scripter-x 1.0.33 → 1.0.35

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scripter-x",
-  "version": "1.0.33",
+  "version": "1.0.35",
   "description": "ScripterX — local Flipkart session extractor (runs on your residential IP, syncs to marthunt)",
   "type": "module",
   "bin": {

package/src/commands.js

@@ -653,17 +653,32 @@ async function bigbasketAuto(io, args = {}) {
   const { RunController } = await import('./controller.js');
   const controller = new RunController({ name, provider: `tempotp-bigbasket`, requested: count });
 
-  // INCREMENTAL SAVE: append every extracted session to one JSONL the instant it lands.
+  // Optionally check My Orders per account → split NEW (0 orders) vs OLD (≥1 order).
+  const checkOrders = args.checkOrders != null ? args.checkOrders
+    : await io.confirm('check My Orders + split into new / old account files?', true);
+
+  // INCREMENTAL SAVE to a single .json array — rewritten on every success so a mid-run
+  // stop / crash never loses an account, and there's exactly ONE file (no .jsonl).
+  // With --check-orders, successes are also written to per-bucket new/old files.
   const baseDir = bigbasketBaseDir(args);
   const stamp = new Date().toISOString().replace(/[:.]/g, '-');
-  const liveFile = join(baseDir, `${name}-${stamp}.jsonl`);
+  const mainFile = join(baseDir, `${name}-${stamp}.json`);
+  const newFile = join(baseDir, `${name}-${stamp}-new.json`);
+  const oldFile = join(baseDir, `${name}-${stamp}-old.json`);
+  const collected = [];
   const onResult = (res) => {
     if (res.status !== 'success' || !res.session) return;
     mkdirSync(baseDir, { recursive: true });
-    appendFileSync(liveFile, JSON.stringify(res.session) + '\n');
+    collected.push(res.session);
+    writeFileSync(mainFile, JSON.stringify(collected, null, 2) + '\n');
+    if (checkOrders) {
+      const dest = res.session.is_new ? newFile : oldFile;
+      const bucket = collected.filter((s) => (s.is_new === true) === (res.session.is_new === true));
+      writeFileSync(dest, JSON.stringify(bucket, null, 2) + '\n');
+    }
   };
 
-  const worker = new BigBasketWorker(provider, { requested: count, concurrency, onEvent: controller.handleEvent, onResult });
+  const worker = new BigBasketWorker(provider, { requested: count, concurrency, checkOrders, onEvent: controller.handleEvent, onResult });
   controller.stop = () => worker.stop();
 
   const results = [];
@@ -690,15 +705,16 @@ async function bigbasketAuto(io, args = {}) {
 
   io.print(`  ✓ done — ${worker.stats.succeeded} succeeded · ${worker.stats.failed} failed · ${worker.stats.cancelled} cancelled · ₹${worker.stats.charges} spent`);
 
-  // Also write a combined pretty JSON array of all successes for convenience.
   const succeeded = results.filter((r) => r.status === 'success' && r.session).map((r) => r.session);
   if (succeeded.length) {
-    mkdirSync(baseDir, { recursive: true });
-    const combined = join(baseDir, `${name}-${stamp}.json`);
-    writeFileSync(combined, JSON.stringify(succeeded, null, 2) + '\n');
     io.print(`  ✓ saved ${succeeded.length} session(s):`);
-    io.print(`     ${combined}`, 'accent');
-    io.print(`     (live JSONL: ${liveFile})`, 'accent');
+    io.print(`     ${mainFile}`, 'accent');
+    if (checkOrders) {
+      const nNew = succeeded.filter((s) => s.is_new).length;
+      const nOld = succeeded.length - nNew;
+      io.print(`     ${nNew} new → ${newFile}`, 'accent');
+      io.print(`     ${nOld} old → ${oldFile}`, 'accent');
+    }
   } else {
     io.print('  ◉ no sessions extracted — nothing to save.');
   }

