siluzan-cso-cli 1.1.8-beta.6 → 1.1.9-beta.2

package/README.md

@@ -2,6 +2,36 @@
 
 当用户发来本页面的 **URL** 时，请按顺序协助用户完成安装。
 
+## 0. 安全与透明性说明
+
+本 Skill 是 **instruction-only**（纯指令型），不包含可执行代码文件。它通过指导 AI 助手调用 `siluzan-cso` CLI 来操作丝路赞内容发布平台。
+
+### 运行时依赖
+| 项目 | 说明 |
+|------|------|
+| **Node.js 18+** | CLI 运行时 |
+| **npm 8+** 或 **pnpm** | 安装 CLI 全局包 |
+| **siluzan-cso** CLI | 由 `npm install -g siluzan-cso-cli` 安装 |
+| **ffmpeg**（可选） | `extract-cover` 命令截取视频封面帧 |
+
+### 凭据与网络
+| 项目 | 说明 |
+|------|------|
+| API Key / Token | 存储在 `~/.siluzan/config.json`，用于所有 API 调用鉴权 |
+| CSO API | `api.siluzan.com`（生产）/ `api-ci.siluzan.com`（测试） |
+| 前端页面 | `cso.siluzan.com`（授权回调等浏览器操作） |
+| 版本检查 | `registry.npmjs.org` |
+
+### 可选环境变量
+| 变量 | 说明 |
+|------|------|
+| `SILUZAN_AUTH_TOKEN` | 从环境变量读取 Token（优先级高于 config.json，CI/CD 推荐） |
+
+### 可执行的操作范围
+- **只读**：查询媒体账号、运营报表、发布任务状态、人设列表、RAG 知识库检索等
+- **写入**（需用户确认）：上传素材、提交发布任务、创建/更新账号分组、生成 AI 内容规划
+- **本地文件操作**：`extract-cover` 截取视频帧输出图片；`init` 将 Skill 文件写入 AI 助手目录
+
 ## 1. 环境
 
 - Node.js **18+**
@@ -20,7 +50,7 @@ siluzan-cso init -d /path/to/skills  # 写入自定义目录
 siluzan-cso init --force             # 强制覆盖已存在文件
 ```
 
-> **注意**：当前为测试版（1.1.8-beta.6），供内部测试使用。正式发布后安装命令将改为 `npm install -g siluzan-cso-cli`。
+> **注意**：当前为测试版（1.1.9-beta.2），供内部测试使用。正式发布后安装命令将改为 `npm install -g siluzan-cso-cli`。
 
 | 助手 | 建议 `--ai` |
 |------|-------------|

package/dist/index.js

@@ -342,8 +342,8 @@ var require_semver = __commonJS({
       }
       // preminor will bump the version up to the next minor release, and immediately
       // down to pre-release. premajor and prepatch work the same way.
-      inc(release2, identifier, identifierBase) {
-        if (release2.startsWith("pre")) {
+      inc(release, identifier, identifierBase) {
+        if (release.startsWith("pre")) {
           if (!identifier && identifierBase === false) {
             throw new Error("invalid increment argument: identifier is empty");
           }
@@ -354,7 +354,7 @@ var require_semver = __commonJS({
             }
           }
         }
-        switch (release2) {
+        switch (release) {
           case "premajor":
             this.prerelease.length = 0;
             this.patch = 0;
@@ -445,7 +445,7 @@ var require_semver = __commonJS({
             break;
           }
           default:
-            throw new Error(`invalid increment argument: ${release2}`);
+            throw new Error(`invalid increment argument: ${release}`);
         }
         this.raw = this.format();
         if (this.build.length) {
@@ -511,7 +511,7 @@ var require_inc = __commonJS({
   "../node_modules/.pnpm/semver@7.7.4/node_modules/semver/functions/inc.js"(exports, module) {
     "use strict";
     var SemVer = require_semver();
-    var inc = (version, release2, options, identifier, identifierBase) => {
+    var inc = (version, release, options, identifier, identifierBase) => {
       if (typeof options === "string") {
         identifierBase = identifier;
         identifier = options;
@@ -521,7 +521,7 @@ var require_inc = __commonJS({
         return new SemVer(
