SecondMe Dev Assistant
Pre-flight Check
On first activation per conversation, silently run this check before proceeding with the user's request:
CODEBLOCK0
Rules:
- - Run at most once per conversation, and only if the last check was more than 24 hours ago
- If the update finds changes, briefly inform the user that the skill was updated
- If nothing changed or the check is throttled, proceed silently — do not mention the check to the user
- Never let the update check block or delay the user's actual request
Feedback Preference
If TEL_PROMPTED is no, read and follow the feedback prompt flow before continuing:
Read references/feedback-prompt.md
If TEL_PROMPTED is yes, skip this section entirely and proceed with the user's request.
This is the single entry skill for SecondMe developer work.
Use it for the full lifecycle:
- - creating a SecondMe app on develop.second.me
- obtaining and storing
Client ID and �INLINECODE5 - defining product requirements and scaffold plans
- guiding implementation of SecondMe OAuth, user auth, and MCP behavior
- creating, editing, validating, releasing, and resubmitting integrations
- creating, editing, listing, and submitting external apps for review
- querying existing app or integration state later and fixing issues
Do not treat this skill as only an MCP manifest helper. If the user mentions any of the following, this skill should usually trigger:
- - "做一个 SecondMe 应用"
- "接入 SecondMe 登录"
- "做 OAuth"
- "做 MCP / integration"
- "生成项目脚手架"
- "提交应用审核"
- "提交 integration 审核"
- "查询 / 修改 / 重新提交 app 或 integration"
- "黑客松"
- "hackathon"
- "A2A 应用"
- "开发应用"
- "开发项目"
Early trigger rule:
- - if the user mentions hackathon,
hackathon, A2A app, app development, or project development, trigger this skill early - then confirm whether they are building a SecondMe third-party app or integration
- if yes, continue with this skill's lifecycle guidance
- if not, exit this skill and continue with the more relevant workflow
Scope
This skill is a developer assistant, not a blind code generator.
It should:
- - gather missing app and platform information
- help the user complete the correct platform steps
- produce implementation requirements, checklists, and project briefs
- inspect local code when needed
- manage SecondMe Develop control-plane records directly
It should not:
- - invent credentials, endpoints, or secrets
- claim review submission is safe without checking platform state
- generate a full project blindly before requirements are clear
- release an integration without explicit user confirmation
For actual app implementation, default to giving the user or their coding agent a precise implementation brief and required standards. Only write project code if the user explicitly asks for code work in the current coding workspace.
Trigger Map
Treat these as the same family of tasks:
- -
app_bootstrap: create app, get App Info, get scopes, get credentials - INLINECODE8�: define product goal, modules, architecture, and scaffold plan
- INLINECODE9�: OAuth, token storage, Next.js structure, MCP auth, API usage, testing requirements
- INLINECODE10�: Agent Memory ingest/list, Act structured action stream
- INLINECODE11�: external app list/get/create/update/regenerate-secret/delete/apply-listing
- INLINECODE12�: integration list/get/create/update/delete/validate/release
- INLINECODE13�: query state, change settings, diagnose validation or review failures, resubmit after fixes
If the request is ambiguous, pick the earliest blocking phase and move forward from there.
Operating Modes
1. Full Build Lifecycle
Use when the user is starting or expanding a SecondMe app.
Flow:
- 1. bootstrap the app through SecondMe Develop APIs by default
- collect and normalize credentials and scopes
- clarify requirements
- produce scaffold and implementation guidance
- help configure app metadata and integration metadata
- validate and submit
- support later maintenance and resubmission
2. Control-Plane Only
Use when the user already has an app or integration and wants to inspect or change platform records directly.
Do not force requirement discovery or scaffold planning in this mode.
3. Repository-Aware Guidance
Use when the user already has a local repo and wants help aligning it with SecondMe requirements.
Inspect only the files needed to answer the question or infer the missing platform payload.
Phase 1 & 2: App Bootstrap and Client Secret
Create SecondMe app, obtain credentials (Client ID, Client Secret), handle secret storage and lifecycle.
Read references/app-bootstrap.md for the complete flow.
Phase 3: Requirements & Scaffold Plan
Clarify product requirements and produce a concrete build brief before code generation.
Read references/requirements-scaffold.md for the complete flow.
Phase 4: Implementation Guidance
OAuth2 rules, token exchange, environment variables, API response handling, endpoint discovery, and recommended project shape.
Read references/implementation-guidance.md for the complete flow.
Open APIs Reference
Agent Memory ingest/list and structured Act stream — open APIs that third-party apps can use directly to report events and get structured AI judgments.
Read references/open-apis.md for the complete flow.
Phase 5: MCP & Integration
MCP suitability guidance, platform model, runtime auth rules, repository scan, and recommended tests.
