npm - @jackwener/opencli - Versions diffs - 1.3.3 → 1.4.1 - Mend

@jackwener/opencli 1.3.3 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (680) hide show

package/.github/actions/setup-chrome/action.yml +5 -4
package/.github/pull_request_template.md +3 -1
package/.github/workflows/build-extension.yml +7 -1
package/.github/workflows/ci.yml +46 -6
package/.github/workflows/docs.yml +1 -1
package/.github/workflows/e2e-headed.yml +36 -3
package/.github/workflows/release.yml +1 -1
package/.github/workflows/security.yml +0 -3
package/CHANGELOG.md +78 -0
package/CONTRIBUTING.md +6 -3
package/PRIVACY.md +57 -0
package/README.md +31 -4
package/README.zh-CN.md +31 -4
package/SKILL.md +107 -2
package/TESTING.md +1 -0
package/chatwise-opencli.ps1 +82 -0
package/dist/analysis.d.ts +38 -0
package/dist/analysis.js +166 -0
package/dist/browser/cdp.d.ts +0 -4
package/dist/browser/cdp.js +53 -41
package/dist/browser/cdp.test.d.ts +1 -0
package/dist/browser/cdp.test.js +52 -0
package/dist/browser/dom-snapshot.d.ts +2 -2
package/dist/browser/dom-snapshot.js +54 -1
package/dist/browser/dom-snapshot.test.js +36 -0
package/dist/browser/index.d.ts +2 -2
package/dist/browser/index.js +1 -1
package/dist/browser/mcp.d.ts +0 -2
package/dist/browser/mcp.js +2 -3
package/dist/browser/page.d.ts +4 -3
package/dist/browser/page.js +34 -37
package/dist/browser/stealth.d.ts +0 -2
package/dist/browser/stealth.js +24 -9
package/dist/browser.test.js +2 -2
package/dist/build-manifest.js +15 -9
package/dist/build-manifest.test.js +12 -0
package/dist/cascade.js +4 -2
package/dist/cli-manifest.json +1325 -256
package/dist/cli.js +57 -29
package/dist/clis/_shared/desktop-commands.d.ts +22 -0
package/dist/clis/_shared/desktop-commands.js +108 -0
package/dist/clis/antigravity/serve.js +5 -2
package/dist/clis/apple-podcasts/search.js +2 -1
package/dist/clis/arxiv/search.js +3 -3
package/dist/clis/bbc/news.js +0 -1
package/dist/clis/bilibili/dynamic.test.d.ts +1 -0
package/dist/clis/bilibili/dynamic.test.js +68 -0
package/dist/clis/bilibili/favorite.js +4 -2
package/dist/clis/bilibili/following.js +3 -2
package/dist/clis/bilibili/subtitle.js +8 -7
package/dist/clis/bilibili/utils.js +2 -2
package/dist/clis/boss/batchgreet.js +1 -1
package/dist/clis/boss/chatlist.js +1 -1
package/dist/clis/boss/chatmsg.js +1 -1
package/dist/clis/boss/detail.js +1 -1
package/dist/clis/boss/exchange.js +1 -1
package/dist/clis/boss/greet.js +1 -1
package/dist/clis/boss/invite.js +1 -1
package/dist/clis/boss/joblist.js +1 -1
package/dist/clis/boss/mark.js +4 -3
package/dist/clis/boss/recommend.js +1 -1
package/dist/clis/boss/resume.js +1 -1
package/dist/clis/boss/search.js +1 -1
package/dist/clis/boss/send.js +5 -4
package/dist/clis/boss/stats.js +1 -1
package/dist/clis/chatgpt/ask.js +4 -0
package/dist/clis/chatgpt/new.js +5 -1
package/dist/clis/chatgpt/read.js +5 -1
package/dist/clis/chatgpt/send.js +2 -1
package/dist/clis/chatgpt/status.js +5 -1
package/dist/clis/chatwise/ask.js +8 -2
package/dist/clis/chatwise/export.js +2 -0
package/dist/clis/chatwise/history.js +2 -0
package/dist/clis/chatwise/model.js +8 -3
package/dist/clis/chatwise/new.js +3 -18
package/dist/clis/chatwise/read.js +2 -0
package/dist/clis/chatwise/screenshot.js +3 -27
package/dist/clis/chatwise/send.js +8 -2
package/dist/clis/chatwise/shared.d.ts +2 -0
package/dist/clis/chatwise/shared.js +6 -0
package/dist/clis/chatwise/status.js +3 -22
package/dist/clis/codex/ask.js +6 -2
package/dist/clis/codex/dump.js +2 -25
package/dist/clis/codex/new.js +2 -25
package/dist/clis/codex/screenshot.js +2 -27
package/dist/clis/codex/send.js +6 -4
package/dist/clis/codex/status.js +2 -22
package/dist/clis/ctrip/search.js +0 -1
package/dist/clis/cursor/ask.js +2 -1
package/dist/clis/cursor/composer.js +2 -1
package/dist/clis/cursor/dump.js +2 -25
package/dist/clis/cursor/new.js +2 -18
package/dist/clis/cursor/read.js +2 -1
package/dist/clis/cursor/screenshot.js +1 -30
package/dist/clis/cursor/send.js +2 -1
package/dist/clis/cursor/status.js +2 -21
package/dist/clis/dictionary/examples.yaml +25 -0
package/dist/clis/dictionary/search.yaml +27 -0
package/dist/clis/dictionary/synonyms.yaml +25 -0
package/dist/clis/douban/book-hot.js +1 -1
package/dist/clis/douban/movie-hot.js +1 -1
package/dist/clis/douban/search.js +1 -1
package/dist/clis/douban/utils.d.ts +4 -1
package/dist/clis/douban/utils.js +156 -1
package/dist/clis/doubao/ask.js +1 -1
package/dist/clis/doubao/new.js +1 -1
package/dist/clis/doubao/read.js +1 -1
package/dist/clis/doubao/send.js +1 -1
package/dist/clis/doubao/status.js +1 -1
package/dist/clis/doubao-app/ask.js +1 -1
package/dist/clis/doubao-app/new.js +1 -1
package/dist/clis/doubao-app/read.js +1 -1
package/dist/clis/doubao-app/send.js +1 -1
package/dist/clis/douyin/_shared/browser-fetch.d.ts +10 -0
package/dist/clis/douyin/_shared/browser-fetch.js +30 -0
package/dist/clis/douyin/_shared/browser-fetch.test.d.ts +1 -0
package/dist/clis/douyin/_shared/browser-fetch.test.js +31 -0
package/dist/clis/douyin/_shared/creation-id.d.ts +1 -0
package/dist/clis/douyin/_shared/creation-id.js +5 -0
package/dist/clis/douyin/_shared/creation-id.test.d.ts +1 -0
package/dist/clis/douyin/_shared/creation-id.test.js +22 -0
package/dist/clis/douyin/_shared/imagex-upload.d.ts +20 -0
package/dist/clis/douyin/_shared/imagex-upload.js +53 -0
package/dist/clis/douyin/_shared/imagex-upload.test.d.ts +1 -0
package/dist/clis/douyin/_shared/imagex-upload.test.js +87 -0
package/dist/clis/douyin/_shared/sts2.d.ts +8 -0
package/dist/clis/douyin/_shared/sts2.js +15 -0
package/dist/clis/douyin/_shared/text-extra.d.ts +18 -0
package/dist/clis/douyin/_shared/text-extra.js +15 -0
package/dist/clis/douyin/_shared/text-extra.test.d.ts +1 -0
package/dist/clis/douyin/_shared/text-extra.test.js +37 -0
package/dist/clis/douyin/_shared/timing.d.ts +2 -0
package/dist/clis/douyin/_shared/timing.js +22 -0
package/dist/clis/douyin/_shared/timing.test.d.ts +1 -0
