Critical:
- meta-ads: move access_token from URL query string to Authorization
header to prevent credential leakage in server logs and referrers
Medium (URL encoding):
- g2: encode state and date filter values
- trustpilot: use URLSearchParams for reviews list params
- typeform: encode response IDs in delete endpoint
- demio: encode event type filter
- lemlist: encode email addresses in URL path segments
Docs:
- Fix 6 missing env vars in CLI README auth table
- Fix .gitignore typo (extra space in .DS_Store pattern)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- meta-ads: use empty array for special_ad_categories (not ['NONE'])
- ahrefs: add --target validation to all 5 site-explorer commands
- wistia: read SRT file contents from disk for captions create
- tiktok-ads: use URLSearchParams for cleaner URL construction
- mixpanel: require --from-date/--to-date for retention, add --event filter for export
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes found by automated codex review of all 47 CLI tools:
- resend: webhook field name endpoint_url -> endpoint
- mailchimp: change from Bearer to Basic auth per API docs
- kit: fail fast when api_secret required but not set
- activecampaign: automation add-contact needs --contact-id not --email
- google-ads: budget updateMask must be snake_case (amount_micros)
- meta-ads: special_ad_categories default to ['NONE'] not empty array
- linkedin-ads: add required X-RestLi-Protocol-Version header
- onesignal: auth prefix should be Key, not Basic
- mixpanel: query dates must be YYYY-MM-DD, not relative strings
- wistia: change from Bearer to Basic auth per API docs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When --dry-run is passed, each CLI prints the HTTP request it would
make (method, URL, headers, body) without actually calling fetch().
Auth credentials are masked as "***" in the output.
Useful for verifying request shape and API endpoints without needing
real API keys or making actual API calls.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Single-file Node.js scripts for every tool in the registry that lacked
a CLI. All follow the same pattern: env var auth, JSON output, consistent
`{tool} <resource> <action>` command structure, zero npm dependencies.
CLIs added: resend, sendgrid, mailchimp, kit, customer-io, ahrefs,
semrush, google-search-console, ga4, mixpanel, amplitude, segment,
adobe-analytics, rewardful, tolt, mention-me, dub, google-ads,
meta-ads, linkedin-ads, tiktok-ads, zapier.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
