Back to Details

xurl

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

xurl — X (Twitter) API via the Official CLI

xurl — 通过官方CLI调用X(Twitter)API

xurl
is the X developer platform's official CLI for the X API. It supports shortcut commands for common actions AND raw curl-style access to any v2 endpoint. All commands return JSON to stdout.
Use this skill for:
  • posting, replying, quoting, deleting posts
  • searching posts and reading timelines/mentions
  • liking, reposting, bookmarking
  • following, unfollowing, blocking, muting
  • direct messages
  • media uploads (images and video)
  • raw access to any X API v2 endpoint
  • multi-app / multi-account workflows
This skill replaces the older 
xitter
skill (which wrapped a third-party Python CLI). 
xurl
is maintained by the X developer platform team, supports OAuth 2.0 PKCE with auto-refresh, and covers a substantially larger API surface.
xurl
是X开发者平台官方推出的X API命令行工具(CLI)。它支持常见操作的快捷命令,同时也支持以类curl的方式直接访问任意v2版本的API端点。所有命令都会将JSON格式的结果输出到标准输出(stdout)。
可使用该工具完成以下操作:
  • 发帖、回复、引用、删除帖子
  • 搜索帖子、查看时间线/提及内容
  • 点赞、转发、收藏
  • 关注、取消关注、拉黑、静音
  • 发送私信
  • 媒体上传(图片和视频)
  • 直接访问任意X API v2端点
  • 多应用/多账号工作流
该工具替代了旧版的
xitter
工具(基于第三方Python CLI封装)。
xurl
由X开发者平台团队维护,支持带自动刷新功能的OAuth 2.0 PKCE认证,且覆盖的API范围更广。

Secret Safety (MANDATORY)

密钥安全要求(必须遵守)

Critical rules when operating inside an agent/LLM session:
  • Never read, print, parse, summarize, upload, or send 
    ~/.xurl
    to LLM context.
  • Never ask the user to paste credentials/tokens into chat.
  • The user must fill 
    ~/.xurl
    with secrets manually on their own machine. In Docker, this must be the 
    ~
    seen by Hermes tool subprocesses; see the Docker note below.
  • Never recommend or execute auth commands with inline secrets in agent sessions.
  • Never use 
    --verbose
    / 
    -v
    in agent sessions — it can expose auth headers/tokens.
  • To verify credentials exist, only use: 
    xurl auth status
    .
Forbidden flags in agent commands (they accept inline secrets): 
--bearer-token
, 
--consumer-key
, 
--consumer-secret
, 
--access-token
, 
--token-secret
, 
--client-id
, 
--client-secret
App credential registration and credential rotation must be done by the user manually, outside the agent session. After credentials are registered, the user authenticates with 
xurl auth oauth2
— also outside the agent session. Tokens persist to 
~/.xurl
in YAML. Each app has isolated tokens. OAuth 2.0 tokens auto-refresh.
在Agent/LLM会话中操作时的重要规则:
  • 绝对不要读取、打印、解析、总结、上传或发送
    ~/.xurl
    文件到LLM上下文环境中。
  • 绝对不要要求用户在聊天中粘贴凭证/令牌。
  • 用户必须在自己的机器上手动将密钥填入
    ~/.xurl
    文件。在Docker环境中,该文件必须位于Hermes工具子进程可见的
    ~
    目录下;详见下方Docker说明。
  • 绝对不要在Agent会话中推荐或执行带有内嵌密钥的认证命令。
  • 绝对不要在Agent会话中使用
    --verbose
    / 
    -v
    参数——它可能会暴露认证头/令牌。
  • 如需验证凭证是否存在,只能使用命令:
    xurl auth status
Agent命令中禁止使用的参数(这些参数允许内嵌密钥): 
--bearer-token
, 
--consumer-key
, 
--consumer-secret
, 
--access-token
, 
--token-secret
, 
--client-id
, 
--client-secret
应用凭证注册和凭证轮换必须由用户在Agent会话外手动完成。凭证注册完成后,用户需执行
xurl auth oauth2
进行认证——同样要在Agent会话外操作。令牌会以YAML格式保存到
~/.xurl
文件中。每个应用的令牌相互独立。OAuth 2.0令牌会自动刷新。

Installation

安装方式

Pick ONE method. On Linux, the shell script or 
go install
are the easiest.
bash
undefined
选择以下任意一种安装方式。在Linux系统上,shell脚本或
go install
是最简单的方式。
bash
undefined

