siluzan-tso-cli 1.1.17 → 1.1.18-beta.2

package/README.md

@@ -43,7 +43,7 @@ HTML 报告模板引用以下 CDN：`cdn.tailwindcss.com`、`cdnjs.cloudflare.co
 在**用户的目标项目根目录**执行（根据用户使用的助手选择 `--ai`）：
 
 ```bash
-npm install -g siluzan-tso-cli
+npm install -g siluzan-tso-cli@beta
 siluzan-tso init --ai cursor         # 写入 Cursor（默认）
 siluzan-tso init --ai cursor,claude  # 同时写入多个平台
 siluzan-tso init --ai all            # 写入所有支持的平台
@@ -51,6 +51,7 @@ siluzan-tso init -d /path/to/skills  # 写入自定义目录
 siluzan-tso init --force             # 强制覆盖已存在文件
 ```
 
+> **注意**：当前为测试版（1.1.18-beta.2），供内部测试使用。正式发布后安装命令将改为 `npm install -g siluzan-tso-cli`。
 
 | 助手                    | 建议 `--ai`                          |
 | ----------------------- | ------------------------------------ |

package/dist/index.js

@@ -2054,12 +2054,12 @@ function validateBaseUrl(raw) {
   if (url.protocol !== "https:") {
     return `\u5FC5\u987B\u4F7F\u7528 HTTPS\uFF0C\u5F53\u524D\u534F\u8BAE\uFF1A${url.protocol}`;
   }
-  const hostname = url.hostname.toLowerCase();
+  const hostname2 = url.hostname.toLowerCase();
   const ok = ALLOWED_HOSTNAME_SUFFIXES.some(
-    (suffix) => hostname === suffix || hostname.endsWith(`.${suffix}`)
+    (suffix) => hostname2 === suffix || hostname2.endsWith(`.${suffix}`)
   );
   if (!ok) {
-    return `\u4E3B\u673A\u540D "${hostname}" \u4E0D\u5728\u5141\u8BB8\u5217\u8868\uFF08${ALLOWED_HOSTNAME_SUFFIXES.join("\u3001")}\uFF09\u5185\u3002
+    return `\u4E3B\u673A\u540D "${hostname2}" \u4E0D\u5728\u5141\u8BB8\u5217\u8868\uFF08${ALLOWED_HOSTNAME_SUFFIXES.join("\u3001")}\uFF09\u5185\u3002
    \u5982\u9700\u8FDE\u63A5\u81EA\u5B9A\u4E49\u90E8\u7F72\u7AEF\u70B9\uFF0C\u8BF7\u8054\u7CFB\u7BA1\u7406\u5458\u6DFB\u52A0\u767D\u540D\u5355\u3002`;
   }
   return null;
@@ -2735,7 +2735,207 @@ async function readPreSnapshotPayload(namespace, preSnapshotRef) {
     return null;
   }
 }
-var import_semver, SILUZAN_DIR, CONFIG_FILE, ALLOWED_HOSTNAME_SUFFIXES, DEFAULT_TIMEOUT_MS, MAX_RESPONSE_BYTES, httpsAgent, httpAgent, PERF_PREFIX, MAX_INVOCATION_CHARS, currentInvocation, MAX_COMMIT_CHARS, cliCommitOverride, WRITE_AUDIT_SCHEMA_VERSION, MUTATING, BEIJING_TZ, AUDIT_LOG_FILENAME_RE, DEFAULT_MAX_FILE_MB, MIN_SEGMENT_BYTES, MAX_SEGMENT_BYTES, DEFAULT_RETENTION_DAYS, MIN_RETENTION_DAYS, MAX_RETENTION_DAYS, PRUNE_THROTTLE_MS, lastPruneAtMs, MAX_BODY_CHARS, MAX_ERROR_CHARS, DEFAULT_FIND_AUDIT_MAX_DAYS, MAX_SNAPSHOT_FILE_BYTES;
+function deriveSsoBaseUrl(anyApiBase) {
+  try {
+    const u = new URL(anyApiBase);
+    u.hostname = u.hostname.replace(/^(tso-api|cso|api)/, "sso");
+    return u.origin;
+  } catch {
+    return "https://sso.siluzan.com";
+  }
+}
+function deriveCsoApiBaseUrl(anyApiBase) {
+  try {
+    const u = new URL(anyApiBase);
+    u.hostname = u.hostname.replace(/^(tso-api|api)/, "cso");
+    return u.origin;
+  } catch {
+    return "https://cso.siluzan.com";
+  }
+}
+function normalizeChinaPhone(input) {
+  if (!input) return input;
+  const cleaned = input.replace(/[\s\-()\u00A0]/g, "");
+  if (/^\+861\d{10}$/.test(cleaned)) {
+    return cleaned;
+  }
+  if (/^861\d{10}$/.test(cleaned)) {
+    return `+${cleaned}`;
+  }
+  if (/^00861\d{10}$/.test(cleaned)) {
+    return `+${cleaned.slice(2)}`;
+  }
+  if (/^1\d{10}$/.test(cleaned)) {
+    return `+86${cleaned}`;
+  }
+  return cleaned;
+}
+function isValidChinaPhone(input) {
+  return /^\+861\d{10}$/.test(normalizeChinaPhone(input));
+}
+async function sendPhoneLoginCode(opts) {
+  const phone = normalizeChinaPhone(opts.phone);
+  const url = `${opts.ssoBaseUrl}/Account/SendVaildCode?Phone=${encodeURIComponent(
+    phone
+  )}&RandStr=&Iicket=`;
+  if (opts.verbose) {
+    process.stderr.write(`[phone-login] GET ${url}
+`);
+  }
+  const res = await rawRequest(url, {
+    method: "GET",
+    headers: {
+      Accept: "application/json",
+      "Accept-Language": "zh-CN"
+    }
+  });
+  if (res.status < 200 || res.status >= 300) {
+    return { ok: false, message: `HTTP ${res.status}` };
+  }
+  let body;
+  try {
+    body = JSON.parse(res.text);
+  } catch {
+    return { ok: false, message: `\u54CD\u5E94\u975E JSON\uFF1A${res.text.slice(0, 120)}` };
+  }
+  const state = (body.State ?? body.state ?? "").toLowerCase();
+  const message = body.Message ?? body.message ?? "";
+  return { ok: state === "ok", message };
+}
+async function loginByPhoneCode(opts) {
+  const phone = normalizeChinaPhone(opts.phone);
+  const url = `${opts.ssoBaseUrl}/Account/LoginByMiniCode?phone=${encodeURIComponent(
+    phone
+  )}&code=${encodeURIComponent(opts.code)}&key=`;
+  if (opts.verbose) {
+    process.stderr.write(`[phone-login] GET ${url}
+`);
+  }
+  const res = await rawRequest(url, {
+    method: "GET",
+    headers: {
+      Accept: "application/json",
+      "Accept-Language": "zh-CN"
+    }
+  });
+  if (opts.verbose) {
+    process.stderr.write(
+      `[phone-login] LoginByMiniCode HTTP ${res.status} body=${res.text.slice(0, 500)}
+`
+    );
+  }
+  if (res.status < 200 || res.status >= 300) {
+    throw new Error(`\u767B\u5F55\u5931\u8D25\uFF1AHTTP ${res.status}`);
+  }
+  let body;
+  try {
+    body = JSON.parse(res.text);
+  } catch {
+    throw new Error(`\u767B\u5F55\u54CD\u5E94\u975E JSON\uFF1A${res.text.slice(0, 120)}`);
+  }
+  const errMsg = body.msg ?? body.Msg ?? "";
+  if (!body.token || typeof body.token === "string") {
+    throw new Error(errMsg || "\u767B\u5F55\u5931\u8D25\uFF08\u540E\u7AEF\u672A\u8FD4\u56DE\u539F\u56E0\uFF09");
+  }
+  const token = body.token;
+  const isError = token.isError ?? token.IsError ?? false;
+  if (isError) {
+    const err = token.errorDescription ?? token.ErrorDescription ?? token.error ?? token.Error ?? "\u672A\u77E5\u9519\u8BEF";
+    throw new Error(`OAuth \u5931\u8D25\uFF1A${err}`);
+  }
+  let accessToken = token.accessToken ?? token.access_token ?? "";
+  let tokenType = token.tokenType ?? token.token_type ?? "Bearer";
+  let expiresIn = token.expiresIn ?? token.expires_in;
+  if (!accessToken) {
+    const rawJson = token.raw ?? token.Raw;
+    if (rawJson && typeof rawJson === "string") {
+      try {
+        const parsed = JSON.parse(rawJson);
+        accessToken = parsed.access_token ?? "";
+        tokenType = parsed.token_type ?? tokenType;
+        expiresIn = parsed.expires_in ?? expiresIn;
+      } catch {
+      }
+    }
+  }
+  if (!accessToken) {
+    throw new Error(
+      `\u767B\u5F55\u54CD\u5E94\u7F3A\u5C11 access_token\uFF08\u54CD\u5E94\u5B57\u6BB5\uFF1A${Object.keys(token).join(", ") || "\u65E0"}\uFF09`
+    );
+  }
+  return { accessToken, tokenType, expiresIn };
+}
+async function createApiKeyByBearer(opts) {
+  if (opts.allowedServices.length === 0) {
+    throw new Error("createApiKey \u81F3\u5C11\u9700\u8981\u4F20\u5165\u4E00\u4E2A allowedServices");
+  }
+  if (opts.validDays === void 0 && opts.expiresAt === void 0) {
+    throw new Error("createApiKey \u5FC5\u987B\u6307\u5B9A validDays \u6216 expiresAt");
+  }
+  const body = JSON.stringify({
+    name: opts.name,
+    validDays: opts.validDays,
+    expiresAt: opts.expiresAt,
+    allowedServices: opts.allowedServices.map((s) => API_KEY_SERVICE_VALUES[s])
+  });
+  const url = `${opts.csoBaseUrl}/cso/v1/apikey`;
+  if (opts.verbose) {
+    process.stderr.write(`[phone-login] POST ${url} body=${body}
+`);
+  }
+  const res = await rawRequest(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Accept: "application/json",
+      "Accept-Language": "zh-CN",
+      Authorization: `Bearer ${opts.bearerToken}`,
+      "Content-Length": String(Buffer.byteLength(body, "utf8"))
+    },
+    body
+  });
+  if (res.status < 200 || res.status >= 300) {
+    throw new Error(`\u521B\u5EFA API Key \u5931\u8D25\uFF1AHTTP ${res.status}\uFF08${res.text.slice(0, 200)}\uFF09`);
+  }
+  let json;
+  try {
+    json = JSON.parse(res.text);
+  } catch {
+    throw new Error(`\u521B\u5EFA API Key \u54CD\u5E94\u975E JSON\uFF1A${res.text.slice(0, 120)}`);
+  }
+  const code = json.code ?? json.Code;
+  if (code !== 1) {
+    throw new Error(`\u521B\u5EFA API Key \u5931\u8D25\uFF1A${json.message ?? json.Message ?? "\u672A\u77E5\u9519\u8BEF"}`);
+  }
+  const data = json.data ?? json.Data;
+  if (!data?.rawKey) {
+    throw new Error("\u521B\u5EFA API Key \u54CD\u5E94\u7F3A\u5C11 rawKey \u5B57\u6BB5");
+  }
+  return data;
+}
+async function issueApiKeyWithPhoneCode(opts) {
+  const code = opts.code?.trim() ?? "";
+  if (!code) {
+    throw new Error("\u9A8C\u8BC1\u7801\u4E0D\u80FD\u4E3A\u7A7A");
+  }
+  const tokenInfo = await loginByPhoneCode({
+    ssoBaseUrl: opts.ssoBaseUrl,
+    phone: opts.phone,
+    code,
+    verbose: opts.verbose
+  });
+  const apiKey = await createApiKeyByBearer({
+    csoBaseUrl: opts.csoBaseUrl,
+    bearerToken: tokenInfo.accessToken,
+    name: opts.apiKeyName,
+    validDays: opts.validDays ?? (opts.expiresAt ? void 0 : 90),
+    expiresAt: opts.expiresAt,
+    allowedServices: opts.allowedServices,
+    verbose: opts.verbose
+  });
+  return apiKey;
+}
+var import_semver, SILUZAN_DIR, CONFIG_FILE, ALLOWED_HOSTNAME_SUFFIXES, DEFAULT_TIMEOUT_MS, MAX_RESPONSE_BYTES, httpsAgent, httpAgent, PERF_PREFIX, MAX_INVOCATION_CHARS, currentInvocation, MAX_COMMIT_CHARS, cliCommitOverride, WRITE_AUDIT_SCHEMA_VERSION, MUTATING, BEIJING_TZ, AUDIT_LOG_FILENAME_RE, DEFAULT_MAX_FILE_MB, MIN_SEGMENT_BYTES, MAX_SEGMENT_BYTES, DEFAULT_RETENTION_DAYS, MIN_RETENTION_DAYS, MAX_RETENTION_DAYS, PRUNE_THROTTLE_MS, lastPruneAtMs, MAX_BODY_CHARS, MAX_ERROR_CHARS, DEFAULT_FIND_AUDIT_MAX_DAYS, MAX_SNAPSHOT_FILE_BYTES, API_KEY_SERVICE_VALUES;
 var init_dist = __esm({
   "../common/dist/index.js"() {
     "use strict";
@@ -2783,6 +2983,11 @@ var init_dist = __esm({
     MAX_ERROR_CHARS = 800;
     DEFAULT_FIND_AUDIT_MAX_DAYS = 400;
     MAX_SNAPSHOT_FILE_BYTES = 2 * 1024 * 1024;
+    API_KEY_SERVICE_VALUES = {
+      CSO: 0,
+      TSO: 1,
+      CUT: 2
+    };
   }
 });
 
