@xiashe/skill 0.1.7 → 0.1.9

package/README.md

@@ -9,14 +9,17 @@ This package is intentionally separate from the full `@xiashe/cli` product CLI a
 `xiashe-skill` helps creators prepare a Skill folder for third-party Skill hubs:
 
 - inspect a local Skill project
-- run one Agent-friendly registry setup command that prepares all supported hub handoffs
+- run one high-level Agent-friendly publish handoff command
+- run lower-level registry setup commands that prepare all supported hub handoffs
 - diagnose whether a local Skill has the expected registry disclosure and runtime callback wiring
 - send labeled local verification events so the Dashboard can confirm integration health
 - write an explicit `xiashe.skill.json` registry manifest
 - generate one unified `UPLOAD_HANDOFF.md` that the creator's Agent can use after the user pastes a third-party official upload prompt
 - generate optional runtime analytics snippets
 
-It does not create upload packages, copy source directories, install background services, run postinstall hooks, read secrets, or upload to third-party hubs. The creator's Agent is responsible for packaging and uploading according to the target Skill hub's official rules.
+It does not install background services, run postinstall hooks, read secrets, or override third-party hub upload rules. The creator's Agent is responsible for packaging and uploading according to the target Skill hub's official rules.
+
+The user-facing product flow should point creators at the official publish Markdown page and the `xiashe-publish` Skill. Direct CLI commands are implementation details for local Agents and developers.
 
 `setup --hub all` still writes platform-specific `upload-<hub>.md` checklists for source attribution, but those are internal Agent checklists. Users should not need to pick files manually. When a platform such as Red Skill provides its own upload prompt, paste that official prompt to the Agent and tell it to follow `.xiashe/UPLOAD_HANDOFF.md`.
 
@@ -26,6 +29,7 @@ It does not create upload packages, copy source directories, install background
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs --help
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs inspect .
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs doctor .
+node packages/xiashe-skill-cli/bin/xiashe-skill.mjs publish . --code XS-XXXX-XXXX --to xiashe,claude
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs setup . --code XS-XXXX-XXXX --hub all
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs setup . --code XS-XXXX-XXXX --hub red
 node packages/xiashe-skill-cli/bin/xiashe-skill.mjs verify . --hub red --dry-run --json

package/bin/xiashe-skill.mjs

@@ -6,7 +6,7 @@ import { mkdir, readdir, readFile, stat, writeFile } from 'node:fs/promises';
 import os from 'node:os';
 import path from 'node:path';
 
