Sure API
Use this skill when the user asks to:
- - operate Sure through its API
- inspect accounts, transactions, categories, tags, merchants, imports, holdings, trades, valuations, or chats
- create/update/delete supported Sure resources safely
- verify whether the upstream Sure API changed
- keep this skill in sync with the official Sure API docs
Official source-of-truth URLs
These are the URLs the agent should trust first when updating or validating this skill:
- - Sure repo: �INLINECODE0
- API docs directory: �INLINECODE1
- OpenAPI spec page: �INLINECODE2
- Raw OpenAPI download used by the update script: �INLINECODE3
If behavior and local scripts disagree, re-check the upstream OpenAPI first.
Local config
Read secrets from secure env only:
- - �INLINECODE4
- INLINECODE5
Single source of truth: �INLINECODE6
Never paste the API key into chat or into non-secure files.
Auth
Default auth header:
Note: the current upstream OpenAPI snapshot also shows Authorization header notes on some valuation endpoints. Treat upstream OpenAPI as authoritative if those endpoints behave differently in practice.
Skill layout
CODEBLOCK0
Capability model
This skill has two layers:
Layer 1: high-level wrapped commands
Use these first for common operations.
Implemented in scripts/sure_api_cli.js:
- - �INLINECODE10
- INLINECODE11
- INLINECODE12
- INLINECODE13
- INLINECODE14
- INLINECODE15
- INLINECODE16
- INLINECODE17
- INLINECODE18
- INLINECODE19
- INLINECODE20
- INLINECODE21
- INLINECODE22
- INLINECODE23
- INLINECODE24
Layer 2: raw official endpoint access
For any official endpoint not yet wrapped by the high-level CLI, use:
This means the skill can still operate against official endpoints such as:
- - merchant detail
- holding detail
- import detail / create import
- trade create / retrieve / update / delete
- valuation create / retrieve / update
- chats list / create / retrieve / update / delete / send message / retry
- other official endpoints present in �INLINECODE26
Quick start
Smoke test
CODEBLOCK1
Common wrapped commands
CODEBLOCK2
Safe write pattern
Always prefer:
- 1. read current state
- dry-run if the wrapped command supports it
- send the real write only with explicit confirmation flags
Example:
CODEBLOCK3
Raw endpoint examples for official API coverage
Retrieve a merchant by id
CODEBLOCK4
Retrieve a holding by id
CODEBLOCK5
Retrieve an import by id
CODEBLOCK6
Create an import from raw CSV content
CODEBLOCK7
Create a trade
CODEBLOCK8
Create a valuation
CODEBLOCK9
Create a chat and send a message
CODEBLOCK10
Pagination and filtering
Most list endpoints return a resource list plus a pagination block.
Typical filters in the official API include:
- - �INLINECODE27
- INLINECODE28
- account/category/merchant/tag ids
- date or date ranges
- type/status filters on some resources
For exact parameters, read references/openapi.yaml.
Error handling
- -
401 / 403 → auth missing, invalid, or insufficient feature scope - INLINECODE32� → wrong path or object not found
- INLINECODE33� → validation error; inspect request body against �INLINECODE34
- INLINECODE35� /
5xx → retry with backoff up to 3 times if the action is idempotent
Self-update this skill
This skill is designed to be self-maintainable.
Fast refresh from official API
CODEBLOCK11
What it does:
- 1. downloads the latest official OpenAPI from the Sure GitHub repo
- overwrites �INLINECODE37
- regenerates �INLINECODE38
After updating OpenAPI
Do this in order:
- 1. re-read �INLINECODE39
- compare new endpoints/params with current �INLINECODE40
- extend high-level wrappers only for endpoints that are common, stable, and worth scripting
- keep less-common endpoints accessible via �INLINECODE41
- run acceptance checks
When to read references
Read references/openapi.yaml when you need:
- - exact request bodies
- exact response shapes
- enum values
- parameter names
- authoritative behavior after upstream changes
Read references/api_endpoints_summary.md when you need:
- - a fast endpoint inventory
- a quick check of what the upstream API currently exposes
ClawHub publish readiness
Before publishing or bumping a version, run:
CODEBLOCK12
Optional live API validation:
CODEBLOCK13
The acceptance script checks:
- - required files exist
- INLINECODE44� frontmatter is valid enough for publishing
- official URLs are present
- self-update instructions are present
- endpoint summary matches the checked-in OpenAPI
- optional live smoke test passes
ClawHub publish commands
First confirm login:
CODEBLOCK14
Initial publish example:
CODEBLOCK15
Update publish example:
CODEBLOCK16
Notes for future maintenance
- - Keep
SKILL.md concise; put exact API detail in references/. - Do not add README / CHANGELOG / extra docs just for packaging.
- Only wrap high-value flows in
sure_api_cli.js; leave long-tail official endpoints to the raw request wrapper. - If upstream removes or renames endpoints, update examples and acceptance checks in the same commit.
Sure API
当用户要求以下操作时使用此技能:
- - 通过API操作Sure
- 查看账户、交易、分类、标签、商户、导入、持仓、交易记录、估值或聊天
- 安全地创建/更新/删除支持的Sure资源
- 验证上游Sure API是否发生变化
- 使此技能与官方Sure API文档保持同步
官方权威来源URL
代理在更新或验证此技能时应优先信任以下URL:
- - Sure仓库:https://github.com/we-promise/sure
- API文档目录:https://github.com/we-promise/sure/tree/main/docs/api
- OpenAPI规范页面:https://github.com/we-promise/sure/blob/main/docs/api/openapi.yaml
- 更新脚本使用的原始OpenAPI下载地址:https://raw.githubusercontent.com/we-promise/sure/main/docs/api/openapi.yaml
如果行为与本地脚本不一致,请首先重新检查上游OpenAPI。
本地配置
仅从安全环境读取密钥:
唯一权威来源:secure/api-fillin.env
切勿将API密钥粘贴到聊天或非安全文件中。
认证
默认认证头:
注意:当前上游OpenAPI快照在某些估值端点上还显示了Authorization头注释。如果这些端点在实践中行为不同,请以上游OpenAPI为准。
技能结构
text
skills/sure-api/
├── SKILL.md
├── references/
│ ├── openapi.yaml
│ └── apiendpointssummary.md
└── scripts/
├── sureapirequest.sh
├── sureapismoke.sh
├── sureapicli.js
├── sureopenapiupdate.sh
├── sureopenapisummarize.js
└── sureapiacceptance.sh
能力模型
此技能具有两层结构:
第一层:高级封装命令
优先使用这些进行常见操作。
在scripts/sureapicli.js中实现:
- - accounts:list
- categories:list
- tags:list
- tags:create
- tags:update
- tags:delete
- merchants:list
- transactions:list
- transactions:get
- transactions:create
- transactions:update
- transactions:delete
- imports:list
- holdings:list
- trades:list
第二层:原始官方端点访问
对于高级CLI尚未封装的任何官方端点,使用:
- - bash skills/sure-api/scripts/sureapirequest.sh <方法> <路径> [curl参数...]
这意味着该技能仍然可以对官方端点进行操作,例如:
- - 商户详情
- 持仓详情
- 导入详情/创建导入
- 交易创建/检索/更新/删除
- 估值创建/检索/更新
- 聊天列表/创建/检索/更新/删除/发送消息/重试
- references/openapi.yaml中存在的其他官方端点
快速开始
冒烟测试
bash
bash skills/sure-api/scripts/sureapismoke.sh
常用封装命令
bash
node skills/sure-api/scripts/sureapicli.js accounts:list
node skills/sure-api/scripts/sureapicli.js categories:list --classification expense
node skills/sure-api/scripts/sureapicli.js tags:list
node skills/sure-api/scripts/sureapicli.js merchants:list
node skills/sure-api/scripts/sureapicli.js transactions:list --startdate 2026-03-01 --enddate 2026-03-31 --type expense
node skills/sure-api/scripts/sureapicli.js holdings:list --account_id
node skills/sure-api/scripts/sureapicli.js trades:list --accountid --startdate 2026-03-01 --end_date 2026-03-31
安全写入模式
始终优先:
- 1. 读取当前状态
- 如果封装命令支持,进行试运行
- 仅在明确确认标志下发送真实写入
示例:
bash
node skills/sure-api/scripts/sureapicli.js transactions:create \
--account_id \
--date 2026-03-01 \
--amount 12.34 \
--name 午饭 \
--nature expense \
--dry-run
node skills/sure-api/scripts/sureapicli.js transactions:create \
--account_id \
--date 2026-03-01 \
--amount 12.34 \
--name 午饭 \
--nature expense \
--yes
官方API覆盖的原始端点示例
按ID检索商户
bash
bash skills/sure-api/scripts/sureapirequest.sh GET /api/v1/merchants/<商户ID>
按ID检索持仓
bash
bash skills/sure-api/scripts/sureapirequest.sh GET /api/v1/holdings/<持仓ID>
按ID检索导入
bash
bash skills/sure-api/scripts/sureapirequest.sh GET /api/v1/imports/<导入ID>
从原始CSV内容创建导入
bash
bash skills/sure-api/scripts/sureapirequest.sh POST /api/v1/imports \
-H Content-Type: application/json \
-d {
rawfilecontent: date,amount,name\n2026-03-01,12.34,午饭,
type: TransactionImport,
account_id: <账户UUID>,
publish: true
}
创建交易记录
bash
bash skills/sure-api/scripts/sureapirequest.sh POST /api/v1/trades \
-H Content-Type: application/json \
-d {
trade: {
account_id: <账户UUID>,
date: 2026-03-01,
qty: 10,
price: 12.5,
type: buy,
ticker: AAPL
}
}
创建估值
bash
bash skills/sure-api/scripts/sureapirequest.sh POST /api/v1/valuations \
-H Content-Type: application/json \
-d {
valuation: {
account_id: <账户UUID>,
amount: 10000,
date: 2026-03-01,
notes: 月末估值
}
}
创建聊天并发送消息
bash
bash skills/sure-api/scripts/sureapirequest.sh POST /api/v1/chats \
-H Content-Type: application/json \
-d {title:月度回顾,message:总结三月支出}
bash skills/sure-api/scripts/sureapirequest.sh POST /api/v1/chats/<聊天ID>/messages \
-H Content-Type: application/json \
-d {content:显示最大的商户变化}
分页与过滤
大多数列表端点返回资源列表加分页块。
官方API中的典型过滤条件包括:
- - page
- per_page
- 账户/分类/商户/标签ID
- 日期或日期范围
- 某些资源上的类型/状态过滤
具体参数请阅读references/openapi.yaml。
错误处理
- - 401 / 403 → 认证缺失、无效或功能范围不足
- 404 → 路径错误或对象未找到
- 422 → 验证错误;对照references/openapi.yaml检查请求体
- 429 / 5xx → 如果操作是幂等的,最多重试3次并带退避
自我更新此技能
此技能设计为可自我维护。
从官方API快速刷新
bash
bash skills/sure-api/scripts/sureopenapiupdate.sh
执行内容:
- 1. 从Sure GitHub仓库下载最新的官方OpenAPI
- 覆盖references/openapi.yaml
- 重新生成references/apiendpointssummary.md
更新OpenAPI后
按顺序执行:
- 1. 重新阅读references/apiendpointssummary.md
- 将新端点/参数与当前sureapicli.js进行比较
- 仅为常见、稳定且值得编写脚本的端点扩展高级封装
- 保留不常见端点通过sureapirequest.sh访问
- 运行验收检查
何时阅读参考资料
当需要以下内容时阅读references/openapi.yaml:
- - 精确的请求体
- 精确的响应结构
- 枚举值
- 参数名称
- 上游变更后的权威行为
当需要以下内容时阅读references/api_end