@@ -2791,7 +2996,7 @@ var DEFAULT_API_BASE;
 var init_defaults = __esm({
   "src/config/defaults.ts"() {
     "use strict";
-    DEFAULT_API_BASE = "https://tso-api.siluzan.com";
+    DEFAULT_API_BASE = "https://tso-api-ci.siluzan.com";
   }
 });
 
@@ -3842,18 +4047,78 @@ async function fetchBalanceMap(media, accountIds, config, startDate, endDate, ve
   }
   return result;
 }
+function parseGoogleAccountSpendOverviewRows(raw) {
+  const fromDbItem = (it) => {
+    if (it == null || it.mediaAccountId == null) return null;
+    return {
+      mode: "database",
+      mediaAccountId: String(it.mediaAccountId),
+      mediaCustomerName: it.mediaCustomerName ?? void 0,
+      spend: typeof it.spend === "number" ? it.spend : void 0,
+      impressions: typeof it.impressions === "number" ? it.impressions : void 0,
+      clicks: typeof it.clicks === "number" ? it.clicks : void 0,
+      conversions: typeof it.conversions === "number" ? it.conversions : void 0,
+      costPerClick: typeof it.costPerClick === "number" ? it.costPerClick : void 0,
+      currencyCode: it.currencyCode ?? void 0,
+      status: it.status ?? void 0,
+      remainingAccountBudget: typeof it.remainingAccountBudget === "number" ? it.remainingAccountBudget : void 0
+    };
+  };
+  if (Array.isArray(raw)) {
+    return raw.map(fromDbItem).filter((row) => row !== null);
+  }
+  if (!raw || typeof raw !== "object") return [];
+  const r = raw;
+  if (r.mode === "googleCombined") {
+    const accounts = r.accounts ?? {};
+    const rows = [];
+    for (const [id, item] of Object.entries(accounts)) {
+      const data = item?.data;
+      if (!data) continue;
+      rows.push({
+        mode: "googleCombined",
+        mediaAccountId: String(id),
+        spend: typeof data.spend === "number" ? data.spend : void 0,
+        impressions: typeof data.impressions === "number" ? data.impressions : void 0,
+        clicks: typeof data.clicks === "number" ? data.clicks : void 0,
+        conversions: typeof data.conversions === "number" ? data.conversions : void 0,
+        // 实时模式下 averageCpc 即点击均价（CPC）
+        costPerClick: typeof data.averageCpc === "number" ? data.averageCpc : void 0
+      });
+    }
+    return rows;
+  }
+  const items = Array.isArray(r.items) ? r.items : [];
+  return items.map(fromDbItem).filter((row) => row !== null);
+}
 async function fetchOverviewMap(media, accountIds, config, startDate, endDate, verbose) {
   const result = /* @__PURE__ */ new Map();
   if (accountIds.length === 0 || media === "MetaAd") return result;
   const range = defaultDateRange();
-  const params = new URLSearchParams({
-    period: "true",
-    startDate: startDate ?? range.startDate,
-    endDate: endDate ?? range.endDate,
-    mediaCustomerIds: accountIds.join(",")
-  });
-  const url = `${config.apiBaseUrl}/report/media-account/${media}/accountsoverview?${params}`;
+  const start = startDate ?? range.startDate;
+  const end = endDate ?? range.endDate;
   try {
+    if (media === "Google") {
+      const params2 = new URLSearchParams({
+        startDate: start,
+        endDate: end,
+        mediaCustomerIds: accountIds.join("|")
+      });
+      const url2 = `${config.apiBaseUrl}/report/media-account/google/account-spend-overview?${params2}`;
+      const raw2 = await apiFetch2(url2, config, {}, verbose);
+      const rows = parseGoogleAccountSpendOverviewRows(raw2);
+      for (const row of rows) {
+        result.set(row.mediaAccountId, row);
+      }
+      return result;
+    }
+    const params = new URLSearchParams({
+      period: "true",
+      startDate: start,
+      endDate: end,
+      mediaCustomerIds: accountIds.join(",")
+    });
+    const url = `${config.apiBaseUrl}/report/media-account/${media}/accountsoverview?${params}`;
     const raw = await apiFetch2(url, config, {}, verbose);
     const items = Array.isArray(raw) ? raw : [];
     for (const item of items) {
@@ -3861,7 +4126,13 @@ async function fetchOverviewMap(media, accountIds, config, startDate, endDate, v
         result.set(String(item.mediaAccountId), item);
       }
     }
-  } catch {
+  } catch (err) {
+    if (verbose) {
+      process.stderr.write(
+        `[fetchOverviewMap] \u5F02\u5E38\u88AB\u541E\uFF1A${err instanceof Error ? err.message : String(err)}
+`
+      );
+    }
   }
   return result;
 }
@@ -3941,24 +4212,36 @@ async function runAccountsDigest(opts) {
   const pageSize = Math.max(1, Math.min(500, opts.pageSize ?? 200));
   const maxPages = Math.max(1, Math.min(200, opts.maxPages ?? 20));
   let accountsList;
-  try {
-    const res = await fetchAccountsByMedia(media, config, {
-      pageSize,
-      maxPages,
-      verbose: opts.verbose
-    });
-    accountsList = res.items;
-  } catch (err) {
-    console.error(`
-\u274C \u62C9\u53D6\u8D26\u6237\u6E05\u5355\u5931\u8D25\uFF1A${err instanceof Error ? err.message : String(err)}
-`);
-    process.exit(1);
-  }
+  let scannedFromList = false;
   if (filterSet.size > 0) {
-    accountsList = accountsList.filter((it) => {
-      const id = it.ma?.mediaCustomerId;
-      return id != null && filterSet.has(String(id));
-    });
+    accountsList = filterIds.map((id) => ({
+      ma: {
+        entityId: "",
+        mediaCustomerId: id,
+        mediaCustomerName: null,
+        mediaAccountType: media,
+        invalidOAuthToken: false
+      },
+      accepted: true,
+      mag: null
+    }));
+  } else {
+    try {
+      const res = await fetchAccountsByMedia(media, config, {
+        pageSize,
+        maxPages,
+        verbose: opts.verbose
+      });
+      accountsList = res.items;
+      scannedFromList = true;
+    } catch (err) {
+      console.error(
+        `
+\u274C \u62C9\u53D6\u8D26\u6237\u6E05\u5355\u5931\u8D25\uFF1A${err instanceof Error ? err.message : String(err)}
+`
+      );
+      process.exit(1);
+    }
   }
   const validIds = accountsList.filter((it) => it.ma?.mediaCustomerId && !it.ma?.invalidOAuthToken).map((it) => String(it.ma.mediaCustomerId));
   const CHUNK = 100;
@@ -4003,9 +4286,9 @@ async function runAccountsDigest(opts) {
     const cpa = conversions && conversions > 0 && spend != null ? spend / conversions : null;
     rows.push({
       mediaCustomerId: id,
-      name: ma.mediaCustomerName ?? null,
+      name: ma.mediaCustomerName ?? bal?.name ?? ov?.mediaCustomerName ?? null,
       advertiserName: item.mag?.advertiserName ?? null,
-      currencyCode: bal?.currencyCode ?? ma.currencyCode ?? null,
+      currencyCode: bal?.currencyCode ?? ma.currencyCode ?? ov?.currencyCode ?? null,
       balance: round2(bal?.remainingAccountBudget ?? null),
       spend: round2(spend),
       impressions: impressions != null ? Math.round(impressions) : null,
@@ -4037,6 +4320,8 @@ async function runAccountsDigest(opts) {
       note: opts.startDate && opts.endDate ? "\u7528\u6237/AI \u660E\u786E\u6307\u5B9A\u533A\u95F4" : "\u672A\u6307\u5B9A\u533A\u95F4\uFF0CCLI \u9ED8\u8BA4\u8FD1 7 \u5929\uFF1BSKILL \u8981\u6C42\u5148\u5411\u7528\u6237\u786E\u8BA4"
     },
     scanned: accountsList.length,
+    /** 取数策略：list = 全量翻清单后过滤，subset = 跳过翻页直接对 -a 指定的 ID 拉数据 */
+    source: scannedFromList ? "list" : "subset",
     returned: rows.length,
     totals: {
       spend: +totals.spend.toFixed(2),
@@ -8004,21 +8289,39 @@ async function runBalanceScan(opts) {
   const targetDays = opts.targetDays ?? 30;
   const pageSize = Math.max(1, Math.min(500, opts.pageSize ?? 200));
   const maxPages = Math.max(1, Math.min(200, opts.maxPages ?? 20));
-  const { items: allItems, total } = await fetchAllAccountPages(
-    media,
-    pageSize,
-    maxPages,
-    config,
-    opts.verbose
-  );
-  process.stderr.write(
-    `\r\u23F3 \u8D26\u6237\u6E05\u5355\u5DF2\u62C9\u53D6\uFF1A\u5171 ${allItems.length} \u6761${total !== void 0 ? `\uFF08\u63A5\u53E3 total\u2248${total}\uFF09` : ""}          
+  const filterIds = (opts.accounts ?? "").split(",").map((s) => s.trim()).filter(Boolean);
+  const isSubset = filterIds.length > 0;
+  let allItems;
+  let total;
+  if (isSubset) {
+    allItems = filterIds.map((id) => ({
+      ma: {
+        entityId: "",
+        mediaCustomerId: id,
+        mediaCustomerName: null,
+        mediaAccountType: media,
+        invalidOAuthToken: false
+      },
+      accepted: true,
+      mag: null
+    }));
+    process.stderr.write(
+      `\u23F3 [balance-scan] \u5B50\u96C6\u6A21\u5F0F\uFF1A\u8DF3\u8FC7\u6E05\u5355\u7FFB\u9875\uFF0C\u76F4\u63A5\u5BF9 -a \u6307\u5B9A\u7684 ${filterIds.length} \u4E2A\u8D26\u6237\u62C9\u4F59\u989D\u4E0E\u6D88\u8017\u3002
