@xquik/tweetclaw 1.4.0 → 1.4.2

package/README.md

@@ -1,8 +1,12 @@
 # TweetClaw
 
+[![npm](https://img.shields.io/npm/v/@xquik/tweetclaw)](https://www.npmjs.com/package/@xquik/tweetclaw)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+![GitHub stars](https://img.shields.io/github/stars/Xquik-dev/tweetclaw)
+
 Post tweets, reply, like, retweet, follow, DM & more - directly from your chat. Full X/Twitter automation for [OpenClaw](https://github.com/openclaw/openclaw).
 
-Powered by [Xquik](https://xquik.com), the all-in-one X automation platform. **Reads from $0.00015/call - 66x cheaper than the official X API.**
+Powered by [Xquik](https://xquik.com), the all-in-one X automation platform. **Reads from $0.00015/call - 33x cheaper than the official X API.**
 
 ## Pricing
 
@@ -14,7 +18,7 @@ TweetClaw uses Xquik's credit-based pricing. 1 credit = $0.00015.
 |---|---|---|---|
 | **Monthly cost** | **$20** | $100 | $5,000 |
 | **Cost per tweet read** | **$0.00015** | ~$0.01 | ~$0.005 |
-| **Cost per user lookup** | **$0.00015** | ~$0.01 | ~$0.005 |
+| **Cost per user lookup** | **$0.0003** | ~$0.01 | ~$0.005 |
 | **Write actions** | **$0.0003** | Limited | Limited |
 | **Bulk extraction** | **$0.00015/result** | Not available | Not available |
 | **Monitoring + webhooks** | **Free** | Not available | Not available |
@@ -24,18 +28,23 @@ TweetClaw uses Xquik's credit-based pricing. 1 credit = $0.00015.
 
 | Operation | Credits | Cost |
 |-----------|---------|------|
-| Read (tweet, user, search, timeline, bookmarks, etc.) | 1 | $0.00015 |
+| Read (tweet, search, timeline, bookmarks, etc.) | 1 | $0.00015 |
+| Read (user profile, favoriters, followers you know, verified followers) | 2 | $0.0003 |
+| Read (trends) | 3 | $0.00045 |
 | Follow check, article | 7 | $0.00105 |
 | Write (tweet, like, retweet, follow, DM, etc.) | 2 | $0.0003 |
-| Extraction / draw | 1/result | $0.00015/result |
+| Extraction (tweets, replies, quotes, mentions, posts, likes, media, search) | 1/result | $0.00015/result |
+| Extraction (followers, following, verified followers, favoriters, retweeters, community members, people search, list members, list followers) | 2/result | $0.0003/result |
+| Extraction (articles) | 7/result | $0.00105/result |
+| Draw | 1/entry | $0.00015/entry |
 | Monitors, webhooks, radar, compose, drafts, integrations | 0 | **Free** |
 
 ### Pay-Per-Use (No Subscription)
 
 Two options:
 
-- **Credits (Stripe)**: Top up credits via the API ($10 minimum). 1 credit = $0.00015. Works with all 99 endpoints.
-- **MPP (USDC)**: 8 read-only X-API endpoints accept anonymous payments via Machine Payments Protocol. No account needed. SDK: `npm i mppx`.
+- **Credits (Stripe)**: Top up credits via the API ($10 minimum). 1 credit = $0.00015. Works with all 120 endpoints.
+- **MPP (USDC)**: 16 read-only X-API endpoints accept anonymous payments via Machine Payments Protocol. No account needed. SDK: `npm i mppx`.
 
 ### Free Operations
 
@@ -49,7 +58,7 @@ openclaw plugins install @xquik/tweetclaw
 
 ## Configure
 
-### Option A: API key (full access, 99 endpoints)
+### Option A: API key (full access, 120 endpoints)
 
 ```bash
 openclaw config set plugins.entries.tweetclaw.config.apiKey 'xq_YOUR_KEY'
@@ -59,18 +68,18 @@ Get a key at [dashboard.xquik.com](https://dashboard.xquik.com/).
 
 ### Option B: Credits (pay-per-use via Stripe, no subscription)
 
-Top up credits from the Xquik dashboard or via `POST /credits/topup`. All 99 endpoints available. 1 credit = $0.00015.
+Top up credits from the Xquik dashboard or via `POST /credits/topup`. All 120 endpoints available. 1 credit = $0.00015.
 
-### Option C: MPP pay-per-use (no account needed, 8 read-only endpoints)
+### Option C: MPP pay-per-use (no account needed, 16 read-only endpoints)
 
