@josephyan/qingflow-app-user-mcp 1.1.25 → 1.1.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/README.md +5 -7
  2. package/docs/local-agent-install.md +6 -57
  3. package/entry_point.py +1 -1
  4. package/npm/bin/qingflow-app-user-mcp.mjs +33 -2
  5. package/npm/lib/runtime.mjs +101 -21
  6. package/npm/scripts/postinstall.mjs +10 -1
  7. package/package.json +2 -3
  8. package/pyproject.toml +1 -1
  9. package/skills/qingflow-app-user/SKILL.md +15 -16
  10. package/skills/qingflow-app-user/references/data-gotchas.md +2 -2
  11. package/skills/qingflow-app-user/references/public-surface-sync.md +7 -5
  12. package/skills/qingflow-app-user/references/record-patterns.md +5 -5
  13. package/skills/qingflow-app-user/references/workflow-usage.md +5 -4
  14. package/skills/qingflow-mcp-setup/SKILL.md +9 -13
  15. package/skills/qingflow-mcp-setup/references/claude-desktop.md +1 -1
  16. package/skills/qingflow-mcp-setup/references/environments.md +1 -2
  17. package/skills/qingflow-mcp-setup/references/generic-stdio.md +5 -6
  18. package/skills/qingflow-record-analysis/SKILL.md +8 -9
  19. package/skills/qingflow-record-delete/SKILL.md +3 -7
  20. package/skills/qingflow-record-import/SKILL.md +2 -35
  21. package/skills/qingflow-record-insert/SKILL.md +6 -78
  22. package/skills/qingflow-record-update/SKILL.md +24 -39
  23. package/skills/qingflow-task-ops/SKILL.md +27 -30
  24. package/skills/qingflow-task-ops/references/environments.md +1 -0
  25. package/skills/qingflow-task-ops/references/workflow-usage.md +6 -4
  26. package/src/qingflow_mcp/__init__.py +1 -1
  27. package/src/qingflow_mcp/__main__.py +2 -6
  28. package/src/qingflow_mcp/builder_facade/models.py +49 -330
  29. package/src/qingflow_mcp/builder_facade/service.py +1621 -6149
  30. package/src/qingflow_mcp/cli/commands/builder.py +366 -322
  31. package/src/qingflow_mcp/cli/commands/chart.py +1 -1
  32. package/src/qingflow_mcp/cli/commands/common.py +3 -12
  33. package/src/qingflow_mcp/cli/commands/exports.py +2 -2
  34. package/src/qingflow_mcp/cli/commands/imports.py +3 -3
  35. package/src/qingflow_mcp/cli/commands/portal.py +2 -2
  36. package/src/qingflow_mcp/cli/commands/record.py +27 -101
  37. package/src/qingflow_mcp/cli/commands/task.py +47 -28
  38. package/src/qingflow_mcp/cli/commands/view.py +1 -1
  39. package/src/qingflow_mcp/cli/context.py +3 -0
  40. package/src/qingflow_mcp/cli/formatters.py +16 -784
  41. package/src/qingflow_mcp/cli/main.py +41 -120
  42. package/src/qingflow_mcp/errors.py +2 -43
  43. package/src/qingflow_mcp/public_surface.py +17 -26
  44. package/src/qingflow_mcp/response_trim.py +17 -81
  45. package/src/qingflow_mcp/server.py +12 -14
  46. package/src/qingflow_mcp/server_app_builder.py +39 -81
  47. package/src/qingflow_mcp/server_app_user.py +16 -22
  48. package/src/qingflow_mcp/session_store.py +7 -11
  49. package/src/qingflow_mcp/solution/compiler/__init__.py +1 -3
  50. package/src/qingflow_mcp/solution/executor.py +18 -245
  51. package/src/qingflow_mcp/tools/ai_builder_tools.py +1483 -3139
  52. package/src/qingflow_mcp/tools/app_tools.py +43 -184
  53. package/src/qingflow_mcp/tools/approval_tools.py +35 -197
  54. package/src/qingflow_mcp/tools/auth_tools.py +16 -92
  55. package/src/qingflow_mcp/tools/code_block_tools.py +40 -298
  56. package/src/qingflow_mcp/tools/custom_button_tools.py +10 -64
  57. package/src/qingflow_mcp/tools/directory_tools.py +72 -236
  58. package/src/qingflow_mcp/tools/export_tools.py +34 -244
  59. package/src/qingflow_mcp/tools/feedback_tools.py +0 -9
  60. package/src/qingflow_mcp/tools/file_tools.py +3 -9
  61. package/src/qingflow_mcp/tools/import_tools.py +49 -336
  62. package/src/qingflow_mcp/tools/navigation_tools.py +12 -91
  63. package/src/qingflow_mcp/tools/package_tools.py +6 -118
  64. package/src/qingflow_mcp/tools/portal_tools.py +3 -39
  65. package/src/qingflow_mcp/tools/qingbi_report_tools.py +7 -116
  66. package/src/qingflow_mcp/tools/record_tools.py +360 -1145
  67. package/src/qingflow_mcp/tools/resource_read_tools.py +39 -188
  68. package/src/qingflow_mcp/tools/role_tools.py +9 -80
  69. package/src/qingflow_mcp/tools/solution_tools.py +45 -59
  70. package/src/qingflow_mcp/tools/task_context_tools.py +158 -662
  71. package/src/qingflow_mcp/tools/task_tools.py +29 -113
  72. package/src/qingflow_mcp/tools/view_tools.py +3 -106
  73. package/src/qingflow_mcp/tools/workflow_tools.py +4 -48
  74. package/src/qingflow_mcp/tools/workspace_tools.py +3 -71
  75. package/src/qingflow_mcp/version.py +2 -0
  76. package/npm/bin/qingflow-skills.mjs +0 -5
  77. package/skills/qingflow-record-analysis/manifest.yaml +0 -10
  78. package/skills/qingflow-record-insert/manifest.yaml +0 -6
  79. package/src/qingflow_mcp/solution/compiler/workflow_compiler.py +0 -173
@@ -7,8 +7,6 @@ metadata:
7
7
 