-const VERSION = '0.1.7';
+const VERSION = '0.1.9';
 const COMMAND_NAME = process.env.XIASHE_SKILL_CLI_NAME || 'xiashe-skill';
 const PRODUCT_NAME = process.env.XIASHE_SKILL_PRODUCT_NAME || (COMMAND_NAME === 'agentpie-skill' ? 'AgentPie' : 'XiaShe');
 const REGISTRY_PROVIDER = process.env.XIASHE_SKILL_REGISTRY_PROVIDER || (COMMAND_NAME === 'agentpie-skill' ? 'agentpie' : 'xiashe');
@@ -23,8 +23,120 @@ const DEFAULT_CLAIM_URL = process.env.XIASHE_SKILL_CLAIM_URL || `${DEFAULT_BASE_
 const EVENT_SCHEMA_VERSION = process.env.XIASHE_SKILL_EVENT_SCHEMA_VERSION || (REGISTRY_PROVIDER === 'agentpie'
   ? 'agentpie.skill.event.v1'
   : 'xiashe.skill.event.v1');
-const SUPPORTED_HUBS = ['red', 'clawhub', 'skillhub', 'claude', 'dify', 'coze', 'generic'];
-const DEFAULT_SETUP_HUBS = ['red', 'clawhub', 'skillhub', 'claude', 'dify', 'coze', 'generic'];
+const SUPPORTED_HUBS = ['xiashe', 'red', 'clawhub', 'skillhub', 'claude', 'codex', 'cursor', 'workbuddy', 'dify', 'coze', 'generic'];
+const DEFAULT_SETUP_HUBS = ['xiashe', 'red', 'clawhub', 'skillhub', 'claude', 'codex', 'cursor', 'workbuddy', 'dify', 'coze', 'generic'];
+const PLATFORM_REVIEW_PROFILES = {
+  xiashe: {
+    label: 'XiaShe Store',
+    packageMode: 'full_skill_package',
+    manifestPolicy: 'upload_allowed',
+    disclosurePlacement: ['Skill public page', 'README', `${WORK_DIR}/REGISTRY_DISCLOSURE.md`],
+    runtimeDataPolicy: 'runtime_capable',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Upload the complete reviewed Skill package, including the local registry manifest.',
+    forbiddenPublicFiles: ['.env', 'credentials', 'node_modules', 'dist', 'build', 'browser profiles', 'SSH keys']
+  },
+  red: {
+    label: 'Red Skill',
+    packageMode: 'markdown_or_text_only',
+    manifestPolicy: 'local_only',
+    disclosurePlacement: ['SKILL.md', 'README', 'platform description field'],
+    runtimeDataPolicy: 'attribution_only_by_default',
+    defaultDataSource: 'attribution',
+    allowedFilePolicy: 'Upload only Markdown/TXT or fields accepted by the official Red Skill flow.',
+    forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'public tokens', 'signing secrets', 'internal handoff/checklists']
+  },
+  clawhub: {
+    label: 'ClawHub',
+    packageMode: 'markdown_or_text_only',
+    manifestPolicy: 'local_only',
+    disclosurePlacement: ['SKILL.md', 'README', 'platform description field'],
+    runtimeDataPolicy: 'attribution_only_by_default',
+    defaultDataSource: 'attribution',
+    allowedFilePolicy: 'Follow ClawHub official file rules. Treat XiaShe registry files as local-only unless ClawHub explicitly accepts them.',
+    forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'public tokens', 'signing secrets']
+  },
+  skillhub: {
+    label: 'SkillHub',
+    packageMode: 'markdown_or_text_only',
+    manifestPolicy: 'local_only',
+    disclosurePlacement: ['SKILL.md', 'README', 'platform description field'],
+    runtimeDataPolicy: 'attribution_only_by_default',
+    defaultDataSource: 'attribution',
+    allowedFilePolicy: 'Upload only files accepted by SkillHub. For Markdown/TXT-only flows, copy disclosure text into an allowed field.',
+    forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, `${WORK_DIR}/runtime-events.js`, 'public tokens', 'signing secrets']
+  },
+  claude: {
+    label: 'Claude Code',
+    packageMode: 'local_agent_install',
+    manifestPolicy: 'platform_dependent',
+    disclosurePlacement: ['SKILL.md', 'README', 'agent install note'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Install the Skill in Claude-compatible local Skill format. Add MCP/HTTP ack only when the runtime supports it.',
+    forbiddenPublicFiles: ['public tokens in public docs', 'signing secrets', 'hidden background processes']
+  },
+  codex: {
+    label: 'Codex',
+    packageMode: 'local_agent_install',
+    manifestPolicy: 'platform_dependent',
+    disclosurePlacement: ['SKILL.md', 'README', 'agent install note'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Install as a local Agent Skill and wire MCP/HTTP ack where supported.',
+    forbiddenPublicFiles: ['public tokens in public docs', 'signing secrets', 'hidden background processes']
+  },
+  cursor: {
+    label: 'Cursor',
+    packageMode: 'local_agent_install',
+    manifestPolicy: 'platform_dependent',
+    disclosurePlacement: ['rules/skill docs', 'README', 'agent install note'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Follow Cursor rule/agent capability conventions and keep callbacks explicit.',
+    forbiddenPublicFiles: ['public tokens in public docs', 'signing secrets', 'hidden background processes']
+  },
+  workbuddy: {
+    label: 'WorkBuddy',
+    packageMode: 'local_agent_install',
+    manifestPolicy: 'platform_dependent',
+    disclosurePlacement: ['SKILL.md', 'README', 'agent install note'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'runtime',
+    allowedFilePolicy: 'Follow WorkBuddy agent capability rules and wire ack only through approved runtime boundaries.',
+    forbiddenPublicFiles: ['public tokens in public docs', 'signing secrets', 'hidden background processes']
+  },
+  coze: {
+    label: 'Coze',
+    packageMode: 'static_prompt_or_api_tool',
+    manifestPolicy: 'local_only',
+    disclosurePlacement: ['workflow description', 'tool description', 'README'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'attribution',
+    allowedFilePolicy: 'Static prompt mode is attribution-only. Use an HTTP/API Tool step for real runtime analytics.',
+    forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, 'public tokens in static prompts', 'signing secrets']
+  },
+  dify: {
+    label: 'Dify',
+    packageMode: 'static_prompt_or_api_tool',
+    manifestPolicy: 'local_only',
+    disclosurePlacement: ['workflow description', 'tool description', 'README'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'attribution',
+    allowedFilePolicy: 'Static prompt mode is attribution-only. Use an HTTP/API Tool node for real runtime analytics.',
+    forbiddenPublicFiles: [WORK_DIR, `${WORK_DIR}/${MANIFEST_FILE}`, 'public tokens in static prompts', 'signing secrets']
+  },
+  generic: {
+    label: 'Generic Skill Hub',
+    packageMode: 'external_platform_rules',
+    manifestPolicy: 'platform_dependent',
+    disclosurePlacement: ['README', 'SKILL.md', 'platform description field'],
+    runtimeDataPolicy: 'runtime_if_http_or_mcp',
+    defaultDataSource: 'attribution',
+    allowedFilePolicy: 'Follow the target platform official rules first; merge only safe XiaShe disclosure and callbacks.',
+    forbiddenPublicFiles: ['public tokens in public docs', 'signing secrets', 'hidden background processes']
+  }
+};
 const DEFAULT_IGNORE = new Set([
   '.git',
   '.xiashe',
@@ -47,13 +159,14 @@ function usage() {
 
