@jackwener/opencli 0.5.2 → 0.6.1

package/src/doctor.ts

@@ -1,14 +1,16 @@
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
+import { execSync } from 'node:child_process';
 import { createInterface } from 'node:readline/promises';
 import { stdin as input, stdout as output } from 'node:process';
+import chalk from 'chalk';
 import type { IPage } from './types.js';
 import { PlaywrightMCP, getTokenFingerprint } from './browser.js';
 import { browserSession } from './runtime.js';
 
 const PLAYWRIGHT_SERVER_NAME = 'playwright';
-const PLAYWRIGHT_TOKEN_ENV = 'PLAYWRIGHT_MCP_EXTENSION_TOKEN';
+export const PLAYWRIGHT_TOKEN_ENV = 'PLAYWRIGHT_MCP_EXTENSION_TOKEN';
 const PLAYWRIGHT_EXTENSION_ID = 'mmlmfjhmonkocbjadbfplnigmagldckm';
 const TOKEN_LINE_RE = /^(\s*export\s+PLAYWRIGHT_MCP_EXTENSION_TOKEN=)(['"]?)([^'"\\\n]+)\2\s*$/m;
 export type DoctorOptions = {
@@ -43,6 +45,8 @@ export type DoctorReport = {
   cliVersion?: string;
   envToken: string | null;
   envFingerprint: string | null;
+  extensionToken: string | null;
+  extensionFingerprint: string | null;
   shellFiles: ShellFileStatus[];
   configs: McpConfigStatus[];
   recommendedToken: string | null;
@@ -53,17 +57,41 @@ export type DoctorReport = {
 
 type ReportStatus = 'OK' | 'MISSING' | 'MISMATCH' | 'WARN';
 
-function label(status: ReportStatus): string {
-  return `[${status}]`;
+function colorLabel(status: ReportStatus): string {
+  switch (status) {
+    case 'OK':       return chalk.green('[OK]');
+    case 'MISSING':  return chalk.red('[MISSING]');
+    case 'MISMATCH': return chalk.yellow('[MISMATCH]');
+    case 'WARN':     return chalk.yellow('[WARN]');
+  }
 }
 
 function statusLine(status: ReportStatus, text: string): string {
-  return `${label(status)} ${text}`;
+  return `${colorLabel(status)} ${text}`;
 }
 
 function tokenSummary(token: string | null, fingerprint: string | null): string {
-  if (!token) return 'missing';
-  return `configured (${fingerprint})`;
+  if (!token) return chalk.dim('missing');
+  return `configured ${chalk.dim(`(${fingerprint})`)}`;
+}
+
+export function shortenPath(p: string): string {
+  const home = os.homedir();
+  return home && p.startsWith(home) ? '~' + p.slice(home.length) : p;
+}
+
+export function toolName(p: string): string {
+  if (p.includes('.codex/')) return 'Codex';
+  if (p.includes('.cursor/')) return 'Cursor';
+  if (p.includes('.claude.json')) return 'Claude Code';
+  if (p.includes('antigravity')) return 'Antigravity';
+  if (p.includes('.gemini/settings')) return 'Gemini CLI';
+  if (p.includes('opencode')) return 'OpenCode';
+  if (p.includes('Claude/claude_desktop')) return 'Claude Desktop';
+  if (p.includes('.vscode/')) return 'VS Code';
+  if (p.includes('.mcp.json')) return 'Project MCP';
+  if (p.includes('.zshrc') || p.includes('.bashrc') || p.includes('.profile')) return 'Shell';
+  return '';
 }
 
