@jackwener/opencli 1.3.2 → 1.3.3

package/README.md

@@ -99,7 +99,7 @@ Run `opencli list` for the live registry.
 
 | Site | Commands | Mode |
 |------|----------|------|
-| **twitter** | `trending` `bookmarks` `profile` `search` `timeline` `thread` `following` `followers` `notifications` `post` `reply` `delete` `like` `article` `follow` `unfollow` `bookmark` `unbookmark` `download` `accept` `reply-dm` | Browser |
+| **twitter** | `trending` `bookmarks` `profile` `search` `timeline` `thread` `following` `followers` `notifications` `post` `reply` `delete` `like` `article` `follow` `unfollow` `bookmark` `unbookmark` `download` `accept` `reply-dm` `block` `unblock` `hide-reply` | Browser |
 | **reddit** | `hot` `frontpage` `popular` `search` `subreddit` `read` `user` `user-posts` `user-comments` `upvote` `save` `comment` `subscribe` `saved` `upvoted` | Browser |
 | **cursor** | `status` `send` `read` `new` `dump` `composer` `model` `extract-code` `ask` `screenshot` `history` `export` | Desktop |
 | **bilibili** | `hot` `search` `me` `favorite` `history` `feed` `subtitle` `dynamic` `ranking` `following` `user-videos` `download` | Browser |
@@ -111,7 +111,7 @@ Run `opencli list` for the live registry.
 | **discord-app** | `status` `send` `read` `channels` `servers` `search` `members` | Desktop |
 | **v2ex** | `hot` `latest` `topic` `node` `user` `member` `replies` `nodes` `daily` `me` `notifications` | Public / Browser |
 | **xueqiu** | `feed` `hot-stock` `hot` `search` `stock` `watchlist` `earnings-date` | Browser |
-| **antigravity** | `status` `send` `read` `new` `dump` `extract-code` `model` `watch` `serve` | Desktop |
+| **antigravity** | `status` `send` `read` `new` `dump` `extract-code` `model` `watch` | Desktop |
 | **chatgpt** | `status` `new` `send` `read` `ask` | Desktop |
 | **xiaohongshu** | `search` `notifications` `feed` `user` `download` `publish` `creator-notes` `creator-note-detail` `creator-notes-summary` `creator-profile` `creator-stats` | Browser |
 | **apple-podcasts** | `search` `episodes` `top` | Public |
@@ -126,7 +126,7 @@ Run `opencli list` for the live registry.
 | **ctrip** | `search` | Browser |
 | **devto** | `top` `tag` `user` | Public |
 | **arxiv** | `search` `paper` | Public |
-| **wikipedia** | `search` `summary` | Public |
+| **wikipedia** | `search` `summary` `random` `trending` | Public |
 | **hackernews** | `top` `new` `best` `ask` `show` `jobs` `search` `user` | Public |
 | **linkedin** | `search` | Browser |
 | **reuters** | `search` | Browser |
@@ -145,14 +145,14 @@ Run `opencli list` for the live registry.
 | **stackoverflow** | `hot` `search` `bounties` `unanswered` | Public |
 | **steam** | `top-sellers` | Public |
 | **weread** | `shelf` `search` `book` `highlights` `notes` `notebooks` `ranking` | Browser |
-| **douban** | `search` `top250` `subject` `marks` `reviews` | Browser |
+| **douban** | `search` `top250` `subject` `marks` `reviews` `movie-hot` `book-hot` | Browser |
 | **facebook** | `feed` `profile` `search` `friends` `groups` `events` `notifications` `memories` `add-friend` `join-group` | Browser |
 | **google** | `news` `search` `suggest` `trends` | Public |
 | **instagram** | `explore` `profile` `search` `user` `followers` `following` `follow` `unfollow` `like` `unlike` `comment` `save` `unsave` `saved` | Browser |
 | **lobsters** | `hot` `newest` `active` `tag` | Public |
-| **medium** | `feed` `search` `user` `shared` | Browser |
-| **sinablog** | `hot` `search` `article` `user` `shared` | Browser |
-| **substack** | `feed` `search` `publication` `shared` | Browser |
+| **medium** | `feed` `search` `user` | Browser |
+| **sinablog** | `hot` `search` `article` `user` | Browser |
+| **substack** | `feed` `search` `publication` | Browser |
 | **tiktok** | `explore` `search` `profile` `user` `following` `follow` `unfollow` `like` `unlike` `comment` `save` `unsave` `live` `notifications` `friends` | Browser |
 
 