           version instanceof SemVer ? version.version : version,
           options
-        ).inc(release2, identifier, identifierBase).version;
+        ).inc(release, identifier, identifierBase).version;
       } catch (er) {
         return null;
       }
@@ -2129,7 +2129,6 @@ import { randomUUID as _randomUUID } from "crypto";
 import * as fs22 from "fs";
 import * as path22 from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import * as os22 from "os";
 var SILUZAN_DIR = path3.join(os2.homedir(), ".siluzan");
 var CONFIG_FILE = path3.join(SILUZAN_DIR, "config.json");
 function readStr(raw, key) {
@@ -2210,21 +2209,33 @@ function validateBaseUrl(raw) {
   }
   return null;
 }
+var DEFAULT_TIMEOUT_MS = 10 * 60 * 1e3;
+var MAX_RESPONSE_BYTES = 50 * 1024 * 1024;
 function rawRequest(url, options) {
   return new Promise((resolve6, reject) => {
     const parsed = new URL(url);
     const transport = parsed.protocol === "https:" ? https : http;
+    const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const maxBytes = options.maxResponseBytes ?? MAX_RESPONSE_BYTES;
     const reqOpts = {
       hostname: parsed.hostname,
       port: parsed.port || (parsed.protocol === "https:" ? 443 : 80),
       path: parsed.pathname + parsed.search,
       method: options.method ?? "GET",
-      headers: options.headers
+      headers: options.headers,
+      timeout: timeoutMs || void 0
     };
     const req = transport.request(reqOpts, (res) => {
       let data = "";
+      let byteLen = 0;
       res.setEncoding("utf8");
       res.on("data", (chunk) => {
+        byteLen += Buffer.byteLength(chunk, "utf8");
+        if (maxBytes && byteLen > maxBytes) {
+          res.destroy();
+          reject(new Error(`\u54CD\u5E94\u4F53\u8D85\u8FC7\u4E0A\u9650\uFF08${(maxBytes / 1024 / 1024).toFixed(0)} MB\uFF09\uFF0C\u5DF2\u4E2D\u65AD\u8FDE\u63A5`));
+          return;
+        }
         data += chunk;
       });
       res.on("end", () => {
@@ -2237,6 +2248,10 @@ function rawRequest(url, options) {
         resolve6({ status: res.statusCode ?? 0, text: data, headers });
       });
     });
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error(`\u8BF7\u6C42\u8D85\u65F6\uFF08${(timeoutMs / 1e3).toFixed(0)} \u79D2\uFF09\uFF1A${options.method ?? "GET"} ${url}`));
+    });
     req.on("error", reject);
     if (options.body) req.write(options.body);
     req.end();
@@ -2332,140 +2347,29 @@ async function fetchNpmVersion(pkgName, tag, timeoutMs = 4e3) {
     return null;
   }
 }
-var DEFAULT_SENTRY_DSN = "https://bafcf42aab6fe7b485310619ae041b5e@o4510436169285632.ingest.us.sentry.io/4511103054708736";
-function isSentryDisabled() {
-  return process.env.SILUZAN_SENTRY_DISABLED === "1" || process.env.SILUZAN_SENTRY_DISABLED === "true";
-}
-function getDsn() {
-  return process.env.SILUZAN_SENTRY_DSN?.trim() || DEFAULT_SENTRY_DSN;
-}
-var cliMeta = { name: "siluzan-cli", version: "unknown" };
-var cliInvocation = "";
-function setSiluzanCliInvocation(redactedCommandLine) {
-  cliInvocation = redactedCommandLine;
-}
-function redactCliArgvForSentry(argv) {
