feat(volcengine-tos): S3-compatible Volcengine object storage — verified E2E live#18
Merged
Merged
Conversation
…— verified E2E live Adds `library/volcengine-tos/` covering Volcengine TOS (Tencent Object Storage), the canonical place to host reference images / audios / videos that Seedance / Seedream / other Volcengine AI services fetch from. The docs for those AI modules already point at the `tos-<region>.volces.com` host pattern for examples — this module closes the loop so users can actually produce such URLs themselves. Live verification (2026-05-18) — tier `verified` - Installed `tos==2.9.0` Python SDK in tmp venv - Sub-user AK/SK loaded from ~/.trove/volcengine-tos/credentials.json (created via `IAM → 创建子用户 → TOSFullAccess policy`) - list_buckets → empty (fresh sub-user) - create_bucket with ACL_Public_Read → bucket online in cn-beijing - put_object 30 bytes with content-type → uploaded - Public URL `https://<bucket>.tos-cn-beijing.volces.com/<key>` curl'd from outside the SDK → HTTP 200, ct=text/plain, content bytes match exactly - delete_object → cleanup - Bucket retained for ongoing use; one-time test object deleted Module shape — 10 Critical Constraints (gotchas-first) 1. Sub-user over root AK/SK (best-practice scope) 2. AK/SK distinct from ARK_API_KEY (two parallel Volcengine auth systems) 3. Bucket names globally unique per region, cannot rename 4. Default ACL is private — explicit public-read needed for AI service pull (per-bucket or per-object) 5. Region co-location with consuming AI service (cn-beijing-cn-beijing = free intra-region traffic; cross-region = billed egress + slow) 6. Object key URL-safe chars; 5 GB single PUT cap → use multipart 7. S3-compatibility (aws-sdk-s3 / boto3 work pointed at TOS endpoint) 8. No official Node SDK — S3 SDK is the path 9. CORS per-bucket for browser-direct PUT (server-side uploads bypass) 10. public-read != public-list (listing requires separate ACL) Body sections - Setup (pip install tos) - Quickstart Python (list / create / put / URL / delete) - **Cross-module killer recipe**: Seedream generate (b64_json inline) → TOS public-read upload → public URL → Seedance reference. Same region, zero egress cost. This is the loop users came to TOS for - S3 SDK path (Node / Edge / Deno / Go with @aws-sdk/client-s3) - Presigned URLs (time-limited GET / PUT for sensitive content) - CORS recipe (browser-direct upload) - CDN integration (Volcengine CDN attach pattern) - Cost (storage / egress / request prices for cn-beijing as of 2026-05) - 8-row error reference incl. region-mismatch SignatureDoesNotMatch - Cross-module guidance: TOS for Volcengine stack; OSS for Alibaba; R2 for Cloudflare; S3 for AWS Library bookkeeping - 21 → 22 modules - 5 prod · 14 verified · 2 partial → 5 prod · 15 verified · 2 partial (volcengine-tos enters at verified — full E2E succeeded) - Site module grid: `volcengine-tos` added under expanded `infra · email · db · storage` category (storage is the new fourth facet alongside cloudflare / resend / supabase) Privacy - The maintainer's specific bucket name and account ID are NOT in the module body — module uses `myapp-assets` and `<bucket>` placeholders. The credentials.example.json fields are similarly generic. - Pre-commit hook PRIVATE_RE scan: clean on staged diff (no leaks of `moment-stream`, account ID 2100962816, sub-user name, etc.) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds `library/volcengine-tos/` — Volcengine TOS object storage module. The bridge module that lets Seedance / Seedream users actually produce the public URLs those modules need for their `image_url` / `video_url` / `audio_url` fields.
Live verification — tier `verified`
Module shape
10 Critical Constraints (gotchas-first per SPEC §2.1):
Sections: Setup, Python quickstart, cross-module killer recipe (Seedream → TOS upload → Seedance reference), S3 SDK path for Node/Edge/Go/Rust, presigned URLs, CORS, CDN attach, cost table, 8-row error reference, source-of-truth URLs.
Bookkeeping
Privacy
Maintainer's specific bucket name + account ID NOT in module body — uses `myapp-assets` and `` placeholders. Pre-commit hook scan clean.
🤖 Generated with Claude Code