@tacoreai/web-sdk 1.22.1-beta.2 → 1.24.0

package/database/core/apps/AppsClient.AI.js

@@ -1,6 +1,107 @@
 export const appsClientAiMethods = {
   // ==================== AI 能力 ====================
 
+  async streamRuntime(options = {}) {
+    try {
+      const messages = Array.isArray(options.messages) ? options.messages : [];
+      if (!messages.length && !options.systemPrompt) {
+        throw new Error("messages or systemPrompt is required for AI runtime.");
+      }
+
+      if (!options.onChunk || typeof options.onChunk !== "function") {
+        throw new Error("onChunk callback is required for streaming.");
+      }
+
+      const requestData = {
+        ...options,
+        appId: this._getDataSourceAppId(),
+        projectId: options.projectId || this.config.projectId,
+        model: options.model || "agent:tacore-1.2",
+        messages,
+        stream: true,
+      };
+      delete requestData.onChunk;
+      delete requestData.onComplete;
+      delete requestData.onError;
+      delete requestData.signal;
+
+      const url = `${this.config.apiBaseUrl}/apps/ai/runtime/run`;
+      const response = await fetch(url, {
+        method: "POST",
+        headers: this._getRequestHeaders(),
+        body: JSON.stringify(requestData),
+        signal: options.signal,
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => "");
+        throw new Error(errorText || `HTTP ${response.status}: ${response.statusText}`);
+      }
+
+      const reader = response.body?.getReader();
+      if (!reader) {
+        throw new Error("Response body is not readable");
+      }
+
+      const decoder = new TextDecoder();
+      let buffer = "";
+
+      try {
+        while (true) {
+          const { done, value } = await reader.read();
+          if (done) break;
+
+          buffer += decoder.decode(value, { stream: true });
+          while (true) {
+            const lineEnd = buffer.indexOf("\n");
+            if (lineEnd === -1) break;
+
+            const line = buffer.slice(0, lineEnd).trim();
+            buffer = buffer.slice(lineEnd + 1);
+            if (!line || line.startsWith(":")) continue;
+
+            if (line.startsWith("data: ")) {
+              const data = line.slice(6);
+              if (data === "[DONE]") {
+                options.onComplete?.();
+                return;
+              }
+
+              try {
+                const parsed = JSON.parse(data);
+                const choice = parsed?.choices?.[0];
+                if (parsed?.error || choice?.error) {
+                  const streamError = new Error(parsed?.error?.message || choice?.error?.message || parsed?.message || "AI runtime error");
+                  options.onError?.(streamError);
+                  return;
+                }
+                if (choice?.delta?.hasOwnProperty("content")) {
+                  options.onChunk(choice.delta.content || "", parsed);
+                }
+                if (choice?.finish_reason === "stop") {
+                  options.onComplete?.();
+                  return;
+                }
+              } catch (parseError) {
+                console.warn("Failed to parse runtime SSE data:", parseError);
+              }
+            }
+          }
+        }
+
+        options.onComplete?.();
+      } finally {
+        reader.cancel();
+      }
+    } catch (error) {
+      if (error.name === "AbortError") {
+        return;
+      }
+      options.onError?.(error);
+      throw error;
+    }
+  },
+
   async streamCompletion(options = {}) {
     try {
       if (!options.messages || !Array.isArray(options.messages)) {
@@ -12,7 +113,7 @@ export const appsClientAiMethods = {
       }
 
       const requestData = {
-        appId: this.appId,
+        appId: this._getDataSourceAppId(),
         model: options.model || "agent:tacore-1.2",
         messages: options.messages,
         temperature: options.temperature,

package/database/core/apps/AppsClient.AppServer.js

@@ -21,6 +21,29 @@ const isBrowserPreviewRuntime = () => {
   return pathname.startsWith("/app-run/");
 };
 