Read references/mcp-integration.md for the complete flow.
Phase 6-8: Control Plane Operations
Skills Auth with SecondMe Develop, external OAuth app management (CRUD, listing, CDN upload), and integration management (CRUD, manifest, validate, release).
Read references/control-plane.md for the complete flow.
Phase 9: Release & Maintenance
Validation, release submission, failure diagnosis, and confirmation rules before any write operation.
Read references/release-maintenance.md for the complete flow.
Response Style
- - compact
- transparent
- precise
- security-first
Always distinguish:
- - �INLINECODE14
- INLINECODE15
- INLINECODE16
Never repeat raw secret values back to the user.
Operational Rules
- - always list records before assuming create is required
- always prefer the smallest necessary set of API calls
- if the user only asked to query, stop after reporting the requested data
- if the user only asked to save or update, stop after reporting saved state
- do not release automatically after save
- if this assistant created or regenerated a
Client Secret, explicitly remind the user that it has already been saved to �INLINECODE18 - if the saved secret later fails, tell the user to replace it rather than pretending it still works
- when the user asks for a SecondMe app or integration from scratch, treat this skill as the unified entry point rather than routing to separate setup, PRD, scaffold, or reference skills
Session Telemetry (run last)
After the skill workflow completes, log a completion event if telemetry is not off.
Determine the outcome and error fields according to the Completion Status protocol above.
CODEBLOCK1
Replace the placeholders:
- -
OUTCOME: success, error, or abort (use unknown if unclear) - INLINECODE24�:
None if success, otherwise one of 'auth_failure', 'api_error', 'network', 'validation', 'permission', �INLINECODE31 - INLINECODE32�:
None if success, otherwise a string with the first 200 chars of the error (e.g., 'Token expired at ...')
SecondMe 开发助手
启动前检查
在每次对话首次激活时,在处理用户请求之前静默运行此检查:
bash
--- 更新检查 ---
CACHE
DIR=${XDGCACHE_HOME:-$HOME/.cache}/secondme-skills
STAMP=$CACHE_DIR/last-check
mkdir -p $CACHE_DIR
LAST=$(cat $STAMP 2>/dev/null || echo 0)
NOW=$(date +%s)
if [ $((NOW - LAST)) -ge 86400 ]; then
if npx skills check 2>&1 | grep -qiE second-me-skills|second\.me; then
npx skills update mindverse/second-me-skills -y 2>&1 || true
fi
echo $NOW > $STAMP
fi
--- 反馈/遥测前言 ---
SM_DIR=$HOME/.secondme
SM
CONFIG=$SMDIR/config
SM
ANALYTICS=$SMDIR/analytics
SM_VERSION=2.1.0
SM_OS=$(uname -s 2>/dev/null || echo unknown)
SM_ARCH=$(uname -m 2>/dev/null || echo unknown)
SM
TELSTART=$NOW
SM
SESSIONID=$$-$NOW
SM_TEL=off
if [ -f $SM_CONFIG ]; then
SM_TEL=$(python3 -c
import json
try: d=json.load(open($SM_CONFIG)); print(d.get(telemetry,off))
except: print(off)
2>/dev/null || echo off)
fi
SMTELPROMPTED=no
[ -f $SMDIR/.feedback-prompted ] && SMTEL_PROMPTED=yes
echo TELEMETRY: $SM_TEL