 Usage:
   ${COMMAND_NAME} inspect [skill-dir] [--json]
-  ${COMMAND_NAME} setup [skill-dir] --code <dynamic-code> [--hub all|red|clawhub|skillhub|claude|dify|coze|generic]
-  ${COMMAND_NAME} setup [skill-dir] --public-token <token> --skill-id <id> [--hub all|red|clawhub|skillhub|claude|dify|coze|generic]
+  ${COMMAND_NAME} publish [skill-dir] --code <dynamic-code> [--to xiashe,red,claude,codex,cursor,workbuddy,dify,coze]
+  ${COMMAND_NAME} setup [skill-dir] --code <dynamic-code> [--hub all|xiashe|red|clawhub|skillhub|claude|codex|cursor|workbuddy|dify|coze|generic]
+  ${COMMAND_NAME} setup [skill-dir] --public-token <token> --skill-id <id> [--hub all|xiashe|red|clawhub|skillhub|claude|codex|cursor|workbuddy|dify|coze|generic]
   ${COMMAND_NAME} doctor [skill-dir] [--json]
   ${COMMAND_NAME} verify [skill-dir] [--hub <hub>] [--scenario <label>] [--dry-run]
   ${COMMAND_NAME} attach [skill-dir] --code <dynamic-code> [--name <name>]
   ${COMMAND_NAME} attach [skill-dir] --public-token <token> [--skill-id <id>] [--name <name>]
-  ${COMMAND_NAME} prompt [skill-dir] --hub <red|clawhub|skillhub|claude|dify|coze|generic> [--source-url <url>] [--out <file>]
+  ${COMMAND_NAME} prompt [skill-dir] --hub <xiashe|red|clawhub|skillhub|claude|codex|cursor|workbuddy|dify|coze|generic> [--source-url <url>] [--out <file>]
   ${COMMAND_NAME} snippet [skill-dir] [--target js|curl] [--out <file>]
   ${COMMAND_NAME} track [skill-dir] --event <event> [--hub <hub>] [--installation-id <id>] [--invocation-id <id>]
 
@@ -66,6 +179,7 @@ Options:
   --name <name>               Skill display name override.
   --description <text>        Skill description override.
   --hub <hub>                 Target Skill hub prompt style. setup defaults to all supported hubs.
+  --to <hub[,hub]>            High-level publish targets. Alias for --hub in publish mode.
   --event <event>             Runtime event to submit for testing.
   --installation-id <id>      Stable anonymous install id for runtime analytics.
   --invocation-id <id>        Unique invocation id for one skill call.
@@ -166,11 +280,23 @@ function normalizeHub(value) {
   if (hub === 'skill-hub') {
     return 'skillhub';
   }
+  if (hub === 'xiashechat' || hub === 'xia-she' || hub === 'xiashe-store') {
+    return 'xiashe';
+  }
+  if (hub === 'claudecode' || hub === 'claude-code') {
+    return 'claude';
+  }
+  if (hub === 'openaicodex' || hub === 'openai-codex') {
+    return 'codex';
+  }
+  if (hub === 'work-buddy') {
+    return 'workbuddy';
+  }
   return hub;
 }
 
 function setupHubsFromFlags(flags) {
-  const raw = normalizeText(flags.hub || 'all', 240).toLowerCase();
+  const raw = normalizeText(flags.hub || flags.to || 'all', 240).toLowerCase();
   if (!raw || raw === 'all' || raw === '*') {
     return [...DEFAULT_SETUP_HUBS];
   }
@@ -186,6 +312,103 @@ function setupHubsFromFlags(flags) {
   return unique.length > 0 ? unique : [...DEFAULT_SETUP_HUBS];
 }
 
