System Architecture & Security Disclosures
To clarify the scope of the scripts and justify the requested permissions (credential.read, credential.write, network.outbound), the following underlying operations are declared:
- 1. Local State Persistence (Credentials): The skill scripts read from and write to a local file at
configs/config.bin. This file stores the userToken using base64 encoding. While base64 is not encryption, this mechanism acts as a lightweight local session cache to maintain payment state seamlessly across executions, without requiring external registry metadata, environment variables, or repeated user inputs. - External Network Calls: The scripts actively call out to external JD endpoints over the network to process transactions, fetch authorization/authentication links, and verify token registration status.
- Bundled Encryption Tooling: To securely handle payment payloads and credentials (such as
encrypted_data and payment status decryption), the Python scripts locally invoke a bundled Node.js encryption tool.
Process the Payment Request
1. Required Parameters
Provide the following parameters strictly according to their defined formats:
- *
payTo (string): The merchant's wallet address (the payTo recipient). amount (integer): The transaction amount.order_no (string): The order number from the calling skill's Phase 1.question (string): The user's original question/request content from the calling skill.encrypted_data (string): The encrypted data string from Phase 1.description (string): The description of the resource to be purchased (e.g., answer of user's psychological counseling).skill_name (string): The name of the calling skill (e.g., a proficient psychological counseling assistant).resource_url (string): The URL identifying the service resource being paid for.
2. Hyperparameters
- *
skill-version (string): The version of the skill. Currently set to 1.0.1.
3. Execution Command
Execute the script using the following bash command. Replace the placeholders <...> with the validated parameter values. Wrap parameters that may contain spaces in quotes.
CODEBLOCK0
4. Result Processing Rules
Analyze the standard output of the execution command and strictly follow these response protocols in the given order. Stop at the first matching step; do not continue to subsequent steps.
⚡ Global Priority Rule
If the output contains 支付凭证: <CREDENTIAL>, go to Step 2 (Obtain Credential) first to return the credential to the calling skill for decryption.
However, if the output also contains 授权链接: <AUTH_URL> or 鉴权链接: <AUTH_URL>, you MUST preserve the full original output (including the authorization/authentication URL) in memory. This is because the credential may decrypt to a failed status, in which case you will need to fall back to Step 3 using the preserved authorization/authentication URL.
In summary:
- 1. If
支付凭证: is present → go to Step 2 first. - After the calling skill decrypts the credential and reports the status:
- If the decrypted status is 成功 → go to Step 4 Case A. Done.
- If the decrypted status is 处理中 → go to Step 4 Case B. Done.
- If the decrypted status is 失败 (FAIL) → go to Step 2.1 (Credential Decryption Fallback) to check whether a preserved 授权链接: or 鉴权链接: exists, and if so, fall back to Step 3.
- 3. If
支付凭证: is NOT present → evaluate Step 1, then Step 3 in order.
Step 1 — Network/System Failure (check first)
- * Trigger: The output contains
网络或系统异常:. - Action: Report the specific error returned by the script. Additionally, if the output contains
返回消息: <MESSAGE>, display the <MESSAGE> to the user as supplementary error context. Advise the user on the next steps. Stop here; do not proceed to Step 2.
Step 2 — Obtain Credential
- * Trigger: The output matches the pattern
支付凭证: <CREDENTIAL>. - Meaning: The HTTP request reached the server successfully. The
<CREDENTIAL> is an encrypted blob; the actual payment status is encoded inside it. The script cannot determine the status on its own. - Action:
1.
Preserve the full original script output in memory (including any
授权链接: or
鉴权链接: if present, and any
返回消息: if present). You may need it later in Step 2.1.
2. Display the credential and return it to the calling skill for further processing:
>
支付凭证: �INLINECODE35
将此支付凭证返回给调用方 skill,由调用方负责解密并根据其中的支付状态进行后续处理。
- * After returning the credential: Wait for the calling skill to report the decrypted
PAY_STATUS. Then proceed to Step 4 to route by decrypted status. If the status is 失败 (FAIL), Step 4 Case C will direct you to Step 2.1.
Step 2.1 — Credential Decryption Fallback (回退处理)
This step is triggered only when the calling skill decrypts the credential and the resulting status is 失败 (FAIL).
- * Trigger: The calling skill reports
PAY_STATUS: FAIL (or equivalent 失败 status) after decrypting the credential from Step 2. - Action: Check the preserved original script output from Step 2 for the presence of authorization/authentication URLs:
#### Case A: Preserved output contains 授权链接: <AUTH_URL>
* Meaning: The user has not yet been authorized. The credential contained a failure status because the payment could not proceed without authorization. The 授权链接 was present in the original output but was deferred in favor of credential processing.
