@tencent-rtc/trtc-agent-skills 0.1.0 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/.cursor/rules/ui-mode.mdc +99 -0
  2. package/AGENTS.md +111 -0
  3. package/CLAUDE.md +133 -0
  4. package/CODEBUDDY.md +131 -0
  5. package/README.md +28 -42
  6. package/README.zh.md +24 -42
  7. package/ai-instructions/base.md +13 -0
  8. package/ai-instructions/ui-mode.md +93 -0
  9. package/bin/cli.js +428 -13
  10. package/hooks/cursor-adapter.py +315 -0
  11. package/hooks/hooks-cursor.json +39 -0
  12. package/hooks/hooks.json +67 -0
  13. package/knowledge-base/index.yaml +8 -0
  14. package/knowledge-base/scenarios/conference/base/general-conference.md +6 -3
  15. package/knowledge-base/slices/conference/web/integration-audit.md +155 -0
  16. package/knowledge-base/slices/conference/web/login-auth.md +2 -1
  17. package/knowledge-base/slices/conference/web/official-roomkit-login-ui.md +41 -13
  18. package/knowledge-base/slices/conference/web/prejoin-check.md +8 -5
  19. package/package.json +7 -1
  20. package/skills/trtc/SKILL.md +7 -6
  21. package/skills/trtc/room-builder/SKILL.md +4 -9
  22. package/skills/trtc/room-builder/assets/local-usersig/basic-info-config.ts +39 -0
  23. package/skills/trtc/room-builder/assets/local-usersig/lib-generate-test-usersig-es.min.d.ts +4 -0
  24. package/skills/trtc/room-builder/assets/local-usersig/lib-generate-test-usersig-es.min.js +2 -0
  25. package/skills/trtc-onboarding/SKILL.md +35 -33
  26. package/skills/trtc-onboarding/reference/path-a2-integrate.md +101 -57
  27. package/skills/trtc-onboarding/reference/path-b-troubleshoot.md +139 -68
  28. package/skills/trtc-onboarding/reference/reporting-protocol.md +2 -0
  29. package/skills/trtc-onboarding/reference/usersig-handling.md +98 -104
  30. package/skills/trtc-search/SKILL.md +7 -0
  31. package/skills/trtc-topic/SKILL.md +26 -42
  32. package/skills/trtc-apply/guardrails/apply_lib/__pycache__/__init__.cpython-313.pyc +0 -0
  33. package/skills/trtc-apply/guardrails/apply_lib/__pycache__/rule_parser.cpython-313.pyc +0 -0
  34. package/skills/trtc-topic/guardrails/__pycache__/gate_slice_read.cpython-313.pyc +0 -0
  35. package/skills/trtc-topic/guardrails/__pycache__/gate_slice_write.cpython-313.pyc +0 -0
  36. package/skills/trtc-topic/guardrails/__pycache__/stop_require_apply_evidence.cpython-313.pyc +0 -0
  37. package/skills/trtc-topic/scripts/__pycache__/apply.cpython-313.pyc +0 -0
  38. package/skills/trtc-topic/scripts/lib/__pycache__/state_machine.cpython-313.pyc +0 -0
  39. package/skills/trtc-topic/tests/__pycache__/conftest.cpython-313-pytest-9.0.2.pyc +0 -0
  40. package/skills/trtc-topic/tests/__pycache__/conftest.cpython-313-pytest-9.0.3.pyc +0 -0
  41. package/skills/trtc-topic/tests/__pycache__/test_apply_cli.cpython-313-pytest-9.0.2.pyc +0 -0
  42. package/skills/trtc-topic/tests/__pycache__/test_apply_cli.cpython-313-pytest-9.0.3.pyc +0 -0
  43. package/skills/trtc-topic/tests/__pycache__/test_end_to_end.cpython-313-pytest-9.0.2.pyc +0 -0
  44. package/skills/trtc-topic/tests/__pycache__/test_end_to_end.cpython-313-pytest-9.0.3.pyc +0 -0
  45. package/skills/trtc-topic/tests/__pycache__/test_finalize_session.cpython-313-pytest-9.0.2.pyc +0 -0
  46. package/skills/trtc-topic/tests/__pycache__/test_finalize_session.cpython-313-pytest-9.0.3.pyc +0 -0
  47. package/skills/trtc-topic/tests/__pycache__/test_gates.cpython-313-pytest-9.0.2.pyc +0 -0
  48. package/skills/trtc-topic/tests/__pycache__/test_gates.cpython-313-pytest-9.0.3.pyc +0 -0
  49. package/skills/trtc-topic/tests/__pycache__/test_session_resolver.cpython-313-pytest-9.0.2.pyc +0 -0
  50. package/skills/trtc-topic/tests/__pycache__/test_session_resolver.cpython-313-pytest-9.0.3.pyc +0 -0
  51. package/skills/trtc-topic/tests/__pycache__/test_state_machine.cpython-313-pytest-9.0.2.pyc +0 -0
  52. package/skills/trtc-topic/tests/__pycache__/test_state_machine.cpython-313-pytest-9.0.3.pyc +0 -0
  53. package/skills/trtc-topic/tests/__pycache__/test_stop_require_apply.cpython-313-pytest-9.0.2.pyc +0 -0
  54. package/skills/trtc-topic/tests/__pycache__/test_stop_require_apply.cpython-313-pytest-9.0.3.pyc +0 -0
  55. package/skills/trtc-topic/tests/__pycache__/test_topic_skill_invariants.cpython-313-pytest-9.0.2.pyc +0 -0
  56. package/skills/trtc-topic/tests/__pycache__/test_topic_skill_invariants.cpython-313-pytest-9.0.3.pyc +0 -0
@@ -1,140 +1,134 @@
1
- # UserSig Handling (Console-issued test UserSig)
1
+ # UserSig Handling (Conference Web)
2
2
 
