superacli 1.1.2 → 1.1.4

package/plugins/xurl/scripts/post-install.js

@@ -0,0 +1,66 @@
+const { addProvider, syncCatalog } = require("../../../cli/skills-catalog")
+
+const OWNER = "xdevplatform"
+const REPO = "xurl"
+const REF = "main"
+const SOURCE_REPO = `https://github.com/${OWNER}/${REPO}`
+const RAW_BASE_URL = `https://raw.githubusercontent.com/${OWNER}/${REPO}/${REF}`
+
+const CATALOG_FILES = [
+  {
+    id: "root.skill",
+    name: "xurl Agent Skill",
+    path: "SKILL.md",
+    description: "Agent-oriented guidance for safe xurl usage, shortcut commands, and raw X API access.",
+    tags: ["agents", "x", "api"]
+  },
+  {
+    id: "root.readme",
+    name: "xurl Overview",
+    path: "README.md",
+    description: "Project overview, auth model, installation, and command examples for xurl.",
+    tags: ["overview", "x", "oauth"]
+  }
+]
+
+function buildRemoteEntries() {
+  return CATALOG_FILES.map(file => ({
+    ...file,
+    source_url: `${RAW_BASE_URL}/${file.path}`
+  }))
+}
+
+function run() {
+  const entries = buildRemoteEntries()
+  addProvider({
+    name: "xurl",
+    type: "remote_static",
+    enabled: true,
+    source_repo: SOURCE_REPO,
+    ref: REF,
+    entries
+  })
+
+  const index = syncCatalog()
+  return {
+    provider: "xurl",
+    entries: entries.length,
+    synced_skills: Array.isArray(index.skills) ? index.skills.length : 0
+  }
+}
+
+if (require.main === module) {
+  try {
+    const result = run()
+    process.stdout.write(JSON.stringify(result))
+  } catch (err) {
+    process.stderr.write(err.message)
+    process.exit(1)
+  }
+}
+
+module.exports = {
+  CATALOG_FILES,
+  buildRemoteEntries,
+  run
+}

package/plugins/xurl/scripts/post-uninstall.js

@@ -0,0 +1,25 @@
+const { removeProvider, syncCatalog } = require("../../../cli/skills-catalog")
+
+function run() {
+  const removed = removeProvider("xurl")
+  const index = syncCatalog()
+  return {
+    provider: "xurl",
+    removed,
+    synced_skills: Array.isArray(index.skills) ? index.skills.length : 0
+  }
+}
+
+if (require.main === module) {
+  try {
+    const result = run()
+    process.stdout.write(JSON.stringify(result))
+  } catch (err) {
+    process.stderr.write(err.message)
+    process.exit(1)
+  }
+}
+
+module.exports = {
+  run
+}

package/server/routes/mcp.js

@@ -4,6 +4,23 @@ const { bumpVersion } = require("../services/configService")
 
 const router = Router()
 
