@zenalexa/unicli 0.210.0 → 0.211.2

package/dist/mcp/streamable-http.js

@@ -0,0 +1,312 @@
+/**
+ * Streamable HTTP transport for the MCP server (spec 2025-03-26).
+ *
+ * Single endpoint: POST /mcp
+ *   - JSON-RPC request in body
+ *   - Response as application/json or text/event-stream (per Accept header)
+ *   - MCP-Session-Id header for session management
+ *   - MCP-Protocol-Version header enforced post-initialization
+ *
+ * DELETE /mcp — terminate session (requires MCP-Session-Id)
+ * GET /health  — server status + active session count
+ *
+ * Zero external dependencies — Node.js http + crypto only.
+ */
+import { randomUUID } from "node:crypto";
+import { createServer, } from "node:http";
+import { VERSION } from "../constants.js";
+import { handleOAuthRoute, createOAuthMiddleware } from "./oauth.js";
+// ── Constants ──────────────────────────────────────────────────────────────
+const MAX_BODY = 1_048_576; // 1 MB
+const SESSION_TTL_MS = 3_600_000; // 1 hour
+const PRUNE_INTERVAL_MS = 300_000; // 5 minutes
+const HEARTBEAT_MS = 30_000;
+const MCP_PROTOCOL_VERSION = "2025-03-26";
+const ALLOWED_ORIGINS = new Set(["http://localhost", "http://127.0.0.1"]);
+// Methods that may produce long-running responses — served as SSE when
+// the client accepts text/event-stream.
+const STREAMING_METHODS = new Set(["tools/call"]);
+const sessions = new Map();
+// ── Helpers ────────────────────────────────────────────────────────────────
+function jsonResponse(res, status, body, extraHeaders) {
+    res.writeHead(status, {
+        "Content-Type": "application/json",
+        "Cache-Control": "no-store",
+        ...extraHeaders,
+    });
+    res.end(JSON.stringify(body));
+}
+function readBody(req) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let size = 0;
+        req.on("data", (chunk) => {
+            size += chunk.length;
+            if (size > MAX_BODY) {
+                req.destroy();
+                reject(new Error("Request too large"));
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+        req.on("error", reject);
+    });
+}
+function pruneStaleSessions() {
+    const cutoff = Date.now() - SESSION_TTL_MS;
+    for (const [id, session] of sessions) {
+        if (session.lastSeen < cutoff)
+            sessions.delete(id);
+    }
+}
+/**
+ * Validate Origin header for DNS rebinding protection.
+ * Allow requests with no Origin (non-browser clients) or from localhost.
+ */
+function isOriginAllowed(req) {
+    const origin = req.headers.origin;
+    if (!origin)
+        return true; // Non-browser clients omit Origin
+    // Accept any localhost origin regardless of port
+    try {
+        const url = new URL(origin);
+        if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
+            return true;
+        }
+    }
+    catch {
+        // Malformed origin — reject
+    }
+    return ALLOWED_ORIGINS.has(origin);
+}
+function clientAcceptsSSE(req) {
+    const accept = req.headers.accept ?? "";
+    return accept.includes("text/event-stream");
+}
+// ── POST /mcp Handler ──────────────────────────────────────────────────────
+async function handlePost(req, res, handler) {
+    // Origin validation
+    if (!isOriginAllowed(req)) {
+        jsonResponse(res, 403, {
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Forbidden: invalid Origin" },
+        });
+        return;
+    }
+    // Read and parse body
+    let body;
+    try {
+        body = await readBody(req);
+    }
+    catch {
+        jsonResponse(res, 413, {
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Request too large" },
+        });
+        return;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        jsonResponse(res, 400, {
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32700, message: "Parse error" },
+        });
+        return;
+    }
+    const sessionId = req.headers["mcp-session-id"];
+    const isInitialize = parsed.method === "initialize";
+    // Session validation: post-init requests require a valid session
+    if (!isInitialize) {
+        if (!sessionId || !sessions.has(sessionId)) {
+            jsonResponse(res, 400, {
+                jsonrpc: "2.0",
+                id: parsed.id ?? null,
+                error: { code: -32600, message: "Invalid or missing MCP-Session-Id" },
+            });
+            return;
+        }
+        sessions.get(sessionId).lastSeen = Date.now();
+    }
+    // Notification (no id) — respond 204 No Content
+    if (parsed.id === undefined || parsed.id === null) {
+        try {
+            await handler(parsed);
+        }
+        catch {
+            // Notifications have no response — swallow errors
+        }
+        res.writeHead(204);
+        res.end();
+        return;
+    }
+    // Execute the handler
+    let response;
+    try {
+        response = await handler(parsed);
+        // Handler returns null for notifications — should not reach here due to
+        // the check above, but guard anyway.
+        if (!response) {
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        jsonResponse(res, 500, {
+            jsonrpc: "2.0",
+            id: parsed.id ?? null,
+            error: { code: -32603, message: `Internal error: ${message}` },
+        });
+        return;
+    }
+    // For initialize: create session and return MCP-Session-Id
