siluzan-tso-cli 1.0.0-beta.10

package/dist/commands/account-manage.js

@@ -0,0 +1,817 @@
+import { spawn } from "node:child_process";
+import { loadConfig, apiFetch, validateBaseUrl } from "../utils/auth.js";
+import { deriveWebUrl } from "./config.js";
+/**
+ * 断开广告账户与当前账号的关联关系。
+ * 单个：PUT /command/media-account/{entityId}/delink
+ * 批量：POST /command/media-account/delinkList
+ */
+export async function runAccountDelink(opts) {
+    if (!opts.id && (!opts.ids || opts.ids.length === 0)) {
+        console.error("\n❌ 请通过 --id 或 --ids 提供要断开关联的账户 entityId\n");
+        process.exit(1);
+    }
+    const config = loadConfig(opts.token);
+    // S-Command-Type 是前端固定传的操作类型头
+    const delinkHeader = { "S-Command-Type": "delinkMediaAccount" };
+    if (opts.ids && opts.ids.length > 1) {
+        // 批量断开
+        const url = `${config.apiBaseUrl}/command/media-account/delinkList`;
+        try {
+            await apiFetch(url, config, {
+                method: "POST",
+                body: JSON.stringify(opts.ids),
+                headers: delinkHeader,
+            }, opts.verbose);
+        }
+        catch (err) {
+            console.error(`\n❌ 批量断开关联失败：${err instanceof Error ? err.message : String(err)}\n`);
+            process.exit(1);
+        }
+        console.log(`\n✅ 已批量断开 ${opts.ids.length} 个账户的关联关系\n`);
+    }
+    else {
+        // 单个断开
+        const entityId = opts.id ?? opts.ids[0];
+        const url = `${config.apiBaseUrl}/command/media-account/${entityId}/delink`;
+        try {
+            await apiFetch(url, config, { method: "PUT", body: "{}", headers: delinkHeader }, opts.verbose);
+        }
+        catch (err) {
+            console.error(`\n❌ 断开关联失败：${err instanceof Error ? err.message : String(err)}\n`);
+            process.exit(1);
+        }
+        console.log(`\n✅ 账户 ${entityId} 已断开关联\n`);
+    }
+}
+/**
+ * 将 Google 广告账户分享给指定手机号的丝路赞用户。
+ *
+ * 流程：
+ * 1. GET mainApiUrl/query/account/SimpleAccountInfo?phone=xxx → 获取被分享人 accountId
+ * 2. POST /command/media-account/TSOMediaAccountShared/{entityId} { AccountId: userId }
+ */
+export async function runAccountShare(opts) {
+    const config = loadConfig(opts.token);
+    if (!config.mainApiUrl) {
+        console.error("\n❌ 无法推导主 API 地址，请检查 apiBaseUrl 配置\n");
+        process.exit(1);
+    }
+    // 第一步：用手机号查询目标用户 ID
+    let userId;
+    try {
+        const lookupUrl = `${config.mainApiUrl}/query/account/SimpleAccountInfo?phone=${encodeURIComponent(opts.phone)}`;
+        const users = await apiFetch(lookupUrl, config, {}, opts.verbose);
+        if (!Array.isArray(users) || users.length === 0) {
+            console.error(`\n❌ 未找到手机号 ${opts.phone} 对应的丝路赞账号，请确认该用户已完成注册\n`);
+            process.exit(1);
+        }
+        userId = users[0].id;
+    }
+    catch (err) {
+        console.error(`\n❌ 查询用户信息失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    // 第二步：执行分享
+    const shareUrl = `${config.apiBaseUrl}/command/media-account/TSOMediaAccountShared/${opts.id}`;
+    try {
+        await apiFetch(shareUrl, config, { method: "POST", body: JSON.stringify({ AccountId: userId }) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 分享失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    console.log(`\n✅ 账户已成功分享给手机号 ${opts.phone} 的用户（AccountId: ${userId}）\n`);
+}
+/**
+ * 取消 Google 广告账户的分享。
+ * POST /command/media-account/TSOMediaAccountSharedRemove/{entityId}
+ * Body: { AccountId: "<被分享人的 accountId>" }
+ */
+export async function runAccountUnshare(opts) {
+    const config = loadConfig(opts.token);
+    const url = `${config.apiBaseUrl}/command/media-account/TSOMediaAccountSharedRemove/${opts.id}`;
+    try {
