Chanjing Credentials Guard

功能说明

仅通过本地命令引导用户配置/校验蝉镜 AK/SK 与 Token，打开登录页；不在对话中索取密钥。可配合其它 Chanjing 技能使用。

运行依赖

python3 与 scripts/chanjing_config.py、scripts/open_login_page.py、scripts/chanjing_get_token.py 等

环境变量与机器可读声明

环境变量键名与说明：manifest.yaml（environment 段）及本文
变量、写盘路径与权限：manifest.yaml

使用命令

ClawHub（slug 以注册表为准）：clawhub run chanjing-credentials-guard
本仓库：python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

When to Run

When user asks to configure/get Chanjing keys (AK/SK): use this skill to guide local setup.
When credentials are missing/invalid before a Chanjing API call: use this skill to recover local config.

This skill is a local credential guide, not a cross-skill runtime dependency.

Execution Flow

1. Check if local AK/SK exists
   └─ No  → Run open_login_page.py (open login in browser) → Ask user to run local config command
   └─ Yes → Continue

2. Check if local Token exists and is not expired
   └─ No  → Call API to request/refresh Token → Save
   └─ Yes → Continue

3. Prompt user to continue target action

Credential Storage (AK/SK read from config file)

AK/SK and Token are read from the same config file. Path and format follow the script scripts/chanjing_config.py in this skill.

Path: ~/.chanjing/credentials.json（目录由 CHANJING_OPENAPI_CREDENTIALS_DIR 覆盖，兼容 CHANJING_CONFIG_DIR）
Format:

{
  "app_id": "Your Access Key",
  "secret_key": "Your Secret Key",
  "access_token": "Optional, auto-generated",
  "expire_in": 1721289220
}

expire_in is a Unix timestamp. Token is valid for about 24 hours; refresh 5 minutes before expiry.

When AK/SK Is Missing

When local app_id or secret_key is missing:

Open login page: Run the open_login_page.py script to open the Chanjing sign-in page in the default browser (https://www.chanjing.cc/openapi/login).
Require local setup command after the user obtains keys:
- Show command only; user runs it locally in terminal.
Do not request secrets in chat:
- Never ask user to paste AK/SK in conversation.
- Never echo or store AK/SK in chat summaries.
After setting:
- Ask user to run status check and then proceed to target action.

Commands to set AK/SK (use either):

python scripts/chanjing_config.py --ak <your_app_id> --sk <your_secret_key>
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak <your_app_id> --sk <your_secret_key>

To open the login page manually: python skills/chanjing-credentials-guard/scripts/open_login_page.py

Guide When User Wants to Generate Keys

When the user clearly wants to generate chanjing keys, get keys, or configure AK/SK, follow this flow:

Step 1: Check if already configured

Check if local AK/SK already exists (read ~/.chanjing/credentials.json for non-empty app_id and secret_key, or run python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status).

Step 2: Branch on result

If already configured: ask whether user wants to overwrite local config.
- If yes, run guide steps.
- If no, stop.
If not configured: Run the “Guide steps” below directly.

Guide steps (when not configured or user confirmed re-apply)

Run open_login_page.py to open the Chanjing login page in the default browser.
Explain the page flow clearly:
- New users are registered automatically and the current page will display App ID and Secret Key with copy buttons.
- Existing users may be redirected to the console; tell them to open the left-side API 密钥 page to view or reset keys.

Ask user to run local command to configure AK/SK:

python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak <your_app_id> --sk <your_secret_key>

Secret handling rule:
- Do not ask user to paste AK/SK in chat.
- If user shares secret in chat anyway, remind them to rotate keys and continue with local-command-only flow.
After setting:
- Run status check: python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status
- Then proceed to target Chanjing action.

Token API (see chanjing-openapi.yaml)

POST https://open-api.chanjing.cc/open/v1/access_token
Content-Type: application/json

Request body:

{
  "app_id": "{{app_id}}",
  "secret_key": "{{secret_key}}"
}

Response (success code: 0):

{
  "code": 0,
  "msg": "success",
  "data": {
    "access_token": "xxx",
    "expire_in": 1721289220
  }
}

expire_in: Unix timestamp for token expiry
If code !== 0, AK/SK is invalid or the request failed

Validation Logic

AK/SK: Read from config (path/format above, per chanjing_config.py); ensure app_id and secret_key are non-empty.
Token: Ensure access_token exists and expire_in > current_time + 300 (refresh 5 minutes early).
Token refresh: Call the API above and write returned access_token and expire_in back to the file.

Shortcut: Run python skills/chanjing-credentials-guard/scripts/chanjing_get_token.py; on success it prints access_token, on failure it prints guidance.

Security Boundary

This skill only handles local credential guidance.
It does not require install hooks or elevated/system-wide privileges.
It should not automatically execute unrelated skills.
It should not accept AK/SK via chat content.

Shell Config

Script	Description
`open_login_page.py`	Opens the Chanjing login page and explains how new/existing users obtain AK/SK
`chanjing_config.py`	Set or view AK/SK and Token status
`chanjing_get_token.py`	Print a valid `access_token` to stdout (or guidance on failure)

# Open login page (also runs automatically when AK/SK is missing)
python skills/chanjing-credentials-guard/scripts/open_login_page.py

# Set AK/SK manually
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak <app_id> --sk <secret_key>

# View status
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

With Other Skills

Other Chanjing skills may use the same local config path/format, but should keep their own runtime auth logic.
Guard can be used as an optional setup helper when users explicitly ask for credential guidance.

Reference

reference.md: API and storage format details
chanjing-openapi.yaml: /access_token, dto.OpenAccessTokenReq, dto.OpenAccessTokenResp