3
- > Referenced during login code generation in A2-Q3 (when processing a login-auth
4
- > slice) and A1 (when configuring demo credentials).
3
+ > Referenced during login code generation in A2-Q2 / A2-Q3 (login-auth slice),
4
+ > official-roomkit completion, and A1 (demo credentials).
5
5
  >
6
- > **There is NO automatic UserSig generation path.** The skill does NOT generate
7
- > UserSig — not via MCP, not via client-side signing, not via any local script.
8
- > Test UserSig is ALWAYS obtained by the user from the TRTC console and pasted in.
9
- > Your job is to (1) emit placeholders, (2) wire up input fields, and (3) hand
10
- > off clear "how to get & fill UserSig" instructions.
6
+ > Conference Web supports **three** `usersig_source` branches (from A2-Q1.5):
7
+ >
8
+ > | Value | Dev use | Login UI |
9
+ > |-------|---------|----------|
10
+ > | `local-dev` | Config + bundled signing lib | UserID only → `getBasicInfo(userId)` |
11
+ > | `console` | Paste test UserSig from TRTC console | UserID + SDKAppID + UserSig inputs |
12
+ > | `backend` | Production | UserID + API-fetched userSig |
13
+ >
14
+ > **Production** MUST use `backend`. `local-dev` and `console` are for development only.
15
+
16
+ ---
11
17
 
12
- ## Why no auto-generation
18
+ ## Path A — `local-dev`(config 本地自动签名,推荐)
13
19
 
14
- - **No MCP path.** Do NOT call any `get_usersig` MCP tool. Do NOT tell the user
15
- "I'll generate a UserSig for you via MCP." This capability is intentionally not
16
- part of the flow — never reference it, never attempt it, never imply it.
17
- - **No client-side signing.** Generating UserSig in the browser/client requires
18
- the `SecretKey`, which must never be shipped to a client. Forbidden (see § Never).
19
- - **Production** UserSig MUST be issued by the developer's own backend.
20
+ Uses the bundled signing lib (same as medical-consultation template):
21
+
22
+ ```
23
+ skills/trtc/room-builder/assets/local-usersig/
24
+ ```
20
25
 
21
- ## Generation Protocol (placeholder + console handoff)
26
+ | File | Purpose |
27
+ |------|---------|
28
+ | `basic-info-config.ts` | `SDKAPPID`, `SDKSECRETKEY`, `getBasicInfo(userId)` |
29
+ | `lib-generate-test-usersig-es.min.js` | Tencent test UserSig signer (dev only) |
30
+ | `lib-generate-test-usersig-es.min.d.ts` | TypeScript declarations |
22
31
 
23
- ### Step 1: Decide the test userID(s)
32
+ ### A2-Q2 (local-dev)
24
33
 
25
- Use `userXXX` (zero-padded 3-digit), default `user001`. If the scenario needs
26
- two participants (caller + callee, host + audience), also prepare `user002`.
27
- Honor any userID/naming preference the user already expressed.
34
+ Ask **SDKAppID** + **SecretKey** (控制台 应用管理 应用信息).
28
35
 
29
- ### Step 2: Emit placeholder credentials in the generated code
36
+ - Write `SDKAPPID` to `credentials.sdkappid` in session (reporting).
37
+ - Write both into `src/config/basic-info-config.ts` — **never** persist SecretKey in `.trtc-session.yaml`.
30
38
 
