
+
+## 腾讯云轻量应用服务器
+
+```bash
+# 同阿里云 ECS 步骤，替换 clone URL 为 Gitee 镜像
+git clone https://gitee.com/Caludelaw/Taichu.git
+cd Taichu && npm start
+```
+
+## Nginx 反向代理
+
+```nginx
+server {
+    listen 80;
+    server_name your-domain.com;
+
+    location / {
+        proxy_pass http://127.0.0.1:3120;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+```
+
+> WebSocket 需要 `Upgrade` 和 `Connection` 头支持。
+
+## 备份策略
+
+SQLite 数据库文件位于 `.taichu/data/taichu.db`，建议：
+
+```bash
+# 定时备份（crontab，每天凌晨 3 点）
+0 3 * * * cp /path/to/taichu/.taichu/data/taichu.db /backup/taichu-$(date +\%Y\%m\%d).db
+```

package/docs/zh/guides/mcp.md

@@ -0,0 +1,84 @@
+# MCP 接入指南
+
+Taichu 内置 24 个 MCP Tools，Agent 可通过 Model Context Protocol 直接操控 CMS。
+
+## 配置
+
+### Claude Desktop
+
+```json
+{
+  "mcpServers": {
+    "taichu": {
+      "command": "node",
+      "args": ["/path/to/taichu/packages/mcp/src/index.js"],
+      "env": {
+        "TAICHU_API": "http://localhost:3120",
+        "TAICHU_AGENT_KEY": "taichu_xxxx..."
+      }
+    }
+  }
+}
+```
+
+### WorkBuddy (mcp.json)
+
+```json
+{
+  "taichu": {
+    "command": "node",
+    "args": ["packages/mcp/src/index.js"],
+    "env": {
+      "TAICHU_API": "http://localhost:3120",
+      "TAICHU_AGENT_KEY": "taichu_xxxx..."
+    }
+  }
+}
+```
+
+## 24 MCP Tools
+
+| 类别 | Tool | 说明 |
+|------|------|------|
+| **CRUD** | `list_content` | 列出某类型文档 |
+| | `get_content` | 获取单篇 |
+| | `create_content` | 创建文档 |
+| | `update_content` | 更新文档 |
+| | `delete_content` | 删除文档 |
+| **搜索** | `search_content` | TF-IDF 语义搜索 |
+| | `get_content_by_field` | 按字段值查找 |
+| **Schema** | `list_content_types` | 列出所有内容类型 |
+| | `get_content_type_schema` | 获取 Schema 详情 |
+| **发布** | `publish_content` | 发布草稿 |
+| | `archive_content` | 归档文档 |
+| **批量** | `batch_create_content` | 批量创建 |
+| | `batch_update_content` | 批量更新 |
+| | `clear_content` | 清空某类型 |
+| **导入导出** | `export_content` | 导出为 JSON |
+| | `import_content` | 批量导入 |
+| **媒体** | `list_media` | 媒体列表 |
+| **系统** | `get_stats` | 系统统计 |
+| | `health_check` | 健康检查 |
+| | `rebuild_search_index` | 重建搜索索引 |
+| **密钥** | `get_api_keys` | 列出 API Keys |
+| | `create_api_key` | 创建 API Key |
+| **关系** | `get_content_relations` | 发现关联内容 |
+
+## Agent 权限
+
+创建 API Key 时指定 scope：
+
+```bash
+curl -X POST http://localhost:3120/api/auth/apikeys \
+  -H "Authorization: Bearer $JWT_TOKEN" \
+  -d '{"label":"My Agent","scopes":["article:read","article:write"]}'
+```
+
+scope 格式：`<类型>:<操作>`，支持 `*:*`（管理员）、`*:read`（只读）。
+
+## Agent 注意事项
+
+1. **速率限制**：默认 300 req/min（已认证 Agent），超限返回 429
+2. **乐观锁**：更新时传入 `_version` 避免覆盖
+3. **审计日志**：所有 Agent 操作记录在 AuditLog 中
+4. **来源标记**：Agent 创建的内容自动标记 `_meta.createdBy.agentId`