+        await apiFetch(url, config, { method: "POST", body: JSON.stringify({ AccountId: opts.accountId }) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 取消分享失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    console.log(`\n✅ 已取消账户 ${opts.id} 对用户 ${opts.accountId} 的分享\n`);
+}
+/**
+ * 查询指定账户的分享详情（被分享给哪些用户）。
+ * GET mainApiUrl/query/account/GetAccountsByMediaAcountId?mediaAcountId=xxx
+ */
+export async function runAccountShareDetail(opts) {
+    const config = loadConfig(opts.token);
+    if (!config.mainApiUrl) {
+        console.error("\n❌ 无法推导主 API 地址，请检查 apiBaseUrl 配置\n");
+        process.exit(1);
+    }
+    const url = `${config.mainApiUrl}/query/account/GetAccountsByMediaAcountId?mediaAcountId=${encodeURIComponent(opts.mediaCustomerId)}`;
+    let data;
+    try {
+        data = await apiFetch(url, config, {}, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 查询失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(data, null, 2));
+        return;
+    }
+    const users = Array.isArray(data) ? data : [];
+    console.log(`\n账户 ${opts.mediaCustomerId} 的分享详情（共 ${users.length} 人）\n`);
+    if (users.length === 0) {
+        console.log("  暂未分享给任何用户。\n");
+        return;
+    }
+    const header = [
+        "账号 ID".padEnd(36),
+        "姓名".padEnd(16),
+        "手机号".padEnd(14),
+        "邮箱",
+    ].join("  ");
+    console.log("  " + header);
+    console.log("  " + "-".repeat(header.length));
+    for (const u of users) {
+        console.log("  " + [
+            (u.id ?? u.entityId ?? "").padEnd(36),
+            (u.name ?? "").padEnd(16),
+            (u.phone ?? "").padEnd(14),
+            u.email ?? "",
+        ].join("  "));
+    }
+    console.log();
+}
+/**
+ * Meta 在 API 调用中使用 "FacebookAds"（与其他媒体的枚举值不同）。
+ */
+function toApiMediaType(media) {
+    return media === "Meta" ? "FacebookAds" : media;
+}
+/**
+ * 用系统默认浏览器打开 URL，跨平台（Windows/macOS/Linux）。
+ * 失败时静默，让调用方回退到打印 URL。
+ */
+function tryOpenBrowser(url) {
+    try {
+        // 仅允许 HTTPS 授权链接，避免执行非网页协议。
+        const parsed = new URL(url);
+        if (parsed.protocol !== "https:") {
+            return false;
+        }
+        if (process.platform === "win32") {
+            // 使用系统 URL 处理器打开链接，避免拼接 shell 命令字符串。
+            const child = spawn("rundll32", ["url.dll,FileProtocolHandler", parsed.toString()], {
+                detached: true,
+                stdio: "ignore",
+                windowsHide: true,
+            });
+            child.unref();
+        }
+        else if (process.platform === "darwin") {
+            const child = spawn("open", [parsed.toString()], { detached: true, stdio: "ignore" });
+            child.unref();
+        }
+        else {
+            const child = spawn("xdg-open", [parsed.toString()], { detached: true, stdio: "ignore" });
+            child.unref();
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * 发起媒体账户 OAuth 授权。
+ *
+ * 流程：
+ * 1. 调 GET /command/media-account/link/{mediaType}?returnUrl=... 获取 redirectUrl
+ * 2. 用系统浏览器打开 redirectUrl（fallback 输出链接让用户手动粘贴）
+ * 3. 用户在浏览器完成授权后会跳回丝路赞回调页面，自动完成账户绑定
+ */
+export async function runAccountAuth(opts) {
+    const config = loadConfig(opts.token);
+    const apiMediaType = toApiMediaType(opts.media);
+    const webUrl = deriveWebUrl(config.apiBaseUrl);
+    // returnUrl 与前端生产环境保持一致：{webUrl}/v3/foreign_trade/tso/{mediaType}/accountsAuthorizationBind
+    const returnPath = encodeURIComponent(`${webUrl}/v3/foreign_trade/tso/${apiMediaType}/accountsAuthorizationBind`);
+    const linkUrl = `${config.apiBaseUrl}/command/media-account/link/${apiMediaType}?returnUrl=${returnPath}`;
+    console.log(`\n正在获取 ${opts.media} 授权链接…\n`);
+    let redirectUrl;
+    try {
+        const res = await apiFetch(linkUrl, config, {}, opts.verbose);
+        if (!res.redirectUrl) {
+            console.error("\n❌ 接口未返回 redirectUrl，该媒体类型可能暂不支持授权。\n");