31
- Do NOT fill a real UserSig. Emit clearly-marked placeholders:
39
+ ### Login UI
40
+
41
+ UserID (+ meeting id). On submit: `login(getBasicInfo(userId))`.
32
42
 
33
43
  ```typescript
34
- // ================================================
35
- // Test credentials (development only)
36
- // ================================================
37
- const SDK_APP_ID = {sdkAppId}; // your SDKAppID (numeric; 0 if unknown)
38
- const USER_ID = 'user001'; // test user
39
- const USER_SIG = 'YOUR_USERSIG'; // ← paste a test UserSig from the TRTC console
40
-
41
- // ⚠️ A console-issued test UserSig is for development only and expires
42
- // (typically ~24h–7d depending on the console setting).
43
- // For production, issue UserSig from YOUR OWN backend.
44
- // See: https://trtc.io/document/34385
44
+ import { getBasicInfo } from '@/config/basic-info-config';
45
+ await login(getBasicInfo(userId));
46
+ ```
47
+
48
+ ### Handoff
49
+
50
+ ```
51
+ 1. 控制台复制 SDKAppID + SecretKey 填入 src/config/basic-info-config.ts
52
+ 2. 登录页输入 UserID(如 user001)— userSig 自动按 UserID 生成
53
+ ⚠️ SecretKey 仅本地调试;生产请后端签发。
45
54
  ```
46
55
 
47
- If the SDKAppID is known (the user provided it during onboarding), fill it in.
48
- Otherwise leave the `0` / `YOUR_SDKAPPID` placeholder. The UserSig is ALWAYS a
49
- placeholder.
56
+ ---
50
57
 
51
- ### Step 3: Provide a user-input entry
58
+ ## Path B `console`(控制台获取 UserSig 后粘贴)
52
59
 
53
- The generated login page / component MUST include input fields (or a config
54
- mechanism) that let the user paste their own userID and userSig at runtime.
60
+ Original flow **retained**. User generates UserSig in TRTC console and pastes it.
55
61
 
56
- **For Web (Vue/React):**
57
- - Input fields for userID and userSig in the login form
58
- - Pre-fill userID with `user001`; leave userSig empty or `YOUR_USERSIG`
59
- - Allow the user to type their own values before clicking login
62
+ ### A2-Q2 (console)
60
63
 
61
- **For Native (iOS/Android/Flutter):**
62
- - A config struct/object with the test defaults and a placeholder userSig
63
- - Clear comments marking where to paste the console-issued UserSig
64
- - Optionally: text fields on the login screen if the UI supports it
64
+ Ask **SDKAppID** only (same as before). Do not collect SecretKey.
65
65
 
66
- **Template pattern (Web Vue example):**
66
+ ### Generated code
67
67
 
68
- ```vue
69
- <template>
70
- <div class="login-form">
71
- <input v-model="userId" placeholder="UserID" />
72
- <input v-model="userSig" placeholder="Paste UserSig from TRTC console" type="password" />
73
- <button @click="handleLogin">Login</button>
74
- </div>
75
- </template>
68
+ ```typescript
69
+ const SDK_APP_ID = {sdkAppId};
70
+ const USER_ID = 'user001';
71
+ const USER_SIG = 'YOUR_USERSIG'; // ← paste from TRTC console
72
+ ```
76
73
 
77
- <script setup>
78
- import { ref } from 'vue';
74
+ Login form MUST include:
79
75
 
80
- // Pre-filled test userID; UserSig must be pasted from the console
81
- const userId = ref('user001');
82
- const userSig = ref(''); // paste a console-issued test UserSig
76
+ - UserID input (pre-fill `user001`)
77
+ - SDKAppID input (pre-fill if known)
78
+ - UserSig input (`type="password"`) empty or placeholder
83
79
 
84
- // SDKAppID (numeric); fill from your TRTC console
85
- const sdkAppId = {sdkAppId};
80
+ **Pairing rule (MUST surface in UI):**
86
81
 
87
- async function handleLogin() {
88
- // login logic using userId.value, userSig.value, sdkAppId
89
- }
90
- </script>
91
- ```
82
+ > UserSig 是按 **UserID** 在控制台签发的,两者必须一一对应。
83
+ > 在「UserSig 生成&校验」里填写的 UserID 必须与登录页一致。
92
84
 
93
- ### Step 4: Multiple test users (optional)
85
+ ### Handoff 如何获取并填入 UserSig
94
86
 