package/docs/zh/guides/promotion.md

@@ -0,0 +1,51 @@
+# Taichu CMS — 社区推广内容
+
+## 一句话定位
+
+> Taichu — AI Agent 时代的开源 CMS。人类和 Agent 同为内容的第一公民。npm start 即可跑，MIT 协议。
+
+## 掘金 / CSDN / 思否首文
+
+### 标题
+
+**"我们用 20 个 commits 造了一个 AI Agent-Native CMS —— 开源、MIT、零外部依赖"**
+
+### 正文要点
+
+- **痛点**：WordPress 太老、Strapi 太重、Ghost 不够。现有 CMS 没有一个把 AI Agent 当作一等公民。
+- **解决**：Taichu 从第一行代码起，API 层就同时为人类（JWT）和 Agent（API Key）设计。
+- **三通道 API**：REST + GraphQL + MCP(29 tools)。Agent 通过 MCP 可以自动发现 CMS 能力，无需硬编码。
+- **中国市场友好**：中文文档、ICP 备案配置、jieba 分词搜索、通义千问/文心一言/DeepSeek/Moonshot 四个国产 LLM 适配。
+- **零外部依赖核心**：`npm start` 即跑，SQLite 持久化，Docker 一键部署。
+- **开源 MIT**：完全免费，自托管，无 vendor lock-in。
+
+### 结尾 CTA
+
+- GitHub: https://github.com/Caludelaw/Taichu
+- Gitee: https://gitee.com/Caludelaw/Taichu
+- 中文文档: docs/zh/README.md
+
+## Bilibili 视频脚本（3 分钟）
+
+1. (0-30s) 痛点：传统 CMS 的 Agent 困境
+2. (30-60s) Demo：`npm start` → Admin SPA 注册 → 创建文章
+3. (60-120s) 亮点：MCP 24+ tools + AI Agent 自动操作内容
+4. (120-180s) 中国市场：ICP 配置、中文搜索、国产 LLM
+
+## 微信群运营计划
+
+- 群名：Taichu CMS 开发者交流群
+- 定位：中文用户反馈 + 功能讨论 + 贡献指南
+- 人数目标：首月 200 人
+
+## 各平台发布计划
+
+| 平台 | 内容 | 时间 |
+|------|------|------|
+| 掘金 | 首发技术长文 | Day 1 |
+| CSDN | 转载 | Day 1 |
+| 思否 | Q&A + 推广 | Day 2 |
+| 知乎 | 专栏文章 | Day 2 |
+| V2EX | 创造分享帖 | Day 3 |
+| Bilibili | 3 分钟演示视频 | Day 5 |
+| GitHub Trending | Star + 分享 | 持续 |

package/marketplace.json

@@ -0,0 +1,78 @@
+{
+  "version": 1,
+  "name": "Taichu Plugin Marketplace",
+  "description": "Official plugin registry for Taichu CMS",
+  "lastUpdated": "2026-06-08T14:00:00Z",
+  "plugins": [
+    {
+      "name": "@taichu/plugin-seo",
+      "version": "0.1.0",
+      "description": "自动生成 meta tags、OG 标签、结构化数据，提升搜索引擎可见性",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-seo",
+      "license": "MIT",
+      "keywords": ["seo", "meta", "opengraph", "structured-data", "sitemap"],
+      "category": "seo"
+    },
+    {
+      "name": "@taichu/plugin-sitemap",
+      "version": "0.1.0",
+      "description": "自动生成 XML sitemap，提交至 Google/Bing 搜索引擎",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-sitemap",
+      "license": "MIT",
+      "keywords": ["sitemap", "seo", "google", "bing"],
+      "category": "seo"
+    },
+    {
+      "name": "@taichu/plugin-analytics",
+      "version": "0.1.0",
+      "description": "集成 Google Analytics、百度统计等分析工具到前端主题",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-analytics",
+      "license": "MIT",
+      "keywords": ["analytics", "google-analytics", "baidu", "tracking"],
+      "category": "analytics"
+    },
+    {
+      "name": "@taichu/plugin-comments",
+      "version": "0.1.0",
+      "description": "评论系统集成：支持 Giscus、Disqus、Waline 等多种评论引擎",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-comments",
+      "license": "MIT",
+      "keywords": ["comments", "giscus", "disqus", "waline"],
+      "category": "interaction"
+    },
+    {
+      "name": "@taichu/plugin-ai-writer",
+      "version": "0.1.0",
+      "description": "AI 写作助手：接入 OpenAI/Claude 等 LLM，辅助内容创作与优化",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-ai-writer",
+      "license": "MIT",
+      "keywords": ["ai", "writing", "llm", "openai", "claude", "content"],
+      "category": "ai"
+    },
+    {
+      "name": "@taichu/plugin-image-optimizer",
+      "version": "0.1.0",
+      "description": "图片自动优化：上传时自动压缩、转 WebP、生成响应式尺寸",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-image-optimizer",
+      "license": "MIT",
+      "keywords": ["image", "optimization", "webp", "compression"],
+      "category": "media"
+    },
+    {
+      "name": "@taichu/plugin-i18n",
+      "version": "0.1.0",
+      "description": "多语言内容管理：翻译工作流、语言切换、URL 本地化",
+      "author": "Taichu Team",
+      "repository": "https://github.com/Caludelaw/taichu-plugin-i18n",
+      "license": "MIT",
+      "keywords": ["i18n", "translation", "localization", "multilingual"],
+      "category": "content"
+    }
+  ]
+}