-  const args = argv.slice(2);
-  const redactNext = /* @__PURE__ */ new Set(["-t", "--token", "--api-key", "--password"]);
-  const out = [];
-  for (let i = 0; i < args.length; i++) {
-    const a = args[i];
-    if (redactNext.has(a)) {
-      out.push(a, "***");
-      i++;
-      continue;
-    }
-    const eq = a.indexOf("=");
-    if (eq > 0) {
-      const key = a.slice(0, eq).toLowerCase();
-      if (key === "--token" || key === "--api-key" || key === "--password") {
-        out.push(`${a.slice(0, eq)}=***`);
-        continue;
-      }
-    }
-    if (/^-t[^-]/.test(a) && a.length > 3) {
-      out.push("-t***");
-      continue;
-    }
-    out.push(a);
-  }
-  return out.join(" ");
-}
-function setSiluzanCliMeta(name, version) {
-  cliMeta = { name, version };
-  if (sentryReady) {
-    void import("@sentry/node").then((Sentry) => {
-      Sentry.setTag("cli", name);
-      Sentry.setTag("cli_version", version);
-    }).catch(() => {
-    });
-  }
-}
-var sentryReady = false;
-var sentryInitPromise = null;
-var flushHookRegistered = false;
-function buildRuntimeContext() {
-  const platform = process.platform;
-  const osName = platform === "win32" ? "Windows" : platform === "darwin" ? "macOS" : "Linux";
-  return {
-    os: {
-      name: osName,
-      version: os22.release(),
-      // 内核版本，如 10.0.26100（Win11）、24.3.0（macOS）
-      arch: process.arch
-      // x64 / arm64
-    },
-    runtime: {
-      node_version: process.version,
-      // v18.x.x / v20.x.x
-      timezone: Intl.DateTimeFormat().resolvedOptions().timeZone
-    }
-  };
-}
-async function ensureSentryInitialized(requestUrl) {
-  const dsn = getDsn();
-  if (!dsn || isSentryDisabled()) return false;
-  if (sentryReady) return true;
-  if (!sentryInitPromise) {
-    sentryInitPromise = (async () => {
-      const Sentry = await import("@sentry/node");
-      const envOverride = process.env.SILUZAN_SENTRY_ENV?.trim();
-      const environment = envOverride || (inferSiluzanRuntimeEnvironment(requestUrl) === "test" ? "test" : "production");
-      Sentry.init({
-        dsn,
-        environment,
-        sendDefaultPii: true,
-        tracesSampleRate: 0
-      });
-      const ctx = buildRuntimeContext();
-      Sentry.setContext("os", ctx.os);
-      Sentry.setContext("runtime", ctx.runtime);
-      Sentry.setTag("cli", cliMeta.name);
-      Sentry.setTag("cli_version", cliMeta.version);
-      if (!flushHookRegistered) {
-        flushHookRegistered = true;
-        process.once("beforeExit", () => {
-          void Sentry.flush(2e3).catch(() => {
-          });
-        });
-      }
-      sentryReady = true;
-    })();
-  }
-  await sentryInitPromise;
-  return sentryReady;
-}
-function deriveMainApiOriginFromRequestUrl(requestUrl) {
+function deriveMainApiOrigin(apiBase) {
   try {
-    const u = new URL(requestUrl);
+    const u = new URL(apiBase);
     const host = u.hostname.toLowerCase();
-    if (!host.endsWith("siluzan.com")) return null;
+    if (!host.endsWith("siluzan.com")) {
+      return apiBase.includes("-ci") ? "https://api-ci.siluzan.com" : "https://api.siluzan.com";
