byr-pt-cli 0.1.5 → 0.1.7

package/dist/{cli-Ds1ZVpjV.mjs → cli-Boa0FrUq.mjs}

@@ -1,9 +1,10 @@
 import { renderBrowseOutput, runBrowseCommand } from "./commands/browse.mjs";
 import { renderDownloadOutput, runDownloadCommand } from "./commands/download.mjs";
-import { a as clearAuthStore, c as writeAuthStore, i as resolveClientConfig, n as renderDoctorOutput, o as maskCookieHeader, r as runDoctorCommand, s as validateByrCookie, t as getDoctorFailureCode } from "./doctor-JqfcqakX.mjs";
+import { c as writeAuthStore, i as maskCookieHeader, s as validateByrCookie, t as clearAuthStore } from "./store-CtnRgFKg.mjs";
+import { i as resolveClientConfig, n as renderDoctorOutput, r as runDoctorCommand, t as getDoctorFailureCode } from "./doctor-BFpvus4A.mjs";
 import { renderGetOutput, runGetCommand } from "./commands/get.mjs";
 import { renderSearchOutput, runSearchCommand } from "./commands/search.mjs";
-import { a as parseLoginForm, c as BYR_INCLDEAD_FACET, d as parseCategoryAliases, f as parseSimpleFacetAliases, i as looksLikeLoginPage, l as BYR_SPSTATE_FACET, o as HttpSession, s as BYR_BOOKMARKED_FACET, t as createByrClient, u as getByrMetadata } from "./client-BeMmaDg5.mjs";
+import { a as parseLoginForm, c as BYR_INCLDEAD_FACET, d as parseCategoryAliases, f as parseSimpleFacetAliases, i as looksLikeLoginPage, l as BYR_SPSTATE_FACET, o as HttpSession, s as BYR_BOOKMARKED_FACET, t as createByrClient, u as getByrMetadata } from "./client-CmhKYsjk.mjs";
 import { createRequire } from "node:module";
 import { writeFile } from "node:fs/promises";
 import { createInterface } from "node:readline/promises";
@@ -12,7 +13,7 @@ import { spawnSync } from "node:child_process";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
 import { copyFileSync, existsSync, readFileSync, rmSync, statSync } from "node:fs";
-import { createDecipheriv, pbkdf2Sync, randomUUID } from "node:crypto";
+import { createDecipheriv, createHash, pbkdf2Sync, randomUUID } from "node:crypto";
 
