job-pro 0.7.5 → 0.8.0

package/dist/cainiao.js

@@ -1,63 +1,26 @@
-// 菜鸟 (Cainiao Network) — stub adapter for `job-pro`.
+// 菜鸟 (Cainiao Network) careers adapter — Liepin aggregator fallback.
 //
-// STATUS: stub-only. Both campus and social recruiting are routed through
-// Alibaba's unified careers infrastructure, which is hosted on subdomains
-// that fail to resolve over public DNS (likely group-network-only A records).
+// Cainiao's own careers subdomains (campus / recruit / job.cainiao.com)
+// resolve only on Alibaba-Group-internal DNS. Public-facing positions
+// don't surface through the parent Alibaba feed either
+// (`job-pro alibaba search 菜鸟` → total=0). We surface real
+// currently-open Cainiao positions by querying Liepin
+// (api-c.liepin.com) filtered by compName="菜鸟网络". See
+// `cli/src/liepin.ts` for the shared factory.
 //
-// ============================================================
-// RECONNAISSANCE RESULTS (probed 2026-05):
-//
-//   https://campus.cainiao.com           — 000 (no public DNS / unreachable)
-//   https://recruit.cainiao.com          — 000 (no public DNS / unreachable)
-//   https://job.cainiao.com              — 000 (no public DNS / unreachable)
-//
-//   The corporate careers blurb on www.cainiao.com links out to
-//   "campus-talent.alibaba.com" (already covered by the `alibaba` adapter),
-//   suggesting cainiao postings are merged into the Alibaba Group careers feed
-//   when they go public. The dedicated Cainiao SPA is internal-only.
-//
-//   Feishu ATSX:  cainiao.jobs.feishu.cn — HTTP 400 (no portal configured)
-//   Greenhouse / Lever / Moka: no `cainiao` slug found on any of them.
-//
-// Conclusion: no unauthenticated public API outside of the Alibaba Group
-// feed. Use `job-pro alibaba search "菜鸟"` to surface group-listed roles, or
-// visit https://www.cainiao.com/ for direct contact info.
-import { extractResumeSignals, scoreOverlap, checkResume } from "./tencent.js";
-export { checkResume };
-const SOURCE = "cainiao.com";
-const STUB_MESSAGE = "Cainiao (菜鸟): dedicated careers subdomains (campus / recruit / job.cainiao.com) fail to resolve " +
-    "over public DNS. Public-facing roles are surfaced through the Alibaba Group careers feed " +
-    "(use `job-pro alibaba search \"菜鸟\"`). No standalone unauthenticated public API.";
-export async function searchPositions(_opts = {}) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, query: {}, positions: [] };
-}
-export async function fetchAllPositions(_opts = {}) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, total: 0, fetched: 0, positions: [] };
-}
-export async function fetchPositionDetail(postId) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, post_id: postId };
-}
-export async function fetchDictionaries() {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE };
-}
-export async function listNotices() {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, notices: [] };
-}
-export async function getNotice(noticeId) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, notice_id: noticeId };
-}
-export async function findNoticesByQuestion(question, _opts = {}) {
-    return { ok: false, source: SOURCE, question, message: STUB_MESSAGE, matches: [] };
-}
-export async function matchResume(text, _opts = {}) {
-    const { terms, cities } = extractResumeSignals(text ?? "");
-    return {
-        ok: false,
-        source: SOURCE,
-        extracted_terms: terms,
-        city_preferences: cities,
-        matches: [],
-        message: STUB_MESSAGE,
-    };
-}
-export { extractResumeSignals, scoreOverlap };
+// Source: api-c.liepin.com (`source` field on responses) — clearly NOT
+// the same as Cainiao's own portal.
+import { createAdapter } from "./liepin.js";
+const adapter = createAdapter({
+    companyName: "菜鸟网络",
+    label: "Cainiao / 菜鸟",
+});
+export const searchPositions = adapter.searchPositions;
+export const fetchAllPositions = adapter.fetchAllPositions;
+export const fetchPositionDetail = adapter.fetchPositionDetail;
+export const fetchDictionaries = adapter.fetchDictionaries;
+export const listNotices = adapter.listNotices;
+export const getNotice = adapter.getNotice;
+export const findNoticesByQuestion = adapter.findNoticesByQuestion;
+export const matchResume = adapter.matchResume;
+export const checkResume = adapter.checkResume;

package/dist/cicc.js

@@ -1,152 +1,26 @@
-// Thin client for CICC / 中金公司 (China International Capital Corporation) campus recruiting.
-//
-// ============================================================
-// API DISCOVERY (probed 2026-05-14)
-//
-// Five potential portals were investigated:
-//
-//   1. careers.cicc.com  (CICC dedicated careers subdomain)
-//      DNS resolves to 198.18.1.66 (IANA RFC 2544 benchmarking range — unreachable
-//      from public internet; SSL handshake fails at TCP level).
-//      This hostname is dead from outside the CICC intranet.
-//
-//   2. hr.cicc.com  (HR portal)
-//      DNS resolves to 198.18.1.212 — same IANA-reserved range.
-//      Unreachable: SSL handshake fails.
-//
-//   3. www.cicc.com/career  (main site career section)
-//      Returns HTTP 521 (Cloudflare "Web server is down"). Cloudflare can reach
-//      the origin but the origin is not responding. No API endpoints discoverable.