package/dist/clis/douyin/_shared/timing.test.js +28 -0
package/dist/clis/douyin/_shared/tos-upload-short-read.test.d.ts +11 -0
package/dist/clis/douyin/_shared/tos-upload-short-read.test.js +83 -0
package/dist/clis/douyin/_shared/tos-upload.d.ts +53 -0
package/dist/clis/douyin/_shared/tos-upload.js +295 -0
package/dist/clis/douyin/_shared/tos-upload.test.d.ts +1 -0
package/dist/clis/douyin/_shared/tos-upload.test.js +229 -0
package/dist/clis/douyin/_shared/transcode.d.ts +27 -0
package/dist/clis/douyin/_shared/transcode.js +45 -0
package/dist/clis/douyin/_shared/transcode.test.d.ts +1 -0
package/dist/clis/douyin/_shared/transcode.test.js +93 -0
package/dist/clis/douyin/_shared/types.d.ts +26 -0
package/dist/clis/douyin/_shared/types.js +1 -0
package/dist/clis/douyin/activities.d.ts +1 -0
package/dist/clis/douyin/activities.js +20 -0
package/dist/clis/douyin/activities.test.d.ts +1 -0
package/dist/clis/douyin/activities.test.js +22 -0
package/dist/clis/douyin/collections.d.ts +1 -0
package/dist/clis/douyin/collections.js +22 -0
package/dist/clis/douyin/collections.test.d.ts +1 -0
package/dist/clis/douyin/collections.test.js +23 -0
package/dist/clis/douyin/delete.d.ts +1 -0
package/dist/clis/douyin/delete.js +18 -0
package/dist/clis/douyin/delete.test.d.ts +1 -0
package/dist/clis/douyin/delete.test.js +11 -0
package/dist/clis/douyin/draft.d.ts +14 -0
package/dist/clis/douyin/draft.js +237 -0
package/dist/clis/douyin/draft.test.d.ts +1 -0
package/dist/clis/douyin/draft.test.js +11 -0
package/dist/clis/douyin/drafts.d.ts +1 -0
package/dist/clis/douyin/drafts.js +23 -0
package/dist/clis/douyin/drafts.test.d.ts +1 -0
package/dist/clis/douyin/drafts.test.js +11 -0
package/dist/clis/douyin/hashtag.d.ts +1 -0
package/dist/clis/douyin/hashtag.js +45 -0
package/dist/clis/douyin/hashtag.test.d.ts +1 -0
package/dist/clis/douyin/hashtag.test.js +25 -0
package/dist/clis/douyin/location.d.ts +1 -0
package/dist/clis/douyin/location.js +24 -0
package/dist/clis/douyin/location.test.d.ts +1 -0
package/dist/clis/douyin/location.test.js +23 -0
package/dist/clis/douyin/profile.d.ts +1 -0
package/dist/clis/douyin/profile.js +28 -0
package/dist/clis/douyin/profile.test.d.ts +1 -0
package/dist/clis/douyin/profile.test.js +11 -0
package/dist/clis/douyin/publish.d.ts +14 -0
package/dist/clis/douyin/publish.js +288 -0
package/dist/clis/douyin/publish.test.d.ts +1 -0
package/dist/clis/douyin/publish.test.js +38 -0
package/dist/clis/douyin/stats.d.ts +1 -0
package/dist/clis/douyin/stats.js +27 -0
package/dist/clis/douyin/stats.test.d.ts +1 -0
package/dist/clis/douyin/stats.test.js +22 -0
package/dist/clis/douyin/update.d.ts +1 -0
package/dist/clis/douyin/update.js +31 -0
package/dist/clis/douyin/update.test.d.ts +1 -0
package/dist/clis/douyin/update.test.js +11 -0
package/dist/clis/douyin/videos.d.ts +1 -0
package/dist/clis/douyin/videos.js +34 -0
package/dist/clis/douyin/videos.test.d.ts +1 -0
package/dist/clis/douyin/videos.test.js +11 -0
package/dist/clis/grok/ask.d.ts +4 -0
package/dist/clis/grok/ask.js +28 -10
package/dist/clis/grok/ask.test.js +18 -0
package/dist/clis/hackernews/search.yaml +1 -1
package/dist/clis/instagram/search.yaml +2 -1
package/dist/clis/jd/item.d.ts +1 -0
package/dist/clis/jd/item.js +96 -0
package/dist/clis/jd/item.test.d.ts +1 -0
package/dist/clis/jd/item.test.js +28 -0
package/dist/clis/jike/feed.js +1 -1
package/dist/clis/jike/search.js +1 -1
package/dist/clis/linkedin/search.js +5 -4
package/dist/clis/linkedin/timeline.d.ts +21 -0
package/dist/clis/linkedin/timeline.js +503 -0
package/dist/clis/linkedin/timeline.test.d.ts +1 -0
package/dist/clis/linkedin/timeline.test.js +81 -0
package/dist/clis/linux-do/search.yaml +3 -1
package/dist/clis/medium/feed.js +1 -1
package/dist/clis/medium/search.js +2 -2
package/dist/clis/medium/user.js +1 -1
package/dist/clis/medium/{shared.js → utils.js} +2 -1
package/dist/clis/pixiv/detail.yaml +49 -0
package/dist/clis/pixiv/download.d.ts +7 -0
package/dist/clis/pixiv/download.js +78 -0
package/dist/clis/pixiv/download.test.d.ts +1 -0
package/dist/clis/pixiv/download.test.js +87 -0
package/dist/clis/pixiv/illusts.d.ts +8 -0
package/dist/clis/pixiv/illusts.js +65 -0
package/dist/clis/pixiv/illusts.test.d.ts +1 -0
package/dist/clis/pixiv/illusts.test.js +99 -0
package/dist/clis/pixiv/ranking.yaml +53 -0
package/dist/clis/pixiv/search.d.ts +6 -0
package/dist/clis/pixiv/search.js +43 -0
package/dist/clis/pixiv/search.test.d.ts +1 -0
package/dist/clis/pixiv/search.test.js +83 -0
package/dist/clis/pixiv/test-utils.d.ts +12 -0
package/dist/clis/pixiv/test-utils.js +23 -0
package/dist/clis/pixiv/user.yaml +46 -0
package/dist/clis/pixiv/utils.d.ts +27 -0
package/dist/clis/pixiv/utils.js +49 -0
package/dist/clis/reddit/comment.js +2 -1
package/dist/clis/reddit/read.js +4 -3
package/dist/clis/reddit/read.test.d.ts +1 -0
package/dist/clis/reddit/read.test.js +28 -0
package/dist/clis/reddit/save.js +2 -1
package/dist/clis/reddit/saved.js +7 -3
package/dist/clis/reddit/subscribe.js +2 -1
package/dist/clis/reddit/upvote.js +2 -1
package/dist/clis/reddit/upvoted.js +7 -3
package/dist/clis/reuters/search.js +0 -1
package/dist/clis/sinablog/article.js +1 -1
package/dist/clis/sinablog/hot.js +1 -1
package/dist/clis/sinablog/user.js +1 -1
package/dist/clis/substack/feed.js +1 -1
package/dist/clis/substack/publication.js +1 -1
package/dist/clis/substack/search.js +3 -2
package/dist/clis/substack/{shared.js → utils.js} +3 -2
package/dist/clis/tiktok/search.yaml +2 -1
package/dist/clis/twitter/accept.js +2 -1
package/dist/clis/twitter/article.js +4 -1
package/dist/clis/twitter/block.js +2 -1
package/dist/clis/twitter/bookmark.js +2 -1
package/dist/clis/twitter/bookmarks.js +3 -2
package/dist/clis/twitter/delete.js +2 -1
package/dist/clis/twitter/follow.js +2 -1
package/dist/clis/twitter/followers.js +3 -2
package/dist/clis/twitter/following.js +3 -2
