job-pro 0.7.0 → 0.7.2

package/dist/sensetime.js

@@ -1,186 +1,50 @@
-// Thin client for 商汤科技 / SenseTime campus-recruiting portal at hr.sensetime.com.
+// 商汤 (SenseTime) careers adapter for `job-pro`.
 //
 // ============================================================
-// RECONNAISSANCE RESULTS (probed 2026-05):
-//
-//   https://hr.sensetime.com/
-//     → 302 redirect to /SU60fa3bdabef57c1023fc1cbc/pb/social.html
-//     Platform: "PB" / self-hosted Chinese HRIS (not Feishu, not Workday)
-//     Vendor fingerprint: /pb/js/vendor.js + /pb/js/{page}.js webpack bundles
-//
-//   https://careers.sensetime.com/
-//   https://campus.sensetime.com/
-//     → SSL handshake failure (geo-blocked / Apple Private Relay conflict)
-//
-// ============================================================
-// PORTAL STRUCTURE (from JS bundle analysis):
-//
-//   The SPA serves these page bundles:
-//     /pb/js/social.js   → 社招 (social/full-time hire) page
-//     /pb/js/school.js   → 校园 (campus / new-grad + intern) page
-//     /pb/js/home.js     → 首页 (home hub) page
-//
-//   Channel IDs embedded in JS bundles:
-//     SU60fa3bdabef57c1023fc1cbc  — social (社招) channel (main redirect target)
-//     SU6710d7c21c240e54e1f82a1b  — campus (校园) channel (school.html)
-//
-//   recruitType values (from bundle analysis):
-//     1 = 校园/campus (new-grad), used by school.js
-//     2 = 社招/social (full-time hire), used by social.js
-//
-// ============================================================
-// API DISCOVERY (probed 2026-05, paths extracted from social.js + school.js bundles):
-//
-//   Discovered paths (relative to origin+channelBase):
-//     POST /positionInfo/listPosition/{channelId}
-//          Payload: { isFrompb: true, recruitType: 1|2, pageSize: N, currentPage: N,
-//                     postName?: str, postKey?: str, workPlace?: {...}, category?: {...} }
-//          Response: { state: "200", data: { pageForm: { pageData: [...], currentPage: N },
-//                       positonNum: N } }
-//
-//     POST /positionInfo/listSearchTerm/{channelId}
-//          Returns filter taxonomies (work cities, departments, job types)
-//
-//     POST /positionInfo/listPositionDetail/{channelId}
-//          Payload: { postId: str, recruitType: N }
-//          Returns full JD for a single posting
-//
-//     POST /positionInfo/UnassignedPostDetail/{channelId}
-//          Returns detail for positions with unassigned departments
-//
-//     GET  /suite/post/search/condition/{channelId}
-//          Returns search filter configuration
-//
-//   Constructed API base:
-//     https://hr.sensetime.com/{channelId}/pb/{apiPath}/{channelId}
-//     (the Nginx proxy at /SU.../pb/ maps sub-paths to the backend)
-//
-// ============================================================
-// WHY THIS IS A STUB (unauthenticated access is impossible):
-//
-//   Every POST request to the above paths returns HTTP 405 Method Not Allowed,
-//   regardless of Origin, Referer, Content-Type, or User-Agent headers.
-//   GET requests return the SPA HTML shell (client-side routing catch-all).
-//
-//   The Nginx WAF at hr.sensetime.com blocks all unauthenticated POST requests.
-//   The API requires a valid session cookie / JWT obtained via:
-//     POST /login/  or  POST /ssoLogin
-//   These are enterprise SSO flows (phone OTP, WeChat OAuth, or SAML enterprise SSO)
-//   that cannot be automated without a real account.
-//
-//   This is fundamentally different from ByteDance/Tencent/Feishu portals, which
-//   allow anonymous POST to their search endpoints without any session cookie.
-//
-//   Recommendation: Monitor for:
-//     (a) A future public campus API at campus.sensetime.com
-//     (b) A Feishu Recruiting migration (SenseTime does use Feishu internally)
-//     (c) Third-party job boards (牛客, 实习僧) that scrape SenseTime listings
-//
-// ============================================================
-// STUB CONTRACT: All functions return ok:false with STUB_MESSAGE.
-// checkResume is re-exported from tencent.ts (works offline on resume text).
-// When/if SenseTime opens a public API, rewrite this file — the export shape
-// is already locked in by the PositionSummary interface below.
