openxiangda 1.0.18 → 1.0.20

package/openxiangda-skills/SKILL.md

@@ -74,6 +74,8 @@ When the user provides a root domain such as `https://yida.wisejob.cn/`, use it
 - Before publishing to another platform, verify the workspace is bound for that profile. Resource IDs from one profile must not be reused for another profile.
 - Use `openxiangda app snapshot <APP_XXX> --profile <name> --json` for diagnosis before changing an existing app.
 - Run write commands that update `.openxiangda/state.json` sequentially within the same workspace. Read-only commands can run in parallel.
+- JS_CODE is backend-executed workflow/automation logic, not frontend page code. Use it when logic must run after a backend trigger such as fixed cron schedules, form date-field schedules, form submit/update/delete/field-change events, or workflow approval/process events.
+- Use JS_CODE for cross-form data queries, create/update/batch update operations, process termination, platform API calls, external HTTP calls, and complex orchestration that the frontend cannot handle reliably. Do not use it for simple UI interactions, ordinary form validation, or display-only page behavior.
 - For workflow/automation JS_CODE nodes, prefer V2 `runtimeMode: "trusted_node"`. AI-authored source must be TypeScript under `sy-lowcode-app-workspace/src/js-code-nodes/<scriptCode>/index.ts`. `pnpm build-js-code --script <scriptCode>` runs TypeScript validation before bundling, and `sourceFile.localPath` should point to the TS source; the CLI builds, uploads, and replaces it with snapshot metadata during validate/create.
 
 ## Subskills

package/openxiangda-skills/references/automation-v3.md

@@ -7,6 +7,8 @@ Automations have two files:
 
 ## Trigger Config
 
+Automation can run from form events, workflow events, fixed cron schedules, or a form date field reaching a configured time. Pair these triggers with JS_CODE when the action must execute on the backend and cannot be handled reliably by a frontend page.
+
 Form submit trigger:
 
 ```json
@@ -96,7 +98,7 @@ Supported node types:
 
 ## JS_CODE V2
 
-Use trusted Node JS_CODE nodes for AI/admin automation logic:
+Use trusted Node JS_CODE nodes for AI/admin automation logic that runs after an automation trigger. Typical cases include scheduled data cleanup, date-field reminders, cross-form synchronization after submit/update/delete, workflow-completed follow-up writes, calling internal platform APIs, calling external HTTP services, and other backend-only orchestration.
 
 ```json
 {
@@ -117,7 +119,45 @@ Use trusted Node JS_CODE nodes for AI/admin automation logic:
 
 Author source in `sy-lowcode-app-workspace/src/js-code-nodes/<scriptCode>/index.ts`. AI-authored source must be TypeScript. Build with `pnpm build-js-code --script <scriptCode>`; the command runs TypeScript validation before bundling. During validate/create, the CLI uploads the generated bundle, replaces `sourceFile.localPath` with `{ bucketName, objectName, sha256, ... }`, and the backend verifies sha256 before execution.
 
-Scripts may use `module.exports = async (ctx) => {}`, `require`, `process`, `Buffer`, legacy `methods.*`, arbitrary HTTP, and `platform.api` for `/openxiangda-api/v1`.
+The backend runs the snapshot in the trusted Node runtime, applies the node timeout (`30000` ms by default), stores execution logs, and writes the returned value to the node output and `variables.node_<nodeId>`. Scripts may use `export default async function (ctx) {}`, `module.exports = async (ctx) => {}`, `require`, `process`, `Buffer`, arbitrary HTTP, and `platform.api` for `/openxiangda-api/v1`.
+
+Runtime context includes `ctx.triggerEvent`, `ctx.formData`, `ctx.workflowData`, `ctx.operator`, `ctx.app`, `ctx.variables`, and `ctx.node`. Data/process bridge methods include `ctx.methods.queryOneData`, `queryManyData`, `updateOneData`, `updateDataByFormInstanceId`, `updateManyData`, `createOneData`, `terminateProcess`, and `getAllParentDepartments`.
+
+Example `src/js-code-nodes/scheduled_reconcile/index.ts`:
+
+```ts
+export default async function scheduledReconcile(ctx) {
+  const appType = ctx.app.appType;
+  const current = ctx.formData?.current || {};
+  const formInstanceId =
+    ctx.triggerEvent?.data?.formInstanceId ||
+    current.formInstanceId ||
+    current.formInstId;
+
+  const pendingRows = await ctx.methods.queryManyData(appType, "FORM_ORDER", {
+    status: "pending",
+  });
+
+  if (formInstanceId) {
+    await ctx.methods.updateDataByFormInstanceId(
+      appType,
+      "FORM_ORDER",
+      formInstanceId,
+      { last_checked_at: new Date().toISOString() }
+    );
+  }
+
+  const log = await ctx.methods.createOneData(appType, "FORM_JOB_LOG", {
+    trigger_type: ctx.triggerEvent?.type || "scheduled",
+    processed_count: Array.isArray(pendingRows) ? pendingRows.length : 0,
+  });
+
+  return {
+    processedCount: pendingRows?.length || 0,
+    logId: log?.formInstanceId || log?.id,
+  };
+}
+```
 
