opencode-pollinations-plugin 6.2.5 → 6.2.7-1

package/dist/server/tier-info.js

@@ -0,0 +1,96 @@
+/**
+ * Tier Information - Central Configuration
+ *
+ * Hourly quota system (Pollinations API v2026-03)
+ * Quotas reset every hour at :00
+ */
+export const TIER_INFO = {
+    microbe: {
+        name: 'Microbe',
+        emoji: '🦠',
+        hourlyPollen: 0.01,
+        dailyEstimate: 0.24,
+        condition: 'Just register!',
+        conditionKey: 'tier.condition.signup',
+    },
+    spore: {
+        name: 'Spore',
+        emoji: '🍄',
+        hourlyPollen: 0.01,
+        dailyEstimate: 0.24,
+        condition: 'Automatic verification',
+        conditionKey: 'tier.condition.auto_verify',
+    },
+    seed: {
+        name: 'Seed',
+        emoji: '🌱',
+        hourlyPollen: 0.15,
+        dailyEstimate: 3.6,
+        condition: '8+ dev points (weekly auto-upgrade)',
+        conditionKey: 'tier.condition.dev_points',
+    },
+    flower: {
+        name: 'Flower',
+        emoji: '🌸',
+        hourlyPollen: 0.4,
+        dailyEstimate: 9.6,
+        condition: 'Publish an app',
+        conditionKey: 'tier.condition.publish_app',
+    },
+    nectar: {
+        name: 'Nectar',
+        emoji: '🍯',
+        hourlyPollen: 0.8,
+        dailyEstimate: 19.2,
+        condition: 'Coming soon 🔮',
+        conditionKey: 'tier.condition.coming_soon',
+    },
+};
+/**
+ * Get tier info by name
+ */
+export function getTierInfo(tierName) {
+    return TIER_INFO[tierName.toLowerCase()];
+}
+/**
+ * Get all tiers as array (sorted by hourlyPollen)
+ */
+export function getAllTiers() {
+    return Object.values(TIER_INFO).sort((a, b) => a.hourlyPollen - b.hourlyPollen);
+}
+/**
+ * Format tier list for display (markdown table)
+ */
+export function formatTierTable(lang = 'en') {
+    const tiers = getAllTiers();
+    const headers = {
+        en: '| Tier | Hourly | Daily (est.) | Condition |',
+        fr: '| Palier | Horaire | Journalier (est.) | Condition |',
+        es: '| Nivel | Por hora | Diario (est.) | Condición |',
+        de: '| Stufe | Pro Stunde | Täglich (ca.) | Bedingung |',
+        it: '| Livello | Orario | Giornaliero (stima) | Condizione |',
+    };
+    const separator = '|------|---------|----------------|-----------|';
+    const rows = tiers.map(tier => {
+        const conditionText = lang === 'fr' ? tier.condition : tier.condition;
+        return `| ${tier.emoji} **${tier.name}** | **${tier.hourlyPollen} pollen/h** | ~${tier.dailyEstimate}/day | ${conditionText} |`;
+    });
+    return [headers[lang], separator, ...rows].join('\n');
+}
+/**
+ * Get dynamic tier description with hourly rates
+ */
+export function getTierDescription(lang = 'en') {
+    const isFrench = lang === 'fr';
+    const pollenWord = isFrench ? 'Pollen' : 'Pollen';
+    const perHour = isFrench ? '/heure' : '/hour';
+    const perDay = isFrench ? '/jour (est.)' : '/day (est.)';
+    const tiers = getAllTiers();
+    const lines = tiers.map(tier => {
+        const conditionText = isFrench ?
+            (tier.conditionKey === 'tier.condition.publish_app' ? '**Publier une App** (comme ce plugin !)' : tier.condition) :
+            tier.condition;
+        return `- ${tier.emoji} **${tier.name}** (**${tier.hourlyPollen} ${pollenWord}${perHour}** ≈ ~${tier.dailyEstimate}${perDay}) : ${conditionText}`;
+    });
+    return lines.join('\n');
+}

package/dist/tools/pollinations/beta_discovery.d.ts

@@ -1,9 +1,16 @@
 /**
- * beta_discovery Tool (API Explorer V3 - Hybrid Probe)
+ * beta_discovery Tool (API Explorer V4 — Defense-in-Depth)
  *
- * Combines reading the official OpenAPI Specification with active
- * blackbox probing (triggering HTTP 400/422 ValidationErrors) to
- * discover hidden or undocumented enums and parameters.