95
- If the scenario needs multiple users, emit a placeholder slot for each, clearly
96
- labeled. The user generates one UserSig per userID in the console:
87
+ ```
88
+ ⚠️ 还差一步才能登录:代码里的 userSig 是占位符,需从控制台获取。
97
89
 
98
- ```typescript
99
- // User A (e.g., host / caller)
100
- const USER_A_ID = 'user001';
101
- const USER_A_SIG = 'YOUR_USERSIG_FOR_user001'; // from console
90
+ 1. 打开 https://console.trtc.io/(国内站 https://console.cloud.tencent.com)
91
+ 2. 进入「快速跑通 / UserSig 生成&校验」
92
+ 3. 输入与登录页相同的 UserID(如 user001)生成 UserSig
93
+ 4. userSig 填入 <文件路径> USER_SIG / 登录表单 UserSig 框
94
+ SDKAppID 填入 <文件路径> 的 SDK_APP_ID / SDKAppID 框
102
95
 
103
- // User B (e.g., audience / callee) — use in a second browser tab or device
104
- const USER_B_ID = 'user002';
105
- const USER_B_SIG = 'YOUR_USERSIG_FOR_user002'; // ← from console
96
+ 注意:控制台 userSig 仅开发联调,会过期;生产环境必须由后端签发。
106
97
  ```
107
98
 
108
- ## Completion handoff UserSig fill guidance (MUST surface to the user)
99
+ Do **not** copy the signing bundle for `console`.
109
100
 
110
- Code comments alone are not enough. Because the generated login code NEVER
111
- contains a working pre-filled UserSig, you MUST — at the end of the integration
112
- (topic Step 4 area / official-roomkit completion / `integrate-feature` A2-Q4) —
113
- include a short, explicit **"如何获取并填入 UserSig"** block in the chat handoff,
114
- not buried in code comments. Template (translate to the user's language):
101
+ ---
115
102
 
116
- ```
117
- ⚠️ 还差一步才能登录:这套代码里的 userSig 是占位符,需要你从控制台获取真实值后填入。
103
+ ## Path C — `backend`(生产)
118
104
 
119
- 获取测试 userSig(开发联调用):
120
- 1. 打开 https://console.trtc.io/ → 选择你的应用
121
- 2. 进入「快速跑通 / UserSig 生成&校验」,输入一个 userId(如 user001)生成 UserSig
122
- 3. 把生成的 userSig 填到 <文件路径>:<行号>(变量 `USER_SIG` / 登录表单的 UserSig 输入框)
123
- SDKAppID 填到 <文件路径>(变量 `SDK_APP_ID`)
105
+ - No signing bundle, no SecretKey in client.
106
+ - Emit `fetch('/api/conference/usersig')` skeleton + TODO.
107
+ - `userSig` from API response at login time.
124
108
 
