@jackwener/opencli 1.5.9 → 1.6.0

package/extension/src/background.ts

@@ -250,6 +250,8 @@ async function handleCommand(cmd: Command): Promise<Result> {
         return await handleScreenshot(cmd, workspace);
       case 'close-window':
         return await handleCloseWindow(cmd, workspace);
+      case 'cdp':
+        return await handleCdp(cmd, workspace);
       case 'sessions':
         return await handleSessions(cmd);
       case 'set-file-input':
@@ -269,12 +271,12 @@ async function handleCommand(cmd: Command): Promise<Result> {
 // ─── Action handlers ─────────────────────────────────────────────────
 
 /** Internal blank page used when no user URL is provided. */
-const BLANK_PAGE = 'data:text/html,<html></html>';
+const BLANK_PAGE = 'about:blank';
 
-/** Check if a URL can be attached via CDP — only allow http(s) and our internal blank page. */
+/** Check if a URL can be attached via CDP — only allow http(s) and blank pages. */
 function isDebuggableUrl(url?: string): boolean {
   if (!url) return true;  // empty/undefined = tab still loading, allow it
-  return url.startsWith('http://') || url.startsWith('https://') || url === BLANK_PAGE;
+  return url.startsWith('http://') || url.startsWith('https://') || url === 'about:blank' || url.startsWith('data:');
 }
 
 /** Check if a URL is safe for user-facing navigation (http/https only). */
@@ -387,7 +389,8 @@ async function handleExec(cmd: Command, workspace: string): Promise<Result> {
   if (!cmd.code) return { id: cmd.id, ok: false, error: 'Missing code' };
   const tabId = await resolveTabId(cmd.tabId, workspace);
   try {
-    const data = await executor.evaluateAsync(tabId, cmd.code);
+    const aggressive = workspace.startsWith('operate:');
+    const data = await executor.evaluateAsync(tabId, cmd.code, aggressive);
     return { id: cmd.id, ok: true, data };
   } catch (err) {
     return { id: cmd.id, ok: false, error: err instanceof Error ? err.message : String(err) };
@@ -578,6 +581,50 @@ async function handleScreenshot(cmd: Command, workspace: string): Promise<Result
   }
 }
 
+/** CDP methods permitted via the 'cdp' passthrough action. */
+const CDP_ALLOWLIST = new Set([
+  // Agent DOM context
+  'Accessibility.getFullAXTree',
+  'DOM.getDocument',
+  'DOM.getBoxModel',
+  'DOM.getContentQuads',
+  'DOM.querySelectorAll',
+  'DOM.scrollIntoViewIfNeeded',
+  'DOMSnapshot.captureSnapshot',
+  // Native input events
+  'Input.dispatchMouseEvent',
+  'Input.dispatchKeyEvent',
+  'Input.insertText',
+  // Page metrics & screenshots
+  'Page.getLayoutMetrics',
+  'Page.captureScreenshot',
+  // Runtime.enable needed for CDP attach setup (Runtime.evaluate goes through 'exec' action)
+  'Runtime.enable',
+  // Emulation (used by screenshot full-page)
+  'Emulation.setDeviceMetricsOverride',
+  'Emulation.clearDeviceMetricsOverride',
+]);
+
+async function handleCdp(cmd: Command, workspace: string): Promise<Result> {
+  if (!cmd.cdpMethod) return { id: cmd.id, ok: false, error: 'Missing cdpMethod' };
+  if (!CDP_ALLOWLIST.has(cmd.cdpMethod)) {
+    return { id: cmd.id, ok: false, error: `CDP method not permitted: ${cmd.cdpMethod}` };
+  }
+  const tabId = await resolveTabId(cmd.tabId, workspace);
+  try {
+    const aggressive = workspace.startsWith('operate:');
+    await executor.ensureAttached(tabId, aggressive);
+    const data = await chrome.debugger.sendCommand(
+      { tabId },
+      cmd.cdpMethod,
+      cmd.cdpParams ?? {},
+    );
+    return { id: cmd.id, ok: true, data };
+  } catch (err) {
+    return { id: cmd.id, ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+}
+
 async function handleCloseWindow(cmd: Command, workspace: string): Promise<Result> {
   const session = automationSessions.get(workspace);
   if (session) {

package/extension/src/cdp.ts

@@ -8,79 +8,13 @@
 
 const attached = new Set<number>();
 