+            process.exit(1);
+        }
+        redirectUrl = res.redirectUrl;
+    }
+    catch (err) {
+        console.error(`\n❌ 获取授权链接失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    const opened = tryOpenBrowser(redirectUrl);
+    if (opened) {
+        console.log(`✅ 已在默认浏览器中打开 ${opts.media} 授权页面。`);
+        console.log(`   完成授权后浏览器会自动跳回丝路赞，账户绑定即生效。\n`);
+    }
+    else {
+        console.log(`⚠️  无法自动打开浏览器，请手动复制以下链接到浏览器中完成授权：\n`);
+    }
+    // 无论是否自动打开，都打印链接方便用户参考
+    console.log(`  ${redirectUrl}\n`);
+}
+// ─── Google MCC 绑定 / 解绑 ─────────────────────────────────────────────────
+/**
+ * 与前端 `splitMCCIds` 一致：从用户输入解析出经理账户 ID（MCC customer id），
+ * 结果为 **数字**（JSON 中为 number），与网页 `managerIds: idList` 一致。
+ * 支持逗号、中文逗号、分号、顿号等分隔符。
+ */
+function parseMccManagerIds(input) {
+    const normalized = input.replace(/[,，；、]/g, ";");
+    return normalized
+        .split(";")
+        .map((part) => {
+        const digits = part.replace(/\D/g, "");
+        return digits ? +digits : NaN;
+    })
+        .filter((n) => Number.isFinite(n) && n > 0);
+}
+/** 前端 MCC 绑定请求体中的 agentTypes，需与网页保持一致 */
+const MCC_AGENT_TYPES = ["ChengGongYi", "SiGeUS", "SiGeCN", "Dee"];
+function googleGatewayBase(config) {
+    const raw = (config.googleApiUrl ?? "").replace(/\/$/, "");
+    if (!raw) {
+        console.error("\n❌ 未配置 Google 网关地址（googleApiUrl）。请运行：\n" +
+            "   siluzan-tso config set --google-api https://googleapi.mysiluzan.com\n" +
+            "   测试环境：https://googleapi-ci.mysiluzan.com\n");
+        process.exit(1);
+    }
+    const err = validateBaseUrl(raw);
+    if (err) {
+        console.error(`\n❌ googleApiUrl 不合法：${err}\n`);
+        process.exit(1);
+    }
+    return raw;
+}
+/** 判断接口返回的成功列表中是否包含某个经理 ID（兼容 number / string） */
+function mccResponseHasSuccess(res, managerId) {
+    if (!Array.isArray(res))
+        return false;
+    return res.some((item) => String(item) === String(managerId));
+}
+/**
+ * 将指定 Google 子账户绑定到一个或多个 MCC（经理账户）。
+ * 与网页一致：对每个子账户 POST `{googleApiUrl}/command/media-account/{mediaCustomerId}/CustomerLinks`
+ */
+export async function runAccountMccBind(opts) {
+    const config = loadConfig(opts.token);
+    const base = googleGatewayBase(config);
+    const managerIds = parseMccManagerIds(opts.mcc);
+    if (managerIds.length === 0) {
+        console.error("\n❌ --mcc 中未解析出有效的数字型 MCC 客户 ID\n");
+        process.exit(1);
+    }
+    if (opts.customers.length === 0) {
+        console.error("\n❌ 请通过 --customers 指定至少一个 Google 子账户 mediaCustomerId\n");
+        process.exit(1);
+    }
+    const body = { agentTypes: [...MCC_AGENT_TYPES], managerIds };
+    const results = [];
+    for (const customerId of opts.customers) {
+        const url = `${base}/command/media-account/${customerId}/CustomerLinks`;
+        try {
+            const response = await apiFetch(url, config, { method: "POST", body: JSON.stringify(body) }, opts.verbose);
+            results.push({ customerId, response });
+        }
+        catch (err) {
+            console.error(`\n❌ 账户 ${customerId} MCC 绑定请求失败：${err instanceof Error ? err.message : String(err)}\n`);
+            process.exit(1);
+        }
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(results, null, 2));
+        return;
+    }
+    let hasFailure = false;
+    for (const { customerId, response } of results) {
+        const failed = managerIds.filter((mid) => !mccResponseHasSuccess(response, mid));
+        if (failed.length > 0) {
+            hasFailure = true;
+            console.error(`  ❌ 账户 ${customerId}：以下 MCC 未在成功列表中 → ${failed.join("，")}`);
+        }
+        else {
+            console.log(`  ✅ 账户 ${customerId}：已向 ${managerIds.join("、")} 发起绑定（接口返回成功）`);
+        }
+    }
