@lark-apaas/miaoda-cli 0.1.4-alpha.a655ae4 → 0.1.4-alpha.b2fdfff

package/README.md

@@ -54,7 +54,7 @@ miaoda file ls --output json
 ## 环境变量
 
 - `MIAODA_APP_ID`：默认应用 ID，等价于 `--app-id`。
-- `MIAODA_CANARY_HEADER`：设置后所有 HTTP 请求自动带上 `x-tt-env: <值>` 小流量头（例：`export MIAODA_CANARY_HEADER=boe_xxx`）。
+- `MIAODA_CANARY_HEADER`：HTTP 请求的 `x-tt-env` 小流量头取值。未设置时默认 `boe_miaoda_doubao`；设为空字符串则不带该头（例：`export MIAODA_CANARY_HEADER=boe_xxx`）。值形如 `ppe_xxx` 时额外带上 `x-use-ppe: 1`。
 
 ## 输出契约
 

package/dist/api/deploy/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.NodeStatus = exports.nodeStatusFromText = exports.nodeStatusText = exports.errorJobSchema = exports.deployGetSchema = exports.deployHistorySchema = exports.batchSavePluginInstances = exports.LocalReleaseStatus = exports.getModernLastPublishedVersion = exports.getModernReleaseStatus = exports.createModernRelease = exports.updateLocalRelease = exports.createLocalRelease = exports.preRelease = exports.queryPipelineInstance = exports.getErrorLog = exports.listPipelineInstances = exports.createRelease = void 0;
+exports.NodeStatus = exports.nodeStatusFromText = exports.nodeStatusText = exports.errorJobSchema = exports.deployGetSchema = exports.deployHistorySchema = exports.batchSavePluginInstances = exports.LocalReleaseStatus = exports.getModernLastPublishedVersion = exports.getModernReleaseStatus = exports.createModernRelease = exports.callbackStatic = exports.updateLocalRelease = exports.createLocalRelease = exports.preRelease = exports.queryPipelineInstance = exports.getErrorLog = exports.listPipelineInstances = exports.createRelease = void 0;
 var api_1 = require("./api");
 Object.defineProperty(exports, "createRelease", { enumerable: true, get: function () { return api_1.createRelease; } });
 Object.defineProperty(exports, "listPipelineInstances", { enumerable: true, get: function () { return api_1.listPipelineInstances; } });
@@ -10,6 +10,7 @@ var modern_1 = require("./modern");
 Object.defineProperty(exports, "preRelease", { enumerable: true, get: function () { return modern_1.preRelease; } });
 Object.defineProperty(exports, "createLocalRelease", { enumerable: true, get: function () { return modern_1.createLocalRelease; } });
 Object.defineProperty(exports, "updateLocalRelease", { enumerable: true, get: function () { return modern_1.updateLocalRelease; } });
+Object.defineProperty(exports, "callbackStatic", { enumerable: true, get: function () { return modern_1.callbackStatic; } });
 Object.defineProperty(exports, "createModernRelease", { enumerable: true, get: function () { return modern_1.createRelease; } });
 Object.defineProperty(exports, "getModernReleaseStatus", { enumerable: true, get: function () { return modern_1.getReleaseStatus; } });
 Object.defineProperty(exports, "getModernLastPublishedVersion", { enumerable: true, get: function () { return modern_1.getLastPublishedVersion; } });

