@josephyan/qingflow-app-user-mcp 0.2.0-beta.983 → 0.2.0-beta.985

package/README.md

@@ -3,13 +3,13 @@
 Install:
 
 ```bash
-npm install @josephyan/qingflow-app-user-mcp@0.2.0-beta.983
+npm install @josephyan/qingflow-app-user-mcp@0.2.0-beta.985
 ```
 
 Run:
 
 ```bash
-npx -y -p @josephyan/qingflow-app-user-mcp@0.2.0-beta.983 qingflow-app-user-mcp
+npx -y -p @josephyan/qingflow-app-user-mcp@0.2.0-beta.985 qingflow-app-user-mcp
 ```
 
 Environment:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@josephyan/qingflow-app-user-mcp",
-  "version": "0.2.0-beta.983",
+  "version": "0.2.0-beta.985",
   "description": "Operational end-user MCP for Qingflow records, tasks, comments, and directory workflows.",
   "license": "MIT",
   "type": "module",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "qingflow-mcp"
-version = "0.2.0b983"
+version = "0.2.0b985"
 description = "User-authenticated MCP server for Qingflow"
 readme = "README.md"
 license = "MIT"

package/src/qingflow_mcp/__init__.py

@@ -5,7 +5,7 @@ from pathlib import Path
 
 __all__ = ["__version__"]
 
-_FALLBACK_VERSION = "0.2.0b983"
+_FALLBACK_VERSION = "0.2.0b985"
 
 
 def _resolve_local_pyproject_version() -> str | None:

package/src/qingflow_mcp/builder_facade/service.py

@@ -514,6 +514,8 @@ class AiBuilderFacade:
         }
         effective_package_id = _coerce_positive_int(package_id)
         created = False
+        create_result: JSONObject | None = None
+        update_result: JSONObject | None = None
         permission_outcomes: list[PermissionCheckOutcome] = []
 
         if effective_package_id is None:
@@ -604,11 +606,36 @@ class AiBuilderFacade:
                 )
             except VisibilityResolutionError:
                 expected_visibility = None
+        metadata_verified = True
+        if metadata_requested and update_result is not None:
+            metadata_verified = bool(update_result.get("verified"))
+        elif created and create_result is not None:
+            metadata_verified = bool(create_result.get("verified"))
+        layout_verified = True
+        if items is not None and layout_result is not None:
+            layout_verified = bool(layout_result.get("verified"))
+        response_verification: JSONObject = {
+            "package_exists": True,
+            "package_created": created,
+            "layout_applied": items is not None,
+            "metadata_verified": metadata_verified,
+            "layout_verified": layout_verified,
+            "visibility_verified": None
+            if expected_visibility is None
+            else _visibility_matches_expected(verification.get("visibility"), expected_visibility),
+        }
+        if isinstance(update_result, dict):
+            update_verification = update_result.get("verification")
+            if isinstance(update_verification, dict):
+                for key in ("package_name_verified", "package_icon_verified", "visibility_verified"):
+                    if key in update_verification:
+                        response_verification[key] = deepcopy(update_verification.get(key))
+        response_verified = metadata_verified and layout_verified and response_verification.get("visibility_verified") is not False
         response: JSONObject = {
-            "status": "success",
+            "status": "success" if response_verified else "partial_success",
             "error_code": None,
             "recoverable": False,
-            "message": "applied package",
+            "message": "applied package" if response_verified else "applied package with unverified readback",
             "normalized_args": normalized_args,
             "missing_fields": [],
             "allowed_values": {},
@@ -617,15 +644,8 @@ class AiBuilderFacade:
             "suggested_next_call": None,
             "noop": not (created or metadata_requested or items is not None),
             "warnings": [],
-            "verification": {
-                "package_exists": True,
-                "package_created": created,
-                "layout_applied": items is not None,
-                "visibility_verified": None
-                if expected_visibility is None
-                else _visibility_matches_expected(verification.get("visibility"), expected_visibility),
-            },
-            "verified": True,
+            "verification": response_verification,
+            "verified": response_verified,
             **{
                 key: deepcopy(value)
                 for key, value in verification.items()
@@ -683,7 +703,7 @@ class AiBuilderFacade:
             )
         raw_current = current.get("result") if isinstance(current.get("result"), dict) else {}
         raw_current_base = current_base.get("result") if isinstance(current_base.get("result"), dict) else {}
-        current_name = str(raw_current.get("tagName") or "").strip() or None
+        current_name = str(raw_current.get("tagName") or raw_current_base.get("tagName") or "").strip() or None
         desired_name = str(package_name or current_name or "").strip() or current_name or "未命名应用包"
         desired_icon = encode_workspace_icon_with_defaults(
             icon=icon,
@@ -724,27 +744,33 @@ class AiBuilderFacade:
         verification = self.package_get(profile=profile, package_id=tag_id)
         if verification.get("status") != "success":
             return verification
+        package_name_verified = str(verification.get("package_name") or "").strip() == desired_name
+        package_icon_verified = str(verification.get("icon") or "").strip() == desired_icon
+        visibility_verified = _visibility_matches_expected(
+            verification.get("visibility"),
+            _public_visibility_from_member_auth(desired_auth),
+        )
+        verified = package_name_verified and package_icon_verified and visibility_verified
         return {
-            "status": "success",
+            "status": "success" if verified else "partial_success",
             "error_code": None,
             "recoverable": False,
-            "message": "updated package",
+            "message": "updated package" if verified else "updated package with unverified readback",
             "normalized_args": normalized_args,
             "missing_fields": [],
             "allowed_values": {},
             "details": {},
             "request_id": update_result.get("request_id") if isinstance(update_result, dict) else None,
-            "suggested_next_call": None,
+            "suggested_next_call": None if verified else {"tool_name": "package_get", "arguments": {"profile": profile, "package_id": tag_id}},
             "noop": False,
             "warnings": [],
             "verification": {
                 "package_exists": True,
-                "visibility_verified": _visibility_matches_expected(
-                    verification.get("visibility"),
-                    _public_visibility_from_member_auth(desired_auth),
-                ),
+                "package_name_verified": package_name_verified,
+                "package_icon_verified": package_icon_verified,
+                "visibility_verified": visibility_verified,
             },
-            "verified": True,
+            "verified": verified,
             **{
                 key: deepcopy(value)
                 for key, value in verification.items()