 export function getDefaultShellRcPath(): string {
@@ -79,12 +107,16 @@ export function getDefaultMcpConfigPaths(cwd: string = process.cwd()): string[]
     path.join(home, '.codex', 'config.toml'),
     path.join(home, '.codex', 'mcp.json'),
     path.join(home, '.cursor', 'mcp.json'),
+    path.join(home, '.claude.json'),
+    path.join(home, '.gemini', 'settings.json'),
+    path.join(home, '.gemini', 'antigravity', 'mcp_config.json'),
     path.join(home, '.config', 'opencode', 'opencode.json'),
     path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'),
     path.join(home, '.config', 'Claude', 'claude_desktop_config.json'),
     path.join(cwd, '.cursor', 'mcp.json'),
     path.join(cwd, '.vscode', 'mcp.json'),
     path.join(cwd, '.opencode', 'opencode.json'),
+    path.join(cwd, '.mcp.json'),
   ];
   return [...new Set(candidates)];
 }
@@ -170,7 +202,7 @@ export function upsertTomlConfigToken(content: string, token: string): string {
   return `${prefix}[mcp_servers.playwright]\ntype = "stdio"\ncommand = "npx"\nargs = ["-y", "@playwright/mcp@latest", "--extension"]\n\n[mcp_servers.playwright.env]\n${tokenLine}\n`;
 }
 
-function fileExists(filePath: string): boolean {
+export function fileExists(filePath: string): boolean {
   try {
     return fs.existsSync(filePath);
   } catch {
@@ -220,6 +252,145 @@ function readConfigStatus(filePath: string): McpConfigStatus {
   }
 }
 