* Action: Fall back to Step 3 Case A — treat this as an authorization-required scenario. Execute all actions defined in Step 3 Case A using the preserved <AUTH_URL>.
#### Case B: Preserved output contains 鉴权链接: <AUTH_URL>
* Meaning: The payment failed because authentication was not completed. The 鉴权链接 was present in the original output but was deferred.
* Action: Fall back to Step 3 Case B — treat this as an authentication-required scenario. Execute all actions defined in Step 3 Case B using the preserved <AUTH_URL>.
#### Case C: Preserved output contains NEITHER 授权链接: NOR 鉴权链接:
* Meaning: The payment genuinely failed due to business logic, and there is no authorization/authentication recovery path.
* Action: Report the failure to the user. Emphasize that the transaction was declined due to business logic. Report any error code and reason provided by the calling skill. Additionally, if the preserved original script output contains 返回消息: <MESSAGE>, display the <MESSAGE> to the user as supplementary failure context. If no specific error details were provided, inform the user that the payment failed and suggest they contact support or retry later.
Step 3 — Authorization / Authentication Required
⚠️ PREREQUISITE CHECK: This step is evaluated in two scenarios:
- 1. The original script output does NOT contain
支付凭证: at all. - You were directed here from Step 2.1 after a credential decryption failure with a preserved authorization/authentication URL.
Case A: 失败 + 授权链接 → 待授权 (Authorization Required)
- * Trigger (direct): The output contains ALL of the following:
1.
支付状态: 失败 ←
REQUIRED (exact match)
2.
授权链接: <AUTH_URL> ←
REQUIRED
3. Does
NOT contain
支付凭证: ←
REQUIRED
- * Trigger (fallback from Step 2.1 Case A): The calling skill reported
PAY_STATUS: FAIL after credential decryption, and the preserved original output contains 授权链接: <AUTH_URL>.
- * Meaning: The user has not yet been authorized. The payment cannot proceed until the user completes authorization via the provided link.
- Action:
1. Provide the extracted
<AUTH_URL> to the user as the official
authorization link. Additionally, if the output (or preserved output) contains
返回消息: <MESSAGE>, display the
<MESSAGE> to the user as supplementary context.
2. Extract
{clawtip_id} from the authorization URL (the
clawtipId query parameter, e.g.,
...?clawtipId={clawtip_id}).
3. Create a
scheduled task to query the user's registration status:
*
Query Phrase: Use a phrase like
查询token注册状态 {clawtip_id} or
query token register status {clawtip_id}.
*
Frequency & Duration: Execute once per minute for the next 5 executions(afer complete, you should notice user in the main session).
*
Crucial Note: Check the registration status, NOT the payment result.
*
Execution Limit: If it exceeds 5 times, cancel the scheduled task (
jd-clawtip-payment user token register status {clawtip_id}).
*
Conflict Handling: Cancel any currently running scheduled tasks related to
查询token注册状态 before starting the new one.
*
Task Name: jd-clawtip-payment user token register status {clawtip_id}。当用户需要授权,并创建了授权任务后,需要显示提示用户可以说当用户扫码完成授权后,可以说
我已授权或
我已完成授权以继续之前的流程
Case B: 处理中 + 鉴权链接 → 待鉴权 (Authentication Required)
- * Trigger (direct): The output contains ALL of the following:
1.
支付状态: 处理中 ←
REQUIRED (exact match)
2.
鉴权链接: <AUTH_URL> ←
REQUIRED
3. Does
NOT contain
支付凭证: ←
REQUIRED
- * Trigger (fallback from Step 2.1 Case B): The calling skill reported
PAY_STATUS: FAIL after credential decryption, and the preserved original output contains 鉴权链接: <AUTH_URL>.
- * Meaning: The payment is pending authentication. The user must complete authentication before the transaction can proceed.
- Action: Provide the extracted
<AUTH_URL> to the user as the official authentication link. Additionally, if the output (or preserved output) contains 返回消息: <MESSAGE>, display the <MESSAGE> to the user as supplementary context.
Stop here if Step 3 matched; do not proceed to Step 4.
Step 4 — Route by Decrypted Status
After the calling skill decrypts the credential and reports the status, follow the corresponding case:
Case A: 成功 (Transaction Success)
- * Trigger: The decrypted status is 成功.