+ * Combines reading the official OpenAPI Specification with hardened
+ * blackbox fuzzing that GUARANTEES HTTP 400 responses by forcefully
+ * injecting invalid values. The AI agent NEVER controls the actual
+ * values sent to the API.
+ *
+ * Security Layers:
+ * 1. Command Whitelist — only 4 commands exist
+ * 2. Endpoint Whitelist — only 4 API routes are probeable
+ * 3. Value Injection — fuzz values are hardcoded, AI cannot override
+ * 4. Payload Sabotage — fuzz corrupts, probe_missing removes keys
  */
 import { type ToolDefinition } from '@opencode-ai/plugin/tool';
 export declare const polliBetaDiscoveryTool: ToolDefinition;

package/dist/tools/pollinations/beta_discovery.js

@@ -1,33 +1,40 @@
 /**
- * beta_discovery Tool (API Explorer V3 - Hybrid Probe)
+ * beta_discovery Tool (API Explorer V4 — Defense-in-Depth)
  *
- * Combines reading the official OpenAPI Specification with active
- * blackbox probing (triggering HTTP 400/422 ValidationErrors) to
- * discover hidden or undocumented enums and parameters.
+ * Combines reading the official OpenAPI Specification with hardened
+ * blackbox fuzzing that GUARANTEES HTTP 400 responses by forcefully
+ * injecting invalid values. The AI agent NEVER controls the actual
+ * values sent to the API.
+ *
+ * Security Layers:
+ * 1. Command Whitelist — only 4 commands exist
+ * 2. Endpoint Whitelist — only 4 API routes are probeable
+ * 3. Value Injection — fuzz values are hardcoded, AI cannot override
+ * 4. Payload Sabotage — fuzz corrupts, probe_missing removes keys
  */
 import { tool } from '@opencode-ai/plugin/tool';
 import { emitStatusToast } from '../../server/toast.js';
 import { getApiKey } from './shared.js';
-import * as fs from 'fs';
+import { ModelRegistry } from '../../server/models/index.js';
 import * as https from 'https';
-// Primary URL for the OpenAPI spec
+// ─── Constants ───────────────────────────────────────────────────────────
 const OPENAPI_URL = 'https://enter.pollinations.ai/api/docs/open-api/generate-schema';
-// Fallback local path
-const LOCAL_FALLBACK_PATH = '/home/fkomp/Bureau/oracle/Documentations/API - Severals documentations for multiples api usages/pollinations/pollinations_enter_beta/PolinationsGenBeta_api.json';
+// Hardcoded fuzz sentinel values — AI cannot change these
+const FUZZ_STRING = '@@_FUZZ_INTENTIONAL_INVALID_VALUE_@@';
+const FUZZ_NUMBER = -9999999;
+const FUZZ_BOOLEAN = 'NOT_A_BOOLEAN';
+// Strict endpoint whitelist — only these paths can be probed
+const ALLOWED_PROBE_ENDPOINTS = new Set([
+    '/v1/chat/completions',
+    '/video/{prompt}',
+    '/image/{prompt}',
+    '/audio/{text}',
+]);
+// ─── OpenAPI Schema Cache ────────────────────────────────────────────────
 let cachedSchema = null;
 async function fetchOpenApiSchema() {
     if (cachedSchema)
         return cachedSchema;
-    try {
-        if (fs.existsSync(LOCAL_FALLBACK_PATH)) {
-            const data = fs.readFileSync(LOCAL_FALLBACK_PATH, 'utf-8');
-            cachedSchema = JSON.parse(data);
-            return cachedSchema;
-        }
-    }
-    catch (e) {
-        // Fallthrough
-    }
     try {
         const response = await fetch(OPENAPI_URL);
         if (!response.ok)
@@ -36,165 +43,310 @@ async function fetchOpenApiSchema() {
         return cachedSchema;
     }
     catch (e) {
-        throw new Error(`Failed to load OpenAPI Schema: ${e.message}`);
+        throw new Error(`Failed to load OpenAPI Schema from ${OPENAPI_URL}: ${e.message}`);
     }
 }
-async function probeEndpoint(method, endpointUrl, payloadStr) {
-    return new Promise((resolve, reject) => {
+// ─── HTTPS Helper (POST only for safety) ─────────────────────────────────
+function sendProbeRequest(endpointPath, payload) {
+    return new Promise((resolve) => {
         const apiKey = getApiKey();
-        const urlObj = new URL(endpointUrl.startsWith('http') ? endpointUrl : `https://gen.pollinations.ai${endpointUrl.startsWith('/') ? '' : '/'}${endpointUrl}`);