package/dist/clis/twitter/hide-reply.js +2 -1
package/dist/clis/twitter/like.js +2 -1
package/dist/clis/twitter/notifications.js +2 -1
package/dist/clis/twitter/post.js +2 -1
package/dist/clis/twitter/profile.js +5 -2
package/dist/clis/twitter/reply-dm.js +2 -1
package/dist/clis/twitter/reply.js +2 -1
package/dist/clis/twitter/search.js +32 -13
package/dist/clis/twitter/search.test.d.ts +1 -0
package/dist/clis/twitter/search.test.js +156 -0
package/dist/clis/twitter/thread.js +2 -2
package/dist/clis/twitter/timeline.js +3 -2
package/dist/clis/twitter/trending.js +3 -2
package/dist/clis/twitter/unblock.js +2 -1
package/dist/clis/twitter/unbookmark.js +2 -1
package/dist/clis/twitter/unfollow.js +2 -1
package/dist/clis/v2ex/daily.js +3 -2
package/dist/clis/v2ex/me.js +3 -2
package/dist/clis/v2ex/notifications.js +4 -4
package/dist/clis/web/read.d.ts +16 -0
package/dist/clis/web/read.js +202 -0
package/dist/clis/weibo/comments.d.ts +1 -0
package/dist/clis/weibo/comments.js +53 -0
package/dist/clis/weibo/feed.d.ts +1 -0
package/dist/clis/weibo/feed.js +56 -0
package/dist/clis/weibo/hot.js +0 -1
package/dist/clis/weibo/me.d.ts +1 -0
package/dist/clis/weibo/me.js +76 -0
package/dist/clis/weibo/post.d.ts +1 -0
package/dist/clis/weibo/post.js +75 -0
package/dist/clis/weibo/user.d.ts +1 -0
package/dist/clis/weibo/user.js +63 -0
package/dist/clis/weibo/utils.d.ts +6 -0
package/dist/clis/weibo/utils.js +30 -0
package/dist/clis/weread/search.js +3 -2
package/dist/clis/xueqiu/danjuan-utils.d.ts +55 -0
package/dist/clis/xueqiu/danjuan-utils.js +126 -0
package/dist/clis/xueqiu/danjuan-utils.test.d.ts +1 -0
package/dist/clis/xueqiu/danjuan-utils.test.js +41 -0
package/dist/clis/xueqiu/fund-holdings.d.ts +1 -0
package/dist/clis/xueqiu/fund-holdings.js +28 -0
package/dist/clis/xueqiu/fund-snapshot.d.ts +1 -0
package/dist/clis/xueqiu/fund-snapshot.js +25 -0
package/dist/clis/xueqiu/search.yaml +2 -1
package/dist/clis/yahoo-finance/quote.js +0 -1
package/dist/clis/youtube/channel.d.ts +1 -0
package/dist/clis/youtube/channel.js +150 -0
package/dist/clis/youtube/comments.d.ts +1 -0
package/dist/clis/youtube/comments.js +95 -0
package/dist/clis/youtube/search.js +0 -1
package/dist/clis/youtube/transcript.js +5 -4
package/dist/clis/youtube/video.js +3 -2
package/dist/clis/zhihu/search.yaml +2 -1
package/dist/daemon.js +7 -3
package/dist/discovery.js +11 -10
package/dist/doctor.js +2 -1
package/dist/download/index.d.ts +4 -12
package/dist/download/index.js +33 -12
package/dist/download/index.test.js +79 -2
package/dist/download/media-download.js +4 -2
package/dist/engine.test.js +76 -4
package/dist/execution.d.ts +1 -9
package/dist/execution.js +56 -46
package/dist/explore.js +12 -111
package/dist/external-clis.yaml +0 -25
package/dist/external.js +7 -5
package/dist/external.test.js +4 -0
package/dist/generate.d.ts +0 -9
package/dist/generate.js +4 -20
package/dist/hooks.d.ts +46 -0
package/dist/hooks.js +56 -0
package/dist/hooks.test.d.ts +4 -0
package/dist/hooks.test.js +92 -0
package/dist/interceptor.js +70 -23
package/dist/main.js +2 -0
package/dist/output.js +12 -6
package/dist/pipeline/executor.js +1 -1
package/dist/pipeline/steps/browser.js +1 -3
package/dist/pipeline/steps/download.js +42 -26
package/dist/pipeline/steps/download.test.d.ts +1 -0
package/dist/pipeline/steps/download.test.js +101 -0
package/dist/pipeline/steps/fetch.js +40 -22
package/dist/pipeline/steps/fetch.test.d.ts +1 -0
package/dist/pipeline/steps/fetch.test.js +123 -0
package/dist/pipeline/steps/transform.js +2 -6
package/dist/pipeline/template.js +66 -52
package/dist/pipeline/template.test.js +28 -0
package/dist/pipeline/transform.test.js +18 -0
package/dist/plugin.d.ts +40 -1
package/dist/plugin.js +214 -17
package/dist/plugin.test.d.ts +1 -1
package/dist/plugin.test.js +219 -3
package/dist/record.js +6 -98
package/dist/registry-api.d.ts +2 -0
package/dist/registry-api.js +1 -0
package/dist/registry.d.ts +5 -2
package/dist/registry.js +1 -2
package/dist/runtime.d.ts +0 -1
package/dist/runtime.js +14 -4
package/dist/snapshotFormatter.d.ts +7 -14
package/dist/snapshotFormatter.js +38 -78
package/dist/utils.d.ts +9 -0
package/dist/utils.js +29 -0
package/dist/validate.js +3 -5
package/dist/weread-search-regression.test.d.ts +1 -0
package/dist/weread-search-regression.test.js +39 -0
package/dist/yaml-schema.d.ts +26 -0
package/dist/yaml-schema.js +5 -0
package/docs/.vitepress/config.mts +16 -0
package/docs/adapters/browser/dictionary.md +27 -0
package/docs/adapters/browser/douyin.md +75 -0
package/docs/adapters/browser/jd.md +27 -0
package/docs/adapters/browser/linkedin.md +6 -0
package/docs/adapters/browser/pixiv.md +92 -0
package/docs/adapters/browser/twitter.md +6 -0
package/docs/adapters/browser/web.md +30 -0
package/docs/adapters/browser/xueqiu.md +27 -9
package/docs/adapters/index.md +9 -2
package/docs/comparison.md +125 -0
package/docs/developer/contributing.md +21 -2
package/docs/developer/testing.md +14 -8
package/docs/developer/ts-adapter.md +18 -0
package/docs/developer/yaml-adapter.md +16 -0
package/docs/guide/plugins.md +10 -0
package/docs/zh/guide/plugins.md +10 -0
package/extension/dist/background.js +100 -35
package/extension/manifest.json +6 -2
package/extension/package.json +1 -1
package/extension/popup.html +84 -0
package/extension/popup.js +25 -0
package/extension/src/background.test.ts +46 -1
package/extension/src/background.ts +128 -34
package/extension/src/cdp.ts +9 -9
package/package.json +3 -2
package/scripts/check-doc-coverage.sh +2 -0
package/src/analysis.ts +170 -0
package/src/browser/cdp.test.ts +66 -0
package/src/browser/cdp.ts +59 -44
package/src/browser/dom-snapshot.test.ts +42 -0
package/src/browser/dom-snapshot.ts +56 -3
package/src/browser/index.ts +2 -2
package/src/browser/mcp.ts +2 -4
package/src/browser/page.ts +34 -37
package/src/browser/stealth.ts +24 -10
package/src/browser.test.ts +2 -2
package/src/build-manifest.test.ts +14 -0
