@josephyan/qingflow-cli 0.2.0-beta.984 → 0.2.0-beta.986

package/README.md

@@ -3,13 +3,13 @@
 Install:
 
 ```bash
-npm install @josephyan/qingflow-cli@0.2.0-beta.984
+npm install @josephyan/qingflow-cli@0.2.0-beta.986
 ```
 
 Run:
 
 ```bash
-npx -y -p @josephyan/qingflow-cli@0.2.0-beta.984 qingflow
+npx -y -p @josephyan/qingflow-cli@0.2.0-beta.986 qingflow
 ```
 
 Environment:

package/docs/local-agent-install.md

@@ -6,6 +6,20 @@
 2. 记录/待办优先的 `qingflow-app-user-mcp`
 3. 精简 builder 的 `qingflow-app-builder-mcp`
 
+## 本地鉴权推荐方案
+
+本地模式现在推荐优先使用 `credential` 建立会话，而不是直接注入 `token`。
+
+推荐链路：
+
+1. createClaw 或其它本地宿主为当前实例保存 `credential`
+2. 本地 MCP 调用 `auth_use_credential`
+3. MCP 用该 `credential` 请求 apaas `/mcp/auth/context`
+4. 解析并保存 `token / wsId / qfVersion / uid`
+5. 业务工具直接使用这份上下文
+
+`auth_use_credential` 是本地唯一鉴权主路径。
+
 ## npm 安装器适用场景
 
 适合这类本地 agent / gateway：
@@ -63,17 +77,17 @@ npm run pack:npm
 会生成：
 
 ```bash
-dist/npm/josephyan-qingflow-cli-<version>.tgz
-dist/npm/josephyan-qingflow-app-user-mcp-<version>.tgz
-dist/npm/josephyan-qingflow-app-builder-mcp-<version>.tgz
+dist/npm/qingflow-tech-qingflow-cli-<version>.tgz
+dist/npm/qingflow-tech-qingflow-app-user-mcp-<version>.tgz
+dist/npm/qingflow-tech-qingflow-app-builder-mcp-<version>.tgz
 ```
 
 然后在目标机器安装：
 
 ```bash
-npm install /absolute/path/to/dist/npm/josephyan-qingflow-cli-<version>.tgz
-npm install /absolute/path/to/dist/npm/josephyan-qingflow-app-user-mcp-<version>.tgz
-npm install /absolute/path/to/dist/npm/josephyan-qingflow-app-builder-mcp-<version>.tgz
+npm install /absolute/path/to/dist/npm/qingflow-tech-qingflow-cli-<version>.tgz
+npm install /absolute/path/to/dist/npm/qingflow-tech-qingflow-app-user-mcp-<version>.tgz
+npm install /absolute/path/to/dist/npm/qingflow-tech-qingflow-app-builder-mcp-<version>.tgz
 ```
 
