openyida 2026.5.15 → 2026.5.17

package/README.md

@@ -258,12 +258,14 @@ Run `openyida --help` or `openyida <command> --help` for detailed usage.
 | `openyida env setup` | Choose a customer-friendly login environment preset: public, overseas, Alibaba intranet, or private deployment |
 | `openyida env <list\|show\|switch\|add\|remove>` | Manage public/private Yida environment profiles |
 | `openyida commands [--json]` | Emit the machine-readable command manifest |
-| `openyida login [--qr\|--agent-qr\|--codex\|--browser] [--env <name>\|--overseas] [--corp-id <corpId>]` | Log in to Yida |
+| `openyida login [--qr\|--agent-qr\|--codex\|--browser] [--env <name>\|--overseas\|--yidaapps] [--corp-id <corpId>]` | Log in to Yida |
 | `openyida logout` | Log out or switch account |
 | `openyida auth <status\|login\|refresh\|logout>` | Manage login status |
 | `openyida org list` | List accessible organizations |
 | `openyida org switch --corp-id <corpId>` | Switch organization without logging in again |
 
+Environment selectors such as `--env intl`, `--overseas`, and `--yidaapps` can be used on login-required commands to choose the target Yida environment for that run.
+
 ### Applications
 
 | Command | Description |
@@ -289,7 +291,7 @@ Run `openyida --help` or `openyida <command> --help` for detailed usage.
 | `openyida build-page <sourceFile> [--output file\|--write]` | Build/fix Yida-compatible page source from OpenYida authoring JSX |
 | `openyida check-page <sourceFile> [--compat] [--json]` | Check page compatibility; `.oyd.jsx` is compatibility-built before linting |
 | `openyida compile <sourceFile> [--compat]` | Compile a custom page locally; `.oyd.jsx` sources are compatibility-built first |
-| `openyida publish <sourceFile> <appType> <formUuid> [--compat] [--health-check] [--open\|--no-open]` | Compile and publish a custom page |
+| `openyida publish <sourceFile> <appType> <formUuid> [--compat] [--health-check] [--force] [--open\|--no-open]` | Compile and publish a custom display page; by default the target must be `formType=display` |
 | `openyida update-form-config <appType> <formUuid> <isRenderNav> <title>` | Update page/form display configuration |
 
 ### Data, Permissions, and Sharing

package/bin/yida.js

@@ -291,6 +291,7 @@ function applyLoginEnvironmentFlags(cliArgs) {
     '--overseas': 'intl',
     '--international': 'intl',
     '--global': 'intl',
+    '--yidaapps': 'intl',
     '--alibaba': 'alibaba',
     '--internal': 'alibaba',
     '--intranet': 'alibaba',
@@ -317,6 +318,11 @@ function applyLoginEnvironmentFlags(cliArgs) {
   return filteredArgs;
 }
 
+function applyGlobalEnvironmentFlags() {
+  const filteredArgs = applyLoginEnvironmentFlags(args);
+  args.splice(0, args.length, ...filteredArgs);
+}
+
 // 解析全局 --quiet 开关：从 args 中剔除并设置 YIDA_QUIET=1，让 chalk.js
 // 的所有装饰输出（banner/step/info/...）变 no-op，AI 即可直接 `... --quiet | jq`。
 function applyQuietFlag() {
@@ -329,6 +335,7 @@ function applyQuietFlag() {
 
 async function main() {
   applyQuietFlag();
+  applyGlobalEnvironmentFlags();
 
   if (!command || command === '--help' || command === '-h') {
     handleFirstRunGuide();
@@ -611,7 +618,7 @@ async function main() {
     case 'publish': {
       // 参数顺序：<源文件路径> <appType> <formUuid>
       // publish.js 内部读取顺序：argv[2]=appType, argv[3]=formUuid, argv[4]=sourceFile
-      const passThroughFlags = new Set(['--skip-lint', '--health-check', '--check', '--open', '--no-open', '--compat', '--modern']);
+      const passThroughFlags = new Set(['--skip-lint', '--health-check', '--check', '--open', '--no-open', '--compat', '--modern', '--force']);
       const forwardedFlags = args.filter(arg => passThroughFlags.has(arg));
       const filteredArgs = args.filter(arg => !passThroughFlags.has(arg));
       if (filteredArgs.length < 3) {

package/lib/app/publish.js

@@ -26,6 +26,7 @@ const { banner, step, label, success, fail, warn, info, error, result, usage, hi
 const { compileSource } = require('./page-compiler');
 const { runLintCheck } = require('./page-linter');
 const { buildPageFile, isAuthoringPath } = require('./page-compat');
+const { fetchFormPageList } = require('./form-navigation');
 const { parseOpenOption, withBrowserHandoff } = require('../core/browser-handoff');
 