+    if (isInitialize) {
+        const newSessionId = randomUUID();
+        sessions.set(newSessionId, {
+            created: Date.now(),
+            lastSeen: Date.now(),
+            protocolVersion: MCP_PROTOCOL_VERSION,
+        });
+        jsonResponse(res, 200, response, {
+            "MCP-Session-Id": newSessionId,
+            "MCP-Protocol-Version": MCP_PROTOCOL_VERSION,
+        });
+        return;
+    }
+    // For streaming-eligible methods: respond with SSE if client accepts it
+    if (STREAMING_METHODS.has(parsed.method) && clientAcceptsSSE(req)) {
+        res.writeHead(200, {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+            "MCP-Session-Id": sessionId,
+        });
+        // Send the response as an SSE event
+        const eventId = randomUUID();
+        res.write(`id: ${eventId}\nevent: message\ndata: ${JSON.stringify(response)}\n\n`);
+        // Close the stream after delivering the response
+        res.end();
+        return;
+    }
+    // Default: respond with JSON
+    const headers = {};
+    if (sessionId)
+        headers["MCP-Session-Id"] = sessionId;
+    jsonResponse(res, 200, response, headers);
+}
+// ── DELETE /mcp Handler ────────────────────────────────────────────────────
+function handleDelete(req, res) {
+    const sessionId = req.headers["mcp-session-id"];
+    if (!sessionId || !sessions.has(sessionId)) {
+        jsonResponse(res, 400, {
+            jsonrpc: "2.0",
+            id: null,
+            error: { code: -32600, message: "Invalid or missing MCP-Session-Id" },
+        });
+        return;
+    }
+    sessions.delete(sessionId);
+    res.writeHead(204);
+    res.end();
+}
+// ── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Start the MCP Streamable HTTP transport server (spec 2025-03-26).
+ *
+ * Single endpoint (POST /mcp) handles all JSON-RPC communication.
+ * DELETE /mcp terminates sessions. GET /health returns server info.
+ */
+export async function startStreamableHttp(port, handler, options) {
+    const oauthMiddleware = options?.auth ? createOAuthMiddleware() : null;
+    // Periodic session pruning
+    const pruneTimer = setInterval(pruneStaleSessions, PRUNE_INTERVAL_MS);
+    pruneTimer.unref(); // Do not keep process alive for pruning
+    const server = createServer((req, res) => {
+        const method = req.method ?? "";
+        const pathname = (req.url ?? "/").split("?")[0];
+        // CORS preflight
+        if (method === "OPTIONS") {
+            res.writeHead(204, {
+                "Access-Control-Allow-Origin": req.headers.origin ?? "*",
+                "Access-Control-Allow-Methods": "POST, DELETE, OPTIONS",
+                "Access-Control-Allow-Headers": "Content-Type, MCP-Session-Id, MCP-Protocol-Version, Authorization, Accept",
+                "Access-Control-Max-Age": "86400",
+            });
+            res.end();
+            return;
+        }
+        // OAuth routes — always public when auth is enabled
+        if (options?.auth && handleOAuthRoute(req, res))
+            return;
+        // Health check
+        if (method === "GET" && (pathname === "/health" || pathname === "/")) {
+            jsonResponse(res, 200, {
+                status: "ok",
+                transport: "streamable-http",
+                version: VERSION,
+                sessions: sessions.size,
+                protocolVersion: MCP_PROTOCOL_VERSION,
+            });
+            return;
+        }
+        // Main MCP endpoint
+        if (pathname === "/mcp") {
+            // OAuth middleware — block unauthenticated requests
+            if (oauthMiddleware?.(req, res))
+                return;
+            if (method === "POST") {
+                handlePost(req, res, handler).catch(() => {
+                    if (!res.writableEnded) {
+                        jsonResponse(res, 500, {
+                            jsonrpc: "2.0",
+                            id: null,
+                            error: { code: -32603, message: "Unexpected server error" },
+                        });
+                    }
+                });
+                return;
+            }
+            if (method === "DELETE") {
+                handleDelete(req, res);
+                return;
+            }
+        }
+        // Not found
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Not found" }));
+    });
+    server.on("close", () => {
+        clearInterval(pruneTimer);
+        sessions.clear();
+    });
+    await new Promise((resolve, reject) => {
+        server.once("error", reject);
+        server.listen(port, "127.0.0.1", () => {
+            server.off("error", reject);
+            resolve();
+        });
+    });
+    process.stderr.write(`unicli MCP server v${VERSION} — Streamable HTTP transport on http://127.0.0.1:${port}\n` +
+        `  MCP endpoint: POST/DELETE http://127.0.0.1:${port}/mcp\n` +
+        `  Health check: GET         http://127.0.0.1:${port}/health\n` +
+        `  Protocol:     ${MCP_PROTOCOL_VERSION}\n`);
+}
+// Exported for testing
+export const _test = {
+    sessions,
+    pruneStaleSessions,
+    isOriginAllowed,
+    ALLOWED_ORIGINS,
+    SESSION_TTL_MS,
+    HEARTBEAT_MS,
+    MCP_PROTOCOL_VERSION,
+};
+//# sourceMappingURL=streamable-http.js.map