 //#region src/domain/auth/browser.ts
 const TARGET_DOMAINS = new Set([
@@ -60,7 +61,7 @@ function importCookieFromChrome(profile) {
 			"-separator",
 			"	",
 			tempDb,
-			"SELECT name, value, hex(encrypted_value) FROM cookies WHERE host_key IN ('.byr.pt','byr.pt','.bt.byr.cn','bt.byr.cn') AND name IN ('uid','pass','session_id','auth_token','refresh_token')"
+			"SELECT name, value, hex(encrypted_value), host_key FROM cookies WHERE host_key IN ('.byr.pt','byr.pt','.bt.byr.cn','bt.byr.cn') AND name IN ('uid','pass','session_id','auth_token','refresh_token')"
 		], { encoding: "utf8" });
 		if (sqlite.status !== 0) throw new CliAppError({
 			code: "E_AUTH_REQUIRED",
@@ -71,15 +72,16 @@ function importCookieFromChrome(profile) {
 		const lines = (sqlite.stdout ?? "").split("\n").map((line) => line.trim()).filter((line) => line.length > 0);
 		let keyHex;
 		for (const line of lines) {
-			const [name, value, encryptedHex] = line.split("	");
+			const [name, value = "", encryptedHex = "", hostKey = ""] = line.split("	");
 			if (!AUTH_COOKIE_NAMES.has(name)) continue;
-			if (value && value.length > 0) {
-				cookies.set(name, value);
+			const normalized = normalizeCookieValue(value);
+			if (normalized) {
+				cookies.set(name, normalized);
 				continue;
 			}
 			if (!keyHex) keyHex = getChromeSafeStorageKeyHex();
 			if (!encryptedHex || encryptedHex.length === 0 || !keyHex) continue;
-			const resolved = decryptChromeCookieHex(encryptedHex, keyHex);
+			const resolved = decryptChromeCookieHex(encryptedHex, keyHex, hostKey);
 			if (resolved) cookies.set(name, resolved);
 		}
 		return {
@@ -112,13 +114,20 @@ function getChromeSafeStorageKeyHex() {
 		return pbkdf2Sync(password, "saltysalt", 1003, 16, "sha1").toString("hex");
 	}
 }
-function decryptChromeCookieHex(encryptedHex, keyHex) {
+function decryptChromeCookieHex(encryptedHex, keyHex, hostKey) {
 	try {
 		let encrypted = Buffer.from(encryptedHex, "hex");
 		if (encrypted.length === 0) return;
-		if (encrypted.subarray(0, 3).toString("utf8") === "v10") encrypted = encrypted.subarray(3);
+		const version = encrypted.subarray(0, 3).toString("utf8");
+		if (version === "v10" || version === "v11") encrypted = encrypted.subarray(3);
 		const decipher = createDecipheriv("aes-128-cbc", Buffer.from(keyHex, "hex"), Buffer.alloc(16, 32));
-		return Buffer.concat([decipher.update(encrypted), decipher.final()]).toString("utf8").replaceAll("\0", "").trim();
+		let decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+		const normalizedHostKey = hostKey?.trim();
+		if (normalizedHostKey && decrypted.length > 32) {
+			const digest = createHash("sha256").update(normalizedHostKey).digest();
+			if (decrypted.subarray(0, 32).equals(digest)) decrypted = decrypted.subarray(32);
+		}
+		return normalizeCookieValue(decrypted.toString("utf8").replaceAll("\0", "").trim());
 	} catch {
 		return;
 	}
@@ -182,7 +191,10 @@ function extractByrCookie(records, source) {
 	const map = /* @__PURE__ */ new Map();
 	for (const record of records) {
 		if (!TARGET_DOMAINS.has(record.domain)) continue;
-		if (AUTH_COOKIE_NAMES.has(record.name)) map.set(record.name, record.value);
+		if (AUTH_COOKIE_NAMES.has(record.name)) {
+			const normalized = normalizeCookieValue(record.value);
+			if (normalized) map.set(record.name, normalized);
+		}
 	}
 	if (map.size === 0) return;
 	try {
@@ -214,6 +226,16 @@ function buildByrAuthCookieHeader(cookieMap, context) {
 		}
 	});
 }
+function normalizeCookieValue(value) {
+	const trimmed = value.trim();
+	if (trimmed.length === 0) return;
+	for (const char of trimmed) {
+		const code = char.charCodeAt(0);
+		if (code < 33 || code > 126) return;
+		if (char === ";" || char === ",") return;
+	}
+	return trimmed;
+}
 function parseBinaryCookies(buffer) {
 	if (buffer.length < 8 || buffer.subarray(0, 4).toString("ascii") !== "cook") return [];
 	const numPages = buffer.readUInt32BE(4);

package/dist/cli.mjs

@@ -1,5 +1,6 @@
-import "./doctor-JqfcqakX.mjs";
-import "./client-BeMmaDg5.mjs";
-import { t as runCli } from "./cli-Ds1ZVpjV.mjs";
+import "./store-CtnRgFKg.mjs";
+import "./doctor-BFpvus4A.mjs";
+import "./client-CmhKYsjk.mjs";
+import { t as runCli } from "./cli-Boa0FrUq.mjs";
 
 export { runCli };

package/dist/{client-BeMmaDg5.mjs → client-CmhKYsjk.mjs}

@@ -1,3 +1,4 @@
+import { s as validateByrCookie } from "./store-CtnRgFKg.mjs";
 import { CliAppError } from "clawkit-cli-core";
 
 //#region src/domain/byr-metadata.ts
@@ -1198,13 +1199,15 @@ function parseTimeoutMs(value) {
 function createByrClient(options = {}) {
 	const baseUrl = normalizeBaseUrl(options.baseUrl ?? DEFAULT_BASE_URL);
 	const timeoutMs = sanitizeTimeout(options.timeoutMs);
+	const cookie = options.cookie?.trim();
+	if (cookie && cookie.length > 0) validateByrCookie(cookie);
 	const username = options.username?.trim() ?? "";
 	const password = options.password ?? "";
 	const session = new HttpSession({
 		baseUrl,
 		timeoutMs,
 		fetchImpl: options.fetchImpl,
-		initialCookie: options.cookie,
+		initialCookie: cookie,
 		userAgent: "byr-pt-cli"
 	});
 	let authInitialized = session.cookieSize() > 0;

package/dist/commands/doctor.mjs

@@ -1,3 +1,4 @@
-import { n as renderDoctorOutput, r as runDoctorCommand, t as getDoctorFailureCode } from "../doctor-JqfcqakX.mjs";
+import "../store-CtnRgFKg.mjs";
+import { n as renderDoctorOutput, r as runDoctorCommand, t as getDoctorFailureCode } from "../doctor-BFpvus4A.mjs";
 