8
8
  # Qingflow MCP Setup
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Overview
13
11
 
14
12
  This skill sets up the local Qingflow MCP server, connects it to a local AI client, and verifies authentication and workspace selection. Use it for installation, client configuration, token login, and connection troubleshooting.
@@ -75,26 +73,24 @@ cd <repo_root>/qingflow-support/mcp-server
75
73
 
76
74
  Prefer validating through the client after config is added.
77
75
 
78
- ### Step 5: Use injected session first; authenticate only for setup or recovery
79
-
80
- For Wingent Momo runtime conversations, the session normally already carries the credential-derived token, workspace, and route context. Do not run `auth_use_credential`, `auth_login`, `workspace_list`, or `workspace_select` before ordinary business tools. Start with the smallest read-only business call that fits the task; if it succeeds, continue.
76
+ ### Step 5: Authenticate and select workspace
81
77
 
82
- For a standalone local MCP client that has no injected session, use this setup order:
78
+ Recommended order inside the client:
83
79
 
84
- 1. `auth_use_credential` or `auth_login`
80
+ 1. `auth_use_token` or `auth_login`
85
81
  2. `workspace_list`
86
82
  3. `workspace_select`
87
- 4. Run a small read-only business tool
83
+ 4. Only then use business tools
88
84
 
89
- `auth_use_credential` gets the selected workspace from the credential context. If the user needs a different workspace after authentication, use `workspace_list` and then `workspace_select`.
85
+ If the user already knows the target workspace, prefer `auth_use_token(..., ws_id=<id>)`.
90
86
  After auth, prefer one read-only tool call that returns `request_route` so you can confirm the live `base_url` and `qf_version` before proceeding.
91
- `auth_use_credential` is a tool call, not a custom HTTP header. It exchanges the createClaw credential for a Qingflow token, `wsId`, and when needed `Cookie: qfVersion=...` after the session is established.
92
- Do not run `workspace_select` on production paths unless the user explicitly asks to switch workspace or a business tool clearly reports that no workspace is selected. If `/user` does not return a version lane, the session now falls back to the workspace `systemVersion`.
87
+ `auth_use_token` is a tool call, not a custom HTTP header. The runtime injects `token`, `wsId`, and when needed `Cookie: qfVersion=...` after the session is established.
88
+ Do not skip `workspace_select` on production paths. If `/user` does not return a version lane, the session now falls back to the workspace `systemVersion`.
93
89
 
94
90
  ### Step 6: Troubleshoot in the right layer
95
91
 
96
92
  - If the client cannot launch the server, check path, execute permission, and `.venv`
97
- - If tools return `auth required`, re-run `auth_use_credential` or `auth_login`
93
+ - If tools return `auth required`, re-run `auth_use_token` or `auth_login`
98
94
  - If tools return `workspace not selected`, call `workspace_list` and `workspace_select`
99
95
  - If calls fail after a working session, assume token expiry and re-authenticate
100
96
  - If the browser shows data but MCP does not, compare `request_route` against the browser environment and check whether `qf_version` should be `canary`
@@ -102,7 +98,7 @@ Do not run `workspace_select` on production paths unless the user explicitly ask
102
98
  ## Guardrails
103
99
 
104
100
  - Never write tokens into the skill files
105
- - In Wingent Momo runtime, trust injected workspace context until a business tool proves otherwise; for standalone clients, confirm workspace with `auth_whoami`, `workspace_select`, or a successful read-only business call.
101
+ - Never assume a workspace is selected until `auth_whoami` or `workspace_select` confirms it
106
102
  - When debugging, distinguish server startup issues from Qingflow auth issues
107
103
  - When the user mentions production, restate the exact `base_url`, `qf_version`, and workspace before any live validation
108
104
  - If setup is complete but the current MCP capability is still unsupported or the user's need still cannot be satisfied, summarize the gap, ask whether to submit feedback, and call `feedback_submit` only after explicit user confirmation
@@ -31,4 +31,4 @@ Keep separate snippets for `test` and `prod` so switching environments does not
31
31
  - Replace `<ABSOLUTE_PATH_TO_REPO>` with the real checkout path on the current machine
32
32
  - If the server path changes, update the `command` field
33
33
  - The server is local stdio MCP, so no remote URL is required
34
- - Do not store Qingflow credentials in Claude Desktop config; pass the createClaw credential through `auth_use_credential` inside the chat, or use `auth_login` when credential exchange is unavailable
34
+ - Do not store Qingflow token in Claude Desktop config; pass it through `auth_use_token` inside the chat
@@ -28,8 +28,7 @@ Known values in the current workspace:
28
28
  Setup behavior:
29
29
 
30
30
  - prefer this environment for Claude Desktop or local MCP client onboarding
31
- - for Wingent Momo runtime, use the injected session and skip auth/workspace preflight
32
- - for standalone MCP client setup, use `auth_use_credential` or `auth_login`, then `workspace_list`, then `workspace_select`
31
+ - use `auth_use_token` or `auth_login`, then `workspace_list`, then `workspace_select`
33
32
  - if the user asks to verify installation, a real read-only smoke path is acceptable
34
33
 
35
34
  ## Production Environment
@@ -19,14 +19,13 @@ Keep separate client entries or separate config snippets for `test` and `prod`.
19
19
 
20
20
  1. Start the client
21
21
  2. Confirm the `qingflow` MCP server is visible
22
- 3. In Wingent Momo runtime, skip auth/workspace preflight and run a read-only tool such as `app_list`
23
- 4. In a standalone client without injected credentials, run `auth_use_credential` or `auth_login`
24
- 5. Then run `workspace_list`
25
- 6. Then run `workspace_select`
26
- 7. Run a read-only tool such as `app_list`
22
+ 3. Run `auth_use_token`
23
+ 4. Run `workspace_list`
24
+ 5. Run `workspace_select`
25
+ 6. Run a read-only tool such as `app_list`
27
26
 