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@claudelaw/taichu",
+  "version": "0.6.0",
+  "private": false,
+  "description": "AI Agent-Native CMS — content infrastructure built for the agent era",
+  "workspaces": [
+    "packages/*"
+  ],
+  "bin": {
+    "taichu": "scripts/cli.js"
+  },
+  "scripts": {
+    "dev": "node packages/server/src/index.js",
+    "start": "TAICHU_PUBLIC_READ=1 node packages/server/src/index.js",
+    "build": "cd packages/admin && npx vite build",
+    "test": "node --test packages/core/src/core.test.js packages/core/src/server.test.js",
+    "test:integration": "node --test packages/server/src/server.test.js",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "clean": "rm -rf packages/*/dist packages/*/node_modules"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Caludelaw/Taichu"
+  },
+  "keywords": [
+    "cms",
+    "headless-cms",
+    "ai-agent",
+    "mcp",
+    "content-management",
+    "agent-native",
+    "blog",
+    "static-site"
+  ],
+  "author": "Liu Huai'an",
+  "license": "MIT",
+  "files": [
+    "scripts/cli.js",
+    "packages/core/src/",
+    "packages/server/src/",
+    "packages/server/public/",
+    "packages/mcp/src/",
+    "packages/llm-providers/src/",
+    "marketplace.json",
+    "Dockerfile",
+    "docker-compose.yml",
+    ".dockerignore",
+    "docs/",
+    "README.md",
+    "LICENSE"
+  ],
+  "devDependencies": {
+    "@eslint/js": "^10.0.1",
+    "eslint": "^10.4.1"
+  }
+}

