opencode-api-security-testing 5.4.7 → 5.4.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-api-security-testing",
-  "version": "5.4.7",
+  "version": "5.4.9",
   "description": "API Security Testing Plugin for OpenCode - Automated vulnerability scanning and penetration testing",
   "type": "module",
   "main": "src/index.ts",

package/postinstall.mjs

@@ -145,13 +145,25 @@ function installPlaywright(pythonCmd) {
   const pipCmd = checkPip(pythonCmd);
   if (!pipCmd) return { success: false, error: "pip not found" };
   
-  const pkgResult = installPythonPackage(pipCmd, "playwright");
-  if (!pkgResult.success) return pkgResult;
+  // 安装 Playwright 包（增加超时时间）
+  const pkgResult = runCommand(`${pipCmd} install playwright`, 180000);
+  if (!pkgResult.success) {
+    console.log(`  ⚠ Failed to install playwright package: ${pkgResult.error}`);
+    return { success: false, error: pkgResult.error };
+  }
+  console.log("  ✓ Playwright package installed");
   
-  console.log("  Installing Playwright browsers (chromium)...");
-  const browserResult = runCommand(`${pythonCmd} -m playwright install chromium`, 300000);
-  if (browserResult.success) return { success: true, error: "" };
+  // 安装浏览器（增加超时时间到 10 分钟）
+  console.log("  Installing Playwright browsers (chromium) - this may take several minutes...");
+  const browserResult = runCommand(`${pythonCmd} -m playwright install chromium`, 600000);
+  if (browserResult.success) {
+    console.log("  ✓ Playwright browsers installed");
+    return { success: true, error: "" };
+  }
   
+  console.log(`  ⚠ Browser installation failed: ${browserResult.error}`);
+  console.log("  → browser_collect tool will have limited functionality");
+  console.log(`  → Manual fix: ${pythonCmd} -m playwright install chromium`);
   return { success: false, error: browserResult.error };
 }
 

package/src/index.ts

@@ -733,13 +733,15 @@ print(result)
           const deps = checkDeps(ctx);
           const corePath = getCorePath(ctx);
           const collectionMode = args.mode || config.collection_mode;
+          // 使用 JSON 格式传递参数，避免字符串转义问题
+          const paramsJson = JSON.stringify({ mode: collectionMode });
           const cmd = `${deps}python3 -c "
 import sys
+import json
 sys.path.insert(0, '${corePath}')
 from collectors.browser_collector import BrowserCollectorFacade
 facade = BrowserCollectorFacade(headless=True)
-result = facade.collect_all('${args.url}', {'mode': '${collectionMode}'})
-import json
+result = facade.collect_all('${args.url}', ${paramsJson})
 print(json.dumps(result, indent=2))
 "`;
           return await execShell(ctx, cmd);
@@ -1606,28 +1608,6 @@ ${LEVEL_PROMPTS[level]}
       console.log(`[api-security-testing] Injected context via synthetic part, session=${sessionID}, length=${pending.merged.length}`);
     },
   };
-}
-      }
-
-      // 会话删除或压缩 - 清理状态
-      if (event.type === "session.deleted" || event.type === "session.compacted") {
-        const props = event.properties as Record<string, unknown> | undefined;
-        let sessionID: string | undefined;
-
-        if (event.type === "session.deleted") {
-          sessionID = (props?.info as { id?: string })?.id;
-        } else {
-          sessionID = (props?.sessionID ?? (props?.info as { id?: string })?.id) as string | undefined;
-        }
-
-        if (sessionID) {
-          clearSessionState(sessionID);
-          resetFailureCount(sessionID);
-          resetModelFailures(sessionID);
-        }
-      }
-    },
-  };
 };
 
 export default ApiSecurityTestingPlugin;