 安装时会自动：
@@ -136,7 +150,10 @@ qingflow-app-builder-mcp
       ],
       "env": {
         "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api",
-        "QINGFLOW_MCP_HOME": "/absolute/path/to/.qingflow-mcp"
+        "QINGFLOW_MCP_HOME": "/absolute/path/to/.qingflow-mcp",
+        "QINGFLOW_MCP_CREDIT_METER_ENABLED": "true",
+        "QINGFLOW_MCP_CREDIT_APAAS_BASE_URL": "https://apaas.internal.example.com",
+        "QINGFLOW_MCP_CREDIT_APAAS_PATH": "/user/credit/usage"
       }
     }
   }
@@ -153,7 +170,10 @@ qingflow-app-builder-mcp
       "args": [],
       "env": {
         "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api",
-        "QINGFLOW_MCP_HOME": "/absolute/path/to/.qingflow-mcp"
+        "QINGFLOW_MCP_HOME": "/absolute/path/to/.qingflow-mcp",
+        "QINGFLOW_MCP_CREDIT_METER_ENABLED": "true",
+        "QINGFLOW_MCP_CREDIT_APAAS_BASE_URL": "https://apaas.internal.example.com",
+        "QINGFLOW_MCP_CREDIT_APAAS_PATH": "/user/credit/usage"
       }
     }
   }
@@ -170,7 +190,10 @@ qingflow-app-builder-mcp
       "args": [],
       "env": {
         "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api",
-        "QINGFLOW_MCP_HOME": "/absolute/path/to/.qingflow-mcp"
+        "QINGFLOW_MCP_HOME": "/absolute/path/to/.qingflow-mcp",
+        "QINGFLOW_MCP_CREDIT_METER_ENABLED": "true",
+        "QINGFLOW_MCP_CREDIT_APAAS_BASE_URL": "https://apaas.internal.example.com",
+        "QINGFLOW_MCP_CREDIT_APAAS_PATH": "/user/credit/usage"
       }
     }
   }
@@ -191,7 +214,10 @@ qingflow-app-builder-mcp
         "@josephyan/qingflow-app-user-mcp"
       ],
       "env": {
-        "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api"
+        "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api",
+        "QINGFLOW_MCP_CREDIT_METER_ENABLED": "true",
+        "QINGFLOW_MCP_CREDIT_APAAS_BASE_URL": "https://apaas.internal.example.com",
+        "QINGFLOW_MCP_CREDIT_APAAS_PATH": "/user/credit/usage"
       }
     },
     "qingflow-builder": {
@@ -201,7 +227,10 @@ qingflow-app-builder-mcp
         "@josephyan/qingflow-app-builder-mcp"
       ],
       "env": {
-        "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api"
+        "QINGFLOW_MCP_DEFAULT_BASE_URL": "https://qingflow.com/api",
+        "QINGFLOW_MCP_CREDIT_METER_ENABLED": "true",
+        "QINGFLOW_MCP_CREDIT_APAAS_BASE_URL": "https://apaas.internal.example.com",
+        "QINGFLOW_MCP_CREDIT_APAAS_PATH": "/user/credit/usage"
       }
     }
   }
@@ -212,6 +241,7 @@ qingflow-app-builder-mcp
 - 源码目录 `npm install` 不会把命令加到全局 PATH；这种模式请用 `node ./npm/bin/qingflow.mjs`、`node ./npm/bin/qingflow-app-user-mcp.mjs` 或 `node ./npm/bin/qingflow-app-builder-mcp.mjs`
 - `npx` 方式适合临时安装或容器化本地 agent
 - 全局安装方式更适合长期固定使用的本机开发环境
+- 计费接口使用当前登录会话的 `token` 与 `wsId` 请求头，可通过 `QINGFLOW_MCP_CREDIT_APAAS_BASE_URL/PATH` 覆盖调用记录接口地址
 
 ## 排障
 
@@ -242,3 +272,32 @@ npm install
 4. 再启动 MCP 客户端
 
 现在 stdio MCP 入口会拒绝在启动瞬间“边启动边重建 Python 运行时”，因为安装日志一旦写进 stdout，就会破坏 MCP 握手并表现成 `Transport closed`。如果运行时缺失或版本不一致，入口会直接报错并提示重装，而不是静默自修复。
+
+## createClaw 本地接入示例
+
+如果 createClaw 已经为当前本地实例保存了 `credential`，推荐在首次建链时调用：
+
+```bash
+qingflow auth use-credential \
+  --base-url https://qingflow.com/api \
+  --credential-stdin
+```
+
+然后把 `credential` 写到 stdin。
+
+等价 MCP 工具调用参数：
+
+```json
+{
+  "profile": "default",
+  "base_url": "https://qingflow.com/api",
+  "credential": "1602853_277941",
+  "persist": false
+}
+```
+
+说明：
+
+- 本地会把解析后的 `token` 和原始 `credential` 写入 profile 文件，用于后续 CLI 命令恢复会话
+- `persist=true` 时，本地还会优先把解析后的 `token` 和原始 `credential` 同步写入系统 keychain
+- 当前工作区以 `/mcp/auth/context` 返回的 `wsId` 为准，不再通过本地 MCP 显式切换

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@josephyan/qingflow-cli",
-  "version": "0.2.0-beta.984",
+  "version": "0.2.0-beta.986",
   "description": "Human-friendly Qingflow command line interface for auth, record operations, import, tasks, and stable builder flows.",
   "license": "MIT",
   "type": "module",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "qingflow-mcp"
-version = "0.2.0b984"
+version = "0.2.0b986"
 description = "User-authenticated MCP server for Qingflow"
 readme = "README.md"
 license = "MIT"

package/src/qingflow_mcp/__init__.py

@@ -5,7 +5,7 @@ from pathlib import Path
 
 __all__ = ["__version__"]
 
-_FALLBACK_VERSION = "0.2.0b984"
+_FALLBACK_VERSION = "0.2.0b986"
 
