@lightcone-ai/daemon 0.15.51 → 0.15.52

package/mcp-servers/publisher/index.js

@@ -14,6 +14,7 @@ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
 import { z } from 'zod';
 import { existsSync, statSync, realpathSync, mkdirSync, writeFileSync } from 'fs';
 import path from 'path';
+import { homedir } from 'os';
 import { getSession, closeSession } from './chrome-pool.js';
 import { XhsAdapter } from './adapters/xhs.js';
 import { DouyinAdapter } from './adapters/douyin.js';
@@ -53,7 +54,21 @@ const ADAPTER_REGISTRY = Object.freeze({
   bilibili: BilibiliAdapter,
 });
 
-function getProfileDir(platform) {
+// D11/D14: profile dir routing.
+// Priority order:
+//   1. credential_id is given AND ~/.lightcone/chrome-profiles/cred-{id} exists → use it (multi-account safe)
+//   2. credential_id is given AND that path doesn't exist → return canonical cred-path anyway
+//      (caller will see missing-profile error explicitly; legacy fallback would silently mix accounts)
+//   3. credential_id is missing (legacy single-account flow) → fall back to env var
+function profileDirByCredentialId(credentialId) {
+  if (!credentialId) return null;
+  return path.join(homedir(), '.lightcone', 'chrome-profiles', `cred-${credentialId}`);
+}
+
+function getProfileDir(platform, credentialId = null) {
+  if (credentialId) {
+    return profileDirByCredentialId(credentialId);
+  }
   const key = PLATFORM_ENV_KEYS[platform];
   if (!key) return null;
   return process.env[key] ?? null;
@@ -74,22 +89,28 @@ function createStaticAdapter(platform) {
   return createAdapter(platform, null);
 }
 
-async function getAdapter(platform) {
-  const profileDir = getProfileDir(platform);
+async function getAdapter(platform, credentialId = null) {
+  const profileDir = getProfileDir(platform, credentialId);
   if (!profileDir) {
-    throw new Error(`No profile dir for platform="${platform}". Has the user logged in and authorized this agent?`);
+    throw new Error(`No profile dir for platform="${platform}" credential_id="${credentialId ?? 'none'}". Has the user logged in and authorized this agent?`);
   }
-  const cdp = await getSession(platform, profileDir);
+  // Pool session by (platform, credentialId) when credential is specified — different
+  // credentials on the same platform must NOT share a CDP session (D17 §6.6 isolation).
+  const sessionKey = credentialId ? `${platform}:cred-${credentialId}` : platform;
+  const cdp = await getSession(sessionKey, profileDir);
   return createAdapter(platform, cdp);
 }
 
-async function withPublisherProfile(platform, fn) {
-  const profileDir = getProfileDir(platform);
+async function withPublisherProfile(platform, fn, credentialId = null) {
+  const profileDir = getProfileDir(platform, credentialId);
   if (!profileDir) {
-    throw new Error(`No profile dir for platform="${platform}". Has the user logged in and authorized this agent?`);
+    throw new Error(`No profile dir for platform="${platform}" credential_id="${credentialId ?? 'none'}". Has the user logged in and authorized this agent?`);
   }
-  return withProfileLock(platform, profileDir, {
-    owner: `publisher:${platform}`,
+  // Lock key: cred-{id} when credential-routed (D17 §6.6: same-platform multi-credential
+  // must not block each other). Falls back to platform name for legacy single-credential flow.
+  const lockKey = credentialId ? `cred-${credentialId}` : platform;
+  return withProfileLock(lockKey, profileDir, {
+    owner: `publisher:${lockKey}`,
     timeoutMs: 30_000,
     staleMs: 20 * 60 * 1000,
   }, fn);
@@ -343,8 +364,11 @@ images/video 字段填写本地绝对路径（在 agent workspace 目录下）
       const req = staticAdapter.getRequirements(content_type);
       if (!req) throw new Error(`INPUT_UNSUPPORTED_CONTENT_TYPE: ${platform} does not support ${content_type}`);
       const media = validateMedia({ platform, contentType: content_type, ...localMedia });
+      // D11/D14: route by credential_id when approval action carries one (multi-account safe);
+      // fall back to legacy env var path when missing (single-account back-compat).
+      const credentialIdForPublish = approvalData?.credentialId ?? approvalData?.credential_id ?? null;
       const { publishResult, healthCheck } = await withPublisherProfile(platform, async () => {
-        const adapter = await getAdapter(platform);
+        const adapter = await getAdapter(platform, credentialIdForPublish);
         let publishResult = null;
         if (content_type === 'image_text') {
           publishResult = await adapter.publishImageText({ title, text, tags: tags ?? [], images: media.images });
@@ -355,8 +379,7 @@ images/video 字段填写本地绝对路径（在 agent workspace 目录下）
         }
 