package/src/index.js

@@ -124,6 +124,7 @@ async function main() {
     target: flags.target, // run: 'flipkart' | 'zepto'
     number: flags.number, otp: flags.otp, cert: flags.cert, // zepto: local OTP login → ZAUTH1 envelope
     service: flags.service, // bigbasket auto: TempOTP service id (1819/1874/1919/2259)
+    checkOrders: flags['check-orders'] === true ? true : (flags['check-orders'] === false ? false : null), // bigbasket: split new/old by My Orders
     auto: flags.auto, manual: flags.manual,
     checkCoupon: flags['check-coupon'] === true ? true : (flags['check-coupon'] === false ? false : null),
     campaign: flags._[0], out: flags.out, action: flags._[0], value: flags._[1],

package/src/providers/bigbasket.js

@@ -212,6 +212,28 @@ export async function verifyOtp(session, otp) {
   return { ok: false, status: r.status, code, error };
 }
 
+// Fetch the account's order count to classify NEW (0 orders) vs OLD (≥1).
+// Primary signal is member/details.active_order_count (confirmed 200 on the native API).
+// NOTE: active_order_count counts in-progress orders; a returning customer with only
+// delivered orders can read 0 here. For freshly-extracted accounts the strongest signal is
+// the verify-time is_signup flag (a brand-new account == NEW); this call refines it. Returns
+// { count, isNew, name, email } and never throws.
+export async function getOrderCount(session) {
+  try {
+    if (session.token) session.jar.BBAUTHTOKEN = session.token;
+    await throttle.wait();
+    const r = await req(session, 'GET', '/ui-svc/v1/member/details');
+    const md = r.json?.member_details || {};
+    const count = Number(md.active_order_count ?? 0);
+    // hasOrdered: any past order at all. active_order_count>0 is a definite yes; otherwise
+    // fall back to the signup flag (a freshly-created account has never ordered).
+    const hasOrdered = count > 0 || (session.isSignup === false && !!md.email);
+    return { ok: r.status === 200, count, isNew: !hasOrdered, name: md.first_name || '', email: md.email || '' };
+  } catch {
+    return { ok: false, count: 0, isNew: session.isSignup !== false, name: '', email: '' };
+  }
+}
+
 // Step 3 (new users only) — set the name to activate the freshly-created account.
 // POST /member-tdl/v3/member/profile/ with the BBAUTHTOKEN we just got. Returns true on
 // success. Never throws — a name-set failure shouldn't discard the token.

package/src/update.js

@@ -6,6 +6,7 @@
 import { execFile, spawn } from 'node:child_process';
 import { promisify } from 'node:util';
 import process from 'node:process';
+import { dirname, join } from 'node:path';
 import * as config from './config.js';
 
 const execFileP = promisify(execFile);
@@ -39,53 +40,126 @@ export async function checkForUpdate(current) {
 }
 