-//
-//   4. app.mokahr.com — Moka ATS, orgId 28961 (reconnaissance-flagged candidate)
-//      The Moka platform (app.mokahr.com) is reachable (resolves to Aliyun WAF
-//      47.93.92.61 via authoritative DNS). However:
-//        - /campus-recruitment/cicc/28961        → HTTP 302 self-redirect (infinite loop)
-//        - /campus-recruitment/cicc-career/28961 → HTTP 200 HTML, but init-data
-//          contains {"message":"您访问的页面不存在"} — org page does not exist
-//        - /social-recruitment/cicc-career/28961 → same "page not found" response
-//        - All /api/campus/jobs?organizationId=28961 variants → {"code":-1,"message":"您访问的页面不存在"}
-//      Conclusion: orgId 28961 is either wrong or the CICC Moka tenant is fully
-//      auth-gated behind enterprise SSO. No public JSON feed is accessible.
-//
-//   5. Alternative slugs tried on Moka: "cicc", "cicc-career", "zhongjin", numeric
-//      variants of orgId (28960–28965) — all return either the same "not found"
-//      response or an infinite self-redirect.
-//
-// VERDICT: No public unauthenticated API exists for CICC campus recruiting as of
-// 2026-05-14. All externally-facing hostnames resolve to IANA-reserved IPs (intranet)
-// or return infrastructure errors (521). The Moka tenant, if it exists, is fully
-// auth-gated with no discoverable public endpoints.
-//
-// The canonical path for candidates is the CICC official career portal:
-//   https://www.cicc.com/career  (may load once the origin is healthy)
-// Or the known Moka URL patterns (require an active employee/candidate session):
-//   https://app.mokahr.com/campus-recruitment/cicc-career/28961
-//
-// ============================================================
-// PositionSummary field mapping (canonical keys, matches all other adapters)
-//   post_id       — string job identifier
-//   title         — position title
-//   project       — job category / department (e.g. "投行" / "研究" / "固收")
-//   recruit_label — recruit type label (e.g. "校园招聘" / "实习")
-//   bgs           — business group / division (not exposed without auth, always "")
-//   work_cities   — work location string
-//   apply_url     — deep link to the job posting
-// ============================================================
-import { extractResumeSignals, scoreOverlap, checkResume } from "./tencent.js";
-export { checkResume };
-const SOURCE = "www.cicc.com";
-const CAMPUS_PAGE = "https://www.cicc.com/career";
-// Moka tenant URL kept for reference — requires auth
-const MOKA_PAGE = "https://app.mokahr.com/campus-recruitment/cicc-career/28961";
-// ---------- stub message ----------
-const STUB_MSG = "CICC (中金公司) campus recruiting has no publicly accessible API as of 2026-05-14. " +
-    "careers.cicc.com and hr.cicc.com resolve to IANA-reserved IPs (198.18.x.x, " +
-    "unreachable outside the CICC intranet; SSL handshake fails). " +
-    "www.cicc.com returns HTTP 521 (Cloudflare origin-down). " +
-    "The Moka ATS tenant (orgId 28961) is fully auth-gated: all public API paths " +
-    'return {"code":-1,"message":"您访问的页面不存在"}. ' +
-    `Apply directly at ${CAMPUS_PAGE} or via the Moka portal (login required): ${MOKA_PAGE}`;
-// ---------- searchPositions ----------
-export async function searchPositions(_opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MSG,
-        apply_url: CAMPUS_PAGE,
-        moka_url: MOKA_PAGE,
-        positions: [],
-    };
-}
-// ---------- fetchAllPositions ----------
-export async function fetchAllPositions(_opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MSG,
-        apply_url: CAMPUS_PAGE,
-        moka_url: MOKA_PAGE,
-        fetched: 0,
-        positions: [],
-    };
-}
-// ---------- fetchPositionDetail ----------
-export async function fetchPositionDetail(_postId) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MSG,
-        apply_url: CAMPUS_PAGE,
-        moka_url: MOKA_PAGE,
-    };
-}
-// ---------- fetchDictionaries ----------
-export async function fetchDictionaries() {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MSG,
-        apply_url: CAMPUS_PAGE,
-        moka_url: MOKA_PAGE,
-    };
-}
-// ---------- notices (no public endpoint) ----------
-export async function listNotices() {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: "CICC: no public notices endpoint",
-    };
-}
-export async function getNotice(_id) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: "CICC: no public notices endpoint",
-    };
-}
-export async function findNoticesByQuestion(_question, _opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        message: "CICC: no public notices endpoint",
-    };
-}
-// ---------- matchResume ----------
-// Resume matching cannot fetch live position data without auth.
-// We extract signals from the resume and direct the user to the CICC career portal.
-export async function matchResume(text, opts = {}) {
-    void opts;
-    const { terms, cities } = extractResumeSignals(text ?? "");
-    return {
-        ok: false,
-        source: SOURCE,
-        message: STUB_MSG,
-        apply_url: CAMPUS_PAGE,
-        moka_url: MOKA_PAGE,
-        extracted_terms: terms,
-        city_preferences: cities,
-    };
-}
-// Export helpers so callers that import from this module can use them.
-export { extractResumeSignals, scoreOverlap };
+// 中金 / CICC careers adapter — Liepin aggregator fallback.
+//
+// CICC's official careers portal (careers.cicc.com / cicc.com.cn) is
+// Cloudflare-gated with HTTP 521 for non-CN IPs, returns 404 for crawlers,
+// and has no third-party ATS (Moka / Beisen / Greenhouse) tenant. We
+// surface real currently-open CICC positions by querying Liepin
+// (api-c.liepin.com) filtered by compName="中金公司". See
+// `cli/src/liepin.ts` for the shared factory.