 Validation rules:
 

package/openxiangda-skills/references/workflow-v3.md

@@ -52,6 +52,8 @@ Supported node types:
 
 ## JS_CODE V2
 
+Workflow JS_CODE runs on the backend when the process reaches the `js_code` node. Use it before or after approval nodes, in branches, or before ending a process when the workflow needs server-side side effects such as cross-form synchronization, audit record creation, external API calls, or terminating a related process. Do not use it for frontend-only behavior.
+
 Inline:
 
 ```json
@@ -87,7 +89,43 @@ File snapshot:
 }
 ```
 
-AI-authored JS_CODE source must be TypeScript under `sy-lowcode-app-workspace/src/js-code-nodes/<scriptCode>/index.ts`. When validating or creating, the CLI runs `pnpm build-js-code --script <scriptCode>`, which runs TypeScript validation first, bundles to `dist/js-code-nodes/<scriptCode>/index.cjs`, uploads the bundle, and replaces `sourceFile.localPath` with immutable snapshot metadata. Scripts can export `export default async function (ctx) {}` or `module.exports = async (ctx) => {}` and call `ctx.platform.api` or global `platform.api`; the default API namespace is `/openxiangda-api/v1`.
+AI-authored JS_CODE source must be TypeScript under `sy-lowcode-app-workspace/src/js-code-nodes/<scriptCode>/index.ts`. When validating or creating, the CLI runs `pnpm build-js-code --script <scriptCode>`, which runs TypeScript validation first, bundles to `dist/js-code-nodes/<scriptCode>/index.cjs`, uploads the bundle, and replaces `sourceFile.localPath` with immutable snapshot metadata. The backend verifies snapshot `sha256`, runs it in the trusted Node runtime, applies the node timeout (`30000` ms by default), stores execution logs, and writes the returned value to the node output and `variables.node_<nodeId>`.
+
+Scripts can export `export default async function (ctx) {}` or `module.exports = async (ctx) => {}`. The runtime exposes `ctx.triggerEvent`, `ctx.formData`, `ctx.workflowData`, `ctx.operator`, `ctx.app`, `ctx.variables`, `ctx.methods.*`, `ctx.platform.api.*`, `ctx.utils`, `require`, `process`, and `Buffer`. Use `ctx.methods.queryOneData/queryManyData/updateOneData/updateDataByFormInstanceId/updateManyData/createOneData/terminateProcess/getAllParentDepartments` for platform-side data and process operations.
+
+Example `src/js-code-nodes/sync_customer/index.ts`:
+
+```ts
+export default async function syncCustomer(ctx) {
+  const current = ctx.formData?.current || {};
+  const appType = ctx.app.appType;
+  const customerNo = current.customer_no;
+
+  const customer = await ctx.methods.queryOneData(appType, "FORM_CUSTOMER", {
+    customer_no: customerNo,
+  });
+
+  if (customer) {
+    await ctx.methods.updateOneData(
+      appType,
+      "FORM_CUSTOMER",
+      { customer_no: customerNo },
+      { last_approved_at: new Date().toISOString() }
+    );
+  }
+
+  const log = await ctx.methods.createOneData(appType, "FORM_SYNC_LOG", {
+    source: "workflow",
+    customer_no: customerNo,
+    result: customer ? "updated" : "missing",
+  });
+
+  return {
+    customerFound: Boolean(customer),
+    logId: log?.formInstanceId || log?.id,
+  };
+}
+```
 