package/dist/mcp/streamable-http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"streamable-http.js","sourceRoot":"","sources":["../../src/mcp/streamable-http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EACL,YAAY,GAGb,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAgCrE,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,OAAO;AACnC,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,SAAS;AAC3C,MAAM,iBAAiB,GAAG,OAAO,CAAC,CAAC,YAAY;AAC/C,MAAM,YAAY,GAAG,MAAM,CAAC;AAC5B,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAE1E,uEAAuE;AACvE,wCAAwC;AACxC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;AAElD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,8EAA8E;AAE9E,SAAS,YAAY,CACnB,GAAmB,EACnB,MAAc,EACd,IAA6B,EAC7B,YAAqC;IAErC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE;QACpB,cAAc,EAAE,kBAAkB;QAClC,eAAe,EAAE,UAAU;QAC3B,GAAG,YAAY;KAChB,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAoB;IACpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;YACrB,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;gBACvC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACtE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;IAC3C,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,QAAQ,GAAG,MAAM;YAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,kCAAkC;IAC5D,iDAAiD;IACjD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACjE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,4BAA4B;IAC9B,CAAC;IACD,OAAO,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAoB;IAC5C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IACxC,OAAO,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AAC9C,CAAC;AAED,8EAA8E;AAE9E,KAAK,UAAU,UAAU,CACvB,GAAoB,EACpB,GAAmB,EACnB,OAAgB;IAEhB,oBAAoB;IACpB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,IAAI;YACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,2BAA2B,EAAE;SAC9D,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,sBAAsB;IACtB,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,IAAI;YACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mBAAmB,EAAE;SACtD,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,MAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,IAAI;YACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE;SAChD,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,KAAK,YAAY,CAAC;IAEpD,iEAAiE;IACjE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;gBACrB,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,MAAM,CAAC,EAAE,IAAI,IAAI;gBACrB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mCAAmC,EAAE;aACtE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACjD,CAAC;IAED,gDAAgD;IAChD,IAAI,MAAM,CAAC,EAAE,KAAK,SAAS,IAAI,MAAM,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,kDAAkD;QACpD,CAAC;QACD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,sBAAsB;IACtB,IAAI,QAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,wEAAwE;QACxE,qCAAqC;QACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,MAAM,CAAC,EAAE,IAAI,IAAI;YACrB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mBAAmB,OAAO,EAAE,EAAE;SAC/D,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,2DAA2D;IAC3D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,YAAY,GAAG,UAAU,EAAE,CAAC;QAClC,QAAQ,CAAC,GAAG,CAAC,YAAY,EAAE;YACzB,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE;YACnB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;YACpB,eAAe,EAAE,oBAAoB;SACtC,CAAC,CAAC;