@jackwener/opencli 0.5.2 → 0.6.1

package/dist/doctor.js

@@ -1,23 +1,57 @@
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
+import { execSync } from 'node:child_process';
 import { createInterface } from 'node:readline/promises';
 import { stdin as input, stdout as output } from 'node:process';
+import chalk from 'chalk';
 import { getTokenFingerprint } from './browser.js';
 const PLAYWRIGHT_SERVER_NAME = 'playwright';
-const PLAYWRIGHT_TOKEN_ENV = 'PLAYWRIGHT_MCP_EXTENSION_TOKEN';
+export const PLAYWRIGHT_TOKEN_ENV = 'PLAYWRIGHT_MCP_EXTENSION_TOKEN';
 const PLAYWRIGHT_EXTENSION_ID = 'mmlmfjhmonkocbjadbfplnigmagldckm';
 const TOKEN_LINE_RE = /^(\s*export\s+PLAYWRIGHT_MCP_EXTENSION_TOKEN=)(['"]?)([^'"\\\n]+)\2\s*$/m;
-function label(status) {
-    return `[${status}]`;
+function colorLabel(status) {
+    switch (status) {
+        case 'OK': return chalk.green('[OK]');
+        case 'MISSING': return chalk.red('[MISSING]');
+        case 'MISMATCH': return chalk.yellow('[MISMATCH]');
+        case 'WARN': return chalk.yellow('[WARN]');
+    }
 }
 function statusLine(status, text) {
-    return `${label(status)} ${text}`;
+    return `${colorLabel(status)} ${text}`;
 }
 function tokenSummary(token, fingerprint) {
     if (!token)
-        return 'missing';
-    return `configured (${fingerprint})`;
+        return chalk.dim('missing');
+    return `configured ${chalk.dim(`(${fingerprint})`)}`;
+}
+export function shortenPath(p) {
+    const home = os.homedir();
+    return home && p.startsWith(home) ? '~' + p.slice(home.length) : p;
+}
+export function toolName(p) {
+    if (p.includes('.codex/'))
+        return 'Codex';
+    if (p.includes('.cursor/'))
+        return 'Cursor';
+    if (p.includes('.claude.json'))
+        return 'Claude Code';
+    if (p.includes('antigravity'))
+        return 'Antigravity';
+    if (p.includes('.gemini/settings'))
+        return 'Gemini CLI';
+    if (p.includes('opencode'))
+        return 'OpenCode';
+    if (p.includes('Claude/claude_desktop'))
+        return 'Claude Desktop';
+    if (p.includes('.vscode/'))
+        return 'VS Code';
+    if (p.includes('.mcp.json'))
+        return 'Project MCP';
+    if (p.includes('.zshrc') || p.includes('.bashrc') || p.includes('.profile'))
+        return 'Shell';
+    return '';
 }
 export function getDefaultShellRcPath() {
     const shell = process.env.SHELL ?? '';
@@ -33,12 +67,16 @@ export function getDefaultMcpConfigPaths(cwd = process.cwd()) {
         path.join(home, '.codex', 'config.toml'),
         path.join(home, '.codex', 'mcp.json'),
         path.join(home, '.cursor', 'mcp.json'),
+        path.join(home, '.claude.json'),
+        path.join(home, '.gemini', 'settings.json'),
+        path.join(home, '.gemini', 'antigravity', 'mcp_config.json'),
         path.join(home, '.config', 'opencode', 'opencode.json'),
         path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'),
         path.join(home, '.config', 'Claude', 'claude_desktop_config.json'),
         path.join(cwd, '.cursor', 'mcp.json'),
         path.join(cwd, '.vscode', 'mcp.json'),
         path.join(cwd, '.opencode', 'opencode.json'),
+        path.join(cwd, '.mcp.json'),
     ];
     return [...new Set(candidates)];
 }
@@ -119,7 +157,7 @@ export function upsertTomlConfigToken(content, token) {
     const prefix = content.trim() ? `${content.replace(/\s*$/, '')}\n\n` : '';
     return `${prefix}[mcp_servers.playwright]\ntype = "stdio"\ncommand = "npx"\nargs = ["-y", "@playwright/mcp@latest", "--extension"]\n\n[mcp_servers.playwright.env]\n${tokenLine}\n`;
 }
-function fileExists(filePath) {
+export function fileExists(filePath) {
     try {
         return fs.existsSync(filePath);
     }
@@ -169,6 +207,144 @@ function readConfigStatus(filePath) {
         };
     }
 }
+/**
+ * Discover the auth token stored by the Playwright MCP Bridge extension
+ * by scanning Chrome's LevelDB localStorage files directly.
