openxiangda 1.0.83 → 1.0.85

package/lib/cli.js

@@ -35,6 +35,8 @@ const { version: CURRENT_VERSION } = require('../package.json');
 
 const NPM_PACKAGE_NAME = 'openxiangda';
 const OFFICIAL_NPM_REGISTRY = 'https://registry.npmjs.org';
+const RUNTIME_UPLOAD_DEFAULT_TIMEOUT_MS = 120000;
+const RUNTIME_UPLOAD_CONCURRENCY = 3;
 
 async function main(argv) {
   const [command, ...rest] = argv;
@@ -114,7 +116,7 @@ Usage:
   openxiangda permission form-group-list|form-group-create|form-group-bind
   openxiangda settings get|save|indexes|indexes-save|data-management|data-management-save|public-access
   openxiangda resource validate|plan|publish|pull [--profile name] [--json]
-  openxiangda runtime deploy [--profile name] [--dist dist] [--build-id id] [--no-build] [--no-activate] [--json]
+  openxiangda runtime deploy [--profile name] [--dist dist] [--build-id id] [--upload-mode staged|legacy-json] [--upload-timeout-ms ms] [--no-build] [--no-activate] [--json]
   openxiangda runtime releases [--profile name] [--json]
   openxiangda runtime activate <releaseId> [--profile name] [--json]
   openxiangda inspect app|form|workflow|automation|permissions
@@ -2766,30 +2768,57 @@ async function runtime(args) {
     const buildId = normalizeRuntimeBuildId(flags['build-id'] || createRuntimeBuildId());
     const distDir = path.resolve(process.cwd(), flags.dist || 'dist');
     const assetBaseUrl = buildRuntimeAssetBaseUrl(target.appType, buildId);
+    const uploadMode = normalizeRuntimeUploadMode(flags['upload-mode']);
+    const uploadTimeoutMs = normalizeRuntimeUploadTimeoutMs(flags['upload-timeout-ms']);
+    const traceId = createRuntimeTraceId();
     if (!flags['no-build']) {
       runRuntimeBuild({
         buildId,
         appType: target.appType,
         assetBaseUrl,
         command: flags['build-command'],
+        jsonOutput: Boolean(flags.json),
       });
     }
     const files = collectRuntimeDistFiles(distDir, {
       includeSourceMaps: Boolean(flags['include-sourcemaps']),
     });
     const totalBytes = files.reduce((sum, file) => sum + file.size, 0);
+    printRuntimeProgress(
+      `runtime release upload: mode=${uploadMode} traceId=${traceId} files=${files.length} size=${formatBytes(totalBytes)} timeout=${uploadTimeoutMs}ms`
+    );
+    const releaseFiles =
+      uploadMode === 'legacy-json'
+        ? files.map(file => ({
+            path: file.path,
+            size: file.size,
+            sha256: file.sha256,
+            contentType: file.contentType,
+            contentBase64: file.buffer.toString('base64'),
+          }))
+        : await uploadRuntimeDistFilesStaged({
+            config,
+            profileName: target.profileName,
+            appType: target.appType,
+            buildId,
+            files,
+            traceId,
+            timeoutMs: uploadTimeoutMs,
+          });
     const data = await requestWithAuth(
       config,
       target.profileName,
       `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/runtime/releases`,
       {
         method: 'POST',
+        timeoutMs: uploadTimeoutMs,
+        headers: { 'x-openxiangda-trace-id': traceId },
         body: {
           buildId,
           version: flags.version || readWorkspaceVersion(),
           releaseNotes: flags.notes || flags['release-notes'] || '',
           activate: !flags['no-activate'],
-          files,
+          files: releaseFiles,
         },
       }
     );
@@ -2803,6 +2832,8 @@ async function runtime(args) {
       totalBytes,
       assetBaseUrl,
       activated: !flags['no-activate'],
+      uploadMode,
+      traceId,
     };
     if (flags.json) return writeJson(result);
     print(
@@ -2810,6 +2841,8 @@ async function runtime(args) {
         `runtime release 已上传: ${target.appType}`,
         `build: ${buildId}`,
         `files: ${files.length} (${formatBytes(totalBytes)})`,
+        `upload: ${uploadMode}`,
+        `traceId: ${traceId}`,
         `assetBase: ${assetBaseUrl}`,
         `active: ${result.activated ? 'yes' : 'no'}`,
       ].join('\n')
@@ -2822,11 +2855,16 @@ async function runtime(args) {
 
