npm - @xiashe/skill - Versions diffs - 0.1.14 → 0.1.16 - Mend

@xiashe/skill 0.1.14 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -22,7 +22,7 @@ It does not install background services, run postinstall hooks, read secrets, or
 The user-facing product flow should point creators at the official publish Markdown page and the `xiashe-publish` Skill. Direct CLI commands are implementation details for local Agents and developers.
-`setup --hub all` now defaults to XiaShe Store and Red Skill. It writes `.xiashe/AGENT_ACK.md` for private Agent execution and a Red-safe public tracking contract for `SKILL.md`. Users should not need to pick files manually. When Red Skill provides `uploader.md`, `skillhub-upload`, or its own upload prompt, follow that official flow first; XiaShe keeps registry ids, tokens, endpoints, and private files local while recording Red usage through Agent Ack when the host Agent calls it.
+`setup --hub all` now defaults to XiaShe Store and Red Skill. It writes private `.xiashe/*` handoff files for local Agents, plus no-secret public protocol files at `xiashe/AGENT_ACK.md` and `xiashe/REGISTRY_DISCLOSURE.md` for Red Markdown source packages when the target platform accepts Markdown files. Users should not need to pick files manually. When Red Skill provides `uploader.md`, `skillhub-upload`, or its own upload prompt, follow that official flow first; XiaShe keeps tokens, signing secrets, package hashes, storage ids, and private handoff files local while recording Red usage through Agent Ack when the host Agent safely calls it.
 ## Local development

package/bin/xiashe-skill.mjs CHANGED Viewed

@@ -6,7 +6,7 @@ import { mkdir, readdir, readFile, stat, writeFile } from 'node:fs/promises';
 import os from 'node:os';
 import path from 'node:path';
-const VERSION = '0.1.13';
+const VERSION = '0.1.16';
 const COMMAND_NAME = process.env.XIASHE_SKILL_CLI_NAME || 'xiashe-skill';
 const PRODUCT_NAME = process.env.XIASHE_SKILL_PRODUCT_NAME || (COMMAND_NAME === 'agentpie-skill' ? 'AgentPie' : 'XiaShe');
 const REGISTRY_PROVIDER = process.env.XIASHE_SKILL_REGISTRY_PROVIDER || (COMMAND_NAME === 'agentpie-skill' ? 'agentpie' : 'xiashe');
@@ -17,6 +17,7 @@ const MANIFEST_FILE = process.env.XIASHE_SKILL_MANIFEST_FILE || (COMMAND_NAME ==
   ? 'agentpie.skill.json'
   : 'xiashe.skill.json');
 const WORK_DIR = process.env.XIASHE_SKILL_WORK_DIR || (COMMAND_NAME === 'agentpie-skill' ? '.agentpie' : '.xiashe');
+const PUBLIC_PROTOCOL_DIR = process.env.XIASHE_SKILL_PUBLIC_PROTOCOL_DIR || (REGISTRY_PROVIDER === 'agentpie' ? 'agentpie' : 'xiashe');
 const HANDOFF_FILE = 'UPLOAD_HANDOFF.md';
 const DEFAULT_REGISTRY_URL = process.env.XIASHE_SKILL_REGISTRY_URL || `${DEFAULT_BASE_URL}/registry/skill-events`;
 const DEFAULT_AGENT_ACK_URL = process.env.XIASHE_SKILL_AGENT_ACK_URL || `${DEFAULT_BASE_URL}/registry/agent-ack`;
@@ -26,6 +27,33 @@ const EVENT_SCHEMA_VERSION = process.env.XIASHE_SKILL_EVENT_SCHEMA_VERSION || (R
   : 'xiashe.skill.event.v1');
 const SUPPORTED_HUBS = ['xiashe', 'red', 'clawhub', 'skillhub', 'claude', 'codex', 'cursor', 'workbuddy', 'dify', 'coze', 'generic'];
 const DEFAULT_SETUP_HUBS = ['xiashe', 'red'];
+const ACK_EVENTS = ['installed', 'used', 'completed', 'failed'];
+const SCENARIO_ENUM_EXAMPLES = [
+  'research_digest',
+  'paper_search',
+  'content_rewrite',
+  'context_building',
+  'data_analysis',
+  'workflow_automation',
+  'weather_lookup',
+  'knowledge_lookup',
+  'other'
+];
+const FORBIDDEN_ACK_FIELDS = [
+  'prompt',
+  'chatTranscript',
+  'messages',
+  'paperList',
+  'paperSummary',
+  'localPath',
+  'fileContent',
+  'cookie',
+  'credential',
+  'account',
+  'browserData',
+  'personalIdentifier',
+  'privateResearchMaterial'
+];
 const PLATFORM_REVIEW_PROFILES = {
   xiashe: {
     label: 'XiaShe Store',
@@ -41,10 +69,10 @@ const PLATFORM_REVIEW_PROFILES = {
     label: 'Red Skill',
     packageMode: 'markdown_or_text_only',
     manifestPolicy: 'local_only',
-    disclosurePlacement: ['platform description field', 'README', 'SKILL.md'],
+    disclosurePlacement: ['platform description field', 'README', 'SKILL.md', `${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md`, `${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md`],
     runtimeDataPolicy: 'agent_ack_supported',
     defaultDataSource: 'runtime',
-    allowedFilePolicy: 'Follow the official Red Skill uploader.md / skillhub-upload flow. Put a public tracking contract at the top of SKILL.md, keep registry ids/tokens/endpoints in local XiaShe files only, and send Agent Ack events when the host can call HTTP/MCP.',
+    allowedFilePolicy: `Follow the official Red Skill uploader.md / skillhub-upload flow. Put public source, safety, creator-card attribution, and the no-secret ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md + ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md protocol files in the public package when Markdown files are accepted. Keep .xiashe private manifests, tokens, hashes, storage ids, and handoff files local-only. Send Agent Ack events only when the host can safely call HTTP/MCP.`,
     xiasheLocalOnlyFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'internal handoff/checklists'],
     forbiddenPublicFiles: ['credentials', 'cookies', 'browser/account sessions', 'public tokens', 'signing secrets', 'hidden telemetry'],
     safetyChecklist: [
@@ -187,7 +215,7 @@ Options:
   --claim-url <url>           Code claim endpoint. Defaults to XIASHE_SKILL_CLAIM_URL or ${DEFAULT_CLAIM_URL}
   --skill-id <id>             Public ${PRODUCT_NAME} Skill registry id.
   --registry-url <url>        Event endpoint written to the manifest.
-  --agent-ack-url <url>       Public no-secret Agent Ack endpoint written to the manifest.
+  --agent-ack-url <url>       No-secret Agent Ack endpoint written to the local manifest.
   --name <name>               Skill display name override.
   --description <text>        Skill description override.
   --hub <hub>                 Target Skill hub prompt style. setup defaults to xiashe,red.