package/packages/core/src/auth.js

@@ -0,0 +1,158 @@
+/**
+ * Auth — 零依赖认证模块
+ *
+ * 双通道认证：
+ *   JWT     → 人类用户（登录后签发，Bearer Token）
+ *   API Key → AI Agent（预生成，X-Taichu-Agent-Key Header）
+ *
+ * 所有实现基于 Node.js 内置 crypto 模块，零外部依赖。
+ */
+
+import crypto from 'node:crypto';
+
+// ─── 密码哈希 ───────────────────────────────────────────────
+
+/**
+ * 使用 PBKDF2 哈希密码（迭代 10 万次，128-bit salt）
+ * 输出格式：pbkdf2_sha256$100000$salt_hex$hash_hex
+ */
+export function hashPassword(password, saltHex) {
+  const salt = saltHex ? Buffer.from(saltHex, 'hex') : crypto.randomBytes(16);
+  const hash = crypto.pbkdf2Sync(password, salt, 100000, 32, 'sha256').toString('hex');
+  return `pbkdf2_sha256$100000$${salt.toString('hex')}$${hash}`;
+}
+
+/**
+ * 验证密码是否匹配哈希
+ */
+export function verifyPassword(password, hashed) {
+  try {
+    const [, iterations, saltHex, hash] = hashed.split('$');
+    if (!iterations || !saltHex || !hash) return false;
+    const salt = Buffer.from(saltHex, 'hex');
+    const computed = crypto.pbkdf2Sync(password, salt, parseInt(iterations), 32, 'sha256').toString('hex');
+    return crypto.timingSafeEqual(Buffer.from(computed, 'hex'), Buffer.from(hash, 'hex'));
+  } catch {
+    return false;
+  }
+}
+
+// ─── JWT ────────────────────────────────────────────────────
+
+function base64urlEncode(str) {
+  return Buffer.from(str)
+    .toString('base64url');
+}
+
+function base64urlDecode(str) {
+  return Buffer.from(str, 'base64url').toString('utf8');
+}
+
+/**
+ * 签发 JWT Token
+ *
+ * @param {object} payload — 载荷（sub, role, scope 等）
+ * @param {string} secret — 签名密钥
+ * @param {object} [options]
+ * @param {string} [options.expiresIn] — 过期时间，如 '24h', '7d'
+ * @returns {string} JWT token
+ */
+export function signJWT(payload, secret, options = {}) {
+  const header = { alg: 'HS256', typ: 'JWT' };
+  const now = Math.floor(Date.now() / 1000);
+  const expMap = { s: 1, m: 60, h: 3600, d: 86400 };
+
+  let exp = null;
+  if (options.expiresIn) {
+    const match = options.expiresIn.match(/^(\d+)([smhd])$/);
+    if (match) {
+      exp = now + parseInt(match[1]) * (expMap[match[2]] || 3600);
+    }
+  }
+
+  const claims = {
+    ...payload,
+    iat: now,
+    ...(exp ? { exp } : {})
+  };
+
+  const headerB64 = base64urlEncode(JSON.stringify(header));
+  const payloadB64 = base64urlEncode(JSON.stringify(claims));
+  const signature = crypto
+    .createHmac('sha256', secret)
+    .update(`${headerB64}.${payloadB64}`)
+    .digest('base64url');
+
+  return `${headerB64}.${payloadB64}.${signature}`;
+}
+
+/**
+ * 验证并解析 JWT Token
+ *
+ * @param {string} token — JWT token 字符串
+ * @param {string} secret — 签名密钥
+ * @returns {{ valid: boolean, payload?: object, error?: string }}
+ */
+export function verifyJWT(token, secret) {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+      return { valid: false, error: 'Invalid token format' };
+    }
+
+    const [headerB64, payloadB64, sigB64] = parts;
+
+    // Verify signature
+    const expectedSig = crypto
+      .createHmac('sha256', secret)
+      .update(`${headerB64}.${payloadB64}`)
+      .digest('base64url');
+
+    if (sigB64 !== expectedSig) {
+      return { valid: false, error: 'Invalid signature' };
+    }
+
+    // Parse claims
+    const claims = JSON.parse(base64urlDecode(payloadB64));
+
+    // Check expiration
+    if (claims.exp && claims.exp < Math.floor(Date.now() / 1000)) {
+      return { valid: false, error: 'Token expired' };
+    }
+
+    return { valid: true, payload: claims };
+  } catch (err) {
+    return { valid: false, error: err.message };
+  }
+}
+
+// ─── API Key ─────────────────────────────────────────────────
+
+/**
+ * 生成 API Key
+ * 格式：taichu_<32字节随机hex>
+ *
+ * @param {string} [label] — 标签（备忘用，如 "My Super Niuma Agent"）
+ * @returns {{ key: string, prefix: string, label: string, createdAt: string }}
+ */
+export function generateAPIKey(label = '') {
+  const key = `taichu_${crypto.randomBytes(32).toString('hex')}`;
+  const prefix = key.substring(0, 14); // "taichu_a1b2c3"
+  // Store the hash, not the raw key
+  const hash = crypto.createHash('sha256').update(key).digest('hex');
+  return {
+    key,      // 仅生成时返回一次
+    prefix,   // 用于 UI 展示 "taichu_a1b2***"
+    hash,     // 存储到数据库
+    label,
+    createdAt: new Date().toISOString()
+  };
+}
+
+/**
+ * 验证 API Key 是否匹配已存储的哈希
+ */
+export function verifyAPIKey(key, storedHash) {
+  const hash = crypto.createHash('sha256').update(key).digest('hex');
+  return crypto.timingSafeEqual(Buffer.from(hash, 'hex'), Buffer.from(storedHash, 'hex'));
+}