package/dist/api/deploy/modern.js

@@ -13,6 +13,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.preRelease = preRelease;
 exports.createLocalRelease = createLocalRelease;
 exports.updateLocalRelease = updateLocalRelease;
+exports.callbackStatic = callbackStatic;
 exports.createRelease = createRelease;
 exports.getReleaseStatus = getReleaseStatus;
 exports.getLastPublishedVersion = getLastPublishedVersion;
@@ -48,6 +49,13 @@ async function updateLocalRelease(req) {
     const url = `/v1/devops/app/${encodeURIComponent(appID)}/local_publish/update_release`;
     await (0, http_1.postInnerApi)(url, body, envelopeOpts('Failed to update local release'));
 }
+// ── callbackStatic（PaaS Storage 静态资源上传完成回调） ──
+/** POST /v1/storage/app/:appID/bucket/:bucketID/object/callbackStatic */
+async function callbackStatic(req) {
+    const { appID, bucketID, uploadID } = req;
+    const url = `/v1/storage/app/${encodeURIComponent(appID)}/bucket/${encodeURIComponent(bucketID)}/object/callbackStatic`;
+    return (0, http_1.postInnerApi)(url, { uploadID }, envelopeOpts('Failed to callback static upload'));
+}
 // ── release（远端部署，B / C 链路；本期不导出，类型骨架已就绪） ──
 /** POST /v1/devops/app/:appID/remote_publish/release */
 async function createRelease(req) {

package/dist/services/app/init/template.js

@@ -16,11 +16,12 @@ exports.TEMPLATE_PACKAGE_BY_STACK = {
     html: '@lark-apaas/coding-template-html',
 };
 exports.SUPPORTED_STACKS = Object.keys(exports.TEMPLATE_PACKAGE_BY_STACK);
-// template/ 内以下划线开头的占位文件名在渲染时改名（npm publish 会把 .gitignore 吞掉，
-// 模板里用 _gitignore 提交，渲染时再改回）。
+// template/ 内以下划线开头的占位文件名在渲染时改名（npm publish 会把 .gitignore / .npmrc 吞掉，
+// 模板里用 _gitignore / _npmrc 提交，渲染时再改回）。
 const RENAME_FILES = {
     _gitignore: '.gitignore',
     '_env.local': '.env.local',
+    _npmrc: '.npmrc',
 };
 function renderTemplate(opts) {
     const packageName = exports.TEMPLATE_PACKAGE_BY_STACK[opts.stack];

package/dist/services/deploy/modern/atoms/build.js

@@ -6,13 +6,14 @@ const error_1 = require("../../../../utils/error");
 const logger_1 = require("../../../../utils/logger");
 const protocol_1 = require("../protocol");
 /**
- * 给 CDN 前缀补 https:// 协议头：
+ * 给 RESOURCE_CDN_PREFIX 补 https:// 协议头：
  *   - 已带 http:// 或 https:// → 原样返回
  *   - 以 / 开头（绝对路径）→ 原样返回
  *   - 不含 dot（看起来不像域名，比如纯路径 app_xxx/2）→ 原样返回
  *   - 其它（典型：lf-xxx.bytetos.com/...）→ 前缀 https://
  *
  * template 的 build script 直接拿来当 vite base / asset URL 用，必须是合法 URL。
+ * STATIC_CDN_PREFIX 由 runtime 同域提供（相对路径），不走这里。
  */
 function ensureHttpsScheme(v) {
     if (/^https?:\/\//i.test(v))
@@ -28,17 +29,21 @@ function ensureHttpsScheme(v) {
  *   MIAODA_APP_ID / MIAODA_VERSION / MIAODA_STACK
  *   MIAODA_RESOURCE_CDN_PREFIX / MIAODA_STATIC_CDN_PREFIX
  *
- * CDN 前缀缺 scheme 时由 CLI 自动补 https://，template 不用关心。
+ * MIAODA_STATIC_CDN_PREFIX 取自 output_static_paas_storage_credential.downloadURLPrefix，
+ * 是 runtime 同域相对路径（例如 /app/<appId>/runtime/api/v1/storage/object/<bucket>/），
+ * 不补 https scheme，原样注入。顶层 static_cdn_prefix 不再下发。
+ *
  * build 失败抛 AppError（execSync 自身会 throw，捕获后包一层加错误码）。
  */
 function runBuild(opts) {
+    const staticCred = (0, protocol_1.parsePaasStorageCredential)((0, protocol_1.requireDataKey)(opts.data, protocol_1.DataKey.OUTPUT_STATIC_PAAS_STORAGE_CREDENTIAL), protocol_1.DataKey.OUTPUT_STATIC_PAAS_STORAGE_CREDENTIAL);
     const buildEnv = {
         ...process.env,
         MIAODA_APP_ID: opts.appId,
         MIAODA_VERSION: opts.version,
         MIAODA_STACK: opts.templateKey,
         MIAODA_RESOURCE_CDN_PREFIX: ensureHttpsScheme((0, protocol_1.requireDataKey)(opts.data, protocol_1.DataKey.RESOURCE_CDN_PREFIX)),
-        MIAODA_STATIC_CDN_PREFIX: ensureHttpsScheme((0, protocol_1.requireDataKey)(opts.data, protocol_1.DataKey.STATIC_CDN_PREFIX)),
+        MIAODA_STATIC_CDN_PREFIX: staticCred.downloadURLPrefix,
     };
     (0, logger_1.log)('deploy', 'Building...');
     try {