-import { extractResumeSignals, checkResume } from "./tencent.js";
-export { checkResume };
-const SOURCE = "hr.sensetime.com";
-const CAMPUS_URL = "https://hr.sensetime.com/SU6710d7c21c240e54e1f82a1b/pb/school.html";
-const STUB_MESSAGE = "SenseTime (商汤): no public job API — hr.sensetime.com POSTs are blocked by WAF (HTTP 405) " +
-    "without a valid session cookie; campus.sensetime.com and careers.sensetime.com are " +
-    "geo-blocked (SSL failure). The HRIS platform (PB/PushB, channel SU6710d7c21c240e54e1f82a1b) " +
-    "requires enterprise SSO (phone OTP / WeChat OAuth). " +
-    "Documented in cli/src/sensetime.ts header.";
-// ---- searchPositions ----
-export async function searchPositions(_opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MESSAGE,
-        // Expose the discovered endpoint so callers can see what we would have hit
-        endpoint: `POST https://hr.sensetime.com/SU6710d7c21c240e54e1f82a1b/pb/positionInfo/listPosition/SU6710d7c21c240e54e1f82a1b`,
-        query: {
-            isFrompb: true,
-            recruitType: _opts.recruitType ?? 1,
-            pageSize: _opts.pageSize ?? 20,
-            currentPage: _opts.page ?? 1,
-            ...(_opts.keyword ? { postKey: _opts.keyword } : {}),
+// API DISCOVERY (probed 2026-05-16 via puppeteer-core network capture)
+//
+// hr.sensetime.com hosts a Beisen Wecruit (北森招聘云) tenant. The published
+// SPA bundles at `/SU…/pb/<channel>.html` ALWAYS return nginx 405 on
+// anonymous POST, regardless of headers; that path is GET-only at the LB.
+//
+// The SPA's real XHR target (uncovered by intercepting page traffic in a
+// headless Chrome instance) is on a sibling `/wecruit/...` prefix:
+//
+//   POST https://hr.sensetime.com/wecruit/positionInfo/listPosition/<SU…>
+//        ?iSaJAx=isAjax&request_locale=zh_CN&t=<unix-ms>
+//
+// Content-Type: application/x-www-form-urlencoded (NOT JSON)
+// Body:         isFrompb=true&recruitType=2&pageSize=15&currentPage=1
+//
+// Anonymous, no token, no cookie, no captcha. Probed 2026-05-16: the
+// social channel `SU60fa3bdabef57c1023fc1cbc` returns ~89 pages × 12 ≈
+// 1068 active social-hire positions across SenseTime and its subsidiaries.
+//
+// hr.sensetime.com root redirects to the social channel (302); the campus
+// SU referenced in earlier reconnaissance notes (`SU6710d7c21c240e54e1f82a1b`)
+// has been reassigned to a different tenant ("安徽新华发行集团" appears in
+// its responses), so we only wire the social channel. If SenseTime
+// rebroadcasts a campus channel later, add it to the `channels` array.
+//
+// See cli/src/wecruit.ts for the shared factory.
+import { createAdapter } from "./wecruit.js";
+const adapter = createAdapter({
+    host: "hr.sensetime.com",
+    label: "SenseTime",
+    channels: [
+        {
+            channelId: "SU60fa3bdabef57c1023fc1cbc",
+            recruitType: "social",
+            pagePath: "social",
         },
-        positions: [],
-        total: 0,
-    };
-}
-// ---- fetchAllPositions ----
-export async function fetchAllPositions(_opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MESSAGE,
-        total: 0,
-        fetched: 0,
-        positions: [],
-    };
-}
-// ---- fetchPositionDetail ----
-export async function fetchPositionDetail(postId) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MESSAGE,
-        post_id: postId,
-    };
-}
-// ---- fetchDictionaries ----
-//
-// When accessible, POST /positionInfo/listSearchTerm/{channelId} returns:
-//   { state: "200", data: { projectList, provinceList, orgList, postTypeList, salaryList } }
-export async function fetchDictionaries() {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MESSAGE,
-        note: "When API becomes accessible: POST /positionInfo/listSearchTerm/{channelId}",
-    };
-}
-// ---- notices (no public endpoint) ----
-export async function listNotices() {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: "SenseTime: no public notices endpoint",
-        notices: [],
-    };
-}
-export async function getNotice(noticeId) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: "SenseTime: no public notices endpoint",
-        notice_id: noticeId,
-    };
-}
-export async function findNoticesByQuestion(question, _opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        question,
-        message: "SenseTime: no public notices endpoint",
-        matches: [],
-    };
-}
-// ---- matchResume ----
-//
-// Because the position search API is inaccessible, we cannot retrieve live listings
-// to score against the resume. Return ok:false with the extracted signals so the
-// caller can display what terms were parsed (useful for debugging the resume text).