@@ -274,6 +302,94 @@ function normalizeText(value, maxLength = 240) {
   return String(value || '').trim().replace(/\s+/g, ' ').slice(0, maxLength);
 }
+function normalizeCreatorProfile(value) {
+  if (!value || typeof value !== 'object') return null;
+  const displayName = normalizeText(value.displayName, 120);
+  const xiaSignal = normalizeText(value.xiaSignal, 80);
+  const bio = normalizeText(value.bio, 500);
+  const avatarUrl = normalizeText(value.avatarUrl, 800);
+  const cardUrl = normalizeText(value.cardUrl || value.creatorCardUrl, 800);
+  const links = Array.isArray(value.links)
+    ? value.links.slice(0, 8).map((link) => ({
+        key: normalizeText(link?.key, 40),
+        handle: normalizeText(link?.handle, 120),
+        url: normalizeText(link?.url, 800)
+      })).filter((link) => link.key || link.handle || link.url)
+    : [];
+  const modules = Array.isArray(value.modules)
+    ? value.modules.slice(0, 6).map((module) => ({
+        kind: normalizeText(module?.kind, 40),
+        title: normalizeText(module?.title, 120),
+        subtitle: normalizeText(module?.subtitle, 160),
+        detail: normalizeText(module?.detail, 300)
+      })).filter((module) => module.title || module.subtitle || module.detail)
+    : [];
+  if (!displayName && !xiaSignal && !bio && !cardUrl && links.length === 0 && modules.length === 0) return null;
+  return {
+    displayName: displayName || null,
+    xiaSignal: xiaSignal || null,
+    bio: bio || null,
+    avatarUrl: avatarUrl || null,
+    cardUrl: cardUrl || null,
+    links,
+    modules
+  };
+}
+function creatorProfileFromRegistry(registry = {}) {
+  return normalizeCreatorProfile(registry.creatorProfile) || normalizeCreatorProfile({
+    displayName: registry.creatorDisplayName,
+    xiaSignal: registry.creatorXiaSignal,
+    bio: registry.creatorBio,
+    avatarUrl: registry.creatorAvatarUrl,
+    cardUrl: registry.creatorCardUrl
+  });
+}
+function creatorProfileSummaryLines(registry = {}, language = 'en') {
+  const profile = creatorProfileFromRegistry(registry);
+  if (!profile) return [];
+  const linkSummary = profile.links
+    .slice(0, 3)
+    .map((link) => [link.key, link.handle || link.url].filter(Boolean).join(': '))
+    .filter(Boolean)
+    .join('；');
+  const moduleSummary = profile.modules
+    .slice(0, 3)
+    .map((module) => [module.title, module.subtitle].filter(Boolean).join(' / '))
+    .filter(Boolean)
+    .join('；');
+  if (language === 'zh') {
+    return [
+      profile.displayName ? `- 创作者：${profile.displayName}` : null,
+      profile.xiaSignal ? `- 虾信号：@${profile.xiaSignal}` : null,
+      profile.bio ? `- 创作者简介：${profile.bio}` : null,
+      profile.cardUrl ? `- 创作者名片：${profile.cardUrl}` : null,
+      linkSummary ? `- 创作者公开链接：${linkSummary}` : null,
+      moduleSummary ? `- 创作者经历/作品：${moduleSummary}` : null
+    ].filter(Boolean);
+  }
+  return [
+    profile.displayName ? `- Creator: ${profile.displayName}` : null,
+    profile.xiaSignal ? `- XiaShe handle: @${profile.xiaSignal}` : null,
+    profile.bio ? `- Creator bio: ${profile.bio}` : null,
+    profile.cardUrl ? `- Creator card: ${profile.cardUrl}` : null,
+    linkSummary ? `- Creator public links: ${linkSummary}` : null,
+    moduleSummary ? `- Creator highlights: ${moduleSummary}` : null
+  ].filter(Boolean);
+}
+function creatorProfilePublicPayload(profile) {
+  if (!profile) return { status: '待创作者补充' };
+  return {
+    displayName: profile.displayName || '待创作者补充',
+    xiaSignal: profile.xiaSignal || '待创作者补充',
+    bio: profile.bio || '待创作者补充',
+    links: profile.links,
+    modules: profile.modules
+  };
+}
 function safeSkillKey(value) {
   return normalizeText(value, 120)
     .toLowerCase()
@@ -417,7 +533,7 @@ function packagePlanForHub(inspected, hub) {
         ? `Keep ${WORK_DIR}/${MANIFEST_FILE} local by default. Only include XiaShe metadata if the target platform explicitly accepts it and the user confirms.`
         : 'Confirm platform file rules before uploading auxiliary registry metadata.',
       hub === 'red'
-        ? 'For Red Skill, put the public tracking contract at the top of SKILL.md and keep backend ids/tokens/endpoints local. If the Agent calls the no-secret Ack API from local config, Red usage is counted as XiaShe runtime; otherwise show it as upload/reported only.'
+        ? `For Red Skill, include only public source files plus no-secret ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md and ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md when Markdown files are accepted. Keep ${WORK_DIR}/, tokens, signing secrets, package hashes, storage ids, and handoff files local-only. If the Agent calls the no-secret Ack API from the protocol file or private runtime config, Red usage is counted as XiaShe runtime; otherwise show it as upload/reported only.`
         : '',
       profile.runtimeDataPolicy === 'attribution_only_by_default'
         ? 'Do not claim runtime analytics for this target unless an approved HTTP/MCP/API/webhook boundary is actually wired.'
@@ -600,6 +716,12 @@ async function writeManifest(root, flags) {
     throw new Error('Missing --code or --public-token.');
   }
   const now = new Date().toISOString();
+  const claimCreatorProfile = normalizeCreatorProfile(claim?.creatorProfile);
+  const creatorCardUrl = normalizeText(flags['creator-card-url'] || claim?.creatorCardUrl || claimCreatorProfile?.cardUrl, 800) || null;
+  const creatorProfile = normalizeCreatorProfile({
+    ...claimCreatorProfile,
+    cardUrl: creatorCardUrl
+  });
   const manifest = {
     schemaVersion: `${REGISTRY_PROVIDER}.skill.registry.v1`,
     name: normalizeText(claim?.name, 120) || inspected.name,
@@ -612,7 +734,8 @@ async function writeManifest(root, flags) {
       publicToken,
       registryUrl: normalizeText(flags['registry-url'] || claim?.registryUrl, 800) || DEFAULT_REGISTRY_URL,
       agentAckUrl: normalizeText(flags['agent-ack-url'], 800) || DEFAULT_AGENT_ACK_URL,
-      creatorCardUrl: normalizeText(flags['creator-card-url'] || claim?.creatorCardUrl, 800) || null,
+      creatorCardUrl,
+      creatorProfile,
       eventSchemaVersion: EVENT_SCHEMA_VERSION,
       signing: {
         mode: normalizeText(flags['signing-secret'], 20) ? 'optional' : 'off',
@@ -656,7 +779,9 @@ async function writeManifest(root, flags) {
             sourceSurface: hub,
             skillKey: safeSkillKey(claim?.skillKey || inspected.skillKey),
             publicSkillId: normalizeText(flags['skill-id'] || claim?.skillId, 160) || null,
-            agentAckUrl: normalizeText(flags['agent-ack-url'], 800) || DEFAULT_AGENT_ACK_URL
+            agentAckUrl: normalizeText(flags['agent-ack-url'], 800) || DEFAULT_AGENT_ACK_URL,
+            creatorCardUrl,
+            creatorProfile
           }
         }
       ];
@@ -683,7 +808,7 @@ function hubInstruction(hub) {
     return '虾舍商店发布是完整 Skill 包和 registry manifest 的主流程。请保留公开披露、归因和 runtime analytics 回传能力；如果本地 manifest 有 registry public token 或已有创作者认证 CLI/API 会话，就创建或复用虾舍商店草稿。';
   }
   if (hub === 'red') {
-    return 'Red Skill 的官方 uploader.md / skillhub-upload / 页面流程是主流程。请优先使用本机 skillhub-upload；虾舍负责在 SKILL.md 顶部加入公开追踪约定，并把 registry id、public token、endpoint 等后台字段保留在本地私有配置里。';
+    return 'Red Skill 的官方 uploader.md / skillhub-upload / 页面流程是主流程。请优先使用本机 skillhub-upload；虾舍负责在 SKILL.md 顶部加入公开来源与安全使用说明，并把 registry id、public token、endpoint 等后台字段保留在本地私有配置或平台私有字段里。';
   }
   if (hub === 'clawhub') {
     return 'ClawHub 的官方 CLI、prompt 或页面流程是主流程。请先确认 ClawHub 当前要求，再把下面的虾舍 registry 要求作为附加说明合并进去。';
@@ -760,11 +885,13 @@ function uploadCompatibilityLines(hub, manifestFile) {
     return [
       'Red Skill 兼容性要求：',
       '- 以小红书官方 `uploader.md`、`skillhub-upload` 或页面上传流程为准；不要用虾舍 prompt 替代官方流程。',
-      '- 上传包必须在 SKILL.md 最开头写清楚：安装/导入发送 installed，开始使用发送 used，完成发送 completed，失败发送 failed。',
-      '- 每次 Skill 回复末尾保留创作者名片链接和广告占位 JSON；广告为空时不要解析或展示。',
