Compare commits

..

7 Commits

Author SHA1 Message Date
xiaojunnuo c6a988bc92 perf: dcdn自动匹配部署,支持新增域名感知 2026-03-29 01:57:33 +08:00
xiaojunnuo fe02ce7b64 fix: 修复某些情况下报没有匹配到任何校验方式的bug 2026-03-29 00:13:44 +08:00
xiaojunnuo df012dec90 perf: 阿里云dcdn支持根据证书域名匹配模式 2026-03-28 11:17:50 +08:00
xiaojunnuo 5969425a6f docs: 1 2026-03-26 22:30:37 +08:00
xiaojunnuo b17b1e6463 build: release 2026-03-26 01:28:56 +08:00
xiaojunnuo c99e61c402 build: publish 2026-03-26 01:08:03 +08:00
xiaojunnuo f4aaec8b3c build: trigger build image 2026-03-26 01:07:51 +08:00
40 changed files with 1085 additions and 100 deletions
+115
View File
@@ -0,0 +1,115 @@
---
name: using-superpowers
description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
---
<SUBAGENT-STOP>
If you were dispatched as a subagent to execute a specific task, skip this skill.
</SUBAGENT-STOP>
<EXTREMELY-IMPORTANT>
If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
This is not negotiable. This is not optional. You cannot rationalize your way out of this.
</EXTREMELY-IMPORTANT>
## Instruction Priority
Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
2. **Superpowers skills** — override default system behavior where they conflict
3. **Default system prompt** — lowest priority
If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
## How to Access Skills
**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
**In other environments:** Check your platform's documentation for how skills are loaded.
## Platform Adaptation
Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
# Using Skills
## The Rule
**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
```dot
digraph skill_flow {
"User message received" [shape=doublecircle];
"About to EnterPlanMode?" [shape=doublecircle];
"Already brainstormed?" [shape=diamond];
"Invoke brainstorming skill" [shape=box];
"Might any skill apply?" [shape=diamond];
"Invoke Skill tool" [shape=box];
"Announce: 'Using [skill] to [purpose]'" [shape=box];
"Has checklist?" [shape=diamond];
"Create TodoWrite todo per item" [shape=box];
"Follow skill exactly" [shape=box];
"Respond (including clarifications)" [shape=doublecircle];
"About to EnterPlanMode?" -> "Already brainstormed?";
"Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
"Already brainstormed?" -> "Might any skill apply?" [label="yes"];
"Invoke brainstorming skill" -> "Might any skill apply?";
"User message received" -> "Might any skill apply?";
"Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
"Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
"Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
"Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
"Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
"Has checklist?" -> "Follow skill exactly" [label="no"];
"Create TodoWrite todo per item" -> "Follow skill exactly";
}
```
## Red Flags
These thoughts mean STOP—you're rationalizing:
| Thought | Reality |
|---------|---------|
| "This is just a simple question" | Questions are tasks. Check for skills. |
| "I need more context first" | Skill check comes BEFORE clarifying questions. |
| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
| "Let me gather information first" | Skills tell you HOW to gather information. |
| "This doesn't need a formal skill" | If a skill exists, use it. |
| "I remember this skill" | Skills evolve. Read current version. |
| "This doesn't count as a task" | Action = task. Check for skills. |
| "The skill is overkill" | Simple things become complex. Use it. |
| "I'll just do this one thing first" | Check BEFORE doing anything. |
| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
## Skill Priority
When multiple skills could apply, use this order:
1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
"Let's build X" → brainstorming first, then implementation skills.
"Fix this bug" → debugging first, then domain-specific skills.
## Skill Types
**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
**Flexible** (patterns): Adapt principles to context.
The skill itself tells you which.
## User Instructions
Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.
@@ -0,0 +1,100 @@
# Codex Tool Mapping
Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
| Skill references | Codex equivalent |
|-----------------|------------------|
| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
| Task returns result | `wait` |
| Task completes automatically | `close_agent` to free slot |
| `TodoWrite` (task tracking) | `update_plan` |
| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
| `Read`, `Write`, `Edit` (files) | Use your native file tools |
| `Bash` (run commands) | Use your native shell tools |
## Subagent dispatch requires multi-agent support
Add to your Codex config (`~/.codex/config.toml`):
```toml
[features]
multi_agent = true
```
This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
## Named agent dispatch
Claude Code skills reference named agent types like `superpowers:code-reviewer`.
Codex does not have a named agent registry — `spawn_agent` creates generic agents
from built-in roles (`default`, `explorer`, `worker`).
When a skill says to dispatch a named agent type:
1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
local prompt template like `code-quality-reviewer-prompt.md`)
2. Read the prompt content
3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
4. Spawn a `worker` agent with the filled content as the `message`
| Skill instruction | Codex equivalent |
|-------------------|------------------|
| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
### Message framing
The `message` parameter is user-level input, not a system prompt. Structure it
for maximum instruction adherence:
```
Your task is to perform the following. Follow the instructions below exactly.
<agent-instructions>
[filled prompt content from the agent's .md file]
</agent-instructions>
Execute this now. Output ONLY the structured response following the format
specified in the instructions above.
```
- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
- End with an explicit execution directive to prevent summarization of the instructions
### When this workaround can be removed
This approach compensates for Codex's plugin system not yet supporting an `agents`
field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
skills can dispatch named agent types directly.
## Environment Detection
Skills that create worktrees or finish branches should detect their
environment with read-only git commands before proceeding:
```bash
GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
BRANCH=$(git branch --show-current)
```
- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
Step 1 for how each skill uses these signals.
## Codex App Finishing
When the sandbox blocks branch/push operations (detached HEAD in an
externally managed worktree), the agent commits all work and informs
the user to use the App's native controls:
- **"Create branch"** — names the branch, then commit/push/PR via App UI
- **"Hand off to local"** — transfers work to the user's local checkout
The agent can still run tests, stage files, and output suggested branch
names, commit messages, and PR descriptions for the user to copy.
