@jackwener/opencli 1.7.22 → 1.8.0

package/dist/src/errors.js

@@ -97,6 +97,28 @@ export class PluginError extends CliError {
         super('PLUGIN', message, hint, EXIT_CODES.GENERIC_ERROR);
     }
 }
+/**
+ * Thrown when a JSON endpoint returns HTML instead of JSON — typically a login
+ * wall, rate-limit page, or WAF challenge. Surfaced as a structured error so
+ * callers can show "re-login or wait out the rate limit" guidance instead of
+ * the cryptic `SyntaxError: Unexpected token '<', "<!DOCTYPE "...` that a naive
+ * JSON.parse on an HTML body produces.
+ *
+ * `bodyPreview` is the first 100 chars of the response body (after trimming
+ * leading whitespace) — useful for logs / debugging without dumping the full
+ * page.
+ */
+export class LoginWallError extends CliError {
+    status;
+    url;
+    bodyPreview;
+    constructor(message, status, url, bodyPreview, hint) {
+        super('LOGIN_WALL', message, hint ?? 'The server returned an HTML page instead of JSON — likely a login wall, rate limit, or WAF challenge. Try re-logging in via your browser, or wait a few minutes before retrying.', EXIT_CODES.NOPERM);
+        this.status = status;
+        this.url = url;
+        this.bodyPreview = bodyPreview;
+    }
+}
 // ── Utilities ───────────────────────────────────────────────────────────────
 /** Extract a human-readable message from an unknown caught value. */
 export function getErrorMessage(error) {

package/dist/src/external-clis.yaml

@@ -99,3 +99,11 @@
   tags: [wechat, messaging, search, export, ai-agent]
   install:
     default: "npm install -g @jackwener/wx-cli"
+
+- name: wrangler
+  binary: wrangler
+  description: "Cloudflare Wrangler — deploy Workers, manage R2/D1/KV, publish Pages"
+  homepage: "https://developers.cloudflare.com/workers/wrangler/"
+  tags: [cloudflare, workers, serverless, edge, deployment]
+  install:
+    default: "npm install -g wrangler"

package/dist/src/main.js

@@ -143,9 +143,21 @@ if (getCompIdx !== -1) {
 // can't combine a parent positional with subcommand dispatch) sees the internal
 // `--session <name>` flag form. Also refuses the retired `opencli browser
 // --session foo ...` user form with a friendly usage error.
-const { rewriteBrowserArgv, BrowserSessionArgvError } = await import('./cli-argv-preprocess.js');
+const { rewriteBrowserArgv, BrowserSessionArgvError, escapeLeadingDashPositional } = await import('./cli-argv-preprocess.js');
 try {
-    const rewritten = rewriteBrowserArgv(process.argv.slice(2));
+    let rewritten = rewriteBrowserArgv(process.argv.slice(2));
+    // Insert a `--` separator before a required positional whose value starts
+    // with `-` (e.g. BOSS 直聘 securityId tokens; #1160). Skipped when the
+    // manifest is unavailable so the user-cli / dev paths still work.
+    try {
+        const manifestPath = getCliManifestPath(BUILTIN_CLIS);
+        if (fs.existsSync(manifestPath)) {
+            const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));
+            if (Array.isArray(manifest))
+                rewritten = escapeLeadingDashPositional(rewritten, manifest);
+        }
+    }
+    catch { /* manifest unavailable; skip the dash escape */ }
     process.argv.splice(2, process.argv.length - 2, ...rewritten);
 }
 catch (err) {