package/README.zh-CN.md

@@ -101,7 +101,7 @@ npm install -g @jackwener/opencli@latest
 
 | 站点 | 命令 | 模式 |
 |------|------|------|
-| **twitter** | `trending` `bookmarks` `profile` `search` `timeline` `thread` `following` `followers` `notifications` `post` `reply` `delete` `like` `article` `follow` `unfollow` `bookmark` `unbookmark` `download` `accept` `reply-dm` | 浏览器 |
+| **twitter** | `trending` `bookmarks` `profile` `search` `timeline` `thread` `following` `followers` `notifications` `post` `reply` `delete` `like` `article` `follow` `unfollow` `bookmark` `unbookmark` `download` `accept` `reply-dm` `block` `unblock` `hide-reply` | 浏览器 |
 | **reddit** | `hot` `frontpage` `popular` `search` `subreddit` `read` `user` `user-posts` `user-comments` `upvote` `save` `comment` `subscribe` `saved` `upvoted` | 浏览器 |
 | **cursor** | `status` `send` `read` `new` `dump` `composer` `model` `extract-code` `ask` `screenshot` `history` `export` | 桌面端 |
 | **bilibili** | `hot` `search` `me` `favorite` `history` `feed` `subtitle` `dynamic` `ranking` `following` `user-videos` `download` | 浏览器 |
@@ -113,7 +113,7 @@ npm install -g @jackwener/opencli@latest
 | **discord-app** | `status` `send` `read` `channels` `servers` `search` `members` | 桌面端 |
 | **v2ex** | `hot` `latest` `topic` `node` `user` `member` `replies` `nodes` `daily` `me` `notifications` | 公开 / 浏览器 |
 | **xueqiu** | `feed` `hot-stock` `hot` `search` `stock` `watchlist` `earnings-date` | 浏览器 |
-| **antigravity** | `status` `send` `read` `new` `dump` `extract-code` `model` `watch` `serve` | 桌面端 |
+| **antigravity** | `status` `send` `read` `new` `dump` `extract-code` `model` `watch` | 桌面端 |
 | **chatgpt** | `status` `new` `send` `read` `ask` | 桌面端 |
 | **xiaohongshu** | `search` `notifications` `feed` `user` `download` `publish` `creator-notes` `creator-note-detail` `creator-notes-summary` `creator-profile` `creator-stats` | 浏览器 |
 | **apple-podcasts** | `search` `episodes` `top` | 公开 |
@@ -128,7 +128,7 @@ npm install -g @jackwener/opencli@latest
 | **ctrip** | `search` | 浏览器 |
 | **devto** | `top` `tag` `user` | 公开 |
 | **arxiv** | `search` `paper` | 公开 |
-| **wikipedia** | `search` `summary` | 公开 |
+| **wikipedia** | `search` `summary` `random` `trending` | 公开 |
 | **hackernews** | `top` `new` `best` `ask` `show` `jobs` `search` `user` | 公共 API |
 | **linkedin** | `search` | 浏览器 |
 | **reuters** | `search` | 浏览器 |
@@ -147,14 +147,14 @@ npm install -g @jackwener/opencli@latest
 | **stackoverflow** | `hot` `search` `bounties` `unanswered` | 公开 |
 | **steam** | `top-sellers` | 公开 |
 | **weread** | `shelf` `search` `book` `highlights` `notes` `notebooks` `ranking` | 浏览器 |
-| **douban** | `search` `top250` `subject` `marks` `reviews` | 浏览器 |
+| **douban** | `search` `top250` `subject` `marks` `reviews` `movie-hot` `book-hot` | 浏览器 |
 | **facebook** | `feed` `profile` `search` `friends` `groups` `events` `notifications` `memories` `add-friend` `join-group` | 浏览器 |
 | **google** | `news` `search` `suggest` `trends` | 公开 |
 | **instagram** | `explore` `profile` `search` `user` `followers` `following` `follow` `unfollow` `like` `unlike` `comment` `save` `unsave` `saved` | 浏览器 |
 | **lobsters** | `hot` `newest` `active` `tag` | 公开 |
-| **medium** | `feed` `search` `user` `shared` | 浏览器 |
-| **sinablog** | `hot` `search` `article` `user` `shared` | 浏览器 |
-| **substack** | `feed` `search` `publication` `shared` | 浏览器 |
+| **medium** | `feed` `search` `user` | 浏览器 |
+| **sinablog** | `hot` `search` `article` `user` | 浏览器 |
+| **substack** | `feed` `search` `publication` | 浏览器 |
 | **tiktok** | `explore` `search` `profile` `user` `following` `follow` `unfollow` `like` `unlike` `comment` `save` `unsave` `live` `notifications` `friends` | 浏览器 |
 
 

package/SKILL.md

@@ -182,7 +182,6 @@ opencli antigravity dump               # 导出 DOM 和快照调试信息
 opencli antigravity extract-code        # 自动抽取 AI 回复中的代码块
 opencli antigravity model claude        # 切换底层模型
 opencli antigravity watch               # 流式监听增量消息
-opencli antigravity serve --port 8082  # 启动 Anthropic 兼容代理
 
 # Barchart (browser)
 opencli barchart quote --symbol AAPL     # 股票行情

package/dist/browser/cdp.js

@@ -10,6 +10,7 @@
 import { WebSocket } from 'ws';
 import { wrapForEval } from './utils.js';
 import { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+import { generateStealthJs } from './stealth.js';
 import { clickJs, typeTextJs, pressKeyJs, waitForTextJs, scrollJs, autoScrollJs, networkRequestsJs, waitForDomStableJs, } from './dom-helpers.js';
 const CDP_SEND_TIMEOUT = 30_000; // 30s per command
 export class CDPBridge {
@@ -38,9 +39,17 @@ export class CDPBridge {
             const ws = new WebSocket(wsUrl);
             const timeoutMs = (opts?.timeout ?? 10) * 1000; // opts.timeout is in seconds
             const timeout = setTimeout(() => reject(new Error('CDP connect timeout')), timeoutMs);
-            ws.on('open', () => {
+            ws.on('open', async () => {
                 clearTimeout(timeout);
                 this._ws = ws;
+                // Register stealth script to run before any page JS on every navigation.
+                try {
+                    await this.send('Page.enable');
+                    await this.send('Page.addScriptToEvaluateOnNewDocument', { source: generateStealthJs() });
+                }
+                catch {
+                    // Non-fatal: stealth is best-effort
+                }
                 resolve(new CDPPage(this));
             });
             ws.on('error', (err) => {

package/dist/browser/daemon-client.js

@@ -3,7 +3,8 @@
  *
  * Provides a typed send() function that posts a Command and returns a Result.
  */
-const DAEMON_PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? '19825', 10);
+import { DEFAULT_DAEMON_PORT } from '../constants.js';
+const DAEMON_PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? String(DEFAULT_DAEMON_PORT), 10);
 const DAEMON_URL = `http://127.0.0.1:${DAEMON_PORT}`;
 let _idCounter = 0;
 function generateId() {

package/dist/browser/discover.js

@@ -4,6 +4,7 @@
  * Only needs to check if the daemon is running. No more file system
  * scanning for @playwright/mcp locations.
  */
+import { DEFAULT_DAEMON_PORT } from '../constants.js';
 import { isDaemonRunning } from './daemon-client.js';
 export { isDaemonRunning };
 /**
@@ -11,7 +12,7 @@ export { isDaemonRunning };
  */
 export async function checkDaemonStatus() {
     try {
-        const port = parseInt(process.env.OPENCLI_DAEMON_PORT ?? '19825', 10);
+        const port = parseInt(process.env.OPENCLI_DAEMON_PORT ?? String(DEFAULT_DAEMON_PORT), 10);
         const res = await fetch(`http://127.0.0.1:${port}/status`, {
             headers: { 'X-OpenCLI': '1' },
         });

package/dist/browser/errors.js

@@ -5,13 +5,14 @@
  * The daemon architecture has a single failure mode: daemon not reachable or extension not connected.
  */
 import { BrowserConnectError } from '../errors.js';
+import { DEFAULT_DAEMON_PORT } from '../constants.js';
 export function formatBrowserConnectError(kind, detail) {
     switch (kind) {
         case 'daemon-not-running':
             return new BrowserConnectError('Cannot connect to opencli daemon.' +
                 (detail ? `\n\n${detail}` : ''), 'The daemon should start automatically. If it doesn\'t, try:\n' +
                 '  node dist/daemon.js\n' +
-                'Make sure port 19825 is available.');
+                `Make sure port ${DEFAULT_DAEMON_PORT} is available.`);
         case 'extension-not-connected':
             return new BrowserConnectError('opencli Browser Bridge extension is not connected.' +
                 (detail ? `\n\n${detail}` : ''), 'Please install the extension:\n' +

