@josephyan/qingflow-app-user-mcp 1.1.25 → 1.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (113) hide show
  1. package/README.md +7 -7
  2. package/docs/local-agent-install.md +6 -57
  3. package/entry_point.py +1 -1
  4. package/npm/bin/qingflow-app-user-mcp.mjs +33 -2
  5. package/npm/lib/runtime.mjs +101 -21
  6. package/npm/scripts/postinstall.mjs +10 -1
  7. package/package.json +2 -3
  8. package/pyproject.toml +1 -1
  9. package/skills/qingflow-app-builder/SKILL.md +277 -0
  10. package/skills/qingflow-app-builder/agents/openai.yaml +4 -0
  11. package/skills/qingflow-app-builder/references/build-complete-system.md +428 -0
  12. package/skills/qingflow-app-builder/references/build-single-app.md +530 -0
  13. package/skills/qingflow-app-builder/references/create-app.md +149 -0
  14. package/skills/qingflow-app-builder/references/environments.md +63 -0
  15. package/skills/qingflow-app-builder/references/flow-actors-and-permissions.md +123 -0
  16. package/skills/qingflow-app-builder/references/gotchas.md +108 -0
  17. package/skills/qingflow-app-builder/references/match-rules.md +114 -0
  18. package/skills/qingflow-app-builder/references/public-surface-sync.md +75 -0
  19. package/skills/qingflow-app-builder/references/solution-playbooks.md +52 -0
  20. package/skills/qingflow-app-builder/references/tool-selection.md +107 -0
  21. package/skills/qingflow-app-builder/references/update-flow.md +186 -0
  22. package/skills/qingflow-app-builder/references/update-layout.md +68 -0
  23. package/skills/qingflow-app-builder/references/update-schema.md +72 -0
  24. package/skills/qingflow-app-builder/references/update-views.md +291 -0
  25. package/skills/qingflow-app-builder-code-integrations/SKILL.md +137 -0
  26. package/skills/qingflow-app-builder-code-integrations/agents/openai.yaml +4 -0
  27. package/skills/qingflow-app-builder-code-integrations/references/code-block.md +66 -0
  28. package/skills/qingflow-app-builder-code-integrations/references/q-linker.md +77 -0
  29. package/skills/qingflow-app-user/SKILL.md +14 -17
  30. package/skills/qingflow-app-user/references/data-gotchas.md +2 -2
  31. package/skills/qingflow-app-user/references/public-surface-sync.md +3 -3
  32. package/skills/qingflow-app-user/references/record-patterns.md +5 -5
  33. package/skills/qingflow-app-user/references/workflow-usage.md +5 -4
  34. package/skills/qingflow-mcp-setup/SKILL.md +9 -13
  35. package/skills/qingflow-mcp-setup/references/claude-desktop.md +1 -1
  36. package/skills/qingflow-mcp-setup/references/environments.md +1 -2
  37. package/skills/qingflow-mcp-setup/references/generic-stdio.md +5 -6
  38. package/skills/qingflow-record-analysis/SKILL.md +8 -9
  39. package/skills/qingflow-record-delete/SKILL.md +3 -7
  40. package/skills/qingflow-record-import/SKILL.md +2 -35
  41. package/skills/qingflow-record-insert/SKILL.md +6 -78
  42. package/skills/qingflow-record-update/SKILL.md +24 -39
  43. package/skills/qingflow-task-ops/SKILL.md +27 -30
  44. package/skills/qingflow-task-ops/references/environments.md +1 -0
  45. package/skills/qingflow-task-ops/references/workflow-usage.md +6 -4
  46. package/skills/qingflow-workflow-builder/SKILL.md +96 -0
  47. package/skills/qingflow-workflow-builder/manifest.yaml +8 -0
  48. package/skills/qingflow-workflow-builder/references/01-overview.md +45 -0
  49. package/skills/qingflow-workflow-builder/references/02-update-mode.md +53 -0
  50. package/skills/qingflow-workflow-builder/references/03-flow-patterns.md +57 -0
  51. package/skills/qingflow-workflow-builder/references/04-stage1-business-modeling.md +131 -0
  52. package/skills/qingflow-workflow-builder/references/05-stage2-members-roles.md +29 -0
  53. package/skills/qingflow-workflow-builder/references/06-stage3-build-spec.md +165 -0
  54. package/skills/qingflow-workflow-builder/references/07-stage4-validate-spec.md +33 -0
  55. package/skills/qingflow-workflow-builder/references/08-stage5-apply-verify.md +51 -0
  56. package/skills/qingflow-workflow-builder/references/09-stage6-summary.md +88 -0
  57. package/skills/qingflow-workflow-builder/references/10-node-config-reference.md +93 -0
  58. package/skills/qingflow-workflow-builder/references/11-troubleshooting.md +15 -0
  59. package/skills/qingflow-workflow-builder/scripts/diff_flow_spec.py +275 -0
  60. package/skills/qingflow-workflow-builder/scripts/validate_flow_spec.py +605 -0
  61. package/src/qingflow_mcp/__init__.py +1 -1
  62. package/src/qingflow_mcp/__main__.py +2 -6
  63. package/src/qingflow_mcp/builder_facade/models.py +108 -485
  64. package/src/qingflow_mcp/builder_facade/service.py +1686 -6674
  65. package/src/qingflow_mcp/cli/commands/builder.py +364 -322
  66. package/src/qingflow_mcp/cli/commands/chart.py +1 -1
  67. package/src/qingflow_mcp/cli/commands/common.py +3 -12
  68. package/src/qingflow_mcp/cli/commands/exports.py +2 -2
  69. package/src/qingflow_mcp/cli/commands/imports.py +3 -3
  70. package/src/qingflow_mcp/cli/commands/portal.py +2 -2
  71. package/src/qingflow_mcp/cli/commands/record.py +27 -101
  72. package/src/qingflow_mcp/cli/commands/task.py +47 -28
  73. package/src/qingflow_mcp/cli/commands/view.py +1 -1
  74. package/src/qingflow_mcp/cli/context.py +3 -0
  75. package/src/qingflow_mcp/cli/formatters.py +16 -784
  76. package/src/qingflow_mcp/cli/main.py +33 -117
  77. package/src/qingflow_mcp/errors.py +2 -43
  78. package/src/qingflow_mcp/public_surface.py +17 -26
  79. package/src/qingflow_mcp/response_trim.py +17 -81
  80. package/src/qingflow_mcp/server.py +12 -14
  81. package/src/qingflow_mcp/server_app_builder.py +36 -79