+/**
+ * Discover the auth token stored by the Playwright MCP Bridge extension
+ * by scanning Chrome's LevelDB localStorage files directly.
+ *
+ * Uses `strings` + `grep` for fast binary scanning on macOS/Linux,
+ * with a pure-Node fallback on Windows.
+ */
+export function discoverExtensionToken(): string | null {
+  const home = os.homedir();
+  const platform = os.platform();
+  const bases: string[] = [];
+
+  if (platform === 'darwin') {
+    bases.push(
+      path.join(home, 'Library', 'Application Support', 'Google', 'Chrome'),
+      path.join(home, 'Library', 'Application Support', 'Google', 'Chrome Canary'),
+      path.join(home, 'Library', 'Application Support', 'Chromium'),
+      path.join(home, 'Library', 'Application Support', 'Microsoft Edge'),
+    );
+  } else if (platform === 'linux') {
+    bases.push(
+      path.join(home, '.config', 'google-chrome'),
+      path.join(home, '.config', 'chromium'),
+      path.join(home, '.config', 'microsoft-edge'),
+    );
+  } else if (platform === 'win32') {
+    const appData = process.env.LOCALAPPDATA || path.join(home, 'AppData', 'Local');
+    bases.push(
+      path.join(appData, 'Google', 'Chrome', 'User Data'),
+      path.join(appData, 'Microsoft', 'Edge', 'User Data'),
+    );
+  }
+
+  const profiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3'];
+  // Token is 43 chars of base64url (from 32 random bytes)
+  const tokenRe = /([A-Za-z0-9_-]{40,50})/;
+
+  for (const base of bases) {
+    for (const profile of profiles) {
+      const dir = path.join(base, profile, 'Local Storage', 'leveldb');
+      if (!fileExists(dir)) continue;
+
+      // Fast path: use strings + grep to find candidate files and extract token
+      if (platform !== 'win32') {
+        const token = extractTokenViaStrings(dir, tokenRe);
+        if (token) return token;
+        continue;
+      }
+
+      // Slow path (Windows): read binary files directly
+      const token = extractTokenViaBinaryRead(dir, tokenRe);
+      if (token) return token;
+    }
+  }
+
+  return null;
+}
+
+function extractTokenViaStrings(dir: string, tokenRe: RegExp): string | null {
+  try {
+    // Single shell pipeline: for each LevelDB file, extract strings, find lines
+    // after the extension ID, and filter for base64url token pattern.
+    //
+    // LevelDB `strings` output for the extension's auth-token entry:
+    //   auth-token                                    ← key name
+    //   4,mmlmfjhmonkocbjadbfplnigmagldckm.7          ← LevelDB internal key
+    //   hqI86ncsD1QpcVcj-k9CyzTF-ieCQd_4KreZ_wy1WHA  ← token value
+    //
+    // We get the line immediately after any EXTENSION_ID mention and check
+    // if it looks like a base64url token (40-50 chars, [A-Za-z0-9_-]).
+    const shellDir = dir.replace(/'/g, "'\\''");
+    const cmd = `for f in '${shellDir}'/*.ldb '${shellDir}'/*.log; do ` +
+      `[ -f "$f" ] && strings "$f" 2>/dev/null | ` +
+      `grep -A1 '${PLAYWRIGHT_EXTENSION_ID}' | ` +
+      `grep -v '${PLAYWRIGHT_EXTENSION_ID}' | ` +
+      `grep -E '^[A-Za-z0-9_-]{40,50}$' | head -1; ` +
+      `done 2>/dev/null`;
+    const result = execSync(cmd, { encoding: 'utf-8', timeout: 10000 }).trim();
+
+    // Take the first non-empty line
+    for (const line of result.split('\n')) {
+      const token = line.trim();
+      if (token && validateBase64urlToken(token)) return token;
+    }
+  } catch {}
+  return null;
+}
+
+function extractTokenViaBinaryRead(dir: string, tokenRe: RegExp): string | null {
+  const extIdBuf = Buffer.from(PLAYWRIGHT_EXTENSION_ID);
+  const keyBuf = Buffer.from('auth-token');
+
+  let files: string[];
+  try {
+    files = fs.readdirSync(dir)
+      .filter(f => f.endsWith('.ldb') || f.endsWith('.log'))
+      .map(f => path.join(dir, f));
+  } catch { return null; }
+
+  // Sort by mtime descending
+  files.sort((a, b) => {
+    try { return fs.statSync(b).mtimeMs - fs.statSync(a).mtimeMs; } catch { return 0; }
+  });
+
+  for (const file of files) {
+    let data: Buffer;
+    try { data = fs.readFileSync(file); } catch { continue; }
+
+    // Quick check: does file contain both the extension ID and auth-token key?
+    const extPos = data.indexOf(extIdBuf);
+    if (extPos === -1) continue;
+    const keyPos = data.indexOf(keyBuf, Math.max(0, extPos - 500));
+    if (keyPos === -1) continue;
+
+    // Scan for token value after auth-token key
+    let idx = 0;
+    while (true) {
+      const kp = data.indexOf(keyBuf, idx);
+      if (kp === -1) break;
+
+      const contextStart = Math.max(0, kp - 500);
+      if (data.indexOf(extIdBuf, contextStart) !== -1 && data.indexOf(extIdBuf, contextStart) < kp) {
+        const after = data.subarray(kp + keyBuf.length, kp + keyBuf.length + 200).toString('latin1');
+        const m = after.match(tokenRe);
+        if (m && validateBase64urlToken(m[1])) return m[1];
+      }
+      idx = kp + 1;
+    }
+  }
+  return null;
+}
+
+function validateBase64urlToken(token: string): boolean {
+  try {
+    const b64 = token.replace(/-/g, '+').replace(/_/g, '/');
+    const decoded = Buffer.from(b64, 'base64');
+    return decoded.length >= 28 && decoded.length <= 36;
+  } catch { return false; }
+}
 
 
 export async function runBrowserDoctor(opts: DoctorOptions = {}): Promise<DoctorReport> {
@@ -234,19 +405,25 @@ export async function runBrowserDoctor(opts: DoctorOptions = {}): Promise<Doctor
   const configPaths = opts.configPaths?.length ? opts.configPaths : getDefaultMcpConfigPaths();
   const configs = configPaths.map(readConfigStatus);
 
+  // Try to discover the token directly from the Chrome extension's localStorage
+  const extensionToken = discoverExtensionToken();
+
   const allTokens = [
     opts.token ?? null,
+    extensionToken,
     envToken,
     ...shellFiles.map(s => s.token),
     ...configs.map(c => c.token),
   ].filter((v): v is string => !!v);
   const uniqueTokens = [...new Set(allTokens)];
-  const recommendedToken = opts.token ?? envToken ?? (uniqueTokens.length === 1 ? uniqueTokens[0] : null) ?? null;
+  const recommendedToken = opts.token ?? extensionToken ?? envToken ?? (uniqueTokens.length === 1 ? uniqueTokens[0] : null) ?? null;
 
   const report: DoctorReport = {
     cliVersion: opts.cliVersion,
     envToken,
     envFingerprint: getTokenFingerprint(envToken ?? undefined),
+    extensionToken,
+    extensionFingerprint: getTokenFingerprint(extensionToken ?? undefined),
     shellFiles,
     configs,
     recommendedToken,
@@ -270,26 +447,32 @@ export async function runBrowserDoctor(opts: DoctorOptions = {}): Promise<Doctor
 
 export function renderBrowserDoctorReport(report: DoctorReport): string {
   const tokenFingerprints = [
+    report.extensionFingerprint,
     report.envFingerprint,
     ...report.shellFiles.map(shell => shell.fingerprint),
     ...report.configs.filter(config => config.exists).map(config => config.fingerprint),
   ].filter((value): value is string => !!value);
   const uniqueFingerprints = [...new Set(tokenFingerprints)];
   const hasMismatch = uniqueFingerprints.length > 1;
-  const lines = [`opencli v${report.cliVersion ?? 'unknown'} doctor`, ''];
+  const lines = [chalk.bold(`opencli v${report.cliVersion ?? 'unknown'} doctor`), ''];
+
+  const extStatus: ReportStatus = !report.extensionToken ? 'MISSING' : hasMismatch ? 'MISMATCH' : 'OK';
+  lines.push(statusLine(extStatus, `Extension token (Chrome LevelDB): ${tokenSummary(report.extensionToken, report.extensionFingerprint)}`));
 
   const envStatus: ReportStatus = !report.envToken ? 'MISSING' : hasMismatch ? 'MISMATCH' : 'OK';
   lines.push(statusLine(envStatus, `Environment token: ${tokenSummary(report.envToken, report.envFingerprint)}`));
 
   for (const shell of report.shellFiles) {
     const shellStatus: ReportStatus = !shell.token ? 'MISSING' : hasMismatch ? 'MISMATCH' : 'OK';
-    lines.push(statusLine(shellStatus, `Shell file ${shell.path}: ${tokenSummary(shell.token, shell.fingerprint)}`));
+    const tool = toolName(shell.path);
+    const suffix = tool ? chalk.dim(` [${tool}]`) : '';
+    lines.push(statusLine(shellStatus, `${shortenPath(shell.path)}${suffix}: ${tokenSummary(shell.token, shell.fingerprint)}`));
   }
   const existingConfigs = report.configs.filter(config => config.exists);
   const missingConfigCount = report.configs.length - existingConfigs.length;
   if (existingConfigs.length > 0) {
     for (const config of existingConfigs) {
-      const parseSuffix = config.parseError ? ` (parse error: ${config.parseError})` : '';
+      const parseSuffix = config.parseError ? chalk.red(` (parse error)`) : '';
       const configStatus: ReportStatus = config.parseError
         ? 'WARN'
         : !config.token
@@ -297,24 +480,26 @@ export function renderBrowserDoctorReport(report: DoctorReport): string {
           : hasMismatch
             ? 'MISMATCH'
             : 'OK';
-      lines.push(statusLine(configStatus, `MCP config ${config.path}: ${tokenSummary(config.token, config.fingerprint)}${parseSuffix}`));
+      const tool = toolName(config.path);
+      const suffix = tool ? chalk.dim(` [${tool}]`) : '';
+      lines.push(statusLine(configStatus, `${shortenPath(config.path)}${suffix}: ${tokenSummary(config.token, config.fingerprint)}${parseSuffix}`));
     }
   } else {
-    lines.push(statusLine('MISSING', 'MCP config: no existing config files found in scanned locations'));
+    lines.push(statusLine('MISSING', 'MCP config: no existing config files found'));
   }
-  if (missingConfigCount > 0) lines.push(`     Other scanned config locations not present: ${missingConfigCount}`);
+  if (missingConfigCount > 0) lines.push(chalk.dim(`     Other scanned config locations not present: ${missingConfigCount}`));
   lines.push('');
   lines.push(statusLine(
     hasMismatch ? 'MISMATCH' : report.recommendedToken ? 'OK' : 'WARN',
     `Recommended token fingerprint: ${report.recommendedFingerprint ?? 'unavailable'}`,
   ));
   if (report.issues.length) {
-    lines.push('', 'Issues:');
-    for (const issue of report.issues) lines.push(`- ${issue}`);
+    lines.push('', chalk.yellow('Issues:'));
+    for (const issue of report.issues) lines.push(chalk.dim(`  • ${issue}`));
   }
   if (report.warnings.length) {
-    lines.push('', 'Warnings:');
-    for (const warning of report.warnings) lines.push(`- ${warning}`);
+    lines.push('', chalk.yellow('Warnings:'));
+    for (const warning of report.warnings) lines.push(chalk.dim(`  • ${warning}`));
   }
   return lines.join('\n');
 }
@@ -329,7 +514,7 @@ async function confirmPrompt(question: string): Promise<boolean> {
   }
 }
 