-/** Internal blank page used when no user URL is provided. */
-const BLANK_PAGE = 'data:text/html,<html></html>';
-const FOREIGN_EXTENSION_URL_PREFIX = 'chrome-extension://';
-const ATTACH_RECOVERY_DELAY_MS = 120;
-
-/** Check if a URL can be attached via CDP — only allow http(s) and our internal blank page. */
+/** Check if a URL can be attached via CDP — only allow http(s) and blank pages. */
 function isDebuggableUrl(url?: string): boolean {
   if (!url) return true;  // empty/undefined = tab still loading, allow it
-  return url.startsWith('http://') || url.startsWith('https://') || url === BLANK_PAGE;
+  return url.startsWith('http://') || url.startsWith('https://') || url === 'about:blank' || url.startsWith('data:');
 }
 
-type CleanupResult = { removed: number };
-
-async function removeForeignExtensionEmbeds(tabId: number): Promise<CleanupResult> {
-  const tab = await chrome.tabs.get(tabId);
-  if (!tab.url || (!tab.url.startsWith('http://') && !tab.url.startsWith('https://'))) {
-    return { removed: 0 };
-  }
-  if (!chrome.scripting?.executeScript) return { removed: 0 };
-
-  try {
-    const [result] = await chrome.scripting.executeScript({
-      target: { tabId },
-      args: [`${FOREIGN_EXTENSION_URL_PREFIX}${chrome.runtime.id}/`],
-      func: (ownExtensionPrefix: string) => {
-        const extensionPrefix = 'chrome-extension://';
-        const selectors = ['iframe', 'frame', 'embed', 'object'];
-        const visitedRoots = new Set<Document | ShadowRoot>();
-        const roots: Array<Document | ShadowRoot> = [document];
-        let removed = 0;
-
-        while (roots.length > 0) {
-          const root = roots.pop();
-          if (!root || visitedRoots.has(root)) continue;
-          visitedRoots.add(root);
-
-          for (const selector of selectors) {
-            const nodes = root.querySelectorAll(selector);
-            for (const node of nodes) {
-              const src = node.getAttribute('src') || node.getAttribute('data') || '';
-              if (!src.startsWith(extensionPrefix) || src.startsWith(ownExtensionPrefix)) continue;
-              node.remove();
-              removed++;
-            }
-          }
-
-          const walker = document.createTreeWalker(root, NodeFilter.SHOW_ELEMENT);
-          let current = walker.nextNode();
-          while (current) {
-            const element = current as Element & { shadowRoot?: ShadowRoot | null };
-            if (element.shadowRoot) roots.push(element.shadowRoot);
-            current = walker.nextNode();
-          }
-        }
-
-        return { removed };
-      },
-    });
-    return result?.result ?? { removed: 0 };
-  } catch {
-    return { removed: 0 };
-  }
-}
-
-function delay(ms: number): Promise<void> {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-
-async function tryAttach(tabId: number): Promise<void> {
-  await chrome.debugger.attach({ tabId }, '1.3');
-}
-
-async function ensureAttached(tabId: number): Promise<void> {
+export async function ensureAttached(tabId: number, aggressiveRetry: boolean = false): Promise<void> {
   // Verify the tab URL is debuggable before attempting attach
   try {
     const tab = await chrome.tabs.get(tabId);
@@ -109,35 +43,47 @@ async function ensureAttached(tabId: number): Promise<void> {
     }
   }
 