@@ -0,0 +1,33 @@
# Gemini CLI Tool Mapping
Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
| Skill references | Gemini CLI equivalent |
|-----------------|----------------------|
| `Read` (file reading) | `read_file` |
| `Write` (file creation) | `write_file` |
| `Edit` (file editing) | `replace` |
| `Bash` (run commands) | `run_shell_command` |
| `Grep` (search file content) | `grep_search` |
| `Glob` (search files by name) | `glob` |
| `TodoWrite` (task tracking) | `write_todos` |
| `Skill` tool (invoke a skill) | `activate_skill` |
| `WebSearch` | `google_web_search` |
| `WebFetch` | `web_fetch` |
| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
## No subagent support
Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
## Additional Gemini CLI tools
These tools are available in Gemini CLI but have no Claude Code equivalent:
| Tool | Purpose |
|------|---------|
| `list_directory` | List files and subdirectories |
| `save_memory` | Persist facts to GEMINI.md across sessions |
| `ask_user` | Request structured input from the user |
| `tracker_create_task` | Rich task management (create, update, list, visualize) |
| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |
+115
View File
@@ -0,0 +1,115 @@
---
name: using-superpowers
description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
---
<SUBAGENT-STOP>
If you were dispatched as a subagent to execute a specific task, skip this skill.
</SUBAGENT-STOP>
<EXTREMELY-IMPORTANT>
If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
This is not negotiable. This is not optional. You cannot rationalize your way out of this.
</EXTREMELY-IMPORTANT>
## Instruction Priority
Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
2. **Superpowers skills** — override default system behavior where they conflict
3. **Default system prompt** — lowest priority
If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
## How to Access Skills
**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
**In other environments:** Check your platform's documentation for how skills are loaded.
## Platform Adaptation
Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
# Using Skills
## The Rule
**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
```dot
digraph skill_flow {
"User message received" [shape=doublecircle];
"About to EnterPlanMode?" [shape=doublecircle];
"Already brainstormed?" [shape=diamond];
"Invoke brainstorming skill" [shape=box];
"Might any skill apply?" [shape=diamond];
"Invoke Skill tool" [shape=box];
"Announce: 'Using [skill] to [purpose]'" [shape=box];
"Has checklist?" [shape=diamond];
"Create TodoWrite todo per item" [shape=box];
"Follow skill exactly" [shape=box];
"Respond (including clarifications)" [shape=doublecircle];
"About to EnterPlanMode?" -> "Already brainstormed?";
"Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
"Already brainstormed?" -> "Might any skill apply?" [label="yes"];
"Invoke brainstorming skill" -> "Might any skill apply?";
"User message received" -> "Might any skill apply?";
"Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
"Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
"Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
"Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
"Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
"Has checklist?" -> "Follow skill exactly" [label="no"];
"Create TodoWrite todo per item" -> "Follow skill exactly";
}
```
## Red Flags
These thoughts mean STOP—you're rationalizing:
| Thought | Reality |
|---------|---------|
| "This is just a simple question" | Questions are tasks. Check for skills. |
| "I need more context first" | Skill check comes BEFORE clarifying questions. |
| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
| "Let me gather information first" | Skills tell you HOW to gather information. |
| "This doesn't need a formal skill" | If a skill exists, use it. |
| "I remember this skill" | Skills evolve. Read current version. |
| "This doesn't count as a task" | Action = task. Check for skills. |
| "The skill is overkill" | Simple things become complex. Use it. |
| "I'll just do this one thing first" | Check BEFORE doing anything. |
| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
## Skill Priority
When multiple skills could apply, use this order:
1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
"Let's build X" → brainstorming first, then implementation skills.
"Fix this bug" → debugging first, then domain-specific skills.
## Skill Types
**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
**Flexible** (patterns): Adapt principles to context.
The skill itself tells you which.
## User Instructions
Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.
@@ -0,0 +1,100 @@
# Codex Tool Mapping
Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
| Skill references | Codex equivalent |
|-----------------|------------------|
| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
| Task returns result | `wait` |
| Task completes automatically | `close_agent` to free slot |
| `TodoWrite` (task tracking) | `update_plan` |
| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
| `Read`, `Write`, `Edit` (files) | Use your native file tools |
| `Bash` (run commands) | Use your native shell tools |
## Subagent dispatch requires multi-agent support
Add to your Codex config (`~/.codex/config.toml`):
```toml
[features]
multi_agent = true
```
This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
## Named agent dispatch
Claude Code skills reference named agent types like `superpowers:code-reviewer`.
Codex does not have a named agent registry — `spawn_agent` creates generic agents
from built-in roles (`default`, `explorer`, `worker`).
When a skill says to dispatch a named agent type:
1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
local prompt template like `code-quality-reviewer-prompt.md`)
2. Read the prompt content
3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
4. Spawn a `worker` agent with the filled content as the `message`
| Skill instruction | Codex equivalent |
|-------------------|------------------|
| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
### Message framing
The `message` parameter is user-level input, not a system prompt. Structure it
for maximum instruction adherence:
```
Your task is to perform the following. Follow the instructions below exactly.
<agent-instructions>
[filled prompt content from the agent's .md file]
</agent-instructions>
Execute this now. Output ONLY the structured response following the format
specified in the instructions above.
```
- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
- End with an explicit execution directive to prevent summarization of the instructions
### When this workaround can be removed
This approach compensates for Codex's plugin system not yet supporting an `agents`
field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
skills can dispatch named agent types directly.
## Environment Detection
Skills that create worktrees or finish branches should detect their
environment with read-only git commands before proceeding:
```bash
GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
BRANCH=$(git branch --show-current)
```
- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
Step 1 for how each skill uses these signals.
## Codex App Finishing
When the sandbox blocks branch/push operations (detached HEAD in an
externally managed worktree), the agent commits all work and informs
the user to use the App's native controls:
- **"Create branch"** — names the branch, then commit/push/PR via App UI
- **"Hand off to local"** — transfers work to the user's local checkout
The agent can still run tests, stage files, and output suggested branch
names, commit messages, and PR descriptions for the user to copy.