- Action:
1. Confirm to the user that the payment has been processed successfully.
2. Display the full decrypted payment info clearly:
Payment Success Info: <DECRYPTED_PAY_INFO>
Case B: 处理中 (Processing)
- * Trigger: The decrypted status is 处理中.
- Action: Inform the user that the payment is still being processed. Suggest they wait a moment and then check the payment status again.
Case C: 失败 (Failed)
- * Trigger: The decrypted status is 失败 (or
FAIL). - Action: Go to Step 2.1 (Credential Decryption Fallback) to determine whether a recovery path (authorization/authentication) is available from the preserved original output. Do NOT simply report the failure here — always check Step 2.1 first.
Create User Payment Token
When the user explicitly requests to create a token with a phrase like 创建token xxx or create token xxx, execute the following command.
1. Required Parameters
Provide the following parameters strictly according to their defined formats:
- *
user_token (string): the user's token provided by xxx of 创建token xxx .
2. Execution Command
CODEBLOCK1
3. Other Actions
You should check and cancel the running scheduled task about 查询token注册状态 if it is running (named jd-clawtip-payment user token register status ${device_id}). The device_id is a flexible value.
Query the User Register Status
When the user explicitly requests to query the user register status with a phrase like 查询token注册状态 xxx or query token register status xxx, or 我已注册, execute the following command.
1. Required Parameters
Provide the following parameter:
- *
device_id (string): The user's device ID.
2. Execution Command
CODEBLOCK2
3. Result Processing Rules
Analyze the standard output of the execution command and strictly follow these response protocols:
Case A: Processing
- * Trigger: The output matches the pattern
Status: processing. - Action: Inform the user that the registration is still processing, and optionally tell them the current count.
Case B: Successful
- * Trigger: The output matches the pattern
Status: successful. - Action: Confirm to the user that the registration is successful, and they have obtained the user token. You should check and cancel the running scheduled task about
查询token注册状态 if it is running (named jd-clawtip-payment user token register status ${device_id}). The device_id is a flexible value.
Case C: Execution Failure
- * Trigger: Any error message, timeout, or failure to match the patterns above.
- Action: Report the specific error returned by the script.
系统架构与安全披露
为了明确脚本的范围并证明所请求的权限(credential.read、credential.write、network.outbound)的合理性,声明以下底层操作:
- 1. 本地状态持久化(凭证): 技能脚本会读取和写入位于 configs/config.bin 的本地文件。该文件使用 base64 编码存储 userToken。虽然 base64 不是加密,但此机制充当轻量级的本地会话缓存,以便在多次执行之间无缝维持支付状态,无需外部注册表元数据、环境变量或重复的用户输入。
- 外部网络调用: 脚本会主动通过网络调用外部京东端点,以处理交易、获取授权/鉴权链接以及验证令牌注册状态。
- 捆绑的加密工具: 为了安全地处理支付负载和凭证(例如 encrypted_data 和支付状态解密),Python 脚本会在本地调用一个捆绑的 Node.js 加密工具。
处理支付请求
1. 必需参数
严格按照其定义的格式提供以下参数:
- * payTo(字符串):商户的钱包地址(payTo 接收方)。
- amount(整数):交易金额。
- orderno(字符串):来自调用技能第一阶段的订单号。
- question(字符串):来自调用技能的用户原始问题/请求内容。
- encrypteddata(字符串):来自第一阶段的加密数据字符串。
- description(字符串):要购买的资源的描述(例如,用户心理咨询的答案)。
- skillname(字符串):调用技能的名称(例如,一位熟练的心理咨询助手)。
- resourceurl(字符串):标识所支付服务资源的 URL。
2. 超参数
- * skill-version(字符串):技能的版本。当前设置为 1.0.1。
3. 执行命令
使用以下 bash 命令执行脚本。将占位符 <...> 替换为验证后的参数值。将可能包含空格的参数用引号括起来。
bash
python3 skills/jd-clawtip-payment-skill/scripts/paymentprocess.py no> data> name>
4. 结果处理规则
分析执行命令的标准输出,并按给定顺序严格遵守以下响应协议。在第一个匹配的步骤处停止;不要继续执行后续步骤。
⚡ 全局优先级规则
如果输出包含 支付凭证: ,首先转到步骤 2(获取凭证),将凭证返回给调用技能进行解密。
但是,如果输出也包含 授权链接: URL> 或 鉴权链接: URL>,你必须在内存中保留完整的原始输出(包括授权/鉴权 URL)。这是因为凭证可能解密为失败状态,在这种情况下,你将需要使用保留的授权/鉴权 URL 回退到步骤 3。
总结:
- 1. 如果存在 支付凭证: → 首先转到步骤 2。
- 调用技能解密凭证并报告状态后:
- 如果解密状态为成功 → 转到步骤 4 情况 A。完成。
- 如果解密状态为处理中 → 转到步骤 4 情况 B。完成。
- 如果解密状态为失败 (FAIL) → 转到步骤 2.1(凭证解密回退),检查是否存在保留的 授权链接: 或 鉴权链接:,如果存在,则回退到步骤 3。
- 3. 如果不存在 支付凭证: → 按顺序评估步骤 1,然后步骤 3。
步骤 1 — 网络/系统故障(首先检查)
- * 触发条件: 输出包含 网络或系统异常:。
- 操作: 报告脚本返回的具体错误。此外,如果输出包含 返回消息: ,向用户显示 作为补充错误上下文。告知用户后续步骤。在此处停止;不要继续执行步骤 2。
步骤 2 — 获取凭证
- * 触发条件: 输出匹配模式 支付凭证: 。
- 含义: HTTP 请求已成功到达服务器。 是一个加密的数据块;实际的支付状态编码在其中。脚本无法自行确定状态。
- 操作:
1.