package/dist/browser/index.d.ts

@@ -9,6 +9,7 @@ export { BrowserBridge, BrowserBridge as PlaywrightMCP } from './mcp.js';
 export { CDPBridge } from './cdp.js';
 export { isDaemonRunning } from './daemon-client.js';
 export { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+export { generateStealthJs } from './stealth.js';
 export type { SnapshotOptions } from './dom-snapshot.js';
 import { extractTabEntries, diffTabIndexes, appendLimited } from './tabs.js';
 import { withTimeoutMs } from '../runtime.js';

package/dist/browser/index.js

@@ -9,6 +9,7 @@ export { BrowserBridge, BrowserBridge as PlaywrightMCP } from './mcp.js';
 export { CDPBridge } from './cdp.js';
 export { isDaemonRunning } from './daemon-client.js';
 export { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+export { generateStealthJs } from './stealth.js';
 import { extractTabEntries, diffTabIndexes, appendLimited } from './tabs.js';
 import { __test__ as cdpTest } from './cdp.js';
 import { withTimeoutMs } from '../runtime.js';

package/dist/browser/page.js

@@ -13,6 +13,7 @@ import { formatSnapshot } from '../snapshotFormatter.js';
 import { sendCommand } from './daemon-client.js';
 import { wrapForEval } from './utils.js';
 import { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+import { generateStealthJs } from './stealth.js';
 import { clickJs, typeTextJs, pressKeyJs, waitForTextJs, scrollJs, autoScrollJs, networkRequestsJs, waitForDomStableJs, } from './dom-helpers.js';
 /**
  * Page — implements IPage by talking to the daemon via HTTP.
@@ -41,6 +42,17 @@ export class Page {
         if (result?.tabId) {
             this._tabId = result.tabId;
         }
+        // Inject stealth anti-detection patches (guard flag prevents double-injection).
+        try {
+            await sendCommand('exec', {
+                code: generateStealthJs(),
+                ...this._workspaceOpt(),
+                ...this._tabOpt(),
+            });
+        }
+        catch {
+            // Non-fatal: stealth is best-effort
+        }
         // Smart settle: use DOM stability detection instead of fixed sleep.
         // settleMs is now a timeout cap (default 1000ms), not a fixed wait.
         if (options?.waitUntil !== 'none') {

package/dist/browser/stealth.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Stealth anti-detection module.
+ *
+ * Generates JS code that patches browser globals to hide automation
+ * fingerprints (e.g. navigator.webdriver, missing chrome object, empty
+ * plugin list). Injected before page scripts run so that websites cannot
+ * detect CDP / extension-based control.
+ *
+ * Inspired by puppeteer-extra-plugin-stealth.
+ */
+/** Guard flag set on `window` to prevent double-injection. */
+export declare const STEALTH_GUARD = "__opencli_stealth_applied";
+/**
+ * Return a self-contained JS string that, when evaluated in a page context,
+ * applies all stealth patches. Safe to call multiple times — the guard flag
+ * ensures patches are applied only once.
+ */
+export declare function generateStealthJs(): string;

package/dist/browser/stealth.js

@@ -0,0 +1,140 @@
+/**
+ * Stealth anti-detection module.
+ *
+ * Generates JS code that patches browser globals to hide automation
+ * fingerprints (e.g. navigator.webdriver, missing chrome object, empty
+ * plugin list). Injected before page scripts run so that websites cannot
+ * detect CDP / extension-based control.
+ *
+ * Inspired by puppeteer-extra-plugin-stealth.
+ */
+/** Guard flag set on `window` to prevent double-injection. */
+export const STEALTH_GUARD = '__opencli_stealth_applied';
+/**
+ * Return a self-contained JS string that, when evaluated in a page context,
+ * applies all stealth patches. Safe to call multiple times — the guard flag
+ * ensures patches are applied only once.
+ */
+export function generateStealthJs() {
+    return `
+    (() => {
+      // Guard: skip if already applied
+      if (window.${STEALTH_GUARD}) return 'skipped';
+      // Use defineProperty so the guard flag is non-enumerable (not a detection vector).
+      Object.defineProperty(window, '${STEALTH_GUARD}', { value: true, configurable: true });
+
+      // 1. navigator.webdriver → undefined
+      //    Most common check; Playwright/Puppeteer/CDP set this to true.
+      try {
+        Object.defineProperty(navigator, 'webdriver', {
+          get: () => undefined,
+          configurable: true,
+        });
+      } catch {}
+
+      // 2. window.chrome stub
+      //    Real Chrome exposes window.chrome with runtime, loadTimes, csi.
+      //    Headless/automated Chrome may not have it.
+      try {
+        if (!window.chrome) {
+          window.chrome = {
+            runtime: {
+              onConnect: { addListener: () => {}, removeListener: () => {} },
+              onMessage: { addListener: () => {}, removeListener: () => {} },
+            },
+            loadTimes: () => ({}),
+            csi: () => ({}),
+          };
+        }
+      } catch {}
+
+      // 3. navigator.plugins — fake population only if empty
+      //    Real user browser already has plugins; only patch in automated/headless
+      //    contexts where the list is empty (overwriting real plugins with fakes
+      //    would be counterproductive and detectable).
+      try {
+        if (!navigator.plugins || navigator.plugins.length === 0) {
+          const fakePlugins = [
+            { name: 'PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+            { name: 'Chrome PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+            { name: 'Chromium PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+            { name: 'Microsoft Edge PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+            { name: 'WebKit built-in PDF', filename: 'internal-pdf-viewer', description: '' },
+          ];
+          fakePlugins.item = (i) => fakePlugins[i] || null;
+          fakePlugins.namedItem = (n) => fakePlugins.find(p => p.name === n) || null;
+          fakePlugins.refresh = () => {};
+          Object.defineProperty(navigator, 'plugins', {
+            get: () => fakePlugins,
+            configurable: true,
+          });
+        }
+      } catch {}
+
+      // 4. navigator.languages — guarantee non-empty
+      //    Some automated contexts return undefined or empty array.
+      try {
+        if (!navigator.languages || navigator.languages.length === 0) {
+          Object.defineProperty(navigator, 'languages', {
+            get: () => ['en-US', 'en'],
+            configurable: true,
+          });
+        }
+      } catch {}
+
+      // 5. Permissions.query — normalize notification permission
+      //    Headless Chrome throws on Permissions.query({ name: 'notifications' }).
+      try {
+        const origQuery = window.Permissions?.prototype?.query;
+        if (origQuery) {
+          window.Permissions.prototype.query = function (parameters) {
+            if (parameters?.name === 'notifications') {
+              return Promise.resolve({ state: Notification.permission, onchange: null });
+            }
+            return origQuery.call(this, parameters);
+          };
+        }
+      } catch {}
+
+      // 6. Clean automation artifacts
+      //    Remove properties left by Playwright, Puppeteer, or CDP injection.
+      try {
+        delete window.__playwright;
+        delete window.__puppeteer;
+        // ChromeDriver injects cdc_ prefixed globals; the suffix varies by version,
+        // so scan window for any matching property rather than hardcoding names.
+        for (const prop of Object.getOwnPropertyNames(window)) {
+          if (prop.startsWith('cdc_') || prop.startsWith('__cdc_')) {
+            try { delete window[prop]; } catch {}
+          }
+        }
+      } catch {}
+
+      // 7. CDP stack trace cleanup
+      //    Runtime.evaluate injects scripts whose source URLs appear in Error
+      //    stack traces (e.g. __puppeteer_evaluation_script__, pptr:, debugger://).
+      //    Websites detect automation by doing: new Error().stack and inspecting it.
+      //    We override the stack property getter on Error.prototype to filter them.
+      //    Note: Error.prepareStackTrace is V8/Node-only and not available in
+      //    browser page context, so we use a property descriptor approach instead.
+      try {
+        const _origDescriptor = Object.getOwnPropertyDescriptor(Error.prototype, 'stack');
+        const _cdpPatterns = ['puppeteer_evaluation_script', 'pptr:', 'debugger://', '__opencli'];
+        if (_origDescriptor && _origDescriptor.get) {
+          Object.defineProperty(Error.prototype, 'stack', {
+            get: function () {
+              const raw = _origDescriptor.get.call(this);
+              if (typeof raw !== 'string') return raw;
+              return raw.split('\\n').filter(line =>
+                !_cdpPatterns.some(p => line.includes(p))
+              ).join('\\n');
+            },
+            configurable: true,
+          });
+        }
+      } catch {}
+
+      return 'applied';
+    })()
+  `;
+}