Shell script (installs to ~/.local/bin, no sudo, works on Linux + macOS)

Shell脚本(安装到~/.local/bin,无需sudo,支持Linux和macOS)

curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash
curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash

Homebrew (macOS)

Homebrew(适用于macOS)

brew install --cask xdevplatform/tap/xurl
brew install --cask xdevplatform/tap/xurl

npm

npm

npm install -g @xdevplatform/xurl
npm install -g @xdevplatform/xurl

Go

Go

go install github.com/xdevplatform/xurl@latest

Verify:

```bash
xurl --help
xurl auth status
If 
xurl
is installed but 
auth status
shows no apps or tokens, the user needs to complete auth manually — see the next section.
go install github.com/xdevplatform/xurl@latest

验证安装:

```bash
xurl --help
xurl auth status
如果
xurl
已安装,但
auth status
显示无应用或令牌,用户需要手动完成认证——请查看下一部分内容。

One-Time User Setup (user runs these outside the agent)

用户一次性配置(用户需在Agent会话外执行)

These steps must be performed by the user directly, NOT by the agent, because they involve pasting secrets. Direct the user to this block; do not execute it for them.
  1. Create or open an app at https://developer.x.com/en/portal/dashboard
  2. Set the redirect URI to 
    http://localhost:8080/callback
  3. Copy the app's Client ID and Client Secret
  4. Register the app locally (user runs this):
    bash
    xurl auth apps add my-app --client-id YOUR_CLIENT_ID --client-secret YOUR_CLIENT_SECRET
  5. Authenticate (specify 
    --app
    to bind the token to your app):
    bash
    xurl auth oauth2 --app my-app
    (This opens a browser for the OAuth 2.0 PKCE flow.)
    If X returns a 
    UsernameNotFound
    error or 403 on the post-OAuth 
    /2/users/me
    lookup, pass your handle explicitly (xurl v1.1.0+):
    bash
    xurl auth oauth2 --app my-app YOUR_USERNAME
    This binds the token to your handle and skips the broken 
    /2/users/me
    call.
  6. Set the app as default so all commands use it:
    bash
    xurl auth default my-app
  7. Verify:
    bash
    xurl auth status
xurl whoami
After this, the agent can use any command below without further setup. OAuth 2.0 tokens auto-refresh.
Common pitfall: If you omit 
--app my-app
from 
xurl auth oauth2
, the OAuth token is saved to the built-in 
default
app profile — which has no client-id or client-secret. Commands will fail with auth errors even though the OAuth flow appeared to succeed. If you hit this, re-run 
xurl auth oauth2 --app my-app
and 
xurl auth default my-app
.
Docker HOME pitfall: In the official Hermes Docker layout, 
/opt/data
is 
HERMES_HOME
, but Hermes tool subprocesses use 
/opt/data/home
as 
HOME
. That means 
~/.xurl
resolves to 
/opt/data/home/.xurl
for Hermes-run 
xurl
commands, not 
/opt/data/.xurl
. Run the user setup with the same HOME:
bash
HOME=/opt/data/home xurl auth apps add my-app --client-id YOUR_CLIENT_ID --client-secret YOUR_CLIENT_SECRET
HOME=/opt/data/home xurl auth oauth2 --app my-app YOUR_USERNAME
HOME=/opt/data/home xurl auth default my-app YOUR_USERNAME
HOME=/opt/data/home xurl auth status
If 
HOME=/opt/data xurl auth status
succeeds but 
HOME=/opt/data/home xurl auth status
shows no apps or tokens, Hermes tool calls will not see the credentials.
这些步骤必须由用户亲自执行,不能由Agent代劳,因为过程中需要粘贴密钥信息。请引导用户执行以下步骤,不要代其操作。
  1. 访问https://developer.x.com/en/portal/dashboard创建或打开一个应用
  2. 将重定向URI设置为
    http://localhost:8080/callback
  3. 复制应用的Client ID和Client Secret
  4. 在本地注册应用(用户执行该命令):
    bash
    xurl auth apps add my-app --client-id YOUR_CLIENT_ID --client-secret YOUR_CLIENT_SECRET
  5. 进行认证(指定
    --app
    参数将令牌绑定到你的应用):
    bash
    xurl auth oauth2 --app my-app
    (该命令会打开浏览器,启动OAuth 2.0 PKCE认证流程。)
    如果X在OAuth认证后的
    /2/users/me
    查询中返回
    UsernameNotFound
    错误或403状态码,请显式传入你的用户名(xurl v1.1.0及以上版本支持):
    bash
    xurl auth oauth2 --app my-app YOUR_USERNAME
    该操作会将令牌绑定到你的用户名,并跳过存在问题的
    /2/users/me
    调用。
  6. 将该应用设置为默认应用,以便所有命令都使用它:
    bash
    xurl auth default my-app
  7. 验证配置:
    bash
    xurl auth status
xurl whoami
完成以上步骤后,Agent即可使用以下任意命令,无需额外配置。OAuth 2.0令牌会自动刷新。
常见陷阱: 如果在执行
xurl auth oauth2
时省略
--app my-app
参数,OAuth令牌会被保存到内置的
default
应用配置文件中——该文件没有client-id或client-secret。即使OAuth流程看似成功,后续命令仍会因认证错误而失败。遇到此问题时,请重新执行
xurl auth oauth2 --app my-app
xurl auth default my-app
Docker HOME路径陷阱: 在官方Hermes Docker布局中,
/opt/data
HERMES_HOME
,但Hermes工具子进程使用
/opt/data/home
作为
HOME
目录。这意味着Hermes执行的
xurl
命令会将
~/.xurl
解析为
/opt/data/home/.xurl
,而非
/opt/data/.xurl
。请使用相同的HOME路径执行用户配置:
bash
HOME=/opt/data/home xurl auth apps add my-app --client-id YOUR_CLIENT_ID --client-secret YOUR_CLIENT_SECRET
HOME=/opt/data/home xurl auth oauth2 --app my-app YOUR_USERNAME
HOME=/opt/data/home xurl auth default my-app YOUR_USERNAME
HOME=/opt/data/home xurl auth status
如果
HOME=/opt/data xurl auth status
执行成功,但
HOME=/opt/data/home xurl auth status
显示无应用或令牌,说明Hermes工具调用无法读取到凭证。