+ *
+ * Uses `strings` + `grep` for fast binary scanning on macOS/Linux,
+ * with a pure-Node fallback on Windows.
+ */
+export function discoverExtensionToken() {
+    const home = os.homedir();
+    const platform = os.platform();
+    const bases = [];
+    if (platform === 'darwin') {
+        bases.push(path.join(home, 'Library', 'Application Support', 'Google', 'Chrome'), path.join(home, 'Library', 'Application Support', 'Google', 'Chrome Canary'), path.join(home, 'Library', 'Application Support', 'Chromium'), path.join(home, 'Library', 'Application Support', 'Microsoft Edge'));
+    }
+    else if (platform === 'linux') {
+        bases.push(path.join(home, '.config', 'google-chrome'), path.join(home, '.config', 'chromium'), path.join(home, '.config', 'microsoft-edge'));
+    }
+    else if (platform === 'win32') {
+        const appData = process.env.LOCALAPPDATA || path.join(home, 'AppData', 'Local');
+        bases.push(path.join(appData, 'Google', 'Chrome', 'User Data'), path.join(appData, 'Microsoft', 'Edge', 'User Data'));
+    }
+    const profiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3'];
+    // Token is 43 chars of base64url (from 32 random bytes)
+    const tokenRe = /([A-Za-z0-9_-]{40,50})/;
+    for (const base of bases) {
+        for (const profile of profiles) {
+            const dir = path.join(base, profile, 'Local Storage', 'leveldb');
+            if (!fileExists(dir))
+                continue;
+            // Fast path: use strings + grep to find candidate files and extract token
+            if (platform !== 'win32') {
+                const token = extractTokenViaStrings(dir, tokenRe);
+                if (token)
+                    return token;
+                continue;
+            }
+            // Slow path (Windows): read binary files directly
+            const token = extractTokenViaBinaryRead(dir, tokenRe);
+            if (token)
+                return token;
+        }
+    }
+    return null;
+}
+function extractTokenViaStrings(dir, tokenRe) {
+    try {
+        // Single shell pipeline: for each LevelDB file, extract strings, find lines
+        // after the extension ID, and filter for base64url token pattern.
+        //
+        // LevelDB `strings` output for the extension's auth-token entry:
+        //   auth-token                                    ← key name
+        //   4,mmlmfjhmonkocbjadbfplnigmagldckm.7          ← LevelDB internal key
+        //   hqI86ncsD1QpcVcj-k9CyzTF-ieCQd_4KreZ_wy1WHA  ← token value
+        //
+        // We get the line immediately after any EXTENSION_ID mention and check
+        // if it looks like a base64url token (40-50 chars, [A-Za-z0-9_-]).
+        const shellDir = dir.replace(/'/g, "'\\''");
+        const cmd = `for f in '${shellDir}'/*.ldb '${shellDir}'/*.log; do ` +
+            `[ -f "$f" ] && strings "$f" 2>/dev/null | ` +
+            `grep -A1 '${PLAYWRIGHT_EXTENSION_ID}' | ` +
+            `grep -v '${PLAYWRIGHT_EXTENSION_ID}' | ` +
+            `grep -E '^[A-Za-z0-9_-]{40,50}$' | head -1; ` +
+            `done 2>/dev/null`;
+        const result = execSync(cmd, { encoding: 'utf-8', timeout: 10000 }).trim();
+        // Take the first non-empty line
+        for (const line of result.split('\n')) {
+            const token = line.trim();
+            if (token && validateBase64urlToken(token))
+                return token;
+        }
+    }
+    catch { }
+    return null;
+}
+function extractTokenViaBinaryRead(dir, tokenRe) {
+    const extIdBuf = Buffer.from(PLAYWRIGHT_EXTENSION_ID);
+    const keyBuf = Buffer.from('auth-token');
+    let files;
+    try {
+        files = fs.readdirSync(dir)
+            .filter(f => f.endsWith('.ldb') || f.endsWith('.log'))
+            .map(f => path.join(dir, f));
+    }
+    catch {
+        return null;
+    }
+    // Sort by mtime descending
+    files.sort((a, b) => {
+        try {
+            return fs.statSync(b).mtimeMs - fs.statSync(a).mtimeMs;
+        }
+        catch {
+            return 0;
+        }
+    });
+    for (const file of files) {
+        let data;
+        try {
+            data = fs.readFileSync(file);
+        }
+        catch {
+            continue;
+        }
+        // Quick check: does file contain both the extension ID and auth-token key?