28
27
  ## Common failures
29
28
 
30
29
  - Launch failure: bad `command` path or missing `.venv`
31
- - Auth failure: invalid or expired credential/token
30
+ - Auth failure: invalid or expired token
32
31
  - Business tool failure before setup: workspace not selected
@@ -1,14 +1,12 @@
1
1
  ---
2
2
  name: qingflow-record-analysis
3
- description: Analyze Qingflow record data safely. Use when the user wants grouped distributions, ratios, averages, rankings, trends, insights, comparisons, or any final statistical conclusion across an existing app's data. Default to schema-first record_access CSV retrieval plus local Python/pandas; do not use export tools unless the user explicitly asks for a file download.
3
+ description: Analyze Qingflow record data safely after the MCP is already connected and authenticated. Use when the user wants grouped distributions, ratios, averages, rankings, trends, insights, comparisons, or any final statistical conclusion across an existing app's data. Default to schema-first record_access CSV retrieval plus local Python/pandas; do not use export tools unless the user explicitly asks for a file download.
4
4
  metadata:
5
5
  short-description: Analyze Qingflow record data with record_access CSV and Python
6
6
  ---
7
7
 
8
8
  # Qingflow Record Analysis
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  Use this skill only for final statistical conclusions: counts, distributions, ratios, averages, rankings, trends, comparisons, and analysis reports.
13
11
 
14
12
  Default path, every time:
@@ -22,7 +20,7 @@ app_get -> record_browse_schema_get(view_id=...) -> record_access -> Python/pand
22
20
  ```bash
23
21
  qingflow record --help
24
22
  qingflow record access --help
25
- qingflow --json record access --app-key APP_KEY --view-id VIEW_ID --columns-file columns.json --where-file where.json --order-by-file order_by.json
23
+ qingflow record access --app-key APP_KEY --view-id VIEW_ID --columns-file columns.json --where-file where.json --order-by-file order_by.json --json
26
24
  ```
27
25
 
28
26
  The CLI command is under the `record` command group, so the discovery path is: first inspect `qingflow record --help`, then inspect `qingflow record access --help`.
@@ -39,10 +37,10 @@ The CLI command is under the `record` command group, so the discovery path is: f
39
37
  - Before final analysis, run a field-quality profile in pandas: row count, null rate, distinct count, and period coverage for candidate grouping fields.
40
38
  - Do not use a high-missing field as the main conclusion dimension. If a candidate dimension is sparse, downgrade it to an `已填写样本观察` and choose a cleaner semantic fallback when available.
41
39
  - Full final conclusions require `record_access.complete=true` and `record_access.safe_for_final_conclusion=true`.
42
- - `record_list` is only for sample inspection after the aggregate result is understood; its `data.items[]` rows are flat field-title keyed objects, not nested `fields[]`.
40
+ - `record_list` is only for sample inspection after the aggregate result is understood.
43
41
  - `record_get` is only for single-record detail verification, logs, references, images, or readable attachments. Read images from `media_assets.items[].local_path`; read documents/tables from `file_assets.items[].local_path` and `extraction.text_path`.
44
42
  - `record_export_direct` is only for explicit export/download/Excel requests.
45
- - `chart_get` / QingBI is only for user-provided report URLs or chart ids. If it reports `CHART_BASE_INFO_UNAVAILABLE` but `chart_data_loaded=true`, treat the chart data as readable and only the metadata/base info as degraded.
43
+ - `chart_get` / QingBI is only for user-provided report URLs or chart ids.
46
44
 
47
45
  ## Tool Selection
48
46
 
@@ -51,7 +49,7 @@ The CLI command is under the `record` command group, so the discovery path is: f
51
49
  | Batch analysis, statistics, comparison, report | `record_access -> Python` |
52
50
  | Browse a few example rows | `record_list` |
53
51
  | Inspect one record, logs, references, images, attachments | `record_get` |
54
- | User asks to export/download/Excel | `record_export_direct` with explicit `view_id` |
52
+ | User asks to export/download/Excel | `record_export_direct` |
55
53
  | User gives report URL or chart id | `chart_get` |
56
54
  | Todo/workflow task actions | `$qingflow-task-ops` |
57
55
 
@@ -86,12 +84,13 @@ CSV columns are already readable and field-id anchored, for example `项目状
86
84
  For CLI use, write JSON argument files instead of embedding large JSON in shell text:
87
85
 
88
86
  ```bash
89
- qingflow --json record access \
87
+ qingflow record access \
90
88
  --app-key APP_KEY \
91
89
  --view-id system:all \
92
90
  --columns-file columns.json \
93
91
  --where-file where.json \
94
- --order-by-file order_by.json
92
+ --order-by-file order_by.json \
93
+ --json
95
94
  ```
96
95
 
97
96
  ## Status Handling
@@ -1,14 +1,12 @@
1
1
  ---
2
2
  name: qingflow-record-delete
3
- description: Delete Qingflow records safely using the current Wingent Momo runtime MCP session; recover auth/workspace only after a tool error.
3
+ description: Delete Qingflow records safely after the MCP is already connected and authenticated.
4
4
  metadata:
5
5
  short-description: Qingflow record delete
6
6
  ---
7
7
 
8
8
  # Qingflow Record Delete
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Default Path
13
11
 
14
12
  `record_list / record_get -> record_delete`
@@ -23,11 +21,9 @@ metadata:
23
21
 
24
22
  1. Resolve the exact target `record_id` first
25
23
  2. Prefer reading the current state before delete when the request is high risk
26
- 3. Choose an accessible system `view_id` from `app_get.accessible_views`; custom views can locate records but cannot be used as the delete route
27
- 4. Call `record_delete` with `record_id` or `record_ids` and the system `view_id` so the backend uses the matching listType delete route
24
+ 3. Call `record_delete` with `record_id` or `record_ids`
28
25
 