-  try {
-    await tryAttach(tabId);
-  } catch (e: unknown) {
-    const msg = e instanceof Error ? e.message : String(e);
-    const hint = msg.includes('chrome-extension://')
-      ? '. Tip: another Chrome extension may be interfering — try disabling other extensions'
-      : '';
-    if (msg.includes('chrome-extension://')) {
-      const recoveryCleanup = await removeForeignExtensionEmbeds(tabId);
-      if (recoveryCleanup.removed > 0) {
-        console.warn(`[opencli] Removed ${recoveryCleanup.removed} foreign extension frame(s) after attach failure on tab ${tabId}`);
-      }
-      await delay(ATTACH_RECOVERY_DELAY_MS);
-      try {
-        await tryAttach(tabId);
-      } catch {
-        throw new Error(`attach failed: ${msg}${hint}`);
-      }
-    } else if (msg.includes('Another debugger is already attached')) {
+  // Retry attach up to 3 times — other extensions (1Password, Playwright MCP Bridge)
+  // can temporarily interfere with chrome.debugger. A short delay usually resolves it.
+  // Normal commands: 2 retries, 500ms delay (fast fail for non-operate use)
+  // Operate commands: 5 retries, 1500ms delay (aggressive, tolerates extension interference)
+  const MAX_ATTACH_RETRIES = aggressiveRetry ? 5 : 2;
+  const RETRY_DELAY_MS = aggressiveRetry ? 1500 : 500;
+  let lastError = '';
+
+  for (let attempt = 1; attempt <= MAX_ATTACH_RETRIES; attempt++) {
+    try {
+      // Force detach first to clear any stale state from other extensions
       try { await chrome.debugger.detach({ tabId }); } catch { /* ignore */ }
-      try {
-        await tryAttach(tabId);
-      } catch {
-        throw new Error(`attach failed: ${msg}${hint}`);
+      await chrome.debugger.attach({ tabId }, '1.3');
+      lastError = '';
+      break; // Success
+    } catch (e: unknown) {
+      lastError = e instanceof Error ? e.message : String(e);
+      if (attempt < MAX_ATTACH_RETRIES) {
+        console.warn(`[opencli] attach attempt ${attempt}/${MAX_ATTACH_RETRIES} failed: ${lastError}, retrying in ${RETRY_DELAY_MS}ms...`);
+        await new Promise(resolve => setTimeout(resolve, RETRY_DELAY_MS));
+        // Re-verify tab URL before retrying (it may have changed)
+        try {
+          const tab = await chrome.tabs.get(tabId);
+          if (!isDebuggableUrl(tab.url)) {
+            lastError = `Tab URL changed to ${tab.url} during retry`;
+            break; // Don't retry if URL became un-debuggable
+          }
+        } catch {
+          lastError = `Tab ${tabId} no longer exists`;
+          break;
+        }
       }
-    } else {
-      throw new Error(`attach failed: ${msg}${hint}`);
     }
   }
+
+  if (lastError) {
+    const hint = lastError.includes('chrome-extension://')
+      ? '. Tip: another Chrome extension may be interfering — try disabling other extensions'
+      : '';
+    throw new Error(`attach failed: ${lastError}${hint}`);
+  }
   attached.add(tabId);
 
   try {
@@ -145,40 +91,47 @@ async function ensureAttached(tabId: number): Promise<void> {
   } catch {
     // Some pages may not need explicit enable
   }
-
-  // Disable breakpoints so that `debugger;` statements in page code don't
-  // pause execution.  Anti-bot scripts use `debugger;` traps to detect CDP —
-  // they measure the time gap caused by the pause. Deactivating breakpoints
-  // makes the engine skip `debugger;` entirely, neutralising the timing
-  // side-channel without patching page JS.
-  try {
-    await chrome.debugger.sendCommand({ tabId }, 'Debugger.enable');
-    await chrome.debugger.sendCommand({ tabId }, 'Debugger.setBreakpointsActive', { active: false });
-  } catch {
-    // Non-fatal: best-effort hardening
-  }
 }
 