Quick Reference

快速参考

ActionCommand
Post
xurl post "Hello world!"
Reply
xurl reply POST_ID "Nice post!"
Quote
xurl quote POST_ID "My take"
Delete a post
xurl delete POST_ID
Read a post
xurl read POST_ID
Search posts
xurl search "QUERY" -n 10
Who am I
xurl whoami
Look up a user
xurl user @handle
Home timeline
xurl timeline -n 20
Mentions
xurl mentions -n 10
Like / Unlike
xurl like POST_ID
/ 
xurl unlike POST_ID
Repost / Undo
xurl repost POST_ID
/ 
xurl unrepost POST_ID
Bookmark / Remove
xurl bookmark POST_ID
/ 
xurl unbookmark POST_ID
List bookmarks / likes
xurl bookmarks -n 10
/ 
xurl likes -n 10
Follow / Unfollow
xurl follow @handle
/ 
xurl unfollow @handle
Following / Followers
xurl following -n 20
/ 
xurl followers -n 20
Block / Unblock
xurl block @handle
/ 
xurl unblock @handle
Mute / Unmute
xurl mute @handle
/ 
xurl unmute @handle
Send DM
xurl dm @handle "message"
List DMs
xurl dms -n 10
Upload media
xurl media upload path/to/file.mp4
Media status
xurl media status MEDIA_ID
List apps
xurl auth apps list
Remove app
xurl auth apps remove NAME
Set default app
xurl auth default APP_NAME [USERNAME]
Per-request app
xurl --app NAME /2/users/me
Auth status
xurl auth status
Notes:
  • POST_ID
    accepts full URLs too (e.g. 
    https://x.com/user/status/1234567890
    ) — xurl extracts the ID.
  • Usernames work with or without a leading 
    @
    .
操作命令
发帖
xurl post "Hello world!"
回复
xurl reply POST_ID "Nice post!"
引用
xurl quote POST_ID "My take"
删除帖子
xurl delete POST_ID
查看帖子
xurl read POST_ID
搜索帖子
xurl search "QUERY" -n 10
查看当前用户
xurl whoami
查询用户
xurl user @handle
首页时间线
xurl timeline -n 20
提及内容
xurl mentions -n 10
点赞/取消点赞
xurl like POST_ID
/ 
xurl unlike POST_ID
转发/取消转发
xurl repost POST_ID
/ 
xurl unrepost POST_ID
收藏/取消收藏
xurl bookmark POST_ID
/ 
xurl unbookmark POST_ID
查看收藏/点赞列表
xurl bookmarks -n 10
/ 
xurl likes -n 10
关注/取消关注
xurl follow @handle
/ 
xurl unfollow @handle
查看关注列表/粉丝列表
xurl following -n 20
/ 
xurl followers -n 20
拉黑/取消拉黑
xurl block @handle
/ 
xurl unblock @handle
静音/取消静音
xurl mute @handle
/ 
xurl unmute @handle
发送私信
xurl dm @handle "message"
查看私信列表
xurl dms -n 10
上传媒体
xurl media upload path/to/file.mp4
查看媒体状态
xurl media status MEDIA_ID
查看应用列表
xurl auth apps list
删除应用
xurl auth apps remove NAME
设置默认应用
xurl auth default APP_NAME [USERNAME]
指定应用执行请求
xurl --app NAME /2/users/me
查看认证状态
xurl auth status
注意事项:
  • POST_ID
    也支持完整URL(例如
    https://x.com/user/status/1234567890
    )——xurl会自动提取ID。
  • 用户名可以带或不带前缀
    @