 ```bash
 npm i mppx viem
 openclaw config set plugins.entries.tweetclaw.config.tempoPrivateKey '0xYOUR_TEMPO_KEY'
 ```
 
-MPP (Machine Payments Protocol) lets agents pay per API call via Tempo (USDC). No account, no API key, no subscription. Get a Tempo wallet at [tempo.xyz](https://tempo.xyz).
+MPP (Machine Payments Protocol) lets agents pay per API call via Tempo (USDC). No account, no API key, no subscription. 16 read-only endpoints. Get a Tempo wallet at [tempo.xyz](https://tempo.xyz).
 
-MPP-eligible endpoints: tweet lookup ($0.00015), tweet search ($0.00015/tweet), user lookup ($0.00015), user tweets ($0.00015/tweet), follower check ($0.00105), article lookup ($0.00105), media download ($0.00015/media), trends ($0.00015).
+MPP-eligible endpoints: tweet lookup ($0.00015), tweet search ($0.00015/tweet), user lookup ($0.00015), user tweets ($0.00015/tweet), follower check ($0.00105), article lookup ($0.00105), media download ($0.00015/media), trends ($0.00045), X trends ($0.00045), quotes ($0.00015/tweet), replies ($0.00015/tweet), retweeters ($0.00015/user), favoriters ($0.00015/user), thread ($0.00015/tweet), user likes ($0.00015/tweet), user media ($0.00015/tweet).
 
 ### Optional settings
 
@@ -138,7 +147,7 @@ You: "Monitor @elonmusk for new tweets and follower changes"
 
 ## API Coverage
 
-99 endpoints across 12 categories:
+120 endpoints across 12 categories:
 
 | Category | Examples | Cost |
 |----------|---------|------|
@@ -146,15 +155,23 @@ You: "Monitor @elonmusk for new tweets and follower changes"
 | **Media** | Upload media via URL, download tweet media, get gallery links | 1-2 credits |
 | **Twitter** | Search tweets, look up users, user tweets/likes/media, favoriters, mutual followers, check follows, articles, bookmarks, notifications, timeline, DM history | 1-7 credits |
 | **Composition** | Compose, refine, score tweets; manage drafts; analyze writing styles | Free |
-| **Extraction** | Run extraction jobs (20 tool types: replies, followers, communities, etc.) | 1 credit/result |
+| **Extraction** | Run extraction jobs (23 tool types: replies, followers, communities, favoriters, user_likes, user_media, etc.) | 1-7 credits/result |
 | **Draws** | Run giveaway draws on tweets, export results | 1 credit/entry |
 | **Monitoring** | Create monitors, view events, manage webhooks | Free |
 | **Automations** | Create flows, add steps, test runs, inbound webhooks | Free |
 | **Account** | Manage API keys, subscription, connected X accounts | Free |
 | **Credits** | Check balance, top up credits | Free |
-| **Trends** | X trending topics, curated radar from 7 sources | 1 credit / Free |
+| **Trends** | X trending topics, curated radar from 7 sources | 3 credits / Free |
 | **Support** | Create tickets, reply, track status | Free |
 
+## Links
+
+- [Xquik Platform](https://xquik.com)
+- [API Documentation](https://docs.xquik.com)
+- [Billing & Pricing](https://docs.xquik.com/guides/billing)
+- [npm Package](https://www.npmjs.com/package/@xquik/tweetclaw)
+- [OpenClaw](https://github.com/openclaw/openclaw)
+
 ## License
 
 MIT

package/openclaw.plugin.json

@@ -1,14 +1,14 @@
 {
   "id": "tweetclaw",
   "name": "TweetClaw",
-  "version": "1.4.0",
-  "description": "Post tweets, reply, like, retweet, follow, DM from your chat - full X/Twitter automation powered by Xquik. 99 endpoints, reads from $0.00015/call.",
+  "version": "1.4.1",
+  "description": "Post tweets, reply, like, retweet, follow, DM from your chat - full X/Twitter automation powered by Xquik. 120 endpoints, reads from $0.00015/call. Requires an Xquik API key or Tempo private key.",
   "configSchema": {
     "type": "object",
     "additionalProperties": false,
     "properties": {
-      "apiKey": { "type": "string", "minLength": 1, "description": "Xquik API key (get one at dashboard.xquik.com). Required for full access to all 99 endpoints." },
-      "tempoPrivateKey": { "type": "string", "minLength": 1, "description": "Tempo wallet private key for MPP pay-per-use mode. No account needed. 8 read-only X-API endpoints." },
+      "apiKey": { "type": "string", "minLength": 1, "description": "Xquik API key (get one at dashboard.xquik.com). Required for full access to all 120 endpoints." },
+      "tempoPrivateKey": { "type": "string", "minLength": 1, "description": "Tempo wallet private key for MPP pay-per-use mode. No account needed. 16 read-only X-API endpoints." },
       "baseUrl": { "type": "string", "default": "https://xquik.com" },