29
26
  ## Do Not
30
27
 
31
- - Do not pass `custom:*` view selectors to `record_delete`; custom views can locate records, but delete currently supports only system listType routes
32
- - Do not omit `view_id`; a delete without frontend list context is ambiguous and should return `RECORD_DELETE_VIEW_REQUIRED`
28
+ - Do not pass any `view_*` selector
33
29
  - Do not infer the target record id from a vague title if `record_list` can disambiguate it
@@ -1,14 +1,12 @@
1
1
  ---
2
2
  name: qingflow-record-import
3
- description: Explain and operate Qingflow file-based bulk import using the current Wingent Momo runtime MCP session; recover auth/workspace only after a tool error.
3
+ description: Explain and operate Qingflow file-based bulk import after the MCP is already connected and authenticated.
4
4
  metadata:
5
5
  short-description: Qingflow bulk import workflow and troubleshooting
6
6
  ---
7
7
 
8
8
  # Qingflow Record Import
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Default Path
13
11
 
14
12
  `app_get -> record_import_schema_get -> record_import_template_get -> record_import_verify -> (optional authorized repair) -> record_import_start -> record_import_status_get`
@@ -23,33 +21,6 @@ metadata:
23
21
  - `record_import_start`
24
22
  - `record_import_status_get`
25
23
 
26
- ## File Shape And Field Mapping
27
-
28
- - Official template headers are the target contract. Do not rename them in the import file.
29
- - CSV can be used as a source format for planning or local transformation, but the current verify/start path expects the official Excel template (`.xlsx` / `.xls`).
30
- - When the user gives CSV-like data, map each source column to the official template header first, then write the mapped rows into a copy of the template after explicit user authorization.
31
- - Relation fields: prefer stable target `record_id` or another unique searchable value already accepted by the import schema. Do not rely on duplicated display names.
32
- - Member / department fields: use values inside the schema/candidate scope; do not invent departments or names that are not resolvable.
33
- - Select fields: use option labels from the schema/template; option ids are acceptable only when the import schema or prior readback proves they are supported.
34
-
35
- Example source CSV for planning only:
36
-
37
- ```csv
38
- 客户名称,关联客户,状态,负责人
39
- 上海示例客户,CUST_RECORD_ID_001,有效,张三
40
- ```
41
-
42
- Mapped template row concept:
43
-
44
- ```json
45
- {
46
- "客户名称": "上海示例客户",
47
- "关联客户": "CUST_RECORD_ID_001",
48
- "状态": "有效",
49
- "负责人": "张三"
50
- }
51
- ```
52
-
53
24
  ## Working Rules
54
25
 
55
26
  1. Inspect `app_get.data.import_capability` first
@@ -57,8 +28,4 @@ Mapped template row concept:
57
28
  3. Keep official headers unchanged
58
29
  4. Verify before start
59
30
  5. Only repair a file after explicit user authorization
60
- 6. After success, report the import status and tracking identifiers; read back one imported sample only when the user asks for row-level confirmation or when the import result does not already prove completion
61
-
62
- ## Template Fallback
63
-
64
- `record_import_template_get` may return `status: partial_success` with a locally generated applicant template when the official template endpoint is permission-restricted but applicant fields are readable. If the warning is `IMPORT_TEMPLATE_LOCAL_FALLBACK_AUTH_UNKNOWN` or `verification.import_auth_prechecked` is false, treat the result only as "template file prepared"; actual import permission is still decided by `record_import_verify` and `record_import_start`.
31
+ 6. Read back one imported sample after success
@@ -1,15 +1,12 @@
1
1
  ---
2
2
  name: qingflow-record-insert
3
- description: Create Qingflow records with a schema-first insert workflow.
3
+ description: Create Qingflow records with a schema-first insert workflow after the MCP is already connected and authenticated.
4
4
  metadata:
5
5
  short-description: Schema-first Qingflow record insert
6
-
7
6
  ---
8
7
 
9
8
  # Qingflow Record Insert
10
9
 
11
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
12
-
13
10
  ## Default Path
14
11
 
15
12
  `record_insert_schema_get -> record_insert(items) -> optional record_get/readback`
@@ -24,67 +21,10 @@ Default to batch-shaped insert. A single new record is `items` with one row.
24
21
  - `record_department_candidates`
25
22
  - `file_upload_local`
26
23
 
27
- ## Special Field Write Cheatsheet
28
-
29
- Always read the insert schema first, then use field titles as `items[].fields` keys. For special fields:
30
-
31
- - `member`: write a unique name, email, or resolved member id. If candidates are duplicated or the tool returns `needs_confirmation`, stop and surface candidates.
32
- - `department`: do not invent department names. Use a value inside the schema/candidate scope: unique department name, returned id/key, or returned object shape such as `{"key":"DEPT_ID","label":"部门名"}` / `{"id":"DEPT_ID","value":"部门名"}`.
33
- - `relation`: known target record id is most stable for batch inserts. Natural display text is allowed only when it uniquely resolves through the field's `searchable_fields`; duplicates require confirmation.
34
- - `single_select` / `multi_select`: option label and option id are both acceptable when present in schema/options. Prefer labels for readability; let the tool compile to the path-specific value.
35
- - `attachment`: upload the local file first with `file_upload_local`, then write the returned file value. Do not write only a filename or arbitrary URL.
36
- - System fields are read-only: `数据ID`, `编号`, `申请人`, `申请时间`, `创建人`, `创建时间`, `提交人`, `提交时间`, `更新时间`, `更新人`, `当前流程状态`, `当前处理人`, `当前处理节点`, `流程标题`.
37
-
38
- ## Failure Repair Contract
39
-
40
- When insert returns `blocked`, `partial_success`, or `needs_confirmation`, do not retry the whole batch blindly.
41
-
42
- - Read `items[].failed_fields[]` first.
43
- - Each failed field exposes `error_code`, `expected_format`, `example_value`, and `next_action`.
44
- - For `member`, `department`, `relation`, `attachment`, and `select` fields, `next_action` is field-type specific: candidate lookup, upload first, use record/apply id, or use schema option label/id.
45
- - Retry only the failed `row_number` with corrected values. If any row has `write_executed=true` or `created_record_ids` is non-empty, never replay the original batch.
46
-
47
- ## Candidate Lookup
48
-
49
- Do not pre-query member or department ids by default. Use candidate commands only when:
50
-
51
- - the user explicitly asks to see candidates
52
- - insert returns `needs_confirmation`
53
- - member / department names are likely duplicated
54
- - a natural value is outside the field's candidate scope
55
-
56
- ```bash
57
- qingflow --json record member-candidates \
58
- --app-key APP_KEY \
59
- --field-id FIELD_ID \
60
- --keyword "张三"
61
- ```
62
-
63
- ```bash
64
- qingflow --json record department-candidates \
65
- --app-key APP_KEY \
66
- --field-id FIELD_ID \
67
- --keyword "直销部"
68
- ```
69
-
70
- If the candidate scope must match an existing runtime context, pass the current record or pending fields:
71
-
72
- ```bash
73
- qingflow --json record member-candidates \
74
- --app-key APP_KEY \
75
- --field-id FIELD_ID \
76
- --record-id RECORD_ID \
77
- --workflow-node-id WORKFLOW_NODE_ID \
78
- --fields-file pending_fields.json \
79
- --keyword "张三"
80
- ```
81
-
82
- Without `record_id` / `workflow_node_id` / `fields-file`, the result is a static applicant-node preview. It is useful for explicit browsing, but not proof that every candidate is valid in a later workflow-specific write.
83
-
84
24
  ## Working Rules
85
25
 