QACH,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,QAA8C,EAAE;YACrE,gBAAgB,EAAE,YAAY;YAC9B,sBAAsB,EAAE,oBAAoB;SAC7C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,wEAAwE;IACxE,IAAI,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;YACjB,cAAc,EAAE,mBAAmB;YACnC,eAAe,EAAE,UAAU;YAC3B,UAAU,EAAE,YAAY;YACxB,gBAAgB,EAAE,SAAU;SAC7B,CAAC,CAAC;QAEH,oCAAoC;QACpC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,GAAG,CAAC,KAAK,CACP,OAAO,OAAO,2BAA2B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CACxE,CAAC;QAEF,iDAAiD;QACjD,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,6BAA6B;IAC7B,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,IAAI,SAAS;QAAE,OAAO,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;IACrD,YAAY,CACV,GAAG,EACH,GAAG,EACH,QAA8C,EAC9C,OAAO,CACR,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,SAAS,YAAY,CAAC,GAAoB,EAAE,GAAmB;IAC7D,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACtE,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;YACrB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,IAAI;YACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mCAAmC,EAAE;SACtE,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IACD,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACnB,GAAG,CAAC,GAAG,EAAE,CAAC;AACZ,CAAC;AAED,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAY,EACZ,OAAgB,EAChB,OAA+B;IAE/B,MAAM,eAAe,GAAG,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAEvE,2BAA2B;IAC3B,MAAM,UAAU,GAAG,WAAW,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;IACtE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC,wCAAwC;IAE5D,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;QACxE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAEhD,iBAAiB;QACjB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;gBACjB,6BAA6B,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,GAAG;gBACxD,8BAA8B,EAAE,uBAAuB;gBACvD,8BAA8B,EAC5B,2EAA2E;gBAC7E,wBAAwB,EAAE,OAAO;aAClC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,oDAAoD;QACpD,IAAI,OAAO,EAAE,IAAI,IAAI,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC;YAAE,OAAO;QAExD,eAAe;QACf,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,GAAG,CAAC,EAAE,CAAC;YACrE,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;gBACrB,MAAM,EAAE,IAAI;gBACZ,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,eAAe,EAAE,oBAAoB;aACtC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,oBAAoB;QACpB,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxB,oDAAoD;YACpD,IAAI,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;gBAAE,OAAO;YAExC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBACvC,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;wBACvB,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE;4BACrB,OAAO,EAAE,KAAK;4BACd,EAAE,EAAE,IAAI;4BACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,yBAAyB,EAAE;yBAC5D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvB,OAAO;YACT,CAAC;QACH,CAAC;QAED,YAAY;QACZ,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACtB,aAAa,CAAC,UAAU,CAAC,CAAC;QAC1B,QAAQ,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5B,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sBAAsB,OAAO,oDAAoD,IAAI,IAAI;QACvF,gDAAgD,IAAI,QAAQ;QAC5D,gDAAgD,IAAI,WAAW;QAC/D,mBAAmB,oBAAoB,IAAI,CAC9C,CAAC;AACJ,CAAC;AAED,uBAAuB;AACvB,MAAM,CAAC,MAAM,KAAK,GAAG;IACnB,QAAQ;IACR,kBAAkB;IAClB,eAAe;IACf,eAAe;IACf,cAAc;IACd,YAAY;IACZ,oBAAoB;CACZ,CAAC"}