package/src/build-manifest.ts +13 -31
package/src/cascade.ts +5 -3
package/src/cli.ts +66 -34
package/src/clis/_shared/desktop-commands.ts +121 -0
package/src/clis/antigravity/serve.ts +6 -3
package/src/clis/apple-podcasts/search.ts +2 -1
package/src/clis/arxiv/search.ts +3 -3
package/src/clis/bbc/news.ts +0 -1
package/src/clis/bilibili/dynamic.test.ts +79 -0
package/src/clis/bilibili/favorite.ts +5 -2
package/src/clis/bilibili/following.ts +3 -2
package/src/clis/bilibili/subtitle.ts +8 -7
package/src/clis/bilibili/utils.ts +2 -2
package/src/clis/boss/batchgreet.ts +1 -1
package/src/clis/boss/chatlist.ts +1 -1
package/src/clis/boss/chatmsg.ts +1 -1
package/src/clis/boss/detail.ts +1 -1
package/src/clis/boss/exchange.ts +1 -1
package/src/clis/boss/greet.ts +1 -1
package/src/clis/boss/invite.ts +1 -1
package/src/clis/boss/joblist.ts +1 -1
package/src/clis/boss/mark.ts +4 -3
package/src/clis/boss/recommend.ts +1 -1
package/src/clis/boss/resume.ts +1 -1
package/src/clis/boss/search.ts +1 -1
package/src/clis/boss/send.ts +5 -4
package/src/clis/boss/stats.ts +1 -1
package/src/clis/chatgpt/ask.ts +5 -0
package/src/clis/chatgpt/new.ts +7 -2
package/src/clis/chatgpt/read.ts +7 -2
package/src/clis/chatgpt/send.ts +3 -2
package/src/clis/chatgpt/status.ts +6 -1
package/src/clis/chatwise/ask.ts +7 -2
package/src/clis/chatwise/export.ts +2 -0
package/src/clis/chatwise/history.ts +2 -0
package/src/clis/chatwise/model.ts +7 -3
package/src/clis/chatwise/new.ts +3 -20
package/src/clis/chatwise/read.ts +2 -0
package/src/clis/chatwise/screenshot.ts +3 -32
package/src/clis/chatwise/send.ts +7 -2
package/src/clis/chatwise/shared.ts +8 -0
package/src/clis/chatwise/status.ts +3 -24
package/src/clis/codex/ask.ts +5 -2
package/src/clis/codex/dump.ts +2 -27
package/src/clis/codex/new.ts +2 -28
package/src/clis/codex/screenshot.ts +2 -32
package/src/clis/codex/send.ts +5 -4
package/src/clis/codex/status.ts +2 -24
package/src/clis/ctrip/search.ts +0 -1
package/src/clis/cursor/ask.ts +2 -1
package/src/clis/cursor/composer.ts +2 -1
package/src/clis/cursor/dump.ts +2 -27
package/src/clis/cursor/new.ts +2 -20
package/src/clis/cursor/read.ts +2 -1
package/src/clis/cursor/screenshot.ts +1 -36
package/src/clis/cursor/send.ts +2 -1
package/src/clis/cursor/status.ts +2 -22
package/src/clis/dictionary/examples.yaml +25 -0
package/src/clis/dictionary/search.yaml +27 -0
package/src/clis/dictionary/synonyms.yaml +25 -0
package/src/clis/douban/book-hot.ts +1 -1
package/src/clis/douban/movie-hot.ts +1 -1
package/src/clis/douban/search.ts +1 -1
package/src/clis/douban/utils.ts +165 -1
package/src/clis/doubao/ask.ts +1 -1
package/src/clis/doubao/new.ts +1 -1
package/src/clis/doubao/read.ts +1 -1
package/src/clis/doubao/send.ts +1 -1
package/src/clis/doubao/status.ts +1 -1
package/src/clis/doubao-app/ask.ts +1 -1
package/src/clis/doubao-app/new.ts +1 -1
package/src/clis/doubao-app/read.ts +1 -1
package/src/clis/doubao-app/send.ts +1 -1
package/src/clis/douyin/_shared/browser-fetch.test.ts +38 -0
package/src/clis/douyin/_shared/browser-fetch.ts +45 -0
package/src/clis/douyin/_shared/creation-id.test.ts +26 -0
package/src/clis/douyin/_shared/creation-id.ts +8 -0
package/src/clis/douyin/_shared/imagex-upload.test.ts +113 -0
package/src/clis/douyin/_shared/imagex-upload.ts +76 -0
package/src/clis/douyin/_shared/sts2.ts +20 -0
package/src/clis/douyin/_shared/text-extra.test.ts +42 -0
package/src/clis/douyin/_shared/text-extra.ts +33 -0
package/src/clis/douyin/_shared/timing.test.ts +38 -0
package/src/clis/douyin/_shared/timing.ts +22 -0
package/src/clis/douyin/_shared/tos-upload-short-read.test.ts +102 -0
package/src/clis/douyin/_shared/tos-upload.test.ts +281 -0
package/src/clis/douyin/_shared/tos-upload.ts +444 -0
package/src/clis/douyin/_shared/transcode.test.ts +117 -0
package/src/clis/douyin/_shared/transcode.ts +78 -0
package/src/clis/douyin/_shared/types.ts +29 -0
package/src/clis/douyin/activities.test.ts +25 -0
package/src/clis/douyin/activities.ts +23 -0
package/src/clis/douyin/collections.test.ts +26 -0
package/src/clis/douyin/collections.ts +25 -0
package/src/clis/douyin/delete.test.ts +12 -0
package/src/clis/douyin/delete.ts +20 -0
package/src/clis/douyin/draft.test.ts +12 -0
package/src/clis/douyin/draft.ts +282 -0
package/src/clis/douyin/drafts.test.ts +12 -0
package/src/clis/douyin/drafts.ts +27 -0
package/src/clis/douyin/hashtag.test.ts +28 -0
package/src/clis/douyin/hashtag.ts +56 -0
package/src/clis/douyin/location.test.ts +26 -0
package/src/clis/douyin/location.ts +27 -0
package/src/clis/douyin/profile.test.ts +12 -0
package/src/clis/douyin/profile.ts +37 -0
package/src/clis/douyin/publish.test.ts +45 -0
package/src/clis/douyin/publish.ts +340 -0
package/src/clis/douyin/stats.test.ts +25 -0
package/src/clis/douyin/stats.ts +30 -0
package/src/clis/douyin/update.test.ts +12 -0
package/src/clis/douyin/update.ts +43 -0
package/src/clis/douyin/videos.test.ts +12 -0
package/src/clis/douyin/videos.ts +49 -0
package/src/clis/grok/ask.test.ts +25 -0
package/src/clis/grok/ask.ts +25 -12
package/src/clis/hackernews/search.yaml +1 -1
package/src/clis/instagram/search.yaml +2 -1
package/src/clis/jd/item.test.ts +35 -0
package/src/clis/jd/item.ts +101 -0
package/src/clis/jike/feed.ts +1 -1
package/src/clis/jike/search.ts +1 -1
package/src/clis/linkedin/search.ts +5 -4
package/src/clis/linkedin/timeline.test.ts +99 -0
package/src/clis/linkedin/timeline.ts +532 -0
package/src/clis/linux-do/search.yaml +3 -1
package/src/clis/medium/feed.ts +1 -1
package/src/clis/medium/search.ts +2 -2
package/src/clis/medium/user.ts +1 -1
package/src/clis/medium/{shared.ts → utils.ts} +2 -1
package/src/clis/pixiv/detail.yaml +49 -0
package/src/clis/pixiv/download.test.ts +114 -0
package/src/clis/pixiv/download.ts +91 -0
package/src/clis/pixiv/illusts.test.ts +115 -0
package/src/clis/pixiv/illusts.ts +78 -0
package/src/clis/pixiv/ranking.yaml +53 -0