package/dist/services/deploy/modern/atoms/upload.js

@@ -8,21 +8,28 @@ const node_fs_1 = __importDefault(require("node:fs"));
 const node_os_1 = __importDefault(require("node:os"));
 const node_path_1 = __importDefault(require("node:path"));
 const node_child_process_1 = require("node:child_process");
+const index_1 = require("../../../../api/deploy/index");
 const error_1 = require("../../../../utils/error");
 const logger_1 = require("../../../../utils/logger");
 const constants_1 = require("../constants");
 const protocol_1 = require("../protocol");
 const UPLOAD_PLAN = [
-    { dir: constants_1.OUTPUT_DIR, dataKey: protocol_1.DataKey.OUTPUT_TOS_UPLOAD_CREDENTIAL, required: true },
     {
+        kind: 'tos',
+        dir: constants_1.OUTPUT_DIR,
+        dataKey: protocol_1.DataKey.OUTPUT_TOS_UPLOAD_CREDENTIAL,
+        required: true,
+    },
+    {
+        kind: 'tos',
         dir: constants_1.OUTPUT_RESOURCE_DIR,
         dataKey: protocol_1.DataKey.OUTPUT_RESOURCE_TOS_UPLOAD_CREDENTIAL,
         required: false,
     },
     {
+        kind: 'paas_storage',
         dir: constants_1.OUTPUT_STATIC_DIR,
-        dataKey: protocol_1.DataKey.OUTPUT_STATIC_TOS_UPLOAD_CREDENTIAL,
-        required: false,
+        dataKey: protocol_1.DataKey.OUTPUT_STATIC_PAAS_STORAGE_CREDENTIAL,
     },
 ];
 function resolveTosutilPath() {
@@ -36,33 +43,28 @@ function resolveTosutilPath() {
     }
     throw new error_1.AppError('DEPLOY_TOSUTIL_MISSING', 'tosutil is not installed or not in PATH. modern deploy requires sandbox preinstalled tosutil.');
 }
-/** 把 data 里的凭证字段 JSON.parse 出来；非法 JSON / 缺字段都抛 AppError */
-function parseCredential(raw, dataKey) {
-    let parsed;
-    try {
-        parsed = JSON.parse(raw);
-    }
-    catch (err) {
-        throw new error_1.AppError('DEPLOY_CRED_INVALID_JSON', `preRelease.data["${dataKey}"] is not valid JSON: ${err.message}`);
-    }
-    if (typeof parsed !== 'object' || parsed === null) {
-        throw new error_1.AppError('DEPLOY_CRED_INVALID_JSON', `preRelease.data["${dataKey}"] is not an object`);
-    }
-    const c = parsed;
-    const required = [
-        'accessKeyID',
-        'secretAccessKey',
-        'sessionToken',
-        'endpoint',
-        'region',
-        'bucket',
-        'prefix',
-    ];
-    const missing = required.filter((k) => typeof c[k] !== 'string' || c[k] === '');
-    if (missing.length > 0) {
-        throw new error_1.AppError('DEPLOY_CRED_INCOMPLETE', `preRelease.data["${dataKey}"] credential missing fields: ${missing.join(', ')}`);
-    }
-    return c;
+function tosutilUploadFromTos(cred) {
+    return {
+        accessKeyID: cred.accessKeyID,
+        secretAccessKey: cred.secretAccessKey,
+        sessionToken: cred.sessionToken,
+        endpoint: cred.endpoint,
+        region: cred.region,
+        bucket: cred.bucket,
+        prefix: cred.prefix,
+    };
+}
+function tosutilUploadFromPaasStorage(cred, dataKey) {
+    const { bucket, prefix } = (0, protocol_1.parseTosUploadPrefix)(cred.uploadPrefix, dataKey);
+    return {
+        accessKeyID: cred.accessKeyID,
+        secretAccessKey: cred.secretAccessKey,
+        sessionToken: cred.sessionToken,
+        endpoint: cred.endpoint,
+        region: cred.region,
+        bucket,
+        prefix,
+    };
 }
 /**
  * 写一个 tosutil 临时 config 文件，注入 STS 凭证 + endpoint + region。
@@ -164,42 +166,81 @@ function uploadDirWithCredential(tosutilPath, sourceDir, cred, label) {
         throw new error_1.AppError('DEPLOY_UPLOAD_EMPTY', `Upload failed: 0 files uploaded. source=${sourceDir}. Check tosutil credentials and bucket permissions.`);
     }
 }
+function uploadTosTarget(tosutilPath, target, localPath, data) {
+    const credRaw = target.required
+        ? (0, protocol_1.requireDataKey)(data, target.dataKey)
+        : (0, protocol_1.optionalDataKey)(data, target.dataKey);
+    if (credRaw === undefined) {
+        (0, logger_1.debug)(`upload: ${target.dir} exists but no credential configured, skipping`);
+        return false;
+    }
+    const cred = (0, protocol_1.parseTosUploadCredential)(credRaw, target.dataKey);
+    (0, logger_1.log)('deploy', `Uploading ${target.dir}...`);