+        const extPos = data.indexOf(extIdBuf);
+        if (extPos === -1)
+            continue;
+        const keyPos = data.indexOf(keyBuf, Math.max(0, extPos - 500));
+        if (keyPos === -1)
+            continue;
+        // Scan for token value after auth-token key
+        let idx = 0;
+        while (true) {
+            const kp = data.indexOf(keyBuf, idx);
+            if (kp === -1)
+                break;
+            const contextStart = Math.max(0, kp - 500);
+            if (data.indexOf(extIdBuf, contextStart) !== -1 && data.indexOf(extIdBuf, contextStart) < kp) {
+                const after = data.subarray(kp + keyBuf.length, kp + keyBuf.length + 200).toString('latin1');
+                const m = after.match(tokenRe);
+                if (m && validateBase64urlToken(m[1]))
+                    return m[1];
+            }
+            idx = kp + 1;
+        }
+    }
+    return null;
+}
+function validateBase64urlToken(token) {
+    try {
+        const b64 = token.replace(/-/g, '+').replace(/_/g, '/');
+        const decoded = Buffer.from(b64, 'base64');
+        return decoded.length >= 28 && decoded.length <= 36;
+    }
+    catch {
+        return false;
+    }
+}
 export async function runBrowserDoctor(opts = {}) {
     const envToken = process.env[PLAYWRIGHT_TOKEN_ENV] ?? null;
     const shellPath = opts.shellRc ?? getDefaultShellRcPath();
@@ -181,18 +357,23 @@ export async function runBrowserDoctor(opts = {}) {
     });
     const configPaths = opts.configPaths?.length ? opts.configPaths : getDefaultMcpConfigPaths();
     const configs = configPaths.map(readConfigStatus);
+    // Try to discover the token directly from the Chrome extension's localStorage
+    const extensionToken = discoverExtensionToken();
     const allTokens = [
         opts.token ?? null,
+        extensionToken,
         envToken,
         ...shellFiles.map(s => s.token),
         ...configs.map(c => c.token),
     ].filter((v) => !!v);
     const uniqueTokens = [...new Set(allTokens)];
-    const recommendedToken = opts.token ?? envToken ?? (uniqueTokens.length === 1 ? uniqueTokens[0] : null) ?? null;
+    const recommendedToken = opts.token ?? extensionToken ?? envToken ?? (uniqueTokens.length === 1 ? uniqueTokens[0] : null) ?? null;
     const report = {
         cliVersion: opts.cliVersion,
         envToken,
         envFingerprint: getTokenFingerprint(envToken ?? undefined),
+        extensionToken,
+        extensionFingerprint: getTokenFingerprint(extensionToken ?? undefined),
         shellFiles,
         configs,
         recommendedToken,
@@ -219,24 +400,29 @@ export async function runBrowserDoctor(opts = {}) {
 }
 export function renderBrowserDoctorReport(report) {
     const tokenFingerprints = [
+        report.extensionFingerprint,
         report.envFingerprint,
         ...report.shellFiles.map(shell => shell.fingerprint),
         ...report.configs.filter(config => config.exists).map(config => config.fingerprint),
     ].filter((value) => !!value);
     const uniqueFingerprints = [...new Set(tokenFingerprints)];
     const hasMismatch = uniqueFingerprints.length > 1;
-    const lines = [`opencli v${report.cliVersion ?? 'unknown'} doctor`, ''];
+    const lines = [chalk.bold(`opencli v${report.cliVersion ?? 'unknown'} doctor`), ''];
+    const extStatus = !report.extensionToken ? 'MISSING' : hasMismatch ? 'MISMATCH' : 'OK';
+    lines.push(statusLine(extStatus, `Extension token (Chrome LevelDB): ${tokenSummary(report.extensionToken, report.extensionFingerprint)}`));
     const envStatus = !report.envToken ? 'MISSING' : hasMismatch ? 'MISMATCH' : 'OK';
     lines.push(statusLine(envStatus, `Environment token: ${tokenSummary(report.envToken, report.envFingerprint)}`));
     for (const shell of report.shellFiles) {
         const shellStatus = !shell.token ? 'MISSING' : hasMismatch ? 'MISMATCH' : 'OK';
-        lines.push(statusLine(shellStatus, `Shell file ${shell.path}: ${tokenSummary(shell.token, shell.fingerprint)}`));
+        const tool = toolName(shell.path);
+        const suffix = tool ? chalk.dim(` [${tool}]`) : '';
+        lines.push(statusLine(shellStatus, `${shortenPath(shell.path)}${suffix}: ${tokenSummary(shell.token, shell.fingerprint)}`));