-export async function evaluate(tabId: number, expression: string): Promise<unknown> {
-  await ensureAttached(tabId);
-
-  const result = await chrome.debugger.sendCommand({ tabId }, 'Runtime.evaluate', {
-    expression,
-    returnByValue: true,
-    awaitPromise: true,
-  }) as {
-    result?: { type: string; value?: unknown; description?: string; subtype?: string };
-    exceptionDetails?: { exception?: { description?: string }; text?: string };
-  };
+export async function evaluate(tabId: number, expression: string, aggressiveRetry: boolean = false): Promise<unknown> {
+  // Retry the entire evaluate (attach + command).
+  // Normal: 2 retries. Operate: 3 retries (tolerates extension interference).
+  const MAX_EVAL_RETRIES = aggressiveRetry ? 3 : 2;
+  for (let attempt = 1; attempt <= MAX_EVAL_RETRIES; attempt++) {
+    try {
+      await ensureAttached(tabId, aggressiveRetry);
+
+      const result = await chrome.debugger.sendCommand({ tabId }, 'Runtime.evaluate', {
+        expression,
+        returnByValue: true,
+        awaitPromise: true,
+      }) as {
+        result?: { type: string; value?: unknown; description?: string; subtype?: string };
+        exceptionDetails?: { exception?: { description?: string }; text?: string };
+      };
+
+      if (result.exceptionDetails) {
+        const errMsg = result.exceptionDetails.exception?.description
+          || result.exceptionDetails.text
+          || 'Eval error';
+        throw new Error(errMsg);
+      }
 
-  if (result.exceptionDetails) {
-    const errMsg = result.exceptionDetails.exception?.description
-      || result.exceptionDetails.text
-      || 'Eval error';
-    throw new Error(errMsg);
+      return result.result?.value;
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      // Only retry on attach/debugger errors, not on JS eval errors
+      const isAttachError = msg.includes('attach failed') || msg.includes('Debugger is not attached')
+        || msg.includes('chrome-extension://') || msg.includes('Target closed');
+      if (isAttachError && attempt < MAX_EVAL_RETRIES) {
+        attached.delete(tabId); // Force re-attach on next attempt
+        await new Promise(resolve => setTimeout(resolve, 1000));
+        continue;
+      }
+      throw e;
+    }
   }
-
-  return result.result?.value;
+  throw new Error('evaluate: max retries exhausted');
 }
 
 export const evaluateAsync = evaluate;

package/extension/src/protocol.ts

@@ -5,7 +5,7 @@
  * Everything else is just JS code sent via 'exec'.
  */
 
-export type Action = 'exec' | 'navigate' | 'tabs' | 'cookies' | 'screenshot' | 'close-window' | 'sessions' | 'set-file-input';
+export type Action = 'exec' | 'navigate' | 'tabs' | 'cookies' | 'screenshot' | 'close-window' | 'sessions' | 'set-file-input' | 'cdp';
 
 export interface Command {
   /** Unique request ID */
@@ -36,6 +36,10 @@ export interface Command {
   files?: string[];
   /** CSS selector for file input element (set-file-input action) */
   selector?: string;
+  /** CDP method name for 'cdp' action (e.g. 'Accessibility.getFullAXTree') */
+  cdpMethod?: string;
+  /** CDP method params for 'cdp' action */
+  cdpParams?: Record<string, unknown>;
 }
 
 export interface Result {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jackwener/opencli",
-  "version": "1.5.9",
+  "version": "1.6.0",
   "publishConfig": {
     "access": "public"
   },

package/skills/opencli-explorer/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: opencli-explorer
+description: Use when creating a new OpenCLI adapter from scratch, adding support for a new website or platform, or exploring a site's API endpoints via browser DevTools. Covers API discovery workflow, authentication strategy selection, YAML/TS adapter writing, and testing.
+tags: [opencli, adapter, browser, api-discovery, cli, web-scraping, automation]
+---
+
 # CLI-EXPLORER — 适配器探索式开发完全指南
 