       "pollingInterval": { "type": "number", "default": 60, "description": "Event polling interval in seconds" },
       "pollingEnabled": { "type": "boolean", "default": true }
@@ -19,8 +19,8 @@
     ]
   },
   "uiHints": {
-    "apiKey": { "label": "Xquik API Key", "sensitive": true, "placeholder": "xq_...", "help": "Full access to all 99 endpoints. Generate at dashboard.xquik.com." },
-    "tempoPrivateKey": { "label": "Tempo Private Key (MPP)", "sensitive": true, "placeholder": "0x...", "help": "Pay-per-use mode via Machine Payments Protocol. No account needed. 8 read-only X-API endpoints only. Requires mppx and viem packages." },
+    "apiKey": { "label": "Xquik API Key", "sensitive": true, "placeholder": "xq_...", "help": "Full access to all 120 endpoints. Generate at dashboard.xquik.com." },
+    "tempoPrivateKey": { "label": "Tempo Private Key (MPP)", "sensitive": true, "placeholder": "0x...", "help": "Pay-per-use mode via Machine Payments Protocol. No account needed. 16 read-only X-API endpoints only. Requires mppx and viem packages." },
     "baseUrl": { "label": "API Base URL", "placeholder": "https://xquik.com", "advanced": true, "help": "Only change if using a self-hosted Xquik instance." },
     "pollingInterval": { "label": "Event Poll Interval (seconds)", "advanced": true, "help": "How often to check for new monitor events. Default: 60 seconds." },
     "pollingEnabled": { "label": "Enable Event Notifications", "advanced": true, "help": "Deliver monitor alerts and extraction completions to your chat." }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@xquik/tweetclaw",
-  "version": "1.4.0",
-  "description": "Post tweets, reply, like, retweet, follow, DM & more from OpenClaw - full X/Twitter automation via Xquik. 99 endpoints, reads from $0.00015/call.",
+  "version": "1.4.2",
+  "description": "Post tweets, reply, like, retweet, follow, DM & more from OpenClaw - full X/Twitter automation via Xquik. 120 endpoints, reads from $0.00015/call.",
   "license": "MIT",
   "type": "module",
   "repository": {
@@ -18,7 +18,15 @@
   "openclaw": {
     "extensions": [
       "./src/index.ts"
-    ]
+    ],
+    "compat": {
+      "pluginApi": ">=2026.3.28",
+      "minGatewayVersion": "2026.3.28"
+    },
+    "build": {
+      "openclawVersion": "2026.3.28",
+      "pluginSdkVersion": "2026.3.28"
+    }
   },
   "files": [
     "src/",
@@ -31,7 +39,24 @@
     "x",
     "automation",
     "tweetclaw",
-    "xquik"
+    "xquik",
+    "twitter-api",
+    "x-api",
+    "social-media",
+    "scraper",
+    "mcp",
+    "ai-agent",
+    "data-extraction",
+    "giveaway",
+    "monitoring",
+    "tweet",
+    "twitter-scraper",
+    "twitter-bot",
+    "x-twitter",
+    "tweet-api",
+    "twitter-automation",
+    "openclaw",
+    "mcp-server"
   ],
   "scripts": {
     "typecheck": "tsc --noEmit",
@@ -50,8 +75,12 @@
     "viem": ">=2.0.0"
   },
   "peerDependenciesMeta": {
-    "mppx": { "optional": true },
-    "viem": { "optional": true }
+    "mppx": {
+      "optional": true
+    },
+    "viem": {
+      "optional": true
+    }
   },
   "devDependencies": {
     "@eslint/js": "^10.0.1",

package/skills/tweetclaw/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: tweetclaw
-description: "OpenClaw plugin for X/Twitter automation. Post tweets, reply, like, retweet, follow, DM, search, extract data, run giveaways, monitor accounts, automate flows via Xquik. 99 endpoints, 2 tools (explore + tweetclaw), 2 commands (/xstatus, /xtrends), background event poller. Reads from $0.00015/call - 66x cheaper than the official X API."
+description: "OpenClaw plugin for X/Twitter automation. Post tweets, reply, like, retweet, follow, DM, search, extract data, run giveaways, monitor accounts, automate flows via Xquik. 120 endpoints, 2 tools (explore + tweetclaw), 2 commands (/xstatus, /xtrends), background event poller. Reads from $0.00015/call - 33x cheaper than the official X API."
 homepage: https://xquik.com
 read_when:
   - Posting, replying, liking, retweeting, or following on X/Twitter
@@ -18,7 +18,7 @@ metadata: {"openclaw":{"emoji":"🐦","primaryEnv":"XQUIK_API_KEY","requires":{"
 
 # TweetClaw
 
-OpenClaw plugin for X/Twitter automation powered by Xquik. **Reads from $0.00015/call - 66x cheaper than the official X API.**
+OpenClaw plugin for X/Twitter automation powered by Xquik. **Reads from $0.00015/call - 33x cheaper than the official X API.**
 