package/src/qingflow_mcp/cli/commands/task.py

@@ -15,7 +15,10 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     list_parser.add_argument("--flow-status", default="all")
     list_parser.add_argument("--app-key")
     list_parser.add_argument("--workflow-node-id", type=int)
-    list_parser.add_argument("--query")
+    list_parser.add_argument(
+        "--query",
+        help="先走后端待办检索；当后端返回零结果时，公开 task_list 会回退到本地匹配 app_name / workflow_node_name / app_key / record_id。",
+    )
     list_parser.add_argument("--page", type=int, default=1)
     list_parser.add_argument("--page-size", type=int, default=20)
     list_parser.set_defaults(handler=_handle_list, format_hint="task_list")

package/src/qingflow_mcp/session_store.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import json
+import os
 from dataclasses import asdict, dataclass
 from datetime import datetime, timezone
 from pathlib import Path
@@ -70,6 +71,7 @@ class SessionStore:
         profiles_path = get_profiles_path() if base_dir is None else Path(base_dir) / "profiles.json"
         self._profiles_path = profiles_path
         self._profiles_path.parent.mkdir(parents=True, exist_ok=True)
+        self._secrets_path = self._profiles_path.parent / "secrets.json"
         self._keyring = keyring_backend if keyring_backend is not None else keyring
         self._memory_sessions: dict[str, BackendSession] = {}
         self._logged_out_profiles: set[str] = set()
@@ -264,26 +266,78 @@ class SessionStore:
             json.dump(payload, handle, ensure_ascii=False, indent=2)
 