-function writeFileWithMkdir(filePath: string, content: string): void {
+export function writeFileWithMkdir(filePath: string, content: string): void {
   fs.mkdirSync(path.dirname(filePath), { recursive: true });
   fs.writeFileSync(filePath, content, 'utf-8');
 }
@@ -337,27 +522,38 @@ function writeFileWithMkdir(filePath: string, content: string): void {
 export async function applyBrowserDoctorFix(report: DoctorReport, opts: DoctorOptions = {}): Promise<string[]> {
   const token = opts.token ?? report.recommendedToken;
   if (!token) throw new Error('No Playwright MCP token is available to write. Provide --token first.');
+  const fp = getTokenFingerprint(token);
 
   const plannedWrites: string[] = [];
   const shellPath = opts.shellRc ?? report.shellFiles[0]?.path ?? getDefaultShellRcPath();
-  plannedWrites.push(shellPath);
+  const shellStatus = report.shellFiles.find(s => s.path === shellPath);
+  if (shellStatus?.fingerprint !== fp) plannedWrites.push(shellPath);
   for (const config of report.configs) {
     if (!config.writable) continue;
+    if (config.fingerprint === fp) continue; // already correct
     plannedWrites.push(config.path);
   }
 
+  if (plannedWrites.length === 0) {
+    console.log(chalk.green('All config files are already up to date.'));
+    return [];
+  }
+
   if (!opts.yes) {
-    const ok = await confirmPrompt(`Update ${plannedWrites.length} file(s) with Playwright MCP token fingerprint ${getTokenFingerprint(token)}?`);
+    const ok = await confirmPrompt(`Update ${plannedWrites.length} file(s) with Playwright MCP token fingerprint ${fp}?`);
     if (!ok) return [];
   }
 
   const written: string[] = [];
-  const shellBefore = fileExists(shellPath) ? fs.readFileSync(shellPath, 'utf-8') : '';
-  writeFileWithMkdir(shellPath, upsertShellToken(shellBefore, token));
-  written.push(shellPath);
+  if (plannedWrites.includes(shellPath)) {
+    const shellBefore = fileExists(shellPath) ? fs.readFileSync(shellPath, 'utf-8') : '';
+    writeFileWithMkdir(shellPath, upsertShellToken(shellBefore, token));
+    written.push(shellPath);
+  }
 
   for (const config of report.configs) {
-    if (!config.writable || config.parseError) continue;
+    if (!plannedWrites.includes(config.path)) continue;
+    if (config.parseError) continue;
     const before = fileExists(config.path) ? fs.readFileSync(config.path, 'utf-8') : '';
     const next = config.format === 'toml' ? upsertTomlConfigToken(before, token) : upsertJsonConfigToken(before, token);
     writeFileWithMkdir(config.path, next);

package/src/main.ts

@@ -111,6 +111,14 @@ program.command('doctor')
     }
   });
 