86
26
  1. Start with `record_insert_schema_get`
87
- 2. Read `required_fields`, `optional_fields`, `runtime_linked_required_fields`, `payload_template`, field-level `expected_format`, `example_value`, and `options`
27
+ 2. Read `required_fields`, `optional_fields`, `runtime_linked_required_fields`, and `payload_template`
88
28
  3. Inside every field bucket, read field-level `linkage` first when present; it is the canonical static hint for linked visibility, reference-driven auto fill, or formula-driven fields
89
29
  4. Inside `optional_fields`, pay special attention to any field with `may_become_required=true`; these are writable fields that can become required when linked visibility or option-driven rules activate
90
30
  5. Build `items` as `[{"fields": {...}}]`, where each `fields` map uses field titles from the insert schema
@@ -92,18 +32,15 @@ Without `record_id` / `workflow_node_id` / `fields-file`, the result is a static
92
32
  7. For `linkage.kind=logic_visibility`, read `sources` as upstream trigger fields and treat `role=manual_input_after_activation` as "fill this only after the upstream condition is satisfied"
93
33
  8. For `linkage.kind=reference_fill`, prefer filling the source field first; treat target fields with `role=auto_fill_preferred` or `auto_fill_only` as reference-driven outputs rather than blind manual inputs
94
34
  9. For `linkage.kind=formula_fill`, treat the field as formula/default-auto-fill driven unless the user explicitly asks to override it and the field is still writable
95
- 10. If insert succeeds and single-record detail/readback matters, prefer `record_get`; for batch verification, rely on returned `created_record_ids` first, then use `record_get` for selected rows or `record_access -> Python` when a row-shaped bulk check is truly needed
35
+ 10. If insert succeeds and single-record detail/readback matters, prefer `record_get`; use `record_list(..., output_profile="normalized")` only for batch row-shaped normalized readback
96
36
  11. Keep subtable payloads under the parent field as a row array
97
- 12. Follow the Special Field Write Cheatsheet for member, department, relation, select, and attachment values; do not pre-query ids by default when a natural value is unique enough
37
+ 12. Member / department / relation fields may accept natural strings directly, such as `"张三"`, `"直销部"`, or `"海军军医大学"`; do not pre-query ids by default
98
38
  13. If the write returns `status="needs_confirmation"`, stop and surface the candidates
99
39
  14. Retry failed rows only with explicit ids / objects after the user confirms
100
40
  15. Keep `verify_write=true` for production inserts
101
- 16. If post-write detail context matters, read `record_get.fields[]`, `media_assets.items[].local_path`, `file_assets.items[].local_path`, `file_assets.items[].extraction.text_path`, and `semantic_context`; `record_get` follows the frontend storage cookie redirect path for Qingflow attachments, so prefer local paths over remote URLs and do not expect legacy flat record shapes
41
+ 16. If post-write detail context matters, read `record_get.fields[]`, `media_assets.items[].local_path`, `file_assets.items[].local_path`, `file_assets.items[].extraction.text_path`, and `semantic_context`; `record_get` follows the frontend storage cookie redirect path for Qingflow attachments, so prefer local paths over remote URLs and do not expect legacy `data.normalized_record`
102
42
  17. Treat nested schema shape as guidance, not a brittle contract; do not hard-code transient implementation details like optional nested `field_id` shape when composing inserts
103
43
  18. For `partial_success`, read `created_record_ids`, then repair only the failed `items[].row_number` using `failed_fields`; never retry the whole batch after any row has `write_executed=true`
104
- 19. Do not put Qingflow system fields in `fields`: `数据ID`, `编号`, `申请人`, `申请时间`, `创建人`, `创建时间`, `提交人`, `提交时间`, `更新时间`, `更新人`, `当前流程状态`, `当前处理人`, `当前处理节点`, `流程标题`. They are generated by the platform and can be read after creation, not manually inserted.
105
- 20. When the user asks to add sample records after system setup, still generate values from schema: required fields first, select values from `options`, scalar/date/amount values from `expected_format` and `example_value`; do not invent values outside the insert schema.
106
- 21. For ratio, completion-rate, score, and percentage-like fields, obey the schema's `expected_format/example_value`. If the field was modeled as money/amount or otherwise only accepts integers, do not invent decimal percentages; either use an integer value that matches the schema or report that the field should be modeled as `number` for decimal ratios.
107
44
 
108
45
  ## Field Notes
109
46
 
@@ -121,16 +58,10 @@ Without `record_id` / `workflow_node_id` / `fields-file`, the result is a static
121
58
 
122
59
  ## CLI Pattern
123
60
 
124
- CLI fallback for the schema step:
125
-
126
- ```bash
127
- qingflow --json record schema insert --app-key APP_KEY > tmp/qingflow_insert_schema.json
128
- ```
129
-
130
61
  Use a JSON array file:
131
62
 