     }
     const existingConfigs = report.configs.filter(config => config.exists);
     const missingConfigCount = report.configs.length - existingConfigs.length;
     if (existingConfigs.length > 0) {
         for (const config of existingConfigs) {
-            const parseSuffix = config.parseError ? ` (parse error: ${config.parseError})` : '';
+            const parseSuffix = config.parseError ? chalk.red(` (parse error)`) : '';
             const configStatus = config.parseError
                 ? 'WARN'
                 : !config.token
@@ -244,25 +430,27 @@ export function renderBrowserDoctorReport(report) {
                     : hasMismatch
                         ? 'MISMATCH'
                         : 'OK';
-            lines.push(statusLine(configStatus, `MCP config ${config.path}: ${tokenSummary(config.token, config.fingerprint)}${parseSuffix}`));
+            const tool = toolName(config.path);
+            const suffix = tool ? chalk.dim(` [${tool}]`) : '';
+            lines.push(statusLine(configStatus, `${shortenPath(config.path)}${suffix}: ${tokenSummary(config.token, config.fingerprint)}${parseSuffix}`));
         }
     }
     else {
-        lines.push(statusLine('MISSING', 'MCP config: no existing config files found in scanned locations'));
+        lines.push(statusLine('MISSING', 'MCP config: no existing config files found'));
     }
     if (missingConfigCount > 0)
-        lines.push(`     Other scanned config locations not present: ${missingConfigCount}`);
+        lines.push(chalk.dim(`     Other scanned config locations not present: ${missingConfigCount}`));
     lines.push('');
     lines.push(statusLine(hasMismatch ? 'MISMATCH' : report.recommendedToken ? 'OK' : 'WARN', `Recommended token fingerprint: ${report.recommendedFingerprint ?? 'unavailable'}`));
     if (report.issues.length) {
-        lines.push('', 'Issues:');
+        lines.push('', chalk.yellow('Issues:'));
         for (const issue of report.issues)
-            lines.push(`- ${issue}`);
+            lines.push(chalk.dim(`  • ${issue}`));
     }
     if (report.warnings.length) {
-        lines.push('', 'Warnings:');
+        lines.push('', chalk.yellow('Warnings:'));
         for (const warning of report.warnings)
-            lines.push(`- ${warning}`);
+            lines.push(chalk.dim(`  • ${warning}`));
     }
     return lines.join('\n');
 }
@@ -276,7 +464,7 @@ async function confirmPrompt(question) {
         rl.close();
     }
 }
-function writeFileWithMkdir(filePath, content) {
+export function writeFileWithMkdir(filePath, content) {
     fs.mkdirSync(path.dirname(filePath), { recursive: true });
     fs.writeFileSync(filePath, content, 'utf-8');
 }
@@ -284,25 +472,38 @@ export async function applyBrowserDoctorFix(report, opts = {}) {
     const token = opts.token ?? report.recommendedToken;
     if (!token)
         throw new Error('No Playwright MCP token is available to write. Provide --token first.');
+    const fp = getTokenFingerprint(token);
     const plannedWrites = [];
     const shellPath = opts.shellRc ?? report.shellFiles[0]?.path ?? getDefaultShellRcPath();
-    plannedWrites.push(shellPath);
+    const shellStatus = report.shellFiles.find(s => s.path === shellPath);
+    if (shellStatus?.fingerprint !== fp)
+        plannedWrites.push(shellPath);
     for (const config of report.configs) {
         if (!config.writable)
             continue;
+        if (config.fingerprint === fp)
+            continue; // already correct
         plannedWrites.push(config.path);
     }
+    if (plannedWrites.length === 0) {
+        console.log(chalk.green('All config files are already up to date.'));
+        return [];
+    }
     if (!opts.yes) {
-        const ok = await confirmPrompt(`Update ${plannedWrites.length} file(s) with Playwright MCP token fingerprint ${getTokenFingerprint(token)}?`);
+        const ok = await confirmPrompt(`Update ${plannedWrites.length} file(s) with Playwright MCP token fingerprint ${fp}?`);
         if (!ok)
             return [];
     }
     const written = [];
-    const shellBefore = fileExists(shellPath) ? fs.readFileSync(shellPath, 'utf-8') : '';