+        const fullUrl = `https://gen.pollinations.ai${endpointPath.startsWith('/') ? '' : '/'}${endpointPath}`;
+        let urlObj;
+        try {
+            urlObj = new URL(fullUrl);
+        }
+        catch (e) {
+            return resolve(`❌ Invalid URL constructed: ${fullUrl}`);
+        }
+        const postData = JSON.stringify(payload);
         const options = {
-            method: method,
+            method: 'POST', // ALWAYS POST — never GET (GET on /image/ or /video/ triggers generation)
             headers: {
-                'User-Agent': 'OpenCode-Probe-Tool/3.0',
-                'Accept': 'application/json'
+                'User-Agent': 'OpenCode-Probe-V4/1.0',
+                'Accept': 'application/json',
+                'Content-Type': 'application/json',
+                'Content-Length': Buffer.byteLength(postData),
             }
         };
         if (apiKey) {
             options.headers['Authorization'] = `Bearer ${apiKey}`;
         }
-        let postData;
-        if (method === 'POST') {
-            options.headers['Content-Type'] = 'application/json';
-            if (payloadStr) {
-                try {
-                    // Try to parse just to validate it's json, but send the string
-                    JSON.parse(payloadStr);
-                    postData = payloadStr;
-                    options.headers['Content-Length'] = Buffer.byteLength(postData);
-                }
-                catch (e) {
-                    return resolve(`❌ Error: payload_json must be a valid JSON string. Parse error: ${e.message}`);
-                }
-            }
-            else {
-                postData = '{}';
-                options.headers['Content-Length'] = Buffer.byteLength(postData);
-            }
-        }
-        else if (method === 'GET' && payloadStr) {
-            try {
-                const queryParams = JSON.parse(payloadStr);
-                for (const [key, value] of Object.entries(queryParams)) {
-                    urlObj.searchParams.append(key, String(value));
-                }
-            }
-            catch (e) {
-                return resolve(`❌ Error: payload_json must be a valid JSON string representing query params. Parse error: ${e.message}`);
-            }
-        }
         const req = https.request(urlObj, options, (res) => {
             let data = '';
             res.on('data', chunk => data += chunk);
             res.on('end', () => {
-                let formattedResult = `**HTTP Status:** \`${res.statusCode} ${res.statusMessage}\`\n`;
-                formattedResult += `**Content-Type:** \`${res.headers['content-type']}\`\n\n`;
+                let result = `**HTTP Status:** \`${res.statusCode} ${res.statusMessage}\`\n`;
+                result += `**Method:** \`POST\` (forced)\n`;
+                result += `**URL:** \`${fullUrl}\`\n`;
+                result += `**Content-Type:** \`${res.headers['content-type']}\`\n\n`;
                 try {
                     const parsed = JSON.parse(data);
-                    // Highlight Validation Errors (The main goal of the probe)
                     if (res.statusCode === 400 || res.statusCode === 422 || parsed.fieldErrors || parsed.error) {
-                        formattedResult += `### 🚨 Validation Error Detected (Jackpot!)\n`;
-                        formattedResult += `\`\`\`json\n${JSON.stringify(parsed, null, 2)}\n\`\`\``;
+                        result += `### 🚨 Validation Error — Constraints Revealed!\n`;
+                        result += `\`\`\`json\n${JSON.stringify(parsed, null, 2)}\n\`\`\``;
+                    }
+                    else if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
+                        result += `### ⚠️ Unexpected 2xx Response (probe may have triggered real processing)\n`;
+                        result += `\`\`\`json\n${JSON.stringify(parsed, null, 2).substring(0, 1500)}${data.length > 1500 ? '\n... (truncated)' : ''}\n\`\`\``;