 `
-  );
+    );
+  } else {
+    const res = await fetchAllAccountPages(media, pageSize, maxPages, config, opts.verbose);
+    allItems = res.items;
+    total = res.total;
+    process.stderr.write(
+      `\r\u23F3 \u8D26\u6237\u6E05\u5355\u5DF2\u62C9\u53D6\uFF1A\u5171 ${allItems.length} \u6761${total !== void 0 ? `\uFF08\u63A5\u53E3 total\u2248${total}\uFF09` : ""}          
+`
+    );
+  }
   const validIds = [];
   for (const item of allItems) {
     const id = item.ma?.mediaCustomerId;
-    if (id && !item.ma?.invalidOAuthToken) validIds.push(String(id));
+    if (id && (isSubset || !item.ma?.invalidOAuthToken)) validIds.push(String(id));
   }
   let balanceMap = /* @__PURE__ */ new Map();
   let overviewMap = /* @__PURE__ */ new Map();
@@ -8096,19 +8399,19 @@ async function runBalanceScan(opts) {
     }
     const lowDays = remainingDays !== null && remainingDays <= thresholdDays;
     const lowBalance = minBalance !== null && balance !== null && balance <= minBalance;
-    if (!lowDays && !lowBalance) continue;
-    const hitReason = lowDays && lowBalance ? "both" : lowDays ? "low-days" : "low-balance";
+    if (!lowDays && !lowBalance && !isSubset) continue;
+    const hitReason = lowDays && lowBalance ? "both" : lowDays ? "low-days" : lowBalance ? "low-balance" : "none";
     evaluated.push({
       mediaCustomerId: id,
-      name: ma.mediaCustomerName ?? null,
+      name: ma.mediaCustomerName ?? bal?.name ?? ov?.mediaCustomerName ?? null,
       advertiserName: item.mag?.advertiserName ?? null,
-      currencyCode: bal?.currencyCode ?? ma.currencyCode ?? null,
+      currencyCode: bal?.currencyCode ?? ma.currencyCode ?? ov?.currencyCode ?? null,
       balance,
       dailySpend: dailySpend > 0 ? +dailySpend.toFixed(2) : null,
       remainingDays,
       recommendedTopup,
       invalidOAuthToken: !!ma.invalidOAuthToken,
-      status: bal?.status ?? bal?.accountStatus ?? null,
+      status: bal?.status ?? bal?.accountStatus ?? ov?.status ?? null,
       hitReason
     });
   }
@@ -8119,6 +8422,8 @@ async function runBalanceScan(opts) {
   });
   const meta = {
     media,
+    /** 取数策略：list = 全量翻清单后阈值过滤，subset = -a 指定 ID 跳过翻页全部展示 */
+    source: isSubset ? "subset" : "list",
     scannedAccounts: allItems.length,
     validAccounts: validIds.length,
     skippedInvalidOAuth: allItems.length - validIds.length,
@@ -8144,11 +8449,20 @@ async function runBalanceScan(opts) {
   })) {
     return;
   }
-  console.log(
-    `
+  if (isSubset) {
+    console.log(
+      `
+${media} \u8D26\u6237\u4F59\u989D\u753B\u50CF\uFF08\u5B50\u96C6\u6A21\u5F0F\uFF0C-a \u6307\u5B9A ${filterIds.length} \u4E2A\u8D26\u6237\uFF0C\u5168\u90E8\u5C55\u793A\uFF09
+  \u9608\u503C\u53C2\u8003\uFF1A\u7EED\u822A \u2264 ${thresholdDays} \u5929` + (minBalance !== null ? ` \u6216 \u4F59\u989D \u2264 ${minBalance}` : "") + `
+`
+    );
+  } else {
+    console.log(
+      `
 ${media} \u8D26\u6237\u4F59\u989D\u626B\u63CF\u5B8C\u6210\uFF1A\u5171\u626B\u63CF ${meta.scannedAccounts} \u4E2A\u8D26\u6237\uFF08\u6709\u6548 ${meta.validAccounts}\uFF09\uFF0C\u547D\u4E2D ${meta.hitCount} \u4E2A\uFF08\u9608\u503C\uFF1A\u7EED\u822A \u2264 ${thresholdDays} \u5929` + (minBalance !== null ? ` \u6216 \u4F59\u989D \u2264 ${minBalance}` : "") + `\uFF09
 `
-  );
+    );
+  }
   if (evaluated.length === 0) {
     console.log("  \u2705 \u65E0\u547D\u4E2D\u8D26\u6237\u3002\n");
     return;
@@ -8164,6 +8478,7 @@ ${media} \u8D26\u6237\u4F59\u989D\u626B\u63CF\u5B8C\u6210\uFF1A\u5171\u626B\u63C
     { key: "reason", header: "\u547D\u4E2D\u539F\u56E0" }
   ];
   const reasonText = {
+    none: "\u2014\uFF08\u5B50\u96C6\u5C55\u793A\uFF0C\u672A\u89E6\u9608\u503C\uFF09",
     "low-days": `\u7EED\u822A \u2264 ${thresholdDays} \u5929`,
     "low-balance": `\u4F59\u989D \u2264 ${minBalance ?? 0}`,
     both: `\u7EED\u822A + \u4F59\u989D\u53CC\u4F4E`
@@ -8197,6 +8512,7 @@ init_accounts_digest();
 init_auth();
 init_cli_json_snapshot();
 init_cli_table();
+init_balance();
 var VALID_MEDIA_TYPES3 = ["Google", "TikTok", "Yandex", "MetaAd", "BingV2", "Kwai"];
 function defaultDateRange2() {
   const end = /* @__PURE__ */ new Date();
@@ -8222,7 +8538,6 @@ async function runStats(opts) {
     ...opts.startDate ? { startDate: opts.startDate } : {},
     ...opts.endDate ? { endDate: opts.endDate } : {}
   };
-  const params = new URLSearchParams({ startDate, endDate, period: "true" });
   if (!opts.accounts) {
     console.error(
       `
@@ -8234,11 +8549,33 @@ async function runStats(opts) {
     process.exit(1);
   }
   const ids = opts.accounts.split(",").map((id) => id.trim()).filter(Boolean);
-  params.set("mediaCustomerIds", ids.join(","));
-  const url = `${config.apiBaseUrl}/report/media-account/${opts.media}/accountsoverview?${params.toString()}`;
-  let raw;
+  const isGoogle = opts.media === "Google";
+  const params = isGoogle ? new URLSearchParams({ startDate, endDate, mediaCustomerIds: ids.join("|") }) : (() => {
+    const p = new URLSearchParams({ startDate, endDate, period: "true" });
+    p.set("mediaCustomerIds", ids.join(","));
+    return p;
+  })();
+  const url = isGoogle ? `${config.apiBaseUrl}/report/media-account/google/account-spend-overview?${params.toString()}` : `${config.apiBaseUrl}/report/media-account/${opts.media}/accountsoverview?${params.toString()}`;
+  let items;
   try {
-    raw = await apiFetch2(url, config, {}, opts.verbose);
+    if (isGoogle) {
+      const raw = await apiFetch2(url, config, {}, opts.verbose);
+      items = parseGoogleAccountSpendOverviewRows(raw).map((row) => ({
+        mediaAccountId: row.mediaAccountId,
+        mediaCustomerName: row.mediaCustomerName,
+        spend: row.spend,
+        impressions: row.impressions,
+        clicks: row.clicks,
+        conversions: row.conversions,
+        costPerClick: row.costPerClick,
+        currencyCode: row.currencyCode,
+        remainingAccountBudget: row.remainingAccountBudget,
+        status: row.status
+      }));
+    } else {
+      const raw = await apiFetch2(url, config, {}, opts.verbose);
+      items = Array.isArray(raw) ? raw : raw.items ?? [];
+    }
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     if (await emitCliJsonOrSnapshot(opts, {
@@ -8255,7 +8592,6 @@ async function runStats(opts) {
 `);
     process.exit(1);
   }
-  const items = Array.isArray(raw) ? raw : raw.items ?? [];
   const n = items.length;
   const statsPayload = wrapListJson({ page: 1, pageSize: Math.max(n, 1), total: n, items });
   if (await emitCliJsonOrSnapshot(opts, {
@@ -16026,6 +16362,7 @@ TikTok \u6CE8\u518C\u5730\u5217\u8868\uFF08\u7B2C 1 \u9875\uFF0C\u672C\u9875 ${r
 init_defaults();
 init_dist();
 import * as readline2 from "readline";
+import * as os5 from "os";
 function deriveWebBaseUrl(tsoApiBase) {
   try {
     const u = new URL(tsoApiBase);
@@ -16075,6 +16412,167 @@ function printPostLoginReminderBanner() {
   ];
   console.log(lines.join("\n"));
 }
+function parseAllowedServices(raw) {
+  const allowed = ["CSO", "TSO", "CUT"];
+  if (!raw) return ["TSO", "CUT"];
+  const parts = raw.split(",").map((s) => s.trim().toUpperCase()).filter(Boolean);
+  const result = [];
+  for (const p of parts) {
+    if (!allowed.includes(p)) {
+      throw new Error(`\u672A\u77E5\u670D\u52A1\u540D\u300C${p}\u300D\uFF0C\u53EF\u9009\uFF1A${allowed.join(" / ")}`);
+    }
+    if (!result.includes(p)) result.push(p);
+  }
+  if (result.length === 0) {
+    throw new Error("--services \u81F3\u5C11\u9700\u8981\u6307\u5B9A\u4E00\u4E2A\u670D\u52A1");
+  }
+  return result;
+}
+function defaultApiKeyName() {
+  const host = (() => {
+    try {
+      return os5.hostname() || "unknown";
+    } catch {
+      return "unknown";
+    }
+  })();
+  const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  return `CLI - ${host} - ${today}`;
+}
+function validateAndNormalizePhone(rawInput) {
+  const rawPhone = rawInput?.trim() ?? "";
+  if (!isValidChinaPhone(rawPhone)) {
+    console.error(
+      "\n\u274C \u624B\u673A\u53F7\u683C\u5F0F\u9519\u8BEF\uFF1A\u4EC5\u652F\u6301\u4E2D\u56FD\u5927\u9646\u624B\u673A\u53F7\uFF0C\u53EF\u5E26\u6216\u4E0D\u5E26 +86\uFF08\u5982 13800138000 / +8613800138000\uFF09\u3002\n"
+    );
+    process.exit(1);
+  }
+  return normalizeChinaPhone(rawPhone);
+}
+async function runSendLoginCode(opts) {
+  const phone = validateAndNormalizePhone(opts.phone);
+  const tsoApiBase = process.env.SILUZAN_TSO_API_BASE ?? DEFAULT_API_BASE;