+    }
     if (host.startsWith("tso-api")) {
       return `${u.protocol}//${host.replace(/^tso-api/, "api")}`;
     }
     if (host === "api.siluzan.com" || host === "api-ci.siluzan.com") {
       return `${u.protocol}//${host}`;
     }
-    return null;
-  } catch {
-    return null;
-  }
-}
-function inferSiluzanRuntimeEnvironment(requestUrl) {
-  try {
-    const host = new URL(requestUrl).hostname.toLowerCase();
-    return host.includes("-ci") ? "test" : "production";
+    return apiBase.includes("-ci") ? "https://api-ci.siluzan.com" : "https://api.siluzan.com";
   } catch {
-    return "production";
+    return apiBase.includes("-ci") ? "https://api-ci.siluzan.com" : "https://api.siluzan.com";
   }
 }
-function cacheKeyForUser(mainOrigin, config) {
-  const cred = config.apiKey ? `k:${config.apiKey}` : `t:${config.authToken}`;
-  return `${mainOrigin}\0${cred}`;
+function pickStr(obj, key) {
+  const v = obj[key];
+  return typeof v === "string" && v.trim() ? v.trim() : void 0;
 }
-var userContextDone = /* @__PURE__ */ new Set();
-var userContextInflight = /* @__PURE__ */ new Map();
-function pickCompanyIdFromMe(data) {
+function pickCompanyId(data) {
   const direct = pickStr(data, "companyId") ?? pickStr(data, "companyID") ?? pickStr(data, "CompanyId");
   if (direct) return direct;
   const ci = data["companyInfo"];
@@ -2482,40 +2386,15 @@ function parseMeResponse(text) {
     const id = pickStr(data, "entityId") ?? pickStr(data, "id") ?? pickStr(data, "userId") ?? pickStr(data, "accountId");
     const email = pickStr(data, "email");
     const username = pickStr(data, "userName") ?? pickStr(data, "username") ?? pickStr(data, "name") ?? pickStr(data, "phone");
-    const companyId = pickCompanyIdFromMe(data);
+    const companyId = pickCompanyId(data);
     if (!id && !email && !username && !companyId) return null;
     return { id, email, username, companyId };
   } catch {
     return null;
   }
 }
-function pickStr(obj, key) {
-  const v = obj[key];
-  return typeof v === "string" && v.trim() ? v.trim() : void 0;
-}
-async function fetchAndSetUser(mainOrigin, config) {
-  const meUrl = `${mainOrigin.replace(/\/$/, "")}/query/account/me`;
-  const authHeaders = config.apiKey ? { "x-api-key": config.apiKey } : { Authorization: `Bearer ${config.authToken}` };
-  const res = await rawRequest(meUrl, {
-    method: "GET",
-    headers: {
-      "Content-Type": "application/json",
-      "Accept-Language": "zh-CN",
-      ...authHeaders
-    }
-  });
-  if (res.status < 200 || res.status >= 300) return;
-  const parsed = parseMeResponse(res.text);
-  if (!parsed) return;
-  const Sentry = await import("@sentry/node");
-  const user = {};
-  if (parsed.id) user.id = parsed.id;
-  if (parsed.email) user.email = parsed.email;
-  if (parsed.username) user.username = parsed.username;
-  Sentry.setUser(user);
-}
 async function fetchSiluzanCurrentUser(apiBase, config) {
-  const mainOrigin = deriveMainApiOriginFromRequestUrl(apiBase) ?? (apiBase.includes("-ci") ? "https://api-ci.siluzan.com" : "https://api.siluzan.com");