package/dist/permissions/sensitive-paths.js

@@ -61,8 +61,8 @@ export const SENSITIVE_PATH_PATTERNS = [
     // GCP credentials
     /\/\.config\/gcloud\/(application_default_credentials|legacy_credentials)/,
     // Azure CLI session + profile
-    /\/\.azure\/accesstokens\.json$/,
-    /\/\.azure\/azureprofile\.json$/,
+    /\/\.azure\/accesstokens\.json$/i,
+    /\/\.azure\/azureprofile\.json$/i,
     // GitHub CLI host config (contains OAuth token)
     /\/\.config\/gh\/hosts\.yml$/,
     // 1Password CLI session state

package/dist/permissions/sensitive-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"sensitive-paths.js","sourceRoot":"","sources":["../../src/permissions/sensitive-paths.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAEnD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsB;IACxD,yCAAyC;IACzC,eAAe;IACf,kBAAkB;IAClB,uBAAuB;IACvB,kBAAkB;IAClB,iCAAiC;IACjC,iBAAiB;IACjB,oBAAoB;IACpB,mBAAmB;IACnB,qBAAqB;IACrB,2BAA2B;IAC3B,iBAAiB;IACjB,YAAY;IACZ,kCAAkC;IAClC,mCAAmC;IACnC,gCAAgC;IAChC,0CAA0C;IAC1C,qCAAqC;IACrC,sCAAsC;IACtC,kBAAkB;IAClB,0EAA0E;IAC1E,8BAA8B;IAC9B,gCAAgC;IAChC,gCAAgC;IAChC,gDAAgD;IAChD,6BAA6B;IAC7B,8BAA8B;IAC9B,sBAAsB;IACtB,2BAA2B;IAC3B,aAAa;IACb,yEAAyE;IACzE,YAAY;IACZ,WAAW;IACX,aAAa;IACb,2BAA2B;IAC3B,cAAc;IACd,oCAAoC;IACpC,mCAAmC;CACpC,CAAC;AAEF;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC/C,yEAAyE;IACzE,4DAA4D;IAC5D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAClE,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAChD,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,OAAO,CAAC;IAC7C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAe;IAEf,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,kEAAkE;IAClE,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;QAChD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;IACzE,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,kBAAkB,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;AACnD,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,OAAO,0BAA0B,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;AAC3D,CAAC;AAoBD;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAe;IACtD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO;QACL,KAAK,EAAE,uBAAuB;QAC9B,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC7C,IAAI,EAAE,mJAAmJ;KAC1J,CAAC;AACJ,CAAC"}
+{"version":3,"file":"sensitive-paths.js","sourceRoot":"","sources":["../../src/permissions/sensitive-paths.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AAEnD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsB;IACxD,yCAAyC;IACzC,eAAe;IACf,kBAAkB;IAClB,uBAAuB;IACvB,kBAAkB;IAClB,iCAAiC;IACjC,iBAAiB;IACjB,oBAAoB;IACpB,mBAAmB;IACnB,qBAAqB;IACrB,2BAA2B;IAC3B,iBAAiB;IACjB,YAAY;IACZ,kCAAkC;IAClC,mCAAmC;IACnC,gCAAgC;IAChC,0CAA0C;IAC1C,qCAAqC;IACrC,sCAAsC;IACtC,kBAAkB;IAClB,0EAA0E;IAC1E,8BAA8B;IAC9B,iCAAiC;IACjC,iCAAiC;IACjC,gDAAgD;IAChD,6BAA6B;IAC7B,8BAA8B;IAC9B,sBAAsB;IACtB,2BAA2B;IAC3B,aAAa;IACb,yEAAyE;IACzE,YAAY;IACZ,WAAW;IACX,aAAa;IACb,2BAA2B;IAC3B,cAAc;IACd,oCAAoC;IACpC,mCAAmC;CACpC,CAAC;AAEF;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC/C,yEAAyE;IACzE,4DAA4D;IAC5D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAClE,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAChD,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,OAAO,CAAC;IAC7C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAe;IAEf,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,kEAAkE;IAClE,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,sEAAsE;IACtE,sEAAsE;IACtE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;QAChD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;IACzE,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,OAAO,kBAAkB,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;AACnD,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,OAAO,0BAA0B,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;AAC3D,CAAC;AAoBD;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAe;IACtD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO;QACL,KAAK,EAAE,uBAAuB;QAC9B,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC7C,IAAI,EAAE,mJAAmJ;KAC1J,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zenalexa/unicli",
-  "version": "0.210.0",
+  "version": "0.211.2",
   "description": "The universal interface between AI agents and the world's software",
   "type": "module",
   "main": "dist/main.js",
@@ -69,23 +69,23 @@
   "dependencies": {
     "chalk": "^5.4.1",
     "cli-table3": "^0.6.5",
-    "commander": "^13.1.0",
+    "commander": "^14.0.3",
     "js-yaml": "^4.1.0",
     "turndown": "^7.2.4",
-    "undici": "^7.5.0",
+    "undici": "^8.0.2",
     "ws": "^8.18.0",
-    "zod": "^3.24.0"
+    "zod": "^4.3.6"
   },
   "devDependencies": {
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^22.13.0",
+    "@types/node": "^25.6.0",
     "@types/turndown": "^5.0.6",
     "@types/ws": "^8.5.14",
     "oxlint": "^1.0.0",
     "prettier": "^3.5.0",
     "tsx": "^4.19.0",
-    "typescript": "^5.7.0",
+    "typescript": "^6.0.2",
     "vitepress": "^1.6.0",
-    "vitest": "^3.1.0"
+    "vitest": "^3.2.4"
   }
 }

