@aholbreich/agent-skills 0.9.0 → 1.0.0

package/CHANGELOG.md

@@ -2,6 +2,20 @@
 
 ## Unreleased
 
+(empty)
+
+## 0.10.0 - 2026-05-08
+
+Added:
+
+- New `jira-update` skill for dry-run-first Jira Cloud writes through an authenticated browser session: `create`, `comment`, `transition`, `update-fields`, and `link` commands. Markdown-to-ADF conversion by default; ADF passthrough as escape hatch.
+
+Changed:
+
+- Extracted browser/CDP/cookie helpers from all four existing skills into a single source-of-truth `lib/atlassian-browser.js`. Vendored at pack time into each `skills/*/scripts/atlassian-browser.js` so each skill folder remains self-contained on disk. Eliminates ~870 lines of duplicated code across the bundle.
+
+## 0.9.0 - 2026-05-07
+
 Added:
 
 - New `bitbucket-browser-fetch` skill for browser-authenticated Bitbucket Cloud project repository inventory, SSH/HTTPS clone URL lists, Markdown summaries, and safe clone helper scripts.

package/README.md

@@ -2,13 +2,14 @@
 
 Handcrafted [Agent Skills](https://agentskills.io/) for developer and LLM-wiki workflows. The package is intentionally a pure skills package with broad compatibility across Pi, Claude Code, Codex, OpenClaw/generic `.agents` setups, and other Agent Skills-compatible harnesses.
 
-This repository is a pure skills package. It currently contains browser-authenticated Atlassian fetch/update tools that work well when Jira/Confluence/Bitbucket API-token authentication is unavailable because an organization uses Microsoft/SSO.
+This repository is a pure skills package. It currently contains browser-authenticated Atlassian fetch and update tools (Jira read+write, Confluence read+write, Bitbucket read) that work well when Jira/Confluence/Bitbucket API-token authentication is unavailable because an organization uses Microsoft/SSO.
 
 ## Skills
 
 | Skill | Purpose |
 |---|---|
 | [`jira-browser-fetch`](skills/jira-browser-fetch/) | Fetch Jira issue JSON, rendered HTML/XML, linked/referenced issues, Jira Software board backlogs, JQL result sets, and attachments through an authenticated Chrome session. |
+| [`jira-update`](skills/jira-update/) | Dry-run-first Jira Cloud writes through an authenticated browser session: create issues, add comments, transition workflows, update fields, and link issues. Markdown-to-ADF conversion by default; ADF passthrough as escape hatch. |
 | [`confluence-browser-fetch`](skills/confluence-browser-fetch/) | Fetch Confluence page JSON, storage/view HTML, browser HTML, descendants, CQL result sets, and attachments through an authenticated Chrome session. |
 | [`confluence-update`](skills/confluence-update/) | Dry-run-first Confluence page updates, agent-owned block replacement, Markdown-to-storage conversion, and page creation through an authenticated browser session. |
 | [`bitbucket-browser-fetch`](skills/bitbucket-browser-fetch/) | Fetch Bitbucket Cloud project repository inventories and clone URL lists through an authenticated browser session. |
@@ -176,6 +177,7 @@ If installed globally via npm, the package exposes:
 ```bash
 agent-skills
 jira-browser-fetch
+jira-update
 confluence-browser-fetch
 confluence-update
 bitbucket-browser-fetch
@@ -281,6 +283,54 @@ Example user requests that should invoke this skill:
 - "Pull my assigned Jira issues without asking me for an API token."
 - "Use this JQL and store the raw Jira evidence under the wiki raw folder."
 
+## Jira update examples
+
+Dry-run an issue creation from a manifest:
+
+```bash
+jira-update create \
+  --server https://example.atlassian.net \
+  --file ./new-bug.json
+```
+
+Apply after review:
+
+```bash
+jira-update create \
+  --server https://example.atlassian.net \
+  --file ./new-bug.json \
+  --apply
+```
+
+Add a comment from Markdown:
+
+```bash
+jira-update comment PROJ-123 \
+  --server https://example.atlassian.net \
+  --file ./reply.md \
+  --apply
+```
+
+Transition with a comment:
+
+```bash
+jira-update transition PROJ-123 \
+  --server https://example.atlassian.net \
+  --to "In Progress" \
+  --comment-file ./status.md \
+  --apply
+```
+
+Link two issues:
+
+```bash
+jira-update link PROJ-123 \
+  --server https://example.atlassian.net \
+  --to PROJ-456 \
+  --type blocks \
+  --apply
+```
+
 ## Confluence examples
 
 Fetch one page by URL:

package/bin/vendor.js

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const repoRoot = path.resolve(__dirname, '..');