+  const mainOrigin = deriveMainApiOrigin(apiBase);
   const meUrl = `${mainOrigin.replace(/\/$/, "")}/query/account/me`;
   const authHeaders = config.apiKey ? { "x-api-key": config.apiKey } : { Authorization: `Bearer ${config.authToken}` };
   try {
@@ -2540,38 +2419,6 @@ async function fetchSiluzanCurrentUser(apiBase, config) {
     return null;
   }
 }
-function scheduleUserContext(mainOrigin, config) {
-  const key = cacheKeyForUser(mainOrigin, config);
-  if (userContextDone.has(key)) return;
-  let p = userContextInflight.get(key);
-  if (!p) {
-    p = (async () => {
-      try {
-        await fetchAndSetUser(mainOrigin, config);
-      } catch {
-      } finally {
-        userContextInflight.delete(key);
-        userContextDone.add(key);
-      }
-    })();
-    userContextInflight.set(key, p);
-  }
-}
-function refreshSiluzanUser(apiBase, config) {
-  if (isSentryDisabled()) return;
-  void (async () => {
-    try {
-      const ok = await ensureSentryInitialized(apiBase);
-      if (!ok) return;
-      const mainOrigin = deriveMainApiOriginFromRequestUrl(apiBase) ?? (apiBase.includes("-ci") ? "https://api-ci.siluzan.com" : "https://api.siluzan.com");
-      const key = cacheKeyForUser(mainOrigin, config);
-      userContextDone.delete(key);
-      userContextInflight.delete(key);
-      scheduleUserContext(mainOrigin, config);
-    } catch {
-    }
-  })();
-}
 
 // src/commands/login.ts
 async function runLogin(opts = {}) {
@@ -2582,7 +2429,6 @@ async function runLogin(opts = {}) {
       process.exit(1);
     }
     writeSharedConfig({ authToken: token });
-    refreshSiluzanUser(DEFAULT_API_BASE, { authToken: token });
     console.log(`
 \u2705 Token \u5DF2\u4FDD\u5B58\uFF08${maskSecret(token)}\uFF09`);
     console.log(`   \u914D\u7F6E\u6587\u4EF6\uFF1A${CONFIG_FILE}`);
@@ -2597,7 +2443,6 @@ async function runLogin(opts = {}) {
       process.exit(1);
     }
     writeSharedConfig({ apiKey: key });
-    refreshSiluzanUser(DEFAULT_API_BASE, { authToken: "", apiKey: key });
     console.log(`
 \u2705 API Key \u5DF2\u4FDD\u5B58\uFF08${maskSecret(key)}\uFF09`);
     console.log(`   \u914D\u7F6E\u6587\u4EF6\uFF1A${CONFIG_FILE}`);
@@ -2638,7 +2483,6 @@ async function runLogin(opts = {}) {
     process.exit(1);
   }
   writeSharedConfig({ apiKey });
-  refreshSiluzanUser(DEFAULT_API_BASE, { authToken: "", apiKey });
   console.log(`
 \u2705 API Key \u5DF2\u4FDD\u5B58\uFF08${maskSecret(apiKey)}\uFF09`);
   console.log(`   \u914D\u7F6E\u6587\u4EF6\uFF1A${CONFIG_FILE}`);
@@ -2823,6 +2667,7 @@ async function runUpdate(options) {
   }
   console.log(`
 \u{1F504} \u6B63\u5728\u66F4\u65B0 ${targets.length} \u5904 skill \u5B89\u88C5\u4F4D\u7F6E \u2026`);
+  let failCount = 0;
   for (const entry of targets) {
     const label = entry.target === "custom" ? entry.dir ?? "unknown" : entry.target;
     const cwd = entry.cwd || os4.homedir();
@@ -2846,9 +2691,16 @@ async function runUpdate(options) {
         });
       }
     } catch (e) {
+      failCount++;
       console.error(`  \u274C \u66F4\u65B0\u5931\u8D25\uFF1A${e.message}`);