+  const ssoBaseUrl = deriveSsoBaseUrl(tsoApiBase);
+  console.log("\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550");
+  console.log("  Siluzan \u53D1\u9001\u767B\u5F55\u77ED\u4FE1\u9A8C\u8BC1\u7801");
+  console.log("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n");
+  console.log(`  \u624B\u673A\u53F7 : ${phone}`);
+  console.log(`  SSO    : ${ssoBaseUrl}
+`);
+  console.log("\u2192 \u6B63\u5728\u5411\u624B\u673A\u53D1\u9001\u9A8C\u8BC1\u7801...");
+  const r = await sendPhoneLoginCode({ ssoBaseUrl, phone, verbose: opts.verbose });
+  if (!r.ok) {
+    console.error(`
+\u274C \u77ED\u4FE1\u9A8C\u8BC1\u7801\u53D1\u9001\u5931\u8D25\uFF1A${r.message || "(\u540E\u7AEF\u672A\u8FD4\u56DE\u539F\u56E0)"}
+`);
+    process.exit(1);
+  }
+  console.log(`\u2713 \u9A8C\u8BC1\u7801\u5DF2\u53D1\u9001\uFF0810 \u5206\u949F\u5185\u6709\u6548\uFF09\u3002
+`);
+  console.log("\u4E0B\u4E00\u6B65\uFF1A\u62FF\u5230 6 \u4F4D\u9A8C\u8BC1\u7801\u540E\uFF0C\u8FD0\u884C\u4E0B\u9762\u7684\u547D\u4EE4\u5B8C\u6210\u767B\u5F55\uFF1A\n");
+  console.log(`  siluzan-tso login --phone ${phone} --code <6\u4F4D\u9A8C\u8BC1\u7801>
+`);
+  console.log("\u53EF\u9009\u53C2\u6570\uFF1A--name / --valid-days / --expires-at / --services");
+  console.log("\uFF08\u9ED8\u8BA4\u521B\u5EFA 90 \u5929\u6709\u6548\u3001\u52FE\u9009 TSO + CUT \u670D\u52A1\u7684 API Key\uFF09\n");
+}
+async function runPhoneLogin(opts) {
+  const phone = validateAndNormalizePhone(opts.phone);
+  const code = opts.code?.trim() ?? "";
+  if (!code) {
+    console.error("\n\u274C \u7F3A\u5C11 --code \u53C2\u6570\u3002\u624B\u673A\u53F7\u767B\u5F55\u662F\u4E24\u6BB5\u5F0F\u8C03\u7528\uFF0C\u8BF7\u6309\u987A\u5E8F\u6267\u884C\uFF1A\n");
+    console.error(`  1) siluzan-tso send-login-code --phone ${phone}`);
+    console.error(`  2) siluzan-tso login --phone ${phone} --code <\u6536\u5230\u76846\u4F4D\u9A8C\u8BC1\u7801>
+`);
+    console.error("\uFF08\u62C6\u6210\u4E24\u6B65\u662F\u4E3A\u4E86\u907F\u514D AI Agent \u5361\u5728\u4EA4\u4E92\u8F93\u5165\u65F6\u53CD\u590D\u91CD\u8BD5\u5BFC\u81F4\u77ED\u4FE1\u8F70\u70B8\uFF09\n");
+    process.exit(1);
+  }
+  let allowedServices;
+  try {
+    allowedServices = parseAllowedServices(opts.services);
+  } catch (e) {
+    console.error(`
+\u274C ${e instanceof Error ? e.message : String(e)}
+`);
+    process.exit(1);
+    return;
+  }
+  if (opts.validDays !== void 0 && opts.expiresAt !== void 0) {
+    console.warn("\u26A0\uFE0F  --valid-days \u4E0E --expires-at \u540C\u65F6\u4F20\u5165\uFF0C\u5C06\u4EE5 --expires-at \u4E3A\u51C6\u3002");
+  }
+  const tsoApiBase = process.env.SILUZAN_TSO_API_BASE ?? DEFAULT_API_BASE;
+  const ssoBaseUrl = deriveSsoBaseUrl(tsoApiBase);
+  const csoBaseUrl = deriveCsoApiBaseUrl(tsoApiBase);
+  const apiKeyName = opts.name ?? defaultApiKeyName();
+  console.log("\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550");
+  console.log("  Siluzan \u767B\u5F55\uFF08\u624B\u673A\u53F7 + \u77ED\u4FE1\u9A8C\u8BC1\u7801\uFF09");
+  console.log("\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n");
+  console.log(`  \u624B\u673A\u53F7       : ${phone}`);
+  console.log(`  \u9A8C\u8BC1\u7801       : ${code}`);
+  console.log(`  SSO          : ${ssoBaseUrl}`);
+  console.log(`  CSO API      : ${csoBaseUrl}`);
+  console.log(`  \u670D\u52A1\u8303\u56F4     : ${allowedServices.join(", ")}`);
+  if (opts.expiresAt) {
+    console.log(`  \u8FC7\u671F\u65F6\u95F4     : ${opts.expiresAt}`);
+  } else {
+    console.log(`  \u6709\u6548\u671F       : ${opts.validDays ?? 90} \u5929`);
+  }
+  console.log(`  API Key \u540D\u79F0 : ${apiKeyName}
+`);
+  console.log("\u2192 \u6B63\u5728\u6821\u9A8C\u9A8C\u8BC1\u7801\u5E76\u521B\u5EFA API Key...");
+  try {
+    const created = await issueApiKeyWithPhoneCode({
+      ssoBaseUrl,
+      csoBaseUrl,
+      phone,
+      code,
+      apiKeyName,
+      validDays: opts.expiresAt ? void 0 : opts.validDays ?? 90,
+      expiresAt: opts.expiresAt,
+      allowedServices,
+      verbose: opts.verbose
+    });
+    writeSharedConfig({ apiKey: created.rawKey });
+    console.log("\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+    console.log("\u2705 \u767B\u5F55\u6210\u529F\uFF0CAPI Key \u5DF2\u521B\u5EFA\u5E76\u4FDD\u5B58");
+    console.log("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+    console.log(`  Key ID       : ${created.id}`);
+    console.log(`  Key Name     : ${created.name}`);
+    console.log(`  Key (\u663E\u793A)   : ${maskSecret(created.rawKey)}`);
+    console.log(`  Key (\u8131\u654F)   : ${created.keyMasked}`);
+    console.log(`  \u751F\u6548\u65F6\u95F4     : ${created.validFrom}`);
+    console.log(`  \u8FC7\u671F\u65F6\u95F4     : ${created.expiresAt}`);
+    console.log(`  \u5269\u4F59\u5929\u6570     : ${created.remainingDays} \u5929`);
+    console.log(`  \u72B6\u6001         : ${created.status}`);
+    console.log(`  \u914D\u7F6E\u6587\u4EF6     : ${CONFIG_FILE}`);
+    printPostLoginReminderBanner();
+    console.log("\u73B0\u5728\u53EF\u4EE5\u8FD0\u884C\uFF1A");
+    console.log("  siluzan-tso list-accounts    \u67E5\u770B\u5E7F\u544A\u8D26\u6237\u5217\u8868");
+    console.log("  siluzan-tso balance -m Google  \u67E5\u770B\u8D26\u6237\u4F59\u989D\n");
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    console.error(`
+\u274C \u767B\u5F55\u5931\u8D25\uFF1A${msg}`);
+    if (/手机未注册|未注册/.test(msg)) {
+      console.error(
+        `
+  \u8BE5\u624B\u673A\u53F7\u5C1A\u672A\u6CE8\u518C\u4E1D\u8DEF\u8D5E\u8D26\u53F7\u3002\u8BF7\u5148\u5728\u7F51\u9875\u7AEF\u6CE8\u518C\uFF1A
+    ${WEB_BASE_URL}
+  \u6CE8\u518C\u6210\u529F\u540E\u518D\u56DE\u5230 CLI \u91CD\u8BD5\u4E24\u6BB5\u5F0F\u767B\u5F55\uFF1A
+    siluzan-tso send-login-code --phone ${phone}
+    siluzan-tso login --phone ${phone} --code <6\u4F4D\u9A8C\u8BC1\u7801>
+`
+      );
+    } else if (/验证码错误|验证码/.test(msg)) {
+      console.error(
+        `
+  \u9A8C\u8BC1\u7801\u53EF\u80FD\u5DF2\u8FC7\u671F\u6216\u8F93\u9519\u3002\u8BF7\u91CD\u65B0\u53D1\u7801\u540E\u518D\u8BD5\uFF1A
+    siluzan-tso send-login-code --phone ${phone}
+`
+      );
+    }
+    process.exit(1);
+  }
+}
 async function runLogin(opts = {}) {
   if (opts.apiKey !== void 0) {
     const key = opts.apiKey.trim();
@@ -16090,6 +16588,10 @@ async function runLogin(opts = {}) {
     console.log("\u73B0\u5728\u53EF\u4EE5\u8FD0\u884C siluzan-tso -h \u547D\u4EE4\u67E5\u770B\u5E2E\u52A9\u4E86\n");
     return;
   }
+  if (opts.phone !== void 0) {
+    await runPhoneLogin(opts);
+    return;
+  }
   const shared = readSharedConfig();
   const currentKey = shared.apiKey ?? "";
   if (currentKey) {
@@ -16183,14 +16685,38 @@ program.hook("preAction", async () => {
   setWriteAuditCliCommit(extractCommitFromArgv(process.argv.slice(2)));
   setCliInvocationForAudit(process.argv.slice(2));
   const activeCmd = process.argv[2];
-  if (activeCmd !== "update" && activeCmd !== "login" && activeCmd !== "audit") {
+  if (activeCmd !== "update" && activeCmd !== "login" && activeCmd !== "send-login-code" && activeCmd !== "audit") {
     await notifyIfOutdated().catch(() => {
     });
   }
 });
-program.command("login").description("\u4FDD\u5B58\u8BA4\u8BC1\u51ED\u636E\u5230 ~/.siluzan/config.json\uFF08Token \u6216 API Key \u4E8C\u9009\u4E00\uFF09").option("--api-key <key>", "\u76F4\u63A5\u4FDD\u5B58 API Key\uFF08\u5728\u4E1D\u8DEF\u8D5E\u300C\u8BBE\u7F6E \u2192 API Key \u7BA1\u7406\u300D\u521B\u5EFA\uFF09\uFF0C\u63A8\u8350\u65B9\u5F0F").option("--manual", "\u4EA4\u4E92\u5F0F\u7C98\u8D34 JWT Token\uFF08\u65E0 API Key \u65F6\u4F7F\u7528\uFF09").action(async (opts) => {
-  await runLogin({ apiKey: opts.apiKey });
+program.command("send-login-code").description(
+  "\u5411\u624B\u673A\u53D1\u9001 SSO_LOGIN \u77ED\u4FE1\u9A8C\u8BC1\u7801\uFF08\u624B\u673A\u53F7\u767B\u5F55\u7684\u7B2C\u4E00\u6B65\uFF09\uFF1B\u7ACB\u5373\u8FD4\u56DE\uFF0C\u65E0\u4EFB\u4F55\u4EA4\u4E92\u3002\n  \u6536\u5230\u9A8C\u8BC1\u7801\u540E\u7528 `siluzan-tso login --phone xxx --code xxx` \u5B8C\u6210\u767B\u5F55\u3002"
+).requiredOption(
+  "--phone <phone>",
+  "\u4E2D\u56FD\u5927\u9646\u624B\u673A\u53F7\uFF0C\u53EF\u5E26\u6216\u4E0D\u5E26 +86\uFF08\u5982 13800138000 / +8613800138000\uFF09"
+).option("--verbose", "\u8F93\u51FA\u6BCF\u6B21 HTTP \u8BF7\u6C42 URL\uFF08\u8C03\u8BD5\u7528\uFF09").action(async (opts) => {
+  await runSendLoginCode({ phone: opts.phone, verbose: opts.verbose });
 });
+program.command("login").description(