+    console.log(hasFailure ? "\n⚠️  部分 MCC 绑定可能未生效，请结合网页或 --json 核对。\n" : "\n✅ MCC 绑定流程已完成。\n");
+}
+/**
+ * 将指定 Google 子账户从给定 MCC 下解绑。
+ * POST `{googleApiUrl}/command/media-account/{mediaCustomerId}/CustomerUnlinks`，body 为 managerIds 数组。
+ */
+export async function runAccountMccUnbind(opts) {
+    const config = loadConfig(opts.token);
+    const base = googleGatewayBase(config);
+    const managerIds = parseMccManagerIds(opts.mcc);
+    if (managerIds.length === 0) {
+        console.error("\n❌ --mcc 中未解析出有效的数字型 MCC 客户 ID\n");
+        process.exit(1);
+    }
+    if (opts.customers.length === 0) {
+        console.error("\n❌ 请通过 --customers 指定至少一个 Google 子账户 mediaCustomerId\n");
+        process.exit(1);
+    }
+    const results = [];
+    for (const customerId of opts.customers) {
+        const url = `${base}/command/media-account/${customerId}/CustomerUnlinks`;
+        try {
+            const response = await apiFetch(url, config, { method: "POST", body: JSON.stringify(managerIds) }, opts.verbose);
+            results.push({ customerId, response });
+        }
+        catch (err) {
+            console.error(`\n❌ 账户 ${customerId} MCC 解绑请求失败：${err instanceof Error ? err.message : String(err)}\n`);
+            process.exit(1);
+        }
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(results, null, 2));
+        return;
+    }
+    let hasFailure = false;
+    for (const { customerId, response } of results) {
+        const failed = managerIds.filter((mid) => !mccResponseHasSuccess(response, mid));
+        if (failed.length > 0) {
+            hasFailure = true;
+            console.error(`  ❌ 账户 ${customerId}：以下 MCC 未在成功解绑列表中 → ${failed.join("，")}`);
+        }
+        else {
+            console.log(`  ✅ 账户 ${customerId}：已向 ${managerIds.join("、")} 发起解绑（接口返回成功）`);
+        }
+    }
+    console.log(hasFailure ? "\n⚠️  部分 MCC 解绑可能未生效，请结合网页或 --json 核对。\n" : "\n✅ MCC 解绑流程已完成。\n");
+}
+/**
+ * 关闭（停用）TikTok 广告账户。
+ * POST /command/media-account/AdvertiserDisable
+ * Body: 广告账户 mediaCustomerId 数组
+ *
+ * 注意：此操作仅支持 TikTok 账户，且不可恢复，请谨慎使用。
+ */
+export async function runAccountClose(opts) {
+    if (!opts.accountIds || opts.accountIds.length === 0) {
+        console.error("\n❌ 请通过 --accounts 提供要关闭的 TikTok 广告账户 mediaCustomerId\n");
+        process.exit(1);
+    }
+    const config = loadConfig(opts.token);
+    const url = `${config.apiBaseUrl}/command/media-account/AdvertiserDisable`;
+    let result;
+    try {
+        result = await apiFetch(url, config, { method: "POST", body: JSON.stringify(opts.accountIds) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 账户关闭失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(`\n✅ 已提交关闭请求，涉及账户：${opts.accountIds.join("、")}\n`);
+    console.log("  注意：TikTok 账户关闭后将停止投放，如需恢复请联系丝路赞客服。\n");
+}
+/**
+ * 查询被封（Suspended）Google 广告账户列表，用于判断哪些账户可以提现。
+ * GET /query/media-account/Google/GetLinkedMediaAccountInfosFiterByStatesLatest?statesJson=["Suspended"]
+ *
+ * 注意：接口返回的是 Google 侧标记为 Suspended 的账户（mai.status === "Suspended"）。
+ * 平台侧（list-accounts）可能显示为"正常"，因为 OAuth Token 仍有效，两者是不同维度的状态。
+ */
+export async function runAccountWithdrawList(opts) {
+    const config = loadConfig(opts.token);
+    const url = `${config.apiBaseUrl}/query/media-account/Google/GetLinkedMediaAccountInfosFiterByStatesLatest` +
+        `?statesJson=${encodeURIComponent(JSON.stringify(["Suspended"]))}`;
+    let data;
+    try {
+        data = await apiFetch(url, config, {}, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 查询失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(data, null, 2));
+        return;
+    }
+    const allItems = Array.isArray(data) ? data : [];
+    // 过滤掉非 Suspended 状态的账户（接口理论上只返回 Suspended，防御性过滤）
+    const suspendedItems = allItems.filter((item) => item.mai?.status === "Suspended");