 
 def _resolve_local_pyproject_version() -> str | None:

package/src/qingflow_mcp/builder_facade/service.py

@@ -514,6 +514,8 @@ class AiBuilderFacade:
         }
         effective_package_id = _coerce_positive_int(package_id)
         created = False
+        create_result: JSONObject | None = None
+        update_result: JSONObject | None = None
         permission_outcomes: list[PermissionCheckOutcome] = []
 
         if effective_package_id is None:
@@ -604,11 +606,36 @@ class AiBuilderFacade:
                 )
             except VisibilityResolutionError:
                 expected_visibility = None
+        metadata_verified = True
+        if metadata_requested and update_result is not None:
+            metadata_verified = bool(update_result.get("verified"))
+        elif created and create_result is not None:
+            metadata_verified = bool(create_result.get("verified"))
+        layout_verified = True
+        if items is not None and layout_result is not None:
+            layout_verified = bool(layout_result.get("verified"))
+        response_verification: JSONObject = {
+            "package_exists": True,
+            "package_created": created,
+            "layout_applied": items is not None,
+            "metadata_verified": metadata_verified,
+            "layout_verified": layout_verified,
+            "visibility_verified": None
+            if expected_visibility is None
+            else _visibility_matches_expected(verification.get("visibility"), expected_visibility),
+        }
+        if isinstance(update_result, dict):
+            update_verification = update_result.get("verification")
+            if isinstance(update_verification, dict):
+                for key in ("package_name_verified", "package_icon_verified", "visibility_verified"):
+                    if key in update_verification:
+                        response_verification[key] = deepcopy(update_verification.get(key))
+        response_verified = metadata_verified and layout_verified and response_verification.get("visibility_verified") is not False
         response: JSONObject = {
-            "status": "success",
+            "status": "success" if response_verified else "partial_success",
             "error_code": None,
             "recoverable": False,
-            "message": "applied package",
+            "message": "applied package" if response_verified else "applied package with unverified readback",
             "normalized_args": normalized_args,
             "missing_fields": [],
             "allowed_values": {},
@@ -617,15 +644,8 @@ class AiBuilderFacade:
             "suggested_next_call": None,
             "noop": not (created or metadata_requested or items is not None),
             "warnings": [],
-            "verification": {
-                "package_exists": True,
-                "package_created": created,
-                "layout_applied": items is not None,
-                "visibility_verified": None
-                if expected_visibility is None
-                else _visibility_matches_expected(verification.get("visibility"), expected_visibility),
-            },
-            "verified": True,
+            "verification": response_verification,
+            "verified": response_verified,
             **{
                 key: deepcopy(value)
                 for key, value in verification.items()
@@ -683,7 +703,7 @@ class AiBuilderFacade:
             )
         raw_current = current.get("result") if isinstance(current.get("result"), dict) else {}
         raw_current_base = current_base.get("result") if isinstance(current_base.get("result"), dict) else {}
-        current_name = str(raw_current.get("tagName") or "").strip() or None
+        current_name = str(raw_current.get("tagName") or raw_current_base.get("tagName") or "").strip() or None
         desired_name = str(package_name or current_name or "").strip() or current_name or "未命名应用包"
         desired_icon = encode_workspace_icon_with_defaults(
             icon=icon,
@@ -724,27 +744,33 @@ class AiBuilderFacade:
         verification = self.package_get(profile=profile, package_id=tag_id)
         if verification.get("status") != "success":
             return verification
+        package_name_verified = str(verification.get("package_name") or "").strip() == desired_name
+        package_icon_verified = str(verification.get("icon") or "").strip() == desired_icon
+        visibility_verified = _visibility_matches_expected(
+            verification.get("visibility"),
+            _public_visibility_from_member_auth(desired_auth),
+        )
+        verified = package_name_verified and package_icon_verified and visibility_verified
         return {
-            "status": "success",
+            "status": "success" if verified else "partial_success",
             "error_code": None,
             "recoverable": False,
-            "message": "updated package",
+            "message": "updated package" if verified else "updated package with unverified readback",
             "normalized_args": normalized_args,
             "missing_fields": [],
             "allowed_values": {},
             "details": {},
             "request_id": update_result.get("request_id") if isinstance(update_result, dict) else None,
-            "suggested_next_call": None,
+            "suggested_next_call": None if verified else {"tool_name": "package_get", "arguments": {"profile": profile, "package_id": tag_id}},
             "noop": False,
             "warnings": [],
             "verification": {
                 "package_exists": True,
-                "visibility_verified": _visibility_matches_expected(
-                    verification.get("visibility"),
-                    _public_visibility_from_member_auth(desired_auth),
-                ),
+                "package_name_verified": package_name_verified,
+                "package_icon_verified": package_icon_verified,
+                "visibility_verified": visibility_verified,
             },
-            "verified": True,
+            "verified": verified,
             **{
                 key: deepcopy(value)
                 for key, value in verification.items()
@@ -7682,7 +7708,7 @@ class AiBuilderFacade:
                     "request_route": request_route,
                 },
                 suggested_next_call=(
-                    {"tool_name": "workspace_select", "arguments": {"profile": profile, "ws_id": request_route.get("ws_id")}}
+                    {"tool_name": "auth_use_credential", "arguments": {"profile": profile}}
                     if request_route.get("ws_id")
                     else None
                 ),