-export async function matchResume(text, _opts = {}) {
-    const { terms, cities } = extractResumeSignals(text ?? "");
-    return {
-        ok: false,
-        source: SOURCE,
-        extracted_terms: terms,
-        city_preferences: cities,
-        matches: [],
-        message: STUB_MESSAGE,
-        apply_url: CAMPUS_URL,
-    };
-}
+    ],
+});
+export const searchPositions = adapter.searchPositions;
+export const fetchAllPositions = adapter.fetchAllPositions;
+export const fetchPositionDetail = adapter.fetchPositionDetail;
+export const fetchDictionaries = adapter.fetchDictionaries;
+export const listNotices = adapter.listNotices;
+export const getNotice = adapter.getNotice;
+export const findNoticesByQuestion = adapter.findNoticesByQuestion;
+export const matchResume = adapter.matchResume;
+export const checkResume = adapter.checkResume;

package/dist/sf.js

@@ -1,65 +1,278 @@
-// 顺丰 (SF Express) campus recruiting — stub adapter for `job-pro`.
-//
-// STATUS: stub-only. The campus portal lives at campus.sf-express.com but
-// the JSON job-list endpoint is gated behind a Spring Security 401 for any
-// request lacking a logged-in user session bound to a GeeTest v4 captcha token.
+// 顺丰 (SF Express) campus-recruiting adapter for `job-pro`.
 //
 // ============================================================
-// RECONNAISSANCE RESULTS (probed 2026-05):
+// API DISCOVERY (probed 2026-05-15)
+//
+// campus.sf-express.com is a Vue SPA built with Webpack. The campus-recruiting
+// flow was originally believed to be GeeTest-gated (POST /api/zp/jobList → 401),
+// but the SPA's actual position-listing chunk (cr/static/js/25.aa149bcb...js)
+// calls a different, fully anonymous route:
+//
+//   GET /api/web/position/query?pageNum=&pageSize=&keyword=…
 //
-//   https://campus.sf-express.com/        — Vue SPA, /cr/static/js/app.*.js
-//                                            ships GeeTest gt4.js for captcha.
-//   POST https://campus.sf-express.com/api/zp/jobList →
-//     {"timestamp":...,"status":401,"error":"Unauthorized","path":"/zp/jobList"}
-//     (Spring Security returns 401 immediately when no session JWT is present.)
-//   GET  https://campus.sf-express.com/cr/api/zp/jobList → openresty 404
+// Required headers: a normal browser UA plus the `cr-service` header that the
+// SPA's axios interceptor adds to every request. The interceptor sets
+//   cr-service: <url-encoded current location>
+// and the gateway uses it instead of a JWT to scope the response. With both
+// in place the endpoint returns paginated JSON without any captcha or login.
 //
-//   The SPA acquires its session by completing a GeeTest captcha after the
-//   user clicks "查看职位" on the entry page; only then is the bearer token
-//   injected into subsequent /api/zp/* requests.
+// Endpoint inventory (anonymous GET unless noted):
+//   GET /api/web/position/query        → paginated positions (campus + intern + mgmt)
+//   GET /api/web/position/findById/<id>→ single posting (via /api/position/findById/<id>)
 //
-//   Feishu ATSX:  sf.jobs.feishu.cn — HTTP 400 (no portal configured)
-//   Moka:         app.mokahr.com/social-recruitment/sf → 200 page shell but
-//                  per-slug feed returns "您访问的页面不存在".
+// `positionType` filter values seen in the wild:
+//   "consulting"     管理咨询生
+//   "managetraniee"  管培生类
+//   "" (omitted)     全部
 //
-// Conclusion: no unauthenticated public API. Visit
-// https://campus.sf-express.com/ for the official campus portal.