 ```bash
 openclaw plugins install @xquik/tweetclaw
@@ -32,10 +32,15 @@ TweetClaw uses Xquik's credit-based pricing. 1 credit = $0.00015.
 
 | Operation | Credits | Cost |
 |-----------|---------|------|
-| Read (tweet, user, search, timeline, bookmarks, etc.) | 1 | $0.00015 |
+| Read (tweet, search, timeline, bookmarks, etc.) | 1 | $0.00015 |
+| Read (user profile) | 2 | $0.0003 |
+| Read (trends) | 3 | $0.00045 |
 | Follow check, article | 7 | $0.00105 |
 | Write (tweet, like, retweet, follow, DM, etc.) | 2 | $0.0003 |
-| Extraction / draw | 1/result | $0.00015/result |
+| Extraction (tweets, replies, quotes, mentions, posts, likes, media, search) | 1/result | $0.00015/result |
+| Extraction (followers, following, verified followers, favoriters, retweeters, community members, people search, list members, list followers) | 2/result | $0.0003/result |
+| Extraction (articles) | 7/result | $0.00105/result |
+| Draw | 1/entry | $0.00015/entry |
 | Monitors, webhooks, radar, compose, drafts, integrations | 0 | **Free** |
 
 ### vs Official X API
@@ -44,16 +49,16 @@ TweetClaw uses Xquik's credit-based pricing. 1 credit = $0.00015.
 |---|---|---|---|
 | **Monthly cost** | **$20** | $100 | $5,000 |
 | **Cost per tweet read** | **$0.00015** | ~$0.01 | ~$0.005 |
-| **Cost per user lookup** | **$0.00015** | ~$0.01 | ~$0.005 |
+| **Cost per user lookup** | **$0.0003** | ~$0.01 | ~$0.005 |
 | **Write actions** | **$0.0003** | Limited | Limited |
 | **Bulk extraction** | **$0.00015/result** | Not available | Not available |
 
 ### Pay-Per-Use (No Subscription)
 
-- **Credits (Stripe)**: Top up via `POST /api/v1/credits/topup` ($10 minimum). Works with all 99 endpoints.
-- **MPP (USDC)**: 8 read-only endpoints accept anonymous Tempo payments. No account needed. SDK: `npm i mppx`.
+- **Credits (Stripe)**: Top up via `POST /api/v1/credits/topup` ($10 minimum). Works with all 120 endpoints.
+- **MPP (USDC)**: 16 read-only endpoints accept anonymous Tempo payments. No account needed. SDK: `npm i mppx`.
 