+program.command('setup')
+  .description('Interactive setup: configure Playwright MCP token across all detected tools')
+  .option('--token <token>', 'Provide token directly instead of auto-detecting')
+  .action(async (opts) => {
+    const { runSetup } = await import('./setup.js');
+    await runSetup({ cliVersion: PKG_VERSION, token: opts.token });
+  });
+
 // ── Dynamic site commands ──────────────────────────────────────────────────
 
 const registry = getRegistry();

package/src/setup.ts

@@ -0,0 +1,169 @@
+/**
+ * setup.ts — Interactive Playwright MCP token setup
+ *
+ * Discovers the extension token, shows an interactive checkbox
+ * for selecting which config files to update, and applies changes.
+ */
+import * as fs from 'node:fs';
+import chalk from 'chalk';
+import { createInterface } from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+import {
+  type DoctorReport,
+  PLAYWRIGHT_TOKEN_ENV,
+  discoverExtensionToken,
+  fileExists,
+  getDefaultShellRcPath,
+  runBrowserDoctor,
+  shortenPath,
+  toolName,
+  upsertJsonConfigToken,
+  upsertShellToken,
+  upsertTomlConfigToken,
+  writeFileWithMkdir,
+} from './doctor.js';
+import { getTokenFingerprint } from './browser.js';
+import { type CheckboxItem, checkboxPrompt } from './tui.js';
+
+export async function runSetup(opts: { cliVersion?: string; token?: string } = {}) {
+  console.log();
+  console.log(chalk.bold('  opencli setup') + chalk.dim(' — Playwright MCP token configuration'));
+  console.log();
+
+  // Step 1: Discover token
+  let token = opts.token ?? null;
+
+  if (!token) {
+    const extensionToken = discoverExtensionToken();
+    const envToken = process.env[PLAYWRIGHT_TOKEN_ENV] ?? null;
+
+    if (extensionToken && envToken && extensionToken === envToken) {
+      token = extensionToken;
+      console.log(`  ${chalk.green('✓')} Token auto-discovered from Chrome extension`);
+      console.log(`    Fingerprint: ${chalk.bold(getTokenFingerprint(token) ?? 'unknown')}`);
+    } else if (extensionToken) {
+      token = extensionToken;
+      console.log(`  ${chalk.green('✓')} Token discovered from Chrome extension ` +
+        chalk.dim(`(${getTokenFingerprint(token)})`));
+      if (envToken && envToken !== extensionToken) {
+        console.log(`  ${chalk.yellow('!')} Environment has different token ` +
+          chalk.dim(`(${getTokenFingerprint(envToken)})`));
+      }
+    } else if (envToken) {
+      token = envToken;
+      console.log(`  ${chalk.green('✓')} Token from environment variable ` +
+        chalk.dim(`(${getTokenFingerprint(token)})`));
+    }
+  } else {
+    console.log(`  ${chalk.green('✓')} Using provided token ` +
+      chalk.dim(`(${getTokenFingerprint(token)})`));
+  }
+
+  if (!token) {
+    console.log(`  ${chalk.yellow('!')} No token found. Please enter it manually.`);
+    console.log(chalk.dim('    (Find it in the Playwright MCP Bridge extension → Status page)'));
+    console.log();
+    const rl = createInterface({ input, output });
+    const answer = await rl.question('  Token: ');
+    rl.close();
+    token = answer.trim();
+    if (!token) {
+      console.log(chalk.red('\n  No token provided. Aborting.\n'));
+      return;
+    }
+  }
+
+  const fingerprint = getTokenFingerprint(token) ?? 'unknown';
+  console.log();
+
+  // Step 2: Scan all config locations