  82. package/src/qingflow_mcp/server_app_user.py +16 -22
  83. package/src/qingflow_mcp/session_store.py +7 -11
  84. package/src/qingflow_mcp/solution/compiler/__init__.py +1 -3
  85. package/src/qingflow_mcp/solution/executor.py +18 -245
  86. package/src/qingflow_mcp/tools/ai_builder_tools.py +1396 -3103
  87. package/src/qingflow_mcp/tools/app_tools.py +43 -184
  88. package/src/qingflow_mcp/tools/approval_tools.py +35 -197
  89. package/src/qingflow_mcp/tools/auth_tools.py +16 -92
  90. package/src/qingflow_mcp/tools/code_block_tools.py +40 -298
  91. package/src/qingflow_mcp/tools/custom_button_tools.py +10 -64
  92. package/src/qingflow_mcp/tools/directory_tools.py +72 -236
  93. package/src/qingflow_mcp/tools/export_tools.py +34 -244
  94. package/src/qingflow_mcp/tools/feedback_tools.py +0 -9
  95. package/src/qingflow_mcp/tools/file_tools.py +3 -9
  96. package/src/qingflow_mcp/tools/import_tools.py +49 -336
  97. package/src/qingflow_mcp/tools/navigation_tools.py +12 -91
  98. package/src/qingflow_mcp/tools/package_tools.py +6 -118
  99. package/src/qingflow_mcp/tools/portal_tools.py +3 -39
  100. package/src/qingflow_mcp/tools/qingbi_report_tools.py +7 -116
  101. package/src/qingflow_mcp/tools/record_tools.py +360 -1145
  102. package/src/qingflow_mcp/tools/resource_read_tools.py +39 -188
  103. package/src/qingflow_mcp/tools/role_tools.py +9 -80
  104. package/src/qingflow_mcp/tools/solution_tools.py +45 -59
  105. package/src/qingflow_mcp/tools/task_context_tools.py +158 -662
  106. package/src/qingflow_mcp/tools/task_tools.py +29 -113
  107. package/src/qingflow_mcp/tools/view_tools.py +3 -106
  108. package/src/qingflow_mcp/tools/workflow_tools.py +4 -48
  109. package/src/qingflow_mcp/tools/workspace_tools.py +3 -71
  110. package/npm/bin/qingflow-skills.mjs +0 -5
  111. package/skills/qingflow-record-analysis/manifest.yaml +0 -10
  112. package/skills/qingflow-record-insert/manifest.yaml +0 -6
  113. package/src/qingflow_mcp/solution/compiler/workflow_compiler.py +0 -173
@@ -0,0 +1,137 @@
1
+ ---
2
+ name: qingflow-app-builder-code-integrations
3
+ description: Configure Qingflow code block and Q-Linker fields through the builder surface when the task involves input field insertion, alias parsing, target field binding, or troubleshooting broken code/q-linker form configurations. Use after MCP is connected and authenticated, especially for CRM-style scoring, lookup, and enrichment forms.
4
+ metadata:
5
+ short-description: Configure Qingflow code blocks and Q-Linkers safely
6
+ ---
7
+
8
+ # Qingflow App Builder Code Integrations
9
+
10
+ Use this skill when the user wants to build or repair:
11
+ - `code_block` fields
12
+ - `q_linker` fields
13
+ - output alias parsing
14
+ - target field binding
15
+ - form configurations that depend on code block or Q-Linker relations
16
+
17
+ Do not use this skill for MCP setup, generic field CRUD, or runtime execution debugging unless those are strictly supporting code block or Q-Linker configuration work.
18
+
19
+ ## Core Rule
20
+
21
+ Treat code blocks and Q-Linkers as **integration fields**, not ordinary fields.
22
+
23
+ For both of them, the public builder request may look like one step, but the real backend form structure has multiple layers. Never invent a new backend meaning. Only compile into the backend structures that already exist.
24
+
25
+ ## Mental Model
26
+
27
+ ### Code block
28
+
29
+ There are three conceptual layers:
30
+
31
+ 1. Code block field itself
32
+ 2. Parsed output aliases
33
+ 3. Target field bindings
34
+
35
+ Current builder support:
36
+ - configure the code block field itself
37
+ - configure input insertion into code content
38
+ - configure alias parsing
39
+
40
+ Important:
41
+ - keep `qf_output = {...}` as a plain assignment
42
+ - do not emit `const qf_output =` or `let qf_output =`
43
+
44
+ ### Q-Linker
45
+
46
+ There are two conceptual layers:
47
+
48
+ 1. Q-Linker field itself via `remoteLookupConfig`
49
+ 2. Target field bindings via relation-default + `questionRelations(relationType=Q_LINKER)`
50
+
51
+ Current builder support:
52
+ - one-step high-level config through `q_linker_binding`
53
+ - internal compilation into existing backend payloads
54
+
55
+ ## Operating Order
56
+
57
+ For code block or Q-Linker work, use this order:
58
+
59
+ 1. Resolve the app and read fields:
60
+ - `app_resolve`
61
+ - `app_read_fields`
62
+ 2. Confirm the target field set already exists.
63
+ 3. Apply schema updates with `app_schema_apply`.
64
+ 4. Read fields again and verify:
65
+ - field type
66
+ - alias config
67
+ - target field binding shape
68
+ 5. For page-safety checks, use user-side schema or insert checks:
69
+ - `record_insert_schema_get`
70
+ - optional safe `record_insert`
71
+
72
+ Do not treat raw apply success as enough. Always re-read the field config.
73
+
74
+ ## Code Block Rules
75
+
76
+ Read [references/code-block.md](references/code-block.md) before changing a code block field.
77
+
78
+ Use builder high-level config only for:
79
+ - input field insertion
80
+ - code content
81
+ - alias parsing
82
+ - auto trigger
83
+ - custom button text
84
+
85
+ When binding outputs to target fields, do not guess payload shape from memory. Follow the current builder implementation and the readback shape.
86
+
87
+ Hard rules:
88
+ - target fields must already exist
89
+ - keep target field types business-compatible
90
+ - if a page starts hanging on “关联中”, inspect whether the target field default type or relation config was written incorrectly
91
+
92
+ ## Q-Linker Rules
93
+
94
+ Read [references/q-linker.md](references/q-linker.md) before changing a Q-Linker field.