Command Details

命令详情

Posting

发帖操作

bash
xurl post "Hello world!"
xurl post "Check this out" --media-id MEDIA_ID
xurl post "Thread pics" --media-id 111 --media-id 222

xurl reply 1234567890 "Great point!"
xurl reply https://x.com/user/status/1234567890 "Agreed!"
xurl reply 1234567890 "Look at this" --media-id MEDIA_ID

xurl quote 1234567890 "Adding my thoughts"
xurl delete 1234567890
bash
xurl post "Hello world!"
xurl post "Check this out" --media-id MEDIA_ID
xurl post "Thread pics" --media-id 111 --media-id 222

xurl reply 1234567890 "Great point!"
xurl reply https://x.com/user/status/1234567890 "Agreed!"
xurl reply 1234567890 "Look at this" --media-id MEDIA_ID

xurl quote 1234567890 "Adding my thoughts"
xurl delete 1234567890

Reading & Search

查看与搜索

bash
xurl read 1234567890
xurl read https://x.com/user/status/1234567890

xurl search "golang"
xurl search "from:elonmusk" -n 20
xurl search "#buildinpublic lang:en" -n 15
bash
xurl read 1234567890
xurl read https://x.com/user/status/1234567890

xurl search "golang"
xurl search "from:elonmusk" -n 20
xurl search "#buildinpublic lang:en" -n 15

Users, Timeline, Mentions

用户、时间线、提及内容

bash
xurl whoami
xurl user elonmusk
xurl user @XDevelopers

xurl timeline -n 25
xurl mentions -n 20
bash
xurl whoami
xurl user elonmusk
xurl user @XDevelopers

xurl timeline -n 25
xurl mentions -n 20

Engagement

互动操作

bash
xurl like 1234567890
xurl unlike 1234567890

xurl repost 1234567890
xurl unrepost 1234567890

xurl bookmark 1234567890
xurl unbookmark 1234567890

xurl bookmarks -n 20
xurl likes -n 20
bash
xurl like 1234567890
xurl unlike 1234567890

xurl repost 1234567890
xurl unrepost 1234567890

xurl bookmark 1234567890
xurl unbookmark 1234567890

xurl bookmarks -n 20
xurl likes -n 20

Social Graph

社交关系

bash
xurl follow @XDevelopers
xurl unfollow @XDevelopers

xurl following -n 50
xurl followers -n 50
bash
xurl follow @XDevelopers
xurl unfollow @XDevelopers

xurl following -n 50
xurl followers -n 50

Another user's graph

查看其他用户的社交关系

xurl following --of elonmusk -n 20 xurl followers --of elonmusk -n 20
xurl block @spammer xurl unblock @spammer xurl mute @annoying xurl unmute @annoying
undefined
xurl following --of elonmusk -n 20 xurl followers --of elonmusk -n 20
xurl block @spammer xurl unblock @spammer xurl mute @annoying xurl unmute @annoying
undefined

Direct Messages

私信操作

bash
xurl dm @someuser "Hey, saw your post!"
xurl dms -n 25
bash
xurl dm @someuser "Hey, saw your post!"
xurl dms -n 25