132
63
  ```bash
133
- qingflow --json record insert --app-key APP_KEY --items-file records.json
64
+ qingflow record insert --app-key APP_KEY --items-file records.json --json
134
65
  ```
135
66
 
136
67
  `records.json`:
@@ -145,10 +76,7 @@ qingflow --json record insert --app-key APP_KEY --items-file records.json
145
76
 
146
77
  - Do not skip `record_insert_schema_get`
147
78
  - Do not invent missing required fields
148
- - Do not fill platform system fields such as `数据ID`, `编号`, `申请人`, `创建时间`, or `更新时间`
149
79
  - Do not flatten subtable leaf fields to the top level
150
- - Do not invent member / department / relation candidates outside schema or candidate scope
151
- - Do not invent select option labels outside schema `options`
152
80
  - Do not pre-query or silently guess member / department / relation ids when a natural string is enough
153
81
  - Do not retry a whole batch after `created_record_ids` is non-empty
154
82
  - Do not bind logic to a transient nested schema serialization detail when the field title and parent table already identify the legal payload shape
@@ -1,17 +1,15 @@
1
1
  ---
2
2
  name: qingflow-record-update
3
- description: Update Qingflow records through the current record detail context using the Wingent Momo runtime MCP session; recover auth/workspace only after a tool error.
3
+ description: Update Qingflow records with a schema-first record-specific workflow after the MCP is already connected and authenticated.
4
4
  metadata:
5
- short-description: Detail-first Qingflow record update
5
+ short-description: Schema-first Qingflow record update
6
6
  ---
7
7
 
8
8
  # Qingflow Record Update
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Default Path
13
11
 
14
- `record_get -> record_update`
12
+ `record_update_schema_get -> record_update`
15
13
 
16
14
  ## Core Tools
17
15
 
@@ -22,41 +20,28 @@ metadata:
22
20
 
23
21
  ## Working Rules
24
22
 
25
- 1. Start with `record_get(app_key, record_id, view_id when known)` to read the current detail-page context; if the frontend/custom view is known, keep that same `view_id` through the update
26
- 2. Use `record_get.fields[]` for field titles, `field_id`, `kind`, and current values
27
- 3. Build `fields` as a field-title keyed map containing only the user-requested changes
28
- 4. Run `record_update` directly with that key/value map; pass the same `view_id` when it is known so the tool tries that frontend view first, then let the tool fall back to other executable routes if needed
29
- 5. Keep `verify_write=true` for production updates
30
- 6. If the write returns `status="needs_confirmation"`, stop and surface the candidates
31
- 7. On success, read only the final status, `update_route`, `write_executed`, and verification result; do not surface intermediate route failures as the outcome
32
- 8. On failure, surface the failed reason and field/path diagnostics returned by `record_update`
33
- 9. Use `record_update_schema_get` only after an update failure, field ambiguity, or explicit request to diagnose writable fields/routes
34
- 10. Treat app-level `viewList` or applicant/insert schema 40002 as auxiliary-context loss, not as final record permission denial, when `record_get` or `record_update` succeeds through the selected `custom:*` view or `system:all`/type=8 route
35
- 11. If single-record readback matters, prefer `record_get` after the write and read top-level `fields[]`, `media_assets.items[].local_path`, `file_assets.items[].local_path`, `file_assets.items[].extraction.text_path`, and `semantic_context`; `record_get` follows the frontend storage cookie redirect path for Qingflow attachments, so prefer local paths over remote URLs; use `record_list(..., output_profile="normalized")` only for batch row-shaped normalized readback
36
- 12. For batch updates, read top-level `mode`, `dry_run`, `total`, `succeeded`, `failed`, `needs_confirmation`, `updated_record_ids`, `write_executed`, `safe_to_retry`, `verification_status`, and `items[].row_number/status/record_id`
37
- 13. If `write_executed=true`, do not blindly retry the whole batch; use `items[]` and `updated_record_ids` to decide whether only failed rows need repair
38
- 14. If you use `record_list` to locate candidates, parse `data.items[]` as flat row objects such as `row["客户名称"]` + `row["record_id"]`; do not expect a nested `fields[]` array in list rows
39
-
40
- ## Special Field Values
41
-
42
- Use the field `kind` from `record_get.fields[]` when shaping values:
43
-
44
- - `member`: start with a natural-language name such as `"周颖"`. If `record_update` returns `status="needs_confirmation"`, no write happened; retry with one candidate object, for example `{"uid":1048599,"name":"沈嘉慧Seth","email":"shenjiahui@exiao.tech"}`.
45
- - `department`: start with a department name such as `"客户成功部"`. The record tool resolves names through the member-visible directory path first; do not pre-query ContactAuth-only contact management APIs for ids. On `needs_confirmation`, retry with the explicit candidate object/id returned by the tool.
46
- - `relation`: prefer a unique human-readable target value or `{"apply_id":"..."}`. On multiple matches, stop and retry only after choosing one `confirmation_requests[].candidates[]` item.
47
- - `select`: single select uses one option string; multi select uses an array of option strings.
48
- - `attachment`: use a supported uploaded/file object from the returned format hints; do not invent remote URLs when the tool asks for upload.
49
- - Reference, formula, auto-fill, readonly, and system fields are not independent writable kinds. Do not force-write the filled target field; update the upstream driving field instead, or surface the blocker.
50
-
51
- `needs_confirmation` means `write_executed=false`: the tool found candidates but did not have enough certainty to write. Do not report it as success or failure. Surface the candidate list if user choice is needed; if the intended candidate is obvious from the user request or prior context, retry with the explicit object and then verify the final value.
52
-
53
- For member or department ambiguity, use the record candidate tools (`record_member_candidates` / `record_department_candidates`, or CLI `qingflow record member-candidates` / `department-candidates`). These follow the same field-scope candidate route as the frontend selector; do not replace them with contact-directory management queries.
23
+ 1. Start with `record_update_schema_get(app_key, record_id)`
24
+ 2. Use only `writable_fields` and `payload_template` from that response
25
+ 3. Read field-level `linkage` before composing updates; it is the static hint for whether a field is a linked source, linked target, reference-driven auto fill field, or formula-driven field
26
+ 4. Build `fields` as a field-title keyed map
27
+ 5. Build `fields` only from that returned field set; MCP will choose the first matched accessible view that can execute the payload
28
+ 6. If a field has `linkage.affects_fields`, treat it as a source field; changing it may also change how other fields are interpreted or auto-filled
29
+ 7. If a field has `linkage.sources`, treat those titles as upstream dependencies that explain why the field matters or why its validation can change
30
+ 8. For `linkage.kind=reference_fill`, prefer updating the source reference field first and treat `role=auto_fill_preferred` or `auto_fill_only` targets as outputs of that reference relationship
31
+ 9. For `linkage.kind=formula_fill`, treat the field as formula/default-auto-fill driven unless the field is still clearly writable and the user explicitly wants to override it
32
+ 10. Keep `verify_write=true` for production updates
33
+ 11. If the write returns `status="needs_confirmation"`, stop and surface the candidates
34
+ 12. Do not assume any arbitrary combination of writable fields will succeed; one single matched accessible view still has to cover the payload
35
+ 13. Do not look for any extra context bucket in update schema; lookup behavior stays inline on the field definitions themselves
36
+ 14. When update context feels unstable, trust `record_update_schema_get`'s route-aware matched-view result over guessed `view_id` or remembered UI scope
37
+ 15. If single-record detail/readback matters, prefer `record_get` after the write and read top-level `fields[]`, `media_assets.items[].local_path`, `file_assets.items[].local_path`, `file_assets.items[].extraction.text_path`, and `semantic_context`; `record_get` follows the frontend storage cookie redirect path for Qingflow attachments, so prefer local paths over remote URLs; use `record_list(..., output_profile="normalized")` only for batch row-shaped normalized readback
38
+ 16. For batch updates, read top-level `mode`, `dry_run`, `total`, `succeeded`, `failed`, `needs_confirmation`, `updated_record_ids`, `write_executed`, `safe_to_retry`, `verification_status`, and `items[].row_number/status/record_id`
39
+ 17. If `write_executed=true`, do not blindly retry the whole batch; use `items[]` and `updated_record_ids` to decide whether only failed rows need repair
54
40
 