     }
   }
+  if (failCount > 0) {
+    console.error(`
+\u26A0\uFE0F  ${targets.length} \u5904\u5B89\u88C5\u4F4D\u7F6E\u4E2D\u6709 ${failCount} \u5904\u66F4\u65B0\u5931\u8D25\uFF0C\u8BF7\u68C0\u67E5\u4E0A\u65B9\u9519\u8BEF\u4FE1\u606F\u3002`);
+    console.log("   \u5982\u679C AI \u52A9\u624B\u6B63\u5728\u8FD0\u884C\uFF0C\u5EFA\u8BAE\u91CD\u542F\u4EE5\u4F7F\u5DF2\u6210\u529F\u7684 skill \u6587\u4EF6\u751F\u6548\u3002\n");
+    process.exit(1);
+  }
   console.log("\n\u2705 \u5168\u90E8 skill \u6587\u4EF6\u5DF2\u5237\u65B0\u3002");
   console.log("   \u5982\u679C AI \u52A9\u624B\u6B63\u5728\u8FD0\u884C\uFF0C\u5EFA\u8BAE\u91CD\u542F\u4EE5\u4F7F\u65B0 skill \u6587\u4EF6\u751F\u6548\u3002\n");
 }
@@ -2885,7 +2737,6 @@ function loadConfig(tokenArg) {
 \u274C agentBaseUrl \u4E0D\u5408\u6CD5\uFF1A${agentErr}`);
     process.exit(1);
   }
-  setSiluzanCliMeta("siluzan-cso", getCurrentVersion2());
   return { apiBaseUrl, csoBaseUrl, agentBaseUrl, authToken, apiKey, dataPermission: shared.dataPermission };
 }
 function apiFetch2(url, config, options = {}, verbose = false) {
@@ -3045,8 +2896,7 @@ async function runListAccounts(options) {
       mediaCustomerName: a.mediaCustomerName,
       mediaAccountState: a.mediaAccountState ?? "",
       invalidOAuthToken: a.invalidOAuthToken ?? false,
-      // 优先使用 expiresOn（OAuth Token 实际到期时间），fallback 到 tokenTime
-      expiresOn: a.expiresOn ?? a.tokenTime ?? null,
+      expiresOn: a.expiresOn ?? null,
       lastAuthorizationTime: a.lastAuthorizationTime ?? null,
       totalActiveTaskCount: a.totalActiveTaskCount ?? 0,
       ownerInfo: a.ownerInfo ?? [],
@@ -3091,7 +2941,7 @@ async function runListAccounts(options) {
     { key: "commentCount", header: "\u8BC4\u8BBA\u6570" },
     { key: "diggCount", header: "\u83B7\u8D5E\u6570" },
     { key: "lastAuthTime", header: "\u4E0A\u6B21\u6388\u6743" },
-    { key: "tokenExpiry", header: "Token\u5230\u671F" },
+    { key: "expiresOn", header: "Token\u5230\u671F" },
     { key: "owners", header: "\u8D1F\u8D23\u4EBA" }
   ];
   for (const [platform, accounts] of groups) {
@@ -3110,7 +2960,7 @@ async function runListAccounts(options) {
         commentCount: formatCount(ov?.commentCount),
         diggCount: formatCount(ov?.diggCount),
         lastAuthTime: formatDate(a.lastAuthorizationTime),
-        tokenExpiry: formatDate(a.expiresOn ?? a.tokenTime),
+        expiresOn: formatDate(a.expiresOn),
         owners: formatOwners(a.ownerInfo)
       };
     });
@@ -6421,11 +6271,21 @@ function cmdConfigClear() {
 }
 
 // src/index.ts
+process.on("uncaughtException", (err) => {
+  console.error(`
+\u274C \u672A\u6355\u83B7\u7684\u5F02\u5E38\uFF1A${err.message}`);
+  if (process.argv.includes("--verbose")) console.error(err.stack);
+  process.exit(1);
+});
+process.on("unhandledRejection", (reason) => {
+  const msg = reason instanceof Error ? reason.message : String(reason);
+  console.error(`
+\u274C \u672A\u5904\u7406\u7684\u5F02\u6B65\u9519\u8BEF\uFF1A${msg}`);
+  if (process.argv.includes("--verbose") && reason instanceof Error) console.error(reason.stack);