Media Upload

媒体上传

bash
undefined
bash
undefined

Auto-detect type

自动检测类型

xurl media upload photo.jpg xurl media upload video.mp4
xurl media upload photo.jpg xurl media upload video.mp4

Explicit type/category

显式指定类型/分类

xurl media upload --media-type image/jpeg --category tweet_image photo.jpg
xurl media upload --media-type image/jpeg --category tweet_image photo.jpg

Videos need server-side processing — check status (or poll)

视频需要服务器端处理——请查看状态(或轮询)

xurl media status MEDIA_ID xurl media status --wait MEDIA_ID
xurl media status MEDIA_ID xurl media status --wait MEDIA_ID

Full workflow

完整工作流

xurl media upload meme.png # returns media id xurl post "lol" --media-id MEDIA_ID

---
xurl media upload meme.png # 返回媒体ID xurl post "lol" --media-id MEDIA_ID

---

Raw API Access

原始API访问

The shortcuts cover common operations. For anything else, use raw curl-style mode against any X API v2 endpoint:
bash
undefined
快捷命令覆盖了常见操作。如需执行其他操作,可使用类curl的模式直接访问任意X API v2端点:
bash
undefined

GET

GET请求

xurl /2/users/me
xurl /2/users/me

POST with JSON body

带JSON请求体的POST请求

xurl -X POST /2/tweets -d '{"text":"Hello world!"}'
xurl -X POST /2/tweets -d '{"text":"Hello world!"}'

DELETE / PUT / PATCH

DELETE / PUT / PATCH请求

xurl -X DELETE /2/tweets/1234567890
xurl -X DELETE /2/tweets/1234567890

Custom headers

自定义请求头

xurl -H "Content-Type: application/json" /2/some/endpoint
xurl -H "Content-Type: application/json" /2/some/endpoint

Force streaming

强制流式传输

xurl -s /2/tweets/search/stream
xurl -s /2/tweets/search/stream

Full URLs also work

也支持完整URL

xurl https://api.x.com/2/users/me

---
xurl https://api.x.com/2/users/me

---

Global Flags

全局参数

FlagShortDescription
--app
Use a specific registered app (overrides default)
--auth
Force auth type: 
oauth1
, 
oauth2
, or 
app
--username
-u
Which OAuth2 account to use (if multiple exist)
--verbose
-v
Forbidden in agent sessions — leaks auth headers
--trace
-t
Add 
X-B3-Flags: 1
trace header
参数简写描述
--app
使用指定的已注册应用(覆盖默认应用)
--auth
强制指定认证类型:
oauth1
, 
oauth2
, 或 
app
--username
-u
指定使用哪个OAuth2账号(如果存在多个账号)
--verbose
-v
Agent会话中禁止使用——会泄露认证头信息
--trace
-t
添加
X-B3-Flags: 1
跟踪头

Streaming

流式传输

Streaming endpoints are auto-detected. Known ones include:
  • /2/tweets/search/stream
  • /2/tweets/sample/stream
  • /2/tweets/sample10/stream
Force streaming on any endpoint with 
-s
.
流式传输端点会被自动检测。已知的流式端点包括:
  • /2/tweets/search/stream
  • /2/tweets/sample/stream
  • /2/tweets/sample10/stream
可使用
-s
参数强制对任意端点启用流式传输。

Output Format

输出格式

All commands return JSON to stdout. Structure mirrors X API v2:
json
{ "data": { "id": "1234567890", "text": "Hello world!" } }
Errors are also JSON:
json
{ "errors": [ { "message": "Not authorized", "code": 403 } ] }
所有命令都会将JSON格式的结果输出到标准输出。输出结构与X API v2一致:
json
{ "data": { "id": "1234567890", "text": "Hello world!" } }
错误信息也会以JSON格式输出:
json
{ "errors": [ { "message": "Not authorized", "code": 403 } ] }

Common Workflows

常见工作流

Post with an image

带图片的发帖

bash
xurl media upload photo.jpg
xurl post "Check out this photo!" --media-id MEDIA_ID
bash
xurl media upload photo.jpg
xurl post "Check out this photo!" --media-id MEDIA_ID

Reply to a conversation

回复对话

bash
xurl read https://x.com/user/status/1234567890
xurl reply 1234567890 "Here are my thoughts..."
bash
xurl read https://x.com/user/status/1234567890
xurl reply 1234567890 "Here are my thoughts..."