 // ── 配置读取 ──────────────────────────────────────────
@@ -43,7 +44,8 @@ function parseArgs() {
   const skipLint = args.includes('--skip-lint');
   const healthCheck = args.includes('--health-check') || args.includes('--check');
   const compat = args.includes('--compat') || args.includes('--modern');
-  const filteredArgs = args.filter(arg => arg !== '--skip-lint' && arg !== '--health-check' && arg !== '--check' && arg !== '--compat' && arg !== '--modern');
+  const force = args.includes('--force');
+  const filteredArgs = args.filter(arg => arg !== '--skip-lint' && arg !== '--health-check' && arg !== '--check' && arg !== '--compat' && arg !== '--modern' && arg !== '--force');
 
   if (filteredArgs.length < 3) {
     usage(t('publish.usage'), t('publish.example'));
@@ -56,6 +58,7 @@ function parseArgs() {
     skipLint,
     healthCheck,
     compat,
+    force,
     browserOpenMode: openOption.mode,
   };
 }
@@ -522,6 +525,76 @@ function warnDuplicateSourceMismatches(sourcePath) {
   return mismatches;
 }
 
+function normalizeFormType(formType) {
+  return String(formType || '').trim().toLowerCase();
+}
+
+function findPublishTarget(forms, formUuid) {
+  return (Array.isArray(forms) ? forms : []).find((form) => form && form.formUuid === formUuid) || null;
+}
+
+function isCustomPageTarget(form) {
+  return normalizeFormType(form && form.formType) === 'display';
+}
+
+async function verifyPublishTarget(appType, formUuid, authRef, options = {}) {
+  if (options.force) {
+    return { ok: true, skipped: true };
+  }
+
+  try {
+    const forms = await fetchFormPageList(appType, authRef);
+    const target = findPublishTarget(forms, formUuid);
+
+    if (!target) {
+      return { ok: false, reason: 'not_found' };
+    }
+
+    if (!isCustomPageTarget(target)) {
+      return { ok: false, reason: 'wrong_type', target };
+    }
+
+    return { ok: true, target };
+  } catch (targetError) {
+    return { ok: false, reason: 'fetch_failed', error: targetError };
+  }
+}
+
+async function ensurePublishTargetOrExit(appType, formUuid, authRef, options = {}) {
+  if (options.force) {
+    warn(t('publish.target_check_forced'));
+    return null;
+  }
+
+  info(t('publish.target_checking'));
+  const check = await verifyPublishTarget(appType, formUuid, authRef, options);
+
+  if (check.ok) {
+    const targetName = check.target.formName || formUuid;
+    const targetType = check.target.formType || 'display';
+    success(t('publish.target_check_ok', targetName, targetType));
+    return check.target;
+  }
+
+  if (check.reason === 'wrong_type') {
+    const target = check.target || {};
+    const targetName = target.formName || formUuid;
+    const targetType = target.formType || '-';
+    fail(t('publish.target_type_invalid', formUuid, targetType));
+    hint(t('publish.target_type_hint', targetName, targetType));
+  } else if (check.reason === 'not_found') {
+    fail(t('publish.target_not_found', formUuid));
+  } else {
+    const message = check.error && check.error.message ? check.error.message : t('common.unknown_error');
+    fail(t('publish.target_check_failed', message));
+  }
+
+  hint(t('publish.target_list_hint', appType));
+  hint(t('publish.target_force_hint'));
+  process.exit(1);
+  return null;
+}
+
 function sendHealthCheckRequest(pageUrl, cookies) {
   return new Promise((resolve) => {
     const parsedUrl = new URL(pageUrl);
@@ -575,7 +648,7 @@ function sendHealthCheckRequest(pageUrl, cookies) {
 // ── 主流程 ────────────────────────────────────────────
 
 async function main() {
-  const { appType, formUuid, sourceFile, skipLint, healthCheck, compat, browserOpenMode } = parseArgs();
+  const { appType, formUuid, sourceFile, skipLint, healthCheck, compat, force, browserOpenMode } = parseArgs();
 