+    const skippedCount = allItems.length - suspendedItems.length;
+    if (skippedCount > 0) {
+        console.warn(`\n⚠️  接口返回 ${allItems.length} 条，其中 ${skippedCount} 条非 Suspended 状态已过滤。\n`);
+    }
+    if (suspendedItems.length === 0) {
+        console.log("\n  暂无 Google Suspended（被封）广告账户。\n");
+        return;
+    }
+    // 区分有余额可提现 vs 余额为零的账户
+    const withdrawable = suspendedItems.filter((item) => {
+        const balance = Number(item.mai?.remainingAccountBudget ?? 0);
+        const adjustments = Number(item.mai?.totalAdjustmentsMicros ?? 0);
+        return balance - adjustments > 0;
+    });
+    const zeroBalance = suspendedItems.filter((item) => {
+        const balance = Number(item.mai?.remainingAccountBudget ?? 0);
+        const adjustments = Number(item.mai?.totalAdjustmentsMicros ?? 0);
+        return balance - adjustments <= 0;
+    });
+    console.log(`\nGoogle Suspended（被封禁）账户（共 ${suspendedItems.length} 条，其中 ${withdrawable.length} 条有余额可提现）\n`);
+    const header = [
+        "entityId".padEnd(38),
+        "mediaCustomerId".padEnd(20),
+        "账户名称".padEnd(28),
+        "Google状态".padEnd(12),
+        "余额".padEnd(10),
+        "赠送金".padEnd(10),
+        "货币".padEnd(6),
+        "可提现",
+    ].join("  ");
+    console.log("  " + header);
+    console.log("  " + "-".repeat(header.length));
+    for (const item of suspendedItems) {
+        const ma = item.ma ?? {};
+        const mai = item.mai ?? {};
+        const balance = Number(mai.remainingAccountBudget ?? 0);
+        const adjustments = Number(mai.totalAdjustmentsMicros ?? 0);
+        const net = balance - adjustments;
+        const currency = String(mai.currencyCode ?? ma.currencyCode ?? "");
+        const canWithdraw = net > 0 ? "✅ 是" : "❌ 否（净额≤0）";
+        console.log("  " + [
+            String(ma.entityId ?? "").padEnd(38),
+            String(ma.mediaCustomerId ?? "").padEnd(20),
+            String(ma.mediaCustomerName ?? "").slice(0, 26).padEnd(28),
+            String(mai.status ?? "Suspended").padEnd(12),
+            balance.toFixed(2).padEnd(10),
+            adjustments.toFixed(2).padEnd(10),
+            currency.padEnd(6),
+            canWithdraw,
+        ].join("  "));
+    }
+    if (zeroBalance.length > 0) {
+        console.log(`\n  ℹ️  ${zeroBalance.length} 个账户余额净额 ≤ 0，无法提现。`);
+    }
+    console.log("\n提示：使用 account withdraw-submit --accounts <entityId,...> 提交有余额账户的提现申请。\n");
+    console.log("  注意：Google Suspended = Google 平台封号，与丝路赞平台的 OAuth「失效」状态是不同维度，二者互不影响。\n");
+}
+/**
+ * 提交被封 Google 账户提现申请。
+ * 流程：
+ * 1. 查询被封账户详情（获取余额、货币、代理类型等）
+ * 2. 查询管理费比例 GET /service-charge/fees/get-fee-rate
+ * 3. 批量提交 POST /AccountWithdraws/batch
+ *
+ * 金额计算：可提现额 = 余额 - 赠送金；总扣款 = 可提现额 × (1 + feeRate) × (1 + taxRate)
+ * CNY 账户 taxRate=0.06，USD 账户 taxRate=0
+ */
+export async function runAccountWithdrawSubmit(opts) {
+    if (!opts.accounts || opts.accounts.length === 0) {
+        console.error("\n❌ 请通过 --accounts 提供要提现的账户 entityId（可逗号分隔多个）\n");
+        process.exit(1);
+    }
+    const config = loadConfig(opts.token);
+    // 第一步：查询被封账户列表获取账户详情
+    console.log("  [1/2] 正在查询被封账户信息...");
+    const listUrl = `${config.apiBaseUrl}/query/media-account/Google/GetLinkedMediaAccountInfosFiterByStatesLatest` +
+        `?statesJson=${encodeURIComponent(JSON.stringify(["Suspended"]))}`;
+    let allSuspended;
+    try {
+        allSuspended = await apiFetch(listUrl, config, {}, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 查询被封账户列表失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    const targetAccounts = (allSuspended ?? []).filter((item) => item.ma?.entityId && opts.accounts.includes(item.ma.entityId));
+    if (targetAccounts.length === 0) {