package/dist/src/utils.d.ts

@@ -12,3 +12,46 @@ export declare function sleep(ms: number): Promise<void>;
 export declare function saveBase64ToFile(base64: string, filePath: string): Promise<void>;
 export declare function createMarkdownConverter(configure?: (td: TurndownService) => void): TurndownService;
 export declare function htmlToMarkdown(value: string, configure?: (td: TurndownService) => void): string;
+/** Sentinel shape that browser-side `fetch` wrappers return when they detect an
+ * HTML response in place of JSON. Kept as a plain object so it survives the
+ * `page.evaluate` JSON round-trip. */
+export interface LoginWallSignal {
+    __loginWall: true;
+    status: number;
+    url: string;
+    contentType: string;
+    bodyPreview: string;
+}
+/** Throw a `LoginWallError` if `value` is the sentinel returned by the
+ * browser-side sniffer; otherwise return `value` unchanged. Adapters that
+ * fetch from inside `page.evaluate` call this on the result before consuming
+ * it, so the Node-side gets a typed error instead of a JSON-parse stack
+ * trace. */
+export declare function throwIfLoginWall<T>(value: T, opts?: {
+    url?: string;
+}): T;
+/** Parse a `Response` body as JSON, throwing `LoginWallError` if the server
+ * returned an HTML page (login wall / rate limit / WAF interception) instead
+ * of the expected JSON. Catches the common case of `<!DOCTYPE` or `<html`
+ * leading the body \u2014 naive `JSON.parse` on these gives a cryptic
+ * `SyntaxError` that callers can't distinguish from "real" malformed JSON.
+ *
+ * On real (non-HTML) JSON-parse failures, throws a regular `Error` with a
+ * body preview attached so debugging doesn't require a packet capture. */
+export declare function parseJsonOrThrowLoginWall(response: Response, opts?: {
+    url?: string;
+}): Promise<unknown>;
+/** Browser-side JS source fragment (as a string) that performs a `fetch` and
+ * either returns the parsed JSON body or a `LoginWallSignal` sentinel when
+ * the response is HTML. Intended to be embedded inside an adapter's
+ * `page.evaluate` block.
+ *
+ * Usage from inside a `page.evaluate` IIFE:
+ *
+ *     ${BROWSER_JSON_SNIFF_FN}
+ *     const res = await fetchJsonOrLoginWall('/some/path.json', { credentials: 'include' });
+ *     // res is the parsed JSON object, OR { __loginWall: true, status, url, contentType, bodyPreview }
+ *     return res;
+ *
+ * The Node side then calls `throwIfLoginWall(res, { url })` on the result. */
+export declare const BROWSER_JSON_SNIFF_FN = "\nasync function fetchJsonOrLoginWall(input, init) {\n  const r = await fetch(input, init);\n  const contentType = r.headers.get('content-type') || '';\n  const text = await r.text();\n  const trimmed = text.replace(/^\\s+/, '');\n  const looksLikeHtml =\n    contentType.toLowerCase().includes('text/html')\n    || trimmed.startsWith('<!DOCTYPE')\n    || trimmed.startsWith('<!doctype')\n    || trimmed.startsWith('<html')\n    || trimmed.startsWith('<HTML');\n  if (looksLikeHtml) {\n    return {\n      __loginWall: true,\n      status: r.status,\n      url: r.url || (typeof input === 'string' ? input : ''),\n      contentType,\n      bodyPreview: trimmed.slice(0, 100),\n    };\n  }\n  if (!r.ok) {\n    return { error: r.status };\n  }\n  try {\n    return JSON.parse(text);\n  } catch (err) {\n    throw new Error(\n      'JSON parse failed (status=' + r.status + ', body[0..50]=' + JSON.stringify(trimmed.slice(0, 50)) + '): '\n      + (err && err.message ? err.message : String(err))\n    );\n  }\n}\n";