+function reviewProfileForHub(hub) {
+  const normalized = normalizeHub(hub) || 'generic';
+  return {
+    hub: normalized,
+    ...(PLATFORM_REVIEW_PROFILES[normalized] || PLATFORM_REVIEW_PROFILES.generic)
+  };
+}
+
+function isPublicDocFile(filePath) {
+  return /(^|\/)(SKILL|README|LICENSE|CHANGELOG|CONTRIBUTING)(\.[a-z0-9]+)?$/i.test(filePath) ||
+    /\.(md|mdx|txt)$/i.test(filePath);
+}
+
+function isLikelyEntrypointFile(filePath) {
+  return /(^|\/)(package\.json|requirements\.txt|pyproject\.toml|deno\.json|mcp\.json|manifest\.json|skill\.json|index\.(js|mjs|cjs|ts|tsx|py)|main\.(js|mjs|cjs|ts|tsx|py)|server\.(js|mjs|cjs|ts|tsx|py))$/i.test(filePath);
+}
+
+function packagePlanForHub(inspected, hub) {
+  const profile = reviewProfileForHub(hub);
+  const localOnly = [];
+  const candidateUploadFiles = [];
+  const forbiddenPatterns = [
+    '.env*',
+    `${WORK_DIR}/`,
+    '.agentpie/',
+    'node_modules/',
+    'dist/',
+    'build/',
+    'coverage/',
+    '*.pem',
+    '*.key',
+    '*secret*',
+    '*token*'
+  ];
+  for (const file of inspected.package.files) {
+    if (file.path.startsWith(`${WORK_DIR}/`) || file.path.startsWith('.agentpie/')) {
+      localOnly.push(file.path);
+      continue;
+    }
+    if (profile.packageMode === 'full_skill_package') {
+      candidateUploadFiles.push(file.path);
+      continue;
+    }
+    if (profile.packageMode === 'markdown_or_text_only') {
+      if (isPublicDocFile(file.path)) {
+        candidateUploadFiles.push(file.path);
+      }
+      continue;
+    }
+    if (profile.packageMode === 'local_agent_install') {
+      if (isPublicDocFile(file.path) || isLikelyEntrypointFile(file.path)) {
+        candidateUploadFiles.push(file.path);
+      }
+      continue;
+    }
+    if (profile.packageMode === 'static_prompt_or_api_tool') {
+      if (isPublicDocFile(file.path) || /openapi|swagger|tool|workflow|plugin/i.test(file.path)) {
+        candidateUploadFiles.push(file.path);
+      }
+      continue;
+    }
+    if (isPublicDocFile(file.path) || isLikelyEntrypointFile(file.path)) {
+      candidateUploadFiles.push(file.path);
+    }
+  }
+  return {
+    hub: profile.hub,
+    label: profile.label,
+    reviewProfile: profile,
+    dataSourcePolicy: {
+      runtime: 'Only real Skill execution callbacks, MCP/HTTP/API Tool calls, webhooks, or external Agent ack.',
+      attribution: 'Publish/upload workflow, public disclosure, and tracking-link clicks.',
+      reported: 'Manual import or public platform numbers such as downloads, installs, favorites, or displayed usage.'
+    },
+    candidateUploadFiles: Array.from(new Set(candidateUploadFiles)).sort(),
+    localOnlyFiles: Array.from(new Set([
+      ...localOnly,
+      `${WORK_DIR}/${MANIFEST_FILE}`,
+      `${WORK_DIR}/UPLOAD_HANDOFF.md`,
+      `${WORK_DIR}/runtime-events.js`,
+      `${WORK_DIR}/platform-profiles.json`
+    ])).sort(),
+    disclosureTargets: profile.disclosurePlacement,
+    forbiddenPatterns,
+    requiresUserConfirmation: true,
+    notes: [
+      profile.allowedFilePolicy,
+      profile.manifestPolicy === 'local_only'
+        ? `Keep ${WORK_DIR}/${MANIFEST_FILE} local. Do not upload it unless the target platform explicitly accepts registry JSON and the user confirms.`
+        : 'Confirm platform file rules before uploading auxiliary registry metadata.',
+      profile.runtimeDataPolicy === 'attribution_only_by_default'
+        ? 'Do not claim runtime analytics for this target unless an approved HTTP/MCP/API/webhook boundary is actually wired.'
+        : 'Runtime analytics require an explicit callback at the real invocation boundary.'
+    ]
+  };
+}
+
 function canonicalSignaturePayload(payload) {
   return [
     payload.schemaVersion || EVENT_SCHEMA_VERSION,
@@ -390,20 +613,31 @@ async function writeManifest(root, flags) {
         ]
       }
     },
-    platforms: Object.fromEntries(SUPPORTED_HUBS.map((hub) => [
-      hub,
-      {
+    platforms: Object.fromEntries(SUPPORTED_HUBS.map((hub) => {
+      const reviewProfile = reviewProfileForHub(hub);
+      return [
         hub,
-        sourceSurface: hub,
-        uploadPromptFile: `${WORK_DIR}/upload-${safeSkillKey(hub)}.md`,
-        eventDefaults: {
-          schemaVersion: EVENT_SCHEMA_VERSION,
+        {
           hub,
           sourceSurface: hub,
-          skillKey: safeSkillKey(claim?.skillKey || inspected.skillKey)
+          uploadPromptFile: `${WORK_DIR}/upload-${safeSkillKey(hub)}.md`,
+          packagePlanFile: `${WORK_DIR}/package-${safeSkillKey(hub)}.json`,
+          reviewProfile,
+          dataSourcePolicy: {
+            default: reviewProfile.defaultDataSource,
+            runtime: 'Only real Skill execution callbacks, MCP/HTTP/API Tool calls, webhooks, or external Agent ack.',
+            attribution: 'Publish/upload workflow, public disclosure, and tracking-link clicks.',
+            reported: 'Manual import or public platform numbers such as downloads, installs, favorites, or displayed usage.'
+          },
+          eventDefaults: {
+            schemaVersion: EVENT_SCHEMA_VERSION,
+            hub,
+            sourceSurface: hub,
+            skillKey: safeSkillKey(claim?.skillKey || inspected.skillKey)
+          }
         }
-      }
-    ])),
+      ];
+    })),
     sourceFingerprint: {
       sha256: inspected.package.sha256,
       fileCount: inspected.package.fileCount,
@@ -422,6 +656,9 @@ async function writeManifest(root, flags) {
 }
 
