Chanjing Credentials Guard

功能说明

仅通过本地命令引导用户配置/校验蝉镜 AK/SK 与 Token，打开登录页；不在对话中索取密钥。可配合其它 Chanjing 技能使用。

运行依赖

• python3 与

  scripts/chanjing_config.py

  、

  scripts/open_login_page.py

  、

  scripts/chanjing_get_token.py

  等

环境变量与机器可读声明

• 环境变量键名与说明：

  manifest.yaml

  （

  environment

  段）及本文
• 变量、写盘路径与权限：

  manifest.yaml

使用命令

• ClawHub（slug 以注册表为准）：

  clawhub run chanjing-credentials-guard

• 本仓库：

  python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

When to Run

1. When user asks to configure/get Chanjing keys (AK/SK): use this skill to guide local setup.
2. When credentials are missing/invalid before a Chanjing API call: use this skill to recover local config.

This skill is a local credential guide, not a cross-skill runtime dependency.

Execution Flow

1. Check if local AK/SK exists
   └─ No  → Run open_login_page.py (open login in browser) → Ask user to run local config command
   └─ Yes → Continue

2. Check if local Token exists and is not expired
   └─ No  → Call API to request/refresh Token → Save
   └─ Yes → Continue

3. Prompt user to continue target action

Credential Storage (AK/SK read from config file)

AK/SK and Token are read from the same config file. Path and format follow the script

scripts/chanjing_config.py

• Path:

  ~/.chanjing/credentials.json

  （目录由

  CHANJING_OPENAPI_CREDENTIALS_DIR

  覆盖，兼容

  CHANJING_CONFIG_DIR

  ）
• Format:

{
  "app_id": "Your Access Key",
  "secret_key": "Your Secret Key",
  "access_token": "Optional, auto-generated",
  "expire_in": 1721289220
}

expire_in

When AK/SK Is Missing

When local

app_id

secret_key

1. Open login page: Run the

   open_login_page.py

   script to open the Chanjing sign-in page in the default browser (

   https://www.chanjing.cc/openapi/login

   ).
2. Require local setup command after the user obtains keys:
   • Show command only; user runs it locally in terminal.
3. Do not request secrets in chat:
   • Never ask user to paste AK/SK in conversation.
   • Never echo or store AK/SK in chat summaries.
4. After setting:
   • Ask user to run status check and then proceed to target action.

Commands to set AK/SK (use either):

python scripts/chanjing_config.py --ak <your_app_id> --sk <your_secret_key>
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak <your_app_id> --sk <your_secret_key>

To open the login page manually:

python skills/chanjing-credentials-guard/scripts/open_login_page.py

Guide When User Wants to Generate Keys

When the user clearly wants to generate chanjing keys, get keys, or configure AK/SK, follow this flow:

Step 1: Check if already configured

Check if local AK/SK already exists (read

~/.chanjing/credentials.json

app_id

secret_key

python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

Step 2: Branch on result

• If already configured: ask whether user wants to overwrite local config.

  • If yes, run guide steps.
  • If no, stop.

• If not configured: Run the “Guide steps” below directly.

Guide steps (when not configured or user confirmed re-apply)

1. Run

   open_login_page.py

   to open the Chanjing login page in the default browser.
2. Explain the page flow clearly:
   • New users are registered automatically and the current page will display

     App ID

     and

     Secret Key

     with copy buttons.
   • Existing users may be redirected to the console; tell them to open the left-side API 密钥 page to view or reset keys.
3. Ask user to run local command to configure AK/SK:

   python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak <your_app_id> --sk <your_secret_key>
   

4. Secret handling rule:
   • Do not ask user to paste AK/SK in chat.
   • If user shares secret in chat anyway, remind them to rotate keys and continue with local-command-only flow.
5. After setting:
   • Run status check:

     python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

   • Then proceed to target Chanjing action.

Token API (see chanjing-openapi.yaml)

POST https://open-api.chanjing.cc/open/v1/access_token
Content-Type: application/json

Request body:

{
  "app_id": "{{app_id}}",
  "secret_key": "{{secret_key}}"
}

Response (success

code: 0

{
  "code": 0,
  "msg": "success",
  "data": {
    "access_token": "xxx",
    "expire_in": 1721289220
  }
}

• expire_in

  : Unix timestamp for token expiry
• If

  code !== 0

  , AK/SK is invalid or the request failed

Validation Logic

1. AK/SK: Read from config (path/format above, per

   chanjing_config.py

   ); ensure

   app_id

   and

   secret_key

   are non-empty.
2. Token: Ensure

   access_token

   exists and

   expire_in > current_time + 300

   (refresh 5 minutes early).
3. Token refresh: Call the API above and write returned

   access_token

   and

   expire_in

   back to the file.

Shortcut: Run

python skills/chanjing-credentials-guard/scripts/chanjing_get_token.py

Security Boundary

• This skill only handles local credential guidance.
• It does not require install hooks or elevated/system-wide privileges.
• It should not automatically execute unrelated skills.
• It should not accept AK/SK via chat content.

Shell Config

open_login_page.py

chanjing_config.py

chanjing_get_token.py

access_token

# Open login page (also runs automatically when AK/SK is missing)
python skills/chanjing-credentials-guard/scripts/open_login_page.py

# Set AK/SK manually
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --ak <app_id> --sk <secret_key>

# View status
python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status

With Other Skills

• Other Chanjing skills may use the same local config path/format, but should keep their own runtime auth logic.
• Guard can be used as an optional setup helper when users explicitly ask for credential guidance.

Reference

• reference.md: API and storage format details
• chanjing-openapi.yaml:

  /access_token

  ,

  dto.OpenAccessTokenReq

  ,

  dto.OpenAccessTokenResp