package/src/qingflow_mcp/cli/commands/auth.py

@@ -1,10 +1,7 @@
 from __future__ import annotations
 
 import argparse
-import getpass
-import sys
 
-from ...errors import QingflowApiError
 from ..context import CliContext
 from .common import read_secret_arg
 
@@ -13,23 +10,13 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     parser = subparsers.add_parser("auth", help="认证与会话")
     auth_subparsers = parser.add_subparsers(dest="auth_command", required=True)
 
-    login = auth_subparsers.add_parser("login", help="邮箱密码登录")
-    login.add_argument("--base-url")
-    login.add_argument("--qf-version")
-    login.add_argument("--email", required=True)
-    login.add_argument("--password")
-    login.add_argument("--password-stdin", action="store_true")
-    login.add_argument("--persist", action=argparse.BooleanOptionalAction, default=True)
-    login.set_defaults(handler=_handle_login, format_hint="auth_whoami")
-
-    use_token = auth_subparsers.add_parser("use-token", help="直接注入 token")
-    use_token.add_argument("--base-url")
-    use_token.add_argument("--qf-version")
-    use_token.add_argument("--token")
-    use_token.add_argument("--token-stdin", action="store_true")
-    use_token.add_argument("--ws-id", type=int)
-    use_token.add_argument("--persist", action=argparse.BooleanOptionalAction, default=False)
-    use_token.set_defaults(handler=_handle_use_token, format_hint="auth_whoami")
+    use_credential = auth_subparsers.add_parser("use-credential", help="直接注入 credential")
+    use_credential.add_argument("--base-url")
+    use_credential.add_argument("--qf-version")
+    use_credential.add_argument("--credential")
+    use_credential.add_argument("--credential-stdin", action="store_true")
+    use_credential.add_argument("--persist", action=argparse.BooleanOptionalAction, default=False)
+    use_credential.set_defaults(handler=_handle_use_credential, format_hint="auth_whoami")
 
     whoami = auth_subparsers.add_parser("whoami", help="查看当前登录态")
     whoami.set_defaults(handler=_handle_whoami, format_hint="auth_whoami")
@@ -39,33 +26,17 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     logout.set_defaults(handler=_handle_logout, format_hint="")
 
 
-def _handle_login(args: argparse.Namespace, context: CliContext) -> dict:
-    password = args.password
-    if args.password_stdin:
-        password = read_secret_arg(args.password, stdin_enabled=True, label="password")
-    elif not password:
-        if sys.stdin.isatty():
-            password = getpass.getpass("Password: ")
-        else:
-            raise QingflowApiError.config_error("password is required; use --password or --password-stdin")
-    return context.auth.auth_login(
-        profile=args.profile,
-        base_url=args.base_url,
-        qf_version=args.qf_version,
-        email=args.email,
-        password=password,
-        persist=bool(args.persist),
+def _handle_use_credential(args: argparse.Namespace, context: CliContext) -> dict:
+    credential = (
+        read_secret_arg(args.credential, stdin_enabled=bool(args.credential_stdin), label="credential")
+        if args.credential or bool(args.credential_stdin)
+        else ""
     )
-
-
-def _handle_use_token(args: argparse.Namespace, context: CliContext) -> dict:
-    token = read_secret_arg(args.token, stdin_enabled=bool(args.token_stdin), label="token")
-    return context.auth.auth_use_token(
+    return context.auth.auth_use_credential(
         profile=args.profile,
         base_url=args.base_url,
         qf_version=args.qf_version,
-        token=token,
-        ws_id=args.ws_id,
+        credential=credential,
         persist=bool(args.persist),
     )
 