+function sanitizeMcpPayload(payload, fallbackName) {
+  const name = typeof payload.name === "string" ? payload.name : fallbackName
+  if (!name) return null
+  const out = { name }
+  if (typeof payload.url === "string") out.url = payload.url
+  if (typeof payload.command === "string") out.command = payload.command
+  if (Array.isArray(payload.args)) out.args = payload.args.filter(v => typeof v === "string")
+  if (payload.headers && typeof payload.headers === "object" && !Array.isArray(payload.headers)) {
+    out.headers = Object.fromEntries(Object.entries(payload.headers).filter(([k, v]) => typeof k === "string" && typeof v === "string"))
+  }
+  if (payload.env && typeof payload.env === "object" && !Array.isArray(payload.env)) {
+    out.env = Object.fromEntries(Object.entries(payload.env).filter(([k, v]) => typeof k === "string" && typeof v === "string"))
+  }
+  if (typeof payload.timeout_ms === "number" && payload.timeout_ms > 0) out.timeout_ms = payload.timeout_ms
+  return out
+}
+
 async function getAllMCPs() {
   const storage = getStorage()
   const keys = await storage.listKeys("mcp:")
@@ -28,9 +45,13 @@ router.get("/", async (req, res) => {
 router.post("/", async (req, res) => {
   try {
     const storage = getStorage()
-    const { name, url } = req.body
+    const sanitized = sanitizeMcpPayload(req.body || {})
+    if (!sanitized || (!sanitized.url && !sanitized.command)) {
+      return res.status(400).json({ error: "MCP server requires name and one of: url or command" })
+    }
+    const { name } = sanitized
     const key = `mcp:${name}`
-    const doc = { _id: key, name, url, createdAt: new Date() }
+    const doc = { _id: key, ...sanitized, createdAt: new Date() }
     await storage.set(key, doc)
     await bumpVersion()
     if (req.headers["content-type"]?.includes("urlencoded")) {
@@ -47,14 +68,19 @@ router.put("/:id", async (req, res) => {
   try {
     const storage = getStorage()
     const id = decodeURIComponent(req.params.id)
-    const { name, url } = req.body
+    const currentName = id.startsWith("mcp:") ? id.slice(4) : undefined
+    const sanitized = sanitizeMcpPayload(req.body || {}, currentName)
+    if (!sanitized || (!sanitized.url && !sanitized.command)) {
+      return res.status(400).json({ error: "MCP server requires name and one of: url or command" })
+    }
+    const { name } = sanitized
     
     const newKey = `mcp:${name}`
     if (newKey !== id) {
       await storage.delete(id)
     }
 
-    const doc = { _id: newKey, name, url }
+    const doc = { _id: newKey, ...sanitized }
     await storage.set(newKey, doc)
     await bumpVersion()
     res.json({ ok: true })

package/server/services/configService.js

@@ -15,7 +15,15 @@ async function getCLIConfig() {
     ttl: 3600,
     mcp_servers: mcpServers
       .filter(Boolean)
-      .map(s => ({ name: s.name, url: s.url })),
+      .map(s => ({
+        name: s.name,
+        url: s.url,
+        command: s.command,
+        args: Array.isArray(s.args) ? s.args : undefined,
+        headers: s.headers && typeof s.headers === "object" ? s.headers : undefined,
+        env: s.env && typeof s.env === "object" ? s.env : undefined,
+        timeout_ms: typeof s.timeout_ms === "number" ? s.timeout_ms : undefined
+      })),
     specs: specs
       .filter(Boolean)
       .map(s => ({ name: s.name, url: s.url, auth: s.auth || "none" })),

package/tests/test-blogwatcher-smoke.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== blogwatcher smoke test =="
+
+if ! command -v blogwatcher >/dev/null 2>&1; then
+  echo "blogwatcher not found in PATH."
+  echo "Install it first and verify with: blogwatcher --version"
+  exit 1
+fi
+
+if ! command -v curl >/dev/null 2>&1; then
+  echo "curl not found in PATH"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+TEMP_HOME="$(mktemp -d)"
+trap 'rm -rf "${TEMP_HOME}"' EXIT
+export HOME="${TEMP_HOME}"
+
+echo "Installing/refreshing blogwatcher plugin..."
+node "${CLI}" plugins install blogwatcher --on-conflict replace --json >/dev/null
+
+echo "Checking indexed skills..."
+node "${CLI}" skills list --catalog --provider blogwatcher --json
+node "${CLI}" skills get blogwatcher:root.skill >/dev/null
+
+echo "Running wrapped version command..."
+node "${CLI}" blogwatcher cli version --json
+
+echo "Running wrapped add/list/remove flow..."
+node "${CLI}" blogwatcher blogs add --name "Example" --url "https://example.com/blog" --feed-url "https://example.com/feed.xml" --json
+node "${CLI}" blogwatcher blogs list --json
+node "${CLI}" blogwatcher blogs remove --name "Example" --json
+
+echo "Running passthrough smoke test..."
+node "${CLI}" blogwatcher --version
+
+echo "Smoke test completed."

