npm - job-pro - Versions diffs - 1.0.35 → 1.0.36 - Mend

job-pro 1.0.35 → 1.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +19 -0
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -716,6 +716,25 @@ async function runCompany(adapter, company, rawArgs) {
                     message: `${staged.unanswered_required.length} required field(s) still unanswered; refusing to submit incomplete application`,
                 }, compact);
             }
+            // Speculative-endpoint gate (4th safety layer). 19 of 22 bespoke
+            // multipart-session endpoints returned 404 on no-auth probe — the
+            // inferred URLs are wrong guesses. Refusing by default prevents
+            // accidental fires against broken endpoints; users who *want* to
+            // shake out what the real endpoint should be opt in via env.
+            const allowSpeculative = process.env.JOB_PRO_ALLOW_SPECULATIVE_ENDPOINT === "yes";
+            if (staged.submit_kind !== "external" && staged.submit_kind !== "multipart-anon" && staged.endpoint_verified !== true && !allowSpeculative) {
+                return emit({
+                    ok: false,
+                    source: company,
+                    post_id: postId,
+                    mode: "really-submit-blocked",
+                    staged,
+                    message: `submit_endpoint for ${company} is speculative — inferred from JS-bundle recon, ` +
+                        `not end-to-end verified. Most such endpoints (19 of 22 probed) are wrong and ` +
+                        `would 4xx. Verify with \`apply ${postId} --debug-submit-to <your-echo-url>\` first, ` +
+                        `or set \`JOB_PRO_ALLOW_SPECULATIVE_ENDPOINT=yes\` if you're knowingly probing.`,
+                }, compact);
+            }
             // Submission flow selection by submit_kind. Only the generic
             // multipart families are wired to actually fire today; everything
             // else gets a useful refusal message.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "job-pro",
-  "version": "1.0.35",
+  "version": "1.0.36",
   "description": "Query Chinese big-tech campus recruiting from your terminal. 50 companies, all 50 live. 46 via each company's own API; the 4 with no public canonical feed (Hikvision, CICC, Cainiao, WeBank) surfaced via Liepin as a clearly-labeled third-party fallback. No signup, no token, no server.",
   "homepage": "https://job.ha7ch.com",
   "repository": "https://github.com/HA7CH/job-pro",