package/src/qingflow_mcp/cli/commands/task.py

@@ -15,7 +15,10 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     list_parser.add_argument("--flow-status", default="all")
     list_parser.add_argument("--app-key")
     list_parser.add_argument("--workflow-node-id", type=int)
-    list_parser.add_argument("--query")
+    list_parser.add_argument(
+        "--query",
+        help="先走后端待办检索；当后端返回零结果时，公开 task_list 会回退到本地匹配 app_name / workflow_node_name / app_key / record_id。",
+    )
     list_parser.add_argument("--page", type=int, default=1)
     list_parser.add_argument("--page-size", type=int, default=20)
     list_parser.set_defaults(handler=_handle_list, format_hint="task_list")

package/src/qingflow_mcp/cli/commands/workspace.py

@@ -15,10 +15,6 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     list_parser.add_argument("--include-external", action="store_true")
     list_parser.set_defaults(handler=_handle_list, format_hint="workspace_list")
 
-    select = workspace_subparsers.add_parser("select", help="切换工作区")
-    select.add_argument("--ws-id", type=int, required=True)
-    select.set_defaults(handler=_handle_select, format_hint="workspace_select")
-
 
 def _handle_list(args: argparse.Namespace, context: CliContext) -> dict:
     return context.workspace.workspace_list(
@@ -27,7 +23,3 @@ def _handle_list(args: argparse.Namespace, context: CliContext) -> dict:
         page_size=args.page_size,
         include_external=bool(args.include_external),
     )
-
-
-def _handle_select(args: argparse.Namespace, context: CliContext) -> dict:
-    return context.workspace.workspace_select(profile=args.profile, ws_id=args.ws_id)

package/src/qingflow_mcp/cli/formatters.py

@@ -132,26 +132,6 @@ def _format_app_get(result: dict[str, Any]) -> str:
     _append_warnings(lines, result.get("warnings"))
     return "\n".join(lines) + "\n"
 
-
-def _format_workspace_select(result: dict[str, Any]) -> str:
-    lines = [
-        f"Workspace: {result.get('selected_ws_name') or '-'} ({result.get('selected_ws_id') or '-'})",
-        f"QF Version: {result.get('qf_version') or '-'}",
-    ]
-    workspace_version = result.get("workspace_version") if isinstance(result.get("workspace_version"), dict) else {}
-    if workspace_version:
-        lines.append(
-            "Workspace Version: "
-            f"{workspace_version.get('display_name') or '-'} "
-            f"({workspace_version.get('level_name') or workspace_version.get('level_code') or '-'})"
-        )
-        if workspace_version.get("being_trial") is not None:
-            lines.append(f"Trial: {workspace_version.get('being_trial')}")
-        if workspace_version.get("expire_date") is not None:
-            lines.append(f"Expire Date: {workspace_version.get('expire_date')}")
-    return "\n".join(lines) + "\n"
-
-
 def _format_record_list(result: dict[str, Any]) -> str:
     data = result.get("data") if isinstance(result.get("data"), dict) else {}
     items = data.get("items") if isinstance(data.get("items"), list) else []
@@ -364,7 +344,6 @@ def _first_present(payload: dict[str, Any], *keys: str) -> Any:
 _FORMATTERS = {
     "auth_whoami": _format_whoami,
     "workspace_list": _format_workspace_list,
-    "workspace_select": _format_workspace_select,
     "app_list": _format_app_items,
     "app_search": _format_app_items,
     "app_get": _format_app_get,

package/src/qingflow_mcp/config.py

@@ -21,6 +21,8 @@ DEFAULT_REPOSITORY_PROD_BRANCH = "prod"
 DEFAULT_REPOSITORY_AUTHOR_NAME = "qingflow-mcp"
 DEFAULT_REPOSITORY_AUTHOR_EMAIL = "qingflow-mcp@local.invalid"
 DEFAULT_REPOSITORY_INTERNAL_SHARE_TOKEN_KEY = "tokenKey"
+DEFAULT_CREDIT_USAGE_RECORD_PATH = "/user/credit/usage"
+DEFAULT_MCPORTER_CONFIG_PATH = "~/.openclaw/workspace/config/mcporter.json"
 
 
 def get_mcp_home() -> Path:
@@ -32,6 +34,13 @@ def get_profiles_path() -> Path:
     return get_mcp_home() / "profiles.json"
 