 Field permission config lives in `flowConfig` by node ID:
 

package/openxiangda-skills/skills/openxiangda-workflow-automation/SKILL.md

@@ -44,7 +44,9 @@ Use `workflow pull` to inspect the live definition. Use logical workflow codes l
 
 ## JS_CODE V2
 
-For non-trivial logic, prefer JS_CODE V2 trusted Node scripts over large inline snippets. AI-authored JS_CODE source must be TypeScript:
+JS_CODE is the backend execution escape hatch for workflow and automation. Use it when the logic must run on the server after a backend trigger, such as a fixed cron schedule, a form date-field schedule, a form submit/update/delete/field-change event, or a workflow approval/process event. It is appropriate for cross-form data queries, create/update/batch update operations, process termination, platform API calls, external HTTP calls, and complex orchestration that the frontend cannot handle reliably.
+
+Do not use JS_CODE for simple UI interactions, ordinary form validation, display-only page behavior, or logic that belongs in a normal React code page. For non-trivial backend logic, prefer JS_CODE V2 trusted Node scripts over large inline snippets. AI-authored JS_CODE source must be TypeScript:
 
 1. Put source in `sy-lowcode-app-workspace/src/js-code-nodes/<scriptCode>/index.ts`.
 2. Run `pnpm build-js-code --script <scriptCode>`. This command runs TypeScript validation first and only bundles after `tsc` passes.
@@ -68,7 +70,14 @@ For non-trivial logic, prefer JS_CODE V2 trusted Node scripts over large inline
 
 The CLI requires `sourceFile.localPath` to point to `src/js-code-nodes/<scriptCode>/index.ts`. During validate/create it runs `pnpm build-js-code --script <scriptCode>`, uploads the generated `dist/js-code-nodes/<scriptCode>/index.cjs` to `/file/js-code-snapshot/upload`, verifies the server snapshot metadata, and replaces it with `{ bucketName, objectName, sha256, ... }`.
 
-Inside the TypeScript script, prefer `export default async function (ctx) {}` or `module.exports = async (ctx) => {}`. The runtime exposes Node `require`, `process`, `Buffer`, installed dependencies, arbitrary HTTP, legacy `methods.*`, and `platform.api` for `/openxiangda-api/v1`.
+The backend verifies the uploaded snapshot sha256 before execution, runs it in the trusted Node runtime, applies the node timeout (`30000` ms by default), stores console/runtime logs in the execution record, and writes the returned value to the node output and `variables.node_<nodeId>`.
+
+Inside the TypeScript script, prefer `export default async function (ctx) {}` or `module.exports = async (ctx) => {}`. The runtime exposes:
+
+- Context: `ctx.triggerEvent`, `ctx.formData`, `ctx.workflowData`, `ctx.operator`, `ctx.app`, `ctx.variables`, and `ctx.node`.
+- Data/process methods: `ctx.methods.queryOneData`, `queryManyData`, `updateOneData`, `updateDataByFormInstanceId`, `updateManyData`, `createOneData`, `terminateProcess`, and `getAllParentDepartments`.
+- Platform API bridge: `ctx.platform.api.get/post/put/patch/delete/request` for `/openxiangda-api/v1`.
+- Node runtime helpers: `require`, `process`, `Buffer`, `ctx.utils`, `ctx.utils.http`, and `ctx.console`.
 