package/src/adapters/1688/_site.json

@@ -0,0 +1,9 @@
+{
+  "site": "1688",
+  "displayName": "1688.com",
+  "type": "web-api",
+  "domain": "1688.com",
+  "description": "1688.com — Alibaba wholesale B2B marketplace",
+  "strategy": "cookie",
+  "category": "shopping"
+}

package/src/adapters/barchart/_site.json

@@ -0,0 +1,10 @@
+{
+  "site": "barchart",
+  "displayName": "Barchart",
+  "type": "web-api",
+  "domain": "barchart.com",
+  "description": "Barchart — financial data, options, and market analytics",
+  "strategy": "cookie",
+  "category": "finance",
+  "auth_cookies": ["bcFreeUserPage498", "laravel_session", "XSRF-TOKEN"]
+}

package/src/adapters/jd/_site.json

@@ -0,0 +1,9 @@
+{
+  "site": "jd",
+  "displayName": "JD.com",
+  "type": "web-api",
+  "domain": "jd.com",
+  "description": "JD.com — Chinese e-commerce platform",
+  "strategy": "public",
+  "category": "shopping"
+}

package/src/adapters/linkedin/_site.json

@@ -0,0 +1,10 @@
+{
+  "site": "linkedin",
+  "displayName": "LinkedIn",
+  "type": "web-api",
+  "domain": "linkedin.com",
+  "description": "LinkedIn — professional networking and job search",
+  "strategy": "header",
+  "category": "social",
+  "auth_cookies": ["li_at", "JSESSIONID"]
+}

package/src/adapters/macos/finder-copy.yaml

@@ -0,0 +1,40 @@
+site: macos
+name: finder-copy
+description: Copy a file or folder to a destination path
+type: desktop
+binary: osascript
+detect: "test $(uname) = Darwin"
+
+args:
+  source:
+    type: str
+    required: true
+    positional: true
+    description: Source file or folder path
+  destination:
+    type: str
+    required: true
+    positional: true
+    description: Destination path
+
+pipeline:
+  - exec:
+      command: osascript
+      args:
+        - "-l"
+        - "JavaScript"
+        - "-e"
+        - |
+          const fm = $.NSFileManager.defaultManager;
+          const src = ${{ args.source | json }};
+          const dst = ${{ args.destination | json }};
+          const err = Ref();
+          const ok = fm.copyItemAtPathToPathError(src, dst, err);
+          if (!ok) {
+            const msg = err[0] ? ObjC.unwrap(err[0].localizedDescription) : 'unknown error';
+            throw new Error(msg);
+          }
+          JSON.stringify([{ copied: src, to: dst, status: 'ok' }]);
+      parse: json
+
+columns: [copied, to, status]

package/src/adapters/macos/finder-move.yaml

@@ -0,0 +1,40 @@
+site: macos
+name: finder-move
+description: Move or rename a file or folder
+type: desktop
+binary: osascript
+detect: "test $(uname) = Darwin"
+
+args:
+  source:
+    type: str
+    required: true
+    positional: true
+    description: Source file or folder path
+  destination:
+    type: str
+    required: true
+    positional: true
+    description: Destination path
+
+pipeline:
+  - exec:
+      command: osascript
+      args:
+        - "-l"
+        - "JavaScript"
+        - "-e"
+        - |
+          const fm = $.NSFileManager.defaultManager;
+          const src = ${{ args.source | json }};
+          const dst = ${{ args.destination | json }};
+          const err = Ref();
+          const ok = fm.moveItemAtPathToPathError(src, dst, err);
+          if (!ok) {
+            const msg = err[0] ? ObjC.unwrap(err[0].localizedDescription) : 'unknown error';
+            throw new Error(msg);
+          }
+          JSON.stringify([{ moved: src, to: dst, status: 'ok' }]);
+      parse: json
+
+columns: [moved, to, status]