                     }
                     else {
-                        formattedResult += `### Response Body\n`;
-                        formattedResult += `\`\`\`json\n${JSON.stringify(parsed, null, 2).substring(0, 2000)}${data.length > 2000 ? '\n... (truncated)' : ''}\n\`\`\``;
+                        result += `### Response Body\n`;
+                        result += `\`\`\`json\n${JSON.stringify(parsed, null, 2).substring(0, 2000)}${data.length > 2000 ? '\n... (truncated)' : ''}\n\`\`\``;
                     }
                 }
                 catch (e) {
-                    // Not JSON
-                    formattedResult += `### Raw Response Body\n`;
-                    formattedResult += `\`\`\`text\n${data.substring(0, 2000)}${data.length > 2000 ? '\n... (truncated)' : ''}\n\`\`\``;
+                    result += `### Raw Response\n`;
+                    result += `\`\`\`text\n${data.substring(0, 2000)}${data.length > 2000 ? '\n... (truncated)' : ''}\n\`\`\``;
                 }
-                resolve(formattedResult);
+                resolve(result);
             });
         });
         req.on('error', (e) => resolve(`❌ Request Error: ${e.message}`));
-        if (postData)
-            req.write(postData);
+        req.setTimeout(10000, () => {
+            req.destroy();
+            resolve('❌ Request Timeout (10s)');
+        });
+        req.write(postData);
         req.end();
     });
 }
+// ─── Security: Endpoint Validation ───────────────────────────────────────
+function validateEndpoint(path) {
+    if (!ALLOWED_PROBE_ENDPOINTS.has(path)) {
+        const allowed = Array.from(ALLOWED_PROBE_ENDPOINTS).join(', ');
+        return `❌ SECURITY: Endpoint \`${path}\` is NOT in the whitelist.\nAllowed endpoints: ${allowed}\n\nUse \`search_schema\` to explore the OpenAPI spec instead.`;
+    }
+    return null; // OK
+}
+// ─── Command: search_schema ──────────────────────────────────────────────
+async function cmdSearchSchema(query) {
+    const schema = await fetchOpenApiSchema();
+    const results = [];
+    const queryLower = query.toLowerCase();
+    const search = (obj, currentPath) => {
+        if (typeof obj !== 'object' || obj === null)
+            return;
+        // Check current node
+        if (typeof obj === 'object') {
+            // Check enum values
+            if (obj.enum && Array.isArray(obj.enum)) {
+                const enumStr = obj.enum.join(', ');
+                if (currentPath.toLowerCase().includes(queryLower) || enumStr.toLowerCase().includes(queryLower)) {
+                    results.push({
+                        path: currentPath,
+                        type: 'enum',
+                        detail: `Values: [${enumStr}]${obj.description ? ` — ${obj.description}` : ''}`
+                    });
+                }
+            }
+            // Check description
+            if (typeof obj.description === 'string' && obj.description.toLowerCase().includes(queryLower)) {
+                if (!results.find(r => r.path === currentPath)) {
+                    results.push({
+                        path: currentPath,
+                        type: 'description',
+                        detail: obj.description.substring(0, 300)
+                    });
+                }
+            }
+            // Check parameter names
+            if (typeof obj.name === 'string' && obj.name.toLowerCase().includes(queryLower)) {
+                results.push({
+                    path: currentPath,
+                    type: 'parameter',
+                    detail: `Name: ${obj.name}, Type: ${obj.schema?.type || obj.type || '?'}${obj.required ? ' (REQUIRED)' : ''}${obj.description ? ` — ${obj.description.substring(0, 200)}` : ''}`
+                });
+            }
+        }
+        // Recurse
+        for (const [key, value] of Object.entries(obj)) {