-    writeFileWithMkdir(shellPath, upsertShellToken(shellBefore, token));
-    written.push(shellPath);
+    if (plannedWrites.includes(shellPath)) {
+        const shellBefore = fileExists(shellPath) ? fs.readFileSync(shellPath, 'utf-8') : '';
+        writeFileWithMkdir(shellPath, upsertShellToken(shellBefore, token));
+        written.push(shellPath);
+    }
     for (const config of report.configs) {
-        if (!config.writable || config.parseError)
+        if (!plannedWrites.includes(config.path))
+            continue;
+        if (config.parseError)
             continue;
         const before = fileExists(config.path) ? fs.readFileSync(config.path, 'utf-8') : '';
         const next = config.format === 'toml' ? upsertTomlConfigToken(before, token) : upsertJsonConfigToken(before, token);

package/dist/doctor.test.js

@@ -70,33 +70,40 @@ describe('json token helpers', () => {
     });
 });
 describe('doctor report rendering', () => {
+    const strip = (s) => s.replace(/\x1b\[[0-9;]*m/g, '');
     it('renders OK-style report when tokens match', () => {
-        const text = renderBrowserDoctorReport({
+        const text = strip(renderBrowserDoctorReport({
             envToken: 'abc123',
             envFingerprint: 'fp1',
+            extensionToken: 'abc123',
+            extensionFingerprint: 'fp1',
             shellFiles: [{ path: '/tmp/.zshrc', exists: true, token: 'abc123', fingerprint: 'fp1' }],
             configs: [{ path: '/tmp/mcp.json', exists: true, format: 'json', token: 'abc123', fingerprint: 'fp1', writable: true }],
             recommendedToken: 'abc123',
             recommendedFingerprint: 'fp1',
             warnings: [],
             issues: [],
-        });
+        }));
         expect(text).toContain('[OK] Environment token: configured (fp1)');
-        expect(text).toContain('[OK] MCP config /tmp/mcp.json: configured (fp1)');
+        expect(text).toContain('[OK] /tmp/mcp.json');
+        expect(text).toContain('configured (fp1)');
     });
     it('renders MISMATCH-style report when fingerprints differ', () => {
-        const text = renderBrowserDoctorReport({
+        const text = strip(renderBrowserDoctorReport({
             envToken: 'abc123',
             envFingerprint: 'fp1',
+            extensionToken: null,
+            extensionFingerprint: null,
             shellFiles: [{ path: '/tmp/.zshrc', exists: true, token: 'def456', fingerprint: 'fp2' }],
             configs: [{ path: '/tmp/mcp.json', exists: true, format: 'json', token: 'abc123', fingerprint: 'fp1', writable: true }],
             recommendedToken: 'abc123',
             recommendedFingerprint: 'fp1',
             warnings: [],
             issues: ['Detected inconsistent Playwright MCP tokens across env/config files.'],
-        });
+        }));
         expect(text).toContain('[MISMATCH] Environment token: configured (fp1)');
-        expect(text).toContain('[MISMATCH] Shell file /tmp/.zshrc: configured (fp2)');
+        expect(text).toContain('[MISMATCH] /tmp/.zshrc');
+        expect(text).toContain('configured (fp2)');
         expect(text).toContain('[MISMATCH] Recommended token fingerprint: fp1');
     });
 });

package/dist/main.js

@@ -114,6 +114,13 @@ program.command('doctor')
         }
     }
 });
+program.command('setup')
+    .description('Interactive setup: configure Playwright MCP token across all detected tools')
+    .option('--token <token>', 'Provide token directly instead of auto-detecting')
+    .action(async (opts) => {
+    const { runSetup } = await import('./setup.js');
+    await runSetup({ cliVersion: PKG_VERSION, token: opts.token });
+});
 // ── Dynamic site commands ──────────────────────────────────────────────────
 const registry = getRegistry();
 const siteGroups = new Map();

package/dist/setup.d.ts

@@ -0,0 +1,4 @@
+export declare function runSetup(opts?: {
+    cliVersion?: string;
+    token?: string;
+}): Promise<void>;

package/dist/setup.js

@@ -0,0 +1,145 @@
+/**
+ * setup.ts — Interactive Playwright MCP token setup
+ *
+ * Discovers the extension token, shows an interactive checkbox
+ * for selecting which config files to update, and applies changes.