 function runRuntimeBuild(options) {
   const command = options.command || defaultRuntimeBuildCommand();
-  print(`构建 React SPA runtime: ${command}`);
+  if (options.jsonOutput) {
+    printRuntimeProgress(`构建 React SPA runtime: ${command}`);
+  } else {
+    print(`构建 React SPA runtime: ${command}`);
+  }
   const result = spawnSync(command, [], {
     cwd: process.cwd(),
     shell: true,
-    stdio: 'inherit',
+    stdio: options.jsonOutput ? 'pipe' : 'inherit',
+    encoding: options.jsonOutput ? 'utf8' : undefined,
     env: {
       ...process.env,
       OPENXIANGDA_APP_TYPE: options.appType,
@@ -2835,6 +2873,10 @@ function runRuntimeBuild(options) {
       OPENXIANGDA_RUNTIME_ASSET_BASE: options.assetBaseUrl,
     },
   });
+  if (options.jsonOutput) {
+    if (result.stdout) process.stderr.write(maskText(result.stdout));
+    if (result.stderr) process.stderr.write(maskText(result.stderr));
+  }
   if (result.error) fail(`runtime build 无法启动: ${result.error.message}`);
   if (result.status !== 0) fail(`runtime build 失败: exit ${result.status}`);
 }
@@ -2856,7 +2898,7 @@ function collectRuntimeDistFiles(distDir, options = {}) {
   }
   const totalBytes = files.reduce((sum, file) => sum + file.size, 0);
   if (totalBytes > 25 * 1024 * 1024) {
-    fail(`runtime dist 过大: ${formatBytes(totalBytes)}，当前 JSON 发布通道上限为 25MB`);
+    fail(`runtime dist 过大: ${formatBytes(totalBytes)}，当前 runtime 发布通道上限为 25MB`);
   }
   return files;
 }
@@ -2878,11 +2920,112 @@ function walkRuntimeDist(rootDir, currentDir, files, options) {
       size: buffer.length,
       sha256: crypto.createHash('sha256').update(buffer).digest('hex'),
       contentType: inferRuntimeContentType(relative),
-      contentBase64: buffer.toString('base64'),
+      buffer,
     });
   }
 }
 
+async function uploadRuntimeDistFilesStaged(options) {
+  const files = options.files || [];
+  let completed = 0;
+  const results = await runWithConcurrency(
+    files,
+    RUNTIME_UPLOAD_CONCURRENCY,
+    async file => {
+      const uploaded = await uploadRuntimeDistFile(options, file);
+      completed += 1;
+      printRuntimeProgress(
+        `runtime file uploaded [${completed}/${files.length}] ${file.path} ${formatBytes(file.size)} traceId=${options.traceId}`
+      );
+      return uploaded;
+    }
+  );
+  return results.map(file => ({
+    path: file.path,
+    size: file.size,
+    sha256: file.sha256,
+    contentType: file.contentType,
+  }));
+}
+
+async function uploadRuntimeDistFile(options, file) {
+  const apiPath = apiPathWithQuery(
+    `/openxiangda-api/v1/apps/${encodeURIComponent(options.appType)}/runtime/releases/files`,
+    {
+      buildId: options.buildId,
+      path: file.path,
+      size: file.size,
+      sha256: file.sha256,
+      contentType: file.contentType,
+    }
+  );
+  return await requestFormWithAuth(
+    options.config,
+    options.profileName,
+    apiPath,
+    () => {
+      const form = new FormData();
+      form.append(
+        'file',
+        new Blob([file.buffer], { type: file.contentType }),
+        path.basename(file.path)
+      );
+      return form;
+    },
+    {
+      timeoutMs: options.timeoutMs,
+      headers: { 'x-openxiangda-trace-id': options.traceId },
+    }
+  );
+}
+
+async function runWithConcurrency(items, concurrency, worker) {
+  const results = new Array(items.length);
+  let nextIndex = 0;
+  let firstError = null;
+  const workers = Array.from(
+    { length: Math.min(concurrency, items.length) },
+    async () => {
+      while (nextIndex < items.length && !firstError) {
+        const index = nextIndex;
+        nextIndex += 1;
+        try {
+          results[index] = await worker(items[index], index);
+        } catch (error) {
+          firstError = error;
+        }
+      }
+    }
+  );
+  await Promise.all(workers);
+  if (firstError) throw firstError;
+  return results;
+}
+
+function normalizeRuntimeUploadMode(value) {
+  const normalized = String(value || 'staged').trim().toLowerCase();
+  if (normalized === 'staged' || normalized === 'legacy-json') return normalized;
+  fail(`--upload-mode 只支持 staged 或 legacy-json，当前: ${value}`);
+}
+
+function normalizeRuntimeUploadTimeoutMs(value) {
+  const candidate =
+    value === undefined || value === null || value === ''
+      ? process.env.OPENXIANGDA_RUNTIME_UPLOAD_TIMEOUT_MS
+      : value;
+  const parsed = Number(candidate);
+  if (Number.isFinite(parsed) && parsed > 0) return parsed;
+  return RUNTIME_UPLOAD_DEFAULT_TIMEOUT_MS;
+}
+
+function createRuntimeTraceId() {
+  return `oxd-${Date.now().toString(36)}-${crypto.randomBytes(4).toString('hex')}`;
+}
+
+function printRuntimeProgress(message) {
+  process.stderr.write(`${maskText(message)}\n`);
+}
+
 function buildRuntimeAssetBaseUrl(appType, buildId) {
   return `/service/openxiangda-api/v1/apps/${encodeURIComponent(appType)}/runtime/releases/by-build/${encodeURIComponent(buildId)}/files/`;
 }
@@ -3231,6 +3374,7 @@ function ensureResourceBuckets(bound) {
   bound.resources.roles = bound.resources.roles || {};
   bound.resources.connectors = bound.resources.connectors || {};
   bound.resources.dataViews = bound.resources.dataViews || {};
+  bound.resources.authConfigs = bound.resources.authConfigs || {};
   bound.resources.notifications = bound.resources.notifications || {};
   bound.resources.notifications.templates = bound.resources.notifications.templates || {};
   bound.resources.notifications.typeConfigs = bound.resources.notifications.typeConfigs || {};
@@ -3441,6 +3585,14 @@ function saveDataViewResource(target, dataViewCode, dataViewId, extra = {}) {
   }, keys);
 }
 
+function saveAuthConfigResource(target, authConfigCode, configId, extra = {}) {
+  const keys = ['configId', 'status'];
+  saveStateResource(target, 'authConfigs', authConfigCode, {
+    ...pickStateFields(extra, keys),
+    configId,
+  }, keys);
+}
+
 function saveRoleResource(target, roleCode, roleId) {
   saveStateResource(target, 'roles', roleCode, { roleId }, ['roleId']);
 }
@@ -3548,6 +3700,7 @@ const RESOURCE_SPECS = [
   { key: 'automations', dir: 'automations', topFiles: ['automations.json'], pluralKeys: ['automations'] },
   { key: 'functions', dir: 'functions', topFiles: ['functions.json'], pluralKeys: ['functions'] },
   { key: 'dataViews', dir: 'data-views', topFiles: ['data-views.json'], pluralKeys: ['dataViews', 'data-views'] },
+  { key: 'authConfigs', dir: 'auth', topFiles: ['auth.json'], pluralKeys: ['authConfigs', 'auth'] },
   {
     key: 'pagePermissionGroups',
     dir: path.join('permissions', 'page-groups'),
@@ -3747,6 +3900,7 @@ function generateResourceTypes(manifest, outputFile) {
   );
   const dataViewCodes = unique((manifest.dataViews || []).map(item => item.code).filter(Boolean));
   const functionCodes = unique((manifest.functions || []).map(item => item.code).filter(Boolean));
+  const authConfigCodes = unique((manifest.authConfigs || []).map(item => item.code).filter(Boolean));
   const content = [
     '/* eslint-disable */',
     '// Generated by openxiangda resource typegen. Do not edit manually.',
@@ -3766,6 +3920,9 @@ function generateResourceTypes(manifest, outputFile) {
     `export const functionCodes = ${JSON.stringify(functionCodes, null, 2)} as const`,
     'export type FunctionCode = typeof functionCodes[number]',
     '',
+    `export const authConfigCodes = ${JSON.stringify(authConfigCodes, null, 2)} as const`,
+    'export type AuthConfigCode = typeof authConfigCodes[number]',
+    '',
     `export const runtimeMenus = ${JSON.stringify(menus, null, 2)} as const`,
     '',
     `export const pagePermissionGroups = ${JSON.stringify(pagePermissionGroups, null, 2)} as const`,
@@ -3780,6 +3937,7 @@ function generateResourceTypes(manifest, outputFile) {
     pagePermissionGroups: pagePermissionGroupCodes.length,
     dataViews: dataViewCodes.length,
     functions: functionCodes.length,
+    authConfigs: authConfigCodes.length,
   };
 }
 
@@ -3858,6 +4016,32 @@ function validateResourceItem(kind, item, errors, warnings) {
     }
     validateDataViewPerformance(label, definition, errors, warnings, storageMode);
   }
+  if (kind === 'authConfigs') {
+    const config = item.configJson || item.config || item;
+    if (!Array.isArray(config.methods)) {
+      errors.push(`${label}: 缺少 methods`);
+    } else {
+      config.methods.forEach((method, index) => {
+        if (!method?.type) errors.push(`${label}.methods[${index}]: 缺少 type`);
+        if (
+          method?.type === 'phone_code' &&
+          method.enabled !== false &&
+          !(
+            method.provider?.functionCode ||
+            method.providerFunctionCode ||
+            config.providers?.phone_code?.functionCode ||
+            config.providers?.phoneCode?.functionCode
+          )
+        ) {
+          errors.push(`${label}.methods[${index}]: phone_code 缺少 provider.functionCode`);
+        }
+      });
+    }
+    const registrationMode = String(config.registration?.mode || 'reject');
+    if (registrationMode !== 'reject') {
+      warnings.push(`${label}: 已开启非默认注册策略 ${registrationMode}，请确认身份匹配键、默认角色和审计字段`);
+    }
+  }
   if (kind === 'pagePermissionGroups' && !item.name) errors.push(`${label}: 缺少 name`);
   if (kind === 'formPermissionGroups') {
     if (!item.name) errors.push(`${label}: 缺少 name`);
@@ -4259,6 +4443,7 @@ async function buildResourcePlan(config, target, manifest) {
   addNotificationPlanActions(target, actions, manifest.notifications || [], existing);
   await addWorkflowPlanActions(config, target, actions, manifest.workflows, existing.workflows);
   addPlanActions(actions, 'function', manifest.functions, existing.functions, (item, current) => functionEquals(target, item, current));
+  addPlanActions(actions, 'authConfig', manifest.authConfigs, existing.authConfigs, (item, current) => authConfigEquals(item, current));
   await addAutomationPlanActions(config, target, actions, manifest.automations, existing.automations);
   addPlanActions(actions, 'dataView', manifest.dataViews, existing.dataViews, (item, current) => dataViewEquals(target.bound, item, current));
   addPlanActions(actions, 'pagePermissionGroup', manifest.pagePermissionGroups, existing.pagePermissionGroups, (item, current) => pagePermissionGroupEquals(target.bound, item, current));
@@ -4294,6 +4479,7 @@ async function publishResourceManifest(config, target, manifest, options = {}) {
   await publishNotificationResources(config, target, manifest.notifications || [], result);
   await publishWorkflowResources(config, target, manifest.workflows || [], result);
   await publishFunctionResources(config, target, manifest.functions || [], result);
+  await publishAuthConfigResources(config, target, manifest.authConfigs || [], result);
   await publishAutomationResources(config, target, manifest.automations || [], result);
   await publishDataViewResources(config, target, manifest.dataViews || [], result);
   await publishPagePermissionGroupResources(config, target, manifest.pagePermissionGroups || [], result);
@@ -4317,6 +4503,7 @@ async function fetchExistingResourceMaps(config, target, manifest) {
     notificationTypeConfigs: new Map(),
     workflows: new Map(),
     functions: new Map(),
+    authConfigs: new Map(),
     automations: new Map(),
     dataViews: new Map(),
     pagePermissionGroups: new Map(),
@@ -4422,6 +4609,31 @@ async function fetchExistingResourceMaps(config, target, manifest) {
       });
     }
   }
+  if ((manifest.authConfigs || []).length > 0) {
+    const data = await requestWithAuth(
+      config,
+      target.profileName,
+      apiPathWithQuery(`/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs`, {
+        page: 1,
+        pageSize: 1000,
+      })
+    );
+    indexByCode(maps.authConfigs, normalizeItems(data), item => item.code || item.resourceCode);
+    for (const item of manifest.authConfigs || []) {
+      const code = item.code || item.resourceCode;
+      const existing = maps.authConfigs.get(code);
+      if (!existing) continue;
+      const detail = await requestOptionalWithAuth(
+        config,
+        target.profileName,
+        `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs/${encodeURIComponent(code)}`
+      );
+      maps.authConfigs.set(code, {
+        ...existing,
+        ...(detail || {}),
+      });
+    }
+  }
   if ((manifest.dataViews || []).length > 0) {
     const data = await requestWithAuth(
       config,
@@ -5084,6 +5296,38 @@ async function publishFunctionResources(config, target, functions, result) {
   }
 }
 
+async function publishAuthConfigResources(config, target, authConfigs, result) {
+  for (const authItem of authConfigs) {
+    const code = authItem.code || authItem.resourceCode || 'default';
+    const existing = await findExistingAuthConfig(config, target, code);
+    const body = normalizeAuthConfigManifest(authItem);
+    const data = existing
+      ? await requestWithAuth(
+          config,
+          target.profileName,
+          `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs/${encodeURIComponent(code)}`,
+          { method: 'PUT', body }
+        )
+      : await requestWithAuth(
+          config,
+          target.profileName,
+          `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs`,
+          { method: 'POST', body }
+        );
+    if (data?.id) {
+      saveAuthConfigResource(target, data.code || code, data.id, {
+        status: data.status,
+      });
+    }
+    result.published.push({
+      kind: 'authConfig',
+      code,
+      action: existing ? 'update' : 'create',
+      id: data?.id,
+    });
+  }
+}
+
 async function publishDataViewResources(config, target, dataViews, result) {
   for (const dataViewItem of dataViews) {
     const existing = await findExistingDataView(config, target, dataViewItem.code);
@@ -5129,6 +5373,18 @@ async function findExistingFunction(config, target, code) {
   return null;
 }
 
+async function findExistingAuthConfig(config, target, code) {
+  const stateId = target.bound.resources?.authConfigs?.[code]?.configId;
+  const byCode = await requestOptionalWithAuth(
+    config,
+    target.profileName,
+    `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs/${encodeURIComponent(code)}`
+  );
+  if (byCode?.id) return byCode;
+  if (stateId) return { id: stateId, code };
+  return null;
+}
+
 async function findExistingDataView(config, target, code) {
   const stateId = target.bound.resources?.dataViews?.[code]?.dataViewId;
   const byCode = await requestOptionalWithAuth(
@@ -5279,6 +5535,7 @@ async function pruneResourceManifest(config, target, manifest, result) {
   await pruneWorkflows(config, target, desiredCodes(manifest.workflows), result);
   await pruneAutomations(config, target, desiredCodes(manifest.automations), result);
   await pruneFunctions(config, target, desiredCodes(manifest.functions), result);
+  await pruneAuthConfigs(config, target, desiredCodes(manifest.authConfigs), result);
   await pruneDataViews(config, target, desiredCodes(manifest.dataViews), result);
   await prunePagePermissionGroups(
     config,
@@ -5474,6 +5731,29 @@ async function pruneFunctions(config, target, desired, result) {
   }
 }
 
+async function pruneAuthConfigs(config, target, desired, result) {
+  const data = await requestWithAuth(
+    config,
+    target.profileName,
+    apiPathWithQuery(`/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs`, {
+      page: 1,
+      pageSize: 1000,
+    })
+  );
+  for (const item of normalizeItems(data)) {
+    const code = item.code || item.resourceCode;
+    if (!code || desired.has(code)) continue;
+    await pruneOne(config, target, result, 'authConfig', code, item.id, async () => {
+      await requestWithAuth(
+        config,
+        target.profileName,
+        `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs/${encodeURIComponent(code)}`,
+        { method: 'DELETE' }
+      );
+    });
+  }
+}
+
 async function prunePagePermissionGroups(config, target, desired, result) {
   const data = await requestWithAuth(
     config,
@@ -5549,6 +5829,7 @@ function removeStateResource(target, kind, code) {
     workflow: 'workflows',
     automation: 'automations',
     function: 'functions',
+    authConfig: 'authConfigs',
     dataView: 'dataViews',
     pagePermissionGroup: 'pagePermissionGroups',
     formPermissionGroup: 'formPermissionGroups',
@@ -5747,6 +6028,26 @@ async function pullResources(config, target) {
     written.push(path.relative(process.cwd(), filePath));
   }
 
+  const authConfigs = await requestWithAuth(
+    config,
+    target.profileName,
+    apiPathWithQuery(`/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs`, {
+      page: 1,
+      pageSize: 1000,
+    })
+  );
+  for (const item of normalizeItems(authConfigs)) {
+    const code = item.code || item.resourceCode || item.id;
+    const detail = await requestWithAuth(
+      config,
+      target.profileName,
+      `/openxiangda-api/v1/apps/${encodeURIComponent(target.appType)}/auth/configs/${encodeURIComponent(code)}`
+    );
+    const filePath = path.join(baseDir, 'auth', `${code}.json`);
+    writeResourceJsonFile(filePath, toPulledAuthConfig(detail));
+    written.push(path.relative(process.cwd(), filePath));
+  }
+
   const dataViews = await requestWithAuth(
     config,
     target.profileName,
@@ -5962,6 +6263,16 @@ function toPulledDataView(dataView, permissionGroups, lookups) {
   });
 }
 
+function toPulledAuthConfig(authConfig) {
+  return stripUndefinedValues({
+    code: authConfig.code || authConfig.resourceCode,
+    name: authConfig.name,
+    description: authConfig.description || '',
+    status: authConfig.status || 'active',
+    configJson: authConfig.configJson || authConfig.config || {},
+  });
+}
+
 function rewriteDataViewDefinitionForManifest(definition, lookups) {
   rewriteDataViewSourceForManifest(definition.base, lookups);
   for (const join of definition.joins || []) {
@@ -6142,6 +6453,40 @@ function normalizeDataViewManifest(bound, dataView) {
   });
 }
 
+function normalizeAuthConfigManifest(authConfig) {
+  const code = authConfig.code || authConfig.resourceCode || 'default';
+  const configJson = clonePlainJson(
+    authConfig.configJson || authConfig.config || withoutAuthConfigManifestMeta(authConfig)
+  );
+  return stripUndefinedValues({
+    code,
+    name: authConfig.name || configJson.name || code,
+    description:
+      authConfig.description !== undefined
+        ? authConfig.description
+        : configJson.description || '',
+    status: authConfig.status || configJson.status || 'active',
+    configJson: {
+      ...configJson,
+      methods: Array.isArray(configJson.methods) ? configJson.methods : [],
+      registration: configJson.registration || { mode: 'reject' },
+      binding: configJson.binding || { mode: 'auto' },
+    },
+  });
+}
+
+function withoutAuthConfigManifestMeta(authConfig) {
+  const next = withoutResourceMeta(authConfig);
+  delete next.code;
+  delete next.resourceCode;
+  delete next.name;
+  delete next.description;
+  delete next.status;
+  delete next.config;
+  delete next.configJson;
+  return next;
+}
+
 function withoutDataViewManifestMeta(dataView) {
   const next = withoutResourceMeta(dataView);
   delete next.permissionGroups;
@@ -6611,6 +6956,18 @@ function functionEquals(target, desired, existing) {
   );
 }
 
+function authConfigEquals(desired, existing) {
+  if (!existing) return false;
+  const expected = normalizeAuthConfigManifest(desired);
+  return (
+    String(existing.code || existing.resourceCode || '') === String(expected.code || '') &&
+    String(existing.name || '') === String(expected.name || '') &&
+    String(existing.description || '') === String(expected.description || '') &&
+    String(existing.status || 'active') === String(expected.status || 'active') &&
+    jsonEqualsForPlan(existing.configJson || {}, expected.configJson || {}, desired.__dir)
+  );
+}
+
 function dataViewEquals(bound, desired, existing) {
   if (!existing) return false;
   const expected = normalizeDataViewManifest(bound, desired);
@@ -7087,7 +7444,7 @@ async function requestWithAuth(config, profileName, apiPath, options = {}) {
   }
 }
 
-async function requestFormWithAuth(config, profileName, apiPath, formDataFactory) {
+async function requestFormWithAuth(config, profileName, apiPath, formDataFactory, options = {}) {
   const resolved = getProfile(config, profileName);
   const profile = resolved.profile;
   if (!profile.token?.accessToken) {
@@ -7099,7 +7456,8 @@ async function requestFormWithAuth(config, profileName, apiPath, formDataFactory
       profile.baseUrl,
       apiPath,
       formDataFactory(),
-      profile.token.accessToken
+      profile.token.accessToken,
+      options
     );
     return unwrapApi(payload);
   } catch (error) {
@@ -7111,25 +7469,41 @@ async function requestFormWithAuth(config, profileName, apiPath, formDataFactory
       profile.baseUrl,
       apiPath,
       formDataFactory(),
-      profile.token.accessToken
+      profile.token.accessToken,
+      options
     );
     return unwrapApi(payload);
   }
 }
 
-async function requestForm(baseUrl, apiPath, formData, accessToken) {
+async function requestForm(baseUrl, apiPath, formData, accessToken, options = {}) {
   if (typeof fetch !== 'function') {
     throw new Error('当前 Node.js 版本不支持 fetch，请使用 Node.js 18 或更高版本');
   }
   const url = `${baseUrl.replace(/\/+$/, '')}${apiPath}`;
-  const response = await fetch(url, {
-    method: 'POST',
-    headers: {
-      accept: 'application/json',
-      authorization: `Bearer ${accessToken}`,
-    },
-    body: formData,
-  });
+  const timeoutMs = normalizeRuntimeUploadTimeoutMs(options.timeoutMs);
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  let response;
+  try {
+    response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        accept: 'application/json',
+        authorization: `Bearer ${accessToken}`,
+        ...(options.headers || {}),
+      },
+      body: formData,
+      signal: controller.signal,
+    });
+  } catch (error) {
+    if (isAbortError(error)) {
+      throw new Error(maskText(`HTTP form request timed out after ${timeoutMs}ms: ${apiPath}`));
+    }
+    throw error;
+  } finally {
+    clearTimeout(timer);
+  }
   const text = await response.text();
   let payload = null;
   if (text) {
@@ -7146,6 +7520,13 @@ async function requestForm(baseUrl, apiPath, formData, accessToken) {
   return payload;
 }
 
+function isAbortError(error) {
+  return (
+    error?.name === 'AbortError' ||
+    String(error?.message || '').toLowerCase().includes('aborted')
+  );
+}
+
 async function refreshProfile(config, profileName) {
   const { profile } = getProfile(config, profileName);
   if (!profile.token?.refreshToken) {