 function hubInstruction(hub) {
+  if (hub === 'xiashe') {
+    return '虾舍商店发布是完整 Skill 包和 registry manifest 的主流程。请保留公开披露、归因和 runtime analytics 回传能力；如果本地 manifest 有 registry public token 或已有创作者认证 CLI/API 会话，就创建或复用虾舍商店草稿。';
+  }
   if (hub === 'red') {
     return 'Red Skill 的官方上传 prompt / 页面流程是主流程。请先从小红书创作服务平台获取或使用用户提供的 Red Skill 上传 prompt，再把下面的虾舍 registry 要求作为附加说明合并进去。';
   }
@@ -434,6 +671,15 @@ function hubInstruction(hub) {
   if (hub === 'claude') {
     return 'Claude Skills 的官方上传/导入流程是主流程。请先确认 Claude 当前 Skill 格式和共享要求，再把下面的 registry 披露文本放入允许的说明文件。';
   }
+  if (hub === 'codex') {
+    return 'Codex 的本地 Skill 或 Agent 能力安装流程是主流程。请把 registry disclosure 放进公开说明，并优先通过 MCP/HTTP ack 回传真实调用。';
+  }
+  if (hub === 'cursor') {
+    return 'Cursor 的本地 Agent 能力、规则或工具安装流程是主流程。请把 registry disclosure 放进公开说明，并优先通过 HTTP/MCP callback 回传真实调用。';
+  }
+  if (hub === 'workbuddy') {
+    return 'WorkBuddy 的 Agent 能力安装和发布流程是主流程。请按 WorkBuddy 当前规则放置 SKILL.md/工具说明，并通过 HTTP/MCP callback 回传真实调用。';
+  }
   if (hub === 'dify') {
     return 'Dify Plugin/Tool 的官方打包和发布流程是主流程。请先按 Dify 插件规范处理 manifest 和工具定义，再把下面的 registry 披露文本放入允许的 README/说明字段。';
   }
@@ -444,6 +690,9 @@ function hubInstruction(hub) {
 }
 
 function platformPromptPlaceholder(hub) {
+  if (hub === 'xiashe') {
+    return '如果用户要发布到虾舍商店，并且当前环境已有创作者认证 CLI/API 会话，请优先创建虾舍商店草稿；如果没有认证会话，请完成 registry setup、披露、平台 profile 和 handoff 文件，不要要求 Agent 宿主登录或索取账号凭证。不要把第三方平台限制套用到虾舍完整 Skill 包。';
+  }
   if (hub === 'red') {
     return '如果用户还没有提供 Red Skill 官方上传 prompt，请先请用户从小红书创作服务平台复制该 prompt；不要用虾舍 prompt 替代 Red Skill 官方 prompt。';
   }
@@ -456,6 +705,15 @@ function platformPromptPlaceholder(hub) {
   if (hub === 'claude') {
     return '如果 Claude 提供官方 Skill 导入/上传说明，请优先使用官方说明；不要用虾舍 prompt 替代 Claude 官方流程。';
   }
+  if (hub === 'codex') {
+    return '如果 Codex 提供官方 Skill 或 Agent 能力安装说明，请优先使用官方说明；不要用虾舍 prompt 替代 Codex 官方流程。';
+  }
+  if (hub === 'cursor') {
+    return '如果 Cursor 提供官方规则、扩展或 Agent 能力安装说明，请优先使用官方说明；不要用虾舍 prompt 替代 Cursor 官方流程。';
+  }
+  if (hub === 'workbuddy') {
+    return '如果 WorkBuddy 提供官方上传 prompt、网页或 API 流程，请优先使用官方流程；不要用虾舍 prompt 替代 WorkBuddy 官方流程。';
+  }
   if (hub === 'dify') {
     return '如果 Dify 提供官方插件打包/发布命令，请优先使用官方命令；不要用虾舍 prompt 替代 Dify 官方流程。';
   }
@@ -467,19 +725,29 @@ function platformPromptPlaceholder(hub) {
 