+            search(value, currentPath ? `${currentPath}.${key}` : key);
+        }
+    };
+    search(schema, '');
+    if (results.length === 0) {
+        return `ℹ️ No matches found for "${query}" in the OpenAPI specification.\nTry broader terms like "model", "voice", "duration", "aspect", "format".`;
+    }
+    // Deduplicate and cap at 30 results
+    const unique = results.slice(0, 30);
+    let output = `### 🔍 OpenAPI Search Results for "${query}" (${unique.length} matches)\n\n`;
+    for (const r of unique) {
+        output += `- **\`${r.path}\`** [${r.type}]\n  ${r.detail}\n\n`;
+    }
+    if (results.length > 30) {
+        output += `\n_... and ${results.length - 30} more matches. Refine your query._`;
+    }
+    return output;
+}
+// ─── Command: fuzz_parameter ─────────────────────────────────────────────
+async function cmdFuzzParameter(endpointPath, basePayloadStr, fuzzTarget) {
+    // Security Layer 2: Endpoint whitelist
+    const endpointError = validateEndpoint(endpointPath);
+    if (endpointError)
+        return endpointError;
+    // Parse the base payload
+    let payload;
+    try {
+        payload = JSON.parse(basePayloadStr);
+    }
+    catch (e) {
+        return `❌ Error: base_payload_json is not valid JSON: ${e.message}`;
+    }
+    if (typeof payload !== 'object' || payload === null || Array.isArray(payload)) {
+        return '❌ Error: base_payload_json must be a JSON object (not array or primitive)';
+    }
+    // Security Layer 3: Forced value injection
+    // Detect the current type to inject the right sabotage value
+    const currentValue = payload[fuzzTarget];
+    let injectedValue;
+    if (typeof currentValue === 'number') {
+        injectedValue = FUZZ_NUMBER;
+    }
+    else if (typeof currentValue === 'boolean') {
+        injectedValue = FUZZ_BOOLEAN;
+    }
+    else {
+        // Default to string fuzz for unknown/string/undefined types
+        injectedValue = FUZZ_STRING;
+    }
+    // Force-inject the fuzz value — AI CANNOT override this
+    payload[fuzzTarget] = injectedValue;
+    const header = `### 🧪 Fuzzing \`${fuzzTarget}\` on \`${endpointPath}\`\n`;
+    const info = `**Injected value:** \`${JSON.stringify(injectedValue)}\` (forced by security layer)\n`;
+    const payloadPreview = `**Payload sent:**\n\`\`\`json\n${JSON.stringify(payload, null, 2)}\n\`\`\`\n\n`;
+    const response = await sendProbeRequest(endpointPath, payload);
+    return header + info + payloadPreview + '---\n\n' + response;
+}
+// ─── Command: probe_missing ──────────────────────────────────────────────
+async function cmdProbeMissing(endpointPath, basePayloadStr, removeKey) {
+    // Security Layer 2: Endpoint whitelist
+    const endpointError = validateEndpoint(endpointPath);
+    if (endpointError)
+        return endpointError;
+    // Parse the base payload
+    let payload;
+    try {
+        payload = JSON.parse(basePayloadStr);
+    }
+    catch (e) {
+        return `❌ Error: base_payload_json is not valid JSON: ${e.message}`;
+    }
+    if (typeof payload !== 'object' || payload === null || Array.isArray(payload)) {
+        return '❌ Error: base_payload_json must be a JSON object (not array or primitive)';
+    }
+    // Security Layer 4: Payload sabotage — REMOVE the key entirely
+    const hadKey = removeKey in payload;
+    delete payload[removeKey];
+    const header = `### 🔬 Testing if \`${removeKey}\` is required on \`${endpointPath}\`\n`;
+    const info = `**Key "${removeKey}" ${hadKey ? 'existed and was REMOVED' : 'was NOT present'}**\n`;
+    const payloadPreview = `**Payload sent (without "${removeKey}"):**\n\`\`\`json\n${JSON.stringify(payload, null, 2)}\n\`\`\`\n\n`;
+    const response = await sendProbeRequest(endpointPath, payload);
+    return header + info + payloadPreview + '---\n\n' + response;
+}
+// ─── Command: list_models_registry ───────────────────────────────────────
