@optima-chat/optima-agent 0.8.92 → 0.8.93

package/.claude/skills/kol-outreach/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: kol-outreach
-description: "KOL 建联全自动化：从 TikTok 发现潜在 KOL、提取 bio email、发送个性化 outreach、自动谈判价格与条款。当用户说'帮我找 KOL'、'{产品} KOL 建联'、'KOL 进展如何'，或收到系统触发的 [KOL_INBOUND:...] 标记时，使用此 skill。"
+description: "KOL 建联全自动化：从 TikTok 发现潜在 KOL、提取 bio email、发送个性化 outreach、自动谈判价格与条款。当用户说'帮我找 KOL'、'{产品} KOL 建联'、'KOL 进展如何'，或收到系统触发的 [KOL_INBOUND:...] 或 [KOL_INBOUND] 标记时，使用此 skill。"
 ---
 
 # KOL Outreach Skill
@@ -31,7 +31,7 @@ description: "KOL 建联全自动化：从 TikTok 发现潜在 KOL、提取 bio
 
 按顺序执行这些检查，决定本次 session 的动作：
 
-1. **检测系统触发**：用户消息是否包含 `[KOL_INBOUND:{campaignId}]` 标记？
+1. **检测系统触发**：用户消息是否包含 `[KOL_INBOUND:{campaignId}]` 或 `[KOL_INBOUND]`（无 campaignId）标记？
    - 是 → 走「KOL 回信处理」流程（见下）
    - 否 → 继续步骤 2
 2. **检测首次使用**：`ls ~/kol-outreach/BRAND.md` 是否存在？
@@ -217,16 +217,27 @@ description: "KOL 建联全自动化：从 TikTok 发现潜在 KOL、提取 bio
 
 ---
 
-## 流程 D：KOL 回信处理（由 `[KOL_INBOUND:{campaignId}]` 触发）
+## 流程 D：KOL 回信处理（由 `[KOL_INBOUND:{campaignId}]` 或 `[KOL_INBOUND]` 触发）
 
-1. 解析 prompt：从消息里抠 campaignId 和 email metadata（From / Subject / Message-ID / In-Reply-To / References / Body）
+1. 解析 prompt：
+   - 如果包含 `[KOL_INBOUND:{campaignId}]` → 直接知道 campaignId，同时抠 email metadata（From / Subject / Message-ID / In-Reply-To / References / Body）
+   - 如果包含 `[KOL_INBOUND]` + `merchant_id: {X}` → campaignId 未知，抠 merchant_id 和 email metadata；campaignId 在步骤 3 中搜索确定
+     （`merchant_id` 仅用于日志和审计。campaign 查找基于 `~/kol-outreach/campaigns/*/KOLS.md` 遍历，因为工作目录已隐含了 merchant 身份。）
 
-2. 校验 campaign 存在：
+2. 校验 campaign 存在（仅 campaignId 已知时）：
    - `ls ~/kol-outreach/campaigns/{campaignId}/CONFIG.md`
    - 不存在 → 写 merchant PROGRESS.md 异常记录 + `sentinel report --condition-met false --summary "unknown campaign"` + 退出
 
-3. 读 `KOLS.md`，按 from_email 找对应 username
-   - 找不到 → orphan_inbound：写 campaign PROGRESS.md + sentinel report false + 退出
+3. 按 from_email 查找 KOL：
+   - **campaignId 已知**（from step 1）：只读该 campaign 的 KOLS.md
+     - 找到 → 继续步骤 4
+     - 找不到 → orphan_inbound：写 campaign PROGRESS.md + sentinel report false + 退出
+   - **campaignId 未知**（fallback）：遍历 `~/kol-outreach/campaigns/*/KOLS.md`
+     - 唯一匹配 → 确定 campaignId，继续步骤 4
+     - 多个匹配 → 选 **KOLS.md 中该 email 对应条目的 `last_update` 字段**最新的那个 campaign
+     - 无匹配 → orphan_inbound：写 merchant PROGRESS.md + sentinel report false + 退出
+
+   ※ 同一 campaign 内如果同一 email 出现多条记录（例如 KOL 换 username 后被重新添加），取 status 非终态（非 rejected / expired / no_contact）的活跃记录。
 
 4. 读本 campaign 的 `CONFIG.md`、`BRAND.md`、`CONVERSATIONS/{username}.md`
 

package/.claude/skills/video-clone/SKILL.md

@@ -90,7 +90,7 @@ save_workflow.py          (Phase 5 — 可选，效果好时沉淀)
 
 **仅做轻量元数据识别，不执行工具调用**。不下载视频、不调 ffprobe、不抽帧。
 
-按需提问（不一次全问）：产品是什么、替换目标、音频需求（有音频 ~$1，无音频 ~$0.02）、时长期望。
+按需提问（不一次全问）：产品是什么、替换目标、音频需求（有音频 ~$1.50/10s，无音频 ~$0.02/10s，扣 Optima credits 由服务端中间件完成）、时长期望。
 
 先查 `gen-output/video-clone/workflows/README.md` — 完全匹配 → 复用；部分匹配 → 调整；
 无匹配 → 走通用 pipeline。详见 [workflow-system.md](references/workflow-system.md)。

package/.claude/skills/video-clone/references/kling-api.md

@@ -1,7 +1,8 @@
-# Kling 3.0 via PiAPI — what the script handles + what you need to know
+# Video generation with audio — what the script handles + what you need to know
 
-The full pipeline (frame upload → submit task → poll → download with
-retry) lives in `scripts/kling_generate.py`. Run it, don't hand-roll it.
+The `kling_generate.py` script calls the **Optima generation backend**, which
+routes to Kling 3.0 internally. The script itself knows nothing about the
+upstream provider — only the backend does.
 
 ```bash
 python scripts/kling_generate.py --project <name> --frame <confirmed-frame.png>
@@ -9,44 +10,76 @@ python scripts/kling_generate.py --project <name> --frame <confirmed-frame.png>
 #          --cfg-scale 0.5  --no-audio
 ```
 
-## When to use Kling vs `gen video`
+## When to use `kling_generate.py` vs `gen_video.py`
 
 | Need audio / lip sync? | Use |
 |---|---|
-| Yes | `kling_generate.py` (Kling 3.0, ~$1 per 10s) |
-| No | `gen_video.py` (Wan 2.6, ~$0.02 per 10s) |
+| Yes | `kling_generate.py` ($0.15/s ≈ $1.50 per 10s equivalent) |
+| No | `gen_video.py` (~$0.02 per 10s equivalent) |
 
-## Non-obvious traps (all already handled by the script)
+Both scripts go through the same generation backend and the same billing
+middleware — the difference is server-side provider selection.
 
-- `cfg_scale` **must be float**. Passing a string makes PiAPI coerce it to
-  `500` which produces nonsense. The script uses `float(cfg)`.
-- Status field is lowercase `"completed"` (not `"Completed"`).
-- Output field differs by version: 3.0 returns `output.video`, 2.6 returns
-  `output.video_url`. Script hardcodes 3.0's `output.video`.
-- `enable_audio` is 3.0-only — no-op on 2.6.
-- PiAPI CDN drops large downloads; the script retries 3× with 5s backoff.
-- Kling rejects base64 in `image_url`. The script uploads to
-  freeimage.host first to get a public URL. Do not switch to catbox.moe
-  (PiAPI's servers can't reach it).
+## Auth + API URL discovery
 
-## Prompt sourcing
+`kling_generate.py` mirrors the `@optima-chat/gen-cli` auth convention, so
+any user who has run `optima login` is automatically ready — no extra env
+setup needed.
 
-The script reads the prompt from `<project>/prompt.md`. If you want to
-use a different prompt for a test run, edit `prompt.md` (it's versioned
-via `log.md` in the project dir, so edits are recoverable).
+Token resolution (first match wins):
 
-## Negative prompt (hardcoded in script)
+1. `OPTIMA_TOKEN` env var
+2. `~/.optima/token.json` (`access_token` field)
 
-```
-slow motion, dreamy, ethereal, cinematic, blurry,
-distorted, deformed hands, extra fingers
-```
+Generation API URL resolution (first match wins):
+
+1. `GENERATION_API_URL` env var
+2. `~/.optima/token.json` `env` field → `ci` / `stage` / `prod` mapping
+3. default: `https://gen-api.optima.onl` (prod)
+
+If neither token source resolves, the script exits 1 with a clear hint
+(`Run `optima login` or set OPTIMA_TOKEN`). **No fallback to direct upstream
+calls** — that would bypass billing.
+
+Run `scripts/preflight.py` to verify the auth state and other deps.
+
+The `requests` Python package is also required.
+
+## Billing
+
+Billing is entirely server-side. When `kling_generate.py` calls
+`POST /api/video/generate`, the backend's billing middleware pre-deducts
+credits from the user's Optima wallet based on `metadata.duration`. If the
+upstream task later fails, the server refunds the credits automatically
+(see `billingClient.refund()` in the generation service worker).
+
+This means the skill never sees raw USD pricing — it just sends a request
+and waits. The user's wallet is the source of truth for how much was spent.
+
+## Error handling
+
+`_submit()` translates the common billing errors into readable messages:
+
+- HTTP 402 `INSUFFICIENT_CREDITS` — user does not have enough credits
+- HTTP 403 `PLAN_RESTRICTED` — user's plan does not include video generation
+
+Other HTTP errors propagate via `raise_for_status()`. Polling uses the
+backend's unified `GET /api/task/{id}` endpoint.
+
+## Non-obvious traps (now handled server-side)
+
+The `cfg_scale`-must-be-float / lowercase-status / 3.0-vs-2.6 response
+differences / freeimage-vs-catbox quirks are all handled by the server's
+PiAPI adapter (`optima-gen: packages/generation/src/adapters/piapi-video.ts`).
+The skill no longer has to know about them.
 
-Changing this requires editing `kling_generate.py` directly — it's
-deliberately not a CLI flag because the same negatives apply to every run.
+## What changed vs the old direct-PiAPI version
 
-## Required environment
+Before: script uploaded to freeimage.host, submitted to PiAPI, polled PiAPI,
+downloaded from Kling CDN. No billing. Shared PiAPI key hardcoded in the
+skill.
 
-- `PIAPI_KEY` env var — run `scripts/preflight.py` to verify
-- `requests` Python package — the script imports lazily and prints a
-  clear error if missing
+After: script sends one POST + polls one endpoint on the Optima backend.
+Billing is automatic. No upstream API keys in the skill. Provider switches
+(if the Kling API ever changes) happen server-side without touching any
+client code.

package/.claude/skills/video-clone/scripts/kling_generate.py

@@ -1,21 +1,34 @@
-"""Phase 3: generate video via Kling 3.0 over PiAPI.
+"""Phase 3: generate video with audio via the Optima generation backend.
+
+The generation backend routes to Kling 3.0 (PiAPI) when provider="piapi".
+Billing is automatic — the server's billing middleware deducts credits from
+the user's Optima wallet at submit time and refunds on task failure.
 
 Usage:
     python scripts/kling_generate.py --project <name> --frame <path> \
         [--duration 10] [--aspect-ratio 9:16] [--mode std] \
         [--cfg-scale 0.5] [--no-audio]
 
-Pipeline (ported verbatim from references/kling-api.md):
-    1. Gate: requires preview_confirmed.
-    2. Upload first frame to freeimage.host → get public URL.
-    3. POST /api/v1/task to PiAPI with kling model + 3.0 params.
-    4. Poll /api/v1/task/{id} every 15s until status=='completed'.
-    5. Download mp4 with 3-attempt retry (5s backoff).
+Auth & API URL discovery (matches @optima-chat/gen-cli convention):
+    Token:
+        1. OPTIMA_TOKEN env var
+        2. ~/.optima/token.json ("access_token" field)
+    Generation API URL:
+        1. GENERATION_API_URL env var
+        2. ~/.optima/token.json ("env" field) → ci/stage/prod mapping
+        3. default: prod (https://gen-api.optima.onl)
+
+A logged-in user (`optima login`) has both automatically; no server-side
+env injection is required.
 
-Reads prompt from <project>/prompt.md. Writes output to <project>/videos/
-with a versioned filename.
+Pipeline:
+    1. Gate: requires preview_confirmed.
+    2. POST <GEN_URL>/api/video/generate with provider="piapi" + base64 frame.
+       Server-side billing middleware pre-deducts credits here.
+    3. Poll GET <GEN_URL>/api/task/{id} every 10s until completed/failed.
+    4. Download result_url to <project>/videos/ (3-attempt retry).
 
-Requires: PIAPI_KEY env var. Run `python scripts/preflight.py` first if unsure.
+Reads prompt from <project>/prompt.md. Writes output with a versioned filename.
 """
 from __future__ import annotations
 
@@ -30,82 +43,143 @@ from pathlib import Path
 from _gate import require_gate
 from _project import resolve_project, next_version, append_log
 
-# Lazy import of requests so py_compile / gate checks work without the dep.
 try:
     import requests  # type: ignore
 except ImportError:  # pragma: no cover
     requests = None
 
-FREEIMAGE_KEY = "6d207e02198a847aa98d0a2a901485a5"
-FREEIMAGE_URL = "https://freeimage.host/api/1/upload"
-PIAPI_BASE = "https://api.piapi.ai/api/v1"
-DEFAULT_NEGATIVE = (
-    "slow motion, dreamy, ethereal, cinematic, blurry, "
-    "distorted, deformed hands, extra fingers"
-)
+POLL_INTERVAL_S = 10
+POLL_TIMEOUT_S = 15 * 60  # 15 min (server side uses 10 min, leave 5 min headroom)
+DOWNLOAD_RETRIES = 3
+DOWNLOAD_BACKOFF_S = 5
 
+TOKEN_FILE = Path.home() / ".optima" / "token.json"
+API_URLS = {
+    "prod": "https://gen-api.optima.onl",
+    "stage": "https://gen-api.stage.optima.onl",
+}
 
-def _upload_frame(frame: Path) -> str:
-    img_b64 = base64.b64encode(frame.read_bytes()).decode()
-    r = requests.post(
-        FREEIMAGE_URL,
-        data={"key": FREEIMAGE_KEY, "action": "upload",
-              "source": img_b64, "format": "json"},
-        timeout=60,
+
+def _load_token_file() -> dict | None:
+    """Read ~/.optima/token.json if present. Returns parsed dict or None."""
+    if not TOKEN_FILE.is_file():
+        return None
+    try:
+        data = json.loads(TOKEN_FILE.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return None
+    if not data.get("access_token"):
+        return None
+    return data
+
+
+def _get_token() -> str:
+    """Resolve the Optima auth token.
+
+    Order matches @optima-chat/gen-cli: env var > token.json. Fail fast with
+    a login hint if neither is available.
+    """
+    env_token = os.environ.get("OPTIMA_TOKEN", "").strip()
+    if env_token:
+        return env_token
+    data = _load_token_file()
+    if data:
+        return data["access_token"]
+    print(
+        "ERROR: Optima token not found. Set OPTIMA_TOKEN or run `optima login`.",
+        file=sys.stderr,
     )
-    r.raise_for_status()
-    data = r.json()
-    return data["image"]["url"]
+    sys.exit(1)
+
 
+def _get_gen_api_url() -> str:
+    """Resolve the generation service base URL.
 
-def _submit(api_key: str, prompt: str, image_url: str,
+    Order matches @optima-chat/gen-cli: GENERATION_API_URL > token.json env
+    field > prod default.
+    """
+    override = os.environ.get("GENERATION_API_URL", "").strip()
+    if override:
+        return override.rstrip("/")
+    data = _load_token_file()
+    env = (data or {}).get("env") or "prod"
+    return API_URLS.get(env, API_URLS["prod"])
+
+
+def _auth_header(token: str) -> str:
+    """Accept either 'Bearer xxx' or a raw token; normalize to Bearer form."""
+    return token if token.lower().startswith("bearer ") else f"Bearer {token}"
+
+
+def _submit(gen_url: str, auth: str, prompt: str, frame_b64: str,
             duration: int, aspect: str, mode: str,
             cfg: float, audio: bool) -> str:
+    """POST /api/video/generate with provider='piapi'. Returns backend task_id.
+
+    On billing failure the server returns 402 (INSUFFICIENT_CREDITS) or
+    403 (PLAN_RESTRICTED); both are surfaced as actionable errors.
+    """
     payload = {
-        "model": "kling",
-        "task_type": "video_generation",
-        "input": {
-            "prompt": prompt,
-            "negative_prompt": DEFAULT_NEGATIVE,
-            "image_url": image_url,
-            "duration": duration,
-            "aspect_ratio": aspect,
-            "mode": mode,
-            "version": "3.0",
-            "cfg_scale": float(cfg),  # MUST be float
-            "enable_audio": audio,
-        },
-        "config": {"service_mode": "public"},
+        "provider": "piapi",
+        "image": frame_b64,
+        "prompt": prompt,
+        "duration": duration,
+        "aspect_ratio": aspect,
+        "mode": mode,
+        "cfg_scale": float(cfg),
+        "enable_audio": audio,
     }
     r = requests.post(
-        f"{PIAPI_BASE}/task",
-        headers={"x-api-key": api_key, "Content-Type": "application/json"},
+        f"{gen_url}/api/video/generate",
+        headers={"Authorization": auth, "Content-Type": "application/json"},
         json=payload, timeout=60,
     )
+    if r.status_code == 402:
+        raise RuntimeError(f"INSUFFICIENT_CREDITS: {r.json().get('error', {}).get('message', 'not enough credits')}")
+    if r.status_code == 403:
+        raise RuntimeError(f"PLAN_RESTRICTED: {r.json().get('error', {}).get('message', 'plan does not include video generation')}")
     r.raise_for_status()
-    return r.json()["data"]["task_id"]
+    return r.json()["task_id"]
+
 
+def _poll(gen_url: str, auth: str, task_id: str) -> tuple[str, dict]:
+    """Poll /api/task/{id} until completed or failed. Returns (result_url, result_meta).
 
-def _poll(api_key: str, task_id: str) -> str:
+    On client-side timeout the task may still complete server-side (credits
+    already deducted). The task_id is included in the timeout message so the
+    caller can re-check later via GET /api/task/<id>.
+    """
+    start = time.monotonic()
     while True:
+        if time.monotonic() - start > POLL_TIMEOUT_S:
+            raise RuntimeError(
+                f"polling timed out after {POLL_TIMEOUT_S}s (task_id={task_id}). "
+                f"Task may still complete server-side — query "
+                f"GET /api/task/{task_id} to check status and retrieve the result."
+            )
         r = requests.get(
-            f"{PIAPI_BASE}/task/{task_id}",
-            headers={"x-api-key": api_key}, timeout=60,
+            f"{gen_url}/api/task/{task_id}",
+            headers={"Authorization": auth}, timeout=60,
         )
         r.raise_for_status()
-        d = r.json().get("data", {})
+        d = r.json()
         status = d.get("status", "")
         if status == "completed":
-            return d["output"]["video"]  # 3.0 uses output.video
+            url = d.get("result_url")
+            if not url:
+                raise RuntimeError(
+                    f"task {task_id} completed but result_url missing from response"
+                )
+            return url, d.get("result_meta") or {}
         if status == "failed":
-            raise RuntimeError(d.get("error", d))
-        print(f"  status: {status} — polling again in 15s")
-        time.sleep(15)
+            raise RuntimeError(d.get("error_message") or f"task {task_id} failed without error message")
+        print(f"  status: {status} — polling again in {POLL_INTERVAL_S}s")
+        time.sleep(POLL_INTERVAL_S)
 
 
 def _download(url: str, out: Path) -> None:
     last_err = None
-    for attempt in range(3):
+    for attempt in range(DOWNLOAD_RETRIES):
         try:
             r = requests.get(url, timeout=300)
             r.raise_for_status()
@@ -113,9 +187,9 @@ def _download(url: str, out: Path) -> None:
             return
         except Exception as e:
             last_err = e
-            print(f"  download attempt {attempt + 1}/3 failed: {e}")
-            time.sleep(5)
-    raise RuntimeError(f"download failed after 3 attempts: {last_err}")
+            print(f"  download attempt {attempt + 1}/{DOWNLOAD_RETRIES} failed: {e}")
+            time.sleep(DOWNLOAD_BACKOFF_S)
+    raise RuntimeError(f"download failed after {DOWNLOAD_RETRIES} attempts: {last_err}")
 
 
 def main() -> int:
@@ -137,10 +211,8 @@ def main() -> int:
               file=sys.stderr)
         return 1
 
-    api_key = os.environ.get("PIAPI_KEY", "2fccd94d5825b15840a27b8110e077b29ee3adb38c62fedd95d9e922ad440954")
-    if not api_key:
-        print("ERROR: PIAPI_KEY env var not set. See preflight.py.", file=sys.stderr)
-        return 1
+    gen_url = _get_gen_api_url()
+    auth = _auth_header(_get_token())
 
     frame = Path(args.frame)
     if not frame.is_file():
@@ -153,28 +225,36 @@ def main() -> int:
         return 1
     prompt = prompt_path.read_text(encoding="utf-8").strip()
 
-    print("Uploading frame to freeimage.host …")
-    image_url = _upload_frame(frame)
-    print(f"  image_url: {image_url}")
+    frame_b64 = base64.b64encode(frame.read_bytes()).decode()
 
     print("Submitting video generation task …")
-    task_id = _submit(
-        api_key, prompt, image_url,
-        duration=args.duration, aspect=args.aspect_ratio, mode=args.mode,
-        cfg=args.cfg_scale, audio=not args.no_audio,
-    )
+    try:
+        task_id = _submit(
+            gen_url, auth, prompt, frame_b64,
+            duration=args.duration, aspect=args.aspect_ratio, mode=args.mode,
+            cfg=args.cfg_scale, audio=not args.no_audio,
+        )
+    except RuntimeError as e:
+        print(f"ERROR: {e}", file=sys.stderr)
+        return 1
     print(f"  task_id: {task_id}")
 
     print("Polling for completion …")
-    video_url = _poll(api_key, task_id)
-    print(f"  video_url: {video_url}")
+    try:
+        result_url, result_meta = _poll(gen_url, auth, task_id)
+    except RuntimeError as e:
+        print(f"ERROR: {e}", file=sys.stderr)
+        return 1
+    print(f"  result_url: {result_url}")
+    if result_meta:
+        print(f"  result_meta: {result_meta}")
 
     out = next_version(project_dir / "videos", f"video_{args.duration}s_", ".mp4")
     print(f"Downloading → {out}")
-    _download(video_url, out)
+    _download(result_url, out)
 
     print(f"\nDone: {out}")
-    append_log(project_dir, f"video_generated_with_audio → {out.name}")
+    append_log(project_dir, f"video_generated_with_audio → {out.name} (task {task_id})")
     return 0
 
 

package/.claude/skills/video-clone/scripts/kling_generate_test.py

@@ -0,0 +1,191 @@
+"""Tests for the pure helper functions in kling_generate.py.
+
+No network. We do not exercise _submit / _poll / _download — those are
+I/O-bound and covered by end-to-end staging runs. Unit tests here keep the
+helper contracts honest so refactors don't silently break the auth-header
+normalization or the token / API-URL discovery order.
+
+Run: python scripts/kling_generate_test.py
+"""
+from __future__ import annotations
+
+import json
+import os
+import subprocess
+import sys
+import tempfile
+from pathlib import Path
+from unittest import mock
+
+SCRIPTS_DIR = Path(__file__).parent
+sys.path.insert(0, str(SCRIPTS_DIR))
+
+import kling_generate  # noqa: E402
+
+
+# ---------- _auth_header ----------
+
+def test_auth_header_adds_bearer_prefix():
+    assert kling_generate._auth_header("xyz123") == "Bearer xyz123"
+
+
+def test_auth_header_preserves_existing_bearer():
+    assert kling_generate._auth_header("Bearer xyz123") == "Bearer xyz123"
+
+
+def test_auth_header_is_case_insensitive_on_existing_prefix():
+    assert kling_generate._auth_header("bearer xyz123") == "bearer xyz123"
+    assert kling_generate._auth_header("BEARER xyz123") == "BEARER xyz123"
+
+
+# ---------- _get_token ----------
+
+def test_get_token_prefers_env_var(tmp_token_file):
+    tmp_token_file.write_text(
+        json.dumps({"access_token": "from-file", "env": "prod"}), encoding="utf-8"
+    )
+    os.environ["OPTIMA_TOKEN"] = "from-env"
+    try:
+        assert kling_generate._get_token() == "from-env"
+    finally:
+        os.environ.pop("OPTIMA_TOKEN", None)
+
+
+def test_get_token_falls_back_to_file(tmp_token_file):
+    os.environ.pop("OPTIMA_TOKEN", None)
+    tmp_token_file.write_text(
+        json.dumps({"access_token": "file-xyz", "env": "stage"}), encoding="utf-8"
+    )
+    assert kling_generate._get_token() == "file-xyz"
+
+
+def test_get_token_exits_when_neither_source_has_token(tmp_token_file):
+    os.environ.pop("OPTIMA_TOKEN", None)
+    # tmp_token_file does not exist (fixture creates parent, caller decides)
+    # Here: don't create the file — _load_token_file should return None
+    code = (
+        "import sys; sys.path.insert(0, r'{d}'); import kling_generate; "
+        "kling_generate._get_token()"
+    ).format(d=str(SCRIPTS_DIR))
+    env = {**os.environ}
+    env.pop("OPTIMA_TOKEN", None)
+    env["HOME"] = str(tmp_token_file.parent.parent)   # .../.optima/token.json → HOME = .../
+    env["USERPROFILE"] = env["HOME"]
+    result = subprocess.run(
+        [sys.executable, "-c", code], capture_output=True, text=True, env=env,
+    )
+    assert result.returncode == 1
+    assert "optima login" in result.stderr or "OPTIMA_TOKEN" in result.stderr
+
+
+# ---------- _get_gen_api_url ----------
+
+def test_get_gen_api_url_env_override_wins(tmp_token_file):
+    tmp_token_file.write_text(
+        json.dumps({"access_token": "t", "env": "stage"}), encoding="utf-8"
+    )
+    os.environ["GENERATION_API_URL"] = "https://custom.example/api"
+    try:
+        assert kling_generate._get_gen_api_url() == "https://custom.example/api"
+    finally:
+        os.environ.pop("GENERATION_API_URL", None)
+
+
+def test_get_gen_api_url_trims_trailing_slash():
+    os.environ["GENERATION_API_URL"] = "https://custom.example/"
+    try:
+        assert kling_generate._get_gen_api_url() == "https://custom.example"
+    finally:
+        os.environ.pop("GENERATION_API_URL", None)
+
+
+def test_get_gen_api_url_reads_env_from_token_file(tmp_token_file):
+    os.environ.pop("GENERATION_API_URL", None)
+    tmp_token_file.write_text(
+        json.dumps({"access_token": "t", "env": "stage"}), encoding="utf-8"
+    )
+    assert kling_generate._get_gen_api_url() == "https://gen-api.stage.optima.onl"
+
+
+def test_get_gen_api_url_defaults_to_prod_when_no_file(tmp_token_file):
+    os.environ.pop("GENERATION_API_URL", None)
+    # tmp_token_file not created → should default to prod
+    assert kling_generate._get_gen_api_url() == "https://gen-api.optima.onl"
+
+
+# ---------- fixture ----------
+
+class _TmpToken:
+    """Manage a throwaway ~/.optima/token.json by monkey-patching the module constant."""
+    def __init__(self):
+        self.tmp = tempfile.TemporaryDirectory()
+        self.path = Path(self.tmp.name) / ".optima" / "token.json"
+        self.path.parent.mkdir(parents=True)
+        self._orig = kling_generate.TOKEN_FILE
+        kling_generate.TOKEN_FILE = self.path
+
+    def write_text(self, *a, **kw):
+        self.path.write_text(*a, **kw)
+
+    @property
+    def parent(self):
+        return self.path.parent
+
+    def cleanup(self):
+        kling_generate.TOKEN_FILE = self._orig
+        self.tmp.cleanup()
+
+
+def _with_tmp_token_file(fn):
+    """Decorator-ish: pass a fresh _TmpToken to the test, then clean up."""
+    def wrapped():
+        h = _TmpToken()
+        try:
+            return fn(h)
+        finally:
+            h.cleanup()
+    return wrapped
+
+
+# Rebind each test to wrap with the fixture
+test_get_token_prefers_env_var = _with_tmp_token_file(test_get_token_prefers_env_var)
+test_get_token_falls_back_to_file = _with_tmp_token_file(test_get_token_falls_back_to_file)
+test_get_token_exits_when_neither_source_has_token = _with_tmp_token_file(test_get_token_exits_when_neither_source_has_token)
+test_get_gen_api_url_env_override_wins = _with_tmp_token_file(test_get_gen_api_url_env_override_wins)
+test_get_gen_api_url_reads_env_from_token_file = _with_tmp_token_file(test_get_gen_api_url_reads_env_from_token_file)
+test_get_gen_api_url_defaults_to_prod_when_no_file = _with_tmp_token_file(test_get_gen_api_url_defaults_to_prod_when_no_file)
+
+
+TESTS = [
+    ("auth_header adds Bearer prefix", test_auth_header_adds_bearer_prefix),
+    ("auth_header preserves Bearer", test_auth_header_preserves_existing_bearer),
+    ("auth_header case-insensitive on prefix", test_auth_header_is_case_insensitive_on_existing_prefix),
+    ("get_token: env wins over file", test_get_token_prefers_env_var),
+    ("get_token: falls back to token.json", test_get_token_falls_back_to_file),
+    ("get_token: exits 1 when neither source", test_get_token_exits_when_neither_source_has_token),
+    ("get_gen_api_url: env override wins", test_get_gen_api_url_env_override_wins),
+    ("get_gen_api_url: trims trailing slash", test_get_gen_api_url_trims_trailing_slash),
+    ("get_gen_api_url: reads env from token.json", test_get_gen_api_url_reads_env_from_token_file),
+    ("get_gen_api_url: defaults to prod", test_get_gen_api_url_defaults_to_prod_when_no_file),
+]
+
+
+def main() -> int:
+    failed = 0
+    for name, fn in TESTS:
+        try:
+            fn()
+            print(f"PASS  {name}")
+        except AssertionError as e:
+            failed += 1
+            print(f"FAIL  {name}: {e}")
+        except Exception as e:
+            failed += 1
+            print(f"ERROR {name}: {type(e).__name__}: {e}")
+    print()
+    print(f"{len(TESTS) - failed}/{len(TESTS)} passed")
+    return 0 if failed == 0 else 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())

package/.claude/skills/video-clone/scripts/preflight.py

@@ -1,9 +1,10 @@
 """Pre-flight environment check for the video-clone skill.
 
 Verifies the external dependencies the executor scripts will need:
-    - `gen` CLI        — gen image / gen video
+    - `gen` CLI       — gen image / gen video (routed through generation backend)
     - `ffmpeg` / `ffprobe`
-    - PIAPI_KEY env var — for Kling 3.0
+    - Optima auth     — either OPTIMA_TOKEN env var or ~/.optima/token.json
+                        (matches @optima-chat/gen-cli convention)
     - Python >= 3.10
 
 Exits 0 if all checks pass, 1 otherwise. On failure, prints a human-readable
@@ -14,10 +15,14 @@ No state, no side effects.
 """
 from __future__ import annotations
 
+import json
 import os
 import shutil
 import subprocess
 import sys
+from pathlib import Path
+
+TOKEN_FILE = Path.home() / ".optima" / "token.json"
 
 
 def _check_binary(name: str, fix_hint: str) -> tuple[bool, str]:
@@ -35,17 +40,22 @@ def _check_binary(name: str, fix_hint: str) -> tuple[bool, str]:
     return True, f"{name}: OK ({path}) {head}".strip()
 
 
-_BUILTIN_KEYS = {
-    "PIAPI_KEY": "2fccd94d5825b15840a27b8110e077b29ee3adb38c62fedd95d9e922ad440954",
-}
-
-
-def _check_env(name: str, fix_hint: str) -> tuple[bool, str]:
-    val = os.environ.get(name) or _BUILTIN_KEYS.get(name)
-    if not val:
-        return False, f"${name}: NOT SET. {fix_hint}"
-    src = "env" if os.environ.get(name) else "builtin"
-    return True, f"${name}: OK ({src}, len={len(val)})"
+def _check_optima_auth() -> tuple[bool, str]:
+    """Token comes from OPTIMA_TOKEN env var OR ~/.optima/token.json (gen-cli convention)."""
+    if os.environ.get("OPTIMA_TOKEN"):
+        return True, "Optima token: OK (source=env OPTIMA_TOKEN)"
+    if TOKEN_FILE.is_file():
+        try:
+            data = json.loads(TOKEN_FILE.read_text(encoding="utf-8"))
+            if data.get("access_token"):
+                env = data.get("env", "prod")
+                return True, f"Optima token: OK (source={TOKEN_FILE}, env={env})"
+        except (OSError, json.JSONDecodeError):
+            pass
+    return (
+        False,
+        f"Optima token: NOT FOUND. Run `optima login` or set OPTIMA_TOKEN env var.",
+    )
 
 
 def _check_python() -> tuple[bool, str]:
@@ -65,10 +75,7 @@ CHECKS = [
     ),
     lambda: _check_binary("ffmpeg", "Install ffmpeg and ensure it is on PATH."),
     lambda: _check_binary("ffprobe", "Install ffmpeg (bundles ffprobe)."),
-    lambda: _check_env(
-        "PIAPI_KEY",
-        "Required for Kling 3.0 via PiAPI. Set with: export PIAPI_KEY=sk-...",
-    ),
+    lambda: _check_optima_auth(),
 ]
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@optima-chat/optima-agent",
-  "version": "0.8.92",
+  "version": "0.8.93",
   "description": "基于 Claude Agent SDK 的电商运营 AI 助手",
   "type": "module",
   "main": "dist/src/index.js",