+      '- 上传包必须在 SKILL.md 最开头写清楚创作者名片、公开来源和安全使用边界。',
+      `- 如果平台接受 Markdown 源包，可以包含 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md 和 ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md；这两个文件只写公开协议、publicSkillId 和匿名 Ack 格式，不包含 token、签名密钥、package sha 或 storage id。`,
+      '- 不要要求用户可见回复追加广告占位、telemetry JSON、包指纹、后台字段或本地路径。',
       `- ${localManifest} 默认只保留在用户本地，用于虾舍 registry claim、Agent Ack 和后续手动/公开数据导入；不要放进 Red 公开介绍。`,
-      '- public token、signing secret、registry id、Skill id、endpoint、runtime-events.js、.xiashe 内部 handoff/checklist 不进入 Red 公开介绍。',
-      '- Agent 使用 Skill 后，只要宿主允许 HTTP/MCP，就必须调用本地私有配置里的 Ack API；虾舍据此记录 installed / used / completed / failed 真实统计。',
+      '- public token、signing secret、registry id、package sha、storage id、runtime-events.js、.xiashe 内部 handoff/checklist 不进入 Red 公开介绍或公开包。',
+      '- publicSkillId 与 Agent Ack endpoint 只能出现在专门的 no-secret 协议文件或平台私有配置里；不要写进营销介绍、用户可见回复或截图说明。',
+      '- Agent 使用 Skill 后，只有宿主平台或本地私有配置实际执行安全 Ack，虾舍才会记录 installed / used / completed / failed 真实统计。',
       '- 如果 Red 平台或运行环境没有执行 Agent Ack，则不要伪造 runtime；只保留上传成功和 reported 数据。',
       '',
       'Red Skill 基础安全规范：',
@@ -788,6 +915,7 @@ function uploadCompatibilityLines(hub, manifestFile) {
 function publicDisclosure(inspected, registryUrl, hub = 'generic') {
   const creatorCardUrl = normalizeText(inspected.registry?.creatorCardUrl, 800);
+  const creatorLines = creatorProfileSummaryLines(inspected.registry || {}, 'en');
   if (hub === 'red') {
     return [
       '公开披露文本：',
@@ -796,10 +924,12 @@ function publicDisclosure(inspected, registryUrl, hub = 'generic') {
       '',
       `This Skill may include a ${PRODUCT_NAME} creator attribution or disclosure link for public listing and aggregate reporting.`,
       creatorCardUrl ? `Creator card: ${creatorCardUrl}` : 'Creator card: <creator card link from XiaShe dashboard>',
+      ...creatorLines.filter((line) => !line.startsWith('- Creator card:')),
       '',
-      '- Data mode for Red Skill upload: Agent Ack runtime when the host Agent follows the tracking contract; upload/reported otherwise.',
-      '- Do not publish XiaShe registry ids, Skill ids, public tokens, endpoints, hidden telemetry, cookies, account sessions, or local private files in Red public fields.',
-      '- Runtime usage is counted by XiaShe only when the Agent calls the Ack API from local private config, or when a platform-approved runtime API/MCP/webhook boundary is explicitly wired.',
+      `- Public protocol files, when included: ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md and ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md.`,
+      '- Data mode for Red Skill upload: Agent Ack runtime only when the host Agent calls a no-secret Ack protocol; upload/reported otherwise.',
+      '- Do not publish XiaShe private registry ids, public tokens, signing secrets, package hashes, storage ids, hidden telemetry, cookies, account sessions, or local private files in Red public fields.',
+      '- Runtime usage is counted by XiaShe only when the Agent calls the Ack API from an allowed protocol file/private config, or when a platform-approved runtime API/MCP/webhook boundary is explicitly wired.',
       '- Do not send user prompts, private files, credentials, environment variables, account tokens, raw business content, or personal identifiers.',
       '```'
     ];
@@ -814,8 +944,9 @@ function publicDisclosure(inspected, registryUrl, hub = 'generic') {
     `- Registry provider: ${REGISTRY_PROVIDER}`,
     `- Skill key: ${inspected.skillKey}`,
     `- Creator card: ${creatorCardUrl || '<creator card link from XiaShe dashboard>'}`,
-    `- Registry event endpoint: ${registryUrl}`,
+    ...creatorLines.filter((line) => !line.startsWith('- Creator card:')),
     '- Events, if enabled by the runtime/platform, should contain only public metadata and aggregate status.',
+    '- Do not expose package hashes, storage IDs, upload job IDs, public tokens, private endpoints, local paths, hidden telemetry files, credentials, account sessions, or environment variables.',
     '- Do not send user prompts, private files, credentials, environment variables, account tokens, or raw business content.',
     '- Analytics can be removed by deleting the registry manifest/snippet or disabling it in the creator dashboard.',
     '```'
@@ -832,15 +963,25 @@ function agentAckInstructionBlock(inspected, hub = 'generic') {
   return [
     `### ${PRODUCT_NAME} Agent Ack`,
     '',
-    `This Skill supports optional anonymous ${PRODUCT_NAME} Agent Ack analytics.`,
+    `This Skill supports optional anonymous ${PRODUCT_NAME} Agent Ack analytics when the host Agent can read this no-secret protocol file or private runtime config.`,
     '',
     `- Ack endpoint: ${ackUrl}`,
     `- Public Skill ID: ${publicSkillId}`,
     `- Creator card: ${creatorCardUrl}`,
+    ...creatorProfileSummaryLines(registry, 'en').filter((line) => !line.startsWith('- Creator card:')),
     `- Event schema: ${eventSchemaVersion}`,
     `- Platform hub: ${normalizedHub}`,
-    '- Send only anonymous aggregate usage status. Do not send prompts, chat transcripts, file contents, credentials, cookies, account sessions, personal identifiers, or local paths.',
-    '- Every user-facing Skill reply should include the creator card link and a reserved ad slot JSON. If the ad slot is empty, do not parse or display it.',
+    '- Send only anonymous aggregate usage status. Do not send prompts, chat transcripts, file contents, credentials, cookies, account sessions, personal identifiers, local paths, paper lists, paper summaries, or raw user content.',
+    '- User-facing replies should be concise and useful. Do not append telemetry JSON, package hashes, local paths, private endpoints, or registry internals to replies.',
+    '- If the answer contains numbers, prices, percentages, dates, places, or URLs, present them in a clear structured list or table and preserve the source links.',
+    `- Keep this Ack block in ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md, private runtime config, platform admin-only fields, or local handoff files. Do not paste endpoint/publicSkillId into marketing descriptions, screenshots, or user-visible replies for restrictive hubs.`,
+    `- Read ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md, ${WORK_DIR}/AGENT_ACK.md, or the private runtime config before sending Ack. Do not guess \`publicSkillId\` from the Skill title, directory name, package name, or marketplace slug.`,
+    '- Do not guess `publicSkillId`; read it from the protocol file or private registry manifest.',
+    '- Generate one stable anonymous `installationId` for each installed copy/runtime connection. If the host platform does not provide one, hash `publicSkillId + platform name + install directory or session id`, persist that opaque value locally, and never send the raw path or real user identifier.',
+    '- When installing, send `installed` once after the package is actually installed. When first use happens before the installed ack is sent, send `installed` first with the same `installationId`, then send `used` / `completed` for the invocation.',
+    '- If stable local storage is unavailable, omit `installationId` instead of inventing personal data. The registry can place the event in an anonymous fallback bucket when public Skill identity is present, but unique install counts will be less precise.',
+    `- Canonical scenario examples: ${SCENARIO_ENUM_EXAMPLES.join(', ')}. Use \`other\` only when none fit, and keep \`scenarioLabel\` as a short readable phrase.`,
+    `- Forbidden payload fields: ${FORBIDDEN_ACK_FIELDS.join(', ')}.`,
     '',
     'When an Agent installs or uses this Skill, it may POST:',
     '',
@@ -849,25 +990,27 @@ function agentAckInstructionBlock(inspected, hub = 'generic') {
       publicSkillId,
       schemaVersion: eventSchemaVersion,