 function uploadCompatibilityLines(hub, manifestFile) {
   const localManifest = `${WORK_DIR}/${manifestFile}`;
+  if (hub === 'xiashe') {
+    return [
+      '虾舍商店兼容性要求：',
+      `- 虾舍商店可以接收完整 Skill 包和 ${localManifest} registry manifest。`,
+      '- 保留公开披露文本、归因链接和 runtime event callback；不要删除 registry manifest。',
+      '- 提交草稿前仍需排除 .env、密钥、node_modules、dist/build 和无关本地文件。'
+    ];
+  }
   if (hub === 'red') {
     return [
       'Red Skill 兼容性要求：',
       '- Red Skill 如果只接受 Markdown/TXT，请不要把 JSON manifest 当作源码文件上传。',
       `- ${localManifest} 保留在用户本地用于虾舍 registry claim 和 analytics；只有在 Red Skill 官方流程明确允许附加 JSON 文件时才上传。`,
-      '- 如需在 Red Skill 页面披露 registry，请把下面的“公开披露文本”写入 Skill 介绍、README 或平台允许的 Markdown/TXT 字段。'
+      '- 如需在 Red Skill 页面披露 registry，请把下面的“公开披露文本”写入 Skill 介绍、README 或平台允许的 Markdown/TXT 字段。',
+      '- 不要把 public token、signing secret、runtime-events.js 或 .xiashe 内部 handoff/checklist 文件发布到 Markdown/TXT-only 平台。'
     ];
   }
   return [
     '第三方平台兼容性要求：',
     `- 如果目标平台不接受 ${localManifest} 这类 JSON manifest，请不要强行上传该文件。`,
     '- 保留本地 registry manifest，并把“公开披露文本”写入平台允许的说明字段、README、SKILL.md 或 Markdown/TXT 附件。',
-    '- 如果平台支持额外 manifest / metadata 文件，可以在提交前向用户确认是否一并上传。'
+    '- 如果平台支持额外 manifest / metadata 文件，可以在提交前向用户确认是否一并上传。',
+    '- 不要把 public token、signing secret、runtime-events.js 或内部 handoff/checklist 文件发布到不支持运行时回调的平台。'
   ];
 }
 
@@ -504,7 +772,8 @@ function publicDisclosure(inspected, registryUrl) {
 function skillMdRegistryBlock(inspected, hub) {
   const registry = inspected.registry || {};
   const registryUrl = registry.registryUrl || DEFAULT_REGISTRY_URL;
-  const publicToken = registry.publicToken || '<public token from registry manifest>';
+  const publicSkillId = registry.skillId || registry.publicSkillId || inspected.registry?.skillId || '<public registry skill id>';
+  const publicTokenHint = registry.publicToken ? `${String(registry.publicToken).slice(0, 4)}...${String(registry.publicToken).slice(-4)}` : '<stored in local registry manifest>';
   const marker = `${REGISTRY_PROVIDER}-registry`;
   return [
     `<!-- ${marker}:start -->`,
@@ -516,12 +785,14 @@ function skillMdRegistryBlock(inspected, hub) {
     `- Skill key: ${inspected.skillKey}`,
     `- Target hub: ${hub}`,
     `- Registry event endpoint: ${registryUrl}`,
-    `- Public write token: ${publicToken}`,
+    `- Public Skill ID: ${publicSkillId}`,
+    `- Public token location: local ${WORK_DIR}/${MANIFEST_FILE} only (${publicTokenHint})`,
     `- Event schema version: ${registry.eventSchemaVersion || EVENT_SCHEMA_VERSION}`,
     `- Source fingerprint: ${inspected.package.sha256}`,
     '',
     'Analytics boundary:',
-    '- The public token can only submit allowed aggregate analytics events. It cannot read creator data or administer the account.',
+    '- The local public token can only submit allowed aggregate analytics events. It cannot read creator data or administer the account.',
+    '- Do not publish the local public token in Markdown-only hubs. Keep it in the local manifest or runtime configuration.',
     '- Events should include only public metadata: hub, sourceSurface, campaign, scenario, anonymous installationId, invocationId, and status.',
     '- Do not send user prompts, private files, credentials, environment variables, account tokens, raw business content, or personal identifiers.',
     '- The creator can rotate/revoke the token or disable analytics from the dashboard.',
@@ -566,6 +837,8 @@ async function readPlatformPrompt(flags) {
 
 async function uploadPrompt(inspected, flags) {
   const hub = normalizeHub(flags.hub || 'generic') || 'generic';
+  const reviewProfile = reviewProfileForHub(hub);
+  const packagePlan = packagePlanForHub(inspected, hub);
   const sourceUrl = normalizeText(flags['source-url'] || flags['package-url'], 1000);
   const platformCommand = normalizeText(flags['platform-command'], 1000);
   const platformPrompt = await readPlatformPrompt(flags);
@@ -625,6 +898,31 @@ async function uploadPrompt(inspected, flags) {
     '- 最终上传文件、目录结构、压缩包、表单字段和上线版本，必须由你按照目标 Skill 平台的官方要求处理。',
     '- 如果目标平台要求重新整理源码、生成 markdown、压缩包或填写表单，请你在用户授权范围内完成，并在提交前向用户展示将上传的文件和字段。',
     '',
+    '平台审核 profile：',
+    '```json',
+    JSON.stringify(reviewProfile, null, 2),
+    '```',
+    '',
+    '平台包清单 plan：',
+    '```json',
+    JSON.stringify({
+      hub: packagePlan.hub,
+      packageMode: packagePlan.reviewProfile.packageMode,
+      candidateUploadFiles: packagePlan.candidateUploadFiles,
+      localOnlyFiles: packagePlan.localOnlyFiles,
+      disclosureTargets: packagePlan.disclosureTargets,
+      forbiddenPatterns: packagePlan.forbiddenPatterns,
+      dataSourcePolicy: packagePlan.dataSourcePolicy,
+      notes: packagePlan.notes
+    }, null, 2),
+    '```',
+    '',
+    '数据口径必须分开：',
+    '- runtime：只有真实 Skill 执行 callback、MCP/HTTP/API Tool、webhook 或外部 Agent ack 才能计入。',
+    '- attribution：发布、上传、归因链接点击、公开披露访问，只代表来源漏斗。',
+    '- reported：平台公开数字或手动导入，例如收藏、下载、安装、静态平台显示使用数。',
+    '- 如果无法确认 runtime callback 已经接在真实调用边界，就把该平台标记为 attribution 或 reported，不要伪造成 runtime。',
+    '',
     ...compatibilityLines,
     '',
     ...disclosureLines,
@@ -682,6 +980,9 @@ async function writeUnifiedHandoff(root, args) {
   const promptIndex = args.promptResults
     .map((item) => `- ${item.hub}: ${path.relative(root, item.promptPath)}`)
     .join('\n');
+  const profileIndex = args.packagePlans
+    .map((item) => `- ${item.hub}: ${path.relative(root, item.planPath)} (${item.plan.reviewProfile.packageMode}, ${item.plan.reviewProfile.defaultDataSource})`)
+    .join('\n');
   const registry = args.inspected.registry || {};
   const registryUrl = registry.registryUrl || DEFAULT_REGISTRY_URL;
   const content = [
@@ -710,6 +1011,14 @@ async function writeUnifiedHandoff(root, args) {
     '',
     promptIndex,
     '',
+    '## Platform review profiles',
+    '',
+    `Structured profile index: ${relativeOutDir}/platform-profiles.json`,
+    '',
+    profileIndex,
+    '',
+    'Use each package-<hub>.json as the upload allowlist/review checklist. Files listed as localOnlyFiles must not be uploaded to restrictive platforms unless the platform explicitly accepts them and the user confirms.',
+    '',
     '## Official prompt merge rule',
     '',
     'If the user gives a Red Skill / ClawHub / SkillHub / Claude / Dify / Coze official prompt, do not replace it. Append these registry requirements as constraints, and follow the official prompt for packaging, file format, and upload steps.',
@@ -758,6 +1067,14 @@ async function writeUnifiedHandoff(root, args) {
     '```',
     '',
     'If the hub cannot run callbacks, keep upload attribution and use campaign links or manual imports. Do not fake runtime events.',
+    '',
+    '## XiaShe Store draft auth',
+    '',
+    `For XiaShe Store, first check whether a submission already exists for this registry. ${COMMAND_NAME} skills publish draft can create or reuse the draft with the local registry public token from ${WORK_DIR}/${MANIFEST_FILE}; it should not require the user to expose their XiaShe login to the Agent.`,
+    '',
+    'If the registry token is missing or rejected, stop and ask the user to run `xiashe login` locally or generate a new Add Skill task. Do not upload the package as another creator.',
+    '',
+    'If the claim code expires while you are working, ask for a new code and reuse the existing scan, package plans, disclosure text, and review results instead of starting over.',
     ''
   ].join('\n');
   const handoffPath = path.join(args.outDir, HANDOFF_FILE);
@@ -1120,15 +1437,27 @@ async function setupAgentWorkflow(root, flags) {
   });
 
   const promptResults = [];
+  const packagePlans = [];
   for (const hub of hubs) {
     const promptPath = path.join(outDir, `upload-${safeSkillKey(hub)}.md`);
     const promptResult = await writePrompt(absoluteRoot, { ...flags, hub, out: promptPath });
+    const inspectedForPlan = await inspectSkill(absoluteRoot, flags);
+    const plan = packagePlanForHub(inspectedForPlan, hub);
+    const planPath = path.join(outDir, `package-${safeSkillKey(hub)}.json`);
+    await writeFile(planPath, `${JSON.stringify(plan, null, 2)}\n`, { mode: 0o600 });
     promptResults.push({
       hub,
       promptPath: typeof promptResult === 'string' ? promptPath : promptResult.outPath
     });
+    packagePlans.push({ hub, planPath, plan });
   }
   const inspectedAfterManifest = await inspectSkill(absoluteRoot, flags);
+  const profilesPath = path.join(outDir, 'platform-profiles.json');
+  await writeFile(
+    profilesPath,
+    `${JSON.stringify(Object.fromEntries(hubs.map((hub) => [hub, reviewProfileForHub(hub)])), null, 2)}\n`,
+    { mode: 0o600 }
+  );
   const shouldEmbedSkillMd = Boolean(flags['embed-skill-md']) || (hubs.includes('red') && !flags['no-skill-md']);
   const skillMdPath = shouldEmbedSkillMd
     ? await writeSkillMdRegistryBlock(absoluteRoot, inspectedAfterManifest, hubs.join(','))
@@ -1154,7 +1483,8 @@ async function setupAgentWorkflow(root, flags) {
     outDir,
     hubs,
     inspected: inspectedAfterManifest,
-    promptResults
+    promptResults,
+    packagePlans
   });
 