+    uploadDirWithCredential(tosutilPath, localPath, tosutilUploadFromTos(cred), target.dir);
+    return true;
+}
+function uploadPaasStorageTarget(tosutilPath, target, localPath, data) {
+    // 空目录：直接跳过；callbackStatic 也不能调，否则会让后端把"未发生的上传"
+    // 误以为已完成。凭证本身 build 阶段已经消费过 downloadURLPrefix，这里不重复要求。
+    if (node_fs_1.default.readdirSync(localPath).length === 0) {
+        (0, logger_1.debug)(`upload: ${target.dir} is empty, skipping`);
+        return undefined;
+    }
+    const cred = (0, protocol_1.parsePaasStorageCredential)((0, protocol_1.requireDataKey)(data, target.dataKey), target.dataKey);
+    (0, logger_1.log)('deploy', `Uploading ${target.dir}...`);
+    uploadDirWithCredential(tosutilPath, localPath, tosutilUploadFromPaasStorage(cred, target.dataKey), target.dir);
+    return cred;
+}
 /**
- * 上传三类产物。每类的凭证来自 preRelease.data 中对应 *_tos_upload_credential 字段
- * （JSON.stringify 的 TosUploadCredential 对象）：
+ * 上传三类产物。output / output_resource 走 TOS STS 凭证；output_static 走 PaaS Storage
+ * 凭证（uploadPrefix 解出 tosutil cp 目的，上传完后再调 callbackStatic 把 uploadID
+ * 提交给后端核销）：
  *   - dist/output            (必传) → OUTPUT_TOS_UPLOAD_CREDENTIAL
  *   - dist/output_resource   (可选) → OUTPUT_RESOURCE_TOS_UPLOAD_CREDENTIAL
- *   - dist/output_static     (可选) → OUTPUT_STATIC_TOS_UPLOAD_CREDENTIAL
+ *   - dist/output_static     (可选) → OUTPUT_STATIC_PAAS_STORAGE_CREDENTIAL + callbackStatic
  *
  * 目录不存在的可选项跳过；output 不存在或凭证缺失抛错。
  */
-function uploadArtifacts(opts) {
+async function uploadArtifacts(opts) {
     const tosutilPath = resolveTosutilPath();
     const distDir = node_path_1.default.join(opts.projectDir, constants_1.DIST_DIR);
-    let uploaded = 0;
+    const outcome = { uploaded: 0 };
     for (const target of UPLOAD_PLAN) {
         const localPath = node_path_1.default.join(distDir, target.dir);
         const exists = node_fs_1.default.existsSync(localPath);
-        if (!exists) {
-            if (target.required) {
-                throw new error_1.AppError('DEPLOY_NO_BUILD_OUTPUT', `Required directory missing: ${constants_1.DIST_DIR}/${target.dir}`);
+        if (target.kind === 'tos') {
+            if (!exists) {
+                if (target.required) {
+                    throw new error_1.AppError('DEPLOY_NO_BUILD_OUTPUT', `Required directory missing: ${constants_1.DIST_DIR}/${target.dir}`);
+                }
+                (0, logger_1.debug)(`upload: dir not present, skipping ${target.dir}`);
+                continue;
+            }
+            if (uploadTosTarget(tosutilPath, target, localPath, opts.data)) {
+                outcome.uploaded++;
             }
-            (0, logger_1.debug)(`upload: dir not present, skipping ${target.dir}`);
             continue;
         }
-        const credRaw = target.required
-            ? (0, protocol_1.requireDataKey)(opts.data, target.dataKey)
-            : (0, protocol_1.optionalDataKey)(opts.data, target.dataKey);
-        if (credRaw === undefined) {
-            (0, logger_1.debug)(`upload: ${target.dir} exists but no credential configured, skipping`);
+        // PaaS Storage 分支
+        if (!exists) {
+            (0, logger_1.debug)(`upload: dir not present, skipping ${target.dir}`);
             continue;
         }
-        const cred = parseCredential(credRaw, target.dataKey);
-        (0, logger_1.log)('deploy', `Uploading ${target.dir}...`);
-        uploadDirWithCredential(tosutilPath, localPath, cred, target.dir);
-        uploaded++;
+        const cred = uploadPaasStorageTarget(tosutilPath, target, localPath, opts.data);
+        if (cred) {
+            outcome.staticUploaded = cred;
+            outcome.uploaded++;
+        }
     }
-    if (uploaded === 0) {
+    if (outcome.uploaded === 0) {
         throw new error_1.AppError('DEPLOY_UPLOAD_EMPTY', 'No artifacts uploaded — check build output.');
     }
+    if (outcome.staticUploaded) {
+        (0, logger_1.log)('deploy', 'Callbacking static upload...');
+        await (0, index_1.callbackStatic)({
+            appID: opts.appId,
+            bucketID: outcome.staticUploaded.bucketID,
+            uploadID: outcome.staticUploaded.uploadID,
+        });
+    }
 }