125
- 注意:控制台生成的 userSig 仅用于开发联调,会过期(约 24h–7d);生产环境必须由你的后端签发。
126
- ```
109
+ ---
110
+
111
+ ## Shared rules
112
+
113
+ ### Never
114
+
115
+ - Call any `get_usersig` MCP tool.
116
+ - Hand-roll with `crypto-js` / `pako` / `HmacSHA256` / custom `src/utils/usersig.ts`
117
+ (outside the bundled lib for `local-dev` only).
118
+ - Present dev paths as production-ready.
119
+
120
+ ### Allowed
127
121
 
128
- Fill in the real `<文件路径>:<行号>` from the code you just generated. Never claim
129
- the userSig was auto-generated — it is always a placeholder the user must fill.
122
+ | Branch | Allowed |
123
+ |--------|---------|
124
+ | `local-dev` | `SDKSECRETKEY` in `basic-info-config.ts` + bundled `lib-generate-test-usersig-es.min` |
125
+ | `console` | Placeholder `YOUR_USERSIG` + login form paste fields; no SecretKey |
126
+ | `backend` | API skeleton only; no SecretKey |
130
127
 
131
- ## Never
128
+ ### Branch self-check
132
129
 
133
- - **Never call any `get_usersig` MCP tool**, and never tell the user the skill can
134
- generate a UserSig for them via MCP. This path does not exist.
135
- - Never hardcode a real `SecretKey` in generated code (client OR sample).
136
- - Never generate userSig manually (HMAC-SHA256) in client code, and never add
137
- browser-side signing dependencies (`crypto-js`, `pako`, `tls-sig-api-v2`).
138
- - Never create a `**/usersig.*` or `**/generate-usersig.*` signer file.
139
- - Never present a test userSig as "production-ready" — always mark it test/dev
140
- only with an expiry warning, and direct production issuance to the user's backend.
130
+ | `usersig_source` | Expect | Forbid |
131
+ |------------------|--------|--------|
132
+ | `local-dev` | `getBasicInfo`, signing lib in `src/config/` | UserSig input on login page |
133
+ | `console` | UserSig + SDKAppID inputs, `YOUR_USERSIG` placeholder | Signing bundle, `SDKSECRETKEY` |
134
+ | `backend` | fetch skeleton | Signing bundle, SecretKey, UserSig placeholder as final value |
@@ -180,6 +180,13 @@ Bidirectional Chinese↔English translation for common vocabulary is delegated t
180
180
  | 踢人 | `kick`, `kickUserOutOfRoom` | Exact method name is non-intuitive |
181
181
  | 音效 | `audio-effect`, `changer`, `reverb`, `ear-monitor` | Multiple sub-capabilities under one colloquial term |
182
182
  | 观众 | `audience`, `LiveAudienceStore` | Associated Store name is not what a user would guess |
183
+ | 100211 / take-seat | `room-lifecycle`, standard room | Non-seat room internal sync; usually ignorable |
184
+ | 100006 / live room only | `room-lifecycle`, `official-roomkit-api` | Live API called in standard conference room |
185
+ | MediaPermissionCheck / getUserMedia 门禁 | `prejoin-check`, `device-control` | Lightweight browser gate vs Atomicx full prejoin test |
186
+ | DeviceDetector / 两套设备检测 | `prejoin-check`, `device-control` | Dual detection paths need layered responsibilities |
187
+ | 检查遗漏 / 业务流程 / 对照官方 | `conference/integration-audit` (meta slice) | Route to Path B intent F, not code review |
188
+ | 进房失败 | `login-auth`, `room-lifecycle` | Conference Web join/create flow |
189
+ | UserSig 过期 / 6206 | `login-auth` | IM auth layer; cross-product |
183
190
 
184
191
  For any phrasing NOT listed: let the LLM do its own Chinese↔English bridging, then match against `tags` / `name` / `description` directly. Do NOT expand this table defensively with obvious translations — it only pays for its maintenance cost on the non-obvious ones.
185
192
 
@@ -74,10 +74,9 @@ STOP the normal topic flow immediately. Do NOT show scenario capabilities, do
74
74
  NOT run `init_slice_queue.py`, do NOT call `next_slice.py`, do NOT read slice
75
75
  files for implementation, do NOT write composables, and do NOT run `apply.py`.
76
76
 
77
- Instead, run the "Headless Web Atomicx / no-UI API-direct mode" Phase H1
78
- business-flow audit below:
77
+ Instead, run the **TRTC AtomicX API UI 集成** Phase H1 business-flow audit below:
79
78
 
80
- 1. Identify the request as "Vue3 Web no-UI Atomicx API-direct integration".
79
+ 1. Present the request as: **使用 TRTC AtomicX API 实现无 UI 集成**(composables / stores,界面由业务自行实现)。
81
80
  2. Extract business role names only. Do not classify the request as education,
82
81
  medical, interview, consultation, or any other vertical scenario just because
83
82
  the prompt mentions role names such as teacher/student or doctor/patient.
@@ -133,10 +132,11 @@ Each scenario file declares its own format. Open `${CLAUDE_PLUGIN_ROOT}/${CLAUDE
133
132
  enhancement_level: minimal | complete # minimal = P0 only; complete = P0 + P1
134
133
  ```
135
134
  - **Form B coverage multi-select (`## 能力展示与 coverage 选择` with a 必装骨架 + 可选模块 multi-select)**: some scenarios (e.g. `general-conference`) are NOT "install everything" — they have an always-on skeleton plus optional modules that must be picked à la carte. When the scenario file declares this variant, follow its "执行规则" verbatim:
136
- 1. Pre-select ONLY the optional modules that match the session's `target_features` / original prompt (do NOT default-select the rest — this is what caused "user didn't ask for 美颜 but got it").
137
- 2. Run the file's `AskUserQuestion` multi-select (split into ≤4-option groups if needed).
138
- 3. Write `confirmed_plan = 必装骨架 + selected optional modules` to `${CLAUDE_PROJECT_DIR}/.trtc-session.yaml`. `confirmed_plan` is the source of truth for `init_slice_queue.py` and everything downstream unselected modules MUST NOT appear in it.
139
- 4. If the user's original request was explicitly "完整版 / give me everything", select all optional modules.
135
+ 1. Pre-select ONLY the optional modules that match the session's `target_features` / original prompt (do NOT default-select the rest).
136
+ 2. **Confirm-first shortcut:** when `target_features` already maps cleanly to optional modules (non-empty, unambiguous), show the matched list and ask ONE confirmation question ("以上增强能力无误,继续?") with options: (1) 确认,按此集成; (2) 需要调整能力范围 → then run multi-select. Do NOT re-ask the user to pick features they already named in the initial prompt.
137
+ 3. Only when `target_features` is empty/ambiguous OR the user chose "需要调整", run the file's `AskUserQuestion` multi-select (split into ≤4-option groups if needed).
138
+ 4. Write `confirmed_plan = 必装骨架 + selected optional modules` to `${CLAUDE_PROJECT_DIR}/.trtc-session.yaml`. `confirmed_plan` is the source of truth for `init_slice_queue.py` and everything downstream unselected modules MUST NOT appear in it.
139
+ 5. If the user's original request was explicitly "完整版 / give me everything", select all optional modules.
140
140
 