package/tests/test-clix-smoke.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== clix smoke test =="
+
+if ! command -v clix >/dev/null 2>&1; then
+  echo "clix not found in PATH."
+  echo "Install it first and verify with: clix auth status --json"
+  exit 1
+fi
+
+if ! command -v curl >/dev/null 2>&1; then
+  echo "curl not found in PATH"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+echo "Installing/refreshing clix plugin..."
+node "${CLI}" plugins install clix --on-conflict replace --json >/dev/null
+
+echo "Checking indexed skills..."
+node "${CLI}" skills list --catalog --provider clix --json
+node "${CLI}" skills get clix:root.skill >/dev/null
+
+echo "Running safe wrapped commands..."
+node "${CLI}" clix auth status --json
+
+if [[ "${CLIX_LIVE_READONLY:-}" == "1" ]]; then
+  echo "Running optional live read-only commands..."
+  node "${CLI}" clix timeline list --count 10 --json
+  node "${CLI}" clix posts search --query "from:openai" --count 10 --json
+else
+  echo "Skipping live read-only calls; set CLIX_LIVE_READONLY=1 to enable them."
+fi
+
+echo "Smoke test completed."

package/tests/test-himalaya-smoke.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== himalaya smoke test =="
+
+if ! command -v himalaya >/dev/null 2>&1; then
+  echo "himalaya not found in PATH."
+  echo "Install it first and verify with: himalaya --version"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+echo "Installing/refreshing himalaya plugin..."
+node "${CLI}" plugins install himalaya --on-conflict replace --json >/dev/null
+
+echo "Running wrapped version command..."
+node "${CLI}" himalaya cli version --json
+
+echo "Running wrapped account list command..."
+node "${CLI}" himalaya account list --json
+
+if [[ -n "${HIMALAYA_ACCOUNT:-}" ]]; then
+  echo "Running wrapped folder list command..."
+  node "${CLI}" himalaya folder list --account "${HIMALAYA_ACCOUNT}" --json
+
+  if [[ -n "${HIMALAYA_FOLDER:-}" ]]; then
+    echo "Running wrapped envelope list command..."
+    node "${CLI}" himalaya envelope list --account "${HIMALAYA_ACCOUNT}" --folder "${HIMALAYA_FOLDER}" --page 1 --json
+  else
+    echo "Skipping envelope list test; set HIMALAYA_FOLDER to enable it."
+  fi
+else
+  echo "Skipping account-scoped tests; set HIMALAYA_ACCOUNT to enable them."
+fi
+
+echo "Running passthrough smoke test..."
+node "${CLI}" himalaya --help
+
+echo "Smoke test completed."