95
+
96
+ First-stage stable support is only:
97
+ - custom mode
98
+ - request config
99
+ - alias parsing
100
+ - target field binding
101
+ - auto trigger / button text
102
+
103
+ Do not generate:
104
+ - template mode
105
+ - openApp/light-wing branches
106
+ - subtable table-match bindings
107
+
108
+ Hard rules:
109
+ - `outputs[*].target_field` is required
110
+ - use only supported target field types
111
+ - on rebinding, old target fields must be restored from relation-default to safe default type
112
+ - `resultFormatPath` must preserve backend-required alias metadata
113
+
114
+ ## Verification Checklist
115
+
116
+ After each code block or Q-Linker change, verify all of these:
117
+
118
+ - `app_read_fields` shows the intended field type
119
+ - the high-level config is readable and stable
120
+ - target fields still have valid types
121
+ - insert schema can be opened
122
+ - record insert does not get blocked by malformed integration config
123
+
124
+ If the task explicitly includes runtime verification, keep it separate from configuration verification.
125
+
126
+ ## Common Pitfalls
127
+
128
+ - Writing code block code with `const qf_output =`
129
+ - Treating a Q-Linker or code block binding as a plain field default
130
+ - Forgetting to restore old target fields after unbinding
131
+ - Using unsupported target field types
132
+ - Assuming apply success means the form page can open
133
+
134
+ ## References
135
+
136
+ - Code block details: [references/code-block.md](references/code-block.md)
137
+ - Q-Linker details: [references/q-linker.md](references/q-linker.md)
@@ -0,0 +1,4 @@
1
+ interface:
2
+ display_name: "Qingflow Code Integrations"
3
+ short_description: "Configure Qingflow code block and Q-Linker fields safely"
4
+ default_prompt: "Use $qingflow-app-builder-code-integrations when configuring Qingflow code block or Q-Linker fields, especially when input insertion, alias parsing, target field binding, or page-safety verification matter."
@@ -0,0 +1,66 @@
1
+ # Code Block Builder Notes
2
+
3
+ ## What Builder Should Configure
4
+
5
+ - code block field type
6
+ - code content
7
+ - inserted input fields inside code content
8
+ - alias parsing
9
+ - auto trigger
10
+ - custom button text
11
+
12
+ ## Stable Writing Rules
13
+
14
+ - Always emit `qf_output = {...}`
15
+ - Never emit `const qf_output = {...}`
16
+ - Never emit `let qf_output = {...}`
17
+
18
+ ## Useful CRM Pattern
19
+
20
+ Inputs:
21
+ - customer name
22
+ - source
23
+ - budget
24
+ - timing
25
+ - decision-maker flag
26
+
27
+ Outputs:
28
+ - score
29
+ - level
30
+ - priority
31
+ - summary
32
+ - next follow date
33
+
34
+ ## Target Field Rules
35
+
36
+ Required:
37
+ - every `outputs[*].target_field` must point to an existing field
38
+
39
+ Allowed target field types:
40
+ - text
41
+ - long text
42
+ - number
43
+ - amount
44
+ - date
45
+ - datetime
46
+ - single select
47
+ - multi select
48
+ - boolean
49
+
50
+ Do not bind code block outputs to:
51
+ - q_linker
52
+ - code_block
53
+ - relation
54
+ - subtable
55
+ - attachment
56
+ - member
57
+ - department
58
+ - address
59
+
60
+ ## Safe Verification
61
+
62
+ - `app_read_fields`
63
+ - `record_insert_schema_get`
64
+ - optional `record_code_block_run`
65
+
66
+ Treat configuration verification and runtime verification as separate checks.
@@ -0,0 +1,77 @@
1
+ # Q-Linker Builder Notes
2
+
3
+ ## What Builder Should Configure
4
+
5
+ - `remoteLookupConfig`
6
+ - alias parsing
7
+ - target field binding
8
+ - auto trigger
9
+ - custom button text
10
+
11
+ ## Current Supported Scope
12
+
13
+ - custom mode only
14
+ - standard request fields
15
+ - alias path parsing
16
+ - target field binding to existing ordinary fields
17
+
18
+ ## Recommended Public APIs For Samples
19
+
20
+ ### Httpbin
21
+
22
+ - URL: `https://httpbin.org/get`
23
+ - Good for:
24
+ - query echo
25
+ - request URL echo
26
+
27
+ Useful paths:
28
+ - `$.args.keyword`
29
+ - `$.url`
30
+
31
+ ### Open-Meteo Geocoding
32
+
33
+ - URL: `https://geocoding-api.open-meteo.com/v1/search`
34
+ - Good for:
35
+ - place normalization
36
+ - country
37
+ - lat/lng summary
38
+
39
+ Useful paths:
40
+ - `$.results[0].name`
41
+ - `$.results[0].country`
42
+ - `$.results[0].latitude`
43
+ - `$.results[0].longitude`
44
+
45
+ ## Target Field Rules
46
+
47
+ Required:
48
+ - every `outputs[*].target_field` must point to an existing field
49
+
50
+ Prefer:
51
+ - text
52
+ - long text
53
+ - number
54
+ - amount
55
+ - date
56
+ - datetime
57
+ - single select
58
+ - multi select
59
+ - boolean
60
+
61
+ Avoid:
62
+ - q_linker
63
+ - code_block
64
+ - relation
65
+ - subtable
66
+ - attachment
67
+ - member
68
+ - department
69
+ - address
70
+
71
+ ## Safe Verification
72
+
73
+ - `app_read_fields`
74
+ - `record_insert_schema_get`
75
+ - `record_insert`
76
+
77
+ This verifies that the configuration does not break the form page, even before runtime execution is tested.
@@ -1,67 +1,64 @@
1
1
  ---
2
2
  name: qingflow-app-user
3
- description: Route Qingflow end-user requests to the right specialized operational skill using the current Wingent Momo runtime MCP session. Use when the task is operational but it is not yet clear whether it is record CRUD or final analysis.
3
+ description: Route Qingflow end-user requests to the right specialized operational skill after the MCP is already connected and authenticated. Use when the task is operational but it is not yet clear whether it is record CRUD or final analysis.
4
4
  metadata:
5
5
  short-description: Router for Qingflow operational skills
6
6
  ---
7
7
 