@@ -0,0 +1,33 @@
# Gemini CLI Tool Mapping
Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
| Skill references | Gemini CLI equivalent |
|-----------------|----------------------|
| `Read` (file reading) | `read_file` |
| `Write` (file creation) | `write_file` |
| `Edit` (file editing) | `replace` |
| `Bash` (run commands) | `run_shell_command` |
| `Grep` (search file content) | `grep_search` |
| `Glob` (search files by name) | `glob` |
| `TodoWrite` (task tracking) | `write_todos` |
| `Skill` tool (invoke a skill) | `activate_skill` |
| `WebSearch` | `google_web_search` |
| `WebFetch` | `web_fetch` |
| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
## No subagent support
Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
## Additional Gemini CLI tools
These tools are available in Gemini CLI but have no Claude Code equivalent:
| Tool | Purpose |
|------|---------|
| `list_directory` | List files and subdirectories |
| `save_memory` | Persist facts to GEMINI.md across sessions |
| `ask_user` | Request structured input from the user |
| `tracker_create_task` | Rich task management (create, update, list, visualize) |
| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |
+58 -10
View File
@@ -89,16 +89,55 @@ certDomains!: string[];
accessId!: string;
```
### 4. 实现插件方法
### 4. 动态显隐配置(mergeScript
#### 4.1 插件实例化时执行的方法
使用 `mergeScript` 可以实现根据其他输入值动态控制当前输入项的显隐状态。
```typescript
@TaskInput({
title: '匹配模式',
component: {
name: 'select',
options: [
{ label: '手动选择', value: 'manual' },
{ label: '根据证书匹配', value: 'auto' },
],
},
default: 'manual',
})
domainMatchMode!: 'manual' | 'auto';
@TaskInput(
createRemoteSelectInputDefine({
title: 'DCDN加速域名',
helper: '你在阿里云上配置的DCDN加速域名',
action: DeployCertToAliyunDCDN.prototype.onGetDomainList.name,
watches: ['certDomains', 'accessId'],
required: true,
mergeScript: `
return {
show: ctx.compute(({form})=>{
return domainMatchMode === "manual"
})
}
`,
})
)
domainName!: string | string[];
```
`mergeScript` 中的 `ctx.compute` 函数接收一个回调函数,通过 `form` 参数可以访问表单中的其他字段值。
### 5. 实现插件方法
#### 5.1 插件实例化时执行的方法
```typescript
// 插件实例化时执行的方法
async onInstance() {}
```
#### 4.2 插件执行方法
#### 5.2 插件执行方法
```typescript
// 插件执行方法
@@ -130,7 +169,9 @@ async execute(): Promise<void> {
}
```
#### 4.3 后端获取选项方法
#### 5.3 后端获取选项方法
使用 `createRemoteSelectInputDefine` 创建远程选择输入项,`action` 指向的方法接收 `PageSearch` 参数并返回 `{ list, total }` 格式。
```typescript
@TaskInput(
@@ -145,8 +186,8 @@ async execute(): Promise<void> {
)
siteName!: string | string[];
// 从后端获取选项的方法
async onGetSiteList(req: PageSearch) {
// 从后端获取选项的方法,接收PageSearch参数
async onGetSiteList(data: PageSearch) {
if (!this.accessId) {
throw new Error('请选择Access授权');
}
@@ -154,7 +195,7 @@ async onGetSiteList(req: PageSearch) {
// @ts-ignore
const access = await this.getAccess(this.accessId);
// const siteRes = await access.GetDomainList(req);
// const siteRes = await access.GetDomainList(data);
// 以下是模拟数据
const siteRes = [
{ id: 1, siteName: 'site1.com' },
@@ -169,8 +210,12 @@ async onGetSiteList(req: PageSearch) {
domain: item.siteName,
};
});
// 将站点域名名称根据证书域名进行匹配分组,分成匹配的和不匹配的两组选项,返回给前端,供用户选择
return optionsUtils.buildGroupOptions(options, this.certDomains);
// 返回{list, total}格式
return {
list: optionsUtils.buildGroupOptions(options, this.certDomains),
total: siteRes.length,
};
}
```
@@ -383,7 +428,10 @@ export class DemoTest extends AbstractTaskPlugin {
};
});
//将站点域名名称根据证书域名进行匹配分组,分成匹配的和不匹配的两组选项,返回给前端,供用户选择
return optionsUtils.buildGroupOptions(options, this.certDomains);
return {
list: optionsUtils.buildGroupOptions(options, this.certDomains),
total: siteRes.length,
};
}
}
```
+115
View File
@@ -0,0 +1,115 @@
---
name: using-superpowers
description: Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions
---
<SUBAGENT-STOP>
If you were dispatched as a subagent to execute a specific task, skip this skill.
</SUBAGENT-STOP>
<EXTREMELY-IMPORTANT>
If you think there is even a 1% chance a skill might apply to what you are doing, you ABSOLUTELY MUST invoke the skill.
IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT.
This is not negotiable. This is not optional. You cannot rationalize your way out of this.
</EXTREMELY-IMPORTANT>
## Instruction Priority
Superpowers skills override default system prompt behavior, but **user instructions always take precedence**:
1. **User's explicit instructions** (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority
2. **Superpowers skills** — override default system behavior where they conflict
3. **Default system prompt** — lowest priority
If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions. The user is in control.
## How to Access Skills
**In Claude Code:** Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you—follow it directly. Never use the Read tool on skill files.
**In Gemini CLI:** Skills activate via the `activate_skill` tool. Gemini loads skill metadata at session start and activates the full content on demand.
**In other environments:** Check your platform's documentation for how skills are loaded.
## Platform Adaptation
Skills use Claude Code tool names. Non-CC platforms: see `references/codex-tools.md` (Codex) for tool equivalents. Gemini CLI users get the tool mapping loaded automatically via GEMINI.md.
# Using Skills
## The Rule
**Invoke relevant or requested skills BEFORE any response or action.** Even a 1% chance a skill might apply means that you should invoke the skill to check. If an invoked skill turns out to be wrong for the situation, you don't need to use it.