+  "\u4FDD\u5B58\u8BA4\u8BC1\u51ED\u636E\u5230 ~/.siluzan/config.json\uFF1A\n  \xB7 --api-key <key>                 \u76F4\u63A5\u4FDD\u5B58 API Key\uFF08CI/CD \u63A8\u8350\uFF09\n  \xB7 --phone <\u624B\u673A\u53F7> --code <\u9A8C\u8BC1\u7801>  \u4E24\u6BB5\u5F0F\u767B\u5F55\u7B2C\u4E8C\u6B65\uFF08\u5148\u8C03 send-login-code\uFF09\n  \xB7 \u65E0\u53C2\u6570                           \u4EA4\u4E92\u5F0F\u5F15\u5BFC\u7528\u6237\u53BB\u7F51\u9875\u7C98\u8D34 API Key"
+).option("--api-key <key>", "\u76F4\u63A5\u4FDD\u5B58 API Key\uFF08\u5728\u4E1D\u8DEF\u8D5E\u300C\u8BBE\u7F6E \u2192 API Key \u7BA1\u7406\u300D\u521B\u5EFA\uFF09\uFF0C\u6700\u9AD8\u4F18\u5148\u7EA7").option("--phone <phone>", "\u4E2D\u56FD\u5927\u9646\u624B\u673A\u53F7\uFF0C\u9700\u914D\u5408 --code \u4E00\u8D77\u4F7F\u7528\uFF08\u5FC5\u987B\u5148\u8C03 send-login-code \u53D1\u7801\uFF09").option("--code <code>", "\u77ED\u4FE1\u9A8C\u8BC1\u7801\uFF086 \u4F4D\uFF09\uFF1B\u4E0E --phone \u4E00\u8D77\u5FC5\u586B").option("--name <name>", "\u81EA\u52A8\u521B\u5EFA\u7684 API Key \u540D\u79F0\uFF0C\u9ED8\u8BA4 `CLI - <hostname> - <yyyy-MM-dd>`").option("--valid-days <days>", "API Key \u6709\u6548\u671F\uFF08\u5929\uFF09\uFF0C\u9ED8\u8BA4 90", (v) => parseInt(v, 10)).option("--expires-at <iso8601>", "API Key \u7EDD\u5BF9\u8FC7\u671F\u65F6\u95F4\uFF08ISO 8601\uFF09\uFF0C\u4E0E --valid-days \u4E8C\u9009\u4E00").option(
+  "--services <list>",
+  "API Key \u53EF\u8BBF\u95EE\u7684\u670D\u52A1\u5217\u8868\uFF0C\u9017\u53F7\u5206\u9694\uFF1B\u53EF\u9009 CSO/TSO/CUT\uFF0C\u9ED8\u8BA4 `TSO,CUT`"
+).option("--manual", "\u4EA4\u4E92\u5F0F\u7C98\u8D34 JWT Token\uFF08\u65E0 API Key \u65F6\u4F7F\u7528\uFF0C\u5DF2\u5E9F\u5F03\uFF09").option("--verbose", "\u8F93\u51FA\u6BCF\u6B21 HTTP \u8BF7\u6C42 URL\uFF08\u8C03\u8BD5\u7528\uFF09").action(
+  async (opts) => {
+    await runLogin({
+      apiKey: opts.apiKey,
+      phone: opts.phone,
+      code: opts.code,
+      name: opts.name,
+      validDays: opts.validDays,
+      expiresAt: opts.expiresAt,
+      services: opts.services,
+      verbose: opts.verbose
+    });
+  }
+);
 var configCmd = program.command("config").description("\u67E5\u770B\u6216\u8BBE\u7F6E\u8BA4\u8BC1\u914D\u7F6E\uFF08\u4E0E siluzan-cso \u5171\u7528 ~/.siluzan/config.json\uFF09");
 configCmd.command("show").description("\u5C55\u793A\u5F53\u524D\u5DF2\u4FDD\u5B58\u7684\u914D\u7F6E\uFF08Token \u8131\u654F\u663E\u793A\uFF09").action(() => cmdConfigShow());
 configCmd.command("set").description("\u4FDD\u5B58\u914D\u7F6E\u5230 ~/.siluzan/config.json").option("--api-key <key>", "API Key\uFF08\u5728\u4E1D\u8DEF\u8D5E\u300C\u8BBE\u7F6E \u2192 API Key \u7BA1\u7406\u300D\u521B\u5EFA\uFF0C\u63A8\u8350\uFF09").option("-t, --token <token>", "JWT \u7528\u6237 Auth Token\uFF08\u4E0E --api-key \u4E8C\u9009\u4E00\uFF09").action((opts) => {
@@ -16363,10 +16889,13 @@ program.command("balance").description("\u67E5\u8BE2\u5E7F\u544A\u8D26\u6237\u5B
   }
 );
 program.command("balance-scan").description(
-  "\u4E00\u952E\u626B\u63CF\u67D0\u5A92\u4F53\u4E0B\u6240\u6709\u8D26\u6237\u7684\u4F59\u989D\uFF0C\u7B5B\u51FA\u7EED\u822A\u5929\u6570\u4E0D\u8DB3\u7684\u8D26\u6237\u3002\u66FF\u4EE3\u5FAA\u73AF\u8C03\u7528 balance \u7684\u4F20\u7EDF\u505A\u6CD5\uFF0C\u5178\u578B\u573A\u666F\uFF1A\u300C\u5E2E\u6211\u627E\u51FA 117 \u4E2A Bing \u8D26\u6237\u91CC\u4F59\u989D\u4E0D\u8DB3 7 \u5929\u7684\u300D\u3002"
+  "\u4E00\u952E\u626B\u63CF\u67D0\u5A92\u4F53\u4E0B\u6240\u6709\u8D26\u6237\u7684\u4F59\u989D\uFF0C\u7B5B\u51FA\u7EED\u822A\u5929\u6570\u4E0D\u8DB3\u7684\u8D26\u6237\u3002\u66FF\u4EE3\u5FAA\u73AF\u8C03\u7528 balance \u7684\u4F20\u7EDF\u505A\u6CD5\uFF0C\u5178\u578B\u573A\u666F\uFF1A\u300C\u5E2E\u6211\u627E\u51FA 117 \u4E2A Bing \u8D26\u6237\u91CC\u4F59\u989D\u4E0D\u8DB3 7 \u5929\u7684\u300D\u3002\u5982\u5DF2\u77E5\u8D26\u6237 ID \u5B50\u96C6\uFF08\u5C11\u91CF\u8D26\u6237\u753B\u50CF\uFF09\uFF0C\u52A0 -a <id1,id2> \u8DF3\u8FC7\u6E05\u5355\u7FFB\u9875\u76F4\u63A5\u67E5\u3002"
 ).requiredOption(
   "-m, --media <type>",
   "\u5A92\u4F53\u7C7B\u578B\uFF1AGoogle | TikTok | Yandex | BingV2 | Kwai\uFF08MetaAd \u63A5\u53E3\u672A\u5F00\u653E\u4F59\u989D\u67E5\u8BE2\uFF09"
+).option(
+  "-a, --accounts <ids>",
+  "\u6307\u5B9A\u8D26\u6237 mediaCustomerId\uFF08\u9017\u53F7\u5206\u9694\uFF09\u3002\u5B50\u96C6\u6A21\u5F0F\uFF1A\u8DF3\u8FC7\u6E05\u5355\u7FFB\u9875\u76F4\u63A5\u67E5\u8FD9\u4E9B ID\uFF0C\u5168\u90E8\u5C55\u793A\uFF08\u4E0D\u518D\u6309\u9608\u503C\u4E22\u5F03\uFF09\uFF0C\u9002\u5408\u300C\u770B\u51E0\u4E2A\u53F7\u4F59\u989D/\u7EED\u822A\u300D\u7684\u8F7B\u91CF\u573A\u666F\uFF1B\u7559\u7A7A\u5219\u5168\u91CF\u626B\u63CF+\u9608\u503C\u8FC7\u6EE4\u3002"
 ).option(
   "--threshold-days <n>",
   "\u5269\u4F59\u7EED\u822A\u5929\u6570\u9608\u503C\uFF08\u9ED8\u8BA4 7\uFF0C\u6309\u8FD1 7 \u65E5\u65E5\u5747\u6D88\u8017\u4F30\u7B97\uFF09",
@@ -16392,6 +16921,7 @@ program.command("balance-scan").description(
     await runBalanceScan({
       token: opts.token,
       media: opts.media,
+      accounts: opts.accounts,
       thresholdDays: opts.thresholdDays,
       minBalance: opts.minBalance,
       minDailySpend: opts.minDailySpend,
@@ -16410,7 +16940,10 @@ program.command("accounts-digest").description(
 ).requiredOption(
   "-m, --media <type>",
   "\u5A92\u4F53\u7C7B\u578B\uFF1AGoogle | TikTok | Yandex | BingV2 | Kwai\uFF08MetaAd \u65E0\u6D88\u8017\u6C47\u603B\u63A5\u53E3\uFF09"
-).option("-a, --accounts <ids>", "\u6307\u5B9A\u8D26\u6237 mediaCustomerId\uFF0C\u9017\u53F7\u5206\u9694\uFF1B\u7559\u7A7A\u5219\u626B\u63CF\u8BE5\u5A92\u4F53\u4E0B\u5168\u90E8\u8D26\u6237").option("--start <date>", "\u7EDF\u8BA1\u5F00\u59CB\u65E5\u671F YYYY-MM-DD\uFF08SKILL \u8981\u6C42 AI \u5148\u4E0E\u7528\u6237\u786E\u8BA4\uFF09").option("--end <date>", "\u7EDF\u8BA1\u7ED3\u675F\u65E5\u671F YYYY-MM-DD\uFF08SKILL \u8981\u6C42 AI \u5148\u4E0E\u7528\u6237\u786E\u8BA4\uFF09").option("--min-spend <n>", "\u8FC7\u6EE4\uFF1A\u533A\u95F4\u5185\u6D88\u8017 \u2264 \u6B64\u503C\u7684\u8D26\u6237\u4E0D\u8FD4\u56DE\uFF08\u9ED8\u8BA4 0\uFF09", (v) => parseFloat(v)).option("--page-size <n>", "\u8D26\u6237\u6E05\u5355\u5206\u9875\u5927\u5C0F\uFF08\u9ED8\u8BA4 200\uFF0C\u4E0A\u9650 500\uFF09", (v) => parseInt(v, 10)).option("--max-pages <n>", "\u6700\u591A\u626B\u63CF\u9875\u6570\uFF08\u9ED8\u8BA4 20\uFF0C\u4E0A\u9650 200\uFF09", (v) => parseInt(v, 10)).option("-t, --token <token>", "Token\uFF08\u53EF\u9009\uFF1B\u4F18\u5148\u4E8E ~/.siluzan/config.json\uFF09").option("--json", "\u8F93\u51FA\u7ED3\u6784\u5316 JSON\uFF0C\u542B data.items \u4E0E meta\uFF08\u533A\u95F4/\u6C47\u603B/\u5E01\u79CD\u5907\u6CE8\uFF09", false).option(
+).option(
+  "-a, --accounts <ids>",
+  "\u6307\u5B9A\u8D26\u6237 mediaCustomerId\uFF08\u9017\u53F7\u5206\u9694\uFF09\u3002\u5B50\u96C6\u6A21\u5F0F\uFF1A\u8DF3\u8FC7\u6E05\u5355\u7FFB\u9875\u76F4\u63A5\u67E5\u8FD9\u4E9B ID\uFF08\u516C\u53F8\u540D advertiserName \u4F1A\u7F3A\u5931\uFF09\uFF0C\u9002\u5408\u300C\u770B\u51E0\u4E2A\u53F7\u753B\u50CF\u300D\u7684\u8F7B\u91CF\u573A\u666F\uFF1B\u7559\u7A7A\u5219\u5168\u91CF\u7FFB\u6E05\u5355\u3002"
+).option("--start <date>", "\u7EDF\u8BA1\u5F00\u59CB\u65E5\u671F YYYY-MM-DD\uFF08SKILL \u8981\u6C42 AI \u5148\u4E0E\u7528\u6237\u786E\u8BA4\uFF09").option("--end <date>", "\u7EDF\u8BA1\u7ED3\u675F\u65E5\u671F YYYY-MM-DD\uFF08SKILL \u8981\u6C42 AI \u5148\u4E0E\u7528\u6237\u786E\u8BA4\uFF09").option("--min-spend <n>", "\u8FC7\u6EE4\uFF1A\u533A\u95F4\u5185\u6D88\u8017 \u2264 \u6B64\u503C\u7684\u8D26\u6237\u4E0D\u8FD4\u56DE\uFF08\u9ED8\u8BA4 0\uFF09", (v) => parseFloat(v)).option("--page-size <n>", "\u8D26\u6237\u6E05\u5355\u5206\u9875\u5927\u5C0F\uFF08\u9ED8\u8BA4 200\uFF0C\u4E0A\u9650 500\uFF09", (v) => parseInt(v, 10)).option("--max-pages <n>", "\u6700\u591A\u626B\u63CF\u9875\u6570\uFF08\u9ED8\u8BA4 20\uFF0C\u4E0A\u9650 200\uFF09", (v) => parseInt(v, 10)).option("-t, --token <token>", "Token\uFF08\u53EF\u9009\uFF1B\u4F18\u5148\u4E8E ~/.siluzan/config.json\uFF09").option("--json", "\u8F93\u51FA\u7ED3\u6784\u5316 JSON\uFF0C\u542B data.items \u4E0E meta\uFF08\u533A\u95F4/\u6C47\u603B/\u5E01\u79CD\u5907\u6CE8\uFF09", false).option(
   "--json-out <path>",
   "\u843D\u76D8\uFF08\u76EE\u5F55\u6216 *.json \u6587\u4EF6\u8DEF\u5F84\uFF09\u5E76\u66F4\u65B0 cli-manifest[-<\u67E5\u8BE2id>].json\uFF08\u4E0E --json \u4E92\u65A5\uFF09\uFF1B\u76EE\u5F55\u6A21\u5F0F\u6587\u4EF6\u540D\u4E3A `<section>[-<\u67E5\u8BE2id>].json`\uFF1Bstdout \u4E00\u884C\u6458\u8981 JSON\uFF0C\u542B outlineFile\uFF08TS \u5F0F\u7C7B\u578B\u5728 `*.outline.txt`\uFF09",
   void 0