package/dist/browser.test.js

@@ -1,5 +1,6 @@
 import { describe, it, expect, vi } from 'vitest';
-import { BrowserBridge, __test__ } from './browser/index.js';
+import { BrowserBridge, __test__, generateStealthJs } from './browser/index.js';
+import { STEALTH_GUARD } from './browser/stealth.js';
 import * as daemonClient from './browser/daemon-client.js';
 describe('browser helpers', () => {
     it('extracts tab entries from string snapshots', () => {
@@ -102,3 +103,48 @@ describe('BrowserBridge state', () => {
         await expect(mcp.connect()).rejects.toThrow('Browser Extension is not connected');
     });
 });
+describe('stealth anti-detection', () => {
+    it('generates non-empty JS string', () => {
+        const js = generateStealthJs();
+        expect(typeof js).toBe('string');
+        expect(js.length).toBeGreaterThan(100);
+    });
+    it('contains all 7 anti-detection patches', () => {
+        const js = generateStealthJs();
+        // 1. webdriver
+        expect(js).toContain('navigator');
+        expect(js).toContain('webdriver');
+        // 2. chrome stub
+        expect(js).toContain('window.chrome');
+        // 3. plugins
+        expect(js).toContain('plugins');
+        expect(js).toContain('PDF Viewer');
+        // 4. languages
+        expect(js).toContain('languages');
+        // 5. permissions
+        expect(js).toContain('Permissions');
+        expect(js).toContain('notifications');
+        // 6. automation artifacts (dynamic cdc_ scan)
+        expect(js).toContain('__playwright');
+        expect(js).toContain('__puppeteer');
+        expect(js).toContain('getOwnPropertyNames');
+        expect(js).toContain('cdc_');
+        // 7. CDP stack trace cleanup
+        expect(js).toContain('Error.prototype');
+        expect(js).toContain('puppeteer_evaluation_script');
+        expect(js).toContain('getOwnPropertyDescriptor');
+    });
+    it('includes guard flag to prevent double-injection', () => {
+        const js = generateStealthJs();
+        expect(js).toContain(STEALTH_GUARD);
+        // Guard should check early and return 'skipped'
+        expect(js).toContain("return 'skipped'");
+        // Normal path returns 'applied'
+        expect(js).toContain("return 'applied'");
+    });
+    it('generates syntactically valid JS', () => {
+        const js = generateStealthJs();
+        // Should not throw when parsed
+        expect(() => new Function(js)).not.toThrow();
+    });
+});

package/dist/constants.d.ts

@@ -1,6 +1,8 @@
 /**
  * Shared constants used across explore, synthesize, and pipeline modules.
  */
+/** Default daemon port for HTTP/WebSocket communication with browser extension */
+export declare const DEFAULT_DAEMON_PORT = 19825;
 /** URL query params that are volatile/ephemeral and should be stripped from patterns */
 export declare const VOLATILE_PARAMS: Set<string>;
 /** Search-related query parameter names */

package/dist/constants.js

@@ -1,6 +1,8 @@
 /**
  * Shared constants used across explore, synthesize, and pipeline modules.
  */
+/** Default daemon port for HTTP/WebSocket communication with browser extension */
+export const DEFAULT_DAEMON_PORT = 19825;
 /** URL query params that are volatile/ephemeral and should be stripped from patterns */
 export const VOLATILE_PARAMS = new Set([
     'w_rid', 'wts', '_', 'callback', 'timestamp', 't', 'nonce', 'sign',

package/dist/daemon.js

@@ -20,7 +20,8 @@
  */
 import { createServer } from 'node:http';
 import { WebSocketServer, WebSocket } from 'ws';
-const PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? '19825', 10);
+import { DEFAULT_DAEMON_PORT } from './constants.js';
+const PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? String(DEFAULT_DAEMON_PORT), 10);
 const IDLE_TIMEOUT = 5 * 60 * 1000; // 5 minutes
 // ─── State ───────────────────────────────────────────────────────────
 let extensionWs = null;