package/tests/test-mcp-browser-use-smoke.sh

@@ -0,0 +1,141 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+API_KEY=""
+if [[ "${1:-}" == "--api-key" ]]; then
+  API_KEY="${2:-}"
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+if ! command -v python3 >/dev/null 2>&1; then
+  echo "python3 not found in PATH"
+  exit 1
+fi
+
+TMP_HOME="$(mktemp -d)"
+cleanup() {
+  rm -rf "${TMP_HOME}"
+}
+trap cleanup EXIT
+
+echo "== MCP browser-use smoke test =="
+echo "Using isolated HOME: ${TMP_HOME}"
+
+export HOME="${TMP_HOME}"
+
+echo "[1/3] Add local stdio MCP server with server-side args/env..."
+node "${CLI}" mcp add mock-bridge \
+  --command python3 \
+  --args-json '["-c","import json, os, sys; payload=json.load(sys.stdin); out={\"argv\": sys.argv[1:], \"env\": {\"BROWSER_USE_API_KEY\": os.environ.get(\"BROWSER_USE_API_KEY\"), \"SERVER_ONLY\": os.environ.get(\"SERVER_ONLY\"), \"CMD_ONLY\": os.environ.get(\"CMD_ONLY\")}, \"payload\": payload}; print(json.dumps(out))","--server-arg"]' \
+  --env-json '{"BROWSER_USE_API_KEY":"server-key","SERVER_ONLY":"1"}' \
+  --headers-json '{"X-Server":"1"}' \
+  --json >/dev/null
+
+echo "[2/3] Inject command using named MCP server + client-side args/env..."
+python3 - "${HOME}/.supercli/config.json" <<'PY'
+import json
+import sys
+
+path = sys.argv[1]
+with open(path, "r", encoding="utf-8") as f:
+    cfg = json.load(f)
+
+cmd = {
+    "_id": "command:ai.browser.probe",
+    "namespace": "ai",
+    "resource": "browser",
+    "action": "probe",
+    "description": "Smoke: MCP merge wiring",
+    "adapter": "mcp",
+    "adapterConfig": {
+        "server": "mock-bridge",
+        "tool": "probe",
+        "args": ["--cmd-arg"],
+        "env": {
+            "BROWSER_USE_API_KEY": "cmd-key",
+            "CMD_ONLY": "1"
+        },
+        "headers": {
+            "X-Cmd": "1"
+        }
+    },
+    "args": []
+}
+
+commands = cfg.get("commands") or []
+found = False
+for i, existing in enumerate(commands):
+    if (
+        isinstance(existing, dict)
+        and existing.get("namespace") == "ai"
+        and existing.get("resource") == "browser"
+        and existing.get("action") == "probe"
+    ):
+        commands[i] = cmd
+        found = True
+        break
+
+if not found:
+    commands.append(cmd)
+
+cfg["commands"] = commands
+with open(path, "w", encoding="utf-8") as f:
+    json.dump(cfg, f, indent=2)
+PY
+
+echo "[3/3] Execute command and assert merged args/env reached process..."
+RESULT="$(node "${CLI}" ai browser probe --json)"
+python3 - "${RESULT}" <<'PY'
+import json
+import sys
+
+envelope = json.loads(sys.argv[1])
+data = envelope.get("data") or {}
+argv = data.get("argv") or []
+env = data.get("env") or {}
+payload = data.get("payload") or {}
+
+assert "--server-arg" in argv, "missing server-side arg"
+assert "--cmd-arg" in argv, "missing client-side arg"
+assert env.get("SERVER_ONLY") == "1", "missing server env"
+assert env.get("CMD_ONLY") == "1", "missing client env"
+assert env.get("BROWSER_USE_API_KEY") == "cmd-key", "client env should override server env"
+assert payload.get("tool") == "probe", "tool mismatch"
+print("Merged stdio args/env execution checks passed.")
+PY
+
+if [[ -n "${API_KEY}" ]]; then
+  echo "Optional browser-use config check with provided API key..."
+  node "${CLI}" mcp add browser-use \
+    --command npx \
+    --args-json "[\"mcp-remote\",\"https://api.browser-use.com/mcp\",\"--header\",\"X-Browser-Use-API-Key: ${API_KEY}\"]" \
+    --env-json "{\"BROWSER_USE_API_KEY\":\"${API_KEY}\"}" \
+    --json >/dev/null
+
+  LIST_JSON="$(node "${CLI}" mcp list --json)"
+  python3 - "${LIST_JSON}" <<'PY'
+import json
+import sys
+
+rows = (json.loads(sys.argv[1]) or {}).get("mcp_servers") or []
+browser = next((r for r in rows if isinstance(r, dict) and r.get("name") == "browser-use"), None)
+assert browser is not None, "browser-use server not found"
+assert browser.get("command") == "npx", "browser-use command mismatch"
+args = browser.get("args") or []
+assert len(args) >= 2 and args[0] == "mcp-remote", "browser-use args missing mcp-remote"
+assert args[1] == "https://api.browser-use.com/mcp", "browser-use URL mismatch"
+print("browser-use registration checks passed.")
+PY
+else
+  echo "Skipping browser-use API-key registration check (pass --api-key <key> to enable)."
+fi
+
+echo "Smoke test completed."

