OpenCLI

v1.7.19 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 21d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agent ai-agents ai-tools cli

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 13d

OpenCLI v1.7.19 patches a session lease key backdoor in the extension and removes the OPENCLI_KEEP_TAB environment variable. Breaking changes replace the browser --session flag with a positional argument, while new Reddit, Ctrip, and Zhihu commands, plus 24 adapter bugfixes, improve overall stability.

Why it matters: Patch session backdoor immediately if extension deployed; OPENCLI_KEEP_TAB users must reconfigure before upgrading. Browser --session flag replaced—update automation scripts. 24 adapter bugfixes (Twitter, Google Search, Xiaohongshu) improve stability; test in dev before rollout.

Summary

AI summary

Removed OPENCLI_KEEP_TAB and extension session backdoor, added Reddit whoami, home, subreddit-info commands.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Session lease key backdoor removed from extension Session lease key backdoor removed from extension Source: llm_adapter@2026-05-21 Confidence: low	—
Breaking	Medium	Browser --session flag replaced with <sessionname> positional argument Browser --session flag replaced with <sessionname> positional argument Source: llm_adapter@2026-05-21 Confidence: low	—
Breaking	Medium	OPENCLI_KEEP_TAB environment variable removed OPENCLI_KEEP_TAB environment variable removed Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Ctrip adds hotel-search and flight browser-mode commands Ctrip adds hotel-search and flight browser-mode commands Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Reddit adds whoami, home, subreddit-info read commands Reddit adds whoami, home, subreddit-info read commands Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Browser adds function form for page.evaluate Browser adds function form for page.evaluate Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Reddit read adds --expand-more via /api/morechildren with typed errors Reddit read adds --expand-more via /api/morechildren with typed errors Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Zhihu question answers and recommendations now paginated Zhihu question answers and recommendations now paginated Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Zhihu adds answer-detail command to fetch single answer content Zhihu adds answer-detail command to fetch single answer content Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Twitter tweets default to logged-in user instead of public Twitter tweets default to logged-in user instead of public Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Medium	Node v20+ support added by dropping util.styleText usage Node v20+ support added by dropping util.styleText usage Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Twitter list-add, list-tweets, lists, following repaired after May 2026 Twitter list-add, list-tweets, lists, following repaired after May 2026 Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Google search evaluate return wrapped to fix Array.isArray check Google search evaluate return wrapped to fix Array.isArray check Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Twitter reply submission made robust Twitter reply submission made robust Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Twitter search and tweets readback repaired Twitter search and tweets readback repaired Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Xueqiu dates formatted in Asia/Shanghai instead of UTC Xueqiu dates formatted in Asia/Shanghai instead of UTC Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Xiaohongshu+rednote search falls back to href-based note cards Xiaohongshu+rednote search falls back to href-based note cards Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Xiaohongshu parseLikes now handles 2.1w, 1.5万, 1.2k shortforms Xiaohongshu parseLikes now handles 2.1w, 1.5万, 1.2k shortforms Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Google-Scholar search evaluate return wrapped for serialization Google-Scholar search evaluate return wrapped for serialization Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Twitter cursor pagination guard raised Twitter cursor pagination guard raised Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Twitter sibling envelope-unwrap silent bug fixed Twitter sibling envelope-unwrap silent bug fixed Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Xiaohongshu+rednote scrolls until enough rows for --limit > 13 Xiaohongshu+rednote scrolls until enough rows for --limit > 13 Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Browser extension session injection removed from exec results Browser extension session injection removed from exec results Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Download progress percentages clamped Download progress percentages clamped Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