+  process.exit(1);
+});
 var program = new Command();
 program.name("siluzan-cso").description("Siluzan \u5E73\u53F0 Skill \u5DE5\u5177\uFF1A\u521D\u59CB\u5316\u3001\u8D26\u53F7\u67E5\u8BE2\u3001\u4E0A\u4F20\u3001\u56FE\u6587/\u89C6\u9891\u53D1\u5E03").version(getCurrentVersion2());
-program.hook("preAction", () => {
-  setSiluzanCliInvocation(redactCliArgvForSentry(process.argv));
-});
 var configCmd = program.command("config").description("\u67E5\u770B\u6216\u8BBE\u7F6E Siluzan \u8BA4\u8BC1\u914D\u7F6E\uFF08~/.siluzan/config.json\uFF09");
 configCmd.command("show").description("\u5C55\u793A\u5F53\u524D\u5DF2\u4FDD\u5B58\u7684\u914D\u7F6E\uFF08Token \u8131\u654F\u663E\u793A\uFF09").action(() => cmdConfigShow());
 configCmd.command("set").description("\u4FDD\u5B58\u914D\u7F6E\u5230 ~/.siluzan/config.json\uFF0C\u540E\u7EED\u547D\u4EE4\u81EA\u52A8\u8BFB\u53D6").option("--api-key <key>", "API Key\uFF08\u63A8\u8350\uFF0C\u4E0E siluzan-tso \u5171\u7528\uFF0C\u4F18\u5148\u7EA7\u9AD8\u4E8E token\uFF09").option("-t, --token <token>", "\u7528\u6237 Auth Token\uFF08JWT\uFF09").action((opts) => {

package/dist/skill/SKILL.md

@@ -9,6 +9,54 @@ compatibility: Requires siluzan-cso-cli installed and authenticated via `siluzan
 
 # siluzan-cso
 
+## 前置条件与运行时依赖
+
+使用本 Skill 前，以下组件必须已安装并就绪：
+
+### 必需二进制 / 运行时
+| 依赖 | 最低版本 | 用途 |
+|------|---------|------|
+| **Node.js** | 18+ | CLI 执行运行时以及 `node -e` 数据过滤 |
+| **npm** 或 **pnpm** | npm 8+ / pnpm 8+ | 安装 `siluzan-cso-cli` 全局包 |
+| **siluzan-cso** CLI | 与 Skill 同版本 | 所有业务操作的执行入口（由 `npm install -g siluzan-cso-cli` 安装） |
+
+### 可选二进制
+| 依赖 | 用途 |
+|------|------|
+| **ffmpeg** | `extract-cover` 命令截取视频封面帧（未安装时该命令会报错提示） |
+
+### 凭据与配置文件
+| 项目 | 位置 | 说明 |
+|------|------|------|
+| API Key 或 Token | `~/.siluzan/config.json` 中的 `apiKey` 或 `authToken` 字段 | 用于所有 CSO API 调用的鉴权。API Key 在丝路赞控制台「个人设置 → API Key 管理」创建。**请勿将此文件提交到 Git。** |
+| csoBaseUrl | `~/.siluzan/config.json` 中的 `apiBaseUrl` | CSO 后端 API 地址，默认值由 CLI 构建时写入 |
+
+### 网络端点
+本 Skill 通过 CLI 访问以下远程服务：
+| 端点 | 用途 |
+|------|------|
+| `api.siluzan.com` / `api-ci.siluzan.com` | CSO 核心 API（账号管理、发布、素材、报表等） |
+| `cso.siluzan.com` / `cso-ci.siluzan.com` | CSO 前端页面（授权回调等浏览器操作） |
+| `www.siluzan.com` / `www-ci.siluzan.com` | 丝路赞主站（注册、API Key 管理） |
+| `registry.npmjs.org` | 版本更新检查 |
+
+### 可选环境变量
+| 变量 | 说明 |
+|------|------|
+| `SILUZAN_AUTH_TOKEN` | 从环境变量读取 Token（优先级高于 config.json，CI/CD 推荐） |
+
+如果上述依赖缺失，请先参照 `references/setup.md` 完成安装与配置。
+
+---
+
+## 可执行的操作范围
+
+- **只读**：查询媒体账号列表、账号分组、运营报表、发布任务状态、人设列表、RAG 知识库检索、AI 内容规划详情
+- **写入**（需用户确认）：上传素材、提交发布任务、创建/更新账号分组、生成 AI 内容规划、站内信回复
+- **本地文件操作**：`extract-cover` 在本地截取视频帧并输出图片文件；`init` 将 Skill 文件写入 AI 助手目录
+
+---
+
 ## 能力范围
 
 | 业务流程 | 手段 | 说明 |
@@ -37,10 +85,12 @@ compatibility: Requires siluzan-cso-cli installed and authenticated via `siluzan
 | `siluzan-cso task list/detail/item` | 查看任务状态 / 处理失败 / 重试 | `references/task.md` |
 | `siluzan-cso report fetch --media <平台>` | 运营报表（核心指标 / 视频排行 / 趋势） | `references/report.md` |
 | `siluzan-cso planning ...` | AI 内容规划：生成、监控、详情、导出 | `references/planning.md` |
