@openthread/claude-code-plugin 0.1.8 → 0.1.9

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "ot",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "Share Claude Code conversations to OpenThread — the StackOverflow for AI agents. One command to publish any session.",
   "icon": "icon.svg",
   "author": {

package/bin/cli.sh

@@ -22,6 +22,12 @@ usage() {
 }
 
 install_plugin() {
+  # Clean destination to prevent stale files from previous versions.
+  # cp -r does NOT delete files that exist in dest but not in src.
+  if [ -d "$DEST_DIR" ]; then
+    rm -rf "$DEST_DIR"
+  fi
+
   # Copy plugin files into marketplace structure
   mkdir -p "$DEST_DIR"
   for dir in .claude-plugin commands skills scripts; do
@@ -92,7 +98,11 @@ with open('$KNOWN_FILE', 'w') as f:
   # Disable in settings.json via the guarded writer (G16).
   [ -f "$SETTINGS_FILE" ] && node "$PLUGIN_DIR/bin/lib/settings-writer.js" disable 2>/dev/null || true
 
-  echo "✓ OpenThread plugin removed and deregistered"
+  # Clear stored credentials from keychain and file
+  bash "$PLUGIN_DIR/scripts/token.sh" clear 2>/dev/null || true
+  [ -d "$HOME/.config/openthread" ] && rm -rf "$HOME/.config/openthread"
+
+  echo "✓ OpenThread plugin removed, deregistered, and credentials cleared"
 }
 
 check_status() {

package/bin/lib/settings-writer.js

@@ -14,9 +14,23 @@ const SETTINGS_PATH = path.join(os.homedir(), ".claude", "settings.json");
 const ALLOWED_TOP_LEVEL_KEYS = new Set(["enabledPlugins"]);
 const ALLOWED_PLUGIN_KEYS = /^ot@openthread$/;
 
+// Keys that must never be used as property names (prototype pollution defense).
+const RESERVED_KEYS = new Set([
+  "__proto__",
+  "constructor",
+  "prototype",
+  "toString",
+  "valueOf",
+  "hasOwnProperty",
+  "__defineGetter__",
+  "__defineSetter__",
+]);
+
 function readSettings(settingsPath = SETTINGS_PATH) {
   try {
-    return JSON.parse(fs.readFileSync(settingsPath, "utf8"));
+    const raw = fs.readFileSync(settingsPath, "utf8");
+    if (!raw.trim()) return {}; // handle 0-byte / whitespace-only files
+    return JSON.parse(raw);
   } catch (e) {
     if (e.code === "ENOENT") return {};
     throw e;
@@ -26,8 +40,21 @@ function readSettings(settingsPath = SETTINGS_PATH) {
 function writeAtomically(data, settingsPath = SETTINGS_PATH) {
   const tmp = settingsPath + ".part";
   fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
-  fs.writeFileSync(tmp, JSON.stringify(data, null, 2) + "\n", { mode: 0o600 });
-  fs.renameSync(tmp, settingsPath);
+  try {
+    fs.writeFileSync(tmp, JSON.stringify(data, null, 2) + "\n", {
+      mode: 0o600,
+    });
+    fs.renameSync(tmp, settingsPath);
+    // Explicitly guarantee 0o600 on the final file — rename preserves perms
+    // on most systems but this is not guaranteed by POSIX.
+    fs.chmodSync(settingsPath, 0o600);
+  } catch (e) {
+    // Clean up .part file so it doesn't leak on failure
+    try {
+      fs.unlinkSync(tmp);
+    } catch {}
+    throw e;
+  }
 }
 
 function safeUpdateSettings(patch, settingsPath = SETTINGS_PATH) {
@@ -65,6 +92,14 @@ function safeUpdateSettings(patch, settingsPath = SETTINGS_PATH) {
       next.enabledPlugins = {};
     }
     for (const pluginKey of Object.keys(patch.enabledPlugins)) {
+      // Defense-in-depth: block reserved property names before regex check.
+      // The regex would also reject these, but an explicit guard is clearer
+      // and survives future regex changes.
+      if (RESERVED_KEYS.has(pluginKey)) {
+        throw new Error(
+          `settings-writer: refusing to modify reserved key "${pluginKey}"`,
+        );
+      }
       if (!ALLOWED_PLUGIN_KEYS.test(pluginKey)) {
         throw new Error(
           `settings-writer: refusing to modify plugin key "${pluginKey}"`,
@@ -105,4 +140,5 @@ module.exports = {
   SETTINGS_PATH,
   ALLOWED_TOP_LEVEL_KEYS,
   ALLOWED_PLUGIN_KEYS,
+  RESERVED_KEYS,
 };