141
141
  Do NOT fall back to "walk the whole `slices:` frontmatter array" for a coverage-multi-select scenario — that re-introduces the over-integration bug.
142
142
 
@@ -217,7 +217,7 @@ For each step in the (filtered) scenario sequence:
217
217
  **Anti-padding rule (do NOT game the gate):** The gate only checks that the slice's *entry* symbol appears in real code and that there are no duplicate-declaration collisions. It is not a license to manufacture occurrences. NEVER add a redundant destructure, a wrapper function, or a duplicate declaration just to make a symbol show up. If a required symbol is already destructured from one composable, do NOT destructure the same name again from another (`subscribeEvent` from two `use*()` calls) and do NOT also declare it as a `function`/`const` (`getCameraList`) — that is a duplicate declaration that will not compile. When two composables genuinely export the same name, alias one: `const { subscribeEvent: subscribeParticipantEvent } = useRoomParticipantState()`. apply fails on these collisions, but the goal is to never write them in the first place.
218
218
  - **G4: Modular structure** — Break implementations into separate files with clear single responsibilities. Don't put all logic into one massive file. Each file should be focused and manageable.
219
219
  - **G5: Compilable by default** — Generated code must be compilable when added to a project with the correct SDK installed. Include all necessary imports, type declarations, and protocol conformances. If something can't compile without additional context, note it with a `// TODO:` comment explaining what's needed.
220
- - **G6: No client-side UserSig signing** — NEVER generate `src/utils/usersig.ts` or any browser-side UserSig signing utility. NEVER add `crypto-js`, `pako`, `tls-sig-api-v2` as dependencies. NEVER expose `SecretKey` in client code. For login/auth steps, follow `../trtc-onboarding/reference/usersig-handling.md`: emit placeholder values with TODO comments pointing the user to the TRTC console to generate a test UserSig (the skill does NOT auto-generate UserSig). If your generated code contains `HmacSHA256`, `generateUserSig`, `SecretKey` in a non-comment assignment, or imports `crypto-js`/`pako` — STOP, discard, and regenerate following the protocol.
220
+ - **G6: UserSig per `usersig-handling.md`** `local-dev`: bundled lib + `getBasicInfo(userId)`; `console`: UserSig paste fields + placeholder; `backend`: API skeleton. No hand-rolled `crypto-js`/`pako`/`src/utils/usersig.ts`.
221
221
  - **G7: No invented package versions** — Never write a SemVer range from memory for a Tencent SDK package. Training data goes stale; a guessed range that doesn't exist on the registry breaks `pnpm install` on first run.
222
222
 
223
223
  - Tencent SDKs (`@tencentcloud/*`, `tuikit-*`, `trtc-sdk-v5`, `trtc-js-sdk`): use `"latest"`.
@@ -232,7 +232,7 @@ For each step in the (filtered) scenario sequence:
232
232
 
233
233
  | Slice | Decision keys | Effect on generated code |
234
234
  |---|---|---|
235
- | `conference/login-auth` | `usersig_source` | `"backend"` → emit `fetch('/api/conference/usersig')` skeleton + TODO; `"console"` → emit `'YOUR_USERSIG'` + console-link comment(用户自行到 TRTC 控制台生成测试 UserSig 并填入,skill 不自动签发)|
235
+ | `conference/login-auth` | `usersig_source` | `"local-dev"` → bundled lib + `getBasicInfo`; `"console"` → paste fields + placeholder; `"backend"` fetch skeleton |
236
236
  | `conference/login-auth` | `userid_strategy` | `"direct"` → `userId = employee.id`; `"uuid-mapping"` → emit mapping fetch skeleton |
237
237
  | `conference/login-auth` | `on_session_lost` | `"redirect-login"` / `"auto-refresh"` / `"prompt-user"` → different `onLoginExpired` handler |
238
238
  | `conference/room-lifecycle` | `roomid_origin` | `"frontend"` → `createAndJoinRoom`; `"backend-precreated"` → `joinRoom` only + backend fetch; `"join-only"` → no create at all |
@@ -263,7 +263,7 @@ For each step in the (filtered) scenario sequence:
263
263
  1. Read the current slice's frontmatter `business_decisions:` field. Does it exist?
264
264
  2. If yes → for each key listed there, look up `session_context.business_decisions[<slice-id>][<key>]` in session.
265
265
  3. Any key unset? → check its `tier`: `blocking` (or unset) → STOP, route back to A2-Q1.5. `deferrable` → use its `default` + inject TODO, continue.
266
- 4. All keys resolved (answered or deferred-to-default) → branch the generated code per the values. Verify final code does not contain placeholders / hardcoded values that the decisions were supposed to resolve (e.g. `userSig: 'YOUR_USERSIG'` should only appear if `usersig_source = "console"`).
266
+ 4. All keys resolved → branch per `usersig_source` (`local-dev` / `console` / `backend`).
267
267
 