package/dist/skill/SKILL.md

@@ -94,7 +94,7 @@ Windows 注意：部分 Agent 客户端通过 PowerShell / cmd 代执行命令
 ### 硬规范
 
 - **账户状态 ≠ 广告系列状态**：`stats`/`balance`/`list-accounts` 的 `status` 只表示账户是否可用，系列状态**必须**来自 `ad campaigns`。
-- **数据时效性（实时 vs 每日同步）**：涉及「今天/当天/今日消耗」「实时消耗排行」前，**必须**先看 `references/account-analytics.md` 顶部「数据时效性」表选对接口（`accountsoverview` 系列接口同步昨天数据，不能查今天）。
+- **数据时效性（实时 vs 每日同步）**：涉及「今天/当天/今日消耗」「实时消耗排行」前，**必须**先看 `references/account-analytics.md` 顶部「数据时效性」表选对接口，TikTok / Yandex / BingV2 / Kwai 仍是 `accountsoverview` 同步昨天数据，**不能查今天**。
 - **不确定时读文档**：先读对应 references 或用 `-h` 查看帮助，不要猜参数。
 - **先查账户再操作**：`list-accounts -m [mediaType] -k [mediaCustomerId]`。
 - **使用 `--json-out` 处理数据**：处理顺序：先读 `outlineFile`（schema 描述，扩展名 **`.outline.txt`** 不是 `.json`，**禁止 `require()`**，用 `fs.readFileSync(outlineFile,'utf8')` 取最后一行 TS 式类型字面量即可了解全部字段路径）→ 再让脚本读 `writtenFiles[0]`（真实数据 JSON）做聚合。**outline 通常几百字节、JSON 常见几 MB，先读 outline 能节省 2~3 个数量级的上下文**——尤其多账户多维度场景，直接 `Read` 全量 JSON 几次就把对话窗口塞满了。**禁止**把 outline 当数据、跳过 outline 猜字段、把 outline 内容贴给用户当结论。
@@ -135,8 +135,8 @@ Windows 注意：部分 Agent 客户端通过 PowerShell / cmd 代执行命令
 