package/bin/postinstall.js

@@ -3,33 +3,24 @@
 const {
   existsSync,
   mkdirSync,
+  rmSync,
   cpSync,
   chmodSync,
   readdirSync,
   readFileSync,
   writeFileSync,
+  accessSync,
+  constants: fsConstants,
 } = require("fs");
-const { join, resolve } = require("path");
+const { join, resolve, dirname } = require("path");
 const { homedir } = require("os");
-const { execSync } = require("node:child_process");
 
 const pkg = require("../package.json");
 
-// --- SLSA provenance verification (G22) ---
-// Before touching the filesystem, verify that the installed package tarball
-// was produced by our trusted publish workflow. Setting OT_SKIP_PROVENANCE=1
-// bypasses the check — needed for local `npm link` / dev installs where the
-// package isn't published yet.
-if (process.env.OT_SKIP_PROVENANCE !== "1") {
-  try {
-    execSync(`npm audit signatures --package=${pkg.name}@${pkg.version}`, {
-      stdio: "inherit",
-    });
-  } catch (e) {
-    console.error("refusing to install: npm audit signatures failed");
-    console.error("set OT_SKIP_PROVENANCE=1 to override (not recommended)");
-    process.exit(1);
-  }
+// --- Skip postinstall entirely if requested ---
+if (process.env.OT_SKIP_POSTINSTALL === "1") {
+  console.log("OT_SKIP_POSTINSTALL=1 — skipping plugin auto-install");
+  process.exit(0);
 }
 
 const { safeUpdateSettings } = require("./lib/settings-writer.js");
@@ -39,16 +30,78 @@ const MARKETPLACE_NAME = "openthread";
 const pluginSrc = resolve(__dirname, "..");
 
 // Marketplace lives alongside the official one
-const marketplaceDir = join(homedir(), ".claude", "plugins", "marketplaces", MARKETPLACE_NAME);
+const claudeDir = join(homedir(), ".claude");
+const marketplaceDir = join(claudeDir, "plugins", "marketplaces", MARKETPLACE_NAME);
 const pluginDest = join(marketplaceDir, "plugins", PLUGIN_ID);
 
 const DIRS_TO_COPY = [".claude-plugin", "commands", "skills", "scripts"];
 const FILES_TO_COPY = ["icon.svg"];
 
+// Required files that must exist after copy for the plugin to work.
+// If any are missing, the install is considered incomplete.
+const REQUIRED_FILES = [
+  ".claude-plugin/plugin.json",
+  "commands/share.md",
+  "skills/share-thread/SKILL.md",
+  "scripts/share.sh",
+  "scripts/token.sh",
+  "scripts/auth.sh",
+];
+
+// --- Preflight checks ---
+function preflight() {
+  const home = homedir();
+  try {
+    // Ensure ~/.claude exists or can be created
+    mkdirSync(claudeDir, { recursive: true });
+    accessSync(claudeDir, fsConstants.W_OK);
+  } catch {
+    console.warn(
+      `Warning: Cannot write to ${claudeDir}. Check permissions (chmod 755 ~/.claude).`,
+    );
+    console.warn("Try: claude --plugin-dir " + pluginSrc);
+    process.exit(0); // graceful — don't block npm install
+  }
+}
+
+// --- Atomic JSON write (read → merge → write .part → rename) ---
+function atomicJsonUpdate(filePath, mergeFn) {
+  let current = {};
+  if (existsSync(filePath)) {
+    try {
+      current = JSON.parse(readFileSync(filePath, "utf8"));
+    } catch {
+      current = {};
+    }
+  }
+  const next = mergeFn(current);
+  const tmp = filePath + ".part";
+  try {
+    mkdirSync(dirname(filePath), { recursive: true });
+    writeFileSync(tmp, JSON.stringify(next, null, 2) + "\n");
+    const { renameSync } = require("fs");
+    renameSync(tmp, filePath);
+  } catch (e) {
+    // Clean up .part file on failure
+    try {
+      const { unlinkSync } = require("fs");
+      unlinkSync(tmp);
+    } catch {}
+    throw e;
+  }
+}
+
 try {
-  // 1. Copy plugin files into marketplace/plugins/ot/
+  preflight();
+
+  // 1. Clean destination to prevent stale files from previous versions.
+  //    cpSync does NOT delete files that exist in dest but not in src.
+  if (existsSync(pluginDest)) {
+    rmSync(pluginDest, { recursive: true, force: true });
+  }
   mkdirSync(pluginDest, { recursive: true });
 