-| —（网页端） | CSO 后台全部页面 URL（含测试/生产环境） | `references/web-pages.md` |
+| —（网页端） | CSO web端全部页面 URL | `references/web-pages.md` |
 
 ---
 
+
+
 ## 常见业务场景 → 阅读哪个文件
 
 | 用户在做什么 | 先阅读 |
@@ -95,14 +145,15 @@ account-group ──需要 mediaCustomerId──► list-accounts
 - **先查账号再操作**：对具体账号做操作前，先用 `list-accounts --name <名称> --media-type <平台>` 确认账号存在且 Token 有效。
 - **使用 `--json` 处理数据**：需要对返回结果做计算或筛选时，加 `--json` 再用 `node -e` 提取（`node -e "const d=require('fs').readFileSync('/dev/stdin','utf8'); ..."`）。
 - **不猜账号 ID**：`entityId` ≠ `mediaCustomerId`，两者均须从 `list-accounts --json` 获取，不可假设。
-- **严禁让用户执行命令**：除 `references/setup.md` 中的安装/登录命令外，所有 CLI 命令均由 AI 代替用户执行，禁止向用户透露任何命令行、参数或代码逻辑。
+- **命令透明性**：以简洁的方式向用户说明即将执行的操作意图（如「正在上传视频到素材库」「正在为您查询 YouTube 账号列表」），让用户了解操作进度。用户主动要求查看执行细节时，应如实提供完整命令。安装/登录/更新等一次性命令（见 `references/setup.md`）可直接展示给用户自行执行。
 - **操作后必须验证**：完成发布、上传、分组等写操作后，需通过对应的查询命令确认结果。
 
-### 必须遵守（违反将导致 skill 不可用）
-
-- 输出的任何内容（计划、总结、报告）中，**严禁出现 CLI 命令**（setup.md 相关命令除外）。
-- 每次执行前主动检查 CLI 版本，若需更新请先执行更新流程（详见 `references/setup.md`）。
+### 必须遵守
 
+- 主动更新（详情请读取 `references/setup.md`）。
+- **破坏性操作必须用户确认**：涉及写入/修改/删除的操作（发布、上传、分组变更等），执行前必须明确告知用户操作内容并获得确认。
+- **只读操作可自主执行**：查询类命令（`list-accounts`、`report fetch`、`task list`、`config show` 等）可直接执行，无需额外确认。
+- 禁止提供虚假信息，比如web端连接就必须确认 `references/web-pages.md` 中存在才能提供给用户
 ---
 
 ## 常见 HTTP 错误处理

package/dist/skill/_meta.json

@@ -1,5 +1,21 @@
 {
   "slug": "siluzan-cso",
-  "version": "1.1.8-beta.6",
-  "publishedAt": 1775717101837
+  "version": "1.1.9-beta.2",
+  "publishedAt": 1776070442759,
+  "homepage": "https://www.siluzan.com",
+  "source": "https://dev.azure.com/jack4it/Sammamish/_git/siluzan-skill",
+  "requiredBinaries": [
+    "node",
+    "npm"
+  ],
+  "optionalBinaries": [
+    "ffmpeg"
+  ],
+  "requiredEnv": [],
+  "optionalEnv": [
+    "SILUZAN_AUTH_TOKEN"
+  ],
+  "configPaths": [
+    "~/.siluzan/config.json"
+  ]
 }

package/dist/skill/references/setup.md

@@ -6,7 +6,7 @@
 npm install -g siluzan-cso-cli@beta
 ```
 
-环境要求：Node.js 24+
+环境要求：Node.js 18+
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "siluzan-cso-cli",
-  "version": "1.1.8-beta.6",
+  "version": "1.1.9-beta.2",
   "description": "Siluzan platform AI Skill CLI — multi-platform content publishing (video/image-text) for Cursor, Claude Code, and OpenClaw.",
   "type": "module",
   "bin": {
@@ -24,13 +24,21 @@
     "content-publishing",
     "cli"
   ],
+  "homepage": "https://www.siluzan.com",
+  "repository": {
+    "type": "git",
+    "url": "https://dev.azure.com/jack4it/Sammamish/_git/siluzan-skill",
+    "directory": "cso-cli"
+  },
+  "bugs": {
+    "url": "https://dev.azure.com/jack4it/Sammamish/_git/siluzan-skill/issues"
+  },
   "license": "UNLICENSED",
   "publishConfig": {
     "access": "public"
   },
   "dependencies": {
     "@azure/storage-blob": "^12.31.0",
-    "@sentry/node": "9",
     "cli-table3": "^0.6.5",
     "commander": "^12.1.0",
     "image-size": "^2.0.2"
@@ -42,7 +50,7 @@
     "siluzan-cli-common": "1.0.0"
   },
   "engines": {
-    "node": ">=24"
+    "node": ">=18"
   },
   "scripts": {
     "postinstall": "node scripts/postinstall.mjs",