8
8
  # Qingflow App User
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Overview
13
11
 
14
12
  This skill is a lightweight router for operational Qingflow work.
15
- In Wingent Momo runtime, trust injected MCP credentials, workspace, and route context until a business tool explicitly reports otherwise.
13
+ Assumes MCP is connected, authenticated, and on the correct workspace.
16
14
  Before routing, skim the shared maintenance baseline: [public-surface-sync.md](references/public-surface-sync.md).
17
15
 
18
16
  ## Default Paths
19
17
 
20
18
  Route to exactly one of these specialized paths:
21
19
 
22
- 1. Record insert
20
+ 1. Record insert
23
21
  Switch to [$qingflow-record-insert](../qingflow-record-insert/SKILL.md)
24
22
 
25
- 2. Record update
23
+ 2. Record update
26
24
  Switch to [$qingflow-record-update](../qingflow-record-update/SKILL.md)
27
25
 
28
- 3. Record delete
26
+ 3. Record delete
29
27
  Switch to [$qingflow-record-delete](../qingflow-record-delete/SKILL.md)
30
28
 
31
- 4. Record import
29
+ 4. Record import
32
30
  Switch to [$qingflow-record-import](../qingflow-record-import/SKILL.md)
33
31
 
34
- 5. Task workflow operations
32
+ 5. Task workflow operations
35
33
  Switch to [$qingflow-task-ops](../qingflow-task-ops/SKILL.md)
36
34
 
37
- 6. Analysis
35
+ 6. Analysis
38
36
  Switch to [$qingflow-record-analysis](../qingflow-record-analysis/SKILL.md)
39
37
 
40
- 7. Standalone MCP setup or explicit auth/workspace recovery
38
+ 7. MCP connection / auth / workspace selection
41
39
  Switch to [$qingflow-mcp-setup](../qingflow-mcp-setup/SKILL.md)
42
40
 
43
41
  8. App / view / workflow / chart / portal / package configuration
44
- This is outside the App User MCP tool surface. Use the separate `qingflow-app-builder` skill/MCP package when that builder surface is installed; otherwise ask the user to enable the builder MCP.
42
+ Switch to [$qingflow-app-builder](../qingflow-app-builder/SKILL.md)
45
43
 