-MPP pricing: tweet lookup ($0.00015), tweet search ($0.00015/tweet), user lookup ($0.00015), user tweets ($0.00015/tweet), follower check ($0.00105), article ($0.00105), media download ($0.00015/media), trends ($0.00015).
+MPP pricing: tweet lookup ($0.00015), tweet search ($0.00015/tweet), user lookup ($0.00015), user tweets ($0.00015/tweet), follower check ($0.00105), article ($0.00105), media download ($0.00015/media), trends ($0.00045), X trends ($0.00045), quotes ($0.00015/tweet), replies ($0.00015/tweet), retweeters ($0.00015/user), favoriters ($0.00015/user), thread ($0.00015/tweet), user likes ($0.00015/tweet), user media ($0.00015/tweet).
 
 ## When to Use
 
@@ -100,11 +105,11 @@ npm i mppx viem
 openclaw config set plugins.entries.tweetclaw.config.tempoPrivateKey '0xYOUR_KEY'
 ```
 
-MPP gives agents access to 8 read-only X-API endpoints without any account or subscription. The mppx SDK handles HTTP 402 payment challenges automatically.
+MPP gives agents access to 16 read-only X-API endpoints without any account or subscription. The mppx SDK handles HTTP 402 payment challenges automatically.
 
 ## Tools
 
-TweetClaw registers 2 tools that cover the entire Xquik API (99 endpoints):
+TweetClaw registers 2 tools that cover the entire Xquik API (120 endpoints):
 
 ### `explore` (free, no network)
 
@@ -307,13 +312,13 @@ Agent uses tweetclaw -> creates ticket with subject and description
 | Twitter | Search tweets, look up users, user tweets/likes/media, favoriters, mutual followers, bookmarks, notifications, timeline, DM history | 1-7 credits |
 | Composition | Compose, refine, score tweets; manage drafts | Free |
 | Styles | Analyze tweet styles, compare, performance | Mixed |
-| Extraction | Reply/follower/community extraction (20 tools) | 1 credit/result |
+| Extraction | Reply/follower/community extraction (23 tools) | 1-7 credits/result |
 | Draws | Giveaway draws, export results | 1 credit/entry |
 | Monitoring | Create monitors, view events, webhooks | Free |
 | Automations | Create flows, add steps, test runs, inbound webhooks | Free |
 | Account | API keys, subscription, connected X accounts | Free |
 | Credits | Check balance, top up | Free |
-| Trends | X trending topics, curated radar from 7 sources | 1 credit / Free |
+| Trends | X trending topics, curated radar from 7 sources | 3 credits / Free |
 | Support | Create tickets, reply, track status | Free |
 
 ## Tips

package/src/index.ts

@@ -94,7 +94,7 @@ export default function register(api: OpenClawApi, fetchFunction?: FetchFunction
         api.logger.error(`TweetClaw: MPP init failed - ${error instanceof Error ? error.message : String(error)}`);
       }
     })();
-    api.logger.info('TweetClaw: MPP mode - pay-per-use via Tempo (7 X-API endpoints, no subscription needed)');
+    api.logger.info('TweetClaw: MPP mode - pay-per-use via Tempo (16 X-API endpoints, no subscription needed)');
   }
 
   const request = createProxiedRequest(baseUrl, credential, fetchFunction);

package/src/mpp.ts

@@ -1,4 +1,4 @@
-import { resolveAsyncFunctionConstructor } from './tools/sandbox.js';
+import { resolveAsyncFunctionConstructor } from './tools/executor.js';
 
 type ModuleLoader = (name: string) => Promise<Record<string, unknown>>;
 

package/src/tools/executor.ts

@@ -0,0 +1,125 @@
+import vm from 'node:vm';
+import { API_SPEC } from '../api-spec.js';
+import { truncateResponse } from '../truncate.js';
+import type { ToolResult } from '../types.js';
+
+const specEndpoints: ReadonlyArray<Readonly<Record<string, unknown>>> = API_SPEC.map(
+  (endpoint): Readonly<Record<string, unknown>> => ({ ...endpoint }),
+);
+
+function extractErrorMessage(error: unknown): string {
+  if (error instanceof Error) {
+    return `${error.constructor.name}: ${error.message}`;
+  }
+  return String(error);
+}
+
+function isAsyncFunctionConstructor(
+  value: unknown,
+): value is new (...parameters: readonly string[]) => (...parameters: readonly unknown[]) => Promise<unknown> {