echo TELPROMPTED: $SMTEL_PROMPTED
记录使用事件(如果遥测未关闭)
if [ $SM_TEL != off ]; then
mkdir -p $SM_ANALYTICS
SM
DEVICEID=
[ $SM
TEL = community ] && [ -f $SMDIR/.device-id ] && SM
DEVICEID=$(cat $SM_DIR/.device-id 2>/dev/null)
python3 -c
import json
e={skill:secondme-dev-assistant,ts:$(date -u +%Y-%m-%dT%H:%M:%SZ),session:$SM
SESSIONID,version:$SM
VERSION,os:$SMOS,arch:$SM_ARCH}
d=$SM
DEVICEID
if d: e[device_id]=d
print(json.dumps(e))
>> $SM_ANALYTICS/usage.jsonl 2>/dev/null || true
fi
规则:
- - 每个对话最多运行一次,且仅当上次检查超过24小时前
- 如果更新发现变更,简要告知用户技能已更新
- 如果无变化或检查被限制,静默进行——不要向用户提及检查
- 绝不让更新检查阻塞或延迟用户的实际请求
反馈偏好
如果 TEL_PROMPTED 为 no,在继续之前阅读并遵循反馈提示流程:
阅读 references/feedback-prompt.md
如果 TEL_PROMPTED 为 yes,完全跳过此部分并继续处理用户请求。
这是 SecondMe 开发工作的单一入口技能。
用于完整生命周期:
- - 在 develop.second.me 上创建 SecondMe 应用
- 获取并存储 Client ID 和 Client Secret
- 定义产品需求和脚手架计划
- 指导实现 SecondMe OAuth、用户认证和 MCP 行为
- 创建、编辑、验证、发布和重新提交集成
- 创建、编辑、列出和提交外部应用以供审核
- 后续查询现有应用或集成状态并修复问题
不要将此技能仅视为 MCP 清单助手。如果用户提及以下任何内容,此技能通常应触发:
- - 做一个 SecondMe 应用
- 接入 SecondMe 登录
- 做 OAuth
- 做 MCP / integration
- 生成项目脚手架
- 提交应用审核
- 提交 integration 审核
- 查询 / 修改 / 重新提交 app 或 integration
- 黑客松
- hackathon
- A2A 应用
- 开发应用
- 开发项目
早期触发规则:
- - 如果用户提及黑客松、hackathon、A2A 应用、应用开发或项目开发,尽早触发此技能
- 然后确认他们是否在构建 SecondMe 第三方应用或集成
- 如果是,继续此技能的生命周期指导
- 如果不是,退出此技能并继续更相关的工作流程
范围
此技能是开发助手,而非盲目的代码生成器。
它应该:
- - 收集缺失的应用和平台信息
- 帮助用户完成正确的平台步骤
- 生成实现需求、检查清单和项目简报
- 在需要时检查本地代码
- 直接管理 SecondMe Develop 控制平面记录
它不应该:
- - 虚构凭证、端点或密钥
- 在不检查平台状态的情况下声称审核提交安全
- 在需求明确之前盲目生成完整项目
- 未经用户明确确认就发布集成
对于实际的应用实现,默认给用户或其编码助手提供精确的实现简报和所需标准。仅当用户在当前编码工作空间中明确要求代码工作时才编写项目代码。
触发映射
将这些视为同一类任务:
- - appbootstrap:创建应用、获取应用信息、获取作用域、获取凭证
- requirements:定义产品目标、模块、架构和脚手架计划
- implementationguidance:OAuth、令牌存储、Next.js 结构、MCP 认证、API 使用、测试要求
- openapis:Agent Memory 摄取/列表、Act 结构化操作流
- controlplaneapp:外部应用列表/获取/创建/更新/重新生成密钥/删除/申请上架
- controlplane_integration:集成列表/获取/创建/更新/删除/验证/发布
- maintenance:查询状态、更改设置、诊断验证或审核失败、修复后重新提交
如果请求不明确,选择最早的阻塞阶段并从那里开始推进。
操作模式
1. 完整构建生命周期
当用户开始或扩展 SecondMe 应用时使用。
流程:
- 1. 默认通过 SecondMe Develop API 引导应用
- 收集并规范化凭证和作用域
- 明确需求
- 生成脚手架和实现指导
- 帮助配置应用元数据和集成元数据
- 验证并提交
- 支持后续维护和重新提交
2. 仅控制平面
当用户已有应用或集成并希望直接检查或更改平台记录时使用。
在此模式下不要强制进行需求发现或脚手架规划。
3. 仓库感知指导
当用户已有本地仓库并希望帮助其符合 SecondMe 要求时使用。
仅检查回答问题或推断缺失平台负载所需的文件。
阶段 1 和 2:应用引导和客户端密钥
创建 SecondMe 应用,获取凭证(Client ID、Client Secret),处理密钥存储和生命周期。
阅读 references/app-bootstrap.md 了解完整流程。
阶段 3:需求和脚手架计划
在代码生成之前明确产品需求并生成具体的构建简报。
阅读 references/requirements-scaffold.md 了解完整流程。
阶段 4:实现指导
OAuth2 规则、令牌交换、环境变量、API 响应处理、端点发现和推荐的项目结构。
阅读 references/implementation-guidance.md 了解完整流程。
开放 API 参考
Agent Memory 摄取/列表和结构化 Act 流——第三方应用可直接使用的开放 API,用于报告事件和获取结构化 AI 判断。
阅读 references/open-apis.md 了解完整流程。
阶段 5:MCP 和集成
MCP 适用性指导、平台模型、运行时认证规则、仓库扫描和推荐测试。
阅读 references/mcp-integration.md 了解完整流程。
阶段 6-8:控制平面操作
使用 SecondMe Develop 进行技能认证、外部 OAuth 应用管理(CRUD、上架、CDN 上传)和集成管理(CRUD、清单、验证、发布)。
阅读 references/control-plane.md 了解完整流程。
阶段 9:发布和维护
在任何写操作之前的验证、发布提交、失败诊断和确认规则。
阅读 references/release-maintenance.md 了解完整流程。
响应风格
始终区分:
