@kiyeonjeon21/ncli 0.1.1

package/dist/commands/search.js

@@ -0,0 +1,175 @@
+import { Command } from "commander";
+import { loadConfig } from "../core/config.js";
+import { NaverClient } from "../core/client.js";
+import { getOutputFormat, getFieldMask, printOutput, printJson } from "../core/output.js";
+import { validateAgentInput, sanitizeResponse } from "../core/validate.js";
+import { getSchema } from "../schemas/index.js";
+import { readJsonArg } from "../core/stdin.js";
+const SEARCH_TYPES = [
+    "blog",
+    "news",
+    "web",
+    "image",
+    "book",
+    "cafe",
+    "kin",
+    "encyclopedia",
+    "shop",
+    "local",
+    "errata",
+    "adult",
+    "doc",
+];
+const SEARCH_BASE_URL = "https://openapi.naver.com/v1/search";
+const SEARCH_EXAMPLES = {
+    blog: `  ncli search blog "AI" --fields "title,link,description"
+  ncli search blog --json '{"query":"AI","display":5,"sort":"date"}'`,
+    news: `  ncli search news "반도체" --fields "title,link,pubDate"`,
+    web: `  ncli search web "TypeScript" --fields "title,link,description"`,
+    image: `  ncli search image "제주도" --display 5`,
+    book: `  ncli search book "인공지능" --fields "title,author,publisher,isbn"`,
+    cafe: `  ncli search cafe "맛집" --fields "title,link,cafename"`,
+    kin: `  ncli search kin "프로그래밍" --sort count`,
+    encyclopedia: `  ncli search encyclopedia "양자역학" --fields "title,link,description"`,
+    shop: `  ncli search shop "노트북" --fields "title,lprice,mallName" --sort dsc`,
+    local: `  ncli search local "강남 맛집" --fields "title,address,telephone"`,
+    errata: `  ncli search errata "오타확인"`,
+    adult: `  ncli search adult "검색어"`,
+    doc: `  ncli search doc "인공지능 논문" --fields "title,link,description"`,
+};
+const API_TYPE_MAP = {
+    encyclopedia: "encyc",
+    cafe: "cafearticle",
+};
+export const searchCommand = new Command("search").description("Search Naver services (blog, news, web, image, book, cafe, kin, encyclopedia, shop, local, errata, adult, doc). Rate limit: 25,000/day");
+for (const type of SEARCH_TYPES) {
+    const apiType = API_TYPE_MAP[type] || type;
+    searchCommand
+        .command(type)
+        .description(`Search Naver ${type} (25,000/day)`)
+        .argument("[query]", "search query")
+        .option("--json <payload>", "raw JSON payload (API params 1:1 mapping)")
+        .option("--display <n>", "number of results (1-100)", "10")
+        .option("--start <n>", "start position (1-1000)", "1")
+        .option("--sort <sort>", "sort: sim (relevance) or date", "sim")
+        .option("--page-all", "auto-paginate through all results")
+        .option("--max-results <n>", "max total results when using --page-all")
+        .option("--describe", "show API schema for this command (no execution)")
+        .addHelpText("after", `\nExamples:\n${SEARCH_EXAMPLES[type]}\n\nSchema: ncli schema search.${type}`)
+        .action(async (query, opts) => {
+        try {
+            // --describe: print schema and exit
+            if (opts.describe) {
+                const schema = getSchema(`search.${type}`);
+                printJson(schema);
+                return;
+            }
+            const config = loadConfig();
+            const client = new NaverClient(config);
+            const cmd = searchCommand.parent;
+            const format = getOutputFormat(cmd);
+            const fields = getFieldMask(cmd);
+            const isDryRun = cmd.optsWithGlobals().dryRun;
+            const shouldSanitize = cmd.optsWithGlobals().sanitize;
+            // Validate query input
+            if (query)
+                validateAgentInput(query, "query");
+            // Build params from --json or individual flags
+            let params;
+            if (opts.json) {
+                const jsonInput = readJsonArg(opts.json);
+                const parsed = JSON.parse(jsonInput);
+                params = { query: query || parsed.query, ...parsed };
+            }
+            else {
+                if (!query) {
+                    process.stderr.write(JSON.stringify({
+                        error: {
+                            code: "MISSING_QUERY",
+                            message: "Provide a search query as argument or via --json",
+                        },
+                    }) + "\n");
+                    process.exit(2);
+                }
+                params = {
+                    query,
+                    display: opts.display,
+                    start: opts.start,
+                    sort: opts.sort,
+                };
+            }
+            if (isDryRun) {
+                printOutput({
+                    dryRun: true,
+                    method: "GET",
+                    url: `${SEARCH_BASE_URL}/${apiType}.json`,
+                    params,
+                    validation: { status: "VALID" },
+                }, "json");
+                return;
+            }
+            const pageAll = !!opts.pageAll;
+            const maxResults = opts.maxResults ? parseInt(opts.maxResults, 10) : undefined;
+            if (pageAll) {
+                // Auto-paginate: fetch pages until no more results or maxResults reached
+                const allItems = [];
+                const pageSize = parseInt(params.display || "100", 10);
+                params.display = String(Math.min(pageSize, 100));
+                let start = parseInt(params.start || "1", 10);
+                while (true) {
+                    params.start = String(start);
+                    const page = await client.get(`${SEARCH_BASE_URL}/${apiType}.json`, params);
+                    const pageItems = page.items;
+                    if (!pageItems || pageItems.length === 0)
+                        break;
+                    const sanitized = shouldSanitize
+                        ? sanitizeResponse(pageItems)
+                        : pageItems;
+                    if (format === "ndjson") {
+                        // Stream immediately
+                        for (const item of sanitized) {
+                            if (maxResults && allItems.length >= maxResults)
+                                break;
+                            allItems.push(item);
+                            printOutput([item], "ndjson", fields);
+                        }
+                    }
+                    else {
+                        allItems.push(...sanitized);
+                    }
+                    if (maxResults && allItems.length >= maxResults)
+                        break;
+                    if (start + pageItems.length > 1000)
+                        break; // Naver API limit
+                    start += pageItems.length;
+                }
+                if (format !== "ndjson") {
+                    const trimmed = maxResults ? allItems.slice(0, maxResults) : allItems;
+                    printOutput(trimmed, format, fields);
+                }
+            }
+            else {
+                // Single page
+                const data = await client.get(`${SEARCH_BASE_URL}/${apiType}.json`, params);
+                const output = shouldSanitize ? sanitizeResponse(data) : data;
+                const response = output;
+                const items = response.items;
+                if (Array.isArray(items) && (fields || format === "ndjson")) {
+                    printOutput(items, format, fields);
+                }
+                else {
+                    printOutput(output, format);
+                }
+            }
+        }
+        catch (err) {
+            process.stderr.write(JSON.stringify({
+                error: {
+                    code: "COMMAND_FAILED",
+                    message: err instanceof Error ? err.message : String(err),
+                },
+            }) + "\n");
+            process.exit(1);
+        }
+    });
+}

package/dist/core/client.d.ts

@@ -0,0 +1,15 @@
+import { NaverConfig } from "./config.js";
+export interface ApiError {
+    error: {
+        code: string;
+        message: string;
+        status?: number;
+        naverCode?: string;
+    };
+}
+export declare class NaverClient {
+    private config;
+    constructor(config: NaverConfig);
+    get<T>(url: string, params?: Record<string, string>): Promise<T>;
+    post<T>(url: string, body: unknown): Promise<T>;
+}

package/dist/core/client.js

@@ -0,0 +1,73 @@
+const NAVER_ERROR_MESSAGES = {
+    SE01: "Incorrect query request — check URL protocol and parameters",
+    SE02: "Invalid display value — must be 1~100",
+    SE03: "Invalid start value — must be 1~1000",
+    SE04: "Invalid sort value — check allowed sort options via schema",
+    SE05: "Invalid search API — endpoint not found",
+    SE06: "Malformed encoding — ensure UTF-8 encoding",
+    SE99: "Naver system error — retry later",
+    "024": "Authentication failed — check NAVER_CLIENT_ID and NAVER_CLIENT_SECRET",
+    "010": "Rate limit exceeded — 25,000/day for search, 1,000/day for others",
+};
+function parseNaverError(status, body) {
+    try {
+        const parsed = JSON.parse(body);
+        const errorCode = parsed.errorCode || parsed.error_code || "";
+        const errorMessage = parsed.errorMessage || parsed.error_message || parsed.message || "";
+        const hint = NAVER_ERROR_MESSAGES[errorCode] || "";
+        return {
+            error: {
+                code: `HTTP_${status}`,
+                message: hint ? `${errorMessage} (${hint})` : errorMessage,
+                status,
+                naverCode: errorCode || undefined,
+            },
+        };
+    }
+    catch {
+        return {
+            error: {
+                code: `HTTP_${status}`,
+                message: body || `HTTP ${status}`,
+                status,
+            },
+        };
+    }
+}
+export class NaverClient {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    async get(url, params) {
+        const searchParams = new URLSearchParams(params);
+        const fullUrl = params ? `${url}?${searchParams}` : url;
+        const res = await fetch(fullUrl, {
+            headers: {
+                "X-Naver-Client-Id": this.config.clientId,
+                "X-Naver-Client-Secret": this.config.clientSecret,
+            },
+        });
+        if (!res.ok) {
+            const body = await res.text();
+            throw new Error(JSON.stringify(parseNaverError(res.status, body)));
+        }
+        return res.json();
+    }
+    async post(url, body) {
+        const res = await fetch(url, {
+            method: "POST",
+            headers: {
+                "X-Naver-Client-Id": this.config.clientId,
+                "X-Naver-Client-Secret": this.config.clientSecret,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify(body),
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(JSON.stringify(parseNaverError(res.status, text)));
+        }
+        return res.json();
+    }
+}

package/dist/core/config.d.ts

@@ -0,0 +1,8 @@
+export declare const NCLI_DIR: string;
+export declare const NCLI_ENV_PATH: string;
+export interface NaverConfig {
+    clientId: string;
+    clientSecret: string;
+    accessToken?: string;
+}
+export declare function loadConfig(): NaverConfig;

package/dist/core/config.js

@@ -0,0 +1,40 @@
+import { readFileSync, existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+export const NCLI_DIR = join(homedir(), ".ncli");
+export const NCLI_ENV_PATH = join(NCLI_DIR, ".env");
+function loadEnvFile(filePath) {
+    if (!existsSync(filePath))
+        return {};
+    const vars = {};
+    const content = readFileSync(filePath, "utf-8");
+    for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#"))
+            continue;
+        const eqIdx = trimmed.indexOf("=");
+        if (eqIdx === -1)
+            continue;
+        const key = trimmed.slice(0, eqIdx).trim();
+        const val = trimmed.slice(eqIdx + 1).trim();
+        vars[key] = val;
+    }
+    return vars;
+}
+export function loadConfig() {
+    // Priority: env vars > project .env (loaded by dotenv) > ~/.ncli/.env
+    const globalEnv = loadEnvFile(NCLI_ENV_PATH);
+    const clientId = process.env.NAVER_CLIENT_ID || globalEnv.NAVER_CLIENT_ID;
+    const clientSecret = process.env.NAVER_CLIENT_SECRET || globalEnv.NAVER_CLIENT_SECRET;
+    const accessToken = process.env.NAVER_ACCESS_TOKEN || globalEnv.NAVER_ACCESS_TOKEN;
+    if (!clientId || !clientSecret) {
+        throw new Error(JSON.stringify({
+            error: {
+                code: "AUTH_REQUIRED",
+                message: "Set NAVER_CLIENT_ID and NAVER_CLIENT_SECRET. " +
+                    "Run 'ncli init' to set up credentials, or register at https://developers.naver.com/apps/",
+            },
+        }));
+    }
+    return { clientId, clientSecret, accessToken };
+}

package/dist/core/output.d.ts

@@ -0,0 +1,7 @@
+import { Command } from "commander";
+export declare function getOutputFormat(cmd: Command): string;
+export declare function getFieldMask(cmd: Command): string[] | undefined;
+export declare function applyFieldMask(data: Record<string, unknown>, fields: string[] | undefined): Record<string, unknown>;
+export declare function printJson(data: unknown): void;
+export declare function printNdjson(items: Record<string, unknown>[]): void;
+export declare function printOutput(data: unknown, format: string, fields?: string[]): void;

package/dist/core/output.js

@@ -0,0 +1,57 @@
+export function getOutputFormat(cmd) {
+    const opts = cmd.optsWithGlobals();
+    if (opts.output)
+        return opts.output;
+    // Auto JSON when stdout is not a TTY
+    if (!process.stdout.isTTY)
+        return "json";
+    return "table";
+}
+export function getFieldMask(cmd) {
+    const opts = cmd.optsWithGlobals();
+    if (!opts.fields)
+        return undefined;
+    return opts.fields.split(",").map((f) => f.trim());
+}
+export function applyFieldMask(data, fields) {
+    if (!fields || fields.length === 0)
+        return data;
+    const result = {};
+    for (const field of fields) {
+        if (field in data) {
+            result[field] = data[field];
+        }
+    }
+    return result;
+}
+export function printJson(data) {
+    process.stdout.write(JSON.stringify(data, null, 2) + "\n");
+}
+export function printNdjson(items) {
+    for (const item of items) {
+        process.stdout.write(JSON.stringify(item) + "\n");
+    }
+}
+export function printOutput(data, format, fields) {
+    if (format === "ndjson" && Array.isArray(data)) {
+        const masked = fields
+            ? data.map((item) => applyFieldMask(item, fields))
+            : data;
+        printNdjson(masked);
+    }
+    else if (format === "json") {
+        if (Array.isArray(data) && fields) {
+            printJson(data.map((item) => applyFieldMask(item, fields)));
+        }
+        else if (typeof data === "object" && data !== null && fields) {
+            printJson(applyFieldMask(data, fields));
+        }
+        else {
+            printJson(data);
+        }
+    }
+    else {
+        // table fallback
+        printJson(data);
+    }
+}

package/dist/core/stdin.d.ts

@@ -0,0 +1 @@
+export declare function readJsonArg(value: string): string;

package/dist/core/stdin.js

@@ -0,0 +1,10 @@
+import { readFileSync } from "fs";
+export function readJsonArg(value) {
+    if (value === "-") {
+        return readFileSync(0, "utf-8").trim();
+    }
+    if (value.startsWith("@")) {
+        return readFileSync(value.slice(1), "utf-8").trim();
+    }
+    return value;
+}

package/dist/core/validate.d.ts

@@ -0,0 +1,8 @@
+export declare function rejectControlChars(value: string, fieldName?: string): string;
+export declare function validateResourceId(resourceId: string, fieldName?: string): string;
+export declare function rejectPathTraversal(path: string, fieldName?: string): string;
+export declare function validateAgentInput(value: string, fieldName: string, opts?: {
+    isPath?: boolean;
+    isResourceId?: boolean;
+}): string;
+export declare function sanitizeResponse(data: unknown): unknown;

package/dist/core/validate.js

@@ -0,0 +1,73 @@
+const CONTROL_CHAR_PATTERN = /[\x00-\x08\x0b\x0c\x0e-\x1f]/;
+const RESOURCE_ID_FORBIDDEN = new Set(["?", "#", "%", "&", "="]);
+const INJECTION_PATTERNS = [
+    /ignore\s+(all\s+)?previous\s+instructions/i,
+    /forget\s+(all\s+)?previous/i,
+    /you\s+are\s+now\s+a/i,
+    /system\s*:\s*/i,
+    /<\s*system\s*>/i,
+    /IMPORTANT\s*:\s*/i,
+];
+export function rejectControlChars(value, fieldName = "input") {
+    if (CONTROL_CHAR_PATTERN.test(value)) {
+        throw new Error(JSON.stringify({
+            error: {
+                code: "INVALID_INPUT",
+                message: `Control character detected in ${fieldName}. Input contains non-printable characters.`,
+            },
+        }));
+    }
+    return value;
+}
+export function validateResourceId(resourceId, fieldName = "id") {
+    const found = [...resourceId].filter((c) => RESOURCE_ID_FORBIDDEN.has(c));
+    if (found.length > 0) {
+        throw new Error(JSON.stringify({
+            error: {
+                code: "INVALID_RESOURCE_ID",
+                message: `Invalid characters [${found.join(",")}] in ${fieldName}: '${resourceId}'. Resource IDs must not contain URL meta-characters.`,
+            },
+        }));
+    }
+    return resourceId;
+}
+export function rejectPathTraversal(path, fieldName = "path") {
+    if (path.includes("..") || path.startsWith("/") || path.includes("~")) {
+        throw new Error(JSON.stringify({
+            error: {
+                code: "PATH_TRAVERSAL",
+                message: `Path traversal detected in ${fieldName}: '${path}'. Use relative paths without '..' or '~'.`,
+            },
+        }));
+    }
+    return path;
+}
+export function validateAgentInput(value, fieldName, opts = {}) {
+    rejectControlChars(value, fieldName);
+    if (opts.isPath)
+        rejectPathTraversal(value, fieldName);
+    if (opts.isResourceId)
+        validateResourceId(value, fieldName);
+    return value;
+}
+export function sanitizeResponse(data) {
+    if (typeof data === "string") {
+        for (const pattern of INJECTION_PATTERNS) {
+            if (pattern.test(data)) {
+                return "[SANITIZED: potential prompt injection detected]";
+            }
+        }
+        return data;
+    }
+    if (Array.isArray(data)) {
+        return data.map((item) => sanitizeResponse(item));
+    }
+    if (typeof data === "object" && data !== null) {
+        const result = {};
+        for (const [key, value] of Object.entries(data)) {
+            result[key] = sanitizeResponse(value);
+        }
+        return result;
+    }
+    return data;
+}

package/dist/schemas/index.d.ts

@@ -0,0 +1,12 @@
+export declare const SCHEMAS: Record<string, unknown>;
+export declare function listServices(): {
+    services: {
+        name: string;
+        description: string;
+    }[];
+};
+export declare function listMethods(service: string): {
+    service: string;
+    methods: string[];
+} | null;
+export declare function getSchema(method: string): unknown | null;