 | 任务 | 推荐命令 | 禁止做法 |
 |------|---------|---------|
-| 多账户余额 / 预算不足预警 | `balance-scan -m <媒体> --threshold-days 7` | 逐账户循环 `balance --accounts ...` |
-| 多账户投放画像 | `accounts-digest -m <媒体> [-a id1,id2] --start --end --json-out <dir>` | 逐账户 `stats` |
+| 多账户余额 / 预算不足预警 | `balance-scan -m <媒体> --threshold-days 7`（已知 ID 子集加 `-a id1,id2,...` 跳过翻页） | 逐账户循环 `balance --accounts ...` |
+| 多账户投放画像 | `accounts-digest -m <媒体> [-a id1,id2,...] --start --end --json-out <dir>`（传 `-a` 时跳过清单翻页直接查；公司名 advertiserName 会缺失） | 逐账户 `stats` |
 | 多账户 × 多维度 Google 数据 | **全量账号**：`google-analysis-batch run`（省略 `-a`）**2~10 子集**：`google-analysis -a id1,id2,...`（自动转发 batch）；**≥10 子集或需 resume**：`google-analysis-batch run -a id1,id2,...` | 外层 for-loop；先跑 `list-accounts -m Google` 再把 ID 拼进 `-a` |
 | 多系列诊断 | `ad campaigns --json-out <dir>` + node 读文件过滤 | 逐系列 `ad campaign-get` |
 
@@ -167,13 +167,19 @@ Windows 注意：部分 Agent 客户端通过 PowerShell / cmd 代执行命令
 
 ### P2 · 多账户余额扫描
 
-**一条命令**：
+**全量巡检**：
 ```bash
 siluzan-tso balance-scan -m BingV2 --threshold-days 7 --json-out ./snap-p2
 # 可选：--min-balance 100 筛绝对余额；--target-days 60 算建议充值额
 ```
 按 `remainingDays` 升序输出；消耗过低的僵尸账户不纳入预警。
 
+**已知 ID 子集**（轻量画像，仅看几个号余额/续航）：
+```bash
+siluzan-tso balance-scan -m Google -a id1,id2,id3 --json-out ./snap-p2-subset
+```
+跳过清单翻页，全部展示（不按阈值丢弃）；`hitReason="none"` 表示该账户未触阈值。
+
 ### P3 · 多账户投放画像汇总
 
 ```bash

package/dist/skill/_meta.json

@@ -1,5 +1,5 @@
 {
   "slug": "siluzan-tso",
-  "version": "1.1.17",
-  "publishedAt": 1778231383288
+  "version": "1.1.18-beta.2",
+  "publishedAt": 1778317442558
 }

package/dist/skill/references/account-analytics.md

@@ -13,15 +13,17 @@
 | `google-analysis --sections overview`（Google 网关 `OverviewSectionData`） | **实时** | ✅ 可查当天 | 当天/今日消耗、当天高消耗账号排行 |
 | `google-analysis --sections campaign-types`（`types-summary`） | **实时** | ✅ 可查当天 | 当天系列类型分布 |
 | `google-analysis` 其他维度（`campaigns` / `keywords` / `devices` / ...） | 实时（受 Google Ads API 同步延迟影响） | 可查当天，但当天可能尚未结算 | 周期分析、报告 |
-| `stats`、`balance-scan` 的近 7 日消耗、`accounts-digest`、`list-accounts` 合并消耗（TSO `accountsoverview`） | **每日同步昨天** | ❌ 查今天会全为 0 | 历史回溯、巡检、余额续航估算（口径为"截至昨天"） |
+| `stats -m Google` / `balance-scan -m Google` / `accounts-digest -m Google` / `list-accounts -m Google` 合并消耗（TSO `account-spend-overview`，2026-05 起） | **后端自动分流**：窗口完全在历史 → `database` 模式（含余额/状态/币种/账户名 + 当期消耗）；窗口含今天 → `googleCombined` 模式（仅实时消耗，无余额/状态/币种/账户名） | ✅ 可查当天（含今天时切实时聚合） | 历史回溯、巡检、余额续航估算；含今天时也能给出实时消耗 |
+| `stats` / `balance-scan` / `accounts-digest` / `list-accounts` 的 **TikTok / Yandex / BingV2 / Kwai** 合并消耗（TSO `accountsoverview`） | **每日同步昨天** | ❌ 查今天会全为 0 | 历史回溯、巡检、余额续航估算（口径为"截至昨天"） |
 | `balance`（`GetMediaAccountInfo`） | 实时 | — | 仅当前余额，不反映消耗 |
 
 **选用规则**：
 
-- 「今天/当天/今日消耗」「实时消耗排行」 → 用 `google-analysis(-batch) --sections overview`，`--start` / `--end` 都设为今天
-- 「最近 N 天消耗 / 周报 / 月报 / 余额续航」 → `stats` / `balance-scan` / `accounts-digest`，默认窗口截至昨天即可
-- **禁止**用 `accountsoverview` 系列接口（`stats` / `balance-scan` / `accounts-digest` / `list-accounts` 合并消耗）判断当天消耗
-- **禁止**给当天高消耗场景加 `--min-spend`：该预筛选同样来自 `accountsoverview`，会把今天有消耗的账号当成 0 给筛掉
+- 「今天/当天/今日消耗」「实时消耗排行」 → 优先 `google-analysis(-batch) --sections overview`，`--start` / `--end` 都设为今天；
+  - Google 单账户/批量取数也可直接 `stats -m Google` 把 `--end-date` 设为今天，后端会切到 `googleCombined` 模式给实时消耗（但**不会**返回余额/币种/账户名）。
+- 「最近 N 天消耗 / 周报 / 月报 / 余额续航」 → `stats` / `balance-scan` / `accounts-digest`，默认窗口截至昨天即可（Google 此时走 `database`，包含完整字段）。
+- **禁止**用 TikTok / Yandex / BingV2 / Kwai 的 `accountsoverview` 接口判断当天消耗（仍是每日同步）。
+- **禁止**给非 Google 媒体的当天高消耗场景加 `--min-spend`：其预筛选来自非实时 `accountsoverview`，会把今天有消耗的账号当成 0 给筛掉。Google 媒体当 `--end-date` 设为今天时，预筛选走的是 `googleCombined` 实时数据，可以使用 `--min-spend`。
 
 ---
 

package/dist/skill/references/accounts.md

@@ -125,11 +125,18 @@ siluzan-tso balance -m Google -a 6326027735 --json
 
 **单户余额与续航**：`balance` 只反映当前余额；判断「还能跑几天 / 是否够花」需结合 `stats`（或业务侧日均消耗）等数据。向用户展示 JSON 时，`mediaCustomerId` 须与本次 `-a` 查询的 ID 及命令输出一致。
 
+**少量账户的画像/续航估算**：直接用 `balance-scan -m <媒体> -a id1,id2`（子集模式）一条命令拿齐余额 + 近 7 日消耗 + 续航天数 + 充值建议，比 `balance` + `stats` 拼接更省事；或者用 `accounts-digest -m <媒体> -a id1,id2` 拿齐消耗 + CTR/CPC/CPA 派生指标 + 余额。两者都会跳过清单翻页，直接对指定 ID 拉数据。
+
 ---
 
-## stats — 查询投放消耗数据（每日同步昨天数据）
+## stats — 查询投放消耗数据
 
-> **数据时效性**：本接口口径为 `accountsoverview`，每日凌晨同步昨天数据，**不能查今天**。判断「今天/当天/今日消耗」请走 `google-analysis(-batch) --sections overview`。完整时效性表见 `references/account-analytics.md` 顶部。
+> **数据时效性**：
+> - **Google**：走 `account-spend-overview`（2026-05 起），后端按日期窗口分流——
+>   - 窗口完全在历史 → `database` 模式：含余额、状态、币种、账户名、当期展点消等完整字段；
+>   - 窗口包含今天 → `googleCombined` 模式：只返回实时聚合的展点消（**没有**余额/状态/币种/账户名）。
+> - **TikTok / Yandex / BingV2 / Kwai**：走旧版 `accountsoverview`，每日凌晨同步昨天数据，**不能查今天**。判断这几家的「今天/当天/今日消耗」仍需走 `google-analysis(-batch) --sections overview`（仅 Google）。
+> - 完整时效性表见 `references/account-analytics.md` 顶部。
 
 ```bash
 siluzan-tso stats -m <媒体类型> [选项]

package/dist/skill/references/finance.md

@@ -7,7 +7,7 @@
 
 ## invoice-info — 发票抬头管理
 
-对应页面：`https://www.siluzan.com/v3/foreign_trade/settings/invoiceInformation`
+对应页面：`https://www-ci.siluzan.com/v3/foreign_trade/settings/invoiceInformation`
 
 发票抬头是开票申请时使用的公司/企业信息模板，支持三种类型：
 
@@ -133,10 +133,10 @@ siluzan-tso config show
 **示例：**
 
 ```
-- 现金充值（单笔）：https://www.siluzan.com/recharge/pay
-- 现金充值（批量）：https://www.siluzan.com/recharge/pay_batch
-- 月结充值：        https://www.siluzan.com/recharge/accountBillingQuota
-- 丝路赞钱包：      https://www.siluzan.com/recharge/siluzanWallet
+- 现金充值（单笔）：https://www-ci.siluzan.com/recharge/pay
+- 现金充值（批量）：https://www-ci.siluzan.com/recharge/pay_batch
+- 月结充值：        https://www-ci.siluzan.com/recharge/accountBillingQuota
+- 丝路赞钱包：      https://www-ci.siluzan.com/recharge/siluzanWallet
 ```
 
 ---

package/dist/skill/references/reporting.md

@@ -214,8 +214,8 @@ siluzan-tso report list -m Google --json
 
 # 第二步：查看 webUrl
 siluzan-tso config show
-# webUrl: https://www.siluzan.com
+# webUrl: https://www-ci.siluzan.com
 
 # 第三步：拼接链接（Google 日报）
-# https://www.siluzan.com/media-report/publish/rpt_abc123?culture=zh-CN
+# https://www-ci.siluzan.com/media-report/publish/rpt_abc123?culture=zh-CN
 ```

package/dist/skill/references/setup.md

@@ -10,7 +10,7 @@
 ## 安装 CLI
 
 ```bash
-npm install -g siluzan-tso-cli
+npm install -g siluzan-tso-cli@beta
 ```
 
 ---
@@ -41,13 +41,55 @@ siluzan-tso init -d /path/to-your/skills       # 写入自定义目录
 `siluzan-tso` 与 `siluzan-cso` **共用同一份凭据**，存储在 `~/.siluzan/config.json`，配置一次两个 CLI 均可使用。
 
 ```bash
-siluzan-tso login                          # 交互式登录，按提示创建 API Key 后粘贴
-siluzan-tso login --api-key <YOUR_API_KEY> # 直接设置 API Key（跳过交互）
-siluzan-tso config set --api-key <Key>     # 或通过 config set 直接写入
-siluzan-tso config set --token <Token>     # 备用：设置 JWT Token
+siluzan-tso login                                    # 交互式登录，按提示创建 API Key 后粘贴
+siluzan-tso login --api-key <YOUR_API_KEY>           # 直接设置 API Key（跳过交互）
+siluzan-tso send-login-code --phone 138xxxx          # 两段式登录第 1 步：发送短信验证码
+siluzan-tso login --phone 138xxxx --code 123456      # 两段式登录第 2 步：用验证码完成登录
+siluzan-tso config set --api-key <Key>               # 或通过 config set 直接写入
+siluzan-tso config set --token <Token>               # 备用：设置 JWT Token
 ```
 
-API Key 获取入口：`https://www.siluzan.com/v3/foreign_trade/settings/apiKeyManagement`
+API Key 获取入口：`https://www-ci.siluzan.com/v3/foreign_trade/settings/apiKeyManagement`
+
+### 通过手机号 + 验证码登录（对话式 AI 推荐）
+
+**两段式调用**，专为 AI Agent 设计——任何一步都不会进入交互等待，绝不会卡住 stdout。
+拆分后单一职责：第 1 步只发码；第 2 步只用 code 换 API Key。这样 Agent 不会因为"看到 stdout 卡住就重试"而触发短信轰炸。
+
+| 步骤 | 命令 | 说明 |
+| ---- | ---- | ---- |
+| 1 | `siluzan-tso send-login-code --phone <手机号>` | 仅向手机发送 6 位验证码，立即返回；**绝不创建 API Key** |
+| 2 | `siluzan-tso login --phone <手机号> --code <验证码>` | 用 code 完成登录并自动签发 API Key 写入 `~/.siluzan/config.json` |
+
+```bash
+# 第 1 步：让用户报出手机号后，立刻发码（命令立即返回，不会等待输入）
+siluzan-tso send-login-code --phone 13800138000
+
+# 第 2 步：让用户读出收到的 6 位验证码，再调登录命令
+siluzan-tso login --phone 13800138000 --code 123456
+
+# 自定义 API Key 名称 / 有效期 / 服务范围
+siluzan-tso login --phone 13800138000 --code 123456 \
+  --name "Cursor - my-mac - 2026" \
+  --valid-days 30 \
+  --services TSO,CUT
+```
+
+| 参数 | 命令 | 说明 | 默认值 |
+| ---- | ---- | ---- | ---- |
+| `--phone` | 两个命令都需要 | 中国大陆手机号，可带或不带 +86（如 `13800138000` / `+8613800138000`）；底层会自动补 `+86` 前缀；**手机号必须已在丝路赞网页端注册** | 必填 |
+| `--code` | 仅 `login` | 6 位短信验证码（来自第 1 步发码后的短信）；**login 命令必填**，未传会直接报错指引重新走两段式 | 必填（login 命令） |
+| `--name` | 仅 `login` | 自动创建的 API Key 显示名称 | `CLI - <hostname> - <yyyy-MM-dd>` |
+| `--valid-days` | 仅 `login` | API Key 有效期（天），与 `--expires-at` 二选一 | `90` |
+| `--expires-at` | 仅 `login` | API Key 绝对过期时间（ISO 8601） | 不传则用 `--valid-days` |
+| `--services` | 仅 `login` | 可访问的服务列表，逗号分隔；可选 `CSO`/`TSO`/`CUT` | `TSO,CUT`（广告投放 + 素材中心） |
+| `--verbose` | 两个命令都支持 | 输出每次 HTTP 请求的 URL，便于排错 | 关闭 |
+
+> **未注册手机号**：`login` 第 2 步会返回 `❌ 登录失败：手机未注册` 并附带网页注册地址，引导用户先去网页注册再回来重试两段式。
+>
+> **验证码错误/过期**：返回明确提示，让用户重新跑 `send-login-code` 拿新验证码。
+>
+> **AI 助手用法**：先调 `send-login-code` 发码、立即返回继续对话；等用户报出收到的验证码后，再调 `login --phone xxx --code xxx` 完成登录。**永远不要在没拿到 `--code` 的情况下调用 `login --phone xxx`，那会直接报错。**
 
 ### 通过环境变量传入凭据（CI/CD 推荐）
 
@@ -82,9 +124,9 @@ siluzan-tso config show
 
 ```
   构建环境     : production
-  apiBaseUrl   : https://tso-api.siluzan.com
-  googleApiUrl : https://googleapi.mysiluzan.com
-  webUrl       : https://www.siluzan.com
+  apiBaseUrl   : https://tso-api-ci.siluzan.com
+  googleApiUrl : https://googleapi-ci.mysiluzan.com
+  webUrl       : https://www-ci.siluzan.com
   apiKey       : abcd****1234
 ```
 

package/dist/skill/references/tso-home.md

@@ -6,7 +6,7 @@
 
 用 `siluzan-tso config show` 读取 **`webUrl`**，再拼接路径：
 
-首页地址：`https://www.siluzan.com/v3/foreign_trade/tso/home`
+首页地址：`https://www-ci.siluzan.com/v3/foreign_trade/tso/home`
 
 > 若用户已登录 TSO，也可从左侧菜单进入「首页」。
 
@@ -34,7 +34,7 @@
 
 **CLI 对应关系（近似，非同一接口）：**
 
-- 单账户余额、消耗趋势：**`balance`**、**`stats`**（`accountsoverview`），需已知 `mediaCustomerId`。
+- 单账户余额、消耗趋势：**`balance`**、**`stats`**（Google 走新版 `account-spend-overview`，含今天会切实时模式；其余媒体仍是 `accountsoverview`），需已知 `mediaCustomerId`。
 - 开户进度：**`account-history`**、**`open-account`** 系列。
 - **充值**：无 CLI，见 `references/finance.md`，用 `webUrl` 引导至充值页。
 
@@ -52,7 +52,7 @@
 
 **CLI 对应关系：**
 
-- 单账户一段时间消耗/展示/点击：**`stats -m <媒体> -a <mediaCustomerId>`**（`accountsoverview`），日期可用默认或后续若支持传参则对齐页面。
+- 单账户一段时间消耗/展示/点击：**`stats -m <媒体> -a <mediaCustomerId>`**（Google 用 `account-spend-overview` 自动按窗口分流历史/实时；其余媒体仍是 `accountsoverview`），日期可用默认或后续若支持传参则对齐页面。
 - **图表级、多账户联动** 与 **`GetAccountDataOverview`**：**CLI 未封装**，需网页或后续扩展命令。
 
 ### 4. 服务推荐（`MoreFunctionSection`，部分首页布局显示）

package/dist/skill/scripts/install.ps1

@@ -10,8 +10,8 @@ $ErrorActionPreference = 'Stop'
 $PKG_NAME    = 'siluzan-tso-cli'
 $CLI_BIN     = 'siluzan-tso'
 $SKILL_LABEL = 'Siluzan TSO'
-$INSTALL_CMD = 'npm install -g siluzan-tso-cli'
-$WEB_BASE    = 'https://www.siluzan.com'
+$INSTALL_CMD = 'npm install -g siluzan-tso-cli@beta'
+$WEB_BASE    = 'https://www-ci.siluzan.com'
 
 # -- Constants ----------------------------------------------------------------
 $NODE_MAJOR_MIN    = 18

package/dist/skill/scripts/install.sh

@@ -10,8 +10,8 @@ set -euo pipefail
 readonly PKG_NAME="siluzan-tso-cli"
 readonly CLI_BIN="siluzan-tso"
 readonly SKILL_LABEL="Siluzan TSO"
-readonly INSTALL_CMD="npm install -g siluzan-tso-cli"
-readonly WEB_BASE="https://www.siluzan.com"
+readonly INSTALL_CMD="npm install -g siluzan-tso-cli@beta"
+readonly WEB_BASE="https://www-ci.siluzan.com"
 
 # -- Constants ----------------------------------------------------------------
 readonly NODE_MAJOR_MIN=18

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "siluzan-tso-cli",
-  "version": "1.1.17",
+  "version": "1.1.18-beta.2",
   "description": "Siluzan 广告账户管理 CLI — 查询账户、余额、消耗数据，管理绑定关系与充值。",
   "keywords": [
     "ad-account",