55
41
  ## Do Not
56
42
 
57
- - Do not pass legacy `view_key` / `view_name` selectors; use `view_id` only when the frontend/detail view is known
58
- - Do not call `record_update_schema_get` as the normal pre-step for every update
59
- - Do not use applicant/insert schema to decide record update fields
60
- - Do not update fields that were absent from `record_get.fields[]` unless the user explicitly provided a raw field id and you can justify it
43
+ - Do not pass any `view_*` selector
44
+ - Do not update fields missing from `writable_fields`
61
45
  - Do not resolve lookup fields against a guessed record context
62
- - Do not treat a denied intermediate route as final failure when `record_update` later succeeds through another route
46
+ - Do not ignore `linkage.affects_fields` when changing source-like fields on complex forms
47
+ - Do not fall back to guessed browse scopes when `record_update_schema_get` already tells you which matched route can or cannot execute the payload
@@ -1,34 +1,32 @@
1
1
  ---
2
2
  name: qingflow-task-ops
3
- description: Use Qingflow todo discovery, workflow task context, associated approval context, workflow logs, and unified task actions with the current Wingent Momo runtime MCP session. Do not use this skill for record CRUD or final statistical analysis.
3
+ description: Use Qingflow todo discovery, workflow task context, associated approval context, workflow logs, and unified task actions after the MCP is already connected and authenticated. Do not use this skill for record CRUD or final statistical analysis.
4
4
  metadata:
5
5
  short-description: Qingflow task workflow context and actions
6
6
  ---
7
7
 
8
8
  # Qingflow Task Ops
9
9
 
10
- > **Skill 版本**:`qingflow-skills-2026.06.24.2`(入口文档版本;如需确认 CLI 包版本,使用 `qingflow --version` 或 `qingflow --json version`)。
11
-
12
10
  ## Overview
13
11
 
14
12
  This skill is for task workflow operations only.
15
- In Wingent Momo runtime, trust injected MCP credentials, workspace, and route context until a business tool explicitly reports otherwise.
13
+ Assumes MCP is connected, authenticated, and on the correct workspace.
16
14
  Before executing, skim the shared maintenance baseline: [public-surface-sync.md](../qingflow-app-user/references/public-surface-sync.md).
17
15
 
18
16
  ## Default Paths
19
17
 
20
18
  Use exactly one of these default paths:
21
19
 
22
- 1. Find target todos
20
+ 1. Find target todos
23
21
  `task_list`
24
22
 
25
- 2. Read one task context
23
+ 2. Read one task context
26
24
  `task_list -> exact target -> task_get`
27
25
 
28
- 3. Read associated approval context when material to a high-impact recommendation
29
- `task_get -> task_workflow_log_get` and/or material `task_associated_report_detail_get`
26
+ 3. Read associated approval context
27
+ `task_get -> task_associated_report_detail_get` or `task_workflow_log_get`
30
28
 
31
- 4. Execute workflow action
29
+ 4. Execute workflow action
32
30
  `task_list -> exact target -> task_get -> task_action_execute`
33
31
 
34
32
  5. Execute a user-specified action on an already-clear target
@@ -45,26 +43,29 @@ Use exactly one of these default paths:
45
43
  ## Supporting Tools
46
44
 