+  // 2. Copy plugin files into marketplace/plugins/ot/
   for (const dir of DIRS_TO_COPY) {
     const src = join(pluginSrc, dir);
     if (existsSync(src)) {
@@ -63,17 +116,31 @@ try {
     }
   }
 
-  // Sync version from package.json → plugin.json
-  const pkgJsonPath = join(pluginSrc, "package.json");
+  // 3. Validate required files exist after copy
+  const missing = REQUIRED_FILES.filter(
+    (f) => !existsSync(join(pluginDest, f)),
+  );
+  if (missing.length > 0) {
+    console.warn(
+      `Warning: Plugin install incomplete — missing: ${missing.join(", ")}`,
+    );
+    console.warn("Try reinstalling: npm install @openthread/claude-code-plugin");
+    // Don't exit — partial install is better than no install
+  }
+
+  // 4. Sync version from package.json → plugin.json
   const pluginJsonPath = join(pluginDest, ".claude-plugin", "plugin.json");
-  if (existsSync(pkgJsonPath) && existsSync(pluginJsonPath)) {
-    const version = JSON.parse(readFileSync(pkgJsonPath, "utf8")).version;
-    const pluginJson = JSON.parse(readFileSync(pluginJsonPath, "utf8"));
-    pluginJson.version = version;
-    writeFileSync(pluginJsonPath, JSON.stringify(pluginJson, null, 2) + "\n");
+  if (existsSync(pluginJsonPath)) {
+    try {
+      const pluginJson = JSON.parse(readFileSync(pluginJsonPath, "utf8"));
+      pluginJson.version = pkg.version;
+      writeFileSync(pluginJsonPath, JSON.stringify(pluginJson, null, 2) + "\n");
+    } catch (e) {
+      console.warn(`Warning: Could not sync version to plugin.json: ${e.message}`);
+    }
   }
 
-  // Ensure scripts are executable
+  // 5. Ensure scripts are executable
   const scriptsDir = join(pluginDest, "scripts");
   if (existsSync(scriptsDir)) {
     for (const f of readdirSync(scriptsDir)) {
@@ -83,7 +150,7 @@ try {
     }
   }
 
-  // 2. Create marketplace.json (like the official marketplace has)
+  // 6. Create marketplace.json (like the official marketplace has)
   const marketplaceJsonDir = join(marketplaceDir, ".claude-plugin");
   mkdirSync(marketplaceJsonDir, { recursive: true });
   writeFileSync(
@@ -106,33 +173,27 @@ try {
     ) + "\n",
   );
 
-  // 3. Register marketplace in known_marketplaces.json
+  // 7. Register marketplace in known_marketplaces.json (atomic write)
   const knownPath = join(homedir(), ".claude", "plugins", "known_marketplaces.json");
-  let known = {};
-  if (existsSync(knownPath)) {
-    try {
-      known = JSON.parse(readFileSync(knownPath, "utf8"));
-    } catch {
-      known = {};
-    }
-  }
-  known[MARKETPLACE_NAME] = {
-    source: { source: "local", path: marketplaceDir },
-    installLocation: marketplaceDir,
-    lastUpdated: new Date().toISOString(),
-  };
-  writeFileSync(knownPath, JSON.stringify(known, null, 2) + "\n");
-
-  // 4. Enable the plugin in settings.json via the guarded writer (G16).
+  atomicJsonUpdate(knownPath, (known) => {
+    known[MARKETPLACE_NAME] = {
+      source: { source: "local", path: marketplaceDir },
+      installLocation: marketplaceDir,
+      lastUpdated: new Date().toISOString(),
+    };
+    return known;
+  });
+
+  // 8. Enable the plugin in settings.json via the guarded writer (G16).
   // The writer only permits changes to enabledPlugins["ot@openthread"] and
   // refuses any diff touching hooks, permissions, or unknown keys.
   safeUpdateSettings({ enabledPlugins: { "ot@openthread": true } });
 
-  const version = JSON.parse(readFileSync(join(pluginSrc, "package.json"), "utf8")).version;
-  console.log(`\x1b[32m✓\x1b[0m OpenThread plugin v${version} installed`);
+  console.log(`\x1b[32m✓\x1b[0m OpenThread plugin v${pkg.version} installed`);
   console.log(`  Marketplace: ${marketplaceDir}`);
   console.log(`  Restart Claude Code, then use \x1b[1m/ot:share\x1b[0m to share conversations.`);
 } catch (err) {
-  console.error(`Warning: Could not auto-install plugin: ${err.message}`);
-  console.error("Try: claude --plugin-dir " + pluginSrc);
+  console.warn(`Warning: Could not auto-install plugin: ${err.message}`);
+  console.warn("Try: claude --plugin-dir " + pluginSrc);
+  // Exit 0 — never block npm install for a postinstall failure
 }

package/bin/preuninstall.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+// Cleanup script that runs before `npm uninstall @openthread/claude-code-plugin`.
+//
+// Removes:
+//   1. Plugin files from ~/.claude/plugins/marketplaces/openthread/
+//   2. Marketplace registration from known_marketplaces.json
+//   3. Plugin enable flag from settings.json
+//   4. Stored credentials from ~/.config/openthread/
+//   5. Keychain tokens (access_token, refresh_token) via keytar
+//
+// This script NEVER exits non-zero — npm uninstall must always succeed.
+
+const fs = require("node:fs");
+const path = require("node:path");
+const os = require("node:os");
+const { execSync } = require("node:child_process");
+
+const MARKETPLACE_NAME = "openthread";
+const claudeDir = path.join(os.homedir(), ".claude");
+const marketplaceDir = path.join(claudeDir, "plugins", "marketplaces", MARKETPLACE_NAME);
+const knownPath = path.join(claudeDir, "plugins", "known_marketplaces.json");
+const credentialsDir = path.join(os.homedir(), ".config", "openthread");
+
+function tryOr(fn, label) {
+  try {
+    fn();
+  } catch (e) {
+    // Silently continue — never block uninstall
+  }
+}
+
+// 1. Remove plugin files
+tryOr(() => {
+  if (fs.existsSync(marketplaceDir)) {
+    fs.rmSync(marketplaceDir, { recursive: true, force: true });
+  }
+}, "remove plugin files");
+
+// 2. Deregister from known_marketplaces.json
+tryOr(() => {
+  if (fs.existsSync(knownPath)) {
+    const known = JSON.parse(fs.readFileSync(knownPath, "utf8"));
+    delete known[MARKETPLACE_NAME];
+    const tmp = knownPath + ".part";
+    fs.writeFileSync(tmp, JSON.stringify(known, null, 2) + "\n");
+    fs.renameSync(tmp, knownPath);
+  }
+}, "deregister marketplace");
+
+// 3. Disable in settings.json
+tryOr(() => {
+  const { safeUpdateSettings } = require("./lib/settings-writer.js");
+  safeUpdateSettings({ enabledPlugins: { "ot@openthread": false } });
+}, "disable plugin in settings");
+
+// 4. Clear keychain tokens
+tryOr(() => {
+  const keychainJs = path.join(__dirname, "..", "scripts", "lib", "keychain.js");
+  if (fs.existsSync(keychainJs)) {
+    execSync(`node "${keychainJs}" delete access_token`, { stdio: "ignore" });
+    execSync(`node "${keychainJs}" delete refresh_token`, { stdio: "ignore" });
+  }
+}, "clear keychain tokens");
+
+// 5. Remove credentials file and directory
+tryOr(() => {
+  if (fs.existsSync(credentialsDir)) {
+    fs.rmSync(credentialsDir, { recursive: true, force: true });
+  }
+}, "remove credentials");
+
+console.log("\x1b[32m✓\x1b[0m OpenThread plugin uninstalled and credentials cleared");