package/src/clis/pixiv/search.test.ts +97 -0
package/src/clis/pixiv/search.ts +53 -0
package/src/clis/pixiv/test-utils.ts +29 -0
package/src/clis/pixiv/user.yaml +46 -0
package/src/clis/pixiv/utils.ts +62 -0
package/src/clis/reddit/comment.ts +2 -1
package/src/clis/reddit/read.test.ts +34 -0
package/src/clis/reddit/read.ts +4 -3
package/src/clis/reddit/save.ts +2 -1
package/src/clis/reddit/saved.ts +6 -2
package/src/clis/reddit/subscribe.ts +2 -1
package/src/clis/reddit/upvote.ts +2 -1
package/src/clis/reddit/upvoted.ts +6 -2
package/src/clis/reuters/search.ts +0 -1
package/src/clis/sinablog/article.ts +1 -1
package/src/clis/sinablog/hot.ts +1 -1
package/src/clis/sinablog/user.ts +1 -1
package/src/clis/substack/feed.ts +1 -1
package/src/clis/substack/publication.ts +1 -1
package/src/clis/substack/search.ts +3 -2
package/src/clis/substack/{shared.ts → utils.ts} +3 -2
package/src/clis/tiktok/search.yaml +2 -1
package/src/clis/twitter/accept.ts +2 -1
package/src/clis/twitter/article.ts +3 -1
package/src/clis/twitter/block.ts +2 -1
package/src/clis/twitter/bookmark.ts +2 -1
package/src/clis/twitter/bookmarks.ts +3 -2
package/src/clis/twitter/delete.ts +2 -1
package/src/clis/twitter/follow.ts +2 -1
package/src/clis/twitter/followers.ts +3 -2
package/src/clis/twitter/following.ts +3 -2
package/src/clis/twitter/hide-reply.ts +2 -1
package/src/clis/twitter/like.ts +2 -1
package/src/clis/twitter/notifications.ts +2 -1
package/src/clis/twitter/post.ts +2 -1
package/src/clis/twitter/profile.ts +4 -2
package/src/clis/twitter/reply-dm.ts +2 -1
package/src/clis/twitter/reply.ts +2 -1
package/src/clis/twitter/search.test.ts +180 -0
package/src/clis/twitter/search.ts +40 -14
package/src/clis/twitter/thread.ts +2 -2
package/src/clis/twitter/timeline.ts +3 -2
package/src/clis/twitter/trending.ts +3 -2
package/src/clis/twitter/unblock.ts +2 -1
package/src/clis/twitter/unbookmark.ts +2 -1
package/src/clis/twitter/unfollow.ts +2 -1
package/src/clis/v2ex/daily.ts +3 -2
package/src/clis/v2ex/me.ts +3 -2
package/src/clis/v2ex/notifications.ts +3 -4
package/src/clis/web/read.ts +210 -0
package/src/clis/weibo/comments.ts +54 -0
package/src/clis/weibo/feed.ts +57 -0
package/src/clis/weibo/hot.ts +0 -1
package/src/clis/weibo/me.ts +77 -0
package/src/clis/weibo/post.ts +77 -0
package/src/clis/weibo/user.ts +64 -0
package/src/clis/weibo/utils.ts +32 -0
package/src/clis/weread/search.ts +3 -2
package/src/clis/xueqiu/danjuan-utils.test.ts +49 -0
package/src/clis/xueqiu/danjuan-utils.ts +176 -0
package/src/clis/xueqiu/fund-holdings.ts +32 -0
package/src/clis/xueqiu/fund-snapshot.ts +27 -0
package/src/clis/xueqiu/search.yaml +2 -1
package/src/clis/yahoo-finance/quote.ts +0 -1
package/src/clis/youtube/channel.ts +155 -0
package/src/clis/youtube/comments.ts +97 -0
package/src/clis/youtube/search.ts +0 -1
package/src/clis/youtube/transcript.ts +5 -4
package/src/clis/youtube/video.ts +3 -2
package/src/clis/zhihu/search.yaml +2 -1
package/src/daemon.ts +5 -4
package/src/discovery.ts +12 -34
package/src/doctor.ts +3 -2
package/src/download/index.test.ts +93 -2
package/src/download/index.ts +44 -23
package/src/download/media-download.ts +5 -3
package/src/engine.test.ts +84 -3
package/src/execution.ts +62 -46
package/src/explore.ts +21 -90
package/src/external-clis.yaml +0 -25
package/src/external.test.ts +9 -0
package/src/external.ts +12 -10
package/src/generate.ts +4 -41
package/src/hooks.test.ts +126 -0
package/src/hooks.ts +90 -0
package/src/interceptor.ts +73 -23
package/src/main.ts +2 -0
package/src/output.ts +14 -6
package/src/pipeline/executor.ts +1 -1
package/src/pipeline/steps/browser.ts +1 -3
package/src/pipeline/steps/download.test.ts +136 -0
package/src/pipeline/steps/download.ts +47 -34
package/src/pipeline/steps/fetch.test.ts +179 -0
package/src/pipeline/steps/fetch.ts +39 -23
package/src/pipeline/steps/transform.ts +2 -6
package/src/pipeline/template.test.ts +28 -0
package/src/pipeline/template.ts +67 -79
package/src/pipeline/transform.test.ts +20 -0
package/src/plugin.test.ts +251 -3
package/src/plugin.ts +265 -21
package/src/record.ts +12 -84
package/src/registry-api.ts +2 -0
package/src/registry.ts +7 -4
package/src/runtime.ts +14 -4
package/src/snapshotFormatter.ts +43 -121
package/src/utils.ts +39 -0
package/src/validate.ts +3 -5
package/src/weread-search-regression.test.ts +44 -0
package/src/yaml-schema.ts +28 -0
package/tests/e2e/browser-auth.test.ts +25 -0
package/tests/e2e/browser-public-extended.test.ts +162 -0
package/tests/e2e/browser-public.test.ts +7 -146
package/tests/e2e/plugin-management.test.ts +137 -0
package/tests/e2e/public-commands.test.ts +34 -1
package/vitest.config.ts +33 -8
package/.github/workflows/pkg-pr-new.yml +0 -30
package/dist/clis/douban/shared.d.ts +0 -4
package/dist/clis/douban/shared.js +0 -155
package/src/clis/douban/shared.ts +0 -165
/package/dist/clis/boss/{common.d.ts → utils.d.ts} +0 -0
/package/dist/clis/boss/{common.js → utils.js} +0 -0
/package/dist/clis/doubao/{common.d.ts → utils.d.ts} +0 -0
/package/dist/clis/doubao/{common.js → utils.js} +0 -0
/package/dist/clis/doubao-app/{common.d.ts → utils.d.ts} +0 -0
/package/dist/clis/doubao-app/{common.js → utils.js} +0 -0
/package/dist/clis/jike/{shared.d.ts → utils.d.ts} +0 -0
/package/dist/clis/jike/{shared.js → utils.js} +0 -0
/package/dist/clis/medium/{shared.d.ts → utils.d.ts} +0 -0
/package/dist/clis/sinablog/{shared.d.ts → utils.d.ts} +0 -0
/package/dist/clis/sinablog/{shared.js → utils.js} +0 -0
/package/dist/clis/substack/{shared.d.ts → utils.d.ts} +0 -0
/package/src/clis/boss/{common.ts → utils.ts} +0 -0
/package/src/clis/doubao/{common.ts → utils.ts} +0 -0
/package/src/clis/doubao-app/{common.ts → utils.ts} +0 -0
/package/src/clis/jike/{shared.ts → utils.ts} +0 -0
/package/src/clis/sinablog/{shared.ts → utils.ts} +0 -0

package/src/pipeline/template.ts CHANGED Viewed

@@ -2,6 +2,8 @@
  * Pipeline template engine: ${{ ... }} expression rendering.