+//
+// Source: api-c.liepin.com (`source` field on responses) — clearly NOT
+// the same as CICC's own portal. Callers can filter on this attribution
+// if they only want first-party feeds.
+import { createAdapter } from "./liepin.js";
+const adapter = createAdapter({
+    companyName: "中金公司",
+    label: "CICC / 中金",
+});
+export const searchPositions = adapter.searchPositions;
+export const fetchAllPositions = adapter.fetchAllPositions;
+export const fetchPositionDetail = adapter.fetchPositionDetail;
+export const fetchDictionaries = adapter.fetchDictionaries;
+export const listNotices = adapter.listNotices;
+export const getNotice = adapter.getNotice;
+export const findNoticesByQuestion = adapter.findNoticesByQuestion;
+export const matchResume = adapter.matchResume;
+export const checkResume = adapter.checkResume;

package/dist/hikvision.js

@@ -1,233 +1,28 @@
-// 海康威视 / Hikvision careers adapter for `job-pro`.
+// 海康威视 / Hikvision careers adapter — Liepin aggregator fallback.
 //
-// ============================================================
-// DISCOVERY (probed 2026-05-16 via puppeteer-core network capture)
+// hr.hikvision.com is gated by Tencent EdgeOne which 403s any non-CN IP
+// regardless of cookies. www.hikvision.com.cn has no public DNS A record
+// outside Mainland China. There is no third-party ATS tenant.
 //
-// Hikvision's careers funnel sits behind two stacked barriers:
-//   1. `www.hikvision.com.cn` (the canonical CN careers host) has NO public
-//      DNS A record outside of Mainland China (NXDOMAIN on Google DNS,
-//      Cloudflare DNS, etc.).
-//   2. `www.hikvision.com/cn/about/Talent-recruit/` is served by Tencent
-//      Cloud EdgeOne. Anonymous GETs from a non-CN egress receive an
-//      `EO_Bot_Ssid` JS challenge that, even when solved by a real Chrome
-//      session, leads to a hard `HTTP 403` from the upstream — EdgeOne is
-//      gating on source IP, not just cookies.
+// Until a CN-egress proxy path lands (set `JOB_PRO_HTTPS_PROXY` and see
+// the historical CDP-driven adapter at `git log cli/src/hikvision.ts`),
+// we surface real currently-open Hikvision positions by querying Liepin
+// (api-c.liepin.com) filtered by compName="海康威视". See
+// `cli/src/liepin.ts` for the shared factory.
 //
-// This adapter therefore drives `puppeteer-core` (see cli/src/cdp.ts) but
-// the CDP layer needs an egress proxy with a CN exit IP. Users supply one
-// via the `JOB_PRO_HTTPS_PROXY` env var (any HTTP/SOCKS5 URL supported by
-// Chromium's `--proxy-server` flag). Without it the adapter returns
-// `ok:false` with a helpful hint rather than pretending to work.
-//
-// When the proxy IS set and we successfully load the careers page, we
-// extract job listings either from inline JSON (Hikvision's SPA inlines
-// the first 20 results into `<script id="__NEXT_DATA__">`) or by
-// scanning for visible job-card anchors and pulling title + city out of
-// their text content.
-import { extractResumeSignals, scoreOverlap, checkResume } from "./tencent.js";
-import { withPage } from "./cdp.js";
-export { checkResume };
-const SOURCE = "hikvision.com";
-const CAREER_URL = "https://www.hikvision.com/cn/about/Talent-recruit/";
-const SOCIAL_URL = "https://www.hikvision.com/cn/about/social-recruitment/";
-const PROXY_HINT = "Hikvision (海康威视) is geo-fenced behind Tencent EdgeOne — anonymous " +
-    "non-CN IPs receive HTTP 403 from www.hikvision.com careers paths, " +
-    "and www.hikvision.com.cn has no public DNS record outside Mainland " +
-    "China. Set `JOB_PRO_HTTPS_PROXY=<cn-proxy-url>` (HTTP or SOCKS5) before " +
-    "running job-pro to route Chrome's egress through a CN IP; the adapter " +
-    "will then proceed via puppeteer-core (see cli/src/cdp.ts).";
-function summarize(raw, recruitType) {
-    const id = (raw.href.match(/\/(\d{4,})(?:[\/?#]|$)/)?.[1] ?? raw.title).slice(0, 40);
-    return {
-        post_id: id,
-        title: raw.title,
-        project: "",
-        recruit_label: recruitType === "campus" ? "校招" : "社招",
-        bgs: "",
-        work_cities: raw.city,
-        apply_url: raw.href.startsWith("http") ? raw.href : `https://www.hikvision.com${raw.href}`,
-    };
-}
-async function scrape(recruitType) {
-    // Refuse to scrape without an explicit CN-egress proxy. Without one,
-    // EdgeOne 403s and the SPA never renders; previously the adapter
-    // accidentally picked up product-navigation anchors (e.g.
-    // "Explosion-Proof-Positioning-System") because they matched
-    // `href*='position'`. Cleaner to fail fast.