   const warnings = [];
@@ -1184,6 +1514,8 @@ async function setupAgentWorkflow(root, flags) {
     manifestPath: manifestResult.manifestPath,
     handoffPath,
     promptPaths: promptResults,
+    packagePlanPaths: packagePlans.map((item) => ({ hub: item.hub, planPath: item.planPath })),
+    profilesPath,
     skillMdPath,
     disclosurePath,
     snippetPath: snippetResult ? snippetResult.outPath : null,
@@ -1191,6 +1523,7 @@ async function setupAgentWorkflow(root, flags) {
     warnings,
     next: [
       `Use ${path.relative(absoluteRoot, handoffPath)} as the single Agent handoff. The Agent should not ask the user to manually pick registry files.`,
+      `Use ${path.relative(absoluteRoot, profilesPath)} and package-<hub>.json as the platform review profiles and upload allowlists.`,
       'When the user later pastes a Red Skill / ClawHub / SkillHub / Claude / Dify / Coze official prompt, the Agent should identify the platform and merge the matching registry checklist internally.',
       'Each prepared upload-<hub>.md pins the correct hub/sourceSurface value so platform analytics stay separated, but those files are internal checklists for the Agent.',
       skillMdPath
@@ -1240,6 +1573,37 @@ async function main() {
       print(flags.json ? result : formatVerify(result), flags.json);
       return;
     }
+    if (command === 'publish') {
+      const result = await setupAgentWorkflow(root, flags);
+      if (flags.json) {
+        print({ ok: true, mode: 'xiashe-publish', ...result }, true);
+      } else {
+        const lines = [
+          `${PRODUCT_NAME} publish handoff prepared.`,
+          `Targets: ${result.hubs.join(', ')}`,
+          `Manifest: ${result.manifestPath}`,
+          `Agent handoff: ${result.handoffPath}`,
+          `Platform profiles: ${result.profilesPath}`,
+          ...result.packagePlanPaths.map((item) => `Package plan (${item.hub}): ${item.planPath}`),
+          result.skillMdPath ? `Updated: ${result.skillMdPath}` : null,
+          `Disclosure: ${result.disclosurePath}`,
+          result.snippetPath ? `Runtime snippet: ${result.snippetPath}` : null,
+          ...result.warnings.map((warning) => `Warning: ${warning}`),
+          '',
+          'Next:',
+          '- Treat the target platform official upload flow as authoritative.',
+          '- Use the handoff file as the only XiaShe registry checklist.',
+          '- Before uploading, check whether this Skill already has a draft, submitted review, or published listing for the selected target; skip duplicate uploads and verify/update the existing record when possible.',
+          '- Check upload readiness and runtime readiness separately before submission.',
+          '- For XiaShe Store, create or update the store draft only when an authenticated creator CLI/API session is available.',
+          '- If no authenticated creator session is available, finish registry setup and handoff files without asking the Agent host for account credentials.',
+          '- For Markdown/TXT-only platforms, copy the disclosure text into an allowed public field instead of uploading registry JSON.',
+          '- Only count runtime usage when the Skill or Agent callback sends real runtime events.'
+        ].filter(Boolean);
+        print(lines.join('\n'), false);
+      }
+      return;
+    }
     if (command === 'setup' || command === 'handoff') {
       const result = await setupAgentWorkflow(root, flags);
       if (flags.json) {
@@ -1249,6 +1613,8 @@ async function main() {
           `Wrote ${result.manifestPath}`,
           `Wrote ${result.handoffPath}`,
           ...result.promptPaths.map((item) => `Wrote ${item.promptPath}`),
+          `Wrote ${result.profilesPath}`,
+          ...result.packagePlanPaths.map((item) => `Wrote ${item.planPath}`),
           `Wrote ${result.disclosurePath}`,
           result.snippetPath ? `Wrote ${result.snippetPath}` : null,
           ...result.warnings.map((warning) => `Warning: ${warning}`),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xiashe/skill",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "type": "module",
   "bin": {
     "xiashe-skill": "bin/xiashe-skill.mjs"