47
45
  - `app_list`
46
+ - `app_search`
48
47
 
49
48
  ## Standard Operating Order
50
49
 
51
50
  Use one of these two modes:
52
51
 
53
52
  1. Recommendation mode
54
- 1. Trust the current MCP/session when the runtime has already injected credentials; recover auth/workspace only after an actual tool error
55
- 2. Discover the exact target with `task_list`
56
- 3. Read node context with `task_get`
57
- 4. Before giving a high-impact approve/reject/rollback/transfer recommendation, read `task_workflow_log_get`
58
- 5. If `task_get` returns visible `associated_reports`, read the reports that are material to the decision; if a report cannot be read, disclose the gap instead of blocking indefinitely
59
- 6. Give a recommendation only after reviewing the available node context, workflow log when visible, and material associated reports
60
- 7. Wait for explicit user confirmation before `task_action_execute`
53
+ 1. Ensure auth exists
54
+ 2. Ensure workspace is selected
55
+ 3. Discover the exact target with `task_list`
56
+ 4. Read node context with `task_get`
57
+ 5. Before giving any approval recommendation, read `task_workflow_log_get`
58
+ 6. If `task_get` returns any `associated_reports`, read every visible report through `task_associated_report_detail_get`
59
+ 7. Give a recommendation only after reviewing node context, workflow log, and associated reports
60
+ 8. Wait for explicit user confirmation before `task_action_execute`
61
61
 
62
62
  2. User-directed execution mode
63
- 1. Trust the current MCP/session when the runtime has already injected credentials; recover auth/workspace only after an actual tool error
64
- 2. Discover the exact target with `task_list`
65
- 3. If the target or action requirements are ambiguous, read `task_get`; otherwise go straight to `task_action_execute`
66
- 4. Execute through `task_action_execute`
67
- 5. After actions, report whether it succeeded, the `task_id`, the executed action, the final route/status, and any warnings
63
+ 1. Ensure auth exists
64
+ 2. Ensure workspace is selected
65
+ 3. Discover the exact target with `task_list`
66
+ 4. If the target or action requirements are ambiguous, read `task_get`; otherwise go straight to `task_action_execute`
67
+ 5. Execute through `task_action_execute`
68
+ 6. After actions, report the exact `app_key`, `record_id`, `workflow_node_id`, executed action, and any warnings
68
69
 
69
70
  ## Task-Center Rules
70
71
 
@@ -87,8 +88,7 @@ Use one of these two modes:
87
88
  - `ended`
88
89
  - `task_list` is the only public task discovery path in this MCP surface
89
90
  - `task_list --query` uses backend `searchKey` first; only when backend returns zero rows does MCP apply a local fallback match on normalized `app_name / workflow_node_name / app_key / record_id`
90
- - `task_id` must be copied from `task_list.data.items[].task_id`; it is not a row number, list index, record id, or workflow node id
91
- - Use `task_id` directly with `task_get`, `task_workflow_log_get`, `task_associated_report_detail_get`, and `task_action_execute`; do not reconstruct actions from `app_key + record_id + workflow_node_id` unless the user explicitly provided that full locator for troubleshooting
91
+ - Treat `task_id` as a locator only; the action primary key is `app_key + record_id + workflow_node_id`
92
92
  - Default box usage:
93
93
  - `todo`: `task_list -> task_get -> task_workflow_log_get / task_associated_report_detail_get -> recommendation -> explicit user confirmation -> task_action_execute`
94
94
  - `initiated`: `task_list -> record_get`
@@ -106,18 +106,15 @@ Use one of these two modes:
106
106
  - `transfer`
107
107
  - `urge`
108
108
  - `save_only`
109
- - Before high-impact approve/reject/rollback/transfer recommendations, review `task_workflow_log_get` when `task_get.visibility.audit_record_visible=true`
110
- - If `task_get` returns visible `associated_reports`, review material reports with `task_associated_report_detail_get`; for unreadable or irrelevant reports, disclose the limitation instead of blocking the whole task
111
- - QingBI associated report detail follows the frontend/qflow visible chart-data route first; a middle `CHART_SEE` / `40002` from legacy BI data reads is not by itself proof that the task-associated report is invisible.
112
- - Do not give a high-impact approval recommendation based only on `task_get` unless workflow log/report visibility is unavailable and you explicitly state that limitation
109
+ - Before any approve/reject/rollback/transfer recommendation, always review `task_workflow_log_get` when `task_get.visibility.audit_record_visible=true`
110
+ - If `task_get` returns visible `associated_reports`, review each one with `task_associated_report_detail_get`; do not rely on report summary alone
111
+ - Do not give an approval recommendation based only on `task_get`
113
112
  - Do not execute `task_action_execute` until the user explicitly confirms the chosen action
114
113
  - Exception: if the user has already explicitly authorized a concrete action on exact targets, you may execute directly after exact target resolution
115
114
  - Avoid actions on ambiguous tasks or records
116
- - Summarize the final action by `task_id`; include `app_key`, `record_id`, or `workflow_node_id` only as read-only context when the tool returns them, not as the action locator
115
+ - Summarize the final action and the exact `app_key / record_id / workflow_node_id`
117
116
  - `reject` requires `payload.audit_feedback`
118
- - For approve/reject, trust the current task detail or an explicit frontend-provided `formId`; app baseInfo is only a fallback. A baseInfo `40002` is not final task-action denial when `formId` is already known.
119
117
  - `save_only` requires non-empty `fields` and is only available when the backend exposes editable fields for the current node
120
- - For `save_only`, trust `task_get.editable_fields` / `editableQueIds` from the current task node. An app applicant-schema `40002` is not final task denial when the task detail already exposes the editable field.
121
118
  - `task_action_execute` now distinguishes action execution from workflow continuation. Read `verification.runtime_continuation_verified` before claiming the workflow actually moved on.
122
119
  - If `task_action_execute` returns `partial_success` with `WORKFLOW_CONTINUATION_UNVERIFIED`, report the action as sent but the downstream continuation as unverified.
123
120
  - If `task_action_execute` returns `TASK_CONTEXT_VISIBILITY_UNVERIFIED` after a `46001`-style context loss, do not claim the task was already processed unless the workflow log or record state proves it.
@@ -41,3 +41,4 @@ For task ops, always report:
41
41
  - target app or task box
42
42
  - operation type: read, comment, approve, reject, rollback, transfer, urge, or mark_read
43
43
  - affected task ids or record ids
44
+