package/package.json

@@ -1,24 +1,38 @@
 {
   "name": "@openthread/claude-code-plugin",
-  "version": "0.1.8",
-  "description": "Share Claude Code conversations to OpenThread — the StackOverflow for AI agents. One command to publish any session to the community platform for the agentic AI era.",
+  "version": "0.1.9",
+  "description": "Share Claude Code conversations to OpenThread \u2014 the StackOverflow for AI agents. One command to publish any session to the community platform for the agentic AI era.",
   "bin": {
     "openthread-claude": "bin/cli.sh"
   },
   "files": [
-    "bin/",
+    "bin/cli.sh",
+    "bin/postinstall.js",
+    "bin/preuninstall.js",
+    "bin/lib/",
     ".claude-plugin/",
     "commands/",
     "skills/",
     "scripts/auth.sh",
     "scripts/share.sh",
+    "scripts/search.sh",
+    "scripts/import.sh",
+    "scripts/export.sh",
     "scripts/token.sh",
     "scripts/lib/",
     "icon.svg"
   ],
+  "engines": {
+    "node": ">=16.7.0"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public"
+  },
   "scripts": {
     "prepack": "node -e \"const fs=require('fs');const v=JSON.parse(fs.readFileSync('package.json','utf8')).version;const p=JSON.parse(fs.readFileSync('.claude-plugin/plugin.json','utf8'));p.version=v;fs.writeFileSync('.claude-plugin/plugin.json',JSON.stringify(p,null,2)+'\\n')\"",
     "postinstall": "node bin/postinstall.js",
+    "preuninstall": "node bin/preuninstall.js",
     "test": "node bin/__tests__/settings-writer.test.js"
   },
   "dependencies": {

package/scripts/export.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# Export an OpenThread post as a local archive file.
+#
+# Unlike import.sh, the output file is intended for archival / sharing:
+# it is written to the current working directory with mode 0644 and a
+# plain provenance banner. It is NOT marked as untrusted and NOT loaded
+# into Claude's context.
+#
+# Usage:
+#   bash export.sh <post-id-or-url> \
+#     [--format markdown|text|json] \
+#     [--out <path>] \
+#     [--stdout] \
+#     [--no-banner]
+#
+# Environment:
+#   OPENTHREAD_API_URL            Base URL for the API (default https://openthread.me)
+#   OPENTHREAD_EXPORT_OVERWRITE=1 Allow overwriting an existing output file
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+API_BASE="${OPENTHREAD_API_URL:-https://openthread.me}"
+
+FORMAT="markdown"
+OUT=""
+STDOUT=0
+NO_BANNER=0
+INPUT=""
+
+if [ $# -eq 0 ]; then
+  echo '{"error":"MISSING_INPUT","message":"Usage: export.sh <post-id-or-url> [--format markdown|text|json] [--out <path>] [--stdout] [--no-banner]"}' >&2
+  exit 2
+fi
+
+INPUT="$1"; shift
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --format)
+      if [ $# -lt 2 ]; then
+        echo '{"error":"UNKNOWN_FLAG","message":"--format requires an argument"}' >&2
+        exit 2
+      fi
+      FORMAT="$2"; shift 2;;
+    --out)
+      if [ $# -lt 2 ]; then
+        echo '{"error":"UNKNOWN_FLAG","message":"--out requires an argument"}' >&2
+        exit 2
+      fi
+      OUT="$2"; shift 2;;
+    --stdout)    STDOUT=1; shift;;
+    --no-banner) NO_BANNER=1; shift;;
+    *)
+      printf '{"error":"UNKNOWN_FLAG","message":"Unknown flag: %s"}\n' "$1" >&2
+      exit 2
+      ;;
+  esac
+done
+
+# Optional bearer token — public posts don't need it.
+TOKEN=""
+if TOKEN=$(bash "$SCRIPT_DIR/token.sh" get 2>/dev/null); then :; fi
+
+PLUGIN_SCRIPTS_DIR="$SCRIPT_DIR" \
+API_BASE="$API_BASE" \
+INPUT="$INPUT" \
+FORMAT="$FORMAT" \
+OUT="$OUT" \
+STDOUT="$STDOUT" \
+NO_BANNER="$NO_BANNER" \
+TOKEN="$TOKEN" \
+OVERWRITE="${OPENTHREAD_EXPORT_OVERWRITE:-0}" \
+python3 "$SCRIPT_DIR/lib/export_client.py"

package/scripts/import.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# Fetch an OpenThread post into the current workspace.
+#
+# Default mode is --read: the masked thread is saved to disk but NOT
+# injected into Claude's context. The --context flag additionally writes
+# an <imported_thread trust="untrusted"> envelope file which the skill
+# can then display to Claude. In either case, imported content is
+# treated as UNTRUSTED DATA — never as instructions.
+#
+# Usage:
+#   bash import.sh <post-id-or-url> [--context|--read]
+#
+# Environment:
+#   OPENTHREAD_API_URL            Base URL for the API (default https://openthread.me)
+#   OPENTHREAD_IMPORT_OVERWRITE=1 Allow overwriting an existing import
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+API_BASE="${OPENTHREAD_API_URL:-https://openthread.me}"
+
+MODE="read"          # read | context
+INPUT=""
+
+if [ $# -eq 0 ]; then
+  echo '{"error":"MISSING_INPUT","message":"Usage: import.sh <post-id-or-url> [--context|--read]"}' >&2
+  exit 2
+fi
+
+INPUT="$1"; shift
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --context) MODE="context"; shift;;
+    --read)    MODE="read"; shift;;
+    *)
+      printf '{"error":"UNKNOWN_FLAG","message":"Unknown flag: %s"}\n' "$1" >&2
+      exit 2
+      ;;
+  esac
+done
+
+# Optional bearer token — public posts don't need it.
+TOKEN=""
+if command -v bash >/dev/null 2>&1; then
+  TOKEN=$(bash "$SCRIPT_DIR/token.sh" get 2>/dev/null || true)
+fi
+
+PLUGIN_SCRIPTS_DIR="$SCRIPT_DIR" \
+API_BASE="$API_BASE" \
+INPUT="$INPUT" \
+MODE="$MODE" \
+TOKEN="$TOKEN" \
+OVERWRITE="${OPENTHREAD_IMPORT_OVERWRITE:-0}" \
+python3 "$SCRIPT_DIR/lib/import_client.py"

package/scripts/search.sh

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Search OpenThread from the Claude Code plugin.
+#
+# Usage:
+#   bash search.sh <query> [--type posts|comments|communities|users|all]
+#                          [--community <name>]
+#                          [--provider <provider>]
+#                          [--time hour|day|week|month|year|all]
+#                          [--limit 1-25]
+#
+# Delegates to lib/search_client.py, which calls GET /api/search and emits
+# a plugin-consumable JSON response to stdout with sanitized strings.
+#
+# Works for both anonymous and authenticated users — the bearer token is
+# fetched best-effort from token.sh. Read-only: never mutates server state.
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+API_BASE="${OPENTHREAD_API_URL:-https://openthread.me/api}"
+
+QUERY=""
+TYPE="posts"
+COMMUNITY=""
+PROVIDER=""
+TIME_RANGE=""
+LIMIT="10"
+
+if [ $# -eq 0 ]; then
+  echo '{"error":"MISSING_QUERY","message":"Usage: search.sh <query> [--type ...] [--limit N]"}' >&2
+  exit 2
+fi
+
+QUERY="$1"
+shift
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --type)
+      [ $# -ge 2 ] || { echo '{"error":"MISSING_VALUE","message":"--type requires a value"}' >&2; exit 2; }
+      TYPE="$2"; shift 2;;
+    --community)
+      [ $# -ge 2 ] || { echo '{"error":"MISSING_VALUE","message":"--community requires a value"}' >&2; exit 2; }
+      COMMUNITY="$2"; shift 2;;
+    --provider)
+      [ $# -ge 2 ] || { echo '{"error":"MISSING_VALUE","message":"--provider requires a value"}' >&2; exit 2; }
+      PROVIDER="$2"; shift 2;;
+    --time)
+      [ $# -ge 2 ] || { echo '{"error":"MISSING_VALUE","message":"--time requires a value"}' >&2; exit 2; }
+      TIME_RANGE="$2"; shift 2;;
+    --limit)
+      [ $# -ge 2 ] || { echo '{"error":"MISSING_VALUE","message":"--limit requires a value"}' >&2; exit 2; }
+      LIMIT="$2"; shift 2;;
+    *)
+      printf '{"error":"UNKNOWN_FLAG","message":"Unknown flag: %s"}\n' "$1" >&2
+      exit 2
+      ;;
+  esac
+done
+
+# Optional bearer token — search works anonymously, just with narrower visibility.
+TOKEN=""
+if T=$(bash "$SCRIPT_DIR/token.sh" get 2>/dev/null); then
+  TOKEN="$T"
+fi
+
+PLUGIN_SCRIPTS_DIR="$SCRIPT_DIR" \
+API_BASE="$API_BASE" \
+QUERY="$QUERY" \
+TYPE="$TYPE" \
+COMMUNITY="$COMMUNITY" \
+PROVIDER="$PROVIDER" \
+TIME_RANGE="$TIME_RANGE" \
+LIMIT="$LIMIT" \
+TOKEN="$TOKEN" \
+exec python3 "$SCRIPT_DIR/lib/search_client.py"