package/tests/test-mongosh-smoke.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== mongosh smoke test =="
+
+if ! command -v mongosh >/dev/null 2>&1; then
+  echo "mongosh not found in PATH."
+  echo "Install it first and verify with: mongosh --version"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+echo "Installing/refreshing mongosh plugin..."
+node "${CLI}" plugins install mongosh --on-conflict replace --json >/dev/null
+
+echo "Running wrapped version command..."
+node "${CLI}" mongosh cli version --json
+
+if [[ -n "${MONGOSH_HOST:-}" ]]; then
+  echo "Running wrapped server ping command..."
+  node "${CLI}" mongosh server ping --host "${MONGOSH_HOST}" --json
+elif [[ -n "${MONGODB_URI:-}" ]]; then
+  echo "Running passthrough ping command with MONGODB_URI..."
+  node "${CLI}" mongosh "${MONGODB_URI}" --quiet --json=relaxed --eval "db.adminCommand({ ping: 1 })" --json
+else
+  echo "Skipping live ping test; set MONGOSH_HOST or MONGODB_URI to enable it."
+fi
+
+echo "Running passthrough smoke test..."
+node "${CLI}" mongosh --help
+
+echo "Smoke test completed."

package/tests/test-mysql-smoke.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== mysql smoke test =="
+
+if ! command -v mysql >/dev/null 2>&1; then
+  echo "mysql not found in PATH."
+  echo "Install it first and verify with: mysql --version"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+echo "Installing/refreshing mysql plugin..."
+node "${CLI}" plugins install mysql --on-conflict replace --json >/dev/null
+
+echo "Running wrapped version command..."
+node "${CLI}" mysql cli version --json
+
+if [[ -n "${MYSQL_HOST:-}" && -n "${MYSQL_USER:-}" && -n "${MYSQL_DATABASE:-}" ]]; then
+  echo "Running wrapped query command..."
+  node "${CLI}" mysql query execute --execute "select 1" --host "${MYSQL_HOST}" --user "${MYSQL_USER}" --database "${MYSQL_DATABASE}" --json
+else
+  echo "Skipping live query test; set MYSQL_HOST, MYSQL_USER, and MYSQL_DATABASE to enable it."
+fi
+
+echo "Running passthrough smoke test..."
+node "${CLI}" mysql --help
+
+echo "Smoke test completed."

package/tests/test-plugins-registry.js

@@ -178,6 +178,41 @@ assert(nextestExplore.ok, "nextest explore should succeed")
 const nextestExploreData = JSON.parse(nextestExplore.output)
 assert(nextestExploreData.plugins.some(p => p.name === "nextest"), "explore filters should find nextest")
 
+const mysqlExplore = runNoServer("plugins explore --name mysql --tags sql --json")
+assert(mysqlExplore.ok, "mysql explore should succeed")
+const mysqlExploreData = JSON.parse(mysqlExplore.output)
+assert(mysqlExploreData.plugins.some(p => p.name === "mysql"), "explore filters should find mysql")
+
+const mongoshExplore = runNoServer("plugins explore --name mongosh --tags mongodb --json")
+assert(mongoshExplore.ok, "mongosh explore should succeed")
+const mongoshExploreData = JSON.parse(mongoshExplore.output)
+assert(mongoshExploreData.plugins.some(p => p.name === "mongosh"), "explore filters should find mongosh")
+
+const blogwatcherExplore = runNoServer("plugins explore --name blogwatcher --tags rss --json")
+assert(blogwatcherExplore.ok, "blogwatcher explore should succeed")
+const blogwatcherExploreData = JSON.parse(blogwatcherExplore.output)
+assert(blogwatcherExploreData.plugins.some(p => p.name === "blogwatcher"), "explore filters should find blogwatcher")
+
+const himalayaExplore = runNoServer("plugins explore --name himalaya --tags email --json")
+assert(himalayaExplore.ok, "himalaya explore should succeed")
+const himalayaExploreData = JSON.parse(himalayaExplore.output)
+assert(himalayaExploreData.plugins.some(p => p.name === "himalaya"), "explore filters should find himalaya")
+
+const wacliExplore = runNoServer("plugins explore --name wacli --tags whatsapp --json")
+assert(wacliExplore.ok, "wacli explore should succeed")
+const wacliExploreData = JSON.parse(wacliExplore.output)
+assert(wacliExploreData.plugins.some(p => p.name === "wacli"), "explore filters should find wacli")
+
+const xurlExplore = runNoServer("plugins explore --name xurl --tags twitter --json")
+assert(xurlExplore.ok, "xurl explore should succeed")
+const xurlExploreData = JSON.parse(xurlExplore.output)
+assert(xurlExploreData.plugins.some(p => p.name === "xurl"), "explore filters should find xurl")
+
+const clixExplore = runNoServer("plugins explore --name clix --tags agents --json")
+assert(clixExplore.ok, "clix explore should succeed")
+const clixExploreData = JSON.parse(clixExplore.output)
+assert(clixExploreData.plugins.some(p => p.name === "clix"), "explore filters should find clix")
+
 const clineExplore = runNoServer("plugins explore --name cline --tags streaming --json")
 assert(clineExplore.ok, "cline explore should succeed")
 const clineExploreData = JSON.parse(clineExplore.output)