```dot
digraph skill_flow {
"User message received" [shape=doublecircle];
"About to EnterPlanMode?" [shape=doublecircle];
"Already brainstormed?" [shape=diamond];
"Invoke brainstorming skill" [shape=box];
"Might any skill apply?" [shape=diamond];
"Invoke Skill tool" [shape=box];
"Announce: 'Using [skill] to [purpose]'" [shape=box];
"Has checklist?" [shape=diamond];
"Create TodoWrite todo per item" [shape=box];
"Follow skill exactly" [shape=box];
"Respond (including clarifications)" [shape=doublecircle];
"About to EnterPlanMode?" -> "Already brainstormed?";
"Already brainstormed?" -> "Invoke brainstorming skill" [label="no"];
"Already brainstormed?" -> "Might any skill apply?" [label="yes"];
"Invoke brainstorming skill" -> "Might any skill apply?";
"User message received" -> "Might any skill apply?";
"Might any skill apply?" -> "Invoke Skill tool" [label="yes, even 1%"];
"Might any skill apply?" -> "Respond (including clarifications)" [label="definitely not"];
"Invoke Skill tool" -> "Announce: 'Using [skill] to [purpose]'";
"Announce: 'Using [skill] to [purpose]'" -> "Has checklist?";
"Has checklist?" -> "Create TodoWrite todo per item" [label="yes"];
"Has checklist?" -> "Follow skill exactly" [label="no"];
"Create TodoWrite todo per item" -> "Follow skill exactly";
}
```
## Red Flags
These thoughts mean STOP—you're rationalizing:
| Thought | Reality |
|---------|---------|
| "This is just a simple question" | Questions are tasks. Check for skills. |
| "I need more context first" | Skill check comes BEFORE clarifying questions. |
| "Let me explore the codebase first" | Skills tell you HOW to explore. Check first. |
| "I can check git/files quickly" | Files lack conversation context. Check for skills. |
| "Let me gather information first" | Skills tell you HOW to gather information. |
| "This doesn't need a formal skill" | If a skill exists, use it. |
| "I remember this skill" | Skills evolve. Read current version. |
| "This doesn't count as a task" | Action = task. Check for skills. |
| "The skill is overkill" | Simple things become complex. Use it. |
| "I'll just do this one thing first" | Check BEFORE doing anything. |
| "This feels productive" | Undisciplined action wastes time. Skills prevent this. |
| "I know what that means" | Knowing the concept ≠ using the skill. Invoke it. |
## Skill Priority
When multiple skills could apply, use this order:
1. **Process skills first** (brainstorming, debugging) - these determine HOW to approach the task
2. **Implementation skills second** (frontend-design, mcp-builder) - these guide execution
"Let's build X" → brainstorming first, then implementation skills.
"Fix this bug" → debugging first, then domain-specific skills.
## Skill Types
**Rigid** (TDD, debugging): Follow exactly. Don't adapt away discipline.
**Flexible** (patterns): Adapt principles to context.
The skill itself tells you which.
## User Instructions
Instructions say WHAT, not HOW. "Add X" or "Fix Y" doesn't mean skip workflows.
@@ -0,0 +1,100 @@
# Codex Tool Mapping
Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
| Skill references | Codex equivalent |
|-----------------|------------------|
| `Task` tool (dispatch subagent) | `spawn_agent` (see [Named agent dispatch](#named-agent-dispatch)) |
| Multiple `Task` calls (parallel) | Multiple `spawn_agent` calls |
| Task returns result | `wait` |
| Task completes automatically | `close_agent` to free slot |
| `TodoWrite` (task tracking) | `update_plan` |
| `Skill` tool (invoke a skill) | Skills load natively — just follow the instructions |
| `Read`, `Write`, `Edit` (files) | Use your native file tools |
| `Bash` (run commands) | Use your native shell tools |
## Subagent dispatch requires multi-agent support
Add to your Codex config (`~/.codex/config.toml`):
```toml
[features]
multi_agent = true
```
This enables `spawn_agent`, `wait`, and `close_agent` for skills like `dispatching-parallel-agents` and `subagent-driven-development`.
## Named agent dispatch
Claude Code skills reference named agent types like `superpowers:code-reviewer`.
Codex does not have a named agent registry — `spawn_agent` creates generic agents
from built-in roles (`default`, `explorer`, `worker`).
When a skill says to dispatch a named agent type:
1. Find the agent's prompt file (e.g., `agents/code-reviewer.md` or the skill's
local prompt template like `code-quality-reviewer-prompt.md`)
2. Read the prompt content
3. Fill any template placeholders (`{BASE_SHA}`, `{WHAT_WAS_IMPLEMENTED}`, etc.)
4. Spawn a `worker` agent with the filled content as the `message`
| Skill instruction | Codex equivalent |
|-------------------|------------------|
| `Task tool (superpowers:code-reviewer)` | `spawn_agent(agent_type="worker", message=...)` with `code-reviewer.md` content |
| `Task tool (general-purpose)` with inline prompt | `spawn_agent(message=...)` with the same prompt |
### Message framing
The `message` parameter is user-level input, not a system prompt. Structure it
for maximum instruction adherence:
```
Your task is to perform the following. Follow the instructions below exactly.
<agent-instructions>
[filled prompt content from the agent's .md file]
</agent-instructions>
Execute this now. Output ONLY the structured response following the format
specified in the instructions above.
```
- Use task-delegation framing ("Your task is...") rather than persona framing ("You are...")
- Wrap instructions in XML tags — the model treats tagged blocks as authoritative
- End with an explicit execution directive to prevent summarization of the instructions
### When this workaround can be removed
This approach compensates for Codex's plugin system not yet supporting an `agents`
field in `plugin.json`. When `RawPluginManifest` gains an `agents` field, the
plugin can symlink to `agents/` (mirroring the existing `skills/` symlink) and
skills can dispatch named agent types directly.
## Environment Detection
Skills that create worktrees or finish branches should detect their
environment with read-only git commands before proceeding:
```bash
GIT_DIR=$(cd "$(git rev-parse --git-dir)" 2>/dev/null && pwd -P)
GIT_COMMON=$(cd "$(git rev-parse --git-common-dir)" 2>/dev/null && pwd -P)
BRANCH=$(git branch --show-current)
```
- `GIT_DIR != GIT_COMMON` → already in a linked worktree (skip creation)
- `BRANCH` empty → detached HEAD (cannot branch/push/PR from sandbox)
See `using-git-worktrees` Step 0 and `finishing-a-development-branch`
Step 1 for how each skill uses these signals.
## Codex App Finishing
When the sandbox blocks branch/push operations (detached HEAD in an
externally managed worktree), the agent commits all work and informs
the user to use the App's native controls:
- **"Create branch"** — names the branch, then commit/push/PR via App UI
- **"Hand off to local"** — transfers work to the user's local checkout
The agent can still run tests, stage files, and output suggested branch
names, commit messages, and PR descriptions for the user to copy.