 export { getDoctorFailureCode, renderDoctorOutput, runDoctorCommand };

package/dist/{doctor-JqfcqakX.mjs → doctor-BFpvus4A.mjs}

@@ -1,128 +1,9 @@
-import { mkdir, readFile, rm, stat, writeFile } from "node:fs/promises";
+import { a as readAuthStore, n as getByrAuthStorePath, o as readJsonFile, r as getByrGlobalConfigPath, s as validateByrCookie } from "./store-CtnRgFKg.mjs";
+import { readFile } from "node:fs/promises";
 import { CliAppError } from "clawkit-cli-core";
 import { spawnSync } from "node:child_process";
-import { dirname, join } from "node:path";
-import { homedir } from "node:os";
+import { join } from "node:path";
 
-//#region src/domain/auth/store.ts
-function getByrConfigDir() {
-	return join(homedir(), ".config", "byr-cli");
-}
-function getByrGlobalConfigPath() {
-	return join(getByrConfigDir(), "config.json");
-}
-function getByrAuthStorePath() {
-	return join(getByrConfigDir(), "auth.json");
-}
-async function readJsonFile(path) {
-	try {
-		const content = await readFile(path, "utf8");
-		return JSON.parse(content);
-	} catch (error) {
-		const nodeError = error;
-		if (nodeError.code === "ENOENT") return;
-		throw new CliAppError({
-			code: "E_AUTH_INVALID",
-			message: `Failed to read JSON file: ${path}`,
-			details: {
-				path,
-				reason: nodeError.message
-			},
-			cause: error
-		});
-	}
-}
-async function writeJsonFile(path, data) {
-	await mkdir(dirname(path), { recursive: true });
-	await writeFile(path, `${JSON.stringify(data, null, 2)}\n`, "utf8");
-}
-async function readAuthStore() {
-	const store = await readJsonFile(getByrAuthStorePath());
-	if (store === void 0) return;
-	if (typeof store.cookie !== "string" || typeof store.source !== "string" || typeof store.updatedAt !== "string") return;
-	return {
-		cookie: store.cookie,
-		source: store.source,
-		updatedAt: store.updatedAt
-	};
-}
-async function writeAuthStore(cookie, source) {
-	const store = {
-		cookie,
-		source,
-		updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-	};
-	await writeJsonFile(getByrAuthStorePath(), store);
-	return store;
-}
-async function clearAuthStore() {
-	const authStorePath = getByrAuthStorePath();
-	let existed = true;
-	try {
-		await stat(authStorePath);
-	} catch (error) {
-		const nodeError = error;
-		if (nodeError.code === "ENOENT") existed = false;
-		else throw new CliAppError({
-			code: "E_AUTH_INVALID",
-			message: "Failed to inspect BYR auth store",
-			details: { reason: nodeError.message },
-			cause: error
-		});
-	}
-	try {
-		await rm(authStorePath, { force: true });
-		return existed;
-	} catch (error) {
-		throw new CliAppError({
-			code: "E_AUTH_INVALID",
-			message: "Failed to clear BYR auth store",
-			details: { reason: error.message },
-			cause: error
-		});
-	}
-}
-function parseCookieHeader(cookieHeader) {
-	const cookieMap = /* @__PURE__ */ new Map();
-	for (const part of cookieHeader.split(";")) {
-		const segment = part.trim();
-		if (segment.length === 0) continue;
-		const eqIndex = segment.indexOf("=");
-		if (eqIndex <= 0) continue;
-		const name = segment.slice(0, eqIndex).trim();
-		const value = segment.slice(eqIndex + 1).trim();
-		if (name.length > 0) cookieMap.set(name, value);
-	}
-	return {
-		uid: cookieMap.get("uid"),
-		pass: cookieMap.get("pass"),
-		sessionId: cookieMap.get("session_id"),
-		authToken: cookieMap.get("auth_token"),
-		refreshToken: cookieMap.get("refresh_token"),
-		cookieMap
-	};
-}
-function validateByrCookie(cookieHeader) {
-	const parsed = parseCookieHeader(cookieHeader);
-	const hasLegacyCookie = Boolean(parsed.uid && parsed.pass);
-	const hasSessionCookie = Boolean(parsed.sessionId && parsed.authToken);
-	if (!hasLegacyCookie && !hasSessionCookie) throw new CliAppError({
-		code: "E_AUTH_INVALID",
-		message: "BYR cookie must include uid/pass or session_id/auth_token",
-		details: { requiredAnyOf: [["uid", "pass"], ["session_id", "auth_token"]] }
-	});
-	return parsed;
-}
-function maskCookieValue(value, visible = 4) {
-	if (value.length <= visible) return "*".repeat(value.length);
-	return `${value.slice(0, visible)}${"*".repeat(Math.max(4, value.length - visible))}`;
-}
-function maskCookieHeader(cookieHeader) {
-	const parsed = parseCookieHeader(cookieHeader);
-	return Array.from(parsed.cookieMap.entries()).map(([name, value]) => name === "uid" || name === "pass" ? `${name}=${maskCookieValue(value)}` : `${name}=***`).join("; ");
-}
-
-//#endregion
 //#region src/domain/auth/config.ts
 function firstString(value) {
 	if (value === void 0) return;
@@ -411,4 +292,4 @@ function toCliError(error, fallbackCode) {
 }
 