 // Run the global update. Returns { ok, output }.
+//
+// Robustness: a bare execFile('npm', …) frequently fails with "Command failed" because the
+// spawned process doesn't inherit the user's interactive PATH (npm/node installed via nvm,
+// homebrew, fnm, etc. live in dirs the login shell adds but a non-login spawn doesn't). We
+// run through the user's shell so `npm` resolves the same way it does in their terminal, and
+// fall back across a couple of resolutions. On failure we return the REAL stderr so the user
+// sees why (EACCES, ENOTFOUND, etc.) instead of a generic "Command failed".
 export async function runUpdate() {
-  try {
-    const { stdout, stderr } = await execFileP('npm', ['install', '-g', `${PKG}@latest`], { timeout: 120000 });
-    return { ok: true, output: (stdout + stderr).trim() };
-  } catch (e) {
-    return { ok: false, output: e.message };
+  const args = ['install', '-g', `${PKG}@latest`];
+  // 1) try a login+interactive shell so PATH matches the user's terminal exactly.
+  const shell = process.env.SHELL || '/bin/sh';
+  const attempts = [
+    () => execFileP(shell, ['-lic', `npm ${args.join(' ')}`], { timeout: 180000 }),
+    () => execFileP('npm', args, { timeout: 180000 }),                 // npm already on PATH
+    () => execFileP(process.execPath, [npmCliPath(), ...args], { timeout: 180000 }), // node + npm-cli.js
+  ];
+  let lastErr = '';
+  for (const run of attempts) {
+    try {
+      const { stdout, stderr } = await run();
+      return { ok: true, output: (stdout + stderr).trim() };
+    } catch (e) {
+      lastErr = (e.stderr || e.stdout || e.message || '').toString().trim();
+      // permission error → tell the user to use sudo (don't auto-sudo; that needs a TTY prompt)
+      if (/EACCES|permission denied/i.test(lastErr)) {
+        return { ok: false, output: `permission denied — run:  sudo npm install -g ${PKG}@latest` };
+      }
+    }
   }
+  return { ok: false, output: lastErr || 'could not run npm' };
+}
+
+// Best-effort path to npm's CLI entry (npm-cli.js) next to the running node binary, so we can
+// invoke it directly when `npm` isn't resolvable as a command.
+function npmCliPath() {
+  // node lives in <prefix>/bin/node; npm-cli.js is at <prefix>/lib/node_modules/npm/bin/npm-cli.js
+  const dir = dirname(process.execPath);
+  return join(dir, '..', 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js');
+}
+
+// Hard-reset the terminal so the freshly-spawned child inherits a CLEAN, cooked TTY.
+//
+// THE BUG this fixes: after the old ink app unmounts, the terminal could still be left in
+// raw mode WITH SGR mouse tracking enabled (`\x1b[?1000h…`). When the restarted process
+// took over that same TTY, every keypress/click emitted raw escape/coordinate codes that
+// got echoed as garbage ("random shit on every keypress") until the user killed + relaunched
+// manually. ink's alt-screen restore only ran on `process.on('exit')` AND the old + new
+// processes briefly shared the TTY, so the disable sequences raced the child's re-enable.
+//
+// Fix: synchronously (1) disable ALL mouse modes + restore the screen, (2) take stdin out of
+// raw mode, pause it, and drop every listener — BEFORE the child is spawned — so there is no
+// window where mouse reporting or a stray raw-mode listener can corrupt the child's input.
+function resetTerminal() {
+  try {
+    if (process.stdout.isTTY) {
+      // disable button/motion/SGR mouse modes (the source of the coordinate-code garbage)
+      process.stdout.write('\x1b[?1000l\x1b[?1003l\x1b[?1006l');
+      process.stdout.write('\x1b[?25h');     // show cursor
+      process.stdout.write('\x1b[?1049l');   // leave alt-screen → normal buffer
+    }
+  } catch { /* */ }
+  try {
+    if (process.stdin.isTTY && typeof process.stdin.setRawMode === 'function') {
+      process.stdin.setRawMode(false); // back to cooked/canonical mode
+    }
+    // drop every data/keypress listener the old ink app (or our mouse hook) attached, then
+    // pause so nothing in THIS process consumes input meant for the child.
+    process.stdin.removeAllListeners('data');
+    process.stdin.removeAllListeners('keypress');
+    process.stdin.pause();
+  } catch { /* */ }
 }
 
 // Re-exec the CLI so the just-installed version takes over. Spawns a fresh, DETACHED
 // process that inherits this terminal, then exits the current one. The caller MUST have
-// already torn down the ink/alt-screen UI (so the terminal is restored) before calling
-// this — otherwise the child renders over a dirty screen.
+// already torn down the ink/alt-screen UI before calling this.
 //
 // We re-run the CURRENT entry file with node (`process.argv[1]`): after `npm install -g`,
 // the global bin symlink points at the new version, so this loads the updated code. If
 // that entry path is somehow missing, we fall back to the `scripterx` bin on PATH.
 //
+// ORDERING is what makes the restart clean: we resetTerminal() FIRST (cooked TTY, mouse off,
+// stdin drained), THEN spawn the child, THEN exit immediately on the next tick. The child
+// only sets up raw mode / mouse tracking after it boots — by which point the parent is gone,
+// so the two never fight over the TTY. No more leaked keystrokes.
+//
 // NOTE: on success it exits the process and never returns. Returns false only if BOTH
 // spawn attempts throw synchronously, so the caller can show "restart manually".
-export function restartCli({ binName = 'scripterx', delayMs = 150 } = {}) {
+export function restartCli({ binName = 'scripterx' } = {}) {
   // Re-run with the SAME args the user launched with (drop node + the script path), so
   // `scripterx` → interactive shell, `scripterx zepto` → zepto, etc.
   const argv = process.argv.slice(2);
   const entry = process.argv[1];
 