+// ============================================================
 import { extractResumeSignals, scoreOverlap, checkResume } from "./tencent.js";
 export { checkResume };
 const SOURCE = "campus.sf-express.com";
-const STUB_MESSAGE = "SF Express (顺丰): campus.sf-express.com /api/zp/jobList returns HTTP 401 (Spring Security) " +
-    "for unauthenticated requests. Session JWT is only issued after a GeeTest v4 captcha is completed " +
-    "in-browser. No unauthenticated public API available. Visit https://campus.sf-express.com/ for the portal.";
-export async function searchPositions(_opts = {}) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, query: {}, positions: [] };
+const API_ROOT = "https://campus.sf-express.com";
+const SITE_ROOT = "https://campus.sf-express.com/";
+const DETAIL_PAGE = (id) => `https://campus.sf-express.com/#/postDetail/${encodeURIComponent(id)}`;
+const CR_SERVICE = "https%3A%2F%2Fcampus.sf-express.com%2F";
+const DEFAULT_HEADERS = {
+    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36",
+    Accept: "application/json, text/plain, */*",
+    "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8",
+    Referer: SITE_ROOT,
+    Origin: API_ROOT,
+    "cr-service": CR_SERVICE,
+};
+async function call(path, query = {}) {
+    const params = new URLSearchParams();
+    for (const [k, v] of Object.entries(query)) {
+        if (v !== undefined && v !== "")
+            params.set(k, String(v));
+    }
+    const qs = params.toString();
+    const url = `${API_ROOT}${path}${qs ? `?${qs}` : ""}`;
+    let response;
+    try {
+        response = await fetch(url, { method: "GET", headers: DEFAULT_HEADERS });
+    }
+    catch (err) {
+        return {
+            ok: false,
+            message: `network error: ${err instanceof Error ? err.message : String(err)}`,
+        };
+    }
+    if (!response.ok) {
+        return { ok: false, message: `HTTP ${response.status}: ${response.statusText}` };
+    }
+    // SF returns the payload object directly (PageHelper shape: {list, total, …})
+    let payload;
+    try {
+        payload = (await response.json());
+    }
+    catch (err) {
+        return { ok: false, message: `bad JSON: ${err instanceof Error ? err.message : err}` };
+    }
+    return { ok: true, data: payload.list, total: payload.total, message: "ok" };
+}
+function summarize(item) {
+    const id = String(item.id ?? "");
+    const city = (item.demandCity ?? item.recruitCity ?? "").toString().trim();
+    return {
+        post_id: id,
+        title: (item.positionName ?? "").trim(),
+        project: (item.orgSourceName ?? item.orgSource ?? "").trim(),
+        recruit_label: item.seasonType === "1"
+            ? "校招"
+            : item.seasonType === "2"
+                ? "实习"
+                : item.seasonType === "3"
+                    ? "管培"
+                    : "",
+        bgs: (item.positionTypeName ?? "").trim(),
+        work_cities: city,
+        apply_url: id ? DETAIL_PAGE(id) : SITE_ROOT,
+    };
 }
-export async function fetchAllPositions(_opts = {}) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, total: 0, fetched: 0, positions: [] };
+// ---------- searchPositions ----------
+export async function searchPositions(opts = {}) {
+    const pageSize = Math.max(1, Math.min(100, opts.pageSize ?? 20));
+    const page = Math.max(1, opts.page ?? 1);
+    const query = {
+        pageNum: page,
+        pageSize,
+    };
+    if (opts.keyword)
+        query.positionName = opts.keyword.trim().slice(0, 60);
+    if (opts.positionType)
+        query.positionType = opts.positionType;
+    if (opts.seasonType)
+        query.seasonType = opts.seasonType;
+    const r = await call("/api/web/position/query", query);
+    if (!r.ok) {
+        return {
+            ok: false,
+            source: SOURCE,
+            message: r.message,
+            query,
+            positions: [],
+        };
+    }
+    const rows = r.data ?? [];
+    return {
+        ok: true,
+        source: SOURCE,
+        query,
+        page,
+        page_size: pageSize,
+        total: r.total ?? rows.length,
+        positions: rows.map(summarize),
+    };
 }
+// ---------- fetchAllPositions ----------
+export async function fetchAllPositions(opts = {}) {
+    const pageSize = Math.max(1, Math.min(100, opts.pageSize ?? 50));
+    const maxPages = Math.max(1, opts.maxPages ?? 20);
+    const bucket = [];
+    let total;
+    for (let page = 1; page <= maxPages; page++) {
+        const r = await searchPositions({ keyword: opts.keyword, page, pageSize });
+        if (!r.ok) {
+            return {
+                ok: false,
+                source: SOURCE,
+                message: r.message,
+                total: 0,
+                fetched: bucket.length,
+                positions: bucket,
+            };
+        }
+        if (total === undefined)
+            total = r.total;
+        if (!r.positions.length)
+            break;
+        bucket.push(...r.positions);
+        if (total !== undefined && bucket.length >= total)
+            break;
+    }
+    return {
+        ok: true,
+        source: SOURCE,
+        total: total ?? bucket.length,
+        fetched: bucket.length,
+        positions: bucket,
+    };
+}
+// ---------- fetchPositionDetail ----------
 export async function fetchPositionDetail(postId) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, post_id: postId };
+    const id = (postId ?? "").trim();
+    if (!id)
+        return { ok: false, source: SOURCE, message: "post_id is required", post_id: id };
+    // Some SF builds expose details via /api/position/findById/<id>, others via the
+    // SPA's "findById" route — both share the same backend. We always hit /api/...