+  return typeof value === 'function';
+}
+
+function getConstructorFromPrototype(proto: unknown): unknown {
+  if (typeof proto !== 'object' || proto === null) {
+    return undefined;
+  }
+  return 'constructor' in proto ? proto.constructor : undefined;
+}
+
+function resolveAsyncFunctionConstructor(prototype?: unknown): new (
+  ...parameters: readonly string[]
+) => (...parameters: readonly unknown[]) => Promise<unknown> {
+  const asyncPrototype: unknown = prototype ?? Object.getPrototypeOf(async (): Promise<void> => {});
+  const candidate: unknown = getConstructorFromPrototype(asyncPrototype);
+  if (!isAsyncFunctionConstructor(candidate)) {
+    throw new Error('AsyncFunction constructor not found');
+  }
+  return candidate;
+}
+
+const BLOCKED_PROPS: ReadonlySet<string | symbol> = new Set(['constructor', '__proto__', 'prototype']);
+
+function isBlockedProperty(property: string | symbol): boolean {
+  return BLOCKED_PROPS.has(property);
+}
+
+function wrapValue(value: unknown): unknown {
+  if (value === null || value === undefined) return value;
+  if (typeof value !== 'object' && typeof value !== 'function') return value;
+  return createSafeProxy(value);
+}
+
+async function wrapAsync(promise: Promise<unknown>): Promise<unknown> {
+  const resolved: unknown = await promise;
+  return wrapValue(resolved);
+}
+
+function createCallableProxy(bound: (...a: readonly unknown[]) => unknown): unknown {
+  const handler: ProxyHandler<typeof bound> = {
+    apply(_target: typeof bound, _thisArgument: unknown, argumentsList: unknown[]): unknown {
+      const result: unknown = bound(...argumentsList);
+      if (result instanceof Promise) {
+        return wrapAsync(result);
+      }
+      return wrapValue(result);
+    },
+    get(_target: typeof bound, property: string | symbol): unknown {
+      if (isBlockedProperty(property)) return undefined;
+      return Reflect.get(_target, property);
+    },
+  };
+  return new Proxy(bound, handler);
+}
+
+function createSafeProxy(target: unknown): unknown {
+  if (target === null || target === undefined) return target;
+  if (typeof target !== 'object' && typeof target !== 'function') return target;
+
+  const handler: ProxyHandler<Record<string | symbol, unknown>> = {
+    get(t: Record<string | symbol, unknown>, property: string | symbol): unknown {
+      if (isBlockedProperty(property)) return undefined;
+      const value: unknown = Reflect.get(t, property);
+      if (typeof value === 'function') {
+        const bound: (...a: readonly unknown[]) => unknown = value.bind(t);
+        return createCallableProxy(bound);
+      }
+      return wrapValue(value);
+    },
+  };
+  return new Proxy(target as Record<string | symbol, unknown>, handler);
+}
+
+function runInSandbox(code: string, globals: Readonly<Record<string, unknown>>): unknown {
+  const rawContext: Record<string, unknown> = Object.create(null) as Record<string, unknown>;
+  for (const key of Object.keys(globals)) {
+    const value: unknown = globals[key];
+    const safeValue: unknown = typeof value === 'object' && value !== null
+      ? createSafeProxy(value)
+      : value;
+    Reflect.set(rawContext, key, safeValue);
+  }
+  const context: vm.Context = vm.createContext(rawContext);
+  return vm.runInNewContext(`(${code})()`, context);
+}
+
+function successResult(content: unknown): ToolResult {
+  return { content: [{ text: truncateResponse(content), type: 'text' as const }] };
+}
+
+function errorResult(error: unknown): ToolResult {
+  return { content: [{ text: extractErrorMessage(error), type: 'text' as const }], isError: true };
+}
+
+export {
+  BLOCKED_PROPS,
+  createSafeProxy,
+  errorResult,
+  extractErrorMessage,
+  getConstructorFromPrototype,
+  resolveAsyncFunctionConstructor,
+  runInSandbox,
+  specEndpoints,
+  successResult,
+  wrapValue,
+};

package/src/tools/explore.ts

@@ -1,5 +1,5 @@
 import { API_SPEC } from '../api-spec.js';