+        console.error("\n❌ 在被封账户列表中未找到指定的账户，请先通过 account withdraw-list 查看可提现账户。\n");
+        process.exit(1);
+    }
+    // 第二步：按币种查询管理费比例（前端按 mediaType + currencyCode + amount 查询）
+    console.log("  [2/2] 正在查询管理费比例...");
+    // 计算各账户基础数据，汇总需要查询的币种
+    const accountDetails = targetAccounts.map((item) => {
+        const ma = item.ma ?? {};
+        const mai = item.mai ?? {};
+        const currency = String(mai.currencyCode ?? ma.currencyCode ?? "USD");
+        const balance = Number(mai.remainingAccountBudget ?? 0);
+        const adjustments = Number(mai.totalAdjustmentsMicros ?? 0);
+        const availableAmount = Math.max(0, balance - adjustments);
+        return { ma, mai, currency, balance, adjustments, availableAmount };
+    });
+    // 按币种 + 金额查询管理费（与前端行为一致）
+    const feeRateCache = new Map();
+    for (const { currency, availableAmount } of accountDetails) {
+        const cacheKey = `${currency}-${availableAmount.toFixed(2)}`;
+        if (feeRateCache.has(cacheKey))
+            continue;
+        try {
+            const feeParams = new URLSearchParams({
+                mediaType: "Google",
+                currencyCode: currency,
+                amount: availableAmount.toFixed(2),
+            });
+            const feeData = await apiFetch(`${config.apiBaseUrl}/service-charge/fees/get-fee-rate?${feeParams}`, config, {}, opts.verbose);
+            feeRateCache.set(cacheKey, feeData?.feeRate ?? 0);
+        }
+        catch {
+            console.warn(`  ⚠️  ${currency} 管理费查询失败，将以 0 费率提交。`);
+            feeRateCache.set(cacheKey, 0);
+        }
+    }
+    // 构造提现请求体（与前端字段保持一致）
+    const body = accountDetails.map(({ ma, mai, currency, balance, adjustments, availableAmount }) => {
+        const cacheKey = `${currency}-${availableAmount.toFixed(2)}`;
+        const feeRate = feeRateCache.get(cacheKey) ?? 0;
+        const taxRate = currency === "CNY" ? 0.06 : 0;
+        const totalAmounts = availableAmount * (1 + feeRate) * (1 + taxRate);
+        return {
+            MediaType: "Google",
+            MediaAccountId: ma.entityId ?? "",
+            // 优先取 mai.mediaCustomerId（Google 侧 ID），与前端保持一致
+            MediaCustomerId: String(mai.mediaCustomerId ?? ma.mediaCustomerId ?? ""),
+            MediaCustomerName: String(ma.mediaCustomerName ?? ""),
+            AdvertiserName: String(ma.mediaCustomerName ?? ""),
+            Currency: currency,
+            // 使用 toFixed(2) 保持与前端精度一致
+            Balance: balance.toFixed(2),
+            AgentType: String(ma.accountType ?? ""),
+            FeeRate: feeRate,
+            TaxRate: taxRate,
+            Amounts: totalAmounts.toFixed(2),
+            Adjustments: adjustments.toFixed(2),
+        };
+    });
+    let result;
+    try {
+        result = await apiFetch(`${config.apiBaseUrl}/AccountWithdraws/batch`, config, { method: "POST", body: JSON.stringify(body) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 提现申请提交失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    // 取第一个账户的费率用于摘要显示（多账户时各自费率见 --json）
+    const firstFeeRate = feeRateCache.size > 0 ? [...feeRateCache.values()][0] : 0;
+    console.log(`\n✅ 已提交 ${targetAccounts.length} 个账户的提现申请（管理费率 ${(firstFeeRate * 100).toFixed(1)}%）。\n`);
+    console.log("  注意：提现审核完成后，金额将退回到您的丝路赞钱包，请留意站内通知。\n");
+}
+// ─── TikTok BC 绑定 / 解绑 ────────────────────────────────────────────────────
+/** 获取 TikTok 媒体网关基地址，不存在时报错退出 */
+function tiktokGatewayBase(config) {
+    const raw = (config.tiktokApiUrl ?? "").replace(/\/$/, "");
+    if (!raw) {
+        console.error("\n❌ 未能推导 TikTok 网关地址（tiktokApiUrl）。\n" +
+            "   请确认 apiBaseUrl 已正确配置：\n" +
+            "   siluzan-tso config set --api-base https://tso-api.siluzan.com\n");
+        process.exit(1);
+    }
+    return raw;