package/bin/__tests__/settings-writer.test.js

@@ -1,122 +0,0 @@
-#!/usr/bin/env node
-// Unit tests for bin/lib/settings-writer.js
-// Run with: node bin/__tests__/settings-writer.test.js
-// Exit 0 on pass, non-zero on failure.
-
-const fs = require("node:fs");
-const os = require("node:os");
-const path = require("node:path");
-const assert = require("node:assert/strict");
-
-const { safeUpdateSettings } = require("../lib/settings-writer.js");
-
-let failures = 0;
-let passed = 0;
-
-function test(name, fn) {
-  const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "ot-settings-test-"));
-  const tmpFile = path.join(tmpDir, "settings.json");
-  try {
-    fn(tmpFile);
-    console.log(`  ok  ${name}`);
-    passed++;
-  } catch (e) {
-    console.error(`  FAIL  ${name}`);
-    console.error("    " + (e.stack || e.message));
-    failures++;
-  } finally {
-    try {
-      fs.rmSync(tmpDir, { recursive: true, force: true });
-    } catch {
-      /* ignore */
-    }
-  }
-}
-
-console.log("settings-writer tests:");
-
-test("enables ot@openthread on empty file", (file) => {
-  const result = safeUpdateSettings(
-    { enabledPlugins: { "ot@openthread": true } },
-    file,
-  );
-  assert.equal(result.enabledPlugins["ot@openthread"], true);
-  const onDisk = JSON.parse(fs.readFileSync(file, "utf8"));
-  assert.equal(onDisk.enabledPlugins["ot@openthread"], true);
-});
-
-test("refuses to modify hooks", (file) => {
-  assert.throws(
-    () =>
-      safeUpdateSettings(
-        { hooks: { preToolUse: "evil" } },
-        file,
-      ),
-    /refusing to modify top-level key "hooks"/,
-  );
-  assert.equal(fs.existsSync(file), false);
-});
-
-test("refuses to modify permissions", (file) => {
-  assert.throws(
-    () => safeUpdateSettings({ permissions: { allow: ["*"] } }, file),
-    /refusing to modify top-level key "permissions"/,
-  );
-});
-
-test("refuses unknown plugin keys", (file) => {
-  assert.throws(
-    () =>
-      safeUpdateSettings(
-        { enabledPlugins: { "other@thing": true } },
-        file,
-      ),
-    /refusing to modify plugin key "other@thing"/,
-  );
-});
-
-test("refuses unknown top-level keys", (file) => {
-  assert.throws(
-    () => safeUpdateSettings({ unknownKey: "x" }, file),
-    /refusing to modify top-level key "unknownKey"/,
-  );
-});
-
-test("preserves unrelated keys on update", (file) => {
-  fs.writeFileSync(
-    file,
-    JSON.stringify({
-      permissions: { allow: ["Bash"] },
-      hooks: { preToolUse: "existing" },
-      enabledPlugins: { "some@other": true },
-    }),
-  );
-  const result = safeUpdateSettings(
-    { enabledPlugins: { "ot@openthread": true } },
-    file,
-  );
-  assert.deepEqual(result.permissions, { allow: ["Bash"] });
-  assert.deepEqual(result.hooks, { preToolUse: "existing" });
-  assert.equal(result.enabledPlugins["some@other"], true);
-  assert.equal(result.enabledPlugins["ot@openthread"], true);
-});
-
-test("disables ot@openthread", (file) => {
-  const result = safeUpdateSettings(
-    { enabledPlugins: { "ot@openthread": false } },
-    file,
-  );
-  assert.equal(result.enabledPlugins["ot@openthread"], false);
-});
-
-test("replaces non-object enabledPlugins safely", (file) => {
-  fs.writeFileSync(file, JSON.stringify({ enabledPlugins: ["bogus"] }));
-  const result = safeUpdateSettings(
-    { enabledPlugins: { "ot@openthread": true } },
-    file,
-  );
-  assert.equal(result.enabledPlugins["ot@openthread"], true);
-});
-
-console.log(`\n${passed} passed, ${failures} failed`);
-process.exit(failures > 0 ? 1 : 0);