   let sourcePath = path.resolve(sourceFile);
   if (!fs.existsSync(sourcePath)) {
@@ -625,6 +698,16 @@ async function main() {
   }
   let { csrf_token: csrfToken, cookies } = cookieData;
   let baseUrl = resolveBaseUrl(cookieData);
+  const authRef = {
+    csrfToken,
+    cookies,
+    baseUrl,
+    cookieData,
+  };
+  await ensurePublishTargetOrExit(appType, formUuid, authRef, { force });
+  csrfToken = authRef.csrfToken;
+  cookies = authRef.cookies;
+  baseUrl = authRef.baseUrl;
 
   banner(t('publish.title'));
   label('Base URL:', baseUrl);
@@ -744,4 +827,8 @@ if (require.main === module) {
   module.exports = main;
   module.exports.findDuplicateSourceMismatches = findDuplicateSourceMismatches;
   module.exports.sendHealthCheckRequest = sendHealthCheckRequest;
+  module.exports.normalizeFormType = normalizeFormType;
+  module.exports.findPublishTarget = findPublishTarget;
+  module.exports.isCustomPageTarget = isCustomPageTarget;
+  module.exports.verifyPublishTarget = verifyPublishTarget;
 }

package/lib/core/command-manifest.js

@@ -20,7 +20,7 @@ const COMMAND_GROUPS = [
     id: 'auth',
     titleKey: 'help.group_auth',
     commands: [
-      command('login', ['login'], 'login [--qr|--agent-qr|--codex|--browser] [--env <name>|--overseas] [--corp-id <corpId>]', 'help.cmd_login', {
+      command('login', ['login'], 'login [--qr|--agent-qr|--codex|--browser] [--env <name>|--overseas|--yidaapps] [--corp-id <corpId>]', 'help.cmd_login', {
         requiresLogin: false,
         output: 'json',
       }),
@@ -63,7 +63,7 @@ const COMMAND_GROUPS = [
       command('build-page', ['build-page'], 'build-page <sourceFile> [--output file|--write]', 'help.cmd_build_page', { requiresLogin: false }),
       command('check-page', ['check-page'], 'check-page <src> [--compat]', 'help.cmd_check_page', { output: 'text|json' }),
       command('compile', ['compile'], 'compile <src>', 'help.cmd_compile', { requiresLogin: false }),
-      command('publish', ['publish'], 'publish <src> <appType> <formUuid> [--health-check] [--open|--no-open]', 'help.cmd_publish'),
+      command('publish', ['publish'], 'publish <src> <appType> <formUuid> [--health-check] [--force] [--open|--no-open]', 'help.cmd_publish'),
       command('update-form-config', ['update-form-config'], 'update-form-config <appType> ...', 'help.cmd_update_form_config'),
     ],
   },

package/lib/core/env-cmd.js

@@ -23,6 +23,7 @@ const {
   DEFAULT_INTERNATIONAL_ENV,
   DEFAULT_ALIBABA_INTERNAL_ENV,
   resolveEnvNameAlias,
+  inferLoginUrlForBaseUrl,
 } = require('./env-manager');
 
 // ── 颜色常量 ──────────────────────────────────────────
@@ -101,6 +102,9 @@ function detectSetupRecommendation() {
   if ((process.env.OPENYIDA_LOGIN_URL || '').includes('login.dingtalk.io')) {
     return 'intl';
   }
+  if ((process.env.OPENYIDA_ENDPOINT || '').includes('yidaapps.com')) {
+    return 'intl';
+  }
   if ((process.env.OPENYIDA_ENDPOINT || '').includes('alibaba-inc.com')) {
     return 'alibaba';
   }
@@ -332,9 +336,12 @@ async function cmdAdd(envName) {
     process.exit(1);
   }
 