@@ -0,0 +1,33 @@
# Gemini CLI Tool Mapping
Skills use Claude Code tool names. When you encounter these in a skill, use your platform equivalent:
| Skill references | Gemini CLI equivalent |
|-----------------|----------------------|
| `Read` (file reading) | `read_file` |
| `Write` (file creation) | `write_file` |
| `Edit` (file editing) | `replace` |
| `Bash` (run commands) | `run_shell_command` |
| `Grep` (search file content) | `grep_search` |
| `Glob` (search files by name) | `glob` |
| `TodoWrite` (task tracking) | `write_todos` |
| `Skill` tool (invoke a skill) | `activate_skill` |
| `WebSearch` | `google_web_search` |
| `WebFetch` | `web_fetch` |
| `Task` tool (dispatch subagent) | No equivalent — Gemini CLI does not support subagents |
## No subagent support
Gemini CLI has no equivalent to Claude Code's `Task` tool. Skills that rely on subagent dispatch (`subagent-driven-development`, `dispatching-parallel-agents`) will fall back to single-session execution via `executing-plans`.
## Additional Gemini CLI tools
These tools are available in Gemini CLI but have no Claude Code equivalent:
| Tool | Purpose |
|------|---------|
| `list_directory` | List files and subdirectories |
| `save_memory` | Persist facts to GEMINI.md across sessions |
| `ask_user` | Request structured input from the user |
| `tracker_create_task` | Rich task management (create, update, list, visualize) |
| `enter_plan_mode` / `exit_plan_mode` | Switch to read-only research mode before making changes |
+11
View File
@@ -3,6 +3,17 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.39.7](https://github.com/certd/certd/compare/v1.39.6...v1.39.7) (2026-03-25)
### Bug Fixes
* 修复cname校验报该授权无权限的bug ([b1eb706](https://github.com/certd/certd/commit/b1eb7069258d6ff2b128091911fa448eaffc5f33))
### Performance Improvements
* 支持部署到火山云tos自定义域名证书 ([af6deb9](https://github.com/certd/certd/commit/af6deb99cd24a69a189b1fdd1df51c8f7816dcda))
* 支持部署证书到火山引擎vod ([f91d591](https://github.com/certd/certd/commit/f91d591b03c50166d9fa352ba11c62d963869aa5))
## [1.39.6](https://github.com/certd/certd/compare/v1.39.5...v1.39.6) (2026-03-22)
### Bug Fixes
+1 -1
View File
@@ -70,5 +70,5 @@
"bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -47,5 +47,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -45,5 +45,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -334,7 +334,7 @@ export class Executor {
//参数没有变化
inputChanged = false;
}
if (step.strategy?.runStrategy === RunStrategy.SkipWhenSucceed) {
if (step.strategy?.runStrategy === RunStrategy.SkipWhenSucceed && define.runStrategy !== RunStrategy.AlwaysRun) {
if (lastResult != null && lastResult === ResultType.success && !inputChanged) {
step.status!.output = lastNode?.status?.output;
step.status!.files = lastNode?.status?.files;
+107 -2
View File
@@ -4,13 +4,14 @@ import { FileStore } from "../core/file-store.js";
import { accessRegistry, IAccessService } from "../access/index.js";
import { ICnameProxyService, IEmailService, IServiceGetter, IUrlService } from "../service/index.js";
import { CancelError, IContext, RunHistory, RunnableCollection } from "../core/index.js";
import { HttpRequestConfig, ILogger, logger, utils } from "@certd/basic";
import { domainUtils, HttpRequestConfig, ILogger, logger, optionsUtils, utils } from "@certd/basic";
import { HttpClient } from "@certd/basic";
import dayjs from "dayjs";
import { IPluginConfigService } from "../service/config.js";
import { upperFirst } from "lodash-es";
import { cloneDeep, upperFirst } from "lodash-es";
import { INotificationService } from "../notification/index.js";
import { TaskEmitter } from "../service/emit.js";
import { PageSearch } from "../context/index.js";
export type PluginRequestHandleReq<T = any> = {
typeName: string;
@@ -64,6 +65,7 @@ export type PluginDefine = Registrable & {
onlyAdmin?: boolean;
needPlus?: boolean;
showRunStrategy?: boolean;
runStrategy?: any;
pluginType?: string; //类型
type?: string; //来源
};
@@ -81,6 +83,12 @@ export type TaskResult = {
pipelineVars: Record<string, any>;
pipelinePrivateVars?: Record<string, any>;
};
export type CertTargetItem = {
value: string;
label: string;
domain: string | string[];
};
export type TaskInstanceContext = {
//流水线定义
pipeline: Pipeline;
@@ -315,6 +323,103 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
getLastOutput(key: string) {
return this.getLastStatus().status?.output?.[key];
}
isDomainMatched(domainList: string | string[], certDomains: string[]): boolean {
const matched = domainUtils.match(domainList, certDomains);
return matched;
}
isNotChanged() {
const lastResult = this.ctx?.lastStatus?.status?.status;
return !this.ctx.inputChanged && lastResult === "success";
}
async getAutoMatchedTargets(req: {
targetName: string;
certDomains: string[];
pageSize: number;
getDeployTargetList: (req: PageSearch) => Promise<{ list: CertTargetItem[]; total: number }>;
}): Promise<CertTargetItem[]> {
const matchedDomains: CertTargetItem[] = [];
let pageNo = 1;
const { certDomains } = req;
const pageSize = req.pageSize || 100;
while (true) {
const result = await req.getDeployTargetList({
pageNo,
pageSize,
});
const pageData = result.list;
this.logger.info(`获取到 ${pageData.length}${req.targetName}`);
if (!pageData || pageData.length === 0) {
break;
}
for (const item of pageData) {
const domainName = item.domain;
if (this.isDomainMatched(domainName, certDomains)) {
matchedDomains.push(item);
}
}
const totalCount = result.total || 0;
if (pageNo * pageSize >= totalCount || matchedDomains.length == 0) {
break;
}
pageNo++;
}
return matchedDomains;
}
async autoMatchedDeploy(req: {