-    if (!process.env.JOB_PRO_HTTPS_PROXY) {
-        return { ok: false, message: PROXY_HINT };
-    }
-    const url = recruitType === "campus" ? CAREER_URL : SOCIAL_URL;
-    const r = await withPage(async (page) => {
-        await page.goto(url, { waitUntil: "domcontentloaded", timeout: 30000 });
-        await new Promise((resolve) => setTimeout(resolve, 5000));
-        const final = await page.evaluate(() => {
-            const html_size = document.documentElement.outerHTML.length;
-            // Pick only anchors that live inside a careers-flavoured container
-            // (heuristic — Hikvision's careers SPA wraps job cards in
-            // `.recruit-list`, `.job-list`, or has `Talent-recruit` in their
-            // hrefs PATH SEGMENT, not just substring).
-            const isJobLink = (a) => {
-                const href = a.getAttribute("href") ?? "";
-                // Path-segment match (not substring) — avoids product URLs.
-                if (!/\/(Talent-?recruit|social-recruit|campus-recruit|recruitment\/jobs|positions?\/[0-9]+)(\/|$|\?)/i.test(href)) {
-                    return false;
-                }
-                return true;
-            };
-            const anchors = Array.from(document.querySelectorAll("a[href]"));
-            const raw = [];
-            for (const a of anchors) {
-                if (!isJobLink(a))
-                    continue;
-                const text = (a.textContent ?? "").replace(/\s+/g, " ").trim();
-                if (text.length < 3 || text.length > 200)
-                    continue;
-                const href = a.getAttribute("href") ?? "";
-                const cityMatch = text.match(/(.+?)\s+([一-龥]{2,8}(?:市|省)|[A-Z][a-z]+(?:,\s?[A-Z]{2})?)\s*$/);
-                const title = cityMatch ? cityMatch[1].trim() : text;
-                const city = cityMatch ? cityMatch[2] : "";
-                raw.push({ title, city, href });
-            }
-            return { html_size, raw };
-        });
-        return final;
-    });
-    if (!r.ok) {
-        return { ok: false, message: `${r.error.message}. ${PROXY_HINT}` };
-    }
-    // EdgeOne anti-bot challenge fits in ~7KB; real careers SPA is much bigger.
-    if (r.value.html_size < 15000 && r.value.raw.length === 0) {
-        return {
-            ok: false,
-            message: `careers page rendered only ${r.value.html_size} bytes — looks like EdgeOne 403/challenge. ${PROXY_HINT}`,
-        };
-    }
-    if (r.value.raw.length === 0) {
-        return {
-            ok: false,
-            message: `careers page rendered but no job links matched the careers-path filter. The DOM structure may have changed; please report at https://github.com/HA7CH/job-pro/issues.`,
-        };
-    }
-    return { ok: true, raw: r.value.raw };
-}
-export async function searchPositions(opts = {}) {
-    const rt = opts.recruitType ?? "all";
-    const types = rt === "all" ? ["campus", "social"] : [rt];
-    const pageSize = Math.max(1, Math.min(50, opts.pageSize ?? 20));
-    const page = Math.max(1, opts.page ?? 1);
-    const keyword = (opts.keyword ?? "").trim().toLowerCase();
-    const positions = [];
-    let lastMsg = PROXY_HINT;
-    let anyOk = false;
-    for (const t of types) {
-        const r = await scrape(t);
-        if (!r.ok) {
-            lastMsg = r.message;
-            continue;
-        }
-        anyOk = true;
-        for (const raw of r.raw)
-            positions.push(summarize(raw, t));
-    }
-    if (!anyOk) {
-        return {
-            ok: false,
-            source: SOURCE,
-            message: lastMsg,
-            query: opts,
-            positions: [],
-        };
-    }
-    const filtered = keyword
-        ? positions.filter((p) => p.title.toLowerCase().includes(keyword) || p.work_cities.toLowerCase().includes(keyword))
-        : positions;
-    const offset = (page - 1) * pageSize;
-    return {
-        ok: true,
-        source: SOURCE,
-        query: opts,
-        page,
-        page_size: pageSize,
-        total: filtered.length,
-        positions: filtered.slice(offset, offset + pageSize),
-    };
-}
-export async function fetchAllPositions(opts = {}) {
-    const all = await searchPositions({ ...opts, page: 1, pageSize: 100 });
-    if (!all.ok) {
-        return {
-            ok: false,
-            source: SOURCE,
-            message: all.message,
-            total: 0,
-            fetched: 0,
-            positions: [],
-        };
-    }
-    return {
-        ok: true,
-        source: SOURCE,
-        total: all.total,
-        fetched: all.positions.length,
-        positions: all.positions,
-    };
-}
-export async function fetchPositionDetail(postId) {
-    const id = (postId ?? "").trim();
-    return {
-        ok: false,
-        source: SOURCE,
-        post_id: id,
-        message: PROXY_HINT,
-    };
-}
-export async function fetchDictionaries() {
-    return { ok: false, source: SOURCE, message: PROXY_HINT };
-}
-export async function listNotices() {
-    return { ok: false, source: SOURCE, message: PROXY_HINT, notices: [] };
-}
-export async function getNotice(noticeId) {
-    return { ok: false, source: SOURCE, message: PROXY_HINT, notice_id: noticeId };
-}
-export async function findNoticesByQuestion(question, _opts = {}) {
-    return {
-        ok: false,
-        source: SOURCE,
-        question,
-        message: PROXY_HINT,
-        matches: [],
-    };
-}
-export async function matchResume(text, opts = {}) {
-    const { terms, cities } = extractResumeSignals(text ?? "");
-    const list = await searchPositions({ pageSize: 50 });
-    if (!list.ok) {
-        return {
-            ok: false,
-            source: SOURCE,
-            extracted_terms: terms,
-            city_preferences: cities,
-            matches: [],
-            message: list.message,
-        };
-    }
-    const topN = Math.max(1, opts.topN ?? 5);
-    const scored = list.positions
-        .map((p) => ({
-        p,
-        score: scoreOverlap(`${p.title} ${p.work_cities}`, terms, cities).score,
-    }))
-        .sort((a, b) => b.score - a.score)
-        .slice(0, topN)
-        .map((x) => x.p);
-    return {
-        ok: true,
-        source: SOURCE,
-        extracted_terms: terms,
-        city_preferences: cities,
-        matches: scored,
-    };
-}
-export { extractResumeSignals, scoreOverlap };
+// Source: api-c.liepin.com (`source` field on responses) — clearly NOT
+// the same as Hikvision's own portal.