 > 本文档教你（或 AI Agent）如何为 OpenCLI 添加一个新网站的命令。  

package/skills/opencli-oneshot/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: opencli-oneshot
+description: Use when quickly generating a single OpenCLI command from a specific URL and goal description. 4-step process — open page, capture API, write YAML adapter, test. For full site exploration, use opencli-explorer instead.
+tags: [opencli, adapter, quick-start, yaml, cli, one-shot, automation]
+---
+
 # CLI-ONESHOT — 单点快速 CLI 生成
 
 > 给一个 URL + 一句话描述，4 步生成一个 CLI 命令。

package/skills/opencli-operate/SKILL.md

@@ -0,0 +1,213 @@
+---
+name: opencli-operate
+description: Make websites accessible for AI agents. Navigate, click, type, extract, wait — using Chrome with existing login sessions. No LLM API key needed.
+allowed-tools: Bash(opencli:*), Read, Edit, Write
+---
+
+# OpenCLI — Make Websites Accessible for AI Agents
+
+Control Chrome step-by-step via CLI. Reuses existing login sessions — no passwords needed.
+
+## Prerequisites
+
+```bash
+opencli doctor    # Verify extension + daemon connectivity
+```
+
+Requires: Chrome running + OpenCLI Browser Bridge extension installed.
+
+## Quickstart for AI Agents (1 step)
+
+Point your AI agent to this file. It contains everything needed to operate browsers.
+
+## Quickstart for Humans (3 steps)
+
+```bash
+npm install -g @jackwener/opencli          # 1. Install
+# Install extension from chrome://extensions  # 2. Load extension
+opencli operate open https://example.com    # 3. Go!
+```
+
+## Core Workflow
+
+1. **Navigate**: `opencli operate open <url>`
+2. **Inspect**: `opencli operate state` → see elements with `[N]` indices
+3. **Interact**: use indices — `click`, `type`, `select`, `keys`
+4. **Wait**: `opencli operate wait selector ".loaded"` or `wait text "Success"`
+5. **Verify**: `opencli operate get title` or `opencli operate screenshot`
+6. **Repeat**: browser stays open between commands
+7. **Save**: write a TS adapter to `~/.opencli/clis/<site>/<command>.ts`
+
+## Commands
+
+### Navigation
+
+```bash
+opencli operate open <url>              # Open URL
+opencli operate back                    # Go back
+opencli operate scroll down             # Scroll (up/down, --amount N)
+opencli operate scroll up --amount 1000
+```
+
+### Inspect
+
+```bash
+opencli operate state                   # Elements with [N] indices
+opencli operate screenshot [path.png]   # Screenshot
+```
+
+### Get (structured data)
+
+```bash
+opencli operate get title               # Page title
+opencli operate get url                 # Current URL
+opencli operate get text <index>        # Element text content
+opencli operate get value <index>       # Input/textarea value
+opencli operate get html                # Full page HTML
+opencli operate get html --selector "h1" # Scoped HTML
+opencli operate get attributes <index>  # Element attributes
+```
+
+### Interact
+
+```bash
+opencli operate click <index>           # Click element [N]
+opencli operate type <index> "text"     # Type into element [N]
+opencli operate select <index> "option" # Select dropdown
+opencli operate keys "Enter"            # Press key (Enter, Escape, Tab, Control+a)
+```
+
+### Wait
+
+```bash
+opencli operate wait selector ".loaded"           # Wait for element
+opencli operate wait selector ".spinner" --timeout 5000  # With timeout
+opencli operate wait text "Success"               # Wait for text
+opencli operate wait time 3                       # Wait N seconds
+```
+
+### Extract
+
+```bash
+opencli operate eval "document.title"
+opencli operate eval "JSON.stringify([...document.querySelectorAll('h2')].map(e => e.textContent))"
+```
+
+### Network (API Discovery)
+
+```bash
+opencli operate network                  # Show captured API requests (auto-captured since open)