targetName: string;
getCertDomains: () => string[];
uploadCert: () => Promise<any>;
deployOne: (req: { target: any; cert: any }) => Promise<void>;
getDeployTargetList: (req: PageSearch) => Promise<{ list: CertTargetItem[]; total: number }>;
}): Promise<{ result: any; deployedList: any[] }> {
this.logger.info("证书匹配模式部署");
const certDomains = req.getCertDomains();
const certTargetList = await this.getAutoMatchedTargets({
targetName: req.targetName,
pageSize: 200,
certDomains,
getDeployTargetList: req.getDeployTargetList,
});
if (certTargetList.length === 0) {
this.logger.warn(`未找到匹配的${req.targetName}`);
return { result: "skip", deployedList: [] };
}
this.logger.info(`找到 ${certTargetList.length} 个匹配的${req.targetName}`);
//开始部署,检查是否已经部署过
const deployedList = cloneDeep(this.getLastStatus()?.status?.output?.deployedList || []);
const unDeployedTargets = certTargetList.filter(item => !deployedList.includes(item.value));
const count = unDeployedTargets.length;
const deployedCount = certTargetList.length - count;
if (deployedCount > 0) {
this.logger.info(`跳过 ${deployedCount} 个已部署过的${req.targetName}`);
}
this.logger.info(`需要部署 ${count}${req.targetName}`);
if (count === 0) {
return { result: "skip", deployedList };
}
this.logger.info(`开始部署`);
const aliCrtId = await req.uploadCert();
for (const target of unDeployedTargets) {
await req.deployOne({
cert: aliCrtId,
target,
});
deployedList.push(target.value);
}
this.logger.info(`本次成功部署 ${count}${req.targetName}`);
return { result: "success", deployedList };
}
}
export type OutputVO = {
+1 -1
View File
@@ -24,5 +24,5 @@
"prettier": "^2.8.8",
"tslib": "^2.8.1"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -31,5 +31,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -56,5 +56,5 @@
"fetch"
]
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -32,5 +32,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -64,5 +64,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -46,5 +46,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -38,5 +38,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
+1 -1
View File
@@ -57,5 +57,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "b0ccab41e17cb16c87bfc0ec3b052d5e8a5d8435"
"gitHead": "adc3e6118b941818926705c3536babfca117c247"
}
@@ -43,6 +43,12 @@ const formats = {
jks: ["jks"],
p7b: ["p7b", "key"],
};
export type SimpleCertDetail = {
notBefore: Date;
notAfter: Date;
domains: string[];
};
export class CertReader {
cert: CertInfo;
@@ -116,6 +122,15 @@ export class CertReader {
return CertReader.readCertDetail(crt);
}
getSimpleDetail() {
const { detail } = this.getCrtDetail();
return {
notBefore: detail.notBefore,
notAfter: detail.notAfter,
domains: this.getAllDomains(),
};
}
static readCertDetail(crt: string) {
const detail = crypto.readCertificateInfo(crt.toString());
const effective = detail.notBefore;
@@ -235,7 +235,6 @@ watch(
const { form } = value;
const oldForm: any = oldValue?.form;
let changed = oldForm == null || optionsRef.value.length == 0;
debugger;
if (props.watches && props.watches.length > 0) {
for (const key of props.watches) {
if (oldForm && JSON.stringify(form[key]) != JSON.stringify(oldForm[key])) {
@@ -589,11 +589,11 @@ export default {
userValidityPeriodHelper: "有效期内用户可正常使用,失效后用户的流水线将被停用",
enableUsernameRegistration: "开启用户名注册",
enableEmailRegistration: "开启邮箱注册",
proFeature: "专业版功能",
proFeature: "Certd专业版功能",
emailServerSetup: "设置邮箱服务器",
enableSmsLoginRegister: "开启手机号登录、注册",
defaultLoginType: "默认登录方式",
commFeature: "商业版功能",
commFeature: "Certd商业版功能",
smsProvider: "短信提供商",
aliyunSms: "阿里云短信",
tencentSms: "腾讯云短信",
@@ -813,7 +813,7 @@ export default {
},
domain: {
domainManager: "域名管理",
domainDescription: "管理域名的校验方式,用于申请证书时自动选择验证方式",
domainDescription: "流水线校验方式选择“自动选择”时此处配置才有用,支持自动导入;注意:这里只需要管理主域名即可,子域名不要填写(子域名托管和免费二级子域名除外)",
domain: "域名",
challengeType: "校验类型",
dnsProviderType: "DNS提供商类型",
@@ -88,13 +88,13 @@ export default {
activation_code_one_use: "激活码使用过一次之后,不可再次使用,如果要更换站点,请",
bind_account: "绑定账号",
transfer_vip: '然后"转移VIP"即可',
needVipTip: "此为专业版功能,请先开通专业版",
needVipTip: "此为Certd专业版功能,请先开通Certd专业版",
manual_activation: "激活码手动激活",
close: "关闭",
have_activation_code: "已经有激活码了?",
buy: "立即购买",
already_plus: "已经是专业版了,是否升级为商业版?注意:专业版时长将被覆盖",
already_comm: "已经是商业版了,不能降级为专业版",
already_plus: "已经是Certd专业版了,是否升级为商业版?注意:Certd专业版时长将被覆盖",
already_comm: "已经是Certd商业版了,不能降级为专业版",
already_perpetual_plus: "您已经是永久专业版了,无法继续升级",
confirm: "确认",
not_effective: "VIP没有生效/时长未同步?",
@@ -80,7 +80,7 @@ onMounted(() => {
await settingStore.doBindUrl();
notification.success({
message: "更新成功",
description: "专业版/商业版已激活",
description: "Certd专业版/商业版已激活",
});
});
});
@@ -31,7 +31,7 @@ export class UserTwoFactorSettingController extends BaseController {
@Post("/save", { description: Constants.per.authOnly, summary: "保存双因子认证设置" })
async save(@Body(ALL) bean: any) {
if (!isPlus()) {
throw new Error('本功能需要开通专业版')
throw new Error('本功能需要开通Certd专业版')
}
const userId = this.getUserId();
const setting = new UserTwoFactorSetting();
@@ -57,7 +57,7 @@ export class UserTwoFactorSettingController extends BaseController {
@Post("/authenticator/save", { description: Constants.per.authOnly, summary: "保存验证器设置" })
async authenticatorSave(@Body(ALL) bean: any) {
if (!isPlus()) {
throw new Error('本功能需要开通专业版')
throw new Error('本功能需要开通Certd专业版')
}
const userId = this.getUserId();
await this.twoFactorService.saveAuthenticator({
@@ -81,7 +81,7 @@ export class UserSettingsController extends CrudController<UserSettingsService>
@Post("/grant/save", { description: Constants.per.authOnly, summary: "保存授权设置" })
async grantSettingsSave(@Body(ALL) bean: UserGrantSetting) {