  */
+import vm from 'node:vm';
 export interface RenderContext {
   args?: Record<string, unknown>;
   data?: unknown;
@@ -9,9 +11,7 @@ export interface RenderContext {
   index?: number;
 }
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return typeof value === 'object' && value !== null && !Array.isArray(value);
-}
+import { isRecord } from '../utils.js';
 export function render(template: unknown, ctx: RenderContext): unknown {
   if (typeof template !== 'string') return template;
@@ -37,45 +37,29 @@ export function evalExpr(expr: string, ctx: RenderContext): unknown {
   const index = ctx.index ?? 0;
   // ── Pipe filters: expr | filter1(arg) | filter2 ──
-  // Supports: default(val), join(sep), upper, lower, truncate(n), trim, replace(old,new)
-  if (expr.includes('|') && !expr.includes('||')) {
-    const segments = expr.split('|').map(s => s.trim());
-    const mainExpr = segments[0];
-    let result = resolvePath(mainExpr, { args, item, data, index });
-    for (let i = 1; i < segments.length; i++) {
-      result = applyFilter(segments[i], result);
+  // Split on single | (not ||) so "item.a || item.b | upper" works correctly.
+  const pipeSegments = expr.split(/(?<!\|)\|(?!\|)/).map(s => s.trim());
+  if (pipeSegments.length > 1) {
+    let result = evalExpr(pipeSegments[0], ctx);
+    for (let i = 1; i < pipeSegments.length; i++) {
+      result = applyFilter(pipeSegments[i], result);
     }
     return result;
   }
-  // Arithmetic: index + 1
-  const arithMatch = expr.match(/^([\w][\w.]*)\s*([+\-*/])\s*(\d+)$/);
-  if (arithMatch) {
-    const [, varName, op, numStr] = arithMatch;
-    const val = resolvePath(varName, { args, item, data, index });
-    if (val !== null && val !== undefined) {
-      const numVal = Number(val); const num = Number(numStr);
-      if (!isNaN(numVal)) {
-        switch (op) {
-          case '+': return numVal + num; case '-': return numVal - num;
-          case '*': return numVal * num; case '/': return num !== 0 ? numVal / num : 0;
-        }
-      }
-    }
-  }
+  // Fast path: quoted string literal — skip VM overhead
+  const strLit = expr.match(/^(['"])(.*)\1$/);
+  if (strLit) return strLit[2];
-  // JS-like fallback expression: item.tweetCount || 'N/A'
-  const orMatch = expr.match(/^(.+?)\s*\|\|\s*(.+)$/);
-  if (orMatch) {
-    const left = evalExpr(orMatch[1].trim(), ctx);
-    if (left) return left;
-    const right = orMatch[2].trim();
-    return right.replace(/^['"]|['"]$/g, '');
-  }
+  // Fast path: numeric literal
+  if (/^\d+(\.\d+)?$/.test(expr)) return Number(expr);
+  // Try resolving as a simple dotted path (item.foo.bar, args.limit, index)
   const resolved = resolvePath(expr, { args, item, data, index });
   if (resolved !== null && resolved !== undefined) return resolved;
+  // Fallback: evaluate as JS in a sandboxed VM.
+  // Handles ||, ??, arithmetic, ternary, method calls, etc. natively.
   return evalJsExpr(expr, { args, item, data, index });
 }
@@ -95,7 +79,7 @@ function applyFilter(filterExpr: string, value: unknown): unknown {
     case 'default': {
       if (value === null || value === undefined || value === '') {
         const intVal = parseInt(filterArg, 10);
-        if (!isNaN(intVal) && String(intVal) === filterArg.trim()) return intVal;
+        if (!Number.isNaN(intVal) && String(intVal) === filterArg.trim()) return intVal;
         return filterArg;
       }
       return value;
@@ -110,7 +94,7 @@ function applyFilter(filterExpr: string, value: unknown): unknown {
       return typeof value === 'string' ? value.trim() : value;
     case 'truncate': {
       const n = parseInt(filterArg, 10) || 50;
-      return typeof value === 'string' && value.length > n ? value.slice(0, n) + '...' : value;
+      return typeof value === 'string' && value.length > n ? `${value.slice(0, n)}...` : value;
     }
     case 'replace': {
       if (typeof value !== 'string') return value;
@@ -138,6 +122,7 @@ function applyFilter(filterExpr: string, value: unknown): unknown {
     case 'sanitize':
       // Remove invalid filename characters
       return typeof value === 'string'
+        // biome-ignore lint/suspicious/noControlCharactersInRegex: intentional - strips C0 control chars from filenames
         ? value.replace(/[<>:"/\\|?*\x00-\x1f]/g, '_')
         : value;
     case 'ext': {
@@ -186,58 +171,61 @@ export function resolvePath(pathStr: string, ctx: RenderContext): unknown {
 /**
  * Evaluate arbitrary JS expressions as a last-resort fallback.
- *
- * ⚠️  SECURITY NOTE: Uses `new Function()` to execute the expression.
- * This is acceptable here because:
- *   1. YAML adapters are authored by trusted repo contributors only.
- *   2. The expression runs in the same Node.js process (no sandbox).
- *   3. Only a curated set of globals is exposed (no require/import/process/fs).