+opencli operate network --detail 3       # Show full response body of request #3
+opencli operate network --all            # Include static resources
+```
+
+### Sedimentation (Save as CLI)
+
+```bash
+opencli operate init hn/top              # Generate adapter scaffold
+opencli operate verify hn/top            # Test the adapter
+```
+
+### Session
+
+```bash
+opencli operate close                   # Close automation window
+```
+
+## Example: Extract HN Stories
+
+```bash
+opencli operate open https://news.ycombinator.com
+opencli operate state                   # See [1] a "Story 1", [2] a "Story 2"...
+opencli operate eval "JSON.stringify([...document.querySelectorAll('.titleline a')].slice(0,5).map(a => ({title: a.textContent, url: a.href})))"
+opencli operate close
+```
+
+## Example: Fill a Form
+
+```bash
+opencli operate open https://httpbin.org/forms/post
+opencli operate state                   # See [3] input "Customer Name", [4] input "Telephone"
+opencli operate type 3 "OpenCLI"
+opencli operate type 4 "555-0100"
+opencli operate get value 3             # Verify: "OpenCLI"
+opencli operate close
+```
+
+## Saving as Reusable CLI — Complete Workflow
+
+### Step-by-step sedimentation flow:
+
+```bash
+# 1. Explore the website
+opencli operate open https://news.ycombinator.com
+opencli operate state                          # Understand DOM structure
+
+# 2. Discover APIs (crucial for high-quality adapters)
+opencli operate eval "fetch('/api/...').then(r=>r.json())"   # Trigger API calls
+opencli operate network                        # See captured API requests
+opencli operate network --detail 0             # Inspect response body
+
+# 3. Generate scaffold
+opencli operate init hn/top                    # Creates ~/.opencli/clis/hn/top.ts
+
+# 4. Edit the adapter (fill in func logic)
+# - If API found: use fetch() directly (Strategy.PUBLIC or COOKIE)
+# - If no API: use page.evaluate() for DOM extraction (Strategy.UI)
+
+# 5. Verify
+opencli operate verify hn/top                  # Runs the adapter and shows output
+
+# 6. If verify fails, edit and retry
+# 7. Close when done
+opencli operate close
+```
+
+### Example adapter:
+
+```typescript
+// ~/.opencli/clis/hn/top.ts
+import { cli, Strategy } from '@jackwener/opencli/registry';
+
+cli({
+  site: 'hn',
+  name: 'top',
+  description: 'Top Hacker News stories',
+  domain: 'news.ycombinator.com',
+  strategy: Strategy.PUBLIC,
+  browser: false,
+  args: [{ name: 'limit', type: 'int', default: 5 }],
+  columns: ['rank', 'title', 'score', 'url'],
+  func: async (_page, kwargs) => {
+    const limit = Math.min(Math.max(1, kwargs.limit ?? 5), 50);
+    const resp = await fetch('https://hacker-news.firebaseio.com/v0/topstories.json');
+    const ids = await resp.json();
+    return Promise.all(
+      ids.slice(0, limit).map(async (id: number, i: number) => {
+        const item = await (await fetch(`https://hacker-news.firebaseio.com/v0/item/${id}.json`)).json();
+        return { rank: i + 1, title: item.title, score: item.score, url: item.url ?? '' };
+      })
+    );
+  },
+});
+```
+
+Save to `~/.opencli/clis/<site>/<command>.ts` → immediately available as `opencli <site> <command>`.
+
+### Strategy Guide
+
+| Strategy | When | browser: |
+|----------|------|----------|
+| `Strategy.PUBLIC` | Public API, no auth | `false` |
+| `Strategy.COOKIE` | Needs login cookies | `true` |
+| `Strategy.UI` | Direct DOM interaction | `true` |
+
+**Always prefer API over UI** — if you discovered an API during browsing, use `fetch()` directly.
+
+## Troubleshooting
+
+| Error | Fix |
+|-------|-----|
+| "Browser not connected" | Run `opencli doctor` |
+| "attach failed: chrome-extension://" | Disable 1Password temporarily |
+| Element not found | `opencli operate scroll down` then `opencli operate state` |