+const normalizeAppId = value => String(value || "").trim();
+
+const getAppServerOwnerAppId = function() {
+  const explicitOwnerAppId = normalizeAppId(this.config?.appServerOwnerAppId);
+  if (explicitOwnerAppId) {
+    return explicitOwnerAppId;
+  }
+
+  const shellAppId = normalizeAppId(this.config?.appId);
+  if (shellAppId) {
+    return shellAppId;
+  }
+
+  if (typeof this._getChannelAppId === "function") {
+    const channelAppId = normalizeAppId(this._getChannelAppId());
+    if (channelAppId) {
+      return channelAppId;
+    }
+  }
+
+  return normalizeAppId(this.appId);
+};
+
 const hasOwn = (value, key) => Object.prototype.hasOwnProperty.call(value, key);
 
 const isPlainObject = (value) => Object.prototype.toString.call(value) === "[object Object]";
@@ -100,22 +123,23 @@ const clearPreviewSessionToken = (appId) => {
 
 const getPreviewSessionToken = async function(options = {}) {
   const { forceRefresh = false } = options;
+  const appServerOwnerAppId = getAppServerOwnerAppId.call(this);
   if (forceRefresh) {
-    clearPreviewSessionToken(this.appId);
+    clearPreviewSessionToken(appServerOwnerAppId);
   }
 
-  const cachedToken = previewSessionTokenCache.get(this.appId);
+  const cachedToken = previewSessionTokenCache.get(appServerOwnerAppId);
   if (cachedToken) {
     return cachedToken;
   }
 
-  const pendingRequest = previewSessionPromiseCache.get(this.appId);
+  const pendingRequest = previewSessionPromiseCache.get(appServerOwnerAppId);
   if (pendingRequest) {
     return pendingRequest;
   }
 
   const requestPromise = (async () => {
-    const endpoint = `/appserver-preview/session?appId=${encodeURIComponent(this.appId)}`;
+    const endpoint = `/appserver-preview/session?appId=${encodeURIComponent(appServerOwnerAppId)}`;
     const response = await fetch(endpoint, {
       method: "GET",
       headers: {
@@ -138,15 +162,15 @@ const getPreviewSessionToken = async function(options = {}) {
       throw new Error("[AppServer-PreviewSession] Missing preview token in session response.");
     }
 
-    previewSessionTokenCache.set(this.appId, previewToken);
+    previewSessionTokenCache.set(appServerOwnerAppId, previewToken);
     return previewToken;
   })();
 
-  previewSessionPromiseCache.set(this.appId, requestPromise);
+  previewSessionPromiseCache.set(appServerOwnerAppId, requestPromise);
   try {
     return await requestPromise;
   } finally {
-    previewSessionPromiseCache.delete(this.appId);
+    previewSessionPromiseCache.delete(appServerOwnerAppId);
   }
 };
 
@@ -367,7 +391,8 @@ const buildRemoteRequestInit = function(
 };
 
 const invokeByPlatformProxy = async function(appServerAPIName, payload, options = {}) {
-  const endpoint = `/apps/invokeAppServerAPI?appId=${encodeURIComponent(this.appId)}&apiName=${encodeURIComponent(appServerAPIName)}`;
+  const appServerOwnerAppId = getAppServerOwnerAppId.call(this);
+  const endpoint = `/apps/invokeAppServerAPI?appId=${encodeURIComponent(appServerOwnerAppId)}&apiName=${encodeURIComponent(appServerAPIName)}`;
   const response = await fetch(
     `${this.config.apiBaseUrl}${endpoint}`,
     buildRemoteRequestInit.call(this, payload, options, {}, {
@@ -378,7 +403,8 @@ const invokeByPlatformProxy = async function(appServerAPIName, payload, options
 };
 
 const invokeByPreviewProxyOnce = async function(appServerAPIName, payload, options = {}, previewToken) {
-  const endpoint = `/appserver-preview/invokeAppServerAPI?appId=${encodeURIComponent(this.appId)}&apiName=${encodeURIComponent(appServerAPIName)}`;
+  const appServerOwnerAppId = getAppServerOwnerAppId.call(this);
+  const endpoint = `/appserver-preview/invokeAppServerAPI?appId=${encodeURIComponent(appServerOwnerAppId)}&apiName=${encodeURIComponent(appServerAPIName)}`;
   const response = await fetch(
     endpoint,
     buildRemoteRequestInit.call(this, payload, options, {
@@ -398,7 +424,7 @@ const invokeByPreviewProxy = async function(appServerAPIName, payload, options =
       throw error;
     }
 