+  // Clean the terminal BEFORE spawning so the child never inherits raw mode / mouse mode.
+  resetTerminal();
+
   const trySpawn = (cmd, args) => {
     const child = spawn(cmd, args, { stdio: 'inherit', detached: true, shell: false });
     child.unref();
     return child;
   };
 
+  const exitSoon = () => {
+    // Exit on the next tick (not after a long timer) so we don't linger on the TTY. The
+    // detached child has already inherited the (now clean) fds and takes over.
+    setImmediate(() => process.exit(0));
+  };
+
   try {
     const primary = trySpawn(process.execPath, [entry, ...argv]);
-    // If the entry re-exec fails to even start, fall back to the named bin on PATH.
     primary.on('error', () => {
       try { trySpawn(binName, argv); } catch { /* nothing more we can do */ }
     });
-    // Exit the old process; its `process.on('exit', restore)` cleans the terminal and the
-    // detached child takes over the same TTY running the new version.
-    setTimeout(() => process.exit(0), delayMs);
+    exitSoon();
     return true;
   } catch {
-    // process.execPath spawn threw synchronously — try the named bin directly.
     try {
       trySpawn(binName, argv);
-      setTimeout(() => process.exit(0), delayMs);
+      exitSoon();
       return true;
     } catch {
       return false;

package/src/worker.js

@@ -773,11 +773,12 @@ export class ZeptoWorker {
 // rentOnce/startOtp(poll)/cancel. Local-first: emits res.session for incremental save;
 // server push is layered on top by the caller (onResult) when a backend is configured.
 export class BigBasketWorker {
-  constructor(provider, { requested, concurrency, deadlineMs, onEvent, onResult }) {
+  constructor(provider, { requested, concurrency, deadlineMs, checkOrders, onEvent, onResult }) {
     this.provider = provider;
     this.requested = requested;
     this.concurrency = Math.max(1, Math.min(concurrency, requested));
     this.deadlineMs = deadlineMs || (provider?.name === 'tempotp' ? TEMPOTP_DEADLINE : OTPCART_DEADLINE);
+    this.checkOrders = !!checkOrders; // classify NEW (0 orders) vs OLD (≥1) per account
     this.onEvent = onEvent || (() => {});
     this.onResult = onResult || null;
     if (provider && 'onNotice' in provider) provider.onNotice = (msg) => this.onEvent('warn', `⚠ ${msg}`);
@@ -951,9 +952,20 @@ export class BigBasketWorker {
       res.cost = number.cost;
       res.session = bigbasket.toSessionKeys(session); // { phone, bbAuthToken, mId, bbVisitorId }
       res.category = 'extracted';
+      // is_new defaults to the signup signal (brand-new account == NEW). Refine with the
+      // order check when enabled.
+      res.session.is_new = session.isSignup !== false;
+
+      if (this.checkOrders) {
+        this._emit(slot, { phase: 'minutes', detail: 'checking My Orders' });
+        const oc = await bigbasket.getOrderCount(session);
+        res.session.orderCount = oc.count;
+        res.session.is_new = oc.isNew;
+        res.category = oc.isNew ? 'fresh' : 'extracted';
+      }
 
       this._emit(slot, { phase: 'saving', detail: 'saving session' });
-      releaseOnce(true, 'extracted', true); // success: OTP consumed → no cancel
+      releaseOnce(true, res.session.is_new ? 'new account' : 'old account', true); // OTP consumed → no cancel
       return res;
     } catch (e) {
       return fail(`unexpected: ${e.message}`);