package/dist/doctor.js

@@ -5,6 +5,7 @@
  * MCP path discovery, or config file scanning.
  */
 import chalk from 'chalk';
+import { DEFAULT_DAEMON_PORT } from './constants.js';
 import { checkDaemonStatus } from './browser/discover.js';
 import { BrowserBridge } from './browser/index.js';
 import { listSessions } from './browser/daemon-client.js';
@@ -75,7 +76,7 @@ export function renderBrowserDoctorReport(report) {
     const lines = [chalk.bold(`opencli v${report.cliVersion ?? 'unknown'} doctor`), ''];
     // Daemon status
     const daemonIcon = report.daemonRunning ? chalk.green('[OK]') : chalk.red('[MISSING]');
-    lines.push(`${daemonIcon} Daemon: ${report.daemonRunning ? 'running on port 19825' : 'not running'}`);
+    lines.push(`${daemonIcon} Daemon: ${report.daemonRunning ? `running on port ${DEFAULT_DAEMON_PORT}` : 'not running'}`);
     // Extension status
     const extIcon = report.extensionConnected ? chalk.green('[OK]') : chalk.yellow('[MISSING]');
     lines.push(`${extIcon} Extension: ${report.extensionConnected ? 'connected' : 'not connected'}`);

package/docs/adapters/browser/douban.md

@@ -6,19 +6,17 @@
 
 | Command | Description |
 |---------|-------------|
+| `opencli douban search` | 搜索豆瓣电影、图书或音乐 |
+| `opencli douban top250` | 豆瓣电影 Top 250 |
+| `opencli douban subject` | 条目详情 |
+| `opencli douban marks` | 我的标记 |
+| `opencli douban reviews` | 我的短评 |
 | `opencli douban movie-hot` | 豆瓣电影热门榜单 |
 | `opencli douban book-hot` | 豆瓣图书热门榜单 |
-| `opencli douban search` | 搜索豆瓣电影、图书或音乐 |
 
 ## Usage Examples
 
 ```bash
-# 电影热门
-opencli douban movie-hot --limit 10
-
-# 图书热门
-opencli douban book-hot --limit 10
-
 # 搜索电影
 opencli douban search "流浪地球"
 
@@ -28,8 +26,20 @@ opencli douban search --type book "三体"
 # 搜索音乐
 opencli douban search --type music "周杰伦"
 
+# 电影 Top 250
+opencli douban top250 --limit 10
+
+# 条目详情
+opencli douban subject 1292052
+
+# 电影热门
+opencli douban movie-hot --limit 10
+
+# 图书热门
+opencli douban book-hot --limit 10
+
 # JSON output
-opencli douban movie-hot -f json
+opencli douban top250 -f json
 ```
 
 ## Prerequisites

package/docs/adapters/browser/wikipedia.md

@@ -8,8 +8,6 @@
 |---------|-------------|
 | `opencli wikipedia search` | Search Wikipedia articles |
 | `opencli wikipedia summary` | Get Wikipedia article summary |
-| `opencli wikipedia random` | Get a random Wikipedia article |
-| `opencli wikipedia trending` | Most-read articles (yesterday) |
 
 ## Usage Examples
 
@@ -20,15 +18,8 @@ opencli wikipedia search "quantum computing" --limit 10
 # Get article summary
 opencli wikipedia summary "Artificial intelligence"
 
-# Get a random article
-opencli wikipedia random
-
-# Most-read articles (yesterday)
-opencli wikipedia trending --limit 5
-
 # Use with other languages
 opencli wikipedia search "人工智能" --lang zh
-opencli wikipedia random --lang ja
 
 # JSON output
 opencli wikipedia search "Rust" -f json

package/docs/adapters/desktop/antigravity.md

@@ -47,6 +47,3 @@ Quickly target and switch the active LLM engine. Example: `opencli antigravity m
 
 ### `opencli antigravity watch`
 A long-running, streaming process that continuously polls the Antigravity UI for chat updates and outputs them in real-time to standard output.
-
-### `opencli antigravity serve --port 8082`
-Start an Anthropic-compatible `/v1/messages` proxy backed by the local Antigravity app. Useful when you want external tools to talk to Antigravity through an API-shaped interface.

package/docs/adapters/index.md

@@ -6,12 +6,12 @@ Run `opencli list` for the live registry.
 