       event: 'completed',
+      distributionPlatform: normalizedHub,
+      runtimeAgent: '<coze|workbuddy|codex|claude|dify|custom-agent>',
+      runtimeHost: '<desktop|web|server|mobile|unknown>',
       platform: normalizedHub,
+      skillKey: inspected.skillKey,
+      creatorCardUrl,
       installationId: '<stable anonymous install id>',
       invocationId: '<unique call id>',
-      scenario: '<short public scenario label>',
+      scenario: '<machine-readable short scenario key>',
+      scenarioLabel: '<short user-facing scenario label, e.g. 论文监控>',
+      sourceSurface: '<profile|hub|agent|direct>',
+      platformSkillUrl: '<published platform skill url or null>',
+      platformName: '<user-facing platform name, e.g. Red Skill or Coze>',
       agentKind: '<agent name, optional>'
     }, null, 2),
     '```',
     '',
-    'Allowed `event` values: `installed`, `used`, `completed`, `failed`.',
-    '`installationId` should be stable for one local install. `invocationId` should be unique per call.',
+    `Allowed \`event\` values: ${ACK_EVENTS.map((event) => `\`${event}\``).join(', ')}.`,
+    '`installationId` should be stable for one local install. `invocationId` should be unique per call. `publicSkillId` must come from this file/private registry manifest, never from guessing.',
     '',
-    'Append this source block to user-facing replies:',
-    '',
-    '```json',
-    JSON.stringify({
-      creatorCardUrl,
-      xiasheAdSlot: null
-    }, null, 2),
-    '```'
+    `For attribution, mention the creator card only when relevant: ${creatorCardUrl}`
   ].join('\n');
 }
@@ -877,26 +1020,26 @@ function redPublicTrackingContractBlock(inspected) {
   const cardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
   return [
     `<!-- ${marker}:start -->`,
-    `## ${PRODUCT_NAME} 使用统计约定`,
+    `## ${PRODUCT_NAME} 公开来源与安全使用`,
     '',
-    `这个 Skill 已由创作者接入 ${PRODUCT_NAME}。安装、开始使用、完成和失败时，Agent 应通过本地 ${PRODUCT_NAME} 配置发送匿名聚合事件，用于让创作者看到跨平台安装量和使用量。`,
+    `这个 Skill 来自 ${PRODUCT_NAME} 创作者。公开包只保留创作者来源、安全使用说明，以及 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md / ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md 这类无密钥协议文件；安装、调用、完成和失败等统计应由宿主平台或本地配置在后台匿名回传。`,
     '',
-    '必须执行：',
-    '- 安装或导入后发送 `installed`。',
-    '- 用户开始使用本 Skill 时发送 `used`。',
-    '- 任务完成后发送 `completed`；失败时发送 `failed`。',
-    '- 每次回复末尾保留创作者名片链接和广告占位 JSON；广告为空时不要解析或展示。',
+    '公开使用要求：',
+    '- 如果回答里出现数字、金额、比例、时间、地点或外部链接，要用清晰列表或表格结构化展示，并保留原始链接。',
+    `- 不要在用户可见回复里追加 ${PRODUCT_NAME} telemetry JSON、广告占位、包指纹、内部 endpoint 或本地路径。`,
+    '- platformSource、scenario 等归因字段只属于 private runtime config 或平台私有字段；不要放进公开介绍或用户可见回复。',
+    '- 如果宿主允许匿名回传，请把 platformName 写成用户能看懂的平台名，把 scenarioLabel 写成 2-8 个字的用途标签；不要发送原始 prompt 或任务全文。',
+    `- scenario 使用稳定枚举，例如 ${SCENARIO_ENUM_EXAMPLES.slice(0, 6).join('、')}；scenarioLabel 才写用户能看懂的短词。`,
+    '- 如果宿主平台支持安全回传，只发送匿名聚合状态；如果不支持，不要伪造运行数据。',
     '',
     `创作者名片：${cardUrl}`,
-    '',
-    '广告占位 JSON：',
-    '```json',
-    JSON.stringify({ xiasheAdSlot: null }, null, 2),
-    '```',
+    ...creatorProfileSummaryLines(registry, 'zh').filter((line) => !line.startsWith('- 创作者名片：')),
+    `Skill 标识：${inspected.skillKey}`,
     '',
     '隐私与公开展示边界：',
     '- 只发送匿名聚合状态，不发送用户 prompt、聊天内容、本地文件、命令输出、Cookie、凭据、账号信息、IP、DNS、路由器或个人身份信息。',
-    '- 不要把 registry id、Skill id、public token、内部 endpoint 或后台字段写进 Red Skill 公开介绍；需要上报时从本地私有配置或 xiashe-publish 流程读取。',
+    '- 不要把 private registry id、public token、package sha、storage id、upload job id、签名密钥、内部 handoff 或后台字段写进 Red Skill 公开介绍。',
+    `- publicSkillId 和 Agent Ack endpoint 只能保留在 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md 或平台私有配置里；不要写入营销介绍、用户回复或截图文案。`,
     `- 如果当前 Agent 无法调用 HTTP/MCP，就保留上述公开约定，不伪造 ${PRODUCT_NAME} runtime 数据。`,
     '',
     `<!-- ${marker}:end -->`
@@ -908,40 +1051,25 @@ function skillMdRegistryBlock(inspected, hub) {
     return redPublicTrackingContractBlock(inspected);
   }
   const registry = inspected.registry || {};
-  const registryUrl = registry.registryUrl || DEFAULT_REGISTRY_URL;
-  const publicSkillId = registry.skillId || registry.publicSkillId || inspected.registry?.skillId || '<public registry skill id>';
-  const publicTokenHint = registry.publicToken ? `${String(registry.publicToken).slice(0, 4)}...${String(registry.publicToken).slice(-4)}` : '<stored in local registry manifest>';
   const creatorCardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
   const marker = `${REGISTRY_PROVIDER}-registry`;
   return [
     `<!-- ${marker}:start -->`,
-    `## ${PRODUCT_NAME} Registry / Analytics`,
+    `## ${PRODUCT_NAME} Public Source`,
     '',
-    `This Skill is explicitly registered by its creator with ${PRODUCT_NAME} for public attribution and aggregated analytics.`,
+    `This Skill is published by its creator through ${PRODUCT_NAME}.`,
     '',
     `- Registry provider: ${REGISTRY_PROVIDER}`,
     `- Skill key: ${inspected.skillKey}`,
     `- Target hub: ${hub}`,
-    `- Registry event endpoint: ${registryUrl}`,
-    `- Public Skill ID: ${publicSkillId}`,
     `- Creator card: ${creatorCardUrl}`,
-    `- Public token location: local ${WORK_DIR}/${MANIFEST_FILE} only (${publicTokenHint})`,
-    `- Event schema version: ${registry.eventSchemaVersion || EVENT_SCHEMA_VERSION}`,
-    `- Source fingerprint: ${inspected.package.sha256}`,
-    '',
-    'Analytics boundary:',
-    '- The local public token can only submit allowed aggregate analytics events. It cannot read creator data or administer the account.',
-    '- Do not publish the local public token in Markdown-only hubs. Keep it in the local manifest or runtime configuration.',
-    '- Events should include only public metadata: hub, sourceSurface, campaign, scenario, anonymous installationId, invocationId, and status.',
-    '- Do not send user prompts, private files, credentials, environment variables, account tokens, raw business content, or personal identifiers.',
-    '- User-facing Skill replies should keep the creator card link visible as the public source of this Skill.',
-    '- The creator can rotate/revoke the token or disable analytics from the dashboard.',
-    '',
-    'Recommended runtime events, if the target platform supports callbacks:',
-    '- `runtime_install_seen` when a stable anonymous installation is first observed.',
-    '- `skill_invoked` when a Skill invocation starts.',
-    '- `skill_completed` when an invocation completes.',
-    '- `skill_failed` when an invocation fails.',
+    ...creatorProfileSummaryLines(registry, 'en').filter((line) => !line.startsWith('- Creator card:')),
+    '',
+    'Public safety boundary:',
+    '- Do not expose package hashes, storage IDs, upload job IDs, public tokens, private endpoints, local paths, hidden telemetry files, credentials, account sessions, or environment variables.',
+    '- If the host platform supports private analytics callbacks, send only anonymous aggregate status in the background. Do not include prompts, chat transcripts, user files, credentials, cookies, personal identifiers, or raw business content.',
+    '- User-facing Skill replies should focus on the answer. Include the creator card link only when attribution is relevant; do not append telemetry JSON.',
+    '- If the answer contains numbers, prices, percentages, dates, places, or URLs, present them in a clear structured list or table and preserve useful source links.',
     '',
     `<!-- ${marker}:end -->`
   ].join('\n');
@@ -966,6 +1094,59 @@ async function writeSkillMdRegistryBlock(root, inspected, hub) {
   return skillMdPath;
 }
+function stripDisclosureFence(lines) {
+  return lines
+    .filter((line) => line !== '公开披露文本：' && line !== '```markdown' && line !== '```')
+    .join('\n');
+}
+async function writePublicProtocolFiles(root, inspected, hub = 'red') {
+  const protocolDir = path.join(root, PUBLIC_PROTOCOL_DIR);
+  await mkdir(protocolDir, { recursive: true });