     def _set_secret(self, key: str, value: str) -> bool:
-        if self._keyring is None:
-            return False
+        if self._keyring is not None:
+            try:
+                self._keyring.set_password(KEYRING_SERVICE_NAME, key, value)
+                self._delete_file_secret(key)
+                return True
+            except Exception:
+                pass
+        return self._set_file_secret(key, value)
+
+    def _get_secret(self, key: str) -> str | None:
+        if self._keyring is not None:
+            try:
+                value = self._keyring.get_password(KEYRING_SERVICE_NAME, key)
+            except Exception:
+                value = None
+            if value:
+                return value
+        return self._get_file_secret(key)
+
+    def _delete_secret(self, key: str) -> None:
+        if self._keyring is not None:
+            try:
+                self._keyring.delete_password(KEYRING_SERVICE_NAME, key)
+            except Exception:
+                pass
+        self._delete_file_secret(key)
+
+    def _load_file_secrets(self) -> dict[str, str]:
+        if not self._secrets_path.exists():
+            return {}
+        try:
+            with self._secrets_path.open("r", encoding="utf-8") as handle:
+                payload = json.load(handle)
+        except (OSError, json.JSONDecodeError):
+            return {}
+        if not isinstance(payload, dict):
+            return {}
+        return {str(key): str(value) for key, value in payload.items() if isinstance(value, str)}
+
+    def _save_file_secrets(self, payload: dict[str, str]) -> bool:
+        self._secrets_path.parent.mkdir(parents=True, exist_ok=True)
         try:
-            self._keyring.set_password(KEYRING_SERVICE_NAME, key, value)
+            fd = os.open(self._secrets_path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
+            with os.fdopen(fd, "w", encoding="utf-8") as handle:
+                json.dump(payload, handle, ensure_ascii=False, indent=2)
+            try:
+                os.chmod(self._secrets_path, 0o600)
+            except OSError:
+                pass
             return True
-        except Exception:
+        except OSError:
             return False
 
-    def _get_secret(self, key: str) -> str | None:
-        if self._keyring is None:
-            return None
-        try:
-            return self._keyring.get_password(KEYRING_SERVICE_NAME, key)
-        except Exception:
-            return None
+    def _set_file_secret(self, key: str, value: str) -> bool:
+        payload = self._load_file_secrets()
+        payload[key] = value
+        return self._save_file_secrets(payload)
 
-    def _delete_secret(self, key: str) -> None:
-        if self._keyring is None:
+    def _get_file_secret(self, key: str) -> str | None:
+        return self._load_file_secrets().get(key)
+
+    def _delete_file_secret(self, key: str) -> None:
+        payload = self._load_file_secrets()
+        if key not in payload:
+            return
+        payload.pop(key, None)
+        if payload:
+            self._save_file_secrets(payload)
             return
         try:
-            self._keyring.delete_password(KEYRING_SERVICE_NAME, key)
-        except Exception:
+            self._secrets_path.unlink()
+        except FileNotFoundError:
+            return
+        except OSError:
             return

package/src/qingflow_mcp/tools/task_context_tools.py

@@ -45,7 +45,12 @@ class TaskContextTools(ToolBase):
         self._record_tools = RecordTools(sessions, backend)
 
     def register(self, mcp: FastMCP) -> None:
-        @mcp.tool()
+        @mcp.tool(
+            description=(
+                "List workflow tasks. `query` first uses backend task search; if the backend returns zero rows, "
+                "public task_list falls back to local matching on app_name, workflow_node_name, app_key, and record_id."
+            )
+        )
         def task_list(
             profile: str = DEFAULT_PROFILE,
             task_box: str = "todo",
@@ -165,26 +170,55 @@ class TaskContextTools(ToolBase):
             create_time_asc=None,
         )
         task_page = raw.get("page", {})
+        warnings: list[dict[str, Any]] = []
         items = [
             self._normalize_task_item(item, task_box=task_box, flow_status=flow_status)
             for item in _task_page_items(task_page)
             if isinstance(item, dict)
         ]
+        returned_items = len(items)
+        page_amount = _task_page_amount(task_page)
+        reported_total = _task_page_total(task_page)
+        if query and not items:
+            fallback = self._task_list_local_query_fallback(
+                profile=profile,
+                task_box=task_box,
+                flow_status=flow_status,
+                app_key=app_key,
+                workflow_node_id=workflow_node_id,
+                query=query,
+                page=page,
+                page_size=page_size,
+            )
+            if fallback is not None:
+                items = fallback["items"]
+                returned_items = len(items)
+                page_amount = fallback["page_amount"]
+                reported_total = fallback["reported_total"]
+                warnings.append(
+                    {
+                        "code": "TASK_LIST_QUERY_FALLBACK_APPLIED",
+                        "message": (
+                            "backend searchKey returned zero tasks; task_list fell back to local matching on "
+                            "app_name, workflow_node_name, app_key, and record_id."
+                        ),
+                    }
+                )
         return {
             "profile": profile,
             "ws_id": raw.get("ws_id"),
             "ok": True,
             "request_route": raw.get("request_route"),
-            "warnings": [],
+            "warnings": warnings,
             "output_profile": "normal",
             "data": {
                 "items": items,
                 "pagination": {
                     "page": page,
                     "page_size": page_size,
-                    "returned_items": len(items),
-                    "page_amount": _task_page_amount(task_page),
-                    "reported_total": _task_page_total(task_page),
+                    "returned_items": returned_items,
+                    "page_amount": page_amount,
+                    "reported_total": reported_total,
                 },
                 "selection": {
                     "task_box": task_box,
@@ -656,6 +690,25 @@ class TaskContextTools(ToolBase):
             or verification.get("downstream_todo_changed")
             or verification.get("workflow_log_advanced")
         )
+        record_state_error = verification.get("record_state_error")
+        runtime_consumed_after_action = bool(
+            runtime_verified
+            and isinstance(record_state_error, dict)
+            and record_state_error.get("backend_code") == 46001
+        )
+        if runtime_consumed_after_action:
+            verification["record_state_scope"] = "current_node_runtime"
+            verification["record_state_unavailable_reason"] = "runtime_consumed_after_action"
+            verification["record_state_unavailability_expected"] = True
+            warnings.append(
+                {
+                    "code": "TASK_RUNTIME_CONSUMED_AFTER_ACTION",
+                    "message": (
+                        "the current workflow node runtime is no longer readable after the action (backend 46001), "
+                        "which usually means the node has been consumed and the workflow has already continued."
+                    ),
+                }
+            )
         verification["runtime_continuation_verified"] = runtime_verified
         if not runtime_verified:
             warnings.append(
@@ -935,6 +988,81 @@ class TaskContextTools(ToolBase):
             return []
         return [item for item in items if isinstance(item, dict)]
 