-import { AsyncFunction, errorResult, specEndpoints, successResult } from './sandbox.js';
+import { errorResult, runInSandbox, specEndpoints, successResult } from './executor.js';
 import type { EndpointInfo, ToolResult } from '../types.js';
 
 const categories = [...new Set(API_SPEC.map((endpoint) => endpoint.category))].toSorted((a, b) => a.localeCompare(b)).join(', ');
@@ -47,8 +47,7 @@ async () => {
 
 async function handleExplore(code: string): Promise<ToolResult> {
   try {
-    const executor = new AsyncFunction('spec', `return (${code})()`);
-    const result: unknown = await executor({ endpoints: specEndpoints });
+    const result: unknown = await runInSandbox(code, { spec: { endpoints: specEndpoints } });
     return successResult(result);
   } catch (error: unknown) {
     return errorResult(error);

package/src/tools/tweetclaw.ts

@@ -1,5 +1,5 @@
 import { createProxiedRequest } from '../request.js';
-import { AsyncFunction, errorResult, specEndpoints, successResult } from './sandbox.js';
+import { errorResult, runInSandbox, specEndpoints, successResult } from './executor.js';
 import type { FetchFunction, RequestFunction, ToolResult } from '../types.js';
 
 const EXECUTE_DESCRIPTION = `Execute X (Twitter) API calls: post tweets, reply, like, retweet, follow, DM, update profile, upload media, search tweets, look up users, extract data, run giveaways, monitor accounts, compose tweets, and more. Write an async arrow function.
@@ -206,11 +206,12 @@ async () => {
     body: { toolType: 'follower_explorer', targetUsername: 'elonmusk', resultsLimit: 1000 }
   });
   return job;
-  // 20 tool types: reply_extractor, repost_extractor, quote_extractor, thread_extractor,
+  // 23 tool types: reply_extractor, repost_extractor, quote_extractor, thread_extractor,
   // article_extractor, follower_explorer, following_explorer, verified_follower_explorer,
   // mention_extractor, post_extractor, community_extractor, community_moderator_explorer,
   // community_post_extractor, community_search, list_member_extractor, list_post_extractor,
-  // list_follower_explorer, space_explorer, people_search, tweet_search_extractor
+  // list_follower_explorer, space_explorer, people_search, tweet_search_extractor,
+  // favoriters, user_likes, user_media
 }
 \`\`\`
 
@@ -297,11 +298,11 @@ async () => {
 
 ## Cost
 - Free: /api/v1/compose, /api/v1/styles (cached lookup/save/delete/compare), /api/v1/drafts, /api/v1/radar, /api/v1/subscribe, /api/v1/account, /api/v1/api-keys, /api/v1/bot/*, /api/v1/integrations/*, /api/v1/x/accounts, /api/v1/automations/*, /api/v1/support/*
-- MPP pay-per-use (no account/subscription needed, 7 endpoints): GET /api/v1/x/tweets/:id ($0.0003/call), GET /api/v1/x/tweets/search ($0.0003/tweet), GET /api/v1/x/users/:username ($0.00036/call), GET /api/v1/x/followers/check ($0.002/call), GET /api/v1/x/articles/:tweetId ($0.002/call), POST /api/v1/x/media/download ($0.0003/media), GET /api/v1/trends ($0.0009/call)
+- MPP pay-per-use (no account/subscription needed, 16 endpoints): GET /api/v1/x/tweets/:id ($0.00015/call), GET /api/v1/x/tweets/search ($0.00015/tweet), GET /api/v1/x/users/:username ($0.00015/call), GET /api/v1/x/users/:id/tweets ($0.00015/tweet), GET /api/v1/x/followers/check ($0.00105/call), GET /api/v1/x/articles/:tweetId ($0.00105/call), POST /api/v1/x/media/download ($0.00015/media), GET /api/v1/trends ($0.00045/call), GET /api/v1/x/trends ($0.00045/call), GET /api/v1/x/tweets/:id/quotes ($0.00015/tweet), GET /api/v1/x/tweets/:id/replies ($0.00015/tweet), GET /api/v1/x/tweets/:id/retweeters ($0.00015/user), GET /api/v1/x/tweets/:id/favoriters ($0.00015/user), GET /api/v1/x/tweets/:id/thread ($0.00015/tweet), GET /api/v1/x/users/:id/likes ($0.00015/tweet), GET /api/v1/x/users/:id/media ($0.00015/tweet)
 - Subscription required: /api/v1/styles (X API refresh when cache >7 days), /api/v1/x/profile, /api/v1/x/communities, /api/v1/x/dm, /api/v1/extractions, /api/v1/draws, /api/v1/monitors, /api/v1/events, /api/v1/webhooks, /api/v1/styles/:username/performance, /api/v1/trending/:source