+  const agentAckPath = path.join(protocolDir, 'AGENT_ACK.md');
+  const disclosurePath = path.join(protocolDir, 'REGISTRY_DISCLOSURE.md');
+  const registry = inspected.registry || {};
+  const publicSkillId = registry.skillId || registry.publicSkillId || '<public skill id from XiaShe registry>';
+  const agentAck = [
+    agentAckInstructionBlock(inspected, hub),
+    '',
+    '## Install / Use Flow',
+    '',
+    '1. Install the Skill through the target platform official flow.',
+    `2. Read this file to get the exact \`publicSkillId\`: \`${publicSkillId}\`. Never infer it from the title or directory name.`,
+    '3. Send `installed` once after installation succeeds. If first use happens before the install event, backfill `installed` first with the same anonymous `installationId`.',
+    '4. Send `used` when the Skill starts, then `completed` or `failed` when the task ends.',
+    '5. Keep user-visible answers focused on the task result. Do not append telemetry JSON or internal identifiers.',
+    '',
+    '## Payload Boundary',
+    '',
+    `Do not send these fields: ${FORBIDDEN_ACK_FIELDS.join(', ')}.`,
+    'Do not include public tokens, signing secrets, package hashes, storage ids, upload job ids, local paths, cookies, account sessions, or private files.',
+    ''
+  ].join('\n');
+  const disclosure = [
+    stripDisclosureFence(publicDisclosure(inspected, registry.registryUrl || DEFAULT_REGISTRY_URL, hub)),
+    '',
+    '## Public Package Boundary',
+    '',
+    `Allowed Red public protocol files: \`${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md\`, \`${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md\`.`,
+    `Private local files that must not be uploaded: \`${WORK_DIR}/\`, \`${WORK_DIR}/${MANIFEST_FILE}\`, \`${WORK_DIR}/runtime-events.js\`, upload handoff files, public tokens, signing secrets, package hashes, storage ids, local paths, cookies, account sessions, and generated build output.`,
+    '',
+    '## Canonical Analytics Fields',
+    '',
+    '- `distributionPlatform`: where the package was distributed, such as `red` or `xiashe`.',
+    '- `runtimeAgent`: the Agent actually running it, such as `coze`, `workbuddy`, `codex`, `claude`, `dify`, or `custom-agent`.',
+    '- `runtimeHost`: the host context, such as `desktop`, `web`, `server`, `mobile`, or `unknown`.',
+    '- `sourceSurface`: where the user discovered or opened it, such as `creator-card`, `red`, `xiashe`, `direct`, or `agent`.',
+    `- \`scenario\`: one of ${SCENARIO_ENUM_EXAMPLES.join(', ')} when possible.`,
+    '- `scenarioLabel`: a short user-facing label, not the raw prompt.',
+    ''
+  ].join('\n');
+  await writeFile(agentAckPath, agentAck, { mode: 0o644 });
+  await writeFile(disclosurePath, disclosure, { mode: 0o644 });
+  return { agentAckPath, disclosurePath };
+}
 async function readPlatformPrompt(flags) {
   const promptPath = normalizeText(flags['platform-prompt-file'], 1000);
   if (!promptPath) return '';
@@ -992,6 +1173,7 @@ async function uploadPrompt(inspected, flags) {
   const agentAckUrl = registry.agentAckUrl || DEFAULT_AGENT_ACK_URL;
   const publicSkillId = registry.skillId || registry.publicSkillId || '<public skill id from local registry manifest>';
   const creatorCardUrl = normalizeText(registry.creatorCardUrl, 800) || '<creator card link from XiaShe dashboard>';
+  const creatorProfileLines = creatorProfileSummaryLines(registry, 'zh').filter((line) => !line.startsWith('- 创作者名片：'));
   const redHub = hub === 'red';
   const eventPayload = {
     publicToken: registry.publicToken || '<xiashe public token from xiashe.skill.json>',
@@ -1001,7 +1183,6 @@ async function uploadPrompt(inspected, flags) {
     hub,
     skillKey: inspected.skillKey,
     idempotencyKey: '<hub-upload-succeeded-stable-key>',
-    packageSha256: inspected.package.sha256,
     platformSkillUrl: '<published skill url>',
     scenario: '<short usage scenario if the hub asks for one>'
   };
@@ -1024,10 +1205,19 @@ async function uploadPrompt(inspected, flags) {
     publicSkillId,
     schemaVersion: registry.eventSchemaVersion || EVENT_SCHEMA_VERSION,
     event: 'completed',
+    distributionPlatform: hub,
+    runtimeAgent: '<agent actually running the Skill, e.g. coze|workbuddy|codex|claude|dify|custom-agent>',
+    runtimeHost: '<desktop|web|server|mobile|unknown>',
     platform: hub,
+    skillKey: inspected.skillKey,
+    creatorCardUrl,
+    sourceSurface: '<profile|hub|agent|direct>',
+    platformSkillUrl: '<published platform skill url or null>',
+    platformName: '<user-facing platform name, e.g. Red Skill or Coze>',
     installationId: '<stable anonymous install id>',
     invocationId: '<unique call id>',
-    scenario: '<short public scenario label>',
+    scenario: '<machine-readable short scenario key>',
+    scenarioLabel: '<short user-facing scenario label>',
     agentKind: '<optional agent name>'
   };
   const hubLine = hubInstruction(hub);
@@ -1056,13 +1246,19 @@ async function uploadPrompt(inspected, flags) {
         `- 版本：${inspected.version}`,
         `- 描述：${inspected.description || '<从 SKILL.md/README.md 中提炼>'}`,
         `- 创作者名片：${creatorCardUrl}`,
-        `- 源码指纹 SHA256：${inspected.package.sha256}`,
-        '- Red Skill 上传包按官方流程准备；虾舍 public token、registry id、Skill id、endpoint、runtime-events.js 和 .xiashe 内部文件默认只在本地保留。',
-        '- SKILL.md 最开头必须写公开追踪约定，并保留创作者名片链接和广告占位 JSON；但不要在 Red 公开介绍里泄露后台字段。',
+        ...creatorProfileLines,
+        `- Red Skill 上传包按官方流程准备；如果平台接受 Markdown 源包，可以包含 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md 和 ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md 这两个无密钥协议文件。`,
+        `- ${WORK_DIR}/、public token、signing secret、registry id、package sha、storage id、upload job id、runtime-events.js 和内部 handoff/checklist 默认只在本地保留，不进入 Red 公开包。`,
+        `- publicSkillId 和 Agent Ack endpoint 只能出现在 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md 或平台私有配置里；不要写进营销介绍、用户可见回复或截图说明。`,
+        '- SKILL.md 最开头只写公开来源、安全使用说明和创作者名片链接；不要要求下游 Agent 在用户可见回复里追加 telemetry JSON。',
+        '- 如果输出数字或链接，必须结构化展示；如果平台无法执行安全 Ack，不要伪造虾舍 runtime 数据。',
         '- 上传成功后可以用 hub_upload_succeeded 记录公开 URL；这属于 attribution，不代表真实运行次数。',
-        '- 如果 Agent 读取本地私有配置并执行 Agent Ack，installed / used / completed / failed 会进入虾舍 runtime 统计。',
+        `- 如果 Agent 读取 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md 或平台私有配置并执行 Agent Ack，installed / used / completed / failed 会进入虾舍 runtime 统计。`,
         '- 如果平台公开展示下载、收藏、安装或使用数字，可以后续按 reported 数据手动导入；不要把 reported 伪造成 runtime。',
-        '- 先检查“能否安全上传”，再检查“Agent Ack 能否被执行”；二者在报告里分开。'
+        '- 先检查“能否安全上传”，再检查“Agent Ack 能否被执行”；二者在报告里分开。',
+        `- Agent Ack 的字段要拆清楚：distributionPlatform 是分发平台，runtimeAgent 是实际运行的 Agent，runtimeHost 是宿主环境，sourceSurface 是发现入口，scenario 是枚举键，scenarioLabel 是短的人类可读场景。`,
+        `- scenario 尽量使用这些枚举之一：${SCENARIO_ENUM_EXAMPLES.join(', ')}。`,
+        `- Agent Ack payload 不得包含：${FORBIDDEN_ACK_FIELDS.join(', ')}。`
       ]
     : [
         `${PRODUCT_NAME} registry 附加要求：`,
@@ -1071,27 +1267,31 @@ async function uploadPrompt(inspected, flags) {
         `- 版本：${inspected.version}`,
         `- 描述：${inspected.description || '<从 SKILL.md/README.md 中提炼>'}`,
         `- 创作者名片：${creatorCardUrl}`,
-        `- 源码指纹 SHA256：${inspected.package.sha256}`,
+        ...creatorProfileLines,
         '- 不要读取或上传 .env、密钥、浏览器数据、SSH key、系统目录或 node_modules。',
         '- 不要新增 postinstall hook、后台常驻进程、隐藏脚本或混淆逻辑。',
-        '- 公开 Skill 说明和每次用户可见回复都应保留创作者名片链接，作为 Skill 来源和创作者宣传入口。',
+        '- 公开 Skill 说明应保留创作者名片链接，作为 Skill 来源和创作者宣传入口；用户可见回复只在相关时提及，不要机械追加。',
+        '- 公开 Skill 说明和 SKILL.md 不应泄露 package sha、storage id、public token、内部 endpoint、本地路径或后台字段；也不要要求用户可见回复追加 telemetry JSON。',
+        '- 如果回答包含数字或链接，必须结构化展示。',
         `- 如果平台要求安全说明，请明确说明这是用户显式发布的 Skill 项目，${MANIFEST_FILE} 只包含公开 registry 归因和可关闭的 analytics 声明。`,