+function cmdListModelsRegistry(category) {
+    if (!ModelRegistry.isReady()) {
+        return '⚠️ ModelRegistry is not yet initialized. The plugin may still be loading. Try again in a few seconds.';
+    }
+    const validCategories = ['image', 'video', 'audio', 'text'];
+    if (category && !validCategories.includes(category)) {
+        return `❌ Invalid category "${category}". Valid: ${validCategories.join(', ')}`;
+    }
+    const models = category
+        ? ModelRegistry.list(category)
+        : ModelRegistry.all();
+    if (models.length === 0) {
+        return `ℹ️ No models found${category ? ` in category "${category}"` : ''}.`;
+    }
+    let output = `### 📦 Local Model Registry${category ? ` — ${category}` : ' — All Categories'} (${models.length} models)\n\n`;
+    // Group by category
+    const grouped = new Map();
+    for (const m of models) {
+        const cat = m.category;
+        if (!grouped.has(cat))
+            grouped.set(cat, []);
+        grouped.get(cat).push(m);
+    }
+    for (const [cat, catModels] of grouped) {
+        output += `#### ${cat.toUpperCase()} (${catModels.length})\n\n`;
+        output += `| Model | Description | Paid | I2X | Tools | Modalities |\n`;
+        output += `|-------|-------------|------|-----|-------|------------|\n`;
+        for (const m of catModels) {
+            const desc = (m.description || '').substring(0, 40);
+            const paid = m.paid_only ? '💎' : '🆓';
+            const i2x = m.supportsI2X ? '✅' : '—';
+            const tools = m.tools ? '✅' : '—';
+            const mods = `${m.input_modalities.join(',')}→${m.output_modalities.join(',')}`;
+            output += `| \`${m.name}\` | ${desc} | ${paid} | ${i2x} | ${tools} | ${mods} |\n`;
+        }
+        output += '\n';
+    }
+    return output;
+}
+// ─── Tool Export ─────────────────────────────────────────────────────────
 export const polliBetaDiscoveryTool = tool({
-    description: `Explore the Pollinations API using Hybrid Discovery (OpenAPI + Active Probing).
-Use this tool ONLY to reverse engineer and fill the manual registry. Do not use this tool lightly for general operations.
+    description: `API Explorer V4 (Defense-in-Depth) — Safely explore the Pollinations API without risking billing.
+Use this tool ONLY to reverse-engineer API parameters and fill the manual registry.
+
+🛡️ SECURITY: This tool uses 4 layers of protection to prevent accidental billing:
+- All probe values are force-injected (you cannot send valid values)
+- Only whitelisted endpoints can be probed
+- All probes use POST method (prevents GET-based generation)
+- The payload is always sabotaged (invalid value OR missing required key)
 
-🔥 CRITICAL RULES FOR AI AGENTS:
-1. The EXACT and ONLY base URL for any generative media endpoints (image, video, audio) is: **https://gen.pollinations.ai**
-2. The URL 'enter.pollinations.ai' is strictly reserved for the OpenAPI schema documentation and account management. Do NOT hallucinate target endpoints on it!
+Commands:
+- 'search_schema': Search the OpenAPI spec for keywords (e.g. "aspectRatio", "voice", "duration"). Pure read, zero network requests.
+- 'fuzz_parameter': Send a request with an intentionally INVALID value for a specific parameter. The tool force-injects garbage to trigger Zod validation errors that reveal real constraints. YOU DO NOT CONTROL THE VALUE SENT.
+- 'probe_missing': Remove a key from the payload to test if it's required. Sends an incomplete request to trigger "Required" errors.
+- 'list_models_registry': Show all models from the local ModelRegistry cache. Zero network requests. Use this first to understand what the plugin already knows.
 
-Commands available:
-- 'list_endpoints': (Whitebox) Returns all routes from OpenAPI.
-- 'get_endpoint': (Whitebox) Returns param schema for a route from OpenAPI.
-- 'get_enums': (Whitebox) Recursively searches the OpenAPI spec for a parameter enum (e.g. 'voice', 'model').