if (!isPlus()) {
throw new Error('本功能需要开通专业版')
throw new Error('本功能需要开通Certd专业版')
}
const userId = this.getUserId();
const setting = new UserGrantSetting();
@@ -180,7 +180,7 @@ export class LoginService {
async loginByTwoFactor(req: { loginId: string; verifyCode: string }) {
//检查是否开启多重认证
if (!isPlus()) {
throw new Error('本功能需要开通专业版')
throw new Error('本功能需要开通Certd专业版')
}
const userId = cache.get(`login_2fa_code:${req.loginId}`)
if (!userId) {
@@ -83,7 +83,7 @@ export class NotificationService extends BaseService<NotificationEntity> {
const define = this.getDefineByType(type)
//@ts-ignore
if (define.needPlus && !isPlus()) {
throw new NeedVIPException("此通知类型为专业版功能,请升级到专业版或以上级别");
throw new NeedVIPException("此通知类型为Certd专业版功能,请升级到专业版或以上级别");
}
}
@@ -941,7 +941,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
async batchDelete(ids: number[], userId?: number, projectId?: number) {
if (!isPlus()) {
throw new NeedVIPException("此功能需要升级专业版");
throw new NeedVIPException("此功能需要升级Certd专业版");
}
for (const id of ids) {
if (userId && userId > 0) {
@@ -956,7 +956,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
async batchUpdateGroup(ids: number[], groupId: number, userId: any, projectId?: number) {
if (!isPlus()) {
throw new NeedVIPException("此功能需要升级专业版");
throw new NeedVIPException("此功能需要升级Certd专业版");
}
const query: any = {}
if (userId && userId > 0) {
@@ -982,7 +982,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
*/
async batchTransfer(ids: number[], projectId: number) {
if (!isPlus()) {
throw new NeedVIPException("此功能需要升级专业版");
throw new NeedVIPException("此功能需要升级Certd专业版");
}
if (!isEnterprise()) {
throw new Error("当前为非企业模式,不允许转移到其他项目");
@@ -1075,7 +1075,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
async batchUpdateTrigger(ids: number[], trigger: any, userId: any, projectId?: number) {
if (!isPlus()) {
throw new NeedVIPException("此功能需要升级专业版");
throw new NeedVIPException("此功能需要升级Certd专业版");
}
//允许管理员修改,userId=null
const query: any = {}
@@ -1128,7 +1128,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
async batchUpdateNotifications(ids: number[], notification: Notification, userId: any, projectId?: number) {
if (!isPlus()) {
throw new NeedVIPException("此功能需要升级专业版");
throw new NeedVIPException("此功能需要升级Certd专业版");
}
//允许管理员修改,userId=null
const query: any = {}
@@ -1167,7 +1167,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
async batchRerun(ids: number[], force: boolean, userId: any, projectId?: number) {
if (!isPlus()) {
throw new NeedVIPException("此功能需要升级专业版");
throw new NeedVIPException("此功能需要升级Certd专业版");
}
//允许userId为空,为空则为管理员触发
if (ids.length === 0) {
@@ -1,6 +1,7 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { AbstractTaskPlugin, CertTargetItem, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
import dayjs from 'dayjs';
import {
CertReader,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
@@ -9,18 +10,19 @@ import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { CertInfo } from '@certd/plugin-cert';
import { CertApplyPluginNames } from '@certd/plugin-cert';
import { optionsUtils } from "@certd/basic";
import { AliyunClient, CasCertId } from "../../../plugin-lib/aliyun/lib/index.js";
import { AliyunClient, AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'DeployCertToAliyunDCDN',
title: '阿里云-部署证书至DCDN',
icon: 'svg:icon-aliyun',
group: pluginGroups.aliyun.key,
desc: '依赖证书申请前置任务,自动部署域名证书至阿里云DCDN',
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
runStrategy: RunStrategy.AlwaysRun,
// default: {
// strategy: {
// runStrategy: RunStrategy.SkipWhenSucceed,
// },
// },
})
export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
@TaskInput({
@@ -55,6 +57,19 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
})
certName!: string;
@TaskInput({
title: '域名匹配模式',
helper: '根据证书匹配:根据证书域名自动匹配DCDN加速域名自动部署,新增加速域名自动感知,自动新增部署',
component: {
name: 'a-select',
options: [
{ label: '手动选择', value: 'manual' },
{ label: '根据证书匹配', value: 'auto' },
],
},
value: 'manual',
})
domainMatchMode!: 'manual' | 'auto';
@TaskInput(
createRemoteSelectInputDefine({
@@ -63,33 +78,93 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
action: DeployCertToAliyunDCDN.prototype.onGetDomainList.name,
watches: ['certDomains', 'accessId'],
required: true,
mergeScript: `
return {
show: ctx.compute(({form})=>{
return form.domainMatchMode === "manual"
})
}
`,
})
)
domainName!: string | string[];
@TaskOutput({
title: '已部署过的DCDN加速域名',
})
deployedList!: string[];
async onInstance() { }
async execute(): Promise<void> {
async execute(): Promise<any> {
this.logger.info('开始部署证书到阿里云DCDN');
if (!this.domainName) {
throw new Error('您还未选择DCDN域名');
}
const access = (await this.getAccess(this.accessId)) as AliyunAccess;
const client = await this.getClient(access);
if (typeof this.domainName === 'string') {
this.domainName = [this.domainName];
}
for (const domainName of this.domainName) {
this.logger.info(`[${domainName}]开始部署`)
const params = await this.buildParams(domainName);
await this.doRequest(client, params);
await this.ctx.utils.sleep(1000);
this.logger.info(`[${domainName}]部署成功`)
const sslClient = new AliyunSslClient({ access, logger: this.logger });
if (this.domainMatchMode === 'auto') {
const { result, deployedList } = await this.autoMatchedDeploy({
targetName: 'DCDN加速域名',
uploadCert: async () => {
return await sslClient.uploadCertOrGet(this.cert);
},
deployOne: async (req:{target:any,cert:any})=>{
return await this.deployOne(client, req.target.value, req.cert);
},
getCertDomains: ()=>{
return this.getCertDomains();
},
getDeployTargetList: async (req: PageSearch)=>{