 
+def get_mcporter_config_path() -> Path:
+    custom_path = os.getenv("QINGFLOW_MCP_MCPORTER_CONFIG_PATH") or os.getenv(
+        "QINGFLOW_MCP_AUTH_CONFIG_PATH"
+    )
+    return Path(custom_path).expanduser() if custom_path else Path(DEFAULT_MCPORTER_CONFIG_PATH)
+
+
 def get_repository_metadata_dir() -> Path:
     return get_mcp_home() / "repository-metadata"
 
@@ -208,6 +217,36 @@ def get_log_level() -> str:
     )
 
 
+def get_credit_meter_enabled() -> bool:
+    value = get_config_value(
+        "credit_meter.enabled",
+        env_var="QINGFLOW_MCP_CREDIT_METER_ENABLED",
+        default="true",
+    )
+    normalized = str(value or "").strip().lower()
+    return normalized in {"1", "true", "yes", "on"}
+
+
+def get_credit_usage_base_url() -> str | None:
+    value = get_config_value(
+        "credit_meter.apaas.base_url",
+        env_var="QINGFLOW_MCP_CREDIT_APAAS_BASE_URL",
+        default=None,
+    )
+    normalized = normalize_base_url(value)
+    return normalized or None
+
+
+def get_credit_usage_path() -> str:
+    value = get_config_value(
+        "credit_meter.apaas.path",
+        env_var="QINGFLOW_MCP_CREDIT_APAAS_PATH",
+        default=DEFAULT_CREDIT_USAGE_RECORD_PATH,
+    )
+    normalized = str(value or "").strip()
+    return normalized or DEFAULT_CREDIT_USAGE_RECORD_PATH
+
+
 def get_repository_default_group() -> str | None:
     value = get_config_value(
         "repository.default_group",

package/src/qingflow_mcp/errors.py

@@ -43,14 +43,14 @@ class QingflowApiError(Exception):
     def auth_required(cls, profile: str) -> "QingflowApiError":
         return cls(
             category="auth",
-            message=f"Profile '{profile}' is not logged in. Run auth_login first.",
+            message=f"Profile '{profile}' is not logged in. Run auth_use_credential first.",
         )
 
     @classmethod
     def workspace_not_selected(cls, profile: str) -> "QingflowApiError":
         return cls(
             category="workspace",
-            message=f"WORKSPACE_NOT_SELECTED: profile '{profile}' has no selected workspace. Run workspace_select first.",
+            message=f"WORKSPACE_NOT_SELECTED: profile '{profile}' has no workspace from auth context. Re-run auth_use_credential.",
         )
 
     @classmethod

package/src/qingflow_mcp/public_surface.py

@@ -30,12 +30,10 @@ def tool_key(domain: str, tool_name: str) -> str:
 
 
 USER_PUBLIC_TOOL_SPECS: tuple[PublicToolSpec, ...] = (
-    PublicToolSpec(USER_DOMAIN, "auth_login", ("auth_login",), ("auth", "login")),
-    PublicToolSpec(USER_DOMAIN, "auth_use_token", ("auth_use_token",), ("auth", "use-token")),
+    PublicToolSpec(USER_DOMAIN, "auth_use_credential", ("auth_use_credential",), ("auth", "use-credential")),
     PublicToolSpec(USER_DOMAIN, "auth_whoami", ("auth_whoami",), ("auth", "whoami")),
     PublicToolSpec(USER_DOMAIN, "auth_logout", ("auth_logout",), ("auth", "logout")),
     PublicToolSpec(USER_DOMAIN, "workspace_list", ("workspace_list",), ("workspace", "list")),
-    PublicToolSpec(USER_DOMAIN, "workspace_select", ("workspace_select",), ("workspace", "select")),
     PublicToolSpec(USER_DOMAIN, "app_list", ("app_list",), ("app", "list"), cli_show_effective_context=True),
     PublicToolSpec(USER_DOMAIN, "app_search", ("app_search",), ("app", "search"), cli_show_effective_context=True),
     PublicToolSpec(USER_DOMAIN, "app_get", ("app_get",), ("app", "get"), cli_show_effective_context=True),
@@ -107,12 +105,10 @@ USER_PUBLIC_TOOL_SPECS: tuple[PublicToolSpec, ...] = (
 