         let healthCheck = null;
-        try {
-          healthCheck = await adapter.checkLoginStatus();
+        try {          healthCheck = await adapter.checkLoginStatus();
         } catch (error) {
           healthCheck = {
             loggedIn: null,

package/mcp-servers/publisher/precheck.js

@@ -111,10 +111,25 @@ function collectPayloadFlags(payload = {}) {
     ? payload.publish_history
     : (Array.isArray(payload?.publishHistory) ? payload.publishHistory : []);
 
+  // D11/D14: credential identity + status must reach precheck so we can fail-fast
+  // when the bound credential is revoked/expired (publisher_checklist requirement).
+  const credentialId = pickField(payload, [
+    'credential_id',
+    'credentialId',
+    'target_credential_id',
+    'targetCredentialId',
+  ]);
+  const credentialStatus = String(pickField(payload, [
+    'credential_status',
+    'credentialStatus',
+  ]) ?? '').trim().toLowerCase();
+
   return {
     accountId: accountId ? String(accountId).trim() : null,
     accountRole: normalizeRole(accountRole),
     autoPublishViaDelegation,
+    credentialId: credentialId ? String(credentialId).trim() : null,
+    credentialStatus: credentialStatus || null,
     contentIndicatesCollaboration,
     hasAdDisclosure,
     contentContainsAiGenerated,
@@ -151,6 +166,24 @@ function evaluatePrimaryAccountProtection(flags) {
   };
 }
 
+// M4.3: publisher_checklist 凭据状态检查项 (frag.publisher.platform_checklist).
+// When the action carries an explicit credential_status that is not 'active',
+// fail-fast as a blocker so we don't burn a publish attempt on a revoked
+// or expired credential. Active / unknown / missing status pass through —
+// the actual chrome-profile validity is checked downstream when opening
+// the browser session.
+const ACTIVE_CREDENTIAL_STATUSES = new Set(['', 'active', 'unknown']);
+
+function evaluateCredentialStatus(flags) {
+  const status = flags.credentialStatus;
+  if (!status) return null;
+  if (ACTIVE_CREDENTIAL_STATUSES.has(status)) return null;
+  return {
+    code: 'credential_invalid',
+    message: `credential status is "${status}" — re-authorize before publishing (D11/D14)`,
+  };
+}
+
 function evaluateLabelBlockers(flags, policyScan = {}) {
   const blockers = [];
   if (policyScan.ai_label_required && flags.contentContainsAiGenerated && !flags.hasAiLabel) {
@@ -202,6 +235,9 @@ export async function runPublishPrecheck({
   const primaryProtection = evaluatePrimaryAccountProtection(flags);
   if (primaryProtection) blockers.push(primaryProtection);
 
+  const credentialIssue = evaluateCredentialStatus(flags);
+  if (credentialIssue) blockers.push(credentialIssue);
+
   blockers.push(...evaluateLabelBlockers(flags, policyScan));
 
   let advisory = null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightcone-ai/daemon",
-  "version": "0.15.51",
+  "version": "0.15.52",
   "type": "module",
   "main": "src/index.js",
   "bin": {