+}
+/**
+ * 将 TikTok 广告账户绑定到 Business Center（BC）。
+ * POST ${tiktokApiUrl}/bcmanagement/AddPartnerList
+ * Body: { bcIds: string[], mediacustomerIds: string[] }
+ * 返回数组，每项含 code（0=成功）和 message
+ */
+export async function runAccountBcBind(opts) {
+    if (!opts.customers || opts.customers.length === 0) {
+        console.error("\n❌ 请通过 --customers 提供要绑定的 TikTok 广告账户 mediaCustomerId\n");
+        process.exit(1);
+    }
+    if (!opts.bcIds || opts.bcIds.length === 0) {
+        console.error("\n❌ 请通过 --bc-ids 提供 Business Center ID\n");
+        process.exit(1);
+    }
+    const config = loadConfig(opts.token);
+    const base = tiktokGatewayBase(config);
+    const url = `${base}/bcmanagement/AddPartnerList`;
+    const body = { bcIds: opts.bcIds, mediacustomerIds: opts.customers };
+    let result;
+    try {
+        result = await apiFetch(url, config, { method: "POST", body: JSON.stringify(body) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ BC 绑定失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    // 检查是否有失败项
+    const resultArr = Array.isArray(result) ? result : [];
+    const failed = resultArr.filter((r) => r.code !== 0);
+    if (failed.length > 0) {
+        console.warn(`\n⚠️  部分绑定失败（${failed.length} 条）：`);
+        for (const f of failed) {
+            console.warn(`  ${f.message ?? JSON.stringify(f)}`);
+        }
+    }
+    console.log(`\n✅ TikTok BC 绑定请求已提交` +
+        `（账户：${opts.customers.join("、")}，BC：${opts.bcIds.join("、")}）\n`);
+}
+/**
+ * 将 TikTok 广告账户从 Business Center（BC）下解绑。
+ * DELETE ${tiktokApiUrl}/bcmanagement/DeletePartnerAssetList
+ * Body: [{ bcId, mediacustomerIds }]
+ * 返回：空对象 = 全部成功；非空 = key 为失败的 mediaCustomerId，value 为失败原因
+ */
+export async function runAccountBcUnbind(opts) {
+    if (!opts.customers || opts.customers.length === 0) {
+        console.error("\n❌ 请通过 --customers 提供要解绑的 TikTok 广告账户 mediaCustomerId\n");
+        process.exit(1);
+    }
+    if (!opts.bcId) {
+        console.error("\n❌ 请通过 --bc-id 提供 Business Center ID\n");
+        process.exit(1);
+    }
+    const config = loadConfig(opts.token);
+    const base = tiktokGatewayBase(config);
+    const url = `${base}/bcmanagement/DeletePartnerAssetList`;
+    const body = [{ bcId: opts.bcId, mediacustomerIds: opts.customers }];
+    let result;
+    try {
+        result = await apiFetch(url, config, { method: "DELETE", body: JSON.stringify(body) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ BC 解绑失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    // 接口返回非空对象时，key=mediaCustomerId，value=失败原因
+    const failedMap = (result && typeof result === "object" && !Array.isArray(result))
+        ? result
+        : {};
+    const failedIds = Object.keys(failedMap);
+    if (failedIds.length > 0) {
+        console.warn(`\n⚠️  以下账户解绑失败：`);
+        for (const id of failedIds) {
+            console.warn(`  ${id}: ${failedMap[id]}`);
+        }
+    }
+    else {
+        console.log(`\n✅ 已将账户 ${opts.customers.join("、")} 从 BC（${opts.bcId}）下解绑。\n`);
+    }
+}
+/**
+ * 查询 Google 广告账户的邮箱授权列表。
+ * GET ${googleApiUrl}/query/media-account/GetCustomerUserAccessInvitation
+ * Params: { CustomerId, AgentType }
+ */
+export async function runAccountEmailAuthList(opts) {
+    const config = loadConfig(opts.token);
+    const base = googleGatewayBase(config);
+    const params = new URLSearchParams({ CustomerId: opts.customerId, AgentType: opts.agentType });
+    const url = `${base}/query/media-account/GetCustomerUserAccessInvitation?${params}`;
+    let data;
+    try {
+        data = await apiFetch(url, config, {}, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 查询邮箱授权列表失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(data, null, 2));
+        return;
+    }