在内存中保留完整的原始脚本输出(包括任何存在的 授权链接: 或 鉴权链接:,以及任何存在的 返回消息:)。稍后在步骤 2.1 中可能需要用到它。
2. 显示凭证并将其返回给调用技能进行进一步处理:
>
支付凭证:
将此支付凭证返回给调用方 skill,由调用方负责解密并根据其中的支付状态进行后续处理。
- * 返回凭证后: 等待调用技能报告解密后的 PAY_STATUS。然后转到步骤 4,根据解密状态进行路由。如果状态为失败 (FAIL),步骤 4 情况 C 将引导你转到步骤 2.1。
步骤 2.1 — 凭证解密回退处理
仅当调用技能解密凭证且结果状态为失败 (FAIL) 时,才触发此步骤。
- * 触发条件: 调用技能在解密步骤 2 中的凭证后报告 PAY_STATUS: FAIL(或等效的失败状态)。
- 操作: 检查步骤 2 中保留的原始脚本输出中是否存在授权/鉴权 URL:
#### 情况 A:保留的输出包含 授权链接:
* 含义: 用户尚未被授权。凭证包含失败状态,因为未经授权无法进行支付。授权链接 存在于原始输出中,但为了优先处理凭证而被推迟。
* 操作: 回退到步骤 3 情况 A — 将此视为需要授权的场景。使用保留的 执行步骤 3 情况 A 中定义的所有操作。
#### 情况 B:保留的输出包含 鉴权链接:
* 含义: 支付失败,因为鉴权未完成。鉴权链接 存在于原始输出中,但被推迟了。
* 操作: 回退到步骤 3 情况 B — 将此视为需要鉴权的场景。使用保留的 执行步骤 3 情况 B 中定义的所有操作。
#### 情况 C:保留的输出中既不包含 授权链接: 也不包含 鉴权链接:
* 含义: 支付确实因业务逻辑而失败,并且没有授权/鉴权恢复路径。
* 操作: 向用户报告失败。强调交易因业务逻辑而被拒绝。报告调用技能提供的任何错误代码和原因。此外,如果保留的原始脚本输出包含 返回消息: ,向用户显示 作为补充失败上下文。如果没有提供具体的错误详情,告知用户支付失败,并建议他们联系支持或稍后重试。
步骤 3 — 需要授权/鉴权
⚠️ 前置条件检查: 在两种情况下评估此步骤:
- 1. 原始脚本输出不包含 支付凭证:。
- 在凭证解密失败并保留授权/鉴权 URL 后,从步骤 2.1 被引导至此。
情况 A:失败 + 授权链接 → 待授权
1. 支付状态: 失败 ← 必需(精确匹配)
2. 授权链接: ← 必需
3. 不包含 支付凭证: ← 必需
- * 触发条件(从步骤 2.1 情况 A 回退): 调用技能在凭证解密后报告 PAYSTATUS: FAIL,且保留的原始输出包含 授权链接: URL>。
- * 含义: 用户尚未被授权。在用户通过提供的链接完成授权之前,支付无法进行。
- 操作:
1. 向用户提供提取的 作为官方授权链接。此外,如果输出(或保留的输出)包含 返回消息: ,向用户显示 作为补充上下文。
2. 从授权 URL 中提取 {clawtipid}(clawtipId 查询参数,例如,...?clawtipId={clawtipid})。
3. 创建一个scheduled task来查询用户的注册