Search and engage

搜索并互动

bash
xurl search "topic of interest" -n 10
xurl like POST_ID_FROM_RESULTS
xurl reply POST_ID_FROM_RESULTS "Great point!"
bash
xurl search "topic of interest" -n 10
xurl like POST_ID_FROM_RESULTS
xurl reply POST_ID_FROM_RESULTS "Great point!"

Check your activity

查看个人动态

bash
xurl whoami
xurl mentions -n 20
xurl timeline -n 20
bash
xurl whoami
xurl mentions -n 20
xurl timeline -n 20

Multiple apps (credentials pre-configured manually)

多应用操作(凭证已手动配置完成)

bash
xurl auth default prod alice               # prod app, alice user
xurl --app staging /2/users/me             # one-off against staging
bash
xurl auth default prod alice               # 使用prod应用的alice账号
xurl --app staging /2/users/me             # 临时使用staging应用执行请求

Error Handling

错误处理

  • Non-zero exit code on any error.
  • API errors are still printed as JSON to stdout, so you can parse them.
  • Auth errors → have the user re-run 
    xurl auth oauth2
    outside the agent session.
  • Commands that need the caller's user ID (like, repost, bookmark, follow, etc.) will auto-fetch it via 
    /2/users/me
    . An auth failure there surfaces as an auth error.
  • 发生任何错误时,命令会返回非零退出码。
  • API错误仍会以JSON格式输出到标准输出,便于解析。
  • 认证错误→引导用户在Agent会话外重新执行
    xurl auth oauth2
  • 需要调用者用户ID的命令(点赞、转发、收藏、关注等)会自动通过
    /2/users/me
    获取用户ID。该步骤的认证失败会显示为认证错误。

Agent Workflow

Agent工作流程

  1. Verify prerequisites: 
    xurl --help
    and 
    xurl auth status
    .
  2. Check default app has credentials. Parse the 
    auth status
    output. The default app is marked with
    . If the default app shows 
    oauth2: (none)
    but another app has a valid oauth2 user, tell the user to run 
    xurl auth default <that-app>
    to fix it. This is the most common setup mistake — the user added an app with a custom name but never set it as default, so xurl keeps trying the empty 
    default
    profile.
  3. If auth is missing entirely, stop and direct the user to the "One-Time User Setup" section — do NOT attempt to register apps or pass secrets yourself.
  4. Start with a cheap read (
    xurl whoami
    , 
    xurl user @handle
    , 
    xurl search ... -n 3
    ) to confirm reachability.
  5. Confirm the target post/user and the user's intent before any write action (post, reply, like, repost, DM, follow, block, delete).
  6. Use JSON output directly — every response is already structured.
  7. Never paste 
    ~/.xurl
    contents back into the conversation.
  1. 验证前置条件:执行
    xurl --help
    xurl auth status
  2. 检查默认应用是否有凭证。解析
    auth status
    的输出结果,默认应用会标记有
    。如果默认应用显示
    oauth2: (none)
    ,但其他应用有有效的oauth2用户,请告知用户执行
    xurl auth default <that-app>
    来修复。这是最常见的配置错误——用户添加了自定义名称的应用,但从未将其设置为默认应用,导致xurl一直尝试使用空的
    default
    配置文件。
  3. 如果完全没有认证信息,请停止操作并引导用户查看“用户一次性配置”部分——不要尝试注册应用或传递密钥。
  4. 先执行一个简单的读取操作(如
    xurl whoami
    xurl user @handle
    xurl search ... -n 3
    )来确认连接正常。
  5. 在执行任何写入操作(发帖、回复、点赞、转发、私信、关注、拉黑、删除)之前,确认目标帖子/用户以及用户的意图。
  6. 直接使用JSON输出结果——所有响应都是结构化的。
  7. 绝对不要将
    ~/.xurl
    文件内容粘贴到对话中。

