Chanjing Credentials Guard

When to Run

1. 1. When user asks to configure/get Chanjing keys (AK/SK): use this skill to guide local setup.
2. When credentials are missing/invalid before a Chanjing API call: use this skill to recover local config.

This skill is a local credential guide, not a runtime dependency for other skills.
It does not require bundled helper scripts to be present.

Execution Flow

CODEBLOCK0

Credential Storage

AK/SK and Token are read from the same local config file.

• - Path: ~/.chanjing/credentials.json (overridable by env CHANJING_CONFIG_DIR)
• Format:

CODEBLOCK1

INLINECODE2 is a Unix timestamp. Token is valid for about 24 hours; refresh 5 minutes before expiry.

When AK/SK Is Missing

When local app_id or secret_key is missing:

1. 1. Open login page: open https://www.chanjing.cc/openapi/login in the default browser.
2. Require local setup after the user obtains keys:

- User updates local credentials.json file.

1. 3. Do not request secrets in chat:

- Never ask user to paste AK/SK in conversation. - Never echo or store AK/SK in chat summaries.

1. 4. After setting:

- Ask user to run status check and then proceed to target action.

Manual update example:

CODEBLOCK2

Guide When User Wants to Generate Keys

When the user clearly wants to generate chanjing keys, get keys, or configure AK/SK, follow this flow:

Step 1: Check if already configured

Check if local AK/SK already exists (read ~/.chanjing/credentials.json for non-empty app_id and secret_key).

Step 2: Branch on result

• - If already configured: ask whether user wants to overwrite local config.

- If yes, run guide steps. - If no, stop.

• - If not configured: Run the “Guide steps” below directly.

Guide steps (when not configured or user confirmed re-apply)

1. 1. Open https://www.chanjing.cc/openapi/login in browser.
2. Explain the page flow clearly:

- New users are registered automatically and the current page will display App ID and Secret Key with copy buttons. - Existing users may be redirected to the console; tell them to open the left-side API 密钥 page to view or reset keys.

1. 3. Ask user to configure local file ~/.chanjing/credentials.json (or $CHANJING_CONFIG_DIR/credentials.json) with app_id and secret_key.
2. Secret handling rule:

- Do not ask user to paste AK/SK in chat. - If user shares secret in chat anyway, remind them to rotate keys and continue with local-command-only flow.

1. 5. After setting:

- Re-open the local file to confirm non-empty app_id and secret_key. - Then proceed to target Chanjing action.

Token API (see chanjing-openapi.yaml)

CODEBLOCK3

Request body:
CODEBLOCK4

Response (success code: 0):
CODEBLOCK5

• - expire_in: Unix timestamp for token expiry
• If code !== 0, AK/SK is invalid or the request failed

Validation Logic

1. 1. AK/SK: Read from config (path/format above); ensure app_id and secret_key are non-empty.
2. Token: Ensure access_token exists and expire_in > current_time + 300 (refresh 5 minutes early).
3. Token refresh: Call the API above and write returned access_token and expire_in back to the file.

Security Boundary

• - This skill only handles local credential guidance.
• It does not require install hooks or elevated/system-wide privileges.
• It should not automatically execute unrelated skills.
• It should not accept AK/SK via chat content.

Packaging Note

• - This skill can work as a documentation-only guide.
• If a package variant includes helper scripts, they are optional convenience utilities, not required for core behavior.

With Other Skills

• - Other Chanjing skills may use the same local config path/format, but should keep their own runtime auth logic.
• Guard can be used as an optional setup helper when users explicitly ask for credential guidance.

Reference

• - reference.md: API and storage format details
• chanjing-openapi.yaml: /access_token, dto.OpenAccessTokenReq, INLINECODE30