268
268
  4. **Highlight the gotchas** — surface the ALWAYS/NEVER rules that apply to this step. Frame them as "the common mistakes I've seen" rather than abstract rules.
269
269
  5. **Pause and confirm** — after presenting code and running `apply.py --slice <id>`, ALWAYS pause and wait for user confirmation before proceeding to the next step. See **Step 3 progression rules** below.
@@ -311,28 +311,19 @@ cache it for the whole session. `official-roomkit` is conference-only.
311
311
  1. `${CLAUDE_PLUGIN_ROOT}/skills/trtc/room-builder/SKILL.md` — use its
312
312
  "官方 RoomKit 集成模式" section as the source of truth.
313
313
  2. `${CLAUDE_PLUGIN_ROOT}/skills/trtc-onboarding/reference/usersig-handling.md`
314
- use it as the source of truth for test UserSig handling. Do not generate a
315
- client-side signer or write `SecretKey` into `src/`.
314
+ local-dev: bundled signing lib + `getBasicInfo(userId)`; backend: no SecretKey in client.
316
315
  3. The official quick-start and UI customization docs linked from that section
317
316
  when exact package imports, component names, or customization API details
318
317
  matter.
319
318
 
320
- **At skill entry, if `ui_mode = headless`, follow the "Headless Web Atomicx /
321
- no-UI API-direct mode" section below.**
319
+ **At skill entry, if `ui_mode = headless`, follow the「TRTC AtomicX API UI 集成」section below.**
322
320
 
323
- **Headless Web Atomicx / no-UI API-direct mode (MANDATORY when `ui_mode = headless` and `product = conference`, `platform = web`):**
321
+ **TRTC AtomicX API UI 集成(`ui_mode = headless`,`product = conference`,`platform = web`):**
324
322
 
325
- This is the path for customers who are not using the official demo, not copying a
326
- template, and not mounting the full RoomKit UI. They already have, or plan to
327
- build, their own business UI and want code that calls the Web no-UI Atomicx APIs
328
- directly.
323
+ 客户不使用官方 RoomKit 完整界面,自行实现业务 UI,通过 AtomicX API 接入会议能力。
329
324
 
330
- Treat this as a **general Web no-UI API integration**, not an education,
331
- medical, meeting, interview, consultation, or any other vertical scenario. Words
332
- such as "teacher/student", "doctor/patient", "host/member", "agent/customer",
333
- or "interviewer/candidate" are only business role names. Map them to SDK roles
334
- and permissions (`Owner` / `Admin` / `Member`) without changing the underlying
335
- API route.
325
+ Treat this as **使用 TRTC AtomicX API 实现无 UI 集成**, not a vertical scenario template. Role names
326
+ (teacher/student, doctor/patient, etc.) map to SDK roles only.
336
327
 
337
328
  **Official capability whitelist:**
338
329
 
@@ -359,7 +350,7 @@ When the customer gives a coarse prompt (for example an MCP-reported "check
359
350
  whether the business flow has major omissions" prompt), do NOT start by writing
360
351
  code. First return:
361
352
 