- * If opencli ever loads untrusted third-party adapters, this MUST be replaced
- * with a proper sandboxed evaluator.
+ * Runs inside a `node:vm` sandbox with dynamic code generation disabled.
  */
+const FORBIDDEN_EXPR_PATTERNS = /\b(constructor|__proto__|prototype|globalThis|process|require|import|eval)\b/;
+/**
+ * Deep-copy plain data to sever prototype chains, preventing sandbox escape
+ * via `args.constructor.constructor('return process')()` etc.
+ */
+function sanitizeContext(obj: unknown): unknown {
+  if (obj === null || obj === undefined) return obj;
+  if (typeof obj !== 'object' && typeof obj !== 'function') return obj;
+  try {
+    return JSON.parse(JSON.stringify(obj));
+  } catch {
+    return {};
+  }
+}
 function evalJsExpr(expr: string, ctx: RenderContext): unknown {
   // Guard against absurdly long expressions that could indicate injection.
   if (expr.length > 2000) return undefined;
-  const args = ctx.args ?? {};
-  const item = ctx.item ?? {};
-  const data = ctx.data;
+  // Block obvious sandbox escape attempts.
+  if (FORBIDDEN_EXPR_PATTERNS.test(expr)) return undefined;
+  const args = sanitizeContext(ctx.args ?? {});
+  const item = sanitizeContext(ctx.item ?? {});
+  const data = sanitizeContext(ctx.data);
   const index = ctx.index ?? 0;
   try {
-    const fn = new Function(
-      'args',
-      'item',
-      'data',
-      'index',
-      'encodeURIComponent',
-      'decodeURIComponent',
-      'JSON',
-      'Math',
-      'Number',
-      'String',
-      'Boolean',
-      'Array',
-      'Object',
-      'Date',
-      `"use strict"; return (${expr});`,
-    );
-    return fn(
-      args,
-      item,
-      data,
-      index,
-      encodeURIComponent,
-      decodeURIComponent,
-      JSON,
-      Math,
-      Number,
-      String,
-      Boolean,
-      Array,
-      Object,
-      Date,
+    return vm.runInNewContext(
+      `(${expr})`,
+      {
+        args,
+        item,
+        data,
+        index,
+        encodeURIComponent,
+        decodeURIComponent,
+        JSON,
+        Math,
+        Number,
+        String,
+        Boolean,
+        Array,
+        Date,
+      },
+      {
+        timeout: 50,
+        contextCodeGeneration: {
+          strings: false,
+          wasm: false,
+        },
+      },
     );
   } catch {
     return undefined;

package/src/pipeline/transform.test.ts CHANGED Viewed

@@ -101,6 +101,26 @@ describe('stepSort', () => {
     await stepSort(null, 'score', SAMPLE_DATA, {});
     expect(SAMPLE_DATA).toEqual(original);
   });
+  it('sorts string-encoded numbers naturally by default', async () => {
+    const data = [
+      { name: 'A', volume: '99' },
+      { name: 'B', volume: '1000' },
+      { name: 'C', volume: '250' },
+    ];
+    const result = await stepSort(null, { by: 'volume', order: 'desc' }, data, {});
+    expect((result as typeof data).map((r) => r.name)).toEqual(['B', 'C', 'A']);
+  });
+  it('handles missing fields gracefully', async () => {
+    const data = [
+      { name: 'A', value: '10' },
+      { name: 'B' },
+      { name: 'C', value: '5' },
+    ];
+    const result = await stepSort(null, { by: 'value', order: 'asc' }, data, {});
+    expect((result as typeof data).map((r) => r.name)).toEqual(['B', 'C', 'A']);
+  });
 });
 describe('stepLimit', () => {

package/src/plugin.test.ts CHANGED Viewed

@@ -1,12 +1,28 @@
 /**
- * Tests for plugin management: install, uninstall, list.
+ * Tests for plugin management: install, uninstall, list, and lock file support.
  */
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
 import * as fs from 'node:fs';
+import * as os from 'node:os';
 import * as path from 'node:path';
 import { PLUGINS_DIR } from './discovery.js';
-import { listPlugins, uninstallPlugin, updatePlugin, _parseSource } from './plugin.js';
+import type { LockEntry } from './plugin.js';
+import * as pluginModule from './plugin.js';
+const {
+  LOCK_FILE,
+  _getCommitHash,
+  listPlugins,
+  _readLockFile,
+  _resolveEsbuildBin,
+  uninstallPlugin,
+  updatePlugin,
+  _parseSource,
+  _updateAllPlugins,
+  _validatePluginStructure,
+  _writeLockFile,
+} = pluginModule;
 describe('parseSource', () => {
   it('parses github:user/repo format', () => {
@@ -41,6 +57,142 @@ describe('parseSource', () => {
   });
 });
+describe('validatePluginStructure', () => {
+  const testDir = path.join(PLUGINS_DIR, '__test-validate__');
+  beforeEach(() => {
+    fs.mkdirSync(testDir, { recursive: true });
+  });
+  afterEach(() => {
+    try { fs.rmSync(testDir, { recursive: true }); } catch {}
+  });
+  it('returns invalid for non-existent directory', () => {
+    const res = _validatePluginStructure(path.join(PLUGINS_DIR, '__does_not_exist__'));
+    expect(res.valid).toBe(false);
+    expect(res.errors[0]).toContain('does not exist');
+  });
+  it('returns invalid for empty directory', () => {
+    const res = _validatePluginStructure(testDir);
+    expect(res.valid).toBe(false);
+    expect(res.errors[0]).toContain('No command files found');
+  });
+  it('returns valid for YAML plugin', () => {
+    fs.writeFileSync(path.join(testDir, 'cmd.yaml'), 'site: test');
+    const res = _validatePluginStructure(testDir);
+    expect(res.valid).toBe(true);
+    expect(res.errors).toHaveLength(0);
+  });
+  it('returns valid for JS plugin', () => {
+    fs.writeFileSync(path.join(testDir, 'cmd.js'), 'console.log("hi");');
+    const res = _validatePluginStructure(testDir);
+    expect(res.valid).toBe(true);
+    expect(res.errors).toHaveLength(0);
+  });
+  it('returns invalid for TS plugin without package.json', () => {
+    fs.writeFileSync(path.join(testDir, 'cmd.ts'), 'console.log("hi");');
+    const res = _validatePluginStructure(testDir);
+    expect(res.valid).toBe(false);
+    expect(res.errors[0]).toContain('contains .ts files but no package.json');
+  });
+  it('returns invalid for TS plugin with missing type: module', () => {
+    fs.writeFileSync(path.join(testDir, 'cmd.ts'), 'console.log("hi");');
+    fs.writeFileSync(path.join(testDir, 'package.json'), JSON.stringify({ name: 'test' }));
+    const res = _validatePluginStructure(testDir);
+    expect(res.valid).toBe(false);
+    expect(res.errors[0]).toContain('must have "type": "module"');
+  });
+  it('returns valid for TS plugin with correct package.json', () => {
+    fs.writeFileSync(path.join(testDir, 'cmd.ts'), 'console.log("hi");');