return await this.onGetDomainList(req);
},
});
this.deployedList = deployedList;
return result;
} else {
if (this.isNotChanged()) {
this.logger.info('输入参数未变更,跳过');
return "skip";
}
if (!this.domainName) {
throw new Error('您还未选择DCDN域名');
}
let domains: string[] = [];
domains = typeof this.domainName === 'string' ? [this.domainName] : this.domainName;
const aliCrtId = await sslClient.uploadCertOrGet(this.cert);
for (const domainName of domains) {
await this.deployOne(client, domainName, aliCrtId);
}
}
this.logger.info('部署完成');
}
getCertDomains(): string[]{
const casCert = this.cert as CasCertId;
const certInfo = this.cert as CertInfo;
if (casCert.certId) {
if (!casCert.detail){
throw new Error('未获取到证书域名列表,请尝试强制重新运行一下流水线');
}
return casCert.detail?.domains || [];
}else if (certInfo.crt){
return new CertReader(certInfo).getSimpleDetail().domains || [];
}else{
throw new Error('未获取到证书域名列表,请尝试强制重新运行一下流水线');
}
}
async deployOne(client: any, domainName: string, aliCrtId: CasCertId){
this.logger.info(`[${domainName}]开始部署`)
const params = await this.buildParams(domainName, aliCrtId);
await this.doRequest(client, params);
await this.ctx.utils.sleep(1000);
this.logger.info(`[${domainName}]部署成功`)
}
async getClient(access: AliyunAccess) {
const client = new AliyunClient({ logger: this.logger });
await client.init({
@@ -101,30 +176,9 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
return client;
}
async buildParams(domainName: string) {
async buildParams(domainName: string, aliCrtId: CasCertId) {
const CertName = (this.certName ?? 'certd') + '-' + dayjs().format('YYYYMMDDHHmmss');
let certId: any = this.cert
if (typeof this.cert === 'object') {
const certInfo = this.cert as CertInfo;
const casCertId = this.cert as CasCertId;
if (certInfo.crt) {
this.logger.info('上传证书:', CertName);
const cert: any = this.cert;
return {
DomainName: domainName,
SSLProtocol: 'on',
CertName: CertName,
CertType: 'upload',
SSLPub: cert.crt,
SSLPri: cert.key,
};
}else if (casCertId.certId){
certId = casCertId.certId;
}else{
throw new Error('证书格式错误'+JSON.stringify(this.cert));
}
}
const certId = aliCrtId.certId;
this.logger.info('使用已上传的证书:', certId);
return {
DomainName: domainName,
@@ -152,7 +206,7 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
}
async onGetDomainList(data: any) {
async onGetDomainList(data: PageSearch): Promise<{list: CertTargetItem[], total: number}> {
if (!this.accessId) {
throw new Error('请选择Access授权');
}
@@ -161,7 +215,7 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
const client = await this.getClient(access);
const params = {
// 'DomainName': 'aaa',
PageNumber: data.pageNo || 1,
PageSize: 500,
};
@@ -172,10 +226,9 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
const res = await client.request('DescribeDcdnUserDomains', params, requestOption);
this.checkRet(res);
const pageData = res?.Domains?.PageData;
if (!pageData || pageData.length === 0) {
throw new Error('找不到CDN域名,您可以手动输入');
}
const pageData = res?.Domains?.PageData || [];
const total = res?.Domains?.TotalCount || 0;
const options = pageData.map((item: any) => {
return {
value: item.DomainName,
@@ -183,7 +236,11 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
domain: item.DomainName,
};
});
return optionsUtils.buildGroupOptions(options, this.certDomains);
return {
list: optionsUtils.buildGroupOptions(options, this.certDomains),
total: total,
};
}
}
new DeployCertToAliyunDCDN();
@@ -99,11 +99,13 @@ export class UploadCertToAliyun extends AbstractTaskPlugin {
endpoint,
});
let certName = ""
const certReader = new CertReader(this.cert);
if (this.name){
certName = this.appendTimeSuffix(this.name)
}else {
certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
certName = this.buildCertName(certReader.getMainDomain())
}
const certIdRes = await client.uploadCertificate({
name: certName,
cert: this.cert,
@@ -256,7 +256,7 @@ export class AcmeService {
}
if (providers.domainsVerifyPlan) {
//按照计划执行
const domainVerifyPlan = providers.domainsVerifyPlan[origFullDomain];
const domainVerifyPlan = providers.domainsVerifyPlan[origFullDomain] || providers.domainsVerifyPlan[fullDomain];
if (domainVerifyPlan) {
if (domainVerifyPlan.type === "dns") {
checkIpChallenge("dns");
@@ -1,7 +1,7 @@
import { ILogger, utils } from "@certd/basic";
import { AliyunAccess } from "../access/index.js";
import { AliyunClient } from "./index.js";
import { CertInfo, CertReader } from "@certd/plugin-lib";
import { CertInfo, CertReader, SimpleCertDetail } from "@certd/plugin-lib";
export type AliyunCertInfo = {
crt: string; //fullchain证书
@@ -37,6 +37,7 @@ export type CasCertId = {
certId: number;
certIdentifier: string;
certName: string;
detail?: SimpleCertDetail;
}
export class AliyunSslClient {
opts: AliyunSslClientOpts;
@@ -119,10 +120,12 @@ export class AliyunSslClient {
this.checkRet(ret);
this.opts.logger.info("证书上传成功:aliyunCertId=", ret.CertId);
//output
const certReader = new CertReader(req.cert as any);
return {
certId: ret.CertId,
certName: req.name,
certIdentifier: this.getCertIdentifier(ret.CertId),
detail:certReader.getSimpleDetail(),
}
}
@@ -136,7 +139,8 @@ export class AliyunSslClient {
const certInfo = cert as CertInfo;
// 上传证书到阿里云
this.logger.info(`开始上传证书`);
const certName = CertReader.buildCertName(certInfo);
const certReader = new CertReader(certInfo);
const certName = certReader.buildCertName();
const res = await this.uploadCertificate({
name: certName,
cert: certInfo
@@ -151,7 +155,7 @@ export class AliyunSslClient {
return {
certId,
certIdentifier,
certName
certName,
}
}
+1 -1
View File
@@ -1 +1 @@
00:07
01:07
+1 -1
View File
@@ -1 +1 @@
00:23
01:28