46
44
  ## Routing Rules
47
45
 
48
- - If the user does not know the target `app_key`, discover apps first with `app_list` / `app list --query` over current-user visible apps, then route to the specialized skill; do not use the legacy app search path for ordinary members
46
+ - If the user does not know the target `app_key`, discover apps first with `app_list` or `app_search`, then route to the specialized skill
49
47
  - If the app is known but the available data range is unclear, call `app_get` first and inspect `accessible_views`
50
48
  - If the task is about creating or new record entry, switch to `$qingflow-record-insert`
51
49
  - If the task is about editing an existing record directly, switch to `$qingflow-record-update`
52
50
  - If the task is about deleting records directly, switch to `$qingflow-record-delete`
53
51
  - If the task is about import templates, import capability discovery, import-file verification, authorized local file repair, import execution, or import status, switch to `$qingflow-record-import`
54
52
  - If the task is about todo discovery, task context, approval actions, rollback or transfer, associated report review, or workflow log review, switch to `$qingflow-task-ops`
55
- - If the task is about package, app, field, layout, workflow, view, chart, portal, visibility, icon, or app base configuration, do not continue with App User MCP tools. Use the separate `qingflow-app-builder` skill/MCP package when available, or ask the user to enable the builder MCP.
53
+ - If the task is about package, app, field, layout, workflow, view, chart, portal, visibility, icon, or app base configuration, switch to `$qingflow-app-builder`
56
54
  - If the task involves member, department, or relation fields and the user only has natural names/titles, keep the same route; direct write now supports backend-native auto resolution and may return `needs_confirmation` with candidates instead of failing blind
57
- - For member/department field ambiguity, keep the record insert/update route and use `record_member_candidates` / `record_department_candidates`; do not switch to `directory_*`, builder member search, external-contact lookup, or contact-directory management queries. App User MCP only exposes `directory_search` for member-visible keyword search, not directory tree/list management.
58
55
  - If the task involves linked visibility, upstream/downstream field dependencies, reference-driven auto fill, or formula-driven defaulting, keep the same insert/update route and read field-level `linkage` from the schema before composing payloads
59
56
  - If the task is about subtable writes, still route to the matching insert/update skill, but shape the payload as parent subtable field -> row array; do not route users toward top-level leaf selectors
60
57
  - If the task is insert-focused and readback/detail context matters, keep the same route and prefer the single-record detail readback after the write; use normalized list readback only when batch row shape is needed
61
58
  - If the user sounds like an ordinary workflow assignee rather than a system operator, prefer `$qingflow-task-ops` over direct record mutation whenever both paths could fit
62
59
  - If the task is about task discovery by natural language query, still route to `$qingflow-task-ops`; `task_list --query` now uses backend search first and only falls back to local matching when backend returns zero rows
63
60
  - If the task is about grouped distributions, ratios, rankings, trends, insights, or any final statistical conclusion, switch to `$qingflow-record-analysis`
64
- - In Wingent Momo runtime, do not route to `$qingflow-mcp-setup` as a preflight. Switch there only when a business tool explicitly reports missing auth, invalid session, or wrong/missing workspace, or when the user asks to configure a standalone MCP client.
61
+ - If the MCP is not connected, authenticated, or bound to the right workspace, switch to `$qingflow-mcp-setup`
65
62
 
66
63
  ## Shared Preconditions
67
64
 
@@ -89,4 +86,4 @@ Route to exactly one of these specialized paths:
89
86
  - Record import: [$qingflow-record-import](../qingflow-record-import/SKILL.md)
90
87
  - Task workflow operations: [$qingflow-task-ops](../qingflow-task-ops/SKILL.md)
91
88
  - Dedicated analysis workflow: [$qingflow-record-analysis](../qingflow-record-analysis/SKILL.md)
92
- - Builder workflow requires the separate `qingflow-app-builder` skill/MCP package.
89
+ - Builder workflow: [$qingflow-app-builder](../qingflow-app-builder/SKILL.md)
@@ -9,12 +9,12 @@ For final statistics, grouped distributions, rankings, trends, or insight-style
9
9
  - `record_get` is for one exact record and downloads readable detail-page images into `media_assets.items[].local_path` plus attachments/documents/tables into `file_assets.items[].local_path`
10
10
  - Use `record_browse_schema_get` when field titles are uncertain instead of guessing ids
11
11
  - Do not present paged browse output as if it were a grouped or full-population conclusion
12
- - Use `record_export_direct` only when the user explicitly asks for export/download/Excel output, and always pass an explicit `view_id` from `app_get.accessible_views` or the frontend URL
12
+ - Use `record_export_direct` only when the user explicitly asks for export/download/Excel output
13
13
 
14
14
  ## Direct Writes
15
15
 
16
16
  - `record_insert` is schema-first through `record_insert_schema_get`; default to `items=[{"fields": {...}}]`
17
- - `record_update` is detail-first: read `record_get`, compose the requested title-keyed `fields` map, then write directly; use `record_update_schema_get` only after update failure or ambiguity
17
+ - `record_update` is schema-first through `record_update_schema_get`
18
18
  - `record_delete` does not need a schema-get step
19
19
  - For batch insert, `partial_success` means some rows were created; use `created_record_ids`, failed `row_number`, and `failed_fields` to repair only failed rows
20
20
  - If a direct-write tool returns `write_executed=false`, the write was blocked and not executed for that item
@@ -1,6 +1,6 @@
1
1
  # Qingflow Core Public Surface Sync
2
2
 
