curl_impersonate 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 94cdd8bf828ebec2bc00821f780c5d63d189b64d0cbc0512a8658290504d9223
+  data.tar.gz: 0bf9e8780a0483145d8b92f3ae1d42cd03d48ce5ea7daa20da623e186ab595cb
+SHA512:
+  metadata.gz: 9530d6d3c3dbdaa79f4be3b2659b9a7da0820006796e08c95802f74cf46f24347afe5b9bef2341633b8434a8c7e3ba8bdf3f3accbda61a18f62695a003323e3e
+  data.tar.gz: 9cbf63f95038c728012f54ab3830c5740a702122b6601737eb147a0284b73d7e1bcde2df4636d272b49fe70aeb3ed7219a2fb20e379e588e96f4eb25311a0264

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 TeamMilestone
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,84 @@
+# curl_impersonate
+
+Ruby bindings for [libcurl-impersonate](https://github.com/lexiforest/curl-impersonate) — generate real-browser TLS / JA3 / JA4 fingerprints from Ruby.
+
+Unlike pure-Ruby HTTP libraries (`net/http`, `httpx`, `faraday`, …) whose TLS handshakes are unmistakably "not a browser," this gem links the same BoringSSL-backed `libcurl-impersonate` build that the `curl-impersonate` project ships, so the TLS ClientHello, HTTP/2 SETTINGS frame, and header ordering are byte-identical to Chrome, Firefox, or Safari.
+
+This is a Ruby port of [`go-curl-impersonate`](https://github.com/TeamMilestone/go-curl-impersonate). The public API matches it 1:1 within Ruby idioms.
+
+## Installation
+
+```ruby
+# Gemfile
+gem "curl_impersonate"
+```
+
+On platforms with a precompiled gem (`arm64-darwin`, `x86_64-linux-gnu`), `gem install` is a single step with no external dependencies — the BoringSSL build is statically linked into the gem's native extension.
+
+On other platforms you will need to build from source; see [Building from source](#building-from-source).
+
+## Quick start
+
+```ruby
+require "curl_impersonate"
+
+resp = CurlImpersonate.do_request(
+  url: "https://example.com",
+  impersonate: "chrome131",
+  headers: { "Accept-Language" => "en-US" },
+  timeout_sec: 15,
+)
+
+resp.status_code  # => 200
+resp.success?     # => true
+resp.body         # => "<!doctype html>..."
+resp.headers      # => "HTTP/2 200\r\ncontent-type: text/html\r\n..."
+
+CurlImpersonate.extract_cookies(resp.headers)  # => { "name" => "value", ... }
+```
+
+## API
+
+### `CurlImpersonate.do_request(...)` → `Response`
+
+| keyword | type | default | notes |
+|---------|------|---------|-------|
+| `url:` | `String` | — | Required. |
+| `impersonate:` | `String` | `"chrome131"` | Any target supported by libcurl-impersonate. Examples: `chrome131`, `firefox133`, `safari180`. See the [upstream targets](https://github.com/lexiforest/curl-impersonate#supported-browsers). |
+| `headers:` | `Hash<String, String>` | `{}` | Custom headers merged on top of the browser default set. |
+| `post_data:` | `String` | `""` | Non-empty switches the request to POST and is sent as the body verbatim. |
+| `follow_redirects:` | `Boolean` | `true` | Maps to `CURLOPT_FOLLOWLOCATION`. |
+| `timeout_sec:` | `Integer` | `15` | Total request timeout. |
+| `proxy:` | `String` | `""` | `"scheme://user:pass@host:port"`. Credentials are split out and passed via `CURLOPT_PROXYUSERPWD`. |
+
+Returns a `CurlImpersonate::Response` Struct with `status_code` (Integer), `body` (String), and `headers` (String — raw `\r\n`-separated lines). On any libcurl error (resolution, timeout, TLS handshake, …) raises `CurlImpersonate::Error`.
+
+`curl_easy_perform` runs without the GVL, so other Ruby threads continue executing during the network wait.