 - Write actions (subscription required): POST /api/v1/x/tweets, DELETE /api/v1/x/tweets/:id, POST|DELETE /api/v1/x/tweets/:id/like, POST /api/v1/x/tweets/:id/retweet, POST|DELETE /api/v1/x/users/:id/follow, POST /api/v1/x/dm/:userId, POST /api/v1/x/media, PATCH /api/v1/x/profile, PATCH /api/v1/x/profile/avatar, PATCH /api/v1/x/profile/banner, POST|DELETE /api/v1/x/communities, POST|DELETE /api/v1/x/communities/:id/join
 - IMPORTANT: Always attempt the request. Never assume subscription status. The API returns a clear error if subscription is missing.
-- MPP MODE: When configured with tempoPrivateKey (no API key), the mppx SDK auto-handles 402 challenges by paying via Tempo (USDC). Only the 7 MPP-eligible endpoints work in this mode.
+- MPP MODE: When configured with tempoPrivateKey (no API key), the mppx SDK auto-handles 402 challenges by paying via Tempo (USDC). Only the 16 MPP-eligible endpoints work in this mode.
 
 ## Error handling
 - If response contains "subscription is inactive" or status 402, call POST /api/v1/subscribe to get checkout URL
@@ -324,10 +325,9 @@ async function handleTweetclaw(options: Readonly<TweetclawOptions>): Promise<Too
   const { apiKey, baseUrl, code, fetchFunction, timeoutMs = EXECUTION_TIMEOUT_MS } = options;
   try {
     const request: RequestFunction = createProxiedRequest(baseUrl, apiKey, fetchFunction);
-    const executor = new AsyncFunction('xquik', 'spec', `return (${code})()`);
 
     const result: unknown = await Promise.race([
-      executor({ request }, { endpoints: specEndpoints }),
+      runInSandbox(code, { xquik: { request }, spec: { endpoints: specEndpoints } }),
       new Promise<never>((_resolve, reject) => {
         setTimeout(() => {
           reject(new Error(`Execution timed out after ${String(timeoutMs / MS_PER_SECOND)}s`));

package/src/tools/sandbox.ts

@@ -1,58 +0,0 @@
-import { API_SPEC } from '../api-spec.js';
-import { truncateResponse } from '../truncate.js';
-import type { ToolResult } from '../types.js';
-
-const specEndpoints: ReadonlyArray<Readonly<Record<string, unknown>>> = API_SPEC.map(
-  (endpoint): Readonly<Record<string, unknown>> => ({ ...endpoint }),
-);
-
-function extractErrorMessage(error: unknown): string {
-  if (error instanceof Error) {
-    return `${error.constructor.name}: ${error.message}`;
-  }
-  return String(error);
-}
-
-function isAsyncFunctionConstructor(
-  value: unknown,
-): value is new (...parameters: readonly string[]) => (...parameters: readonly unknown[]) => Promise<unknown> {
-  return typeof value === 'function';
-}
-
-function getConstructorFromPrototype(proto: unknown): unknown {
-  if (typeof proto !== 'object' || proto === null) {
-    return undefined;
-  }
-  return 'constructor' in proto ? proto.constructor : undefined;
-}
-
-function resolveAsyncFunctionConstructor(prototype?: unknown): new (
-  ...parameters: readonly string[]
-) => (...parameters: readonly unknown[]) => Promise<unknown> {
-  const asyncPrototype: unknown = prototype ?? Object.getPrototypeOf(async (): Promise<void> => {});
-  const candidate: unknown = getConstructorFromPrototype(asyncPrototype);
-  if (!isAsyncFunctionConstructor(candidate)) {
-    throw new Error('AsyncFunction constructor not found');
-  }
-  return candidate;
-}
-
-const AsyncFunction = resolveAsyncFunctionConstructor();
-
-function successResult(content: unknown): ToolResult {
-  return { content: [{ text: truncateResponse(content), type: 'text' as const }] };
-}
-
-function errorResult(error: unknown): ToolResult {
-  return { content: [{ text: extractErrorMessage(error), type: 'text' as const }], isError: true };
-}
-
-export {
-  AsyncFunction,
-  errorResult,
-  extractErrorMessage,
-  getConstructorFromPrototype,
-  resolveAsyncFunctionConstructor,
-  specEndpoints,
-  successResult,
-};