3
- Use this file as the maintenance baseline for the core Qingflow skills.
3
+ Use this file as the maintenance baseline for the core Qingflow skills.
4
4
  It is not a user-facing product spec. It exists to prevent skill drift.
5
5
 
6
6
  ## Current Public Defaults
@@ -12,9 +12,9 @@ It is not a user-facing product spec. It exists to prevent skill drift.
12
12
  - Standard flows:
13
13
  - analyze: `app_get -> record_browse_schema_get -> record_access -> Python`
14
14
  - browse detail: `app_get -> record_browse_schema_get -> record_list / record_get`
15
- - explicit export/download/Excel: `app_get -> choose view_id -> view_get -> record_export_*` or `record_export_direct`; export tools require explicit `view_id`
15
+ - explicit export/download/Excel: `view_get -> record_export_*` or `record_export_direct`
16
16
  - insert: `record_insert_schema_get -> record_insert(items)`
17
- - update: `record_get -> record_update`; use `record_update_schema_get` only for failure diagnosis or ambiguous writable-field routing
17
+ - update: `record_update_schema_get -> record_update`
18
18
 
19
19
  ### Tasks
20
20
 
@@ -41,13 +41,13 @@ Use `record_insert_schema_get -> record_insert(items)`.
41
41
 
42
42
  ## Update Pattern
43
43
 
44
- Use `record_get -> record_update`.
44
+ Use `record_update_schema_get -> record_update`.
45
45
 
46
46
  1. Confirm the target app and `record_id`
47
- 2. Read `record_get` in the same view/context the user is using when a `view_id` is known
48
- 3. Build a field-title keyed `fields` map from `record_get.fields[]` and the user's requested changes
49
- 4. Run `record_update` directly; let MCP auto-select the executable update route
50
- 5. If `record_update` fails because fields/routes are ambiguous or unavailable, then use `record_update_schema_get` as a diagnostic tool
47
+ 2. Read `writable_fields` and `payload_template`
48
+ 3. Update only fields present in `writable_fields`
49
+ 4. Let MCP auto-select the first matched accessible view that can execute the payload
50
+ 5. Run `record_update`
51
51
 
52
52
  ## Delete Pattern
53
53
 
@@ -14,12 +14,13 @@ Examples:
14
14
 
15
15
  Rules:
16
16
 
17
- - if the user starts from inbox, todo, workload, cc, or bottleneck language, use the public task tools first
18
- - use `task_list` for headline counts and flat browsing; group locally by app or workflow node when buckets matter
19
- - use `task_get`, `task_workflow_log_get`, and `task_associated_report_detail_get` only after locating the exact task
17
+ - if the user starts from inbox, todo, workload, cc, or bottleneck language, use `task_*` first
18
+ - use `task_summary` for headline counts
19
+ - use `task_list` for flat browsing
20
+ - use `task_facets` when worksheet or workflow-node buckets matter
20
21
  - treat task counts as task-center counts, not record counts
21
22
  - switch to `record_*` only after locating the exact business record behind a task
22
23
  - identify the exact target first
23
- - for approve or reject, identify the exact target first; prefer `task_id` from task-center results, then use `task_action_execute` with action `approve` or `reject`
24
+ - for approve or reject, identify the exact `workflow_node_id` first; prefer task-center results or current audit info, then use `task_approve` or `task_reject`
24
25
  - avoid usage-side workflow actions on ambiguous records
25
26
  - summarize the final action and target task ids or record ids
@@ -7,8 +7,6 @@ metadata:
7
7
 
8
8
  # Qingflow MCP Setup
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Overview
13
11
 
14
12
  This skill sets up the local Qingflow MCP server, connects it to a local AI client, and verifies authentication and workspace selection. Use it for installation, client configuration, token login, and connection troubleshooting.
@@ -75,26 +73,24 @@ cd <repo_root>/qingflow-support/mcp-server
75
73
 
76
74
  Prefer validating through the client after config is added.
77
75
 
78
- ### Step 5: Use injected session first; authenticate only for setup or recovery
79
-
80
- For Wingent Momo runtime conversations, the session normally already carries the credential-derived token, workspace, and route context. Do not run `auth_use_credential`, `auth_login`, `workspace_list`, or `workspace_select` before ordinary business tools. Start with the smallest read-only business call that fits the task; if it succeeds, continue.
76
+ ### Step 5: Authenticate and select workspace
81
77
 
82
- For a standalone local MCP client that has no injected session, use this setup order:
78
+ Recommended order inside the client:
83
79
 
84
- 1. `auth_use_credential` or `auth_login`
80
+ 1. `auth_use_token` or `auth_login`
85
81
  2. `workspace_list`
86
82
  3. `workspace_select`
87
- 4. Run a small read-only business tool
83
+ 4. Only then use business tools
88
84
 