+    def _task_list_local_query_fallback(
+        self,
+        *,
+        profile: str,
+        task_box: str,
+        flow_status: str,
+        app_key: str | None,
+        workflow_node_id: int | None,
+        query: str,
+        page: int,
+        page_size: int,
+    ) -> dict[str, Any] | None:
+        normalized_type = self._task_tools._task_box_to_type(task_box)
+        normalized_status = self._task_tools._flow_status_to_process_status(flow_status)
+        scan_page_size = max(page_size, 100)
+        scan_page = 1
+        page_amount: int | None = None
+        matched_items: list[dict[str, Any]] = []
+        while True:
+            raw = self._task_tools.task_list(
+                profile=profile,
+                type=normalized_type,
+                process_status=normalized_status,
+                app_key=app_key,
+                node_id=workflow_node_id,
+                search_key=None,
+                page_num=scan_page,
+                page_size=scan_page_size,
+                create_time_asc=None,
+            )
+            task_page = raw.get("page", {})
+            raw_items = _task_page_items(task_page)
+            normalized_items = [
+                self._normalize_task_item(item, task_box=task_box, flow_status=flow_status)
+                for item in raw_items
+                if isinstance(item, dict)
+            ]
+            matched_items.extend(item for item in normalized_items if self._task_item_matches_query(item, query))
+            if page_amount is None:
+                coerced_page_amount = _coerce_count(_task_page_amount(task_page))
+                if coerced_page_amount is not None and coerced_page_amount > 0:
+                    page_amount = coerced_page_amount
+            if page_amount is not None and scan_page >= page_amount:
+                break
+            if not raw_items or len(raw_items) < scan_page_size:
+                break
+            scan_page += 1
+        if not matched_items:
+            return None
+        start = max(page - 1, 0) * page_size
+        end = start + page_size
+        matched_total = len(matched_items)
+        matched_page_amount = (matched_total + page_size - 1) // page_size if page_size > 0 else 0
+        return {
+            "items": matched_items[start:end],
+            "page_amount": matched_page_amount,
+            "reported_total": matched_total,
+        }
+
+    def _task_item_matches_query(self, item: dict[str, Any], query: str) -> bool:
+        needle = str(query or "").strip().casefold()
+        if not needle:
+            return False
+        for candidate in (
+            item.get("app_name"),
+            item.get("workflow_node_name"),
+            item.get("app_key"),
+            item.get("record_id"),
+        ):
+            if candidate in (None, ""):
+                continue
+            if needle in str(candidate).casefold():
+                return True
+        return False
+
     def task_associated_report_detail_get(
         self,
         *,