 ## Automation Flow
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openxiangda",
-  "version": "1.0.18",
+  "version": "1.0.20",
   "description": "OpenXiangda CLI, workspace build tools, runtime SDK, and form components.",
   "private": false,
   "bin": {

package/packages/sdk/dist/components/index.cjs

@@ -46195,6 +46195,17 @@ var StandardFormPage = ({
 
 // packages/sdk/src/components/modules/DataManagementList.tsx
 var import_jsx_runtime101 = require("react/jsx-runtime");
+var DEFAULT_MAX_VISIBLE_ROW_ACTIONS = 4;
+var ACTION_COLUMN_MIN_WIDTH = 96;
+var ACTION_BUTTON_ESTIMATED_WIDTH = 56;
+var ACTION_MORE_BUTTON_WIDTH = 36;
+var ACTION_COLUMN_HORIZONTAL_PADDING = 24;
+function normalizeMaxVisibleRowActions(maxVisibleRowActions) {
+  if (typeof maxVisibleRowActions !== "number" || !Number.isFinite(maxVisibleRowActions)) {
+    return DEFAULT_MAX_VISIBLE_ROW_ACTIONS;
+  }
+  return Math.max(0, Math.floor(maxVisibleRowActions));
+}
 var createGroup = () => ({
   id: `group_${Date.now()}_${Math.random().toString(36).slice(2)}`,
   logic: "AND",
@@ -47127,7 +47138,8 @@ var DataManagementList = ({
   detailPageUrlBuilder,
   submitRenderer,
   requestOverride,
-  rowActions = []
+  rowActions = [],
+  maxVisibleRowActions
 }) => {
   const rootRef = (0, import_react279.useRef)(null);
   const api = (0, import_react279.useMemo)(() => {
@@ -47557,6 +47569,12 @@ var DataManagementList = ({
     setImportBase64("");
     await loadData({ current: 1, pageSize });
   };
+  const visibleRowActionLimit = normalizeMaxVisibleRowActions(maxVisibleRowActions);
+  const rowActionCount = 1 + rowActions.length + (readonly ? 0 : 1) + (isProcessForm ? 1 : 0);
+  const actionColumnWidth = Math.max(
+    ACTION_COLUMN_MIN_WIDTH,
+    Math.min(rowActionCount, visibleRowActionLimit) * ACTION_BUTTON_ESTIMATED_WIDTH + (rowActionCount > visibleRowActionLimit ? ACTION_MORE_BUTTON_WIDTH : 0) + ACTION_COLUMN_HORIZONTAL_PADDING
+  );
   const columns = (0, import_react279.useMemo)(() => {
     const baseColumns = visibleFields.map((field) => {
       const columnWidth = widths[field.fieldId] || field.width || 160;
@@ -47583,53 +47601,88 @@ var DataManagementList = ({
       {
         title: "\u64CD\u4F5C",
         key: "__actions",
-        width: 136,
+        width: actionColumnWidth,
         fixed: "right",
-        render: (_, record2) => /* @__PURE__ */ (0, import_jsx_runtime101.jsxs)(import_antd39.Space, { size: 4, children: [
-          /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_antd39.Button, { type: "link", size: "small", onClick: () => handleDetail(record2), children: "\u8BE6\u60C5" }),
-          /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(
-            import_antd39.Dropdown,
+        render: (_, record2) => {
+          const actions = [
             {
-              trigger: ["click"],
-              getPopupContainer,
-              menu: {
-                items: [
-                  ...!readonly ? [
-                    {
-                      key: "delete",
-                      label: "\u5220\u9664",
-                      danger: true,
-                      icon: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_icons16.DeleteOutlined, {}),
-                      onClick: () => confirmDanger(
-                        "\u786E\u8BA4\u5220\u9664",
-                        "\u5220\u9664\u540E\u4E0D\u53EF\u6062\u590D\uFF0C\u786E\u8BA4\u7EE7\u7EED\u5417\uFF1F",
-                        () => handleDelete([String(getRecordId(record2))])
-                      )
-                    }
-                  ] : [],
-                  ...rowActions.map((action) => ({
+              key: "detail",
+              label: "\u8BE6\u60C5",
+              onClick: () => handleDetail(record2)
+            },
+            ...rowActions.map((action) => ({
+              key: action.key,
+              label: action.label,
+              danger: action.danger,
+              onClick: () => action.onClick(record2)
+            })),
+            ...!readonly ? [
+              {
+                key: "delete",
+                label: "\u5220\u9664",
+                danger: true,
+                icon: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_icons16.DeleteOutlined, {}),
+                onClick: () => confirmDanger(
+                  "\u786E\u8BA4\u5220\u9664",