package/dist/services/deploy/modern/pipelines/local.js

@@ -46,7 +46,7 @@ async function localBuildLocalPublishPipeline(opts) {
     const release = await (0, index_1.createLocalRelease)(ctx.appId, pre.version);
     try {
         (0, logger_1.log)('deploy', 'Uploading artifacts...');
-        (0, index_1.uploadArtifacts)({ projectDir: ctx.projectDir, data });
+        await (0, index_1.uploadArtifacts)({ projectDir: ctx.projectDir, appId: ctx.appId, data });
         const saveResult = await (0, index_1.savePluginInstances)({
             projectDir: ctx.projectDir,
             appId: ctx.appId,

package/dist/services/deploy/modern/protocol.js

@@ -3,6 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.DataKey = void 0;
 exports.requireDataKey = requireDataKey;
 exports.optionalDataKey = optionalDataKey;
+exports.parseTosUploadCredential = parseTosUploadCredential;
+exports.parsePaasStorageCredential = parsePaasStorageCredential;
+exports.parseTosUploadPrefix = parseTosUploadPrefix;
 const error_1 = require("../../../utils/error");
 /**
  * modern deploy 对外协议常量集中地（SSOT）。
@@ -15,9 +18,7 @@ exports.DataKey = {
     // ── CDN 前缀（构建期注入到 build env，用于客户端资源访问） ──
     /** dist/output_resource 对应的 CDN 域名前缀 */
     RESOURCE_CDN_PREFIX: 'resource_cdn_prefix',
-    /** dist/output_static 对应的 CDN 域名前缀 */
-    STATIC_CDN_PREFIX: 'static_cdn_prefix',
-    // ── TOS 上传凭证（与三个产物目录一一对应，value 为 JSON.stringify 的凭证对象） ──
+    // ── TOS 上传凭证（output / output_resource 两条线，value 为 JSON.stringify 的凭证对象） ──
     // 凭证对象形态（camelCase）：
     //   { accessKeyID, secretAccessKey, sessionToken, endpoint, region, bucket, prefix }
     // CLI 端 JSON.parse 后写 tosutil 临时 config，cp 到 tos://bucket/prefix。
@@ -25,8 +26,13 @@ exports.DataKey = {
     OUTPUT_TOS_UPLOAD_CREDENTIAL: 'output_tos_upload_credential',
     /** dist/output_resource 上传凭证（仅当目录存在时使用） */
     OUTPUT_RESOURCE_TOS_UPLOAD_CREDENTIAL: 'output_resource_tos_upload_credential',
+    // ── PaaS Storage 静态资源凭证（dist/output_static 专用） ──
+    // 形态：JSON.stringify 后的 PaasStorageCredential（见下方 interface）。
+    // 上传走 tosutil（从 uploadPrefix 解析出 bucket/prefix）；上传完成后再调
+    // callbackStatic(appID, bucketID, uploadID) 把本次上传核销给后端；
+    // downloadURLPrefix 替代原 static_cdn_prefix 注入 build env。
     /** dist/output_static 上传凭证（仅当目录存在时使用） */
-    OUTPUT_STATIC_TOS_UPLOAD_CREDENTIAL: 'output_static_tos_upload_credential',
+    OUTPUT_STATIC_PAAS_STORAGE_CREDENTIAL: 'output_static_paas_storage_credential',
 };
 /** 取必传 key，缺失抛 AppError（带 key 名，便于后端 tcc 配置排查） */
 function requireDataKey(data, key) {
@@ -41,3 +47,76 @@ function optionalDataKey(data, key) {
     const v = data[key];
     return v === undefined || v === '' ? undefined : v;