362
- 1. Recognition: "Vue3 Web no-UI Atomicx API-direct integration", plus the
353
+ 1. Recognition: **使用 TRTC AtomicX API 实现无 UI 集成**, plus the
363
354
  extracted business role names as role names only.
364
355
  2. Covered flow: list what the customer's sentence already covers.
365
356
  3. Major omissions: list missing decisions that affect code generation.
@@ -458,9 +449,10 @@ Generate small, embeddable modules for the customer's existing Vue 3 project:
458
449
  - Do not generate meeting-classic theme code or `ui-*` based meeting SFCs.
459
450
  - Do not use `@tencentcloud/roomkit-web-vue3` `ConferenceMainView` /
460
451
  `ConferenceMainViewH5` as the no-UI solution.
461
- - Do not generate any browser-side UserSig signer, expose `SecretKey`, or add
462
- signing dependencies such as `crypto-js`, `pako`, `HmacSHA256`, or
463
- `tls-sig-api-v2`.
452
+ - Do not hand-roll UserSig signing (`src/utils/usersig.ts`, `crypto-js`, `pako`,
453
+ `HmacSHA256`, `tls-sig-api-v2`). Branch per `usersig_source` and
454
+ `usersig-handling.md`: `local-dev` → bundled lib in `src/config/` only;
455
+ `console` → paste fields, no SecretKey; `backend` → API-fetched userSig only.
464
456
  - Do not call `createAndJoinRoom` / `joinRoom` before `login` and
465
457
  `setSelfInfo` finish.
466
458
  - Do not treat `scheduleRoom` as joining the audio/video room; scheduling is
@@ -492,18 +484,14 @@ Generate small, embeddable modules for the customer's existing Vue 3 project:
492
484
  | `ui_mode` | Output shape | Strategy |
493
485
  |---|---|---|
494
486
  | `official-roomkit` | Official RoomKit integration files | Integrate `@tencentcloud/roomkit-web-vue3` official components (`ConferenceMainView` / `ConferenceMainViewH5` inside `UIKitProvider`,`UIKitProvider` 从 `@tencentcloud/uikit-base-component-vue3` 导入) into the existing Vue 3 app. Verify the resolved RoomKit version is `>=5.4.3` before using UI customization APIs. Use `conference.login()`, `setSelfInfo()`, `createAndJoinRoom()` / `joinRoom()`, room events, and official customization APIs from room-builder's "官方 RoomKit 集成模式". Do NOT generate meeting-classic SFCs, `ui-*` class templates, or theme assets. |
495
- | `headless` | Web no-UI Atomicx composables + stores + types + README | Follow "Headless Web Atomicx / no-UI API-direct mode" above. First run Phase H1 business-flow audit when the customer prompt is under-specified. After the flow is clear, generate `src/trtc/composables/*.ts`, `src/trtc/types/index.ts`, and a top-level `README.md`. Do NOT generate any `.vue` files unless the user explicitly asks for a small integration example; if they do, keep it as a thin example that consumes the composables and does not become a demo/template. |
487
+ | `headless` | AtomicX composables + stores + types + README | Follow「TRTC AtomicX API UI 集成」above. Phase H1 audit when prompt is under-specified. Generate `src/trtc/composables/*.ts`, etc. No `.vue` unless user asks for a thin example. |
496
488
  | `null` or unset | Topic's default strategy | Fall back to the per-slice code-example approach (pre-ui_mode behavior). Unchanged. |
497
489
 
498
490
  **Official RoomKit mode acceptance check:**
499
491
 
500
492
  - The generated app imports and renders the official RoomKit components, not a
501
493
  recreated meeting UI.
502
- - Login code obtains `userSig` through the user's business backend, runtime
503
- input, or a placeholder filled from the TRTC console. It must not create
504
- `src/utils/usersig.ts`, expose `SecretKey` in client config, or use
505
- `crypto-js` / `pako` / `HmacSHA256` / `tls-sig-api-v2` to sign in browser
506
- code.
494
+ - Login per `usersig_source`: `local-dev` `getBasicInfo(userId)`; `console` paste UserSig from console (UserID must match); `backend` → API-issued userSig.
507
495
  - UI changes are implemented through official APIs only:
508
496
  `setWidgetVisible()`, `registerWidget()`, `onWill()`, and documented
509
497
  `setFeatureConfig()` calls.
@@ -521,13 +509,9 @@ The scenario file may reference slices with `status: planned`. When you hit one
521
509
 
522
510
  ### Step 4: Verify
523
511
 
524
- **Before the checklist — UserSig fill guidance (MUST):** the generated login
525
- code always uses a placeholder userSig (the skill does NOT auto-generate one).
526
- Surface the **"如何获取并填入 UserSig"** handoff block from
527
- [`../trtc-onboarding/reference/usersig-handling.md`](../trtc-onboarding/reference/usersig-handling.md)
528
- → "Completion handoff" to the user, with the real file path / line filled in.
529
- Direct the user to the TRTC console to generate a test userSig; never claim the
530
- userSig was auto-generated.
512
+ **Before the checklist — UserSig handoff (MUST):** surface the matching block from
513
+ `usersig-handling.md`: Path A (`local-dev`), Path B (`console` 如何获取并填入 UserSig),
514
+ or Path C (`backend`). Always remind: UserID 与 UserSig 必须匹配。
531
515
 
532
516
  After all steps are done, present the scenario's verification checklist. Walk through each item:
533
517