 
 BUILDER_PUBLIC_TOOL_SPECS: tuple[PublicToolSpec, ...] = (
-    PublicToolSpec(BUILDER_DOMAIN, "auth_login", ("auth_login",), ("builder", "auth", "login"), cli_public=False),
-    PublicToolSpec(BUILDER_DOMAIN, "auth_use_token", ("auth_use_token",), ("builder", "auth", "use-token"), cli_public=False),
+    PublicToolSpec(BUILDER_DOMAIN, "auth_use_credential", ("auth_use_credential",), ("builder", "auth", "use-credential"), cli_public=False),
     PublicToolSpec(BUILDER_DOMAIN, "auth_whoami", ("auth_whoami",), ("builder", "auth", "whoami"), cli_public=False),
     PublicToolSpec(BUILDER_DOMAIN, "auth_logout", ("auth_logout",), ("builder", "auth", "logout"), cli_public=False),
     PublicToolSpec(BUILDER_DOMAIN, "workspace_list", ("workspace_list",), ("builder", "workspace", "list"), cli_public=False),
-    PublicToolSpec(BUILDER_DOMAIN, "workspace_select", ("workspace_select",), ("builder", "workspace", "select"), cli_public=False),
     PublicToolSpec(BUILDER_DOMAIN, "file_upload_local", ("file_upload_local",), ("builder", "file", "upload-local"), has_contract=True, cli_show_effective_context=True, cli_context_write=True),
     PublicToolSpec(BUILDER_DOMAIN, "feedback_submit", ("feedback_submit",), ("builder", "feedback", "submit"), has_contract=True),
     PublicToolSpec(BUILDER_DOMAIN, "builder_tool_contract", ("builder_tool_contract",), ("builder", "contract"), has_contract=False),

package/src/qingflow_mcp/response_trim.py

@@ -263,12 +263,6 @@ def _trim_workspace_list(payload: JSONObject) -> None:
         _trim_item_list(page, "list", allowed=("wsId", "workspaceName", "remark"))
 
 
-def _trim_workspace_select(payload: JSONObject) -> None:
-    workspace = payload.get("workspace")
-    if isinstance(workspace, dict):
-        payload["workspace"] = _pick(workspace, ("wsId", "workspaceName"))
-
-
 def _trim_app_search_like(payload: JSONObject) -> None:
     payload.pop("apps", None)
     _trim_item_list(payload, "items", allowed=("app_key", "app_name", "package_name"))
@@ -731,10 +725,9 @@ def _register_policy(domains: tuple[str, ...], names: tuple[str, ...], transform
             SUCCESS_POLICY_BY_TOOL[tool_key(domain, name)] = transform
 
 
-_register_policy((USER_DOMAIN, BUILDER_DOMAIN), ("auth_login", "auth_use_token", "auth_whoami"), _trim_auth_payload)
+_register_policy((USER_DOMAIN, BUILDER_DOMAIN), ("auth_use_credential", "auth_whoami"), _trim_auth_payload)
 _register_policy((USER_DOMAIN, BUILDER_DOMAIN), ("auth_logout",), _trim_auth_logout)
 _register_policy((USER_DOMAIN, BUILDER_DOMAIN), ("workspace_list",), _trim_workspace_list)
-_register_policy((USER_DOMAIN, BUILDER_DOMAIN), ("workspace_select",), _trim_workspace_select)
 _register_policy((USER_DOMAIN,), ("app_list", "app_search"), _trim_app_search_like)
 _register_policy((USER_DOMAIN, BUILDER_DOMAIN), ("app_get",), _trim_app_get)
 _register_policy((BUILDER_DOMAIN,), ("app_repair_code_blocks",), _trim_builder_list_like)

package/src/qingflow_mcp/server.py

@@ -34,7 +34,7 @@ def build_server() -> FastMCP:
 
 ## Authentication
 
-Use `auth_login` first, then `workspace_list` and `workspace_select`.
+Use `auth_use_credential` first when a local host such as createClaw can provide a credential. Treat the returned `wsId` and `qfVersion` as authoritative for the local session.
 All resource tools operate with the logged-in user's Qingflow permissions.
 
 ## Shared Helper