-- 'probe_endpoint': (Blackbox) Sends a real HTTP request (GET or POST) to trigger API validation errors (HTTP 400). Use this to reverse-engineer undocumented enums by sending invalid values. The tool auto-injects your API key.`,
+Allowed probe endpoints: /v1/chat/completions, /video/{prompt}, /image/{prompt}, /audio/{text}`,
     args: {
-        command: tool.schema.enum(['list_endpoints', 'get_endpoint', 'get_enums', 'probe_endpoint']).describe('The action to perform'),
-        endpoint_path: tool.schema.string().optional().describe('OpenAPI path (e.g. "/v1/chat/completions") or full URL for probe_endpoint'),
-        parameter_name: tool.schema.string().optional().describe('Required for get_enums (e.g. "voice", "model")'),
-        probe_method: tool.schema.enum(['GET', 'POST']).optional().describe('Required for probe_endpoint'),
-        probe_payload_json: tool.schema.string().optional().describe('JSON string of query params (GET) or body (POST) to send during probe_endpoint. e.g. "{\\"model\\":\\"fake-model\\"}" to trigger an error showing valid models.'),
+        command: tool.schema.enum(['search_schema', 'fuzz_parameter', 'probe_missing', 'list_models_registry']).describe('Action to perform'),
+        query: tool.schema.string().optional().describe('For search_schema: keyword to search (e.g. "aspectRatio", "voice", "model")'),
+        endpoint_path: tool.schema.string().optional().describe('For fuzz_parameter/probe_missing: API path (e.g. "/v1/chat/completions")'),
+        base_payload_json: tool.schema.string().optional().describe('For fuzz_parameter/probe_missing: base JSON payload (will be sabotaged by security layer)'),
+        fuzz_target: tool.schema.string().optional().describe('For fuzz_parameter: parameter name to fuzz (e.g. "model", "aspectRatio")'),
+        remove_key: tool.schema.string().optional().describe('For probe_missing: key name to remove from payload to test if required'),
+        category: tool.schema.string().optional().describe('For list_models_registry: filter by category (image/video/audio/text)'),
     },
     async execute(args, context) {
-        emitStatusToast('info', `Discovery: ${args.command}...`, '🔎 API Probe');
-        context.metadata({ title: `Probe: ${args.command}` });
+        emitStatusToast('info', `Explorer V4: ${args.command}...`, '🔎 API Explorer');
+        context.metadata({ title: `Explorer: ${args.command}` });
         try {
-            if (args.command === 'probe_endpoint') {
-                if (!args.endpoint_path || !args.probe_method) {
-                    return '❌ Error: `endpoint_path` and `probe_method` are required for command `probe_endpoint`';
+            switch (args.command) {
+                case 'search_schema': {
+                    if (!args.query)
+                        return '❌ Error: `query` is required for search_schema';
+                    return await cmdSearchSchema(args.query);
                 }
-                return await probeEndpoint(args.probe_method, args.endpoint_path, args.probe_payload_json);
-            }
-            // Whitebox commands need OpenAPI
-            const schema = await fetchOpenApiSchema();
-            if (args.command === 'list_endpoints') {
-                const paths = Object.keys(schema.paths || {});
-                return `**Available API Endpoints (OpenAPI):**\n\n\`\`\`json\n${JSON.stringify(paths, null, 2)}\n\`\`\``;
-            }
-            if (args.command === 'get_endpoint') {
-                if (!args.endpoint_path)
-                    return '❌ Error: `endpoint_path` is required';
-                const details = schema.paths[args.endpoint_path];
-                if (!details)
-                    return `❌ Endpoint '${args.endpoint_path}' not found in OpenAPI schema.`;
-                return `**Endpoint Details for \`${args.endpoint_path}\`:**\n\n\`\`\`json\n${JSON.stringify(details, null, 2)}\n\`\`\``;
-            }
-            if (args.command === 'get_enums') {
-                if (!args.parameter_name)
-                    return '❌ Error: `parameter_name` is required';
-                const results = [];
-                const findEnums = (obj, path = '') => {
-                    if (typeof obj !== 'object' || obj === null)
-                        return;
-                    if (obj.enum && Array.isArray(obj.enum) && path.includes(args.parameter_name)) {
-                        results.push({
-                            path: path,
-                            enum: obj.enum,
-                            description: obj.description
-                        });
-                    }
-                    for (const [key, value] of Object.entries(obj)) {