+    const items = Array.isArray(data) ? data : [];
+    if (items.length === 0) {
+        console.log("\n  暂无邮箱授权记录。\n");
+        return;
+    }
+    console.log(`\n账户 ${opts.customerId} 的邮箱授权列表（共 ${items.length} 条）\n`);
+    const header = [
+        "邀请 ID".padEnd(20),
+        "邮箱".padEnd(34),
+        "权限".padEnd(12),
+        "状态",
+    ].join("  ");
+    console.log("  " + header);
+    console.log("  " + "-".repeat(header.length));
+    for (const item of items) {
+        // invitationId 或 invitationld（接口拼写不一致）
+        const invId = String(item.invitationId ?? item.invitationld ?? "");
+        console.log("  " + [
+            invId.padEnd(20),
+            String(item.emailAddress ?? "").padEnd(34),
+            String(item.accessRole ?? "").padEnd(12),
+            String(item.invitationStatus ?? ""),
+        ].join("  "));
+    }
+    console.log("\n提示：使用 account email-deauth 解除授权，--invitation-id 来自上方邀请 ID。\n");
+}
+/**
+ * 向指定邮箱发送 Google 广告账户授权邀请。
+ * POST ${googleApiUrl}/command/media-account/MutateCustomerUserAccessInvitation
+ * Body: { CustomerId, EmailAddress, AccessRole, AgentType }
+ */
+export async function runAccountEmailAuth(opts) {
+    const config = loadConfig(opts.token);
+    const base = googleGatewayBase(config);
+    const url = `${base}/command/media-account/MutateCustomerUserAccessInvitation`;
+    const body = {
+        CustomerId: opts.customerId,
+        EmailAddress: opts.email,
+        AccessRole: opts.accessRole ?? "Standard",
+        AgentType: opts.agentType,
+    };
+    let result;
+    try {
+        result = await apiFetch(url, config, { method: "POST", body: JSON.stringify(body) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 邮箱授权失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(`\n✅ 已向 ${opts.email} 发送 Google 广告账户（${opts.customerId}）授权邀请` +
+        `（权限：${opts.accessRole ?? "Standard"}）。\n`);
+}
+/**
+ * 解除 Google 广告账户的邮箱授权。
+ * 已接受：DELETE ${googleApiUrl}/command/media-account/RemoveCustomerUserAccess
+ * 待接受：DELETE ${googleApiUrl}/command/media-account/RemoveCustomerUserAccessInvitation
+ *
+ * 注意：接口请求体中 invitationld 为 "l" 而非 "I"（接口拼写问题，与前端保持一致）。
+ */
+export async function runAccountEmailDeauth(opts) {
+    const config = loadConfig(opts.token);
+    const base = googleGatewayBase(config);
+    const endpoint = (opts.accepted !== false)
+        ? "RemoveCustomerUserAccess"
+        : "RemoveCustomerUserAccessInvitation";
+    const url = `${base}/command/media-account/${endpoint}`;
+    const body = {
+        CustomerId: opts.customerId,
+        // 接口字段为 invitationld（小写 L），非 invitationId，与前端保持一致
+        invitationld: opts.invitationId,
+        AgentType: opts.agentType,
+        resourceName: opts.resourceName,
+    };
+    let result;
+    try {
+        result = await apiFetch(url, config, { method: "DELETE", body: JSON.stringify(body) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ 解除邮箱授权失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(`\n✅ 已解除邀请 ${opts.invitationId} 的邮箱授权。\n`);
+}
+/**
+ * 将 Meta 广告账户绑定到指定 Business Manager（BM）。
+ * POST /MetaAccount/Management/BindBM
+ * Body: { accountId, bmId, actionType }
+ */
+export async function runAccountBmBind(opts) {
+    const config = loadConfig(opts.token);
+    const url = `${config.apiBaseUrl}/MetaAccount/Management/BindBM`;
+    const body = {
+        accountId: opts.accountId,
+        bmId: opts.bmId,
+        actionType: opts.actionType ?? "bind",
+    };
+    let result;
+    try {
+        result = await apiFetch(url, config, { method: "POST", body: JSON.stringify(body) }, opts.verbose);
+    }
+    catch (err) {
+        console.error(`\n❌ BM 绑定失败：${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(`\n✅ 已将账户 ${opts.accountId} 绑定到 Business Manager（BM ID：${opts.bmId}）\n`);
+}