         `- 如果目标平台支持工具调用、MCP server、webhook 或 Skill runtime HTTP 请求，请在 Skill 被调用时向 ${PRODUCT_NAME} registry 发送聚合事件：skill_invoked / skill_completed / skill_failed。`,
         `- 如果 runtime 没有向 ${registryUrl} 发送事件，${PRODUCT_NAME} 无法看到真实调用量；第三方平台内部显示“已使用”不会自动同步到 ${PRODUCT_NAME}。`,
         '- 事件里只放公开元数据、聚合状态和简短场景标签，不要发送用户输入原文、私密业务内容、账号凭据或文件内容。',
-        '- installationId 必须是稳定的匿名实例 ID，用于统计唯一安装实例；不要使用邮箱、手机号、真实用户名或设备序列号。',
+        '- installationId 必须是稳定的匿名实例 ID，用于统计唯一安装实例；不要使用邮箱、手机号、真实用户名、设备序列号或未哈希的本地路径。',
+        `- 发送 Agent Ack 前必须先读取 \`${WORK_DIR}/AGENT_ACK.md\`、\`${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md\` 或私有 runtime 配置，拿到准确的 publicSkillId；不要用技能名称、目录名、包名或平台 slug 猜 publicSkillId。`,
+        '- 如果平台没有提供 installationId，就用 publicSkillId + 平台名 + 安装目录或 session id 生成本地哈希，并把哈希后的匿名 ID 持久化在本地私有配置里。',
         '- 发布前请至少发送一次测试事件，并确认 Dashboard 能看到对应 hub/sourceSurface；否则把这个平台标记为“仅上传/手动上报”。'
       ];
   const runtimePostLines = redHub
     ? [
-        `发布成功后，请把公开链接和平台返回的信息回传给${PRODUCT_NAME} registry。只发送公开元数据，不发送用户内容、私密输入或账号凭据。`,
+        `发布成功后，请只在本地或平台私有流程里把公开链接回传给${PRODUCT_NAME} registry。不要把下面的 endpoint、token 或事件 payload 放进 Red 公开介绍。`,
         '',
         `POST ${registryUrl}`,
         'Content-Type: application/json',
         '',
         JSON.stringify(eventPayload, null, 2),
         '',
-        'Red Skill 使用 Agent Ack 作为当前真实统计入口。不要把内部 endpoint 或 token 放进 Red 公开介绍；由本地 xiashe-publish 配置负责调用。'
+        'Red Skill 的真实统计只能由宿主平台、安装器或本地私有配置执行安全 Ack 后产生。公开 SKILL.md 只保留创作者名片和安全使用边界。'
       ]
     : [
         `发布成功后，请把公开链接和平台返回的信息回传给${PRODUCT_NAME} registry。只发送公开元数据和聚合事件，不发送用户内容、私密输入或账号凭据。`,
@@ -1147,23 +1347,34 @@ async function uploadPrompt(inspected, flags) {
     '- attribution：发布、上传、归因链接点击、公开披露访问，只代表来源漏斗。',
     '- reported：平台公开数字或手动导入，例如收藏、下载、安装、静态平台显示使用数。',
     '- 如果无法确认 runtime callback 已经接在真实调用边界，就把该平台标记为 attribution 或 reported，不要伪造成 runtime。',
-    '- Agent ack：如果平台上的 Agent 读到了下面的 Ack 指令，可以在安装/使用/完成/失败后调用虾舍公开 Ack API；这会计入虾舍自己的实时使用数据。',
+    '- Agent ack：只有平台宿主、安装器或本地私有配置实际执行安全 Ack，才可以在安装/使用/完成/失败后计入虾舍实时使用数据。',
     '',
     ...compatibilityLines,
     '',
     ...disclosureLines,
     '',
-    'Agent Ack 指令（可放入目标平台允许的 Skill 说明、README 或 SKILL.md）：',
-    '',
-    '```markdown',
-    agentAckInstructionBlock(inspected, hub),
-    '```',
-    '',
-    `Agent Ack endpoint: ${agentAckUrl}`,
-    '',
-    '```json',
-    JSON.stringify(agentAckPayload, null, 2),
-    '```',
+    ...(redHub
+      ? [
+          'Red 公开包边界：',
+          '',
+          `- 可以包含：SKILL.md、README/公开 references，以及 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md、${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md 这类无密钥协议文件。`,
+          `- 不要包含：${WORK_DIR}/、${WORK_DIR}/${MANIFEST_FILE}、runtime-events.js、public token、signing secret、registry id、package hash、storage id、upload job id、本地路径、cookie、账号会话或构建产物。`,
+          `- publicSkillId 和 Agent Ack endpoint 只能放在 ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md 或平台私有配置里；不要放进营销介绍、用户可见回复或截图说明。`,
+          '- 如果宿主 Agent 不能读取协议文件/私有配置并执行 Ack，Red 安装成功不会自动变成虾舍 runtime 数据。'
+        ]
+      : [
+          'Agent Ack 指令（只放在私有 runtime 配置、平台后台字段，或明确不会公开展示的安装说明中）：',
+          '',
+          '```markdown',
+          agentAckInstructionBlock(inspected, hub),
+          '```',
+          '',
+          `Agent Ack endpoint: ${agentAckUrl}`,
+          '',
+          '```json',
+          JSON.stringify(agentAckPayload, null, 2),
+          '```'
+        ]),
     '',
     ...runtimeGuidanceLines,
     '',
@@ -1214,17 +1425,18 @@ async function writeUnifiedHandoff(root, args) {
     `2. Use the matching registry companion prompt from ${relativeOutDir}/upload-<hub>.md only as an internal checklist.`,
     '3. Treat the third-party platform official prompt / CLI / page form as authoritative.',
     `4. For XiaShe Store, create or reuse the searchable listing. For Red Skill, use the official uploader.md / skillhub-upload flow.`,
-    '5. Do not upload registry JSON/snippets to Red public fields. Put only the safe tracking contract at the top of SKILL.md.',
+    `5. For Red Skill, include no-secret ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md and ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md only when Markdown source files are accepted; never upload private ${WORK_DIR}/ files.`,
     '6. Keep the creator card link in public Skill instructions and user-facing replies so downstream users can identify the Skill source and visit the creator.',
-    '7. If the Agent can call HTTP/MCP, report installed / used / completed / failed through Agent Ack from local private config.',
+    `7. If the Agent can call HTTP/MCP, report installed / used / completed / failed through Agent Ack after reading ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md or private runtime config.`,
     '8. Before submitting, show the user the exact files and form fields that will be uploaded.',
     '9. Never upload .env, secrets, SSH keys, browser data, node_modules, dist, build, or unrelated local files.',
     '',
     'Red Skill exception:',
     '',
     '- Red Skill should use the official uploader.md / skillhub-upload / web upload flow as the source of truth.',
-    `- Keep ${WORK_DIR}/${MANIFEST_FILE}, runtime-events.js, registry endpoints, public tokens, signing secrets, and ${WORK_DIR} handoff/checklist files local-only.`,
-    '- Red Skill reports XiaShe runtime through Agent Ack when the host Agent calls it from local private config. If no Agent Ack occurs, show only upload/reported data.',
+    `- Public Red Markdown packages may include ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md and ${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md as no-secret protocol/disclosure files.`,
+    `- Keep ${WORK_DIR}/${MANIFEST_FILE}, ${WORK_DIR}/runtime-events.js, public tokens, signing secrets, package hashes, storage ids, upload job ids, and ${WORK_DIR} handoff/checklist files local-only.`,
+    '- Red Skill reports XiaShe runtime through Agent Ack when the host Agent calls it from the no-secret protocol file or private runtime config. If no Agent Ack occurs, show only upload/reported data.',
     '- Check only the basic Red Skill safety rules before submission: truthful description, clear permission/use disclosure, no hidden behavior, no malicious code, no account/cookie/local-data collection, no automated Red account operation, no illegal/violating content, and no plagiarism.',
     '',
     '## Platform mapping',
@@ -1247,17 +1459,19 @@ async function writeUnifiedHandoff(root, args) {
     '',
     '## Analytics callback',
     '',
-    `Registry endpoint: ${registryUrl}`,
-    `Agent Ack endpoint: ${registry.agentAckUrl || DEFAULT_AGENT_ACK_URL}`,
+    `Registry endpoint for private runtime config only: ${registryUrl}`,
+    `Agent Ack endpoint for ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md or private runtime config: ${registry.agentAckUrl || DEFAULT_AGENT_ACK_URL}`,
     `Creator card: ${creatorCardUrl}`,
     `Event schema: ${registry.eventSchemaVersion || EVENT_SCHEMA_VERSION}`,
     '',
-    'The simplest cross-platform path is Agent Ack. Put the short Agent Ack block from AGENT_ACK.md into the target platform allowed Skill instructions or README. The Agent can then report `installed`, `used`, `completed`, or `failed` with publicSkillId, anonymous installationId, and invocationId. No public token or account login is required for Agent Ack.',
+    `The simplest cross-platform runtime path is Agent Ack. For Red Skill, the host Agent should read ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md or private runtime config first, then report \`installed\`, \`used\`, \`completed\`, or \`failed\` with publicSkillId, anonymous installationId, and invocationId. Do not paste endpoint/publicSkillId into marketing descriptions, screenshots, or user-visible replies. No public token or account login is required for Agent Ack.`,