 | Site | Commands | Mode |
 |------|----------|------|
-| **[twitter](/adapters/browser/twitter)** | `trending` `bookmarks` `profile` `search` `timeline` `thread` `following` `followers` `notifications` `post` `reply` `delete` `like` `article` `follow` `unfollow` `bookmark` `unbookmark` `download` `accept` `reply-dm` | 🔐 Browser |
+| **[twitter](/adapters/browser/twitter)** | `trending` `bookmarks` `profile` `search` `timeline` `thread` `following` `followers` `notifications` `post` `reply` `delete` `like` `article` `follow` `unfollow` `bookmark` `unbookmark` `download` `accept` `reply-dm` `block` `unblock` `hide-reply` | 🔐 Browser |
 | **[reddit](/adapters/browser/reddit)** | `hot` `frontpage` `popular` `search` `subreddit` `read` `user` `user-posts` `user-comments` `upvote` `save` `comment` `subscribe` `saved` `upvoted` | 🔐 Browser |
 | **[bilibili](/adapters/browser/bilibili)** | `hot` `search` `me` `favorite` `history` `feed` `subtitle` `dynamic` `ranking` `following` `user-videos` `download` | 🔐 Browser |
 | **[zhihu](/adapters/browser/zhihu)** | `hot` `search` `question` `download` | 🔐 Browser |
-| **[xiaohongshu](/adapters/browser/xiaohongshu)** | `search` `notifications` `feed` `me` `user` `download` `publish` | 🔐 Browser |
-| **[xueqiu](/adapters/browser/xueqiu)** | `feed` `hot-stock` `hot` `search` `stock` `watchlist` | 🔐 Browser |
+| **[xiaohongshu](/adapters/browser/xiaohongshu)** | `search` `notifications` `feed` `user` `download` `publish` `creator-notes` `creator-note-detail` `creator-notes-summary` `creator-profile` `creator-stats` | 🔐 Browser |
+| **[xueqiu](/adapters/browser/xueqiu)** | `feed` `hot-stock` `hot` `search` `stock` `watchlist` `earnings-date` | 🔐 Browser |
 | **[youtube](/adapters/browser/youtube)** | `search` `video` `transcript` | 🔐 Browser |
 | **[v2ex](/adapters/browser/v2ex)** | `hot` `latest` `topic` `node` `user` `member` `replies` `nodes` `daily` `me` `notifications` | 🌐 / 🔐 |
 | **[bloomberg](/adapters/browser/bloomberg)** | `main` `markets` `economics` `industries` `tech` `politics` `businessweek` `opinions` `feeds` `news` | 🌐 / 🔐 |
@@ -30,12 +30,12 @@ Run `opencli list` for the live registry.
 | **[grok](/adapters/browser/grok)** | `ask` | 🔐 Browser |
 | **[doubao](/adapters/browser/doubao)** | `status` `new` `send` `read` `ask` | 🔐 Browser |
 | **[weread](/adapters/browser/weread)** | `shelf` `search` `book` `ranking` `notebooks` `highlights` `notes` | 🔐 Browser |
-| **[douban](/adapters/browser/douban)** | `search` `top250` `subject` `marks` `reviews` | 🔐 Browser |
+| **[douban](/adapters/browser/douban)** | `search` `top250` `subject` `marks` `reviews` `movie-hot` `book-hot` | 🔐 Browser |
 | **[facebook](/adapters/browser/facebook)** | `feed` `profile` `search` `friends` `groups` `events` `notifications` `memories` `add-friend` `join-group` | 🔐 Browser |
 | **[instagram](/adapters/browser/instagram)** | `explore` `profile` `search` `user` `followers` `following` `follow` `unfollow` `like` `unlike` `comment` `save` `unsave` `saved` | 🔐 Browser |
-| **[medium](/adapters/browser/medium)** | `feed` `search` `user` `shared` | 🔐 Browser |
-| **[sinablog](/adapters/browser/sinablog)** | `hot` `search` `article` `user` `shared` | 🔐 Browser |
-| **[substack](/adapters/browser/substack)** | `feed` `search` `publication` `shared` | 🔐 Browser |
+| **[medium](/adapters/browser/medium)** | `feed` `search` `user` | 🔐 Browser |
+| **[sinablog](/adapters/browser/sinablog)** | `hot` `search` `article` `user` | 🔐 Browser |
+| **[substack](/adapters/browser/substack)** | `feed` `search` `publication` | 🔐 Browser |
 | **[tiktok](/adapters/browser/tiktok)** | `explore` `search` `profile` `user` `following` `follow` `unfollow` `like` `unlike` `comment` `save` `unsave` `live` `notifications` `friends` | 🔐 Browser |
 
 ## Public API Adapters
@@ -53,7 +53,7 @@ Run `opencli list` for the live registry.
 | **[hf](/adapters/browser/hf)** | `top` | 🌐 Public |
 | **[sinafinance](/adapters/browser/sinafinance)** | `news` | 🌐 Public |
 | **[stackoverflow](/adapters/browser/stackoverflow)** | `hot` `search` `bounties` `unanswered` | 🌐 Public |
-| **[wikipedia](/adapters/browser/wikipedia)** | `search` `summary` | 🌐 Public |
+| **[wikipedia](/adapters/browser/wikipedia)** | `search` `summary` `random` `trending` | 🌐 Public |
 | **[lobsters](/adapters/browser/lobsters)** | `hot` `newest` `active` `tag` | 🌐 Public |
 
 ## Desktop Adapters

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jackwener/opencli",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "publishConfig": {
     "access": "public"
   },

package/src/browser/cdp.ts

@@ -12,6 +12,7 @@ import { WebSocket, type RawData } from 'ws';
 import type { BrowserCookie, IPage, ScreenshotOptions, SnapshotOptions, WaitOptions } from '../types.js';
 import { wrapForEval } from './utils.js';
 import { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+import { generateStealthJs } from './stealth.js';
 import {
   clickJs,
   typeTextJs,
@@ -71,9 +72,16 @@ export class CDPBridge {
       const timeoutMs = (opts?.timeout ?? 10) * 1000; // opts.timeout is in seconds
       const timeout = setTimeout(() => reject(new Error('CDP connect timeout')), timeoutMs);
 
-      ws.on('open', () => {
+      ws.on('open', async () => {
         clearTimeout(timeout);
         this._ws = ws;
+        // Register stealth script to run before any page JS on every navigation.
+        try {
+          await this.send('Page.enable');
+          await this.send('Page.addScriptToEvaluateOnNewDocument', { source: generateStealthJs() });
+        } catch {
+          // Non-fatal: stealth is best-effort
+        }
         resolve(new CDPPage(this));
       });
 

package/src/browser/daemon-client.ts

@@ -4,11 +4,12 @@
  * Provides a typed send() function that posts a Command and returns a Result.
  */
 
-const DAEMON_PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? '19825', 10);
-const DAEMON_URL = `http://127.0.0.1:${DAEMON_PORT}`;
-
+import { DEFAULT_DAEMON_PORT } from '../constants.js';
 import type { BrowserSessionInfo } from '../types.js';
 
+const DAEMON_PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? String(DEFAULT_DAEMON_PORT), 10);
+const DAEMON_URL = `http://127.0.0.1:${DAEMON_PORT}`;
+
 let _idCounter = 0;
 
 function generateId(): string {

package/src/browser/discover.ts

@@ -5,6 +5,7 @@
  * scanning for @playwright/mcp locations.
  */
 
+import { DEFAULT_DAEMON_PORT } from '../constants.js';
 import { isDaemonRunning } from './daemon-client.js';
 
 export { isDaemonRunning };
@@ -17,7 +18,7 @@ export async function checkDaemonStatus(): Promise<{
   extensionConnected: boolean;
 }> {
   try {
-    const port = parseInt(process.env.OPENCLI_DAEMON_PORT ?? '19825', 10);
+    const port = parseInt(process.env.OPENCLI_DAEMON_PORT ?? String(DEFAULT_DAEMON_PORT), 10);
     const res = await fetch(`http://127.0.0.1:${port}/status`, {
       headers: { 'X-OpenCLI': '1' },
     });

package/src/browser/errors.ts

@@ -6,6 +6,7 @@
  */
 
 import { BrowserConnectError } from '../errors.js';
+import { DEFAULT_DAEMON_PORT } from '../constants.js';
 
 export type ConnectFailureKind = 'daemon-not-running' | 'extension-not-connected' | 'command-failed' | 'unknown';
 