+
+### `CurlImpersonate.extract_cookies(headers_str)` → `Hash`
+
+Parses `Set-Cookie:` lines from a raw header string and returns a `Hash<String, String>` of cookie names → values. Attributes (`Path`, `Domain`, `HttpOnly`, `Expires`, `Secure`, …) are discarded. Later cookies with the same name overwrite earlier ones.
+
+## Building from source
+
+You'll need:
+
+- A C compiler (`clang` / `gcc`) and `make`
+- `libcurl-impersonate` 1.5.x installed via one of:
+  - **macOS**: `brew install teammilestone/tap/libcurl-impersonate`
+  - **Linux**: download the matching tarball from [lexiforest/curl-impersonate releases](https://github.com/lexiforest/curl-impersonate/releases) and copy `libcurl-impersonate.a` plus headers into a system path discoverable by `pkg-config`
+  - Or set `CURL_IMPERSONATE_DIR=/path/to/install` (containing `lib/libcurl-impersonate.a` and `include/`) before `gem install`
+
+```bash
+gem install curl_impersonate --platform=ruby   # forces source compilation
+```
+
+## Caveats
+
+- **SSL certificate verification is disabled** (`CURLOPT_SSL_VERIFYPEER = 0`, `CURLOPT_SSL_VERIFYHOST = 0`). This matches the Go reference implementation. The premise of TLS impersonation is that you are mimicking a browser TLS stack regardless of trust chain validation; if you need real verification, this gem is the wrong tool.
+- **JA3 hash varies between requests.** Chrome injects random GREASE values into the cipher and extension lists on every TLS handshake, so the JA3 string and its hash change each time. This is the correct Chrome behavior — match on **JA4** (which sorts before hashing) if you need a stable fingerprint to assert against.
+- **Status of this gem**: under active development; API is not stable until 1.0.
+
+## License
+
+MIT — see [LICENSE](LICENSE).

data/ext/curl_impersonate/curl_impersonate.c

@@ -0,0 +1,240 @@
+#include <ruby.h>
+#include <ruby/thread.h>
+#include <curl/curl.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_CURL_IMPERSONATE_CURL_IMPERSONATE_H
+#  include <curl-impersonate/curl_impersonate.h>
+#else
+extern CURLcode curl_easy_impersonate(CURL *curl, const char *target, int default_headers);
+#endif
+
+static VALUE mCurlImpersonate;
+static VALUE cResponse;
+static VALUE eError;
+
+struct buffer {
+  char *data;
+  size_t len;
+  size_t cap;
+};
+
+static void buffer_init(struct buffer *b) { b->data = NULL; b->len = 0; b->cap = 0; }
+static void buffer_free(struct buffer *b) { free(b->data); b->data = NULL; b->len = 0; b->cap = 0; }
+
+static int buffer_append(struct buffer *b, const char *src, size_t n) {
+  size_t needed = b->len + n;
+  if (needed > b->cap) {
+    size_t new_cap = b->cap == 0 ? 4096 : b->cap;
+    while (new_cap < needed) new_cap *= 2;
+    char *p = realloc(b->data, new_cap);
+    if (!p) return -1;
+    b->data = p;
+    b->cap = new_cap;
+  }
+  memcpy(b->data + b->len, src, n);
+  b->len += n;
+  return 0;
+}
+
+static size_t write_body_cb(char *ptr, size_t size, size_t nmemb, void *userdata) {
+  size_t total = size * nmemb;
+  return buffer_append((struct buffer *)userdata, ptr, total) == 0 ? total : 0;
+}
+
+static size_t write_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) {
+  size_t total = size * nmemb;
+  return buffer_append((struct buffer *)userdata, ptr, total) == 0 ? total : 0;
+}
+
+struct perform_args {
+  CURL *handle;
+  CURLcode result;
+};
+
+static void *perform_without_gvl(void *data) {
+  struct perform_args *args = (struct perform_args *)data;
+  args->result = curl_easy_perform(args->handle);
+  return NULL;
+}
+
+/* Iterator state passed to rb_hash_foreach to build a curl_slist of "Key: Value"