 //#endregion
-export { clearAuthStore as a, writeAuthStore as c, resolveClientConfig as i, renderDoctorOutput as n, maskCookieHeader as o, runDoctorCommand as r, validateByrCookie as s, getDoctorFailureCode as t };
+export { resolveClientConfig as i, renderDoctorOutput as n, runDoctorCommand as r, getDoctorFailureCode as t };

package/dist/domain/client.mjs

@@ -1,3 +1,4 @@
-import { n as createByrClientFromEnv, r as createMockByrClient, t as createByrClient } from "../client-BeMmaDg5.mjs";
+import "../store-CtnRgFKg.mjs";
+import { n as createByrClientFromEnv, r as createMockByrClient, t as createByrClient } from "../client-CmhKYsjk.mjs";
 
 export { createByrClient, createByrClientFromEnv, createMockByrClient };

package/dist/index.mjs

@@ -1,7 +1,8 @@
 #!/usr/bin/env node
-import "./doctor-JqfcqakX.mjs";
-import "./client-BeMmaDg5.mjs";
-import { t as runCli } from "./cli-Ds1ZVpjV.mjs";
+import "./store-CtnRgFKg.mjs";
+import "./doctor-BFpvus4A.mjs";
+import "./client-CmhKYsjk.mjs";
+import { t as runCli } from "./cli-Boa0FrUq.mjs";
 
 //#region src/index.ts
 const exitCode = await runCli(process.argv.slice(2));