+                  "\u5220\u9664\u540E\u4E0D\u53EF\u6062\u590D\uFF0C\u786E\u8BA4\u7EE7\u7EED\u5417\uFF1F",
+                  () => handleDelete([String(getRecordId(record2))])
+                )
+              }
+            ] : [],
+            ...isProcessForm ? [
+              {
+                key: "workflow",
+                label: "\u6D41\u7A0B\u65E5\u5FD7",
+                icon: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_icons16.HistoryOutlined, {}),
+                onClick: () => import_antd39.message.info("\u8BF7\u901A\u8FC7 detailRenderer \u63A5\u5165\u6D41\u7A0B\u65E5\u5FD7\u6216\u6D41\u7A0B\u56FE\u5165\u53E3")
+              }
+            ] : []
+          ];
+          const visibleActions = actions.slice(0, visibleRowActionLimit);
+          const moreActions = actions.slice(visibleRowActionLimit);
+          return /* @__PURE__ */ (0, import_jsx_runtime101.jsxs)(import_antd39.Space, { size: 4, children: [
+            visibleActions.map((action) => /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(
+              import_antd39.Button,
+              {
+                type: "link",
+                size: "small",
+                danger: action.danger,
+                onClick: action.onClick,
+                children: action.label
+              },
+              action.key
+            )),
+            moreActions.length > 0 && /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(
+              import_antd39.Dropdown,
+              {
+                trigger: ["click"],
+                getPopupContainer,
+                menu: {
+                  items: moreActions.map((action) => ({
                     key: action.key,
                     label: action.label,
                     danger: action.danger,
-                    onClick: () => action.onClick(record2)
-                  })),
-                  ...isProcessForm ? [
-                    {
-                      key: "workflow",
-                      label: "\u6D41\u7A0B\u65E5\u5FD7",
-                      icon: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_icons16.HistoryOutlined, {}),
-                      onClick: () => import_antd39.message.info("\u8BF7\u901A\u8FC7 detailRenderer \u63A5\u5165\u6D41\u7A0B\u65E5\u5FD7\u6216\u6D41\u7A0B\u56FE\u5165\u53E3")
-                    }
-                  ] : []
-                ]
-              },
-              children: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_antd39.Button, { type: "text", size: "small", icon: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_icons16.MoreOutlined, {}) })
-            }
-          )
-        ] })
+                    icon: action.icon,
+                    onClick: action.onClick
+                  }))
+                },
+                children: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(
+                  import_antd39.Button,
+                  {
+                    type: "text",
+                    size: "small",
+                    icon: /* @__PURE__ */ (0, import_jsx_runtime101.jsx)(import_icons16.MoreOutlined, {}),
+                    "aria-label": "\u66F4\u591A\u64CD\u4F5C"
+                  }
+                )
+              }
+            )
+          ] });
+        }
       }
     ];
   }, [
+    actionColumnWidth,
     confirmDanger,
     commitColumnWidth,
     getPopupContainer,
@@ -47640,13 +47693,17 @@ var DataManagementList = ({
     readonly,
     rowActions,
     updateColumnWidth,
+    visibleRowActionLimit,
     visibleFields,
     widths
   ]);
   const tableSize = density === "compact" ? "small" : density === "loose" ? "large" : "middle";
   const tableScrollX = Math.max(
     900,
-    visibleFields.reduce((sum, field) => sum + (widths[field.fieldId] || field.width || 160), 136)
+    visibleFields.reduce(
+      (sum, field) => sum + (widths[field.fieldId] || field.width || 160),
+      actionColumnWidth
+    )
   );
   const importPreviewColumns = (0, import_react279.useMemo)(() => {
     const keys2 = Array.from(
@@ -48298,6 +48355,7 @@ function LowcodePageRenderer({ schema, context }) {
           configScope: "personal",
           forcedConfig: props.forcedConfig,
           showForcedConfig: props.showForcedConfig,
+          maxVisibleRowActions: props.maxVisibleRowActions,
           requestOverride
         },
         node.id