+  const report = await runBrowserDoctor({ token, cliVersion: opts.cliVersion });
+
+  // Step 3: Build checkbox items
+  const items: CheckboxItem[] = [];
+
+  // Shell file
+  const shellPath = report.shellFiles[0]?.path ?? getDefaultShellRcPath();
+  const shellStatus = report.shellFiles[0];
+  const shellFp = shellStatus?.fingerprint;
+  const shellOk = shellFp === fingerprint;
+  const shellTool = toolName(shellPath) || 'Shell';
+  items.push({
+    label: padRight(shortenPath(shellPath), 50) + chalk.dim(` [${shellTool}]`),
+    value: `shell:${shellPath}`,
+    checked: !shellOk,
+    status: shellOk ? `configured (${shellFp})` : shellFp ? `mismatch (${shellFp})` : 'missing',
+    statusColor: shellOk ? 'green' : shellFp ? 'yellow' : 'red',
+  });
+
+  // Config files
+  for (const config of report.configs) {
+    const fp = config.fingerprint;
+    const ok = fp === fingerprint;
+    const tool = toolName(config.path);
+    items.push({
+      label: padRight(shortenPath(config.path), 50) + chalk.dim(tool ? ` [${tool}]` : ''),
+      value: `config:${config.path}`,
+      checked: false,  // let user explicitly select which tools to configure
+      status: ok ? `configured (${fp})` : !config.exists ? 'will create' : fp ? `mismatch (${fp})` : 'missing',
+      statusColor: ok ? 'green' : 'yellow',
+    });
+  }
+
+  // Step 4: Show interactive checkbox
+  console.clear();
+  const selected = await checkboxPrompt(items, {
+    title: `  ${chalk.bold('opencli setup')} — token ${chalk.cyan(fingerprint)}`,
+  });
+
+  if (selected.length === 0) {
+    console.log(chalk.dim('  No changes made.\n'));
+    return;
+  }
+
+  // Step 5: Apply changes
+  const written: string[] = [];
+  let wroteShell = false;
+
+  for (const sel of selected) {
+    if (sel.startsWith('shell:')) {
+      const p = sel.slice('shell:'.length);
+      const before = fileExists(p) ? fs.readFileSync(p, 'utf-8') : '';
+      writeFileWithMkdir(p, upsertShellToken(before, token));
+      written.push(p);
+      wroteShell = true;
+    } else if (sel.startsWith('config:')) {
+      const p = sel.slice('config:'.length);
+      const config = report.configs.find(c => c.path === p);
+      if (config && config.parseError) continue;
+      const before = fileExists(p) ? fs.readFileSync(p, 'utf-8') : '';
+      const format = config?.format ?? (p.endsWith('.toml') ? 'toml' : 'json');
+      const next = format === 'toml' ? upsertTomlConfigToken(before, token) : upsertJsonConfigToken(before, token);
+      writeFileWithMkdir(p, next);
+      written.push(p);
+    }
+  }
+
+  process.env[PLAYWRIGHT_TOKEN_ENV] = token;
+
+  // Step 6: Summary
+  if (written.length > 0) {
+    console.log(chalk.green.bold(`  ✓ Updated ${written.length} file(s):`));
+    for (const p of written) {
+      const tool = toolName(p);
+      console.log(`    ${chalk.dim('•')} ${shortenPath(p)}${tool ? chalk.dim(` [${tool}]`) : ''}`);
+    }
+    if (wroteShell) {
+      console.log();
+      console.log(chalk.cyan(`  💡 Run ${chalk.bold(`source ${shortenPath(shellPath)}`)} to apply token to current shell.`));
+    }
+  } else {
+    console.log(chalk.yellow('  No files were changed.'));
+  }
+  console.log();
+}
+
+function padRight(s: string, n: number): string {
+  const visible = s.replace(/\x1b\[[0-9;]*m/g, '');
+  return visible.length >= n ? s : s + ' '.repeat(n - visible.length);
+}