package/src/adapters/macos/finder-new-folder.yaml

@@ -0,0 +1,36 @@
+site: macos
+name: finder-new-folder
+description: Create a new directory (with intermediate directories)
+type: desktop
+binary: osascript
+detect: "test $(uname) = Darwin"
+
+args:
+  path:
+    type: str
+    required: true
+    positional: true
+    description: Directory path to create
+
+pipeline:
+  - exec:
+      command: osascript
+      args:
+        - "-l"
+        - "JavaScript"
+        - "-e"
+        - |
+          const fm = $.NSFileManager.defaultManager;
+          const path = ${{ args.path | json }};
+          const err = Ref();
+          const ok = fm.createDirectoryAtPathWithIntermediateDirectoriesAttributesError(
+            path, true, $(), err
+          );
+          if (!ok) {
+            const msg = err[0] ? ObjC.unwrap(err[0].localizedDescription) : 'unknown error';
+            throw new Error(msg);
+          }
+          JSON.stringify([{ created: path, status: 'ok' }]);
+      parse: json
+
+columns: [created, status]

package/src/adapters/macos/safari-history.yaml

@@ -0,0 +1,23 @@
+site: macos
+name: safari-history
+description: Get recent Safari browsing history via SQLite
+type: desktop
+binary: sqlite3
+detect: "test $(uname) = Darwin"
+
+args:
+  limit:
+    type: int
+    default: 20
+    description: Number of recent history entries to return
+
+pipeline:
+  - exec:
+      command: sqlite3
+      args:
+        - "-json"
+        - "$HOME/Library/Safari/History.db"
+        - "SELECT hi.url, hv.title, datetime(hv.visit_time + 978307200, 'unixepoch', 'localtime') AS visited_at FROM history_visits hv JOIN history_items hi ON hv.history_item = hi.id ORDER BY hv.visit_time DESC LIMIT ${{ args.limit | int | default(20) }};"
+      parse: json
+
+columns: [title, url, visited_at]

package/src/adapters/macos/safari-url.yaml

@@ -0,0 +1,22 @@
+site: macos
+name: safari-url
+description: Get the URL and title of the active Safari tab
+type: desktop
+binary: osascript
+detect: "test $(uname) = Darwin"
+
+pipeline:
+  - exec:
+      command: osascript
+      args:
+        - "-l"
+        - "JavaScript"
+        - "-e"
+        - |
+          const app = Application('Safari');
+          const win = app.windows[0];
+          const tab = win.currentTab();
+          JSON.stringify([{ url: tab.url(), title: tab.name() }]);
+      parse: json
+
+columns: [url, title]

package/src/adapters/macos/screen-recording.yaml

@@ -0,0 +1,32 @@
+site: macos
+name: screen-recording
+description: Record the screen to a video file using screencapture
+type: desktop
+binary: screencapture
+detect: "test $(uname) = Darwin"
+
+args:
+  file:
+    type: str
+    default: "/tmp/recording.mov"
+    description: Output file path for the recording (must end in .mov or .mp4)
+  duration:
+    type: int
+    default: 10
+    description: Recording duration in seconds
+
+pipeline:
+  - exec:
+      command: screencapture
+      args:
+        - "-x"
+        - "-v"
+        - "-V"
+        - "${{ args.duration | default(10) }}"
+        - "${{ args.file | default('/tmp/recording.mov') }}"
+      parse: text
+      timeout: "${{ (args.duration + 5) * 1000 }}"
+
+  - evaluate: "JSON.stringify([{ file: ${{ args.file | json }}, duration: ${{ args.duration }}, status: 'recorded' }])"
+
+columns: [file, duration, status]

package/src/adapters/macos/wallpaper.yaml

@@ -0,0 +1,33 @@
+site: macos
+name: wallpaper
+description: Get or set the desktop wallpaper
+type: desktop
+binary: osascript
+detect: "test $(uname) = Darwin"
+
+args:
+  path:
+    type: str
+    positional: true
+    description: Path to image file (omit to get the current wallpaper)
+
+pipeline:
+  - exec:
+      command: osascript
+      args:
+        - "-l"
+        - "JavaScript"
+        - "-e"
+        - |
+          const se = Application('System Events');
+          const desktop = se.desktops[0];
+          const newPath = ${{ args.path | default("") | json }};
+          if (newPath) {
+            desktop.picture = newPath;
+            JSON.stringify([{ wallpaper: newPath, action: 'set' }]);
+          } else {
+            JSON.stringify([{ wallpaper: desktop.picture(), action: 'get' }]);
+          }
+      parse: json
+
+columns: [wallpaper, action]