package/tests/test-wacli-smoke.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== wacli smoke test =="
+
+if ! command -v wacli >/dev/null 2>&1; then
+  echo "wacli not found in PATH."
+  echo "Install it first and verify with: wacli --version"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+echo "Installing/refreshing wacli plugin..."
+node "${CLI}" plugins install wacli --on-conflict replace --json >/dev/null
+
+echo "Running wrapped version command..."
+node "${CLI}" wacli cli version --json
+
+TEMP_STORE="$(mktemp -d)"
+trap 'rm -rf "${TEMP_STORE}"' EXIT
+
+echo "Running safe diagnostics..."
+node "${CLI}" wacli doctor run --store "${TEMP_STORE}" --json
+node "${CLI}" wacli auth status --store "${TEMP_STORE}" --json
+
+if [[ -n "${WACLI_STORE:-}" ]]; then
+  echo "Running read-only store-backed commands..."
+  node "${CLI}" wacli chats list --store "${WACLI_STORE}" --json
+  if [[ -n "${WACLI_CHAT_JID:-}" ]]; then
+    node "${CLI}" wacli messages list --store "${WACLI_STORE}" --chat "${WACLI_CHAT_JID}" --limit 10 --json
+  else
+    echo "Skipping messages list test; set WACLI_CHAT_JID to enable it."
+  fi
+else
+  echo "Skipping store-backed chat/message tests; set WACLI_STORE to enable them."
+fi
+
+echo "Smoke test completed."

package/tests/test-xurl-smoke.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CLI="${ROOT_DIR}/cli/supercli.js"
+
+echo "== xurl smoke test =="
+
+if ! command -v xurl >/dev/null 2>&1; then
+  echo "xurl not found in PATH."
+  echo "Install it first and verify with: xurl version"
+  exit 1
+fi
+
+if ! command -v curl >/dev/null 2>&1; then
+  echo "curl not found in PATH"
+  exit 1
+fi
+
+if ! command -v node >/dev/null 2>&1; then
+  echo "Node.js not found in PATH"
+  exit 1
+fi
+
+echo "Installing/refreshing xurl plugin..."
+node "${CLI}" plugins install xurl --on-conflict replace --json >/dev/null
+
+echo "Checking indexed skills..."
+node "${CLI}" skills list --catalog --provider xurl --json
+node "${CLI}" skills get xurl:root.skill >/dev/null
+
+echo "Running safe wrapped commands..."
+node "${CLI}" xurl cli version --json
+node "${CLI}" xurl auth status --json
+node "${CLI}" xurl apps list --json
+
+if [[ "${XURL_LIVE_READONLY:-}" == "1" ]]; then
+  echo "Running optional live read-only commands..."
+  node "${CLI}" xurl account whoami --json
+  node "${CLI}" xurl posts search --query "from:XDevelopers" --max-results 5 --json
+else
+  echo "Skipping live read-only calls; set XURL_LIVE_READONLY=1 to enable them."
+fi
+
+echo "Smoke test completed."