package/src/agent-manager.js

@@ -685,6 +685,12 @@ export class AgentManager {
       '__MACHINE_API_KEY__': authToken,
       '__AGENT_ID__': agentId,
       '__WORKSPACE_ID__': workspaceId ?? '',
+      // D11/D14: legacy per-platform PROFILE_DIR placeholders. Resolved to
+      // `{platform}-{userId}` for backward compatibility with single-account
+      // workspaces. Multi-account flows route by credential_id at the
+      // publisher MCP / publish-job-runner layer (see profileDirByCredentialId);
+      // these placeholders are kept so existing single-credential configs keep
+      // working without manual migration.
       '${XHS_PROFILE_DIR}': path.join(profileRoot, `xhs-${userId}`),
       '${DOUYIN_PROFILE_DIR}': path.join(profileRoot, `douyin-${userId}`),
       '${KUAISHOU_PROFILE_DIR}': path.join(profileRoot, `kuaishou-${userId}`),

package/src/publish-job-runner.js

@@ -1,5 +1,6 @@
 import { existsSync, statSync, realpathSync, mkdirSync, writeFileSync, renameSync, rmSync, readdirSync } from 'fs';
 import path from 'path';
+import { homedir } from 'os';
 import { getSession, closeSession } from '../mcp-servers/publisher/chrome-pool.js';
 import { XhsAdapter } from '../mcp-servers/publisher/adapters/xhs.js';
 import { DouyinAdapter } from '../mcp-servers/publisher/adapters/douyin.js';
@@ -10,6 +11,12 @@ import { runPublishPrecheck } from '../mcp-servers/publisher/precheck.js';
 import { withProfileLock } from './profile-lock.js';
 import { profileDir as getBrowserProfileDir } from './browser-login.js';
 
+// D11/D14: per-credential profile dir, multi-account safe.
+function profileDirByCredentialId(credentialId) {
+  if (!credentialId) return null;
+  return path.join(homedir(), '.lightcone', 'chrome-profiles', `cred-${credentialId}`);
+}
+
 const PLATFORM_ENV_KEYS = {
   xhs: 'XHS_PROFILE_DIR',
   douyin: 'DOUYIN_PROFILE_DIR',
@@ -42,7 +49,18 @@ function asObject(value) {
   return {};
 }
 
-export function resolveProfileDir(platform, { ownerId } = {}) {
+export function resolveProfileDir(platform, { ownerId, credentialId } = {}) {
+  const normalizedCredentialId = normalizeText(credentialId);
+  if (normalizedCredentialId) {
+    return {
+      profileDir: profileDirByCredentialId(normalizedCredentialId),
+      source: 'credential',
+      envKey: null,
+      ownerId: normalizeText(ownerId),
+      credentialId: normalizedCredentialId,
+    };
+  }
+
   const envKey = PLATFORM_ENV_KEYS[platform];
   const envValue = normalizeText(envKey ? process.env[envKey] : null);
   if (envValue) {
@@ -51,6 +69,7 @@ export function resolveProfileDir(platform, { ownerId } = {}) {
       source: 'env',
       envKey,
       ownerId: normalizeText(ownerId),
+      credentialId: null,
     };
   }
 
@@ -61,6 +80,7 @@ export function resolveProfileDir(platform, { ownerId } = {}) {
       source: 'owner',
       envKey,
       ownerId: normalizedOwnerId,
+      credentialId: null,
     };
   }
 
@@ -69,16 +89,23 @@ export function resolveProfileDir(platform, { ownerId } = {}) {
     source: 'missing_owner',
     envKey,
     ownerId: null,
+    credentialId: null,
   };
 }
 
-export function resolveExistingProfileDir(platform, { ownerId } = {}) {
-  const resolved = resolveProfileDir(platform, { ownerId });
+export function resolveExistingProfileDir(platform, { ownerId, credentialId } = {}) {
+  const resolved = resolveProfileDir(platform, { ownerId, credentialId });
   if (!resolved.profileDir) {
-    throw new Error('publish:job missing owner_id; server must include it for cross-machine profile resolution');
+    throw new Error('publish:job missing owner_id and credential_id; server must include at least one for profile resolution');
   }
 
   if (!existsSync(resolved.profileDir)) {
+    if (resolved.source === 'credential') {
+      throw new Error(
+        `Credential profile dir not found at ${resolved.profileDir}; ` +
+        `the credential ${resolved.credentialId} has not completed browser-login on this machine yet (D17 §6.6 implementation hard prerequisite).`
+      );
+    }
     if (resolved.source === 'env') {
       throw new Error(`Profile dir from ${resolved.envKey} not found: ${resolved.profileDir}`);
     }
@@ -102,17 +129,21 @@ function createStaticAdapter(platform) {
   return new AdapterClass(null);
 }
 
-async function getAdapter(platform, { ownerId } = {}) {
-  const resolvedProfileDir = resolveExistingProfileDir(platform, { ownerId });
-  const cdp = await getSession(platform, resolvedProfileDir);
+async function getAdapter(platform, { ownerId, credentialId } = {}) {
+  const resolvedProfileDir = resolveExistingProfileDir(platform, { ownerId, credentialId });
+  // Pool by credentialId when available — different credentials must NOT share a CDP session.
+  const sessionKey = credentialId ? `${platform}:cred-${credentialId}` : platform;
+  const cdp = await getSession(sessionKey, resolvedProfileDir);
   const AdapterClass = getAdapterClass(platform);
   return new AdapterClass(cdp);
 }
 
-async function withPublisherProfile(platform, { ownerId } = {}, fn) {
-  const resolvedProfileDir = resolveExistingProfileDir(platform, { ownerId });
-  return withProfileLock(platform, resolvedProfileDir, {
-    owner: `publisher:${platform}`,
+async function withPublisherProfile(platform, { ownerId, credentialId } = {}, fn) {
+  const resolvedProfileDir = resolveExistingProfileDir(platform, { ownerId, credentialId });
+  // Lock key: cred-{id} when credential-routed (D17 §6.6); fallback to platform for legacy single-credential.
+  const lockKey = credentialId ? `cred-${credentialId}` : platform;
+  return withProfileLock(lockKey, resolvedProfileDir, {
+    owner: `publisher:${lockKey}`,
     timeoutMs: 30_000,
     staleMs: 20 * 60 * 1000,
   }, fn);
@@ -467,6 +498,8 @@ function buildJobInput(job = {}) {
     payload.content_type ?? payload.contentType ?? job.content_type ?? job.contentType
   );
   const workspaceId = normalizeText(job.workspace_id ?? job.workspaceId ?? payload.workspace_id ?? payload.workspaceId);
+  const credentialId = normalizeText(job.credential_id ?? job.credentialId ?? payload.credential_id ?? payload.credentialId);
+  const accountId = normalizeText(job.account_id ?? job.accountId ?? payload.account_id ?? payload.accountId);
   const title = payload.title;
   const text = payload.text;
   const tags = ensureStringArray(payload.tags);
@@ -479,6 +512,8 @@ function buildJobInput(job = {}) {
     platform,
     contentType,
     workspaceId,
+    credentialId,
+    accountId,
     title,
     text,
     tags,
@@ -537,6 +572,8 @@ export async function runPublishJob({ serverUrl, machineApiKey, agentId, workspa
     images,
     video,
     cover,
+    credentialId,
+    accountId,
   } = buildJobInput(job);
   const ownerId = normalizeText(job?.owner_id ?? job?.ownerId);
   const jobId = normalizeText(job?.id);
@@ -545,6 +582,8 @@ export async function runPublishJob({ serverUrl, machineApiKey, agentId, workspa
     contentType: contentType || null,
     jobId: jobId ?? null,
     ownerId: ownerId ?? null,
+    credentialId: credentialId ?? null,
+    accountId: accountId ?? null,
   };
 
   if (!platform) throw attachPublishStage(new Error('publish job missing platform'), 'input_validation', stageContext);
@@ -618,9 +657,9 @@ export async function runPublishJob({ serverUrl, machineApiKey, agentId, workspa
     });
 
     currentStage = 'publish_profile';
-    const { publishResult, healthCheck } = await withPublisherProfile(platform, { ownerId }, async () => {
+    const { publishResult, healthCheck } = await withPublisherProfile(platform, { ownerId, credentialId }, async () => {
       currentStage = 'adapter_session';
-      const adapter = await getAdapter(platform, { ownerId });
+      const adapter = await getAdapter(platform, { ownerId, credentialId });
 
       currentStage = 'pre_publish_login';
       const prePublishLogin = await adapter.checkLoginStatus();