@@ -17,7 +18,7 @@ export function formatBrowserConnectError(kind: ConnectFailureKind, detail?: str
         (detail ? `\n\n${detail}` : ''),
         'The daemon should start automatically. If it doesn\'t, try:\n' +
         '  node dist/daemon.js\n' +
-        'Make sure port 19825 is available.',
+        `Make sure port ${DEFAULT_DAEMON_PORT} is available.`,
       );
     case 'extension-not-connected':
       return new BrowserConnectError(

package/src/browser/index.ts

@@ -10,6 +10,7 @@ export { BrowserBridge, BrowserBridge as PlaywrightMCP } from './mcp.js';
 export { CDPBridge } from './cdp.js';
 export { isDaemonRunning } from './daemon-client.js';
 export { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+export { generateStealthJs } from './stealth.js';
 export type { SnapshotOptions } from './dom-snapshot.js';
 
 import { extractTabEntries, diffTabIndexes, appendLimited } from './tabs.js';

package/src/browser/page.ts

@@ -15,6 +15,7 @@ import type { BrowserCookie, IPage, ScreenshotOptions, SnapshotOptions, WaitOpti
 import { sendCommand } from './daemon-client.js';
 import { wrapForEval } from './utils.js';
 import { generateSnapshotJs, scrollToRefJs, getFormStateJs } from './dom-snapshot.js';
+import { generateStealthJs } from './stealth.js';
 import {
   clickJs,
   typeTextJs,
@@ -54,6 +55,16 @@ export class Page implements IPage {
     if (result?.tabId) {
       this._tabId = result.tabId;
     }
+    // Inject stealth anti-detection patches (guard flag prevents double-injection).
+    try {
+      await sendCommand('exec', {
+        code: generateStealthJs(),
+        ...this._workspaceOpt(),
+        ...this._tabOpt(),
+      });
+    } catch {
+      // Non-fatal: stealth is best-effort
+    }
     // Smart settle: use DOM stability detection instead of fixed sleep.
     // settleMs is now a timeout cap (default 1000ms), not a fixed wait.
     if (options?.waitUntil !== 'none') {

package/src/browser/stealth.ts

@@ -0,0 +1,142 @@
+/**
+ * Stealth anti-detection module.
+ *
+ * Generates JS code that patches browser globals to hide automation
+ * fingerprints (e.g. navigator.webdriver, missing chrome object, empty
+ * plugin list). Injected before page scripts run so that websites cannot
+ * detect CDP / extension-based control.
+ *
+ * Inspired by puppeteer-extra-plugin-stealth.
+ */
+
+/** Guard flag set on `window` to prevent double-injection. */
+export const STEALTH_GUARD = '__opencli_stealth_applied';
+
+/**
+ * Return a self-contained JS string that, when evaluated in a page context,
+ * applies all stealth patches. Safe to call multiple times — the guard flag
+ * ensures patches are applied only once.
+ */
+export function generateStealthJs(): string {
+  return `
+    (() => {
+      // Guard: skip if already applied
+      if (window.${STEALTH_GUARD}) return 'skipped';
+      // Use defineProperty so the guard flag is non-enumerable (not a detection vector).
+      Object.defineProperty(window, '${STEALTH_GUARD}', { value: true, configurable: true });
+
+      // 1. navigator.webdriver → undefined
+      //    Most common check; Playwright/Puppeteer/CDP set this to true.
+      try {
+        Object.defineProperty(navigator, 'webdriver', {
+          get: () => undefined,
+          configurable: true,
+        });
+      } catch {}
+
+      // 2. window.chrome stub
+      //    Real Chrome exposes window.chrome with runtime, loadTimes, csi.
+      //    Headless/automated Chrome may not have it.
+      try {
+        if (!window.chrome) {
+          window.chrome = {
+            runtime: {
+              onConnect: { addListener: () => {}, removeListener: () => {} },
+              onMessage: { addListener: () => {}, removeListener: () => {} },
+            },
+            loadTimes: () => ({}),
+            csi: () => ({}),
+          };
+        }
+      } catch {}
+
+      // 3. navigator.plugins — fake population only if empty
+      //    Real user browser already has plugins; only patch in automated/headless
+      //    contexts where the list is empty (overwriting real plugins with fakes
+      //    would be counterproductive and detectable).
+      try {
+        if (!navigator.plugins || navigator.plugins.length === 0) {
+          const fakePlugins = [
+            { name: 'PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+            { name: 'Chrome PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+            { name: 'Chromium PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+            { name: 'Microsoft Edge PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+            { name: 'WebKit built-in PDF', filename: 'internal-pdf-viewer', description: '' },
+          ];
+          fakePlugins.item = (i) => fakePlugins[i] || null;
+          fakePlugins.namedItem = (n) => fakePlugins.find(p => p.name === n) || null;
+          fakePlugins.refresh = () => {};
+          Object.defineProperty(navigator, 'plugins', {
+            get: () => fakePlugins,
+            configurable: true,
+          });
+        }
+      } catch {}
+
+      // 4. navigator.languages — guarantee non-empty
+      //    Some automated contexts return undefined or empty array.
+      try {
+        if (!navigator.languages || navigator.languages.length === 0) {
+          Object.defineProperty(navigator, 'languages', {
+            get: () => ['en-US', 'en'],
+            configurable: true,
+          });
+        }
+      } catch {}
+
+      // 5. Permissions.query — normalize notification permission
+      //    Headless Chrome throws on Permissions.query({ name: 'notifications' }).
+      try {
+        const origQuery = window.Permissions?.prototype?.query;
+        if (origQuery) {
+          window.Permissions.prototype.query = function (parameters) {
+            if (parameters?.name === 'notifications') {
+              return Promise.resolve({ state: Notification.permission, onchange: null });
+            }
+            return origQuery.call(this, parameters);
+          };
+        }
+      } catch {}
+
+      // 6. Clean automation artifacts
+      //    Remove properties left by Playwright, Puppeteer, or CDP injection.
+      try {
+        delete window.__playwright;
+        delete window.__puppeteer;
+        // ChromeDriver injects cdc_ prefixed globals; the suffix varies by version,
+        // so scan window for any matching property rather than hardcoding names.
+        for (const prop of Object.getOwnPropertyNames(window)) {
+          if (prop.startsWith('cdc_') || prop.startsWith('__cdc_')) {
+            try { delete window[prop]; } catch {}
+          }
+        }
+      } catch {}
+
+      // 7. CDP stack trace cleanup
+      //    Runtime.evaluate injects scripts whose source URLs appear in Error
+      //    stack traces (e.g. __puppeteer_evaluation_script__, pptr:, debugger://).
+      //    Websites detect automation by doing: new Error().stack and inspecting it.
+      //    We override the stack property getter on Error.prototype to filter them.
+      //    Note: Error.prepareStackTrace is V8/Node-only and not available in
+      //    browser page context, so we use a property descriptor approach instead.
+      try {
+        const _origDescriptor = Object.getOwnPropertyDescriptor(Error.prototype, 'stack');
+        const _cdpPatterns = ['puppeteer_evaluation_script', 'pptr:', 'debugger://', '__opencli'];
+        if (_origDescriptor && _origDescriptor.get) {
+          Object.defineProperty(Error.prototype, 'stack', {
+            get: function () {
+              const raw = _origDescriptor.get.call(this);
+              if (typeof raw !== 'string') return raw;
+              return raw.split('\\n').filter(line =>
+                !_cdpPatterns.some(p => line.includes(p))
+              ).join('\\n');
+            },
+            configurable: true,
+          });
+        }
+      } catch {}
+
+      return 'applied';
+    })()
+  `;
+}