+ */
+import * as fs from 'node:fs';
+import chalk from 'chalk';
+import { createInterface } from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+import { PLAYWRIGHT_TOKEN_ENV, discoverExtensionToken, fileExists, getDefaultShellRcPath, runBrowserDoctor, shortenPath, toolName, upsertJsonConfigToken, upsertShellToken, upsertTomlConfigToken, writeFileWithMkdir, } from './doctor.js';
+import { getTokenFingerprint } from './browser.js';
+import { checkboxPrompt } from './tui.js';
+export async function runSetup(opts = {}) {
+    console.log();
+    console.log(chalk.bold('  opencli setup') + chalk.dim(' — Playwright MCP token configuration'));
+    console.log();
+    // Step 1: Discover token
+    let token = opts.token ?? null;
+    if (!token) {
+        const extensionToken = discoverExtensionToken();
+        const envToken = process.env[PLAYWRIGHT_TOKEN_ENV] ?? null;
+        if (extensionToken && envToken && extensionToken === envToken) {
+            token = extensionToken;
+            console.log(`  ${chalk.green('✓')} Token auto-discovered from Chrome extension`);
+            console.log(`    Fingerprint: ${chalk.bold(getTokenFingerprint(token) ?? 'unknown')}`);
+        }
+        else if (extensionToken) {
+            token = extensionToken;
+            console.log(`  ${chalk.green('✓')} Token discovered from Chrome extension ` +
+                chalk.dim(`(${getTokenFingerprint(token)})`));
+            if (envToken && envToken !== extensionToken) {
+                console.log(`  ${chalk.yellow('!')} Environment has different token ` +
+                    chalk.dim(`(${getTokenFingerprint(envToken)})`));
+            }
+        }
+        else if (envToken) {
+            token = envToken;
+            console.log(`  ${chalk.green('✓')} Token from environment variable ` +
+                chalk.dim(`(${getTokenFingerprint(token)})`));
+        }
+    }
+    else {
+        console.log(`  ${chalk.green('✓')} Using provided token ` +
+            chalk.dim(`(${getTokenFingerprint(token)})`));
+    }
+    if (!token) {
+        console.log(`  ${chalk.yellow('!')} No token found. Please enter it manually.`);
+        console.log(chalk.dim('    (Find it in the Playwright MCP Bridge extension → Status page)'));
+        console.log();
+        const rl = createInterface({ input, output });
+        const answer = await rl.question('  Token: ');
+        rl.close();
+        token = answer.trim();
+        if (!token) {
+            console.log(chalk.red('\n  No token provided. Aborting.\n'));
+            return;
+        }
+    }
+    const fingerprint = getTokenFingerprint(token) ?? 'unknown';
+    console.log();
+    // Step 2: Scan all config locations
+    const report = await runBrowserDoctor({ token, cliVersion: opts.cliVersion });
+    // Step 3: Build checkbox items
+    const items = [];
+    // Shell file
+    const shellPath = report.shellFiles[0]?.path ?? getDefaultShellRcPath();
+    const shellStatus = report.shellFiles[0];
+    const shellFp = shellStatus?.fingerprint;
+    const shellOk = shellFp === fingerprint;
+    const shellTool = toolName(shellPath) || 'Shell';
+    items.push({
+        label: padRight(shortenPath(shellPath), 50) + chalk.dim(` [${shellTool}]`),
+        value: `shell:${shellPath}`,
+        checked: !shellOk,
+        status: shellOk ? `configured (${shellFp})` : shellFp ? `mismatch (${shellFp})` : 'missing',
+        statusColor: shellOk ? 'green' : shellFp ? 'yellow' : 'red',
+    });