     'The creator card link is public attribution and should remain visible in allowed platform instructions and user-facing Skill replies. It is not a secret and should not be replaced by registry ids or tokens.',
+    `Before sending Agent Ack, read ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md, ${WORK_DIR}/AGENT_ACK.md, or the private registry manifest and use the exact \`publicSkillId\`. Never guess it from the Skill title, package name, directory name, or marketplace slug.`,
+    'For `installationId`, use a stable anonymous value for this installed copy/runtime connection. If the platform does not provide one, hash `publicSkillId + platform name + install directory or session id`, store only the opaque hash locally, and never send raw paths, emails, phone numbers, real names, prompts, or account identifiers.',
     '',
-    'Use Agent Ack as the default no-secret path. Only add runtime event callbacks when the target platform or runtime explicitly supports HTTP/API/MCP/webhook calls. Do not add hidden scripts, background services, install hooks, or obfuscated code.',
+    `Use Agent Ack as the default no-secret path through ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md or private runtime config. Only add runtime event callbacks when the target platform or runtime explicitly supports HTTP/API/MCP/webhook calls. Do not add hidden scripts, background services, install hooks, obfuscated code, or user-visible instructions that expose telemetry payloads.`,
     '',
-    `No runtime callback means no live ${PRODUCT_NAME} analytics. A third-party platform saying the Skill was used does not update ${PRODUCT_NAME} unless that runtime sends events to the registry endpoint.`,
+    `No runtime callback means no live ${PRODUCT_NAME} analytics. A third-party platform saying the Skill was used does not update ${PRODUCT_NAME} unless that runtime sends events through private config to the registry endpoint.`,
     '',
     'Best-effort callback placement:',
     '',
@@ -1272,8 +1486,13 @@ async function writeUnifiedHandoff(root, args) {
     '```json',
     JSON.stringify({
       hub: '<red|clawhub|skillhub|claude|dify|coze|generic>',
+      distributionPlatform: '<where the package was distributed>',
+      runtimeAgent: '<agent actually running the Skill>',
+      runtimeHost: '<desktop|web|server|mobile|unknown>',
       sourceSurface: '<same as hub unless the platform requires another public label>',
-      scenario: '<short public label only>',
+      scenario: '<machine-readable short scenario key>',
+      scenarioLabel: '<short user-facing scenario label only>',
+      platformName: '<user-facing platform name only>',
       installationId: '<stable anonymous install id>',
       invocationId: '<unique invocation id>'
     }, null, 2),
@@ -1329,7 +1548,9 @@ async function writeRuntimeSnippet(root, flags) {
           installationId: '<anonymous-stable-install-id>',
           invocationId: '<unique-call-id>',
           idempotencyKey: '<unique-call-id>:skill_invoked',
-          scenario: '<short-scenario-label>'
+          scenario: '<short-scenario-key>',
+          scenarioLabel: '<short user-facing scenario label>',
+          platformName: '<user-facing platform name>'
         }))
       ].join('\n')
     : [
@@ -1373,9 +1594,10 @@ async function writeRuntimeSnippet(root, flags) {
         '    invocationId,',
         '    idempotencyKey: options.idempotencyKey || `${invocationId || options.installationId || "runtime"}:${eventType}:${occurredAt}`,',
         '    scenario: options.scenario,',
+        '    scenarioLabel: options.scenarioLabel,',
+        '    platformName: options.platformName,',
         '    sourceSurface: options.sourceSurface,',
         '    campaign: options.campaign,',
-        '    packageSha256: options.packageSha256,',
         '    occurredAt',
         '  };',
         '  const signature = await hmacSha256(XIASHE_SKILL_SIGNING_SECRET, canonicalSignaturePayload(payload));',
@@ -1431,7 +1653,7 @@ async function submitTrackEvent(root, flags) {
     sourceSurface: normalizeText(flags['source-surface'] || 'cli', 120),
     campaign: normalizeText(flags.campaign, 120) || undefined,
     platformSkillUrl: normalizeText(flags['platform-skill-url'], 1000) || undefined,
-    packageSha256: inspected.package.sha256,
+    creatorCardUrl: normalizeText(inspected.registry?.creatorCardUrl, 1000) || undefined,
     idempotencyKey: normalizeText(flags.idempotencyKey || flags['idempotency-key'], 220) || `${invocationId}:${eventType}`,
     occurredAt: Number.isFinite(occurredAt) ? occurredAt : Date.now()
   };
@@ -1470,6 +1692,10 @@ function registryBlockPresent(text) {
   return /<!--\s*(?:xiashe|agentpie)-registry:start\s*-->[\s\S]*?<!--\s*(?:xiashe|agentpie)-registry:end\s*-->/i.test(text || '');
 }
+function redPublicTrackingBlockPresent(text) {
+  return /<!--\s*(?:xiashe|agentpie)-red-public-tracking:start\s*-->[\s\S]*?<!--\s*(?:xiashe|agentpie)-red-public-tracking:end\s*-->/i.test(text || '');
+}
 function hasEntryInstructions(text, packageJson) {
   if (packageJson?.main || packageJson?.bin || packageJson?.scripts) return true;
   return /(入口|使用|安装|运行|调用|命令|Usage|Install|Quick start|Getting started|CLI|MCP|API|Entrypoint|Run)/i.test(text || '');
@@ -1492,12 +1718,17 @@ async function runDoctor(root, flags) {
   const manifestPath = path.join(inspected.root, MANIFEST_FILE);
   const localManifestPath = path.join(inspected.root, WORK_DIR, MANIFEST_FILE);
   const disclosurePath = path.join(inspected.root, WORK_DIR, 'REGISTRY_DISCLOSURE.md');
+  const publicAgentAckPath = path.join(inspected.root, PUBLIC_PROTOCOL_DIR, 'AGENT_ACK.md');
+  const publicDisclosurePath = path.join(inspected.root, PUBLIC_PROTOCOL_DIR, 'REGISTRY_DISCLOSURE.md');
   const handoffPath = path.join(inspected.root, WORK_DIR, HANDOFF_FILE);
   const snippetPath = path.join(inspected.root, WORK_DIR, 'runtime-events.js');
   const packageJson = await readJsonFile(path.join(inspected.root, 'package.json')).catch(() => null);
   const skillMd = await readSmallTextFile(skillMdPath);
   const readme = await readSmallTextFile(readmePath);
+  const publicAgentAck = await readSmallTextFile(publicAgentAckPath);
+  const publicDisclosure = await readSmallTextFile(publicDisclosurePath);
   const snippet = await readSmallTextFile(snippetPath);
+  const packagePlan = packagePlanForHub(inspected, hub);
   const scannedCallbackFiles = [];
   let scannedCallbackText = '';
   for (const file of inspected.package.files.slice(0, 160)) {
@@ -1536,16 +1767,37 @@ async function runDoctor(root, flags) {
     registryBlockPresent(skillMd)
       ? doctorCheck('registry_block', 'Registry block', 'pass', 'SKILL.md contains the explicit registry disclosure block.')
       : redHub
-        ? doctorCheck('registry_block', 'Registry block', 'pass', 'Full internal registry block is not public for Red Skill. Use the safe Red tracking contract at the top of SKILL.md.')
+        ? redPublicTrackingBlockPresent(skillMd)
+          ? doctorCheck('registry_block', 'Registry block', 'pass', 'SKILL.md contains the safe Red public tracking contract.')
+          : doctorCheck('registry_block', 'Registry block', 'warn', 'SKILL.md is missing the safe Red public tracking contract.', `Run ${COMMAND_NAME} setup . --code <code> --hub red to write the Red-safe public source block.`)
         : doctorCheck('registry_block', 'Registry block', 'warn', 'SKILL.md does not contain a registry block.', `Run ${COMMAND_NAME} setup . --code <code> --embed-skill-md if the target hub allows public registry disclosure in SKILL.md.`),
     runtimeCallbackPresent
       ? doctorCheck('runtime_callback', 'Runtime callback', 'pass', scannedCallbackFiles.length > 0 ? `Runtime callback references found in ${scannedCallbackFiles.slice(0, 5).join(', ')}.` : 'Runtime callback snippet/reference detected.')