What's Changed

fix(xiaohongshu+rednote): scroll until enough rows for --limit > 13 (#1471) by @jackwener in https://github.com/jackwener/OpenCLI/pull/1487
docs(skill/adapter-author): aria-label / placeholder / title are locale-dependent (#1474) by @jackwener in https://github.com/jackwener/OpenCLI/pull/1488
feat(ctrip): add hotel-search + flight browser-mode commands (#1481) by @jackwener in https://github.com/jackwener/OpenCLI/pull/1489
chore(scripts): auto-refresh dist/ before build-manifest by @jackwener in https://github.com/jackwener/OpenCLI/pull/1490
feat(reddit): add whoami, home, subreddit-info read commands by @jackwener in https://github.com/jackwener/OpenCLI/pull/1491
refactor(browser): replace --session flag with positional by @jackwener in https://github.com/jackwener/OpenCLI/pull/1505
feat(browser): add function form page.evaluate by @jackwener in https://github.com/jackwener/OpenCLI/pull/1508
refactor(env): remove OPENCLI_KEEP_TAB by @jackwener in https://github.com/jackwener/OpenCLI/pull/1509
refactor(extension): remove lease key session backdoor by @jackwener in https://github.com/jackwener/OpenCLI/pull/1510
fix(xueqiu/kline,earnings-date): format dates in Asia/Shanghai instead of UTC by @Benjamin-eecs in https://github.com/jackwener/OpenCLI/pull/1498
fix(browser): drop session injection from extension exec results by @hansnow in https://github.com/jackwener/OpenCLI/pull/1518
ci(e2e): drop e2e-headed from pull_request trigger by @jackwener in https://github.com/jackwener/OpenCLI/pull/1521
ci(adapter-test): gate off pull_request by @jackwener in https://github.com/jackwener/OpenCLI/pull/1522
fix(google/search): wrap evaluate return to fix Array.isArray check by @lyingflatDDD in https://github.com/jackwener/OpenCLI/pull/1523
fix(twitter): make reply submission robust by @darthjaja6 in https://github.com/jackwener/OpenCLI/pull/1511
fix(twitter): repair search and tweets readback by @darthjaja6 in https://github.com/jackwener/OpenCLI/pull/1512
feat(reddit/read): --expand-more via /api/morechildren + 7-kind typed errors by @jackwener in https://github.com/jackwener/OpenCLI/pull/1492
fix: clamp download progress percentages by @hiSandog in https://github.com/jackwener/OpenCLI/pull/1520
fix(xiaohongshu+rednote/search): fall back to href-based note cards when section.note-item class is dropped by @Benjamin-eecs in https://github.com/jackwener/OpenCLI/pull/1507
feat(zhihu): paginate question answers and recommendations by @lenovobenben in https://github.com/jackwener/OpenCLI/pull/1517
chore: drop util.styleText to support Node v20+ by @jackwener in https://github.com/jackwener/OpenCLI/pull/1524
fix(xiaohongshu): parseLikes should handle 2.1w / 1.5万 / 1.2k shortforms by @John15Wil in https://github.com/jackwener/OpenCLI/pull/1504
fix(google-scholar/search): wrap evaluate return to fix serialization by @lyingflatDDD in https://github.com/jackwener/OpenCLI/pull/1525
feat(zhihu): add answer-detail to fetch a single answer's full content by @jackwener in https://github.com/jackwener/OpenCLI/pull/1528
fix(twitter): raise cursor pagination guard by @jackwener in https://github.com/jackwener/OpenCLI/pull/1532
fix(twitter): repair list-add / list-tweets / lists / following after 2026-05 changes by @ppop123 in https://github.com/jackwener/OpenCLI/pull/1503
feat(twitter): default tweets to logged-in user + fix sibling envelope-unwrap silent bug by @jackwener in https://github.com/jackwener/OpenCLI/pull/1531
chore(release): 1.7.19 by @jackwener in https://github.com/jackwener/OpenCLI/pull/1543

New Contributors

@hansnow made their first contribution in https://github.com/jackwener/OpenCLI/pull/1518
@lyingflatDDD made their first contribution in https://github.com/jackwener/OpenCLI/pull/1523
@lenovobenben made their first contribution in https://github.com/jackwener/OpenCLI/pull/1517
@John15Wil made their first contribution in https://github.com/jackwener/OpenCLI/pull/1504
@ppop123 made their first contribution in https://github.com/jackwener/OpenCLI/pull/1503

Full Changelog: https://github.com/jackwener/OpenCLI/compare/v1.7.18...v1.7.19

Breaking Changes

Removed env var OPENCLI_KEEP_TAB
Removed lease key session backdoor from extension

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OpenCLI

Get notified when new releases ship.

About OpenCLI

Make Any Website & Tool Your CLI. A universal CLI Hub and AI-native runtime. Transform any website, Electron app, or local binary into a standardized command-line interface. Built for AI Agents to discover, learn, and execute tools seamlessly via a unified AGENT.md integration.