+    const url = `${API_ROOT}/api/position/findById/${encodeURIComponent(id)}`;
+    let response;
+    try {
+        response = await fetch(url, { method: "GET", headers: DEFAULT_HEADERS });
+    }
+    catch (err) {
+        return {
+            ok: false,
+            source: SOURCE,
+            message: `network error: ${err instanceof Error ? err.message : String(err)}`,
+            post_id: id,
+        };
+    }
+    if (!response.ok) {
+        return {
+            ok: false,
+            source: SOURCE,
+            message: `HTTP ${response.status}: ${response.statusText}`,
+            post_id: id,
+        };
+    }
+    let raw;
+    try {
+        raw = (await response.json());
+    }
+    catch (err) {
+        return {
+            ok: false,
+            source: SOURCE,
+            message: `bad JSON: ${err instanceof Error ? err.message : err}`,
+            post_id: id,
+        };
+    }
+    return {
+        ok: true,
+        source: SOURCE,
+        post_id: String(raw.id ?? id),
+        title: raw.positionName ?? "",
+        project: raw.orgSourceName ?? raw.orgSource ?? "",
+        position_type: raw.positionTypeName ?? "",
+        description: (raw.postDuty ?? "").toString().trim(),
+        requirements: (raw.jobRequirement ?? "").toString().trim(),
+        work_city: raw.demandCity ?? "",
+        interview_city: raw.recruitCity ?? "",
+        education: raw.educationName ?? raw.education ?? "",
+        intern_type: raw.internTypeName ?? raw.internType ?? "",
+        create_date: raw.createDate ?? "",
+        apply_url: DETAIL_PAGE(id),
+    };
 }
+// ---------- fetchDictionaries (no public dict endpoint) ----------
 export async function fetchDictionaries() {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE };
+    return {
+        ok: false,
+        source: SOURCE,
+        message: "SF Express does not expose a public filter taxonomy endpoint; positions API accepts " +
+            "positionName / positionType / seasonType query params directly.",
+        api_host: API_ROOT,
+        known_filters: {
+            positionType: ["consulting", "managetraniee"],
+            seasonType: { "1": "校招", "2": "实习", "3": "管培" },
+        },
+    };
 }
+// ---------- notices (no public notices endpoint) ----------
+const NO_NOTICES = "SF Express campus does not expose a public notices/announcements endpoint.";
 export async function listNotices() {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, notices: [] };
+    return { ok: false, source: SOURCE, message: NO_NOTICES, notices: [] };
 }
 export async function getNotice(noticeId) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, notice_id: noticeId };
+    return { ok: false, source: SOURCE, message: NO_NOTICES, notice_id: noticeId };
 }
 export async function findNoticesByQuestion(question, _opts = {}) {
-    return { ok: false, source: SOURCE, question, message: STUB_MESSAGE, matches: [] };
+    return { ok: false, source: SOURCE, question, message: NO_NOTICES, matches: [] };
 }
-export async function matchResume(text, _opts = {}) {
+// ---------- matchResume ----------
+export async function matchResume(text, opts = {}) {
     const { terms, cities } = extractResumeSignals(text ?? "");
+    const topN = Math.max(1, opts.topN ?? 5);
+    const candidates = Math.max(topN, opts.candidates ?? 200);
+    const all = await fetchAllPositions({ pageSize: 50, maxPages: Math.ceil(candidates / 50) });
+    if (!all.ok) {
+        return {
+            ok: false,
+            source: SOURCE,
+            message: all.message,
+            extracted_terms: terms,
+            city_preferences: cities,
+            matches: [],
+        };
+    }
+    const scored = [];
+    for (const p of all.positions) {
+        const haystack = `${p.title} ${p.project} ${p.bgs} ${p.work_cities}`;
+        const score = scoreOverlap(haystack, terms, cities).score;
+        if (score > 0)
+            scored.push({ score, position: p });
+    }
+    scored.sort((a, b) => b.score - a.score);
     return {
-        ok: false,
+        ok: true,
         source: SOURCE,
         extracted_terms: terms,
         city_preferences: cities,
-        matches: [],
-        message: STUB_MESSAGE,
+        candidate_pool: all.positions.length,
+        matches: scored.slice(0, topN).map((s) => s.position),
     };
 }
 export { extractResumeSignals, scoreOverlap };