package/dist/src/utils.js

@@ -4,6 +4,7 @@
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import TurndownService from 'turndown';
+import { LoginWallError } from './errors.js';
 /** Type guard: checks if a value is a non-null, non-array object. */
 export function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
@@ -53,3 +54,99 @@ export function htmlToMarkdown(value, configure) {
         .replace(/[ \t]+$/gm, '')
         .trim();
 }
+function isLoginWallSignal(v) {
+    return (typeof v === 'object'
+        && v !== null
+        && v.__loginWall === true
+        && typeof v.status === 'number');
+}
+/** Throw a `LoginWallError` if `value` is the sentinel returned by the
+ * browser-side sniffer; otherwise return `value` unchanged. Adapters that
+ * fetch from inside `page.evaluate` call this on the result before consuming
+ * it, so the Node-side gets a typed error instead of a JSON-parse stack
+ * trace. */
+export function throwIfLoginWall(value, opts = {}) {
+    if (isLoginWallSignal(value)) {
+        throw new LoginWallError(`Server returned HTML instead of JSON (status=${value.status}). `
+            + `Likely a login wall, rate limit, or WAF challenge.`, value.status, opts.url || value.url || '', value.bodyPreview);
+    }
+    return value;
+}
+/** Parse a `Response` body as JSON, throwing `LoginWallError` if the server
+ * returned an HTML page (login wall / rate limit / WAF interception) instead
+ * of the expected JSON. Catches the common case of `<!DOCTYPE` or `<html`
+ * leading the body \u2014 naive `JSON.parse` on these gives a cryptic
+ * `SyntaxError` that callers can't distinguish from "real" malformed JSON.
+ *
+ * On real (non-HTML) JSON-parse failures, throws a regular `Error` with a
+ * body preview attached so debugging doesn't require a packet capture. */
+export async function parseJsonOrThrowLoginWall(response, opts = {}) {
+    const contentType = response.headers.get('content-type') || '';
+    const text = await response.text();
+    const trimmed = text.trimStart();
+    const looksLikeHtml = contentType.toLowerCase().includes('text/html')
+        || trimmed.startsWith('<!DOCTYPE')
+        || trimmed.startsWith('<!doctype')
+        || trimmed.startsWith('<html')
+        || trimmed.startsWith('<HTML');
+    if (looksLikeHtml) {
+        throw new LoginWallError(`Server returned HTML instead of JSON (status=${response.status}). `
+            + `Likely a login wall, rate limit, or WAF challenge.`, response.status, opts.url || response.url || '', trimmed.slice(0, 100));
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch (err) {
+        // Real malformed JSON \u2014 surface body preview alongside the parser message
+        // so we don't have to repro to know what came back.
+        throw new Error(`JSON parse failed (status=${response.status}, body[0..50]=${JSON.stringify(trimmed.slice(0, 50))}): `
+            + (err instanceof Error ? err.message : String(err)));
+    }
+}
+/** Browser-side JS source fragment (as a string) that performs a `fetch` and
+ * either returns the parsed JSON body or a `LoginWallSignal` sentinel when
+ * the response is HTML. Intended to be embedded inside an adapter's
+ * `page.evaluate` block.
+ *
+ * Usage from inside a `page.evaluate` IIFE:
+ *
+ *     ${BROWSER_JSON_SNIFF_FN}
+ *     const res = await fetchJsonOrLoginWall('/some/path.json', { credentials: 'include' });
+ *     // res is the parsed JSON object, OR { __loginWall: true, status, url, contentType, bodyPreview }
+ *     return res;
+ *
+ * The Node side then calls `throwIfLoginWall(res, { url })` on the result. */
+export const BROWSER_JSON_SNIFF_FN = `
+async function fetchJsonOrLoginWall(input, init) {
+  const r = await fetch(input, init);
+  const contentType = r.headers.get('content-type') || '';
+  const text = await r.text();
+  const trimmed = text.replace(/^\\s+/, '');
+  const looksLikeHtml =
+    contentType.toLowerCase().includes('text/html')
+    || trimmed.startsWith('<!DOCTYPE')
+    || trimmed.startsWith('<!doctype')
+    || trimmed.startsWith('<html')
+    || trimmed.startsWith('<HTML');
+  if (looksLikeHtml) {
+    return {
+      __loginWall: true,
+      status: r.status,
+      url: r.url || (typeof input === 'string' ? input : ''),
+      contentType,
+      bodyPreview: trimmed.slice(0, 100),
+    };
+  }
+  if (!r.ok) {
+    return { error: r.status };
+  }
+  try {
+    return JSON.parse(text);
+  } catch (err) {
+    throw new Error(
+      'JSON parse failed (status=' + r.status + ', body[0..50]=' + JSON.stringify(trimmed.slice(0, 50)) + '): '
+      + (err && err.message ? err.message : String(err))
+    );
+  }
+}
+`;

package/dist/src/utils.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/utils.test.js

@@ -0,0 +1,155 @@
+import { describe, it, expect } from 'vitest';
+import { parseJsonOrThrowLoginWall, throwIfLoginWall, BROWSER_JSON_SNIFF_FN, } from './utils.js';
+import { LoginWallError } from './errors.js';
+function makeResponse(body, opts = {}) {
+    return new Response(body, {
+        status: opts.status ?? 200,
+        headers: { 'content-type': opts.contentType ?? 'application/json' },
+    });
+}
+describe('parseJsonOrThrowLoginWall', () => {
+    it('returns parsed JSON on a normal application/json response', async () => {
+        const res = makeResponse(JSON.stringify({ hello: 'world', n: 42 }));
+        const parsed = await parseJsonOrThrowLoginWall(res);
+        expect(parsed).toEqual({ hello: 'world', n: 42 });
+    });
+    it('throws LoginWallError when content-type is text/html', async () => {
+        const res = makeResponse('<html><body>Please log in</body></html>', {
+            status: 401,
+            contentType: 'text/html; charset=utf-8',
+        });
+        await expect(parseJsonOrThrowLoginWall(res, { url: 'https://example.com/api' })).rejects.toMatchObject({
+            name: 'LoginWallError',
+            code: 'LOGIN_WALL',
+            status: 401,
+            url: 'https://example.com/api',
+        });
+    });
+    it('throws LoginWallError when body starts with <!DOCTYPE even if content-type is missing', async () => {
+        // application/json content-type but body is actually HTML — WAFs sometimes do this
+        const res = new Response('<!DOCTYPE html><html><head></head><body>blocked</body></html>', {
+            status: 200,
+            headers: { 'content-type': 'application/json' },
+        });
+        try {
+            await parseJsonOrThrowLoginWall(res, { url: 'https://x.com/api/list' });
+            throw new Error('expected throw');
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(LoginWallError);
+            const e = err;
+            expect(e.status).toBe(200);
+            expect(e.url).toBe('https://x.com/api/list');
+            expect(e.bodyPreview.startsWith('<!DOCTYPE')).toBe(true);
+            expect(e.exitCode).toBe(77); // NOPERM
+        }
+    });
+    it('throws LoginWallError when body starts with <html (no DOCTYPE)', async () => {
+        const res = new Response('<html lang="en"><body>nope</body></html>', {
+            status: 429,
+            headers: { 'content-type': 'application/json' },
+        });
+        await expect(parseJsonOrThrowLoginWall(res)).rejects.toBeInstanceOf(LoginWallError);
+    });
+    it('throws LoginWallError when body has leading whitespace before <!DOCTYPE', async () => {
+        const res = new Response('   \n\n<!DOCTYPE html><html></html>', {
+            status: 200,
+            headers: { 'content-type': 'application/octet-stream' },
+        });
+        await expect(parseJsonOrThrowLoginWall(res)).rejects.toBeInstanceOf(LoginWallError);
+    });
+    it('throws a regular Error (NOT LoginWallError) on real malformed JSON', async () => {
+        const res = makeResponse('{not really json,');
+        try {
+            await parseJsonOrThrowLoginWall(res);
+            throw new Error('expected throw');
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(Error);
+            expect(err).not.toBeInstanceOf(LoginWallError);
+            const msg = err.message;
+            expect(msg).toContain('JSON parse failed');
+            expect(msg).toContain('body[0..50]=');
+            // body preview must be present so debugging doesn't require a repro
+            expect(msg).toContain('not really json');
+        }
+    });
+    it('preserves first 100 chars of body in bodyPreview', async () => {
+        const longHtml = '<!DOCTYPE html><html><head><title>' + 'x'.repeat(500) + '</title></head></html>';
+        const res = new Response(longHtml, { status: 403, headers: { 'content-type': 'text/html' } });
+        try {
+            await parseJsonOrThrowLoginWall(res);
+            throw new Error('expected throw');
+        }
+        catch (err) {
+            const e = err;
+            expect(e.bodyPreview.length).toBe(100);
+            expect(e.bodyPreview.startsWith('<!DOCTYPE')).toBe(true);
+        }
+    });
+});
+describe('throwIfLoginWall', () => {
+    it('returns the value unchanged when it is not a login-wall sentinel', () => {
+        const data = { data: { foo: 'bar' } };
+        expect(throwIfLoginWall(data)).toBe(data);
+        expect(throwIfLoginWall('hello')).toBe('hello');
+        expect(throwIfLoginWall(null)).toBe(null);
+        expect(throwIfLoginWall(undefined)).toBe(undefined);
+        expect(throwIfLoginWall(42)).toBe(42);
+        expect(throwIfLoginWall([1, 2, 3])).toEqual([1, 2, 3]);
+    });
+    it('returns objects that happen to have unrelated __loginWall-ish keys unchanged', () => {
+        // Must NOT trigger on partial matches — sentinel needs __loginWall === true AND numeric status
+        expect(throwIfLoginWall({ __loginWall: false })).toEqual({ __loginWall: false });
+        expect(throwIfLoginWall({ __loginWall: true })).toEqual({ __loginWall: true }); // missing status → not a real sentinel
+    });
+    it('throws LoginWallError when value is the browser-side sentinel', () => {
+        const signal = {
+            __loginWall: true,
+            status: 403,
+            url: 'https://x.com/i/api/graphql/...',
+            contentType: 'text/html',
+            bodyPreview: '<!DOCTYPE html><html><head><title>Login</title>',
+        };
+        try {
+            throwIfLoginWall(signal);
+            throw new Error('expected throw');
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(LoginWallError);
+            const e = err;
+            expect(e.status).toBe(403);
+            expect(e.url).toBe('https://x.com/i/api/graphql/...');
+            expect(e.bodyPreview).toContain('<!DOCTYPE');
+            expect(e.code).toBe('LOGIN_WALL');
+        }
+    });
+    it('opts.url overrides the URL embedded in the sentinel', () => {
+        const signal = {
+            __loginWall: true,
+            status: 401,
+            url: '',
+            contentType: 'text/html',
+            bodyPreview: '<html>',
+        };
+        try {
+            throwIfLoginWall(signal, { url: 'https://override.example.com/api' });
+            throw new Error('expected throw');
+        }
+        catch (err) {
+            expect(err.url).toBe('https://override.example.com/api');
+        }
+    });
+});
+describe('BROWSER_JSON_SNIFF_FN', () => {
+    it('is a non-empty string that defines fetchJsonOrLoginWall', () => {
+        expect(typeof BROWSER_JSON_SNIFF_FN).toBe('string');
+        expect(BROWSER_JSON_SNIFF_FN).toContain('fetchJsonOrLoginWall');
+        expect(BROWSER_JSON_SNIFF_FN).toContain('__loginWall');
+    });
+    it('can be evaluated as JS without syntax errors', () => {
+        // We can't run the actual fetch path here (no Response polyfill loop), but
+        // we CAN confirm the fragment parses cleanly when embedded inside an async IIFE.
+        expect(() => new Function(`(async () => { ${BROWSER_JSON_SNIFF_FN} })`)).not.toThrow();
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jackwener/opencli",
-  "version": "1.7.22",
+  "version": "1.8.0",
   "publishConfig": {
     "access": "public"
   },
@@ -42,7 +42,7 @@
     "dev": "tsx src/main.ts",
     "dev:bun": "bun src/main.ts",
     "build": "npm run clean-dist && npm run copy-yaml && npm run build-manifest",
-    "prebuild-manifest": "tsc --build",
+    "prebuild-manifest": "tsc --build && node -e \"require('fs').chmodSync('dist/src/main.js', 0o755)\"",
     "build-manifest": "tsx src/build-manifest.ts",
     "clean-dist": "node scripts/clean-dist.cjs",
     "copy-yaml": "node scripts/copy-yaml.cjs",
@@ -98,5 +98,11 @@
     "typescript": "^6.0.2",
     "vitepress": "^1.6.4",
     "vitest": "^4.1.0"
+  },
+  "overrides": {
+    "postcss": "^8.5.10",
+    "vitepress": {
+      "vite": "6.4.2"
+    }
   }
 }

package/scripts/silent-column-drop-baseline.json

@@ -582,13 +582,6 @@
       "voteCandidates"
     ]
   },
-  {
-    "command": "reddit/popular",
-    "file": "clis/reddit/popular.js",
-    "missing": [
-      "author"
-    ]
-  },
   {
     "command": "tieba/search",
     "file": "clis/tieba/search.js",
@@ -612,31 +605,6 @@
       "name"
     ]
   },
-  {
-    "command": "twitter/download",
-    "file": "clis/twitter/download.js",
-    "missing": [
-      "poster",
-      "url"
-    ]
-  },
-  {
-    "command": "twitter/download",
-    "file": "clis/twitter/download.js",
-    "missing": [
-      "url"
-    ]
-  },
-  {
-    "command": "twitter/list-add",
-    "file": "clis/twitter/list-add.js",
-    "missing": [
-      "method",
-      "ts",
-      "url",
-      "via"
-    ]
-  },
   {
     "command": "twitter/list-remove",
     "file": "clis/twitter/list-remove.js",
@@ -773,19 +741,6 @@
       "url"
     ]
   },
-  {
-    "command": "xianyu/chat",
-    "file": "clis/xianyu/chat.js",
-    "missing": [
-      "can_input",
-      "can_send",
-      "item_url",
-      "peer_masked_id",
-      "requiresAuth",
-      "title",
-      "visible_messages"
-    ]
-  },
   {
     "command": "xianyu/item",
     "file": "clis/xianyu/item.js",
@@ -945,13 +900,6 @@
       "url"
     ]
   },
-  {
-    "command": "zhihu/search",
-    "file": "clis/zhihu/search.js",
-    "missing": [
-      "excerpt"
-    ]
-  },
   {
     "command": "zsxq/groups",
     "file": "clis/zsxq/groups.js",