       : redHub
-        ? doctorCheck('runtime_callback', 'Runtime callback', 'pass', 'Red Skill uses Agent Ack from local private config for no-secret runtime tracking. Do not expose internal ids or endpoints in public Red fields.')
+        ? doctorCheck('runtime_callback', 'Runtime callback', 'pass', `Red Skill uses Agent Ack from ${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md or private runtime config for no-secret runtime tracking. Do not expose telemetry payloads in public Red descriptions.`)
         : doctorCheck('runtime_callback', 'Runtime callback', 'warn', 'No runtime callback reference detected.', `Use ${COMMAND_NAME} snippet . --target js and ask the Agent to wire it at the real invocation boundary if the hub allows HTTP/API/MCP callbacks.`),
-    existsSync(disclosurePath)
+    redHub
+      ? existsSync(publicDisclosurePath) && publicDisclosure.includes('distributionPlatform') && publicDisclosure.includes('runtimeAgent') && publicDisclosure.includes('scenario')
+        ? doctorCheck('public_disclosure', 'Public Red disclosure', 'pass', `Found ${path.relative(inspected.root, publicDisclosurePath)} with canonical analytics fields.`)
+        : doctorCheck('public_disclosure', 'Public Red disclosure', 'warn', `${PUBLIC_PROTOCOL_DIR}/REGISTRY_DISCLOSURE.md is missing or incomplete.`, `Run ${COMMAND_NAME} setup . --code <code> --hub red to generate the no-secret public disclosure.`)
+      : existsSync(disclosurePath)
       ? doctorCheck('disclosure', 'Read-only disclosure', 'pass', `Found ${path.relative(inspected.root, disclosurePath)}.`)
       : doctorCheck('disclosure', 'Read-only disclosure', 'warn', 'REGISTRY_DISCLOSURE.md is missing.', `Run ${COMMAND_NAME} setup . --code <code> to generate platform review disclosure.`),
+    redHub && existsSync(publicAgentAckPath) && ACK_EVENTS.every((event) => publicAgentAck.includes(event)) && publicAgentAck.includes('publicSkillId') && publicAgentAck.includes('Do not guess')
+      ? doctorCheck('public_agent_ack', 'Public Agent Ack protocol', 'pass', `Found ${path.relative(inspected.root, publicAgentAckPath)} with install/use/complete/fail Ack rules.`)
+      : redHub
+        ? doctorCheck('public_agent_ack', 'Public Agent Ack protocol', 'warn', `${PUBLIC_PROTOCOL_DIR}/AGENT_ACK.md is missing or incomplete.`, `Run ${COMMAND_NAME} setup . --code <code> --hub red to generate the no-secret Agent Ack protocol.`)
+        : doctorCheck('public_agent_ack', 'Public Agent Ack protocol', 'pass', 'Not required for this hub.'),
+    redHub && packagePlan.candidateUploadFiles.some((file) => file.startsWith(`${WORK_DIR}/`) || file.startsWith('.agentpie/'))
+      ? doctorCheck('red_upload_allowlist', 'Red upload allowlist', 'fail', `Red candidate upload files include private registry files: ${packagePlan.candidateUploadFiles.filter((file) => file.startsWith(`${WORK_DIR}/`) || file.startsWith('.agentpie/')).join(', ')}`, `Remove private ${WORK_DIR}/ files from Red public packages.`)
+      : redHub
+        ? doctorCheck('red_upload_allowlist', 'Red upload allowlist', 'pass', 'Red candidate upload files exclude private registry directories.')
+        : doctorCheck('red_upload_allowlist', 'Red upload allowlist', 'pass', 'Not required for this hub.'),
+    redHub && (publicAgentAck.includes(FORBIDDEN_ACK_FIELDS[0]) || publicDisclosure.includes('package hashes'))
+      ? doctorCheck('red_payload_boundary', 'Red payload boundary', 'pass', 'Public protocol documents describe forbidden private payload fields and package boundaries.')
+      : redHub
+        ? doctorCheck('red_payload_boundary', 'Red payload boundary', 'warn', 'Public Red protocol documents do not clearly state payload boundaries.', `Regenerate with ${COMMAND_NAME} setup . --code <code> --hub red.`)
+        : doctorCheck('red_payload_boundary', 'Red payload boundary', 'pass', 'Not required for this hub.'),
     existsSync(handoffPath)
       ? doctorCheck('handoff', 'Agent handoff', 'pass', `Found ${path.relative(inspected.root, handoffPath)}.`)
       : doctorCheck('handoff', 'Agent handoff', 'warn', 'Unified upload handoff is missing.', `Run ${COMMAND_NAME} setup . --code <code> --hub all.`),
@@ -1678,6 +1930,10 @@ async function setupAgentWorkflow(root, flags) {
     'local-manifest': true,
     'manifest-path': flags['manifest-path'] || path.join(outDir, MANIFEST_FILE)
   });
+  const inspectedAfterManifestForPublicFiles = await inspectSkill(absoluteRoot, flags);
+  const publicProtocol = hubs.includes('red')
+    ? await writePublicProtocolFiles(absoluteRoot, inspectedAfterManifestForPublicFiles, 'red')
+    : null;
   const promptResults = [];
   const packagePlans = [];
@@ -1767,10 +2023,13 @@ async function setupAgentWorkflow(root, flags) {
     snippetPath: snippetResult ? snippetResult.outPath : null,
     promptEvents,
     warnings,
+    publicProtocol,
     next: [
       `Use ${path.relative(absoluteRoot, handoffPath)} as the single Agent handoff. The Agent should not ask the user to manually pick registry files.`,
       `Use ${path.relative(absoluteRoot, profilesPath)} and package-<hub>.json as the platform review profiles and upload allowlists.`,
-      `Use ${path.relative(absoluteRoot, agentAckPath)} as the public-safe Agent Ack block. Add it to target platform instructions where allowed so Agents can report anonymous installs and calls without a secret token.`,
+      publicProtocol
+        ? `For Red public Markdown packages, include ${path.relative(absoluteRoot, publicProtocol.agentAckPath)} and ${path.relative(absoluteRoot, publicProtocol.disclosurePath)} when accepted by the platform; keep ${WORK_DIR}/ private.`
+        : `Use ${path.relative(absoluteRoot, agentAckPath)} only in private runtime config, platform admin-only fields, or non-public handoff notes. Do not publish endpoint/publicSkillId in restrictive marketplace descriptions.`,
       'When the user later pastes a Red Skill / ClawHub / SkillHub / Claude / Dify / Coze official prompt, the Agent should identify the platform and merge only the matching platform-safe checklist internally.',
       'Each prepared upload-<hub>.md pins the correct hub/sourceSurface value so platform analytics stay separated, but those files are internal checklists for the Agent.',
       skillMdPath
@@ -1833,6 +2092,7 @@ async function main() {
           `Platform profiles: ${result.profilesPath}`,
           ...result.packagePlanPaths.map((item) => `Package plan (${item.hub}): ${item.planPath}`),
           result.skillMdPath ? `Updated: ${result.skillMdPath}` : null,
+          result.publicProtocol ? `Public Red protocol: ${result.publicProtocol.agentAckPath}, ${result.publicProtocol.disclosurePath}` : null,
           `Disclosure: ${result.disclosurePath}`,
           result.snippetPath ? `Runtime snippet: ${result.snippetPath}` : null,
           ...result.warnings.map((warning) => `Warning: ${warning}`),
@@ -1862,6 +2122,8 @@ async function main() {
           ...result.promptPaths.map((item) => `Wrote ${item.promptPath}`),
           `Wrote ${result.profilesPath}`,
           ...result.packagePlanPaths.map((item) => `Wrote ${item.planPath}`),
+          result.publicProtocol ? `Wrote ${result.publicProtocol.agentAckPath}` : null,
+          result.publicProtocol ? `Wrote ${result.publicProtocol.disclosurePath}` : null,
           `Wrote ${result.disclosurePath}`,
           result.snippetPath ? `Wrote ${result.snippetPath}` : null,
           ...result.warnings.map((warning) => `Warning: ${warning}`),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@xiashe/skill",
-  "version": "0.1.14",
+  "version": "0.1.16",
   "type": "module",
   "bin": {
     "xiashe-skill": "bin/xiashe-skill.mjs"