package/dist/store-CtnRgFKg.mjs

@@ -0,0 +1,144 @@
+import { mkdir, readFile, rm, stat, writeFile } from "node:fs/promises";
+import { CliAppError } from "clawkit-cli-core";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+
+//#region src/domain/auth/store.ts
+function getByrConfigDir() {
+	return join(homedir(), ".config", "byr-cli");
+}
+function getByrGlobalConfigPath() {
+	return join(getByrConfigDir(), "config.json");
+}
+function getByrAuthStorePath() {
+	return join(getByrConfigDir(), "auth.json");
+}
+async function readJsonFile(path) {
+	try {
+		const content = await readFile(path, "utf8");
+		return JSON.parse(content);
+	} catch (error) {
+		const nodeError = error;
+		if (nodeError.code === "ENOENT") return;
+		throw new CliAppError({
+			code: "E_AUTH_INVALID",
+			message: `Failed to read JSON file: ${path}`,
+			details: {
+				path,
+				reason: nodeError.message
+			},
+			cause: error
+		});
+	}
+}
+async function writeJsonFile(path, data) {
+	await mkdir(dirname(path), { recursive: true });
+	await writeFile(path, `${JSON.stringify(data, null, 2)}\n`, "utf8");
+}
+async function readAuthStore() {
+	const store = await readJsonFile(getByrAuthStorePath());
+	if (store === void 0) return;
+	if (typeof store.cookie !== "string" || typeof store.source !== "string" || typeof store.updatedAt !== "string") return;
+	return {
+		cookie: store.cookie,
+		source: store.source,
+		updatedAt: store.updatedAt
+	};
+}
+async function writeAuthStore(cookie, source) {
+	const store = {
+		cookie,
+		source,
+		updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	await writeJsonFile(getByrAuthStorePath(), store);
+	return store;
+}
+async function clearAuthStore() {
+	const authStorePath = getByrAuthStorePath();
+	let existed = true;
+	try {
+		await stat(authStorePath);
+	} catch (error) {
+		const nodeError = error;
+		if (nodeError.code === "ENOENT") existed = false;
+		else throw new CliAppError({
+			code: "E_AUTH_INVALID",
+			message: "Failed to inspect BYR auth store",
+			details: { reason: nodeError.message },
+			cause: error
+		});
+	}
+	try {
+		await rm(authStorePath, { force: true });
+		return existed;
+	} catch (error) {
+		throw new CliAppError({
+			code: "E_AUTH_INVALID",
+			message: "Failed to clear BYR auth store",
+			details: { reason: error.message },
+			cause: error
+		});
+	}
+}
+function parseCookieHeader(cookieHeader) {
+	const cookieMap = /* @__PURE__ */ new Map();
+	for (const part of cookieHeader.split(";")) {
+		const segment = part.trim();
+		if (segment.length === 0) continue;
+		const eqIndex = segment.indexOf("=");
+		if (eqIndex <= 0) continue;
+		const name = segment.slice(0, eqIndex).trim();
+		const value = segment.slice(eqIndex + 1).trim();
+		if (name.length > 0) cookieMap.set(name, value);
+	}
+	return {
+		uid: cookieMap.get("uid"),
+		pass: cookieMap.get("pass"),
+		sessionId: cookieMap.get("session_id"),
+		authToken: cookieMap.get("auth_token"),
+		refreshToken: cookieMap.get("refresh_token"),
+		cookieMap
+	};
+}
+function validateByrCookie(cookieHeader) {
+	const parsed = parseCookieHeader(cookieHeader);
+	const hasLegacyCookie = Boolean(parsed.uid && parsed.pass);
+	const hasSessionCookie = Boolean(parsed.sessionId && parsed.authToken);
+	if (!hasLegacyCookie && !hasSessionCookie) throw new CliAppError({
+		code: "E_AUTH_INVALID",
+		message: "BYR cookie must include uid/pass or session_id/auth_token",
+		details: { requiredAnyOf: [["uid", "pass"], ["session_id", "auth_token"]] }
+	});
+	for (const [name, value] of parsed.cookieMap.entries()) {
+		const reason = getInvalidCookieValueReason(value);
+		if (reason !== void 0) throw new CliAppError({
+			code: "E_AUTH_INVALID",
+			message: `Invalid cookie value for ${name}`,
+			details: {
+				cookieName: name,
+				reason
+			}
+		});
+	}
+	return parsed;
+}
+function getInvalidCookieValueReason(value) {
+	if (value.trim().length === 0) return "empty";
+	for (const char of value) {
+		const code = char.charCodeAt(0);
+		if (code < 33 || code > 126) return `non-ascii-character:${code}`;
+		if (char === ";" || char === ",") return `reserved-character:${char}`;
+	}
+}
+function maskCookieValue(value, visible = 4) {
+	if (value.length <= visible) return "*".repeat(value.length);
+	return `${value.slice(0, visible)}${"*".repeat(Math.max(4, value.length - visible))}`;
+}
+function maskCookieHeader(cookieHeader) {
+	const parsed = parseCookieHeader(cookieHeader);
+	return Array.from(parsed.cookieMap.entries()).map(([name, value]) => name === "uid" || name === "pass" ? `${name}=${maskCookieValue(value)}` : `${name}=***`).join("; ");
+}
+
+//#endregion
+export { readAuthStore as a, writeAuthStore as c, maskCookieHeader as i, getByrAuthStorePath as n, readJsonFile as o, getByrGlobalConfigPath as r, validateByrCookie as s, clearAuthStore as t };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "byr-pt-cli",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "private": false,
   "description": "BYR CLI with OpenClaw-friendly JSON contract",
   "license": "MIT",
@@ -20,9 +20,6 @@
       "import": "./dist/cli.mjs"
     }
   },
-  "dependencies": {
-    "clawkit-cli-core": "^0.1.0"
-  },
   "scripts": {
     "build": "tsdown src/index.ts src/cli.ts src/domain/client.ts src/domain/types.ts src/commands/browse.ts src/commands/doctor.ts src/commands/download.ts src/commands/get.ts src/commands/search.ts --format esm --dts",
     "test": "pnpm --filter clawkit-cli-core build && vitest run",
@@ -31,5 +28,8 @@
     "check": "pnpm typecheck && pnpm test",
     "skill:publish": "node ./scripts/skill-publish.mjs",
     "skill:sync": "clawhub sync --root ./skill-openclaw --all"
+  },
+  "dependencies": {
+    "clawkit-cli-core": "workspace:^0.1.0"
   }
-}
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 onemoreproduct
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.