package/src/browser.test.ts

@@ -1,5 +1,6 @@
 import { afterEach, describe, it, expect, vi } from 'vitest';
-import { BrowserBridge, __test__ } from './browser/index.js';
+import { BrowserBridge, __test__, generateStealthJs } from './browser/index.js';
+import { STEALTH_GUARD } from './browser/stealth.js';
 import * as daemonClient from './browser/daemon-client.js';
 
 describe('browser helpers', () => {
@@ -133,3 +134,52 @@ describe('BrowserBridge state', () => {
     await expect(mcp.connect()).rejects.toThrow('Browser Extension is not connected');
   });
 });
+
+describe('stealth anti-detection', () => {
+  it('generates non-empty JS string', () => {
+    const js = generateStealthJs();
+    expect(typeof js).toBe('string');
+    expect(js.length).toBeGreaterThan(100);
+  });
+
+  it('contains all 7 anti-detection patches', () => {
+    const js = generateStealthJs();
+    // 1. webdriver
+    expect(js).toContain('navigator');
+    expect(js).toContain('webdriver');
+    // 2. chrome stub
+    expect(js).toContain('window.chrome');
+    // 3. plugins
+    expect(js).toContain('plugins');
+    expect(js).toContain('PDF Viewer');
+    // 4. languages
+    expect(js).toContain('languages');
+    // 5. permissions
+    expect(js).toContain('Permissions');
+    expect(js).toContain('notifications');
+    // 6. automation artifacts (dynamic cdc_ scan)
+    expect(js).toContain('__playwright');
+    expect(js).toContain('__puppeteer');
+    expect(js).toContain('getOwnPropertyNames');
+    expect(js).toContain('cdc_');
+    // 7. CDP stack trace cleanup
+    expect(js).toContain('Error.prototype');
+    expect(js).toContain('puppeteer_evaluation_script');
+    expect(js).toContain('getOwnPropertyDescriptor');
+  });
+
+  it('includes guard flag to prevent double-injection', () => {
+    const js = generateStealthJs();
+    expect(js).toContain(STEALTH_GUARD);
+    // Guard should check early and return 'skipped'
+    expect(js).toContain("return 'skipped'");
+    // Normal path returns 'applied'
+    expect(js).toContain("return 'applied'");
+  });
+
+  it('generates syntactically valid JS', () => {
+    const js = generateStealthJs();
+    // Should not throw when parsed
+    expect(() => new Function(js)).not.toThrow();
+  });
+});

package/src/build-manifest.ts

@@ -75,7 +75,6 @@ function isRecord(value: unknown): value is Record<string, unknown> {
 }
 
 
-
 function extractBalancedBlock(
   source: string,
   startIndex: number,

package/src/constants.ts

@@ -2,6 +2,9 @@
  * Shared constants used across explore, synthesize, and pipeline modules.
  */
 
+/** Default daemon port for HTTP/WebSocket communication with browser extension */
+export const DEFAULT_DAEMON_PORT = 19825;
+
 /** URL query params that are volatile/ephemeral and should be stripped from patterns */
 export const VOLATILE_PARAMS = new Set([
   'w_rid', 'wts', '_', 'callback', 'timestamp', 't', 'nonce', 'sign',

package/src/daemon.ts

@@ -21,8 +21,9 @@
 
 import { createServer, type IncomingMessage, type ServerResponse } from 'node:http';
 import { WebSocketServer, WebSocket, type RawData } from 'ws';
+import { DEFAULT_DAEMON_PORT } from './constants.js';
 
-const PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? '19825', 10);
+const PORT = parseInt(process.env.OPENCLI_DAEMON_PORT ?? String(DEFAULT_DAEMON_PORT), 10);
 const IDLE_TIMEOUT = 5 * 60 * 1000; // 5 minutes
 
 // ─── State ───────────────────────────────────────────────────────────

package/src/doctor.ts

@@ -6,6 +6,7 @@
  */
 
 import chalk from 'chalk';
+import { DEFAULT_DAEMON_PORT } from './constants.js';
 import { checkDaemonStatus } from './browser/discover.js';
 import { BrowserBridge } from './browser/index.js';
 import { listSessions } from './browser/daemon-client.js';
@@ -107,7 +108,7 @@ export function renderBrowserDoctorReport(report: DoctorReport): string {
 
   // Daemon status
   const daemonIcon = report.daemonRunning ? chalk.green('[OK]') : chalk.red('[MISSING]');
-  lines.push(`${daemonIcon} Daemon: ${report.daemonRunning ? 'running on port 19825' : 'not running'}`);
+  lines.push(`${daemonIcon} Daemon: ${report.daemonRunning ? `running on port ${DEFAULT_DAEMON_PORT}` : 'not running'}`);
 
   // Extension status
   const extIcon = report.extensionConnected ? chalk.green('[OK]') : chalk.yellow('[MISSING]');

package/src/validate.ts

@@ -39,7 +39,6 @@ function isRecord(value: unknown): value is Record<string, unknown> {
 }
 
 
-
 export function validateClisWithTarget(dirs: string[], target?: string): ValidationReport {
   const results: FileValidationResult[] = [];
   let errors = 0; let warnings = 0; let files = 0;