89
- `auth_use_credential` gets the selected workspace from the credential context. If the user needs a different workspace after authentication, use `workspace_list` and then `workspace_select`.
85
+ If the user already knows the target workspace, prefer `auth_use_token(..., ws_id=<id>)`.
90
86
  After auth, prefer one read-only tool call that returns `request_route` so you can confirm the live `base_url` and `qf_version` before proceeding.
91
- `auth_use_credential` is a tool call, not a custom HTTP header. It exchanges the createClaw credential for a Qingflow token, `wsId`, and when needed `Cookie: qfVersion=...` after the session is established.
92
- Do not run `workspace_select` on production paths unless the user explicitly asks to switch workspace or a business tool clearly reports that no workspace is selected. If `/user` does not return a version lane, the session now falls back to the workspace `systemVersion`.
87
+ `auth_use_token` is a tool call, not a custom HTTP header. The runtime injects `token`, `wsId`, and when needed `Cookie: qfVersion=...` after the session is established.
88
+ Do not skip `workspace_select` on production paths. If `/user` does not return a version lane, the session now falls back to the workspace `systemVersion`.
93
89
 
94
90
  ### Step 6: Troubleshoot in the right layer
95
91
 
96
92
  - If the client cannot launch the server, check path, execute permission, and `.venv`
97
- - If tools return `auth required`, re-run `auth_use_credential` or `auth_login`
93
+ - If tools return `auth required`, re-run `auth_use_token` or `auth_login`
98
94
  - If tools return `workspace not selected`, call `workspace_list` and `workspace_select`
99
95
  - If calls fail after a working session, assume token expiry and re-authenticate
100
96
  - If the browser shows data but MCP does not, compare `request_route` against the browser environment and check whether `qf_version` should be `canary`
@@ -102,7 +98,7 @@ Do not run `workspace_select` on production paths unless the user explicitly ask
102
98
  ## Guardrails
103
99
 
104
100
  - Never write tokens into the skill files
105
- - In Wingent Momo runtime, trust injected workspace context until a business tool proves otherwise; for standalone clients, confirm workspace with `auth_whoami`, `workspace_select`, or a successful read-only business call.
101
+ - Never assume a workspace is selected until `auth_whoami` or `workspace_select` confirms it
106
102
  - When debugging, distinguish server startup issues from Qingflow auth issues
107
103
  - When the user mentions production, restate the exact `base_url`, `qf_version`, and workspace before any live validation
108
104
  - If setup is complete but the current MCP capability is still unsupported or the user's need still cannot be satisfied, summarize the gap, ask whether to submit feedback, and call `feedback_submit` only after explicit user confirmation
@@ -31,4 +31,4 @@ Keep separate snippets for `test` and `prod` so switching environments does not
31
31
  - Replace `<ABSOLUTE_PATH_TO_REPO>` with the real checkout path on the current machine
32
32
  - If the server path changes, update the `command` field
33
33
  - The server is local stdio MCP, so no remote URL is required
34
- - Do not store Qingflow credentials in Claude Desktop config; pass the createClaw credential through `auth_use_credential` inside the chat, or use `auth_login` when credential exchange is unavailable
34
+ - Do not store Qingflow token in Claude Desktop config; pass it through `auth_use_token` inside the chat
@@ -28,8 +28,7 @@ Known values in the current workspace:
28
28
  Setup behavior:
29
29
 
30
30
  - prefer this environment for Claude Desktop or local MCP client onboarding
31
- - for Wingent Momo runtime, use the injected session and skip auth/workspace preflight
32
- - for standalone MCP client setup, use `auth_use_credential` or `auth_login`, then `workspace_list`, then `workspace_select`
31
+ - use `auth_use_token` or `auth_login`, then `workspace_list`, then `workspace_select`
33
32
  - if the user asks to verify installation, a real read-only smoke path is acceptable
34
33
 
35
34
  ## Production Environment
@@ -19,14 +19,13 @@ Keep separate client entries or separate config snippets for `test` and `prod`.
19
19
 
20
20
  1. Start the client
21
21
  2. Confirm the `qingflow` MCP server is visible
22
- 3. In Wingent Momo runtime, skip auth/workspace preflight and run a read-only tool such as `app_list`
23
- 4. In a standalone client without injected credentials, run `auth_use_credential` or `auth_login`
24
- 5. Then run `workspace_list`
25
- 6. Then run `workspace_select`
26
- 7. Run a read-only tool such as `app_list`
22
+ 3. Run `auth_use_token`
23
+ 4. Run `workspace_list`
24
+ 5. Run `workspace_select`
25
+ 6. Run a read-only tool such as `app_list`
27
26
 
28
27
  ## Common failures
29
28
 
30
29
  - Launch failure: bad `command` path or missing `.venv`
31
- - Auth failure: invalid or expired credential/token
30
+ - Auth failure: invalid or expired token
32
31
  - Business tool failure before setup: workspace not selected
@@ -1,14 +1,12 @@
1
1
  ---
2
2
  name: qingflow-record-analysis
3
- description: Analyze Qingflow record data safely. Use when the user wants grouped distributions, ratios, averages, rankings, trends, insights, comparisons, or any final statistical conclusion across an existing app's data. Default to schema-first record_access CSV retrieval plus local Python/pandas; do not use export tools unless the user explicitly asks for a file download.
3
+ description: Analyze Qingflow record data safely after the MCP is already connected and authenticated. Use when the user wants grouped distributions, ratios, averages, rankings, trends, insights, comparisons, or any final statistical conclusion across an existing app's data. Default to schema-first record_access CSV retrieval plus local Python/pandas; do not use export tools unless the user explicitly asks for a file download.
4
4
  metadata:
5
5
  short-description: Analyze Qingflow record data with record_access CSV and Python
6
6
  ---
7
7
 