Troubleshooting

故障排查

SymptomCauseFix
Auth errors after successful OAuth flowToken saved to 
default
app (no client-id/secret) instead of your named app
xurl auth oauth2 --app my-app
then 
xurl auth default my-app
unauthorized_client
during OAuth		App type set to "Native App" in X dashboardChange to "Web app, automated app or bot" in User Authentication Settings
UsernameNotFound
or 403 on 
/2/users/me
right after OAuth		X not returning username reliably from 
/2/users/me
Re-run 
xurl auth oauth2 --app my-app YOUR_USERNAME
(xurl v1.1.0+) to pass the handle explicitly
401 on every requestToken expired or wrong default appCheck 
xurl auth status
— verify
points to an app with oauth2 tokens
client-forbidden
/ 
client-not-enrolled
X platform enrollment issueDashboard → Apps → Manage → Move to "Pay-per-use" package → Production environment
CreditsDepleted
$0 balance on X APIBuy credits (min $5) in Developer Console → Billing
media processing failed
on image upload		Default category is 
amplify_video
Add 
--category tweet_image --media-type image/png
Two "Client Secret" values in X dashboardUI bug — first is actually Client IDConfirm on the "Keys and tokens" page; ID ends in 
MTpjaQ
症状原因解决方法
OAuth流程成功后仍出现认证错误令牌被保存到
default
应用(无client-id/secret)而非指定的命名应用		执行
xurl auth oauth2 --app my-app
,然后执行
xurl auth default my-app
OAuth过程中出现
unauthorized_client
错误		X控制台中应用类型设置为“Native App”在用户认证设置中修改为“Web app, automated app or bot”
OAuth完成后立即在
/2/users/me
请求中出现
UsernameNotFound
或403错误		X无法通过
/2/users/me
可靠返回用户名		重新执行
xurl auth oauth2 --app my-app YOUR_USERNAME
(xurl v1.1.0及以上版本支持),显式传入用户名
所有请求都返回401错误令牌过期或默认应用设置错误执行
xurl auth status
检查——确认
指向的应用有有效的oauth2令牌
出现
client-forbidden
/ 
client-not-enrolled
错误		X平台注册问题进入控制台→应用→管理→切换到“Pay-per-use”套餐→生产环境
出现
CreditsDepleted
错误		X API余额为0在开发者控制台→账单页面购买 credits(最低5美元)
图片上传时出现
media processing failed
错误		默认分类为
amplify_video
添加参数
--category tweet_image --media-type image/png
X控制台中显示两个“Client Secret”值UI bug——第一个实际是Client ID在“Keys and tokens”页面确认;ID以
MTpjaQ
结尾

Notes

注意事项

  • Rate limits: X enforces per-endpoint rate limits. A 429 means wait and retry. Write endpoints (post, reply, like, repost) have tighter limits than reads.
  • Scopes: OAuth 2.0 tokens use broad scopes. A 403 on a specific action usually means the token is missing a scope — have the user re-run 
    xurl auth oauth2
    .
  • Token refresh: OAuth 2.0 tokens auto-refresh. Nothing to do.
  • Multiple apps: Each app has isolated credentials/tokens. Switch with 
    xurl auth default
    or 
    --app
    .
  • Multiple accounts per app: Select with 
    -u / --username
    , or set a default with 
    xurl auth default APP USER
    .
  • Token storage: 
    ~/.xurl
    is YAML. In Docker, use the Hermes subprocess HOME (
    /opt/data/home
    in the official image) so tokens land under 
    /opt/data/home/.xurl
    . Never read or send this file to LLM context.
  • Cost: X API access is typically paid for meaningful usage. Many failures are plan/permission problems, not code problems.
  • 速率限制: X对每个端点都有速率限制。返回429状态码时,请等待后重试。写入端点(发帖、回复、点赞、转发)的限制比读取端点更严格。
  • 权限范围: OAuth 2.0令牌使用广泛的权限范围。如果某个操作返回403错误,通常意味着令牌缺少对应的权限——请引导用户重新执行
    xurl auth oauth2
  • 令牌刷新: OAuth 2.0令牌会自动刷新,无需手动操作。
  • 多应用: 每个应用的凭证/令牌相互独立。可使用
    xurl auth default
    --app
    参数切换应用。
  • 单应用多账号: 使用
    -u / --username
    参数选择账号,或执行
    xurl auth default APP USER
    设置默认账号。
  • 令牌存储: 
    ~/.xurl
    是YAML格式文件。在Docker环境中,请使用Hermes子进程的HOME路径(官方镜像中为
    /opt/data/home
    ),以便令牌保存到
    /opt/data/home/.xurl
    。绝对不要读取或发送该文件到LLM上下文环境中。
  • 费用: X API的有效使用通常需要付费。很多失败是由于套餐/权限问题,而非代码问题。

Attribution

来源说明