-  // 自动推导登录 URL
-  const inferredLoginUrl = baseUrl.replace(/\/+$/, '') + '/workPlatform';
-  const defaultLoginUrl = existingConfig?.loginUrl || inferredLoginUrl;
+  // 自动推导登录 URL：yidaapps.com 必须走 login.dingtalk.io OAuth。
+  const inferredLoginUrl = inferLoginUrlForBaseUrl(baseUrl);
+  const workPlatformLoginUrl = baseUrl.replace(/\/+$/, '') + '/workPlatform';
+  const defaultLoginUrl = existingConfig?.loginUrl && existingConfig.loginUrl !== workPlatformLoginUrl
+    ? existingConfig.loginUrl
+    : inferredLoginUrl;
   const loginUrl = await askQuestion(`${BOLD}登录页面地址${RESET}：`, defaultLoginUrl);
 
   const defaultDescription = existingConfig?.description || '';
@@ -390,7 +397,7 @@ async function cmdSetup() {
     },
     {
       key: 'intl',
-      title: '海外 DingTalk / Dingtalk Wukong',
+      title: '海外 YiDA Apps / DingTalk / Dingtalk Wukong',
       baseUrl: DEFAULT_INTERNATIONAL_ENV.baseUrl,
       loginUrl: DEFAULT_INTERNATIONAL_ENV.loginUrl,
     },

package/lib/core/env-manager.js

@@ -31,6 +31,7 @@ const { findProjectRoot } = require('./utils');
 
 const DEFAULT_BASE_URL = 'https://www.aliwork.com';
 const DEFAULT_LOGIN_URL = 'https://www.aliwork.com/workPlatform';
+const INTERNATIONAL_BASE_URL = 'https://www.yidaapps.com';
 const DINGTALK_OAUTH_CLIENT_ID = 'suite9xvlxxerybljwheo';
 const DINGTALK_LOGIN_ORIGIN = 'https://login.dingtalk.com';
 const DINGTALK_INTL_LOGIN_ORIGIN = 'https://login.dingtalk.io';
@@ -69,6 +70,11 @@ function buildDingtalkOAuthLoginUrl(options = {}) {
 }
 
 const INTERNATIONAL_LOGIN_URL = buildDingtalkOAuthLoginUrl({
+  loginOrigin: DINGTALK_INTL_LOGIN_ORIGIN,
+  baseUrl: INTERNATIONAL_BASE_URL,
+  lang: 'en_US',
+});
+const LEGACY_INTERNATIONAL_LOGIN_URL = buildDingtalkOAuthLoginUrl({
   loginOrigin: DINGTALK_INTL_LOGIN_ORIGIN,
   baseUrl: DEFAULT_BASE_URL,
   lang: 'en_US',
@@ -92,9 +98,9 @@ const DEFAULT_ALIBABA_INTERNAL_ENV = {
 
 /** 海外版 DingTalk / Wukong 环境配置 */
 const DEFAULT_INTERNATIONAL_ENV = {
-  baseUrl: DEFAULT_BASE_URL,
+  baseUrl: INTERNATIONAL_BASE_URL,
   loginUrl: INTERNATIONAL_LOGIN_URL,
-  description: '海外版 DingTalk / Wukong（login.dingtalk.io）',
+  description: '海外版 YiDA Apps / DingTalk / Wukong（login.dingtalk.io）',
   cookieFile: 'cookies-intl.json',
 };
 
@@ -122,11 +128,13 @@ const ENV_ALIASES = {
 
 const SHARED_COOKIE_DOMAINS = new Set([
   'aliwork.com',
+  'yidaapps.com',
   'alibaba-inc.com',
 ]);
 
 const KNOWN_YIDA_HOSTS = new Set([
   'www.aliwork.com',
+  'www.yidaapps.com',
   'yida-group.alibaba-inc.com',
 ]);
 
@@ -156,9 +164,21 @@ function ensureBuiltinEnvironments(config) {
       config.environments[envName] = { ...envConfig };
     }
   }
+  if (isLegacyInternationalEnv(config.environments.intl)) {
+    config.environments.intl = { ...DEFAULT_INTERNATIONAL_ENV };
+  }
   return config;
 }
 
+function isLegacyInternationalEnv(envConfig) {
+  return !!(
+    envConfig &&
+    normalizeBaseUrl(envConfig.baseUrl, null) === DEFAULT_BASE_URL &&
+    (!envConfig.loginUrl || envConfig.loginUrl === LEGACY_INTERNATIONAL_LOGIN_URL) &&
+    (!envConfig.cookieFile || envConfig.cookieFile === 'cookies-intl.json')
+  );
+}
+
 function normalizeBaseUrl(value, fallback = null) {
   if (!value) { return fallback; }
   const trimmed = String(value).trim();
@@ -199,12 +219,47 @@ function isYidaServiceHost(hostname) {
   if (!host) { return false; }
   if (KNOWN_YIDA_HOSTS.has(host)) { return true; }
   if (host.endsWith('.aliwork.com') && host !== 'aliwork.com') { return true; }
+  if (host.endsWith('.yidaapps.com') && host !== 'yidaapps.com') { return true; }
   if (host.endsWith('.alibaba-inc.com') && host !== 'alibaba-inc.com') {
     return host.startsWith('yida-') || host.includes('.yida-') || host.includes('.yida.');
   }
   return false;
 }
 
+function isYidaAppsHost(hostname) {
+  const host = normalizeHostname(hostname);
+  return host === 'yidaapps.com' || host.endsWith('.yidaapps.com');
+}
+
+function isDefaultWorkPlatformLoginUrl(loginUrl, baseUrl) {
+  const loginOrigin = normalizeBaseUrl(loginUrl, null);
+  const baseOrigin = normalizeBaseUrl(baseUrl, null);
+  if (!loginOrigin || !baseOrigin || loginOrigin !== baseOrigin) {
+    return false;
+  }
+
+  try {
+    const parsedUrl = new URL(/^[a-z][a-z0-9+.-]*:\/\//i.test(loginUrl) ? loginUrl : `https://${loginUrl}`);
+    return parsedUrl.pathname.replace(/\/+$/, '') === '/workPlatform' &&
+      !parsedUrl.search &&
+      !parsedUrl.hash;
+  } catch {
+    return false;
+  }
+}
+
+function inferLoginUrlForBaseUrl(baseUrl, fallbackLoginUrl) {
+  const normalizedBaseUrl = normalizeBaseUrl(baseUrl, DEFAULT_BASE_URL);
+  if (isYidaAppsHost(normalizedBaseUrl)) {
+    return buildDingtalkOAuthLoginUrl({
+      loginOrigin: DINGTALK_INTL_LOGIN_ORIGIN,
+      baseUrl: normalizedBaseUrl,
+      lang: 'en_US',
+    });
+  }
+  return fallbackLoginUrl || `${normalizedBaseUrl}/workPlatform`;
+}
+
 function cookieDomainToBaseUrl(domain, fallbackUrl) {
   const host = normalizeHostname(domain);
   if (!host || isSharedCookieDomain(host)) {
@@ -241,7 +296,15 @@ function deriveBaseUrlFromCookies(cookies = [], fallbackUrl = DEFAULT_BASE_URL)
 }
 
 function deriveBaseUrlFromUrl(fallbackBaseUrl, candidateUrl) {
-  const fallbackOrigin = normalizeBaseUrl(fallbackBaseUrl, DEFAULT_BASE_URL);
+  let fallbackOrigin = normalizeBaseUrl(fallbackBaseUrl, DEFAULT_BASE_URL);
+  const fallbackHost = normalizeHostname(fallbackOrigin);
+  if (!isYidaServiceHost(fallbackHost)) {
+    const callbackOrigin = deriveBaseUrlFromDingtalkOAuthUrl(fallbackBaseUrl, null);
+    if (callbackOrigin) {
+      fallbackOrigin = callbackOrigin;
+    }
+  }
+
   const candidateOrigin = normalizeBaseUrl(candidateUrl, null);
   if (!candidateOrigin) { return fallbackOrigin; }
 
@@ -249,6 +312,29 @@ function deriveBaseUrlFromUrl(fallbackBaseUrl, candidateUrl) {
   return isYidaServiceHost(candidateHost) ? candidateOrigin : fallbackOrigin;
 }
 
+function deriveBaseUrlFromDingtalkOAuthUrl(oauthUrl, fallbackUrl) {
+  if (!oauthUrl) { return fallbackUrl || null; }
+
+  try {
+    const parsedUrl = new URL(oauthUrl);
+    const host = normalizeHostname(parsedUrl.hostname);
+    const isDingtalkLoginHost = host.endsWith('dingtalk.com') || host.endsWith('dingtalk.io');
+    if (!isDingtalkLoginHost || !parsedUrl.pathname.startsWith('/oauth2/')) {
+      return fallbackUrl || null;
+    }
+
+    const redirectUri = parsedUrl.searchParams.get('redirect_uri');
+    const redirectOrigin = normalizeBaseUrl(redirectUri, null);
+    if (redirectOrigin && isYidaServiceHost(normalizeHostname(redirectOrigin))) {
+      return redirectOrigin;
+    }
+  } catch {
+    // ignore malformed URLs
+  }
+
+  return fallbackUrl || null;
+}
+
 // ── 配置文件读写 ──────────────────────────────────────
 
 /**
@@ -398,13 +484,23 @@ function resolveLoginUrl(projectRoot) {
     return process.env.OPENYIDA_LOGIN_URL;
   }
 
+  if (process.env.OPENYIDA_ENDPOINT) {
+    return inferLoginUrlForBaseUrl(process.env.OPENYIDA_ENDPOINT);
+  }
+
   const { config: envConfig } = getCurrentEnvConfig(projectRoot);
+  const baseUrl = normalizeBaseUrl(envConfig.baseUrl, DEFAULT_BASE_URL);
+  if (!envConfig.loginUrl || isDefaultWorkPlatformLoginUrl(envConfig.loginUrl, baseUrl)) {
+    return inferLoginUrlForBaseUrl(baseUrl, envConfig.loginUrl || DEFAULT_LOGIN_URL);
+  }
+
   return envConfig.loginUrl || DEFAULT_LOGIN_URL;
 }
 
 module.exports = {
   DEFAULT_BASE_URL,
   DEFAULT_LOGIN_URL,
+  INTERNATIONAL_BASE_URL,
   DINGTALK_OAUTH_CLIENT_ID,
   DINGTALK_LOGIN_ORIGIN,
   DINGTALK_INTL_LOGIN_ORIGIN,
@@ -426,6 +522,9 @@ module.exports = {
   normalizeBaseUrl,
   normalizeHostname,
   isYidaServiceHost,
+  isYidaAppsHost,
+  inferLoginUrlForBaseUrl,
+  deriveBaseUrlFromDingtalkOAuthUrl,
   deriveBaseUrlFromCookies,
   deriveBaseUrlFromUrl,
 };

package/lib/core/locales/ar.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ فحص الكود ناجح\n',
     lint_skipped: '\n⏭️  تم تخطي فحص الكود المسبق (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: تجميع المصدر وبناء المخطط\n',
     reading_source: '[1/4] جارٍ قراءة مصدر {0}...',
     compiling: '[2/4] جارٍ تجميع {0} بـ Babel...',

package/lib/core/locales/de.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ Code-Prüfung bestanden\n',
     lint_skipped: '\n⏭️  Code-Vorprüfung übersprungen (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: Quellcode kompilieren und Schema erstellen\n',
     reading_source: '[1/4] {0}-Quellcode wird gelesen...',
     compiling: '[2/4] Babel kompiliert {0}...',

package/lib/core/locales/en.js

@@ -959,6 +959,15 @@ Examples:
     lint_passed: '  ✅ Code check passed\n',
     lint_skipped: '\n⏭️  Skipped code pre-check (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: Compile source & build Schema\n',
     reading_source: '[1/4] Reading {0} source...',
     compiling: '[2/4] Babel compiling {0}...',

package/lib/core/locales/es.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ Verificación de código aprobada\n',
     lint_skipped: '\n⏭️  Pre-verificación de código omitida (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: Compilar fuente y construir esquema\n',
     reading_source: '[1/4] Leyendo fuente {0}...',
     compiling: '[2/4] Compilando {0} con Babel...',

package/lib/core/locales/fr.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ Vérification du code réussie\n',
     lint_skipped: '\n⏭️  Pré-vérification du code ignorée (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1 : Compilation et construction du schéma\n',
     reading_source: '[1/4] Lecture de la source {0}...',
     compiling: '[2/4] Compilation Babel de {0}...',

package/lib/core/locales/hi.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ कोड जांच पास\n',
     lint_skipped: '\n⏭️  कोड पूर्व-जांच छोड़ी गई (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: स्रोत संकलित करें और स्कीमा बनाएं\n',
     reading_source: '[1/4] {0} स्रोत पढ़ा जा रहा है...',
     compiling: '[2/4] Babel से {0} संकलित हो रहा है...',

package/lib/core/locales/ja.js

@@ -881,6 +881,15 @@ openyida - Yida CLI ツール
     lint_passed: '  ✅ コードチェック合格\n',
     lint_skipped: '\n⏭️  コードプレチェックをスキップしました（--skip-lint）\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: ソースをコンパイルして Schema を構築\n',
     reading_source: '[1/4] {0} のソースを読み込み中...',
     compiling: '[2/4] Babel で {0} をコンパイル中...',

package/lib/core/locales/ko.js

@@ -463,6 +463,15 @@ module.exports = {
     lint_passed: '  ✅ 코드 검사 통과\n',
     lint_skipped: '\n⏭️  코드 사전 검사 건너뜀 (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: 소스 컴파일 및 스키마 빌드\n',
     reading_source: '[1/4] {0} 소스 읽는 중...',
     compiling: '[2/4] Babel로 {0} 컴파일 중...',

package/lib/core/locales/pt.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ Verificação de código aprovada\n',
     lint_skipped: '\n⏭️  Pré-verificação de código ignorada (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: Compilar fonte e construir esquema\n',
     reading_source: '[1/4] Lendo fonte {0}...',
     compiling: '[2/4] Compilando {0} com Babel...',

package/lib/core/locales/vi.js

@@ -461,6 +461,15 @@ module.exports = {
     lint_passed: '  ✅ Kiểm tra mã thành công\n',
     lint_skipped: '\n⏭️  Đã bỏ qua kiểm tra mã trước (--skip-lint)\n',
     duplicate_source_mismatch: '  ⚠️  Found another copy with the same file name but different content. Publishing: {0}; other copy: {1}',
+    target_checking: '  Checking publish target type...',
+    target_check_forced: '  ⚠️  Skipped publish target type check (--force)',
+    target_check_ok: '  ✅ Publish target confirmed: {0} ({1})',
+    target_check_failed: 'Could not verify publish target: {0}',
+    target_not_found: 'Publish target was not found in app navigation: {0}',
+    target_type_invalid: 'Publish target is not a custom display page: {0} current type is {1}',
+    target_type_hint: 'The current target "{0}" does not look like a custom page (type: {1}). Do not publish JSX to data forms or process forms.',
+    target_list_hint: 'Run openyida list-forms {0} --keyword <page name>, then choose a custom page formUuid with formType=display.',
+    target_force_hint: 'Append --force only when you intentionally bypass this guard; it overwrites the target Schema and should be used only for a known custom page.',
     step_compile: '\n📦 Step 1: Biên dịch nguồn và xây dựng schema\n',
     reading_source: '[1/4] Đang đọc nguồn {0}...',
     compiling: '[2/4] Đang biên dịch {0} với Babel...',

package/lib/core/locales/zh-HK.js

@@ -792,6 +792,15 @@ openyida - 宜搭命令列工具
     lint_passed: '  ✅ 程式碼檢查通過\n',
     lint_skipped: '\n⏭️  跳過程式碼預檢（--skip-lint）\n',
     duplicate_source_mismatch: '  ⚠️  偵測到同名雙副本但內容不一致。目前發布：{0}；另一份：{1}',
+    target_checking: '  正在校驗發布目標類型...',
+    target_check_forced: '  ⚠️  已跳過發布目標類型校驗（--force）',
+    target_check_ok: '  ✅ 發布目標已確認：{0} ({1})',
+    target_check_failed: '無法校驗發布目標：{0}',
+    target_not_found: '未在應用程式導航中找到發布目標：{0}',
+    target_type_invalid: '發布目標不是自訂展示頁面：{0} 目前類型為 {1}',
+    target_type_hint: '目前目標「{0}」看起來不是自訂頁面（類型：{1}）。請不要把 JSX 發布到資料表或流程表單。',
+    target_list_hint: '可先執行 openyida list-forms {0} --keyword <頁面名>，選擇 formType=display 的自訂頁面 formUuid。',
+    target_force_hint: '確認要繞過保護時可追加 --force；這會覆蓋目標 Schema，請只在明確知道目標是自訂頁面時使用。',
     step_compile: '\n📦 Step 1：編譯原始碼 & 建構 Schema\n',
     reading_source: '[1/4] 讀取 {0} 原始碼...',
     compiling: '[2/4] Babel 編譯 {0}...',

package/lib/core/locales/zh.js

@@ -961,6 +961,15 @@ openyida - 宜搭命令行工具
     lint_passed: '  ✅ 代码检查通过\n',
     lint_skipped: '\n⏭️  跳过代码预检（--skip-lint）\n',
     duplicate_source_mismatch: '  ⚠️  检测到同名双副本但内容不一致。当前发布: {0}；另一份: {1}',
+    target_checking: '  正在校验发布目标类型...',
+    target_check_forced: '  ⚠️  已跳过发布目标类型校验（--force）',
+    target_check_ok: '  ✅ 发布目标已确认：{0} ({1})',
+    target_check_failed: '无法校验发布目标：{0}',
+    target_not_found: '未在应用导航中找到发布目标：{0}',
+    target_type_invalid: '发布目标不是自定义展示页面：{0} 当前类型为 {1}',
+    target_type_hint: '当前目标「{0}」看起来不是自定义页面（类型：{1}）。请不要把 JSX 发布到数据表或流程表单。',
+    target_list_hint: '可先运行 openyida list-forms {0} --keyword <页面名>，选择 formType=display 的自定义页面 formUuid。',
+    target_force_hint: '确认要绕过保护时可追加 --force；这会覆盖目标 Schema，请只在明确知道目标是自定义页面时使用。',
     step_compile: '\n📦 Step 1: 编译源码 & 构建 Schema\n',
     reading_source: '[1/4] 读取 {0} 源码...',
     compiling: '[2/4] Babel 编译 {0}...',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openyida",
-  "version": "2026.5.15",
+  "version": "2026.5.17",
   "description": "OpenYida CLI - 宜搭低代码 AI 开发工具（安装即用，零配置）",
   "bin": {
     "openyida": "bin/yida.js",

package/yida-skills/skills/yida-publish-page/SKILL.md

@@ -44,16 +44,27 @@ description: 将 JSX 源码编译发布到宜搭自定义页面。Babel 转 ES5
 ## 命令
 
 ```bash
-openyida publish <源文件路径> <appType> <formUuid> [--compat] [--health-check]
+openyida publish <源文件路径> <appType> <formUuid> [--compat] [--health-check] [--force]
 ```
 
 | 参数 | 必填 | 说明 |
 |------|------|------|
 | `源文件路径` | 是 | JSX 源码路径，推荐 `project/pages/src/my-page.oyd.jsx` |
 | `appType` | 是 | 应用 ID |
-| `formUuid` | 是 | 自定义页面 ID |
+| `formUuid` | 是 | 自定义页面 ID，必须是 `openyida list-forms <appType>` 返回的 `formType=display` 目标，不要使用数据底表或流程表单 ID |
 | `--compat` / `--modern` | 否 | 对普通 `.jsx` 也强制启用 OpenYida 兼容构建；`.oyd.jsx` 默认自动启用 |
 | `--health-check` | 否 | 发布成功后请求页面 URL，回显 HTTP 健康检查结果，避免只看到 200 接口返回但首屏坏掉 |
+| `--force` | 否 | 显式绕过发布目标类型保护；只有确认目标是自定义页面但导航接口暂时无法识别时才使用 |
+
+## 发布目标确认
+
+发布前先确认目标页面，避免把 JSX 覆盖到数据底表：
+
+```bash
+openyida list-forms <appType> --keyword <页面名>
+```
+
+只选择 `formType=display` 的 `formUuid` 作为发布目标。源码里用于 `this.utils.yida` 读写数据的普通表单常量（如 `FORM_SKILL`、`FORM_DATA`、`FORM_TABLE`）通常是数据底表，不能作为 `openyida publish` 的第三个参数。
 
 ## OpenYida 兼容编译
 
@@ -99,6 +110,7 @@ body { background-color: #f2f3f5; }
 | OpenYida 兼容构建失败 | 查看 `check-page --json` 的 `build.errors`，通常是不支持的 Hook、非空 useEffect deps、未支持 import |
 | Babel 编译失败 | 检查 JSX 语法；如果是现代 React authoring，确认文件是 `.oyd.jsx` 或发布时加 `--compat` |
 | UglifyJS 压缩失败 | 检查是否有 ES6+ 语法未被 Babel 转译，确认 export function 格式正确 |
+| 发布目标不是自定义展示页面 | 运行 `openyida list-forms <appType> --keyword <页面名>`，改用 `formType=display` 的页面 ID；不要对数据底表追加 `--force` |
 | saveFormSchema 接口失败（401） | 执行 `openyida login` 重新登录后重试 |
 | corpId 不匹配 | 询问用户是否切换组织或创建新应用，不得强行发布 |
 | 发布后页面空白 | 检查 `renderJsx` 函数是否正确导出，检查浏览器控制台报错 |