8
8
  # Qingflow Record Analysis
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  Use this skill only for final statistical conclusions: counts, distributions, ratios, averages, rankings, trends, comparisons, and analysis reports.
13
11
 
14
12
  Default path, every time:
@@ -22,7 +20,7 @@ app_get -> record_browse_schema_get(view_id=...) -> record_access -> Python/pand
22
20
  ```bash
23
21
  qingflow record --help
24
22
  qingflow record access --help
25
- qingflow --json record access --app-key APP_KEY --view-id VIEW_ID --columns-file columns.json --where-file where.json --order-by-file order_by.json
23
+ qingflow record access --app-key APP_KEY --view-id VIEW_ID --columns-file columns.json --where-file where.json --order-by-file order_by.json --json
26
24
  ```
27
25
 
28
26
  The CLI command is under the `record` command group, so the discovery path is: first inspect `qingflow record --help`, then inspect `qingflow record access --help`.
@@ -39,10 +37,10 @@ The CLI command is under the `record` command group, so the discovery path is: f
39
37
  - Before final analysis, run a field-quality profile in pandas: row count, null rate, distinct count, and period coverage for candidate grouping fields.
40
38
  - Do not use a high-missing field as the main conclusion dimension. If a candidate dimension is sparse, downgrade it to an `已填写样本观察` and choose a cleaner semantic fallback when available.
41
39
  - Full final conclusions require `record_access.complete=true` and `record_access.safe_for_final_conclusion=true`.
42
- - `record_list` is only for sample inspection after the aggregate result is understood; its `data.items[]` rows are flat field-title keyed objects, not nested `fields[]`.
40
+ - `record_list` is only for sample inspection after the aggregate result is understood.
43
41
  - `record_get` is only for single-record detail verification, logs, references, images, or readable attachments. Read images from `media_assets.items[].local_path`; read documents/tables from `file_assets.items[].local_path` and `extraction.text_path`.
44
42
  - `record_export_direct` is only for explicit export/download/Excel requests.
45
- - `chart_get` / QingBI is only for user-provided report URLs or chart ids. If it reports `CHART_BASE_INFO_UNAVAILABLE` but `chart_data_loaded=true`, treat the chart data as readable and only the metadata/base info as degraded.
43
+ - `chart_get` / QingBI is only for user-provided report URLs or chart ids.
46
44
 
47
45
  ## Tool Selection
48
46
 
@@ -51,7 +49,7 @@ The CLI command is under the `record` command group, so the discovery path is: f
51
49
  | Batch analysis, statistics, comparison, report | `record_access -> Python` |
52
50
  | Browse a few example rows | `record_list` |
53
51
  | Inspect one record, logs, references, images, attachments | `record_get` |
54
- | User asks to export/download/Excel | `record_export_direct` with explicit `view_id` |
52
+ | User asks to export/download/Excel | `record_export_direct` |
55
53
  | User gives report URL or chart id | `chart_get` |
56
54
  | Todo/workflow task actions | `$qingflow-task-ops` |
57
55
 
@@ -86,12 +84,13 @@ CSV columns are already readable and field-id anchored, for example `项目状
86
84
  For CLI use, write JSON argument files instead of embedding large JSON in shell text:
87
85
 
88
86
  ```bash
89
- qingflow --json record access \
87
+ qingflow record access \
90
88
  --app-key APP_KEY \
91
89
  --view-id system:all \
92
90
  --columns-file columns.json \
93
91
  --where-file where.json \
94
- --order-by-file order_by.json
92
+ --order-by-file order_by.json \
93
+ --json
95
94
  ```
96
95
 
97
96
  ## Status Handling
@@ -1,14 +1,12 @@
1
1
  ---
2
2
  name: qingflow-record-delete
3
- description: Delete Qingflow records safely using the current Wingent Momo runtime MCP session; recover auth/workspace only after a tool error.
3
+ description: Delete Qingflow records safely after the MCP is already connected and authenticated.
4
4
  metadata:
5
5
  short-description: Qingflow record delete
6
6
  ---
7
7
 
8
8
  # Qingflow Record Delete
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Default Path
13
11
 
14
12
  `record_list / record_get -> record_delete`
@@ -23,11 +21,9 @@ metadata:
23
21
 
24
22
  1. Resolve the exact target `record_id` first
25
23
  2. Prefer reading the current state before delete when the request is high risk
26
- 3. Choose an accessible system `view_id` from `app_get.accessible_views`; custom views can locate records but cannot be used as the delete route
27
- 4. Call `record_delete` with `record_id` or `record_ids` and the system `view_id` so the backend uses the matching listType delete route
24
+ 3. Call `record_delete` with `record_id` or `record_ids`
28
25
 
29
26
  ## Do Not
30
27
 
31
- - Do not pass `custom:*` view selectors to `record_delete`; custom views can locate records, but delete currently supports only system listType routes
32
- - Do not omit `view_id`; a delete without frontend list context is ambiguous and should return `RECORD_DELETE_VIEW_REQUIRED`
28
+ - Do not pass any `view_*` selector
33
29
  - Do not infer the target record id from a vague title if `record_list` can disambiguate it