-                        findEnums(value, path ? `${path}.${key}` : key);
-                    }
-                };
-                findEnums(schema.components?.schemas, 'components.schemas');
-                findEnums(schema.paths, 'paths');
-                if (results.length === 0) {
-                    return `ℹ️ No enums found matching parameter '${args.parameter_name}' in OpenAPI. You should use 'probe_endpoint' to test it manually!`;
+                case 'fuzz_parameter': {
+                    if (!args.endpoint_path)
+                        return '❌ Error: `endpoint_path` is required for fuzz_parameter';
+                    if (!args.base_payload_json)
+                        return '❌ Error: `base_payload_json` is required for fuzz_parameter';
+                    if (!args.fuzz_target)
+                        return '❌ Error: `fuzz_target` is required for fuzz_parameter';
+                    return await cmdFuzzParameter(args.endpoint_path, args.base_payload_json, args.fuzz_target);
                 }
-                let output = `**Discovered Enums for '${args.parameter_name}':**\n\n`;
-                results.forEach(res => {
-                    output += `- **Found at**: \`${res.path}\`\n`;
-                    if (res.description)
-                        output += `  - **Desc**: ${res.description}\n`;
-                    output += `  - **Values**: ${res.enum.join(', ')}\n\n`;
-                });
-                return output;
+                case 'probe_missing': {
+                    if (!args.endpoint_path)
+                        return '❌ Error: `endpoint_path` is required for probe_missing';
+                    if (!args.base_payload_json)
+                        return '❌ Error: `base_payload_json` is required for probe_missing';
+                    if (!args.remove_key)
+                        return '❌ Error: `remove_key` is required for probe_missing';
+                    return await cmdProbeMissing(args.endpoint_path, args.base_payload_json, args.remove_key);
+                }
+                case 'list_models_registry': {
+                    return cmdListModelsRegistry(args.category);
+                }
+                default:
+                    return '❌ Unknown command';
             }
-            return '❌ Unknown command';
         }
         catch (err) {
-            emitStatusToast('error', `Discovery failed: ${err.message}`, '🔎 API Probe');
+            emitStatusToast('error', `Explorer failed: ${err.message}`, '🔎 API Explorer');
             return `❌ Critical Error: ${err.message}`;
         }
     }

package/dist/tools/pollinations/gen_video.js

@@ -15,7 +15,7 @@
 import { tool } from '@opencode-ai/plugin/tool';
 import * as fs from 'fs';
 import * as path from 'path';
-import { getApiKey, httpsGet, ensureDir, generateFilename, getDefaultOutputDir, formatCost, formatFileSize, estimateVideoCost, extractCostFromHeaders, isCostEstimatorEnabled, supportsI2V, requiresI2V, validateAspectRatio, getDurationRange, getVideoModels, fetchEnterBalance, sanitizeFilename, validateHttpUrl, } from './shared.js';
+import { getApiKey, httpsGet, ensureDir, generateFilename, getDefaultOutputDir, formatCost, formatFileSize, estimateVideoCost, extractCostFromHeaders, isCostEstimatorEnabled, supportsI2V, requiresI2V, getDurationRange, getVideoModels, fetchEnterBalance, sanitizeFilename, validateHttpUrl, } from './shared.js';
 import { loadConfig } from '../../server/config.js';
 import { checkCostControl, isTokenBased } from './cost-guard.js';
 import { emitStatusToast } from '../../server/toast.js';
@@ -58,7 +58,7 @@ export const polliGenVideoTool = tool({
             return t('tools.polli_gen_video.invalid_duration', { model, duration, min: minDuration, max: maxDuration });
         }
         // Validate aspect ratio (for known models; beta models accept any)
-        if (!isBetaModel && !validateAspectRatio(model, aspectRatio)) {
+        if (!isBetaModel && !modelConfig.aspectRatios.includes(aspectRatio)) {
             return t('tools.polli_gen_video.invalid_aspect', { model, aspect: aspectRatio, supported: modelConfig.aspectRatios.join(', ') });
         }
         // Check I2V requirements & validation

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "opencode-pollinations-plugin",
     "displayName": "Pollinations",
-    "version": "6.2.5",
+    "version": "6.2.7-1",
     "description": "Native Pollinations.ai Provider Plugin for OpenCode",
     "publisher": "pollinations",
     "repository": {
@@ -61,4 +61,4 @@
         "@types/qrcode": "^1.5.6",
         "typescript": "^5.0.0"
     }
-}
+}