+    // Config files
+    for (const config of report.configs) {
+        const fp = config.fingerprint;
+        const ok = fp === fingerprint;
+        const tool = toolName(config.path);
+        items.push({
+            label: padRight(shortenPath(config.path), 50) + chalk.dim(tool ? ` [${tool}]` : ''),
+            value: `config:${config.path}`,
+            checked: false, // let user explicitly select which tools to configure
+            status: ok ? `configured (${fp})` : !config.exists ? 'will create' : fp ? `mismatch (${fp})` : 'missing',
+            statusColor: ok ? 'green' : 'yellow',
+        });
+    }
+    // Step 4: Show interactive checkbox
+    console.clear();
+    const selected = await checkboxPrompt(items, {
+        title: `  ${chalk.bold('opencli setup')} — token ${chalk.cyan(fingerprint)}`,
+    });
+    if (selected.length === 0) {
+        console.log(chalk.dim('  No changes made.\n'));
+        return;
+    }
+    // Step 5: Apply changes
+    const written = [];
+    let wroteShell = false;
+    for (const sel of selected) {
+        if (sel.startsWith('shell:')) {
+            const p = sel.slice('shell:'.length);
+            const before = fileExists(p) ? fs.readFileSync(p, 'utf-8') : '';
+            writeFileWithMkdir(p, upsertShellToken(before, token));
+            written.push(p);
+            wroteShell = true;
+        }
+        else if (sel.startsWith('config:')) {
+            const p = sel.slice('config:'.length);
+            const config = report.configs.find(c => c.path === p);
+            if (config && config.parseError)
+                continue;
+            const before = fileExists(p) ? fs.readFileSync(p, 'utf-8') : '';
+            const format = config?.format ?? (p.endsWith('.toml') ? 'toml' : 'json');
+            const next = format === 'toml' ? upsertTomlConfigToken(before, token) : upsertJsonConfigToken(before, token);
+            writeFileWithMkdir(p, next);
+            written.push(p);
+        }
+    }
+    process.env[PLAYWRIGHT_TOKEN_ENV] = token;
+    // Step 6: Summary
+    if (written.length > 0) {
+        console.log(chalk.green.bold(`  ✓ Updated ${written.length} file(s):`));
+        for (const p of written) {
+            const tool = toolName(p);
+            console.log(`    ${chalk.dim('•')} ${shortenPath(p)}${tool ? chalk.dim(` [${tool}]`) : ''}`);
+        }
+        if (wroteShell) {
+            console.log();
+            console.log(chalk.cyan(`  💡 Run ${chalk.bold(`source ${shortenPath(shellPath)}`)} to apply token to current shell.`));
+        }
+    }
+    else {
+        console.log(chalk.yellow('  No files were changed.'));
+    }
+    console.log();
+}
+function padRight(s, n) {
+    const visible = s.replace(/\x1b\[[0-9;]*m/g, '');
+    return visible.length >= n ? s : s + ' '.repeat(n - visible.length);
+}

package/dist/tui.d.ts

@@ -0,0 +1,22 @@
+export interface CheckboxItem {
+    label: string;
+    value: string;
+    checked: boolean;
+    /** Optional status to display after the label */
+    status?: string;
+    statusColor?: 'green' | 'yellow' | 'red' | 'dim';
+}
+/**
+ * Interactive multi-select checkbox prompt.
+ *
+ * Controls:
+ *   ↑/↓ or j/k  — navigate
+ *   Space        — toggle selection
+ *   a            — toggle all
+ *   Enter        — confirm
+ *   q/Esc        — cancel (returns empty)
+ */
+export declare function checkboxPrompt(items: CheckboxItem[], opts?: {
+    title?: string;
+    hint?: string;
+}): Promise<string[]>;