 }
+const TOS_CREDENTIAL_REQUIRED_FIELDS = [
+    'accessKeyID',
+    'secretAccessKey',
+    'sessionToken',
+    'endpoint',
+    'region',
+    'bucket',
+    'prefix',
+];
+const PAAS_STORAGE_CREDENTIAL_REQUIRED_FIELDS = [
+    'accessKeyID',
+    'secretAccessKey',
+    'sessionToken',
+    'endpoint',
+    'region',
+    'uploadPrefix',
+    'downloadURLPrefix',
+    'uploadID',
+    'bucketID',
+];
+function parseCredentialObject(raw, dataKey) {
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        throw new error_1.AppError('DEPLOY_CRED_INVALID_JSON', `preRelease.data["${dataKey}"] is not valid JSON: ${err.message}`);
+    }
+    if (typeof parsed !== 'object' || parsed === null) {
+        throw new error_1.AppError('DEPLOY_CRED_INVALID_JSON', `preRelease.data["${dataKey}"] is not an object`);
+    }
+    return parsed;
+}
+function assertStringFields(obj, required, dataKey) {
+    const missing = required.filter((k) => {
+        const v = obj[k];
+        return typeof v !== 'string' || v === '';
+    });
+    if (missing.length > 0) {
+        throw new error_1.AppError('DEPLOY_CRED_INCOMPLETE', `preRelease.data["${dataKey}"] credential missing fields: ${missing.join(', ')}`);
+    }
+    return obj;
+}
+/** JSON.parse + 字段完整性校验：output / output_resource 凭证 */
+function parseTosUploadCredential(raw, dataKey) {
+    const obj = parseCredentialObject(raw, dataKey);
+    return assertStringFields(obj, TOS_CREDENTIAL_REQUIRED_FIELDS, dataKey);
+}
+/** JSON.parse + 字段完整性校验：output_static PaaS Storage 凭证 */
+function parsePaasStorageCredential(raw, dataKey) {
+    const obj = parseCredentialObject(raw, dataKey);
+    return assertStringFields(obj, PAAS_STORAGE_CREDENTIAL_REQUIRED_FIELDS, dataKey);
+}
+/**
+ * 解析 `tos://<storage-bucket>/<segments...>/` 形态的 uploadPrefix。
+ * 返回的 bucket 是 tosutil cp 视角的 TOS 物理 bucket（uploadPrefix 第一段），
+ * prefix 是其余路径（不含开头斜杠，保留可能存在的尾部斜杠以贴合 tosutil 习惯）。
+ *
+ * 注意：这里返回的 bucket 与 PaasStorageCredential.bucketID 不是同一个概念
+ * （bucketID 是 PaaS Storage 逻辑 bucket，给 callbackStatic 用）。
+ */
+function parseTosUploadPrefix(uploadPrefix, dataKey) {
+    const match = /^tos:\/\/([^/]+)\/(.*)$/.exec(uploadPrefix);
+    if (!match) {
+        throw new error_1.AppError('DEPLOY_CRED_INCOMPLETE', `preRelease.data["${dataKey}"].uploadPrefix must look like "tos://<bucket>/<prefix>/", got: ${uploadPrefix}`);
+    }
+    const bucket = match[1];
+    const prefix = match[2];
+    if (bucket === '' || prefix === '') {
+        throw new error_1.AppError('DEPLOY_CRED_INCOMPLETE', `preRelease.data["${dataKey}"].uploadPrefix missing bucket or prefix segment: ${uploadPrefix}`);
+    }
+    return { bucket, prefix };
+}

package/dist/utils/http.js

@@ -65,7 +65,12 @@ function createClient(opts) {
  * 缺省走这个。MIAODA_CANARY_HEADER 可显式覆盖；设为空字符串则去掉头。
  */
 const DEFAULT_CANARY_HEADER = 'boe_miaoda_doubao';
-/** 注入 x-tt-env 小流量头：env 显式设值 > DEFAULT_CANARY_HEADER */
+/**
+ * 注入 x-tt-env 小流量头：env 显式设值 > DEFAULT_CANARY_HEADER。
+ *
+ * 当泳道形如 `ppe_xxx`（PPE 预发环境）时，额外加 `x-use-ppe: 1`；
+ * BOE 泳道（`boe_xxx`）只带 x-tt-env，不加该头。
+ */
 function applyCanaryHeader(reqConfig) {
     // env 显式设为空字符串视为"去掉灰度头"；未设置时用 DEFAULT_CANARY_HEADER
     const canary = process.env.MIAODA_CANARY_HEADER ?? DEFAULT_CANARY_HEADER;
@@ -73,6 +78,9 @@ function applyCanaryHeader(reqConfig) {
         return reqConfig;
     const headers = new Headers(reqConfig.headers);
     headers.set('x-tt-env', canary);
+    if (canary.startsWith('ppe_')) {
+        headers.set('x-use-ppe', '1');
+    }
     reqConfig.headers = headers;
     return reqConfig;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lark-apaas/miaoda-cli",
-  "version": "0.1.4-alpha.a655ae4",
+  "version": "0.1.4-alpha.b2fdfff",
   "description": "Miaoda 平台命令行工具，面向 Agent 调用",
   "type": "commonjs",
   "bin": {