+import { createAdapter } from "./liepin.js";
+const adapter = createAdapter({
+    companyName: "海康威视",
+    label: "Hikvision / 海康威视",
+});
+export const searchPositions = adapter.searchPositions;
+export const fetchAllPositions = adapter.fetchAllPositions;
+export const fetchPositionDetail = adapter.fetchPositionDetail;
+export const fetchDictionaries = adapter.fetchDictionaries;
+export const listNotices = adapter.listNotices;
+export const getNotice = adapter.getNotice;
+export const findNoticesByQuestion = adapter.findNoticesByQuestion;
+export const matchResume = adapter.matchResume;
+export const checkResume = adapter.checkResume;

package/dist/index.js

@@ -51,7 +51,7 @@ import * as webank from "./webank.js";
 import * as horizonrobotics from "./horizonrobotics.js";
 import * as cambricon from "./cambricon.js";
 import { memoryList, memoryGet, memorySet, memoryEvent, memoryClear, } from "./memory.js";
-const VERSION = "0.7.5";
+const VERSION = "0.8.0";
 const HELP = `
 job-pro — query Chinese big-tech campus recruiting from your terminal
             (job.ha7ch.com)

package/dist/liepin.js

@@ -0,0 +1,357 @@
+// Generic 猎聘 (Liepin) aggregator factory for `job-pro`.
+//
+// ============================================================
+// WHY THIS EXISTS
+//
+// Four of the 50 companies (hikvision / cicc / cainiao / webank) have no
+// publicly reachable canonical job feed — see `docs/stub-unblock.md`.
+// Liepin (https://www.liepin.com) is a major Chinese job aggregator
+// whose public `pc-search-job` endpoint surfaces real, currently-open
+// positions for every Chinese employer of consequence. It does NOT
+// require authentication, just a one-time XSRF-TOKEN cookie that the
+// liepin.com home page sets on first request.
+//
+// We use Liepin here as a fallback ONLY for the 4 adapters above. The
+// other 46 adapters continue to talk to their company's own API. Every
+// position surfaced through this factory has `source: "api-c.liepin.com"`
+// in its envelope so consumers can tell it's a third-party feed.
+//
+// ============================================================
+// API DISCOVERY (probed 2026-05-16)
+//
+//   1. GET  https://www.liepin.com/                          → Set-Cookie: XSRF-TOKEN=<token>
+//   2. POST https://api-c.liepin.com/api/com.liepin.searchfront4c.pc-search-job
+//        Content-Type: application/json;charset=UTF-8
+//        Origin:       https://www.liepin.com
+//        X-Client-Type: web
+//        X-Xsrf-Token: <token from cookie>
+//        X-Fscp-Std-Info: {"client_id": "40108"}
+//        X-Fscp-Version: 1.1
+//        Body: { data: { mainSearchPcConditionForm: { key:"<co>", city:"410",
+//                                                     dq:"410", currentPage:N,
+//                                                     pageSize:M, … },
+//                        passThroughForm: { scene:"init" } } }
+//        Response: { flag:1, data:{ data:{ jobCardList:[{ comp, job, recruiter, … }],
+//                                          compCard:{…} } } }
+//
+// `city:"410"` = 全国 (all of China). Per-city codes are documented in
+// Liepin's filter taxonomy; left as future work.
+import { randomUUID } from "node:crypto";
+import { extractResumeSignals, scoreOverlap, checkResume } from "./tencent.js";
+export { checkResume, extractResumeSignals, scoreOverlap };
+const HOME = "https://www.liepin.com";
+const SEARCH_URL = "https://api-c.liepin.com/api/com.liepin.searchfront4c.pc-search-job";
+const SOURCE = "api-c.liepin.com";
+const USER_AGENT = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36";
+// ---------- shared XSRF-TOKEN cache ----------
+// One token per Node process. Liepin's token is short-lived (~hour) but for a
+// CLI process that finishes in seconds, refreshing on every invocation is
+// fine. We still cache it within the process so multi-call workflows reuse it.
+let _token = null;
+async function getToken() {
+    if (_token && Date.now() - _token.fetchedAt < 30 * 60 * 1000) {
+        return { ok: true, xsrf: _token.value, cookie: _token.cookieHeader };
+    }
+    let response;
+    try {
+        response = await fetch(HOME, {
+            method: "GET",
+            headers: { "User-Agent": USER_AGENT, "Accept-Language": "zh-CN,zh;q=0.9" },
+        });
+    }
+    catch (err) {
+        return { ok: false, message: `network error: ${err instanceof Error ? err.message : err}` };
+    }
+    // getSetCookie() is the Node-undici-canonical API for multi-Set-Cookie headers.
+    const headersAny = response.headers;
+    const setCookies = typeof headersAny.getSetCookie === "function"
+        ? headersAny.getSetCookie.call(response.headers) ?? []
+        : (response.headers.get("set-cookie") ?? "").split(/,(?=[^;]+=)/);
+    let xsrf = "";
+    const cookieParts = [];
+    for (const c of setCookies) {
+        const kv = c.split(";")[0].trim();
+        cookieParts.push(kv);
+        if (kv.startsWith("XSRF-TOKEN="))
+            xsrf = kv.slice("XSRF-TOKEN=".length);
+    }
+    if (!xsrf) {
+        return { ok: false, message: "liepin.com did not set an XSRF-TOKEN cookie" };
+    }
+    _token = { value: xsrf, cookieHeader: cookieParts.join("; "), fetchedAt: Date.now() };
+    return { ok: true, xsrf, cookie: _token.cookieHeader };
+}
+// ---------- summarise ----------
+function summarize(card) {
+    const comp = card.comp ?? {};
+    const job = card.job ?? {};
+    return {
+        post_id: String(job.jobId ?? ""),
+        title: (job.title ?? "").trim(),
+        project: "",
+        recruit_label: job.jobKind === "1" ? "全职" : job.jobKind === "2" ? "社招" : "",
+        bgs: (comp.compIndustry ?? "").trim(),
+        work_cities: (job.dq ?? "").trim(),
+        apply_url: job.link ?? job.pcOuterLink ?? (job.jobId ? `https://www.liepin.com/job/${encodeURIComponent(String(job.jobId))}.shtml` : HOME),
+    };
+}
+// ---------- core: search for a single page ----------
+async function searchOnePage(companyName, keyword, page, pageSize) {
+    const tok = await getToken();
+    if (!tok.ok)
+        return tok;
+    const fullKey = [companyName, keyword].filter(Boolean).join(" ").trim();
+    const body = {
+        data: {
+            mainSearchPcConditionForm: {
+                city: "410",
+                dq: "410",
+                pubTime: "",
+                currentPage: Math.max(0, page - 1),
+                pageSize: Math.max(1, Math.min(40, pageSize)),
+                key: fullKey,
+                suggestTag: "",
+                workYearCode: "",
+                compId: "",
+                compName: companyName,
+                compTag: "",
+                industry: "",
+                salaryCode: "",
+                jobKind: "",
+                compScale: "",
+                compKind: "",
+                compStage: "",
+                eduLevel: "",
+                salaryLow: "",
+                salaryHigh: "",
+            },
+            passThroughForm: { scene: "init", skId: "", fkId: "", ckId: "", suggest: null },
+        },
+    };
+    let response;
+    try {
+        response = await fetch(SEARCH_URL, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json;charset=UTF-8",
+                "User-Agent": USER_AGENT,
+                Origin: HOME,
+                Referer: `${HOME}/zhaopin/?key=${encodeURIComponent(fullKey)}`,
+                Accept: "application/json, text/plain, */*",
+                "Accept-Language": "zh-CN,zh;q=0.9",
+                "X-Client-Type": "web",
+                "X-Requested-With": "XMLHttpRequest",
+                "X-Fscp-Std-Info": '{"client_id": "40108"}',
+                "X-Fscp-Version": "1.1",
+                "X-Fscp-Trace-Id": randomUUID(),
+                "X-Xsrf-Token": tok.xsrf,
+                Cookie: tok.cookie,
+            },
+            body: JSON.stringify(body),
+        });
+    }
+    catch (err) {
+        return { ok: false, message: `network error: ${err instanceof Error ? err.message : err}` };
+    }
+    if (!response.ok) {
+        return { ok: false, message: `HTTP ${response.status}: ${response.statusText}` };
+    }
+    let env;
+    try {
+        env = (await response.json());
+    }
+    catch (err) {
+        return { ok: false, message: `bad JSON: ${err instanceof Error ? err.message : err}` };
+    }
+    if (env.flag !== 1 || !env.data?.data) {
+        return { ok: false, message: env.msg ?? `flag=${env.flag} code=${env.code ?? "?"}` };
+    }
+    const inner = env.data.data;
+    const jobs = inner.jobCardList ?? [];
+    // Filter to the actual target company (Liepin's relevance ranker leaks
+    // adjacent employers when there's no exact match).
+    const exact = jobs.filter((c) => (c.comp?.compName ?? "") === companyName);
+    return {
+        ok: true,
+        total: exact.length === 0 ? jobs.length : exact.length,
+        jobs: exact.length === 0 ? jobs : exact,
+        compCard: inner.compCard,
+    };
+}
+export function createAdapter(cfg) {
+    const ATTRIBUTION = `via Liepin (api-c.liepin.com) — official portal not publicly accessible`;
+    async function searchPositions(opts = {}) {
+        const page = Math.max(1, opts.page ?? 1);
+        const pageSize = Math.max(1, Math.min(40, opts.pageSize ?? 20));
+        const r = await searchOnePage(cfg.companyName, (opts.keyword ?? "").trim(), page, pageSize);
+        if (!r.ok) {
+            return {
+                ok: false,
+                source: SOURCE,
+                company: cfg.companyName,
+                attribution: ATTRIBUTION,
+                message: r.message,
+                query: opts,
+                positions: [],
+            };
+        }
+        return {
+            ok: true,
+            source: SOURCE,
+            company: cfg.companyName,
+            attribution: ATTRIBUTION,
+            comp_card: r.compCard,
+            query: opts,
+            page,
+            page_size: pageSize,
+            total: r.total,
+            positions: r.jobs.map(summarize),
+        };
+    }
+    async function fetchAllPositions(opts = {}) {
+        const pageSize = Math.max(1, Math.min(40, opts.pageSize ?? 40));
+        const maxPages = Math.max(1, opts.maxPages ?? 10);
+        const bucket = [];
+        let total = 0;
+        let lastMsg = "ok";
+        let anyOk = false;
+        for (let page = 1; page <= maxPages; page++) {
+            const r = await searchOnePage(cfg.companyName, (opts.keyword ?? "").trim(), page, pageSize);
+            if (!r.ok) {
+                lastMsg = r.message;
+                break;
+            }
+            anyOk = true;
+            total = r.total;
+            if (!r.jobs.length)
+                break;
+            for (const c of r.jobs)
+                bucket.push(summarize(c));
+            if (r.jobs.length < pageSize)
+                break;
+        }
+        if (!anyOk) {
+            return {
+                ok: false,
+                source: SOURCE,
+                company: cfg.companyName,
+                attribution: ATTRIBUTION,
+                message: lastMsg,
+                total: 0,
+                fetched: 0,
+                positions: [],
+            };
+        }
+        return {
+            ok: true,
+            source: SOURCE,
+            company: cfg.companyName,
+            attribution: ATTRIBUTION,
+            total,
+            fetched: bucket.length,
+            positions: bucket,
+        };
+    }
+    async function fetchPositionDetail(postId) {
+        const id = (postId ?? "").trim();
+        if (!id)
+            return { ok: false, source: SOURCE, message: "post_id is required" };
+        // Liepin's detail page is `/job/{id}.shtml` — non-API, HTML-only. We
+        // surface the deep-link rather than pretend to fetch a JSON detail.
+        return {
+            ok: true,
+            source: SOURCE,
+            company: cfg.companyName,
+            attribution: ATTRIBUTION,
+            post_id: id,
+            apply_url: `https://www.liepin.com/job/${encodeURIComponent(id)}.shtml`,
+            message: "Liepin position detail is HTML-only; visit apply_url for the full JD.",
+        };
+    }
+    async function fetchDictionaries() {
+        // Surface the compCard payload (industry / scale / tags) as the closest
+        // thing to a "taxonomy" we can offer from a third-party aggregator.
+        const r = await searchOnePage(cfg.companyName, "", 1, 5);
+        if (!r.ok) {
+            return { ok: false, source: SOURCE, message: r.message };
+        }
+        return {
+            ok: true,
+            source: SOURCE,
+            company: cfg.companyName,
+            attribution: ATTRIBUTION,
+            comp_card: r.compCard ?? null,
+            note: "Liepin doesn't expose a per-company filter taxonomy; comp_card holds " +
+                "the company profile (industry, scale, stage, tags).",
+        };
+    }
+    const NOTICES_MSG = `${cfg.label}: surfaced via Liepin aggregator; no notices endpoint available.`;
+    async function listNotices() {
+        return { ok: false, source: SOURCE, message: NOTICES_MSG, notices: [] };
+    }
+    async function getNotice(noticeId) {
+        return { ok: false, source: SOURCE, message: NOTICES_MSG, notice_id: noticeId };
+    }
+    async function findNoticesByQuestion(question, _opts = {}) {
+        return { ok: false, source: SOURCE, question, message: NOTICES_MSG, matches: [] };
+    }
+    // matchResume reuses extractResumeSignals / scoreOverlap from tencent.ts
+    // so the contract matches every other adapter.
+    async function matchResume(text, opts = {}) {
+        const topN = Math.max(1, opts.topN ?? 5);
+        const candidates = Math.max(topN, opts.candidates ?? 20);
+        const { terms, cities } = extractResumeSignals(text ?? "");
+        if (!terms.length) {
+            return {
+                ok: false,
+                source: SOURCE,
+                message: "could not extract any technical signals from the text",
+                preview: (text ?? "").slice(0, 120),
+            };
+        }
+        const keyword = terms.slice(0, 3).join(" ");
+        const list = await searchPositions({ keyword, page: 1, pageSize: 40 });
+        if (!list.ok) {
+            return { ok: false, source: SOURCE, message: list.message, positions: [] };
+        }
+        const scored = [];
+        for (const p of list.positions) {
+            const blob = [p.title, p.bgs, p.work_cities, p.recruit_label].join(" ");
+            const { score, reasons } = scoreOverlap(blob, terms, cities);
+            if (score > 0)
+                scored.push({ score, position: p, reasons });
+        }
+        scored.sort((a, b) => b.score - a.score);
+        let shortlist = scored.slice(0, Math.max(topN, candidates));
+        if (!shortlist.length) {
+            shortlist = list.positions.slice(0, candidates).map((position) => ({ score: 0, position, reasons: [] }));
+        }
+        const matches = shortlist.slice(0, topN).map((s) => {
+            const mr = s.reasons.length > 0
+                ? s.reasons.slice(0, 5)
+                : ["no specific keyword overlap — surfaced from Liepin search"];
+            return { ...s.position, match_reasons: mr };
+        });
+        return {
+            ok: true,
+            source: SOURCE,
+            attribution: ATTRIBUTION,
+            extracted_terms: terms,
+            city_preferences: cities,
+            matches,
+            note: "match_reasons surfaces overlapping keywords, not a probability of getting an interview. " +
+                "The only authority on selection is HR.",
+        };
+    }
+    return {
+        searchPositions,
+        fetchAllPositions,
+        fetchPositionDetail,
+        fetchDictionaries,
+        listNotices,
+        getNotice,
+        findNoticesByQuestion,
+        matchResume,
+        checkResume,
+    };
+}

package/dist/webank.js

@@ -1,62 +1,25 @@
-// 微众银行 (WeBank) — stub adapter for `job-pro`.
+// 微众银行 (WeBank) careers adapter — Liepin aggregator fallback.
 //
-// STATUS: stub-only. WeBank operates a campus-recruiting portal at
-// career.webank.com but the domain is not resolvable from public DNS, and
-// every public ATS slug we probed (Feishu, Moka, Greenhouse, Lever) returns
-// 404. WeBank's hiring funnel runs entirely through WeChat mini-programs.
+// WeBank's career page at www.webank.com/career/ is a 15KB static Vue
+// brochure with no embedded job feed; recruitment runs through the
+// 微众银行招聘 WeChat 公众号 → 微信小程序 chain. We surface real
+// currently-open WeBank positions by querying Liepin
+// (api-c.liepin.com) filtered by compName="微众银行". See
+// `cli/src/liepin.ts` for the shared factory.
 //
-// ============================================================
-// RECONNAISSANCE RESULTS (probed 2026-05):
-//
-//   https://career.webank.com   — 000 (no public DNS / unreachable)
-//   https://job.webank.com      — 000 (no public DNS / unreachable)
-//   https://hr.webank.com       — 000 (no public DNS / unreachable)
-//
-//   Feishu ATSX:    webank.jobs.feishu.cn — HTTP 400 (no portal)
-//   Greenhouse:     webank                — HTTP 404 (no board)
-//   Lever:          webank                — HTTP 404 (no posting)
-//
-//   The official 微众银行招聘 WeChat 公众号 publishes openings as articles
-//   and routes applications into a mini-program; no JSON surface is exposed.
-//
-// Conclusion: no unauthenticated public API. Apply via the WeChat 微众银行招聘
-// account or visit https://www.webank.com/ for company contact info.
-import { extractResumeSignals, scoreOverlap, checkResume } from "./tencent.js";
-export { checkResume };
-const SOURCE = "webank.com";
-const STUB_MESSAGE = "WeBank (微众银行): career.webank.com and sibling subdomains fail to resolve over public DNS. " +
-    "Recruiting runs through the WeChat 微众银行招聘 mini-program; no Greenhouse / Lever / Feishu " +
-    "tenant provisioned. No unauthenticated public API available.";
-export async function searchPositions(_opts = {}) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, query: {}, positions: [] };
-}
-export async function fetchAllPositions(_opts = {}) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, total: 0, fetched: 0, positions: [] };
-}
-export async function fetchPositionDetail(postId) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, post_id: postId };
-}
-export async function fetchDictionaries() {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE };
-}
-export async function listNotices() {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, notices: [] };
-}
-export async function getNotice(noticeId) {
-    return { ok: false, source: SOURCE, message: STUB_MESSAGE, notice_id: noticeId };
-}
-export async function findNoticesByQuestion(question, _opts = {}) {
-    return { ok: false, source: SOURCE, question, message: STUB_MESSAGE, matches: [] };
-}
-export async function matchResume(text, _opts = {}) {
-    const { terms, cities } = extractResumeSignals(text ?? "");
-    return {
-        ok: false,
-        source: SOURCE,
-        extracted_terms: terms,
-        city_preferences: cities,
-        matches: [],
-        message: STUB_MESSAGE,
-    };
-}
-export { extractResumeSignals, scoreOverlap };
+// Source: api-c.liepin.com (`source` field on responses) — clearly NOT
+// the same as WeBank's WeChat mini-program funnel.
+import { createAdapter } from "./liepin.js";
+const adapter = createAdapter({
+    companyName: "微众银行",
+    label: "WeBank / 微众银行",
+});
+export const searchPositions = adapter.searchPositions;
+export const fetchAllPositions = adapter.fetchAllPositions;
+export const fetchPositionDetail = adapter.fetchPositionDetail;
+export const fetchDictionaries = adapter.fetchDictionaries;
+export const listNotices = adapter.listNotices;
+export const getNotice = adapter.getNotice;
+export const findNoticesByQuestion = adapter.findNoticesByQuestion;
+export const matchResume = adapter.matchResume;
+export const checkResume = adapter.checkResume;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "job-pro",
-  "version": "0.7.5",
-  "description": "Query Chinese big-tech campus recruiting from your terminal. 50 companies, 46 live (incl. Lilith via local Chrome / puppeteer-core). +Hikvision via CDP + CN proxy when JOB_PRO_HTTPS_PROXY is set. No signup, no token, no server.",
+  "version": "0.8.0",
+  "description": "Query Chinese big-tech campus recruiting from your terminal. 50 companies, all 50 live. 46 via each company's own API; the 4 with no public canonical feed (Hikvision, CICC, Cainiao, WeBank) surfaced via Liepin as a clearly-labeled third-party fallback. No signup, no token, no server.",
   "homepage": "https://job.ha7ch.com",
   "repository": "https://github.com/HA7CH/job-pro",
   "license": "MIT",