+    fs.writeFileSync(path.join(testDir, 'package.json'), JSON.stringify({ type: 'module' }));
+    const res = _validatePluginStructure(testDir);
+    expect(res.valid).toBe(true);
+    expect(res.errors).toHaveLength(0);
+  });
+});
+describe('lock file', () => {
+  const backupPath = `${LOCK_FILE}.test-backup`;
+  let hadOriginal = false;
+  beforeEach(() => {
+    hadOriginal = fs.existsSync(LOCK_FILE);
+    if (hadOriginal) {
+      fs.mkdirSync(path.dirname(backupPath), { recursive: true });
+      fs.copyFileSync(LOCK_FILE, backupPath);
+    }
+  });
+  afterEach(() => {
+    if (hadOriginal) {
+      fs.copyFileSync(backupPath, LOCK_FILE);
+      fs.unlinkSync(backupPath);
+      return;
+    }
+    try { fs.unlinkSync(LOCK_FILE); } catch {}
+  });
+  it('reads empty lock when file does not exist', () => {
+    try { fs.unlinkSync(LOCK_FILE); } catch {}
+    expect(_readLockFile()).toEqual({});
+  });
+  it('round-trips lock entries', () => {
+    const entries: Record<string, LockEntry> = {
+      'test-plugin': {
+        source: 'https://github.com/user/repo.git',
+        commitHash: 'abc1234567890def',
+        installedAt: '2025-01-01T00:00:00.000Z',
+      },
+      'another-plugin': {
+        source: 'https://github.com/user/another.git',
+        commitHash: 'def4567890123abc',
+        installedAt: '2025-02-01T00:00:00.000Z',
+        updatedAt: '2025-03-01T00:00:00.000Z',
+      },
+    };
+    _writeLockFile(entries);
+    expect(_readLockFile()).toEqual(entries);
+  });
+  it('handles malformed lock file gracefully', () => {
+    fs.mkdirSync(path.dirname(LOCK_FILE), { recursive: true });
+    fs.writeFileSync(LOCK_FILE, 'not valid json');
+    expect(_readLockFile()).toEqual({});
+  });
+});
+describe('getCommitHash', () => {
+  it('returns a hash for a git repo', () => {
+    const hash = _getCommitHash(process.cwd());
+    expect(hash).toBeDefined();
+    expect(hash).toMatch(/^[0-9a-f]{40}$/);
+  });
+  it('returns undefined for non-git directory', () => {
+    expect(_getCommitHash(os.tmpdir())).toBeUndefined();
+  });
+});
+describe('resolveEsbuildBin', () => {
+  it('resolves a usable esbuild executable path', () => {
+    const binPath = _resolveEsbuildBin();
+    expect(binPath).not.toBeNull();
+    expect(typeof binPath).toBe('string');
+    expect(fs.existsSync(binPath!)).toBe(true);
+    // On Windows the resolved path ends with 'esbuild.cmd', on Unix 'esbuild'
+    expect(binPath).toMatch(/esbuild(\.cmd)?$/);
+  });
+});
 describe('listPlugins', () => {
   const testDir = path.join(PLUGINS_DIR, '__test-list-plugin__');
@@ -58,6 +210,28 @@ describe('listPlugins', () => {
     expect(found!.commands).toContain('hello');
   });
+  it('includes version metadata from the lock file', () => {
+    fs.mkdirSync(testDir, { recursive: true });
+    fs.writeFileSync(path.join(testDir, 'hello.yaml'), 'site: test\nname: hello\n');
+    const lock = _readLockFile();
+    lock['__test-list-plugin__'] = {
+      source: 'https://github.com/user/repo.git',
+      commitHash: 'abcdef1234567890abcdef1234567890abcdef12',
+      installedAt: '2025-01-01T00:00:00.000Z',
+    };
+    _writeLockFile(lock);
+    const plugins = listPlugins();
+    const found = plugins.find(p => p.name === '__test-list-plugin__');
+    expect(found).toBeDefined();
+    expect(found!.version).toBe('abcdef1');
+    expect(found!.installedAt).toBe('2025-01-01T00:00:00.000Z');
+    delete lock['__test-list-plugin__'];
+    _writeLockFile(lock);
+  });
   it('returns empty array when no plugins dir', () => {
     // listPlugins should handle missing dir gracefully
     const plugins = listPlugins();
@@ -80,6 +254,22 @@ describe('uninstallPlugin', () => {
     expect(fs.existsSync(testDir)).toBe(false);
   });
+  it('removes lock entry on uninstall', () => {
+    fs.mkdirSync(testDir, { recursive: true });
+    fs.writeFileSync(path.join(testDir, 'test.yaml'), 'site: test');
+    const lock = _readLockFile();
+    lock['__test-uninstall__'] = {
+      source: 'https://github.com/user/repo.git',
+      commitHash: 'abc123',
+      installedAt: '2025-01-01T00:00:00.000Z',
+    };
+    _writeLockFile(lock);
+    uninstallPlugin('__test-uninstall__');
+    expect(_readLockFile()['__test-uninstall__']).toBeUndefined();
+  });
   it('throws for non-existent plugin', () => {
     expect(() => uninstallPlugin('__nonexistent__')).toThrow('not installed');
   });
@@ -90,3 +280,61 @@ describe('updatePlugin', () => {
     expect(() => updatePlugin('__nonexistent__')).toThrow('not installed');
   });
 });
+vi.mock('node:child_process', () => {
+  return {
+    execFileSync: vi.fn((_cmd, args, opts) => {
+      if (Array.isArray(args) && args[0] === 'rev-parse' && args[1] === 'HEAD') {
+        if (opts?.cwd === os.tmpdir()) {
+          throw new Error('not a git repository');
+        }
+        return '1234567890abcdef1234567890abcdef12345678\n';
+      }
+      if (opts && opts.cwd && String(opts.cwd).endsWith('plugin-b')) {
+        throw new Error('Network error');
+      }
+      return '';
+    }),
+    execSync: vi.fn(() => ''),
+  };
+});
+describe('updateAllPlugins', () => {
+  const testDirA = path.join(PLUGINS_DIR, 'plugin-a');
+  const testDirB = path.join(PLUGINS_DIR, 'plugin-b');
+  const testDirC = path.join(PLUGINS_DIR, 'plugin-c');
+  beforeEach(() => {
+    fs.mkdirSync(testDirA, { recursive: true });
+    fs.mkdirSync(testDirB, { recursive: true });
+    fs.mkdirSync(testDirC, { recursive: true });
+    fs.writeFileSync(path.join(testDirA, 'cmd.yaml'), 'site: a');
+    fs.writeFileSync(path.join(testDirB, 'cmd.yaml'), 'site: b');
+    fs.writeFileSync(path.join(testDirC, 'cmd.yaml'), 'site: c');
+  });
+  afterEach(() => {
+    try { fs.rmSync(testDirA, { recursive: true }); } catch {}
+    try { fs.rmSync(testDirB, { recursive: true }); } catch {}
+    try { fs.rmSync(testDirC, { recursive: true }); } catch {}
+    vi.clearAllMocks();
+  });
+  it('collects successes and failures without throwing', () => {
+    const results = _updateAllPlugins();
+    const resA = results.find(r => r.name === 'plugin-a');
+    const resB = results.find(r => r.name === 'plugin-b');
+    const resC = results.find(r => r.name === 'plugin-c');
+    expect(resA).toBeDefined();
+    expect(resA!.success).toBe(true);
+    expect(resB).toBeDefined();
+    expect(resB!.success).toBe(false);
+    expect(resB!.error).toContain('Network error');
+    expect(resC).toBeDefined();
+    expect(resC!.success).toBe(true);
+  });
+});