+ * strings from a Ruby Hash. */
+struct slist_build {
+  struct curl_slist *list;
+  int error; /* non-zero on first conversion failure */
+};
+
+static int build_header_slist(VALUE key, VALUE val, VALUE arg) {
+  struct slist_build *s = (struct slist_build *)arg;
+  if (s->error) return ST_STOP;
+
+  VALUE k = rb_check_string_type(key);
+  VALUE v = rb_check_string_type(val);
+  if (NIL_P(k) || NIL_P(v)) { s->error = 1; return ST_STOP; }
+
+  /* "<key>: <value>\0" — RFC 7230 header line */
+  long klen = RSTRING_LEN(k);
+  long vlen = RSTRING_LEN(v);
+  char *line = malloc((size_t)klen + 2 + (size_t)vlen + 1);
+  if (!line) { s->error = 1; return ST_STOP; }
+
+  memcpy(line, RSTRING_PTR(k), klen);
+  line[klen] = ':';
+  line[klen + 1] = ' ';
+  memcpy(line + klen + 2, RSTRING_PTR(v), vlen);
+  line[klen + 2 + vlen] = '\0';
+
+  struct curl_slist *next = curl_slist_append(s->list, line);
+  free(line);
+  if (!next) { s->error = 1; return ST_STOP; }
+  s->list = next;
+  return ST_CONTINUE;
+}
+
+static VALUE rb_cci_native_version(VALUE self) {
+  (void)self;
+  return rb_str_new_cstr(curl_version());
+}
+
+/* Signature (stage 7):
+ *   _do_request_native(url, impersonate, headers, post_data,
+ *                      follow_redirects, timeout_sec,
+ *                      proxy_url, proxy_userpwd) -> Response
+ *
+ *   url               : String
+ *   impersonate       : String (e.g. "chrome131")
+ *   headers           : Hash<String, String>
+ *   post_data         : String — empty string means GET, non-empty means POST
+ *   follow_redirects  : true / false
+ *   timeout_sec       : Integer
+ *   proxy_url         : String — empty string disables; otherwise host (no auth)
+ *   proxy_userpwd     : String — "user:pass" or empty
+ */
+static VALUE rb_cci_do_request(int argc, VALUE *argv, VALUE self) {
+  (void)self;
+  if (argc != 8) {
+    rb_raise(rb_eArgError, "wrong number of arguments (given %d, expected 8)", argc);
+  }
+
+  VALUE rb_url = argv[0];
+  VALUE rb_impersonate = argv[1];
+  VALUE rb_headers = argv[2];
+  VALUE rb_post_data = argv[3];
+  VALUE rb_follow = argv[4];
+  VALUE rb_timeout = argv[5];
+  VALUE rb_proxy_url = argv[6];
+  VALUE rb_proxy_userpwd = argv[7];
+
+  Check_Type(rb_url, T_STRING);
+  Check_Type(rb_impersonate, T_STRING);
+  Check_Type(rb_headers, T_HASH);
+  Check_Type(rb_post_data, T_STRING);
+  Check_Type(rb_proxy_url, T_STRING);
+  Check_Type(rb_proxy_userpwd, T_STRING);
+
+  const char *url = StringValueCStr(rb_url);
+  const char *impersonate = StringValueCStr(rb_impersonate);
+  long timeout_sec = NUM2LONG(rb_timeout);
+  long follow = RTEST(rb_follow) ? 1L : 0L;
+
+  CURL *handle = curl_easy_init();
+  if (!handle) {
+    rb_raise(eError, "curl_easy_init failed");
+  }
+
+  CURLcode rc = curl_easy_impersonate(handle, impersonate, 1);
+  if (rc != CURLE_OK) {
+    curl_easy_cleanup(handle);
+    rb_raise(eError, "curl_easy_impersonate(%s) failed: %s",
+             impersonate, curl_easy_strerror(rc));
+  }
+
+  struct buffer body, headers_buf;
+  buffer_init(&body);
+  buffer_init(&headers_buf);
+
+  curl_easy_setopt(handle, CURLOPT_URL, url);
+  curl_easy_setopt(handle, CURLOPT_TIMEOUT, timeout_sec);
+  curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, follow);
+  curl_easy_setopt(handle, CURLOPT_SSL_VERIFYPEER, 0L);
+  curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L);
+  /* Empty string enables all built-in encodings (gzip, br, zstd if available) —
+   * essential for matching browser Accept-Encoding fingerprint. */
+  curl_easy_setopt(handle, CURLOPT_ACCEPT_ENCODING, "");
+  curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, write_body_cb);
+  curl_easy_setopt(handle, CURLOPT_WRITEDATA, &body);
+  curl_easy_setopt(handle, CURLOPT_HEADERFUNCTION, write_header_cb);
+  curl_easy_setopt(handle, CURLOPT_HEADERDATA, &headers_buf);
+
+  /* POST body. We use COPYPOSTFIELDS so libcurl owns the copy and we can
+   * release the Ruby String after setopt returns. POSTFIELDSIZE is set
+   * explicitly so binary bodies with embedded NULs work. */
+  long post_len = RSTRING_LEN(rb_post_data);
+  if (post_len > 0) {
+    curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, post_len);
+    curl_easy_setopt(handle, CURLOPT_COPYPOSTFIELDS, RSTRING_PTR(rb_post_data));
+  }
+
+  if (RSTRING_LEN(rb_proxy_url) > 0) {
+    curl_easy_setopt(handle, CURLOPT_PROXY, StringValueCStr(rb_proxy_url));
+  }
+  if (RSTRING_LEN(rb_proxy_userpwd) > 0) {
+    curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, StringValueCStr(rb_proxy_userpwd));
+  }
+
+  /* Custom headers. Build a curl_slist from the Ruby Hash. */
+  struct slist_build sb = { .list = NULL, .error = 0 };
+  if (RHASH_SIZE(rb_headers) > 0) {
+    rb_hash_foreach(rb_headers, build_header_slist, (VALUE)&sb);
+    if (sb.error) {
+      curl_slist_free_all(sb.list);
+      buffer_free(&body);
+      buffer_free(&headers_buf);
+      curl_easy_cleanup(handle);
+      rb_raise(eError, "failed to build header list (non-string key/value or OOM)");
+    }
+    curl_easy_setopt(handle, CURLOPT_HTTPHEADER, sb.list);
+  }
+
+  struct perform_args args = { .handle = handle, .result = CURLE_OK };
+  rb_thread_call_without_gvl(perform_without_gvl, &args, RUBY_UBF_IO, NULL);
+
+  if (args.result != CURLE_OK) {
+    char errbuf[256];
+    strncpy(errbuf, curl_easy_strerror(args.result), sizeof(errbuf) - 1);
+    errbuf[sizeof(errbuf) - 1] = '\0';
+    curl_slist_free_all(sb.list);
+    buffer_free(&body);
+    buffer_free(&headers_buf);
+    curl_easy_cleanup(handle);
+    rb_raise(eError, "curl_easy_perform failed: %s", errbuf);
+  }
+
+  long status_code = 0;
+  curl_easy_getinfo(handle, CURLINFO_RESPONSE_CODE, &status_code);
+
+  VALUE rb_body    = rb_str_new(body.data ? body.data : "", body.len);
+  VALUE rb_hdr_str = rb_str_new(headers_buf.data ? headers_buf.data : "", headers_buf.len);
+
+  curl_slist_free_all(sb.list);
+  buffer_free(&body);
+  buffer_free(&headers_buf);
+  curl_easy_cleanup(handle);
+
+  return rb_struct_new(cResponse, LONG2NUM(status_code), rb_body, rb_hdr_str);
+}
+
+void Init_curl_impersonate(void) {
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  mCurlImpersonate = rb_define_module("CurlImpersonate");
+  eError    = rb_const_get(mCurlImpersonate, rb_intern("Error"));
+  cResponse = rb_const_get(mCurlImpersonate, rb_intern("Response"));
+
+  rb_define_singleton_method(mCurlImpersonate, "_native_curl_version",
+                             rb_cci_native_version, 0);
+  rb_define_singleton_method(mCurlImpersonate, "_do_request_native",
+                             rb_cci_do_request, -1);
+}

data/ext/curl_impersonate/extconf.rb

@@ -0,0 +1,139 @@
+require "rbconfig"
+require "shellwords"
+
+# Avoid baking an absolute libruby.dylib install_name into the resulting
+# .bundle on macOS: clear LIBRUBYARG_SHARED *before* mkmf is loaded, so its
+# Makefile template renders LIBS without `-lruby.X.Y`. The dynamic loader will
+# satisfy Ruby symbols from the host process at require time — this is the
+# documented portable pattern for macOS Ruby extensions and is also how
+# nokogiri/sqlite3 ship their precompiled darwin gems.
+if RUBY_PLATFORM =~ /darwin/
+  # mkmf uses MAKEFILE_CONFIG (NOT CONFIG) for $(LIBRUBYARG_SHARED) expansion
+  # inside the generated Makefile. Clear both for safety.
+  RbConfig::CONFIG["LIBRUBYARG_SHARED"]          = ""
+  RbConfig::CONFIG["LIBRUBYARG"]                 = ""
+  RbConfig::MAKEFILE_CONFIG["LIBRUBYARG_SHARED"] = ""
+  RbConfig::MAKEFILE_CONFIG["LIBRUBYARG"]        = ""
+end
+
+require "mkmf"
+
+# Resolve libcurl-impersonate location.
+#
+# Priority:
+#   1. ENV["CURL_IMPERSONATE_DIR"]                     — explicit override (CI)
+#   2. ext/curl_impersonate/vendor/<arch>/             — bundled in precompiled gem
+#   3. pkg-config --libs --cflags libcurl-impersonate  — system install (brew/apt)
+#
+# In all cases we end up statically linking libcurl-impersonate.a so that the
+# resulting .bundle / .so has BoringSSL baked in and the end user does not need
+# the library installed at runtime.
+
+def configure_from_dir(dir)
+  raise "CURL_IMPERSONATE_DIR=#{dir} does not exist" unless File.directory?(dir)
+
+  lib_dir = File.join(dir, "lib")
+  include_dir = File.join(dir, "include")
+
+  $LIBPATH.unshift(lib_dir) if File.directory?(lib_dir)
+  $CFLAGS << " -I#{include_dir.shellescape}" if File.directory?(include_dir)
+  $CFLAGS << " -I#{File.join(include_dir, "curl-impersonate").shellescape}" if File.directory?(File.join(include_dir, "curl-impersonate"))
+
+  static_archive = File.join(lib_dir, "libcurl-impersonate.a")
+  unless File.exist?(static_archive)
+    raise "libcurl-impersonate.a not found under #{lib_dir}"
+  end
+
+  # Link the static archive directly so its symbols (including curl_easy_impersonate)
+  # end up in our .bundle / .so.
+  $LDFLAGS << " #{static_archive.shellescape}"
+
+  # libcurl-impersonate.a bundles BoringSSL, nghttp{2,3}, ngtcp2, zstd, and
+  # brotli statically — but its remaining external dependencies have to be
+  # linked separately. The list differs by target platform; we use the
+  # vendor directory name as a hint when one is available, otherwise fall
+  # back to RUBY_PLATFORM.
+  target = File.basename(dir)
+  target = RUBY_PLATFORM if target.empty? || target == "vendor"
+
+  case target
+  when /darwin/
+    # Source: pkg-config --libs libcurl-impersonate on brew installation.
+    $LDFLAGS << " -framework CoreFoundation -framework SystemConfiguration"
+    $LDFLAGS << " -framework Security -framework LDAP"
+    # ruby/setup-ruby on macos-14 builds a Ruby whose libruby has an absolute
+    # install_name (e.g. /Users/runner/hostedtoolcache/Ruby/3.3.11/arm64/lib/
+    # libruby.3.3.dylib). Any extension we statically-link against that Ruby
+    # inherits the absolute reference, breaking the precompiled gem on every
+    # other machine. Tell the linker to leave Ruby symbols unresolved and let
+    # the dynamic loader fill them in at require time — this is the standard
+    # macOS pattern for portable Ruby extensions.
+    $DLDFLAGS << " -Wl,-undefined,dynamic_lookup"
+    $libs    = "#{$libs} -lresolv -liconv -lz -lc++"
+  when /linux/
+    # The lexiforest release tarball is a fully-static archive — zstd, brotli,
+    # idn2, nghttp{2,3}, ngtcp2, BoringSSL, and a copy of curl itself are all
+    # statically linked into libcurl-impersonate.a. The only external symbols
+    # are the system C/C++ runtime, zlib (often satisfied by libz.so.1 which
+    # ships on every distro), and a handful of pthread/dl/m intrinsics.
+    $libs    = "#{$libs} -lz -lpthread -ldl -lm -lstdc++"
+  end
+end
+
+def configure_from_pkg_config
+  unless pkg_config("libcurl-impersonate")
+    raise "pkg-config could not locate libcurl-impersonate"
+  end
+
+  # pkg_config sets $LIBS to "-lcurl-impersonate -lz ...". We want the static .a
+  # baked into the .bundle, so prepend the absolute path to the archive and strip
+  # the dynamic -lcurl-impersonate flag.
+  libdir = `pkg-config --variable=libdir libcurl-impersonate`.strip
+  static_archive = File.join(libdir, "libcurl-impersonate.a")
+  unless File.exist?(static_archive)
+    raise "libcurl-impersonate.a not found at #{static_archive}"
+  end
+
+  $libs = $libs.to_s.gsub(/-lcurl-impersonate\b/, "").strip
+  $LDFLAGS << " #{static_archive.shellescape}"
+end
+
+# Look for vendored libcurl-impersonate under any of these directory names.
+# RUBY_PLATFORM on Darwin includes the OS major version ("arm64-darwin25") but
+# the rake-compiler / rubygems platform triple does not ("arm64-darwin"), so
+# we accept either. The order matters — most-specific wins.
+vendor_candidates = [
+  RUBY_PLATFORM,                       # arm64-darwin25, x86_64-linux, ...
+  RUBY_PLATFORM.sub(/\d+\z/, ""),      # arm64-darwin
+  RUBY_PLATFORM.sub(/-gnu\z/, ""),     # x86_64-linux (from x86_64-linux-gnu)
+].uniq.map { |t| File.join(__dir__, "vendor", t) }
+
+vendor_arch_dir = vendor_candidates.find { |d| File.directory?(d) }
+
+# Always make our vendored upstream curl 8.15.0 headers visible. brew installs
+# only curl_impersonate.h on macOS (no full curl/ tree) and many Linux runners
+# do not ship libcurl-dev. The .a we link against is the matching curl 8.15.0
+# build, so using these headers is the correct pairing regardless of what is
+# (or is not) in /usr/include/curl/.
+bundled_headers = File.join(__dir__, "include")
+$CFLAGS << " -I#{bundled_headers.shellescape}" if File.directory?(bundled_headers)
+
+if (override = ENV["CURL_IMPERSONATE_DIR"]) && !override.empty?
+  warn "[curl_impersonate] using CURL_IMPERSONATE_DIR=#{override}"
+  configure_from_dir(override)
+elsif vendor_arch_dir
+  warn "[curl_impersonate] using vendored libcurl-impersonate at #{vendor_arch_dir}"
+  configure_from_dir(vendor_arch_dir)
+else
+  warn "[curl_impersonate] using pkg-config libcurl-impersonate"
+  configure_from_pkg_config
+end
+
+# Sanity check: ensure we can find the impersonate header. brew installs it
+# under curl-impersonate/curl_impersonate.h; some custom layouts may place it
+# elsewhere. If missing, fall back to declaring the prototype inline (handled
+# in curl_impersonate.c).
+have_header("curl-impersonate/curl_impersonate.h")
+have_header("curl/curl.h") or abort("curl/curl.h not found — install curl development headers")
+
+create_makefile("curl_impersonate/curl_impersonate")