-    clearPreviewSessionToken(this.appId);
+    clearPreviewSessionToken(getAppServerOwnerAppId.call(this));
     previewToken = await getPreviewSessionToken.call(this, { forceRefresh: true });
     return await invokeByPreviewProxyOnce.call(this, appServerAPIName, payload, options, previewToken);
   }

package/database/core/apps/AppsClient.Data.js

@@ -136,6 +136,24 @@ export const appsClientDataMethods = {
     }
   },
 
+  async runTransactionAction(action = {}) {
+    try {
+      if (!action || typeof action !== "object" || Array.isArray(action)) {
+        throw new Error("action must be a plain object");
+      }
+
+      const requestData = {
+        appId: this.appId,
+        ...action,
+      };
+      const result = await this._post("/apps/actions/run", requestData);
+      return result.data || result;
+    } catch (error) {
+      console.error(`执行AI应用事务动作失败 (action: ${action?.name || action?.actionName || "unknown"}):`, error);
+      throw error;
+    }
+  },
+
   // ==================== 便捷方法 ====================
 
   async hasData(modelName) {

package/database/core/apps/AppsClient.js

@@ -86,6 +86,9 @@ class AppsClient extends BaseAppsClient {
       "deleteData": ({ modelName, wyID, options }) =>
         this.deleteData(modelName, wyID, options),
 
+      "actions/run": params => this.runTransactionAction(params),
+      "runTransactionAction": params => this.runTransactionAction(params),
+
       // === 电商模块 ===
       "createProduct": params => this.createProduct(params),
       "updateProduct": ({ productId, data }) => this.updateProduct(productId, data),
@@ -178,6 +181,7 @@ class AppsClient extends BaseAppsClient {
 
       // === AI ===
       "streamCompletion": options => this.streamCompletion(options),
+      "ai/runtime/run": options => this.streamRuntime(options),
 
       // === Knowledge Base ===
       "createKnowledgeBaseDataStore": params => this.createKnowledgeBaseDataStore(params),

package/database/core/apps/AppsPublicClient.js

@@ -22,6 +22,7 @@ export class AppsPublicClient extends BaseAppsClient {
   get adapters() {
     return {
       'submitPublicData': ({ modelName, data }) => this.submitPublicData(modelName, data),
+      'createPublicData': ({ modelName, data }) => this.createPublicData(modelName, data),
       'readConfiguredPublicData': (params = {}) => {
         const { modelName, query, ...rest } = params;
 
@@ -56,7 +57,7 @@ export class AppsPublicClient extends BaseAppsClient {
       }
 
       const result = await this._post("/apps/public/data/submit", {
-        appId: this.appId,
+        appId: this._getDataSourceAppId(),
         modelName: modelName,
         data: jsonData,
       });
@@ -71,6 +72,35 @@ export class AppsPublicClient extends BaseAppsClient {
     }
   }
 
+  /**
+   * 按模型策略公开写入数据。
+   * 后端只校验 `publicWrite` 策略和来源应用，不写入任何业务语义。
+   */
+  async createPublicData(modelName, jsonData) {
+    try {
+      if (!modelName) {
+        throw new Error("modelName is required");
+      }
+      if (!jsonData || typeof jsonData !== "object") {
+        throw new Error("jsonData must be a valid object");
+      }
+
+      const result = await this._post("/apps/data/public/create", {
+        appId: this._getDataSourceAppId(),
+        modelName,
+        data: jsonData,
+      });
+
+      console.log(
+        `✅ [AppsPublicClient] Public data created successfully for model: ${modelName} in app: ${this._getDataSourceAppId()}`
+      );
+      return result;
+    } catch (error) {
+      console.error(`公开写入数据失败 (model: ${modelName}):`, error);
+      throw error;
+    }
+  }
+
   /**
    * 读取由 AppsClient.writeData 设为公共的数据 (通过 publicConfig)
    * @param {string} modelName - 模型名称

package/database/core/apps/BaseAppsClient.js

@@ -5,6 +5,9 @@ const PREVIEW_APPSERVER_API_KEY_HEADER = "x-tacore-preview-app-server-api-key";
 const FORWARDED_APP_SERVER_API_KEY_HEADER = "x-tacore-forwarded-app-server-api-key";
 const APP_SERVER_SERVICE_TOKEN_HEADER = "x-tacore-app-server-service-token";
 const APP_SERVER_OWNER_APP_ID_HEADER = "x-tacore-app-server-owner-app-id";
+const CHANNEL_APP_ID_HEADER = "x-tacore-channel-app-id";
+const INTEROP_APP_SERVER_API_KEY_REQUIRED_ERROR =
+  "tacoreServerInteropAppServerApiKey is required for backend environment. Provide it in config or via TACORE_SERVER_INTEROP_APP_SERVER_API_KEY env var.";
 const APP_SERVER_SERVICE_CREDENTIAL_REQUIRED_ERROR =
   "AppServer service credential is required for backend service auth. Provide TACORE_SERVER_INTEROP_APP_SERVER_API_KEY + TACORE_APP_SERVER_SERVICE_TOKEN, or forward a validated appServerApiKey.";
 
@@ -63,6 +66,8 @@ const hasAppServerServiceCredential = (config = {}) => {
 const shouldRequireAppServerServiceCredential = (config = {}) =>
   isBackend && !isSSR && config.enableAppServerServiceAuth === true;
 
+const normalizeAppId = value => String(value || "").trim();
+
 /**
  * Apps SDK 基类
  * 封装通用的配置管理、Header构建、HTTP请求逻辑
@@ -168,6 +173,37 @@ export class BaseAppsClient {
     // 默认不进行额外的业务错误检查
   }
 
+  /**
+   * 获取本次 Apps 请求的数据上下文应用。
+   * dataSourceId 是数据、认证、权限、计费等运行时上下文锚点；当前壳应用仅作为渠道来源。
+   */
+  _getDataSourceAppId() {
+    return normalizeAppId(this.config.dataSourceId) || normalizeAppId(this.appId);
+  }
+
+  /**
+   * 获取渠道应用 ID。渠道身份只用于来源校验、归因和审计，不改变业务数据归属。
+   */
+  _getChannelAppId() {
+    const dataSourceAppId = this._getDataSourceAppId();
+    const explicitChannelAppId = normalizeAppId(this.config.channelAppId);
+    if (explicitChannelAppId && explicitChannelAppId !== dataSourceAppId) {
+      return explicitChannelAppId;
+    }
+
+    const currentShellAppId = normalizeAppId(this.config.appId);
+    if (currentShellAppId && currentShellAppId !== dataSourceAppId) {
+      return currentShellAppId;
+    }
+
+    const constructorAppId = normalizeAppId(this.appId);
+    if (constructorAppId && constructorAppId !== dataSourceAppId) {
+      return constructorAppId;
+    }
+
+    return "";
+  }
+
   /**
    * 构建请求头
    * @param {Object} additionalHeaders - 额外的 Header
@@ -194,8 +230,13 @@ export class BaseAppsClient {
     if (this.config.projectId) {
       headers["x-project-id"] = this.config.projectId;
     }
-    if (this.appId) {
-      headers["x-app-id"] = this.appId;
+    const dataSourceAppId = this._getDataSourceAppId();
+    const channelAppId = this._getChannelAppId();
+    if (dataSourceAppId) {
+      headers["x-app-id"] = dataSourceAppId;
+    }
+    if (channelAppId) {
+      headers[CHANNEL_APP_ID_HEADER] = channelAppId;
     }
 
     const token = this._getAccessToken();

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tacoreai/web-sdk",
   "description": "This file is for app server package, not the real npm package",
-  "version": "1.22.1-beta.2",
+  "version": "1.24.0",
   "type": "module",
   "publishConfig": {
     "access": "public",
@@ -13,7 +13,7 @@
     "./app-server-runtime": "./database/core/apps/AppServerRuntime.js"
   },
   "scripts": {
-    "release": "npm version minor && git commit -am \"web-sdk update version\" && git push && npm publish",
+    "release": "npm version minor && git commit -am \"web-sdk update version\" && npm publish && git push",
     "release:beta": "npm version prerelease --preid beta --no-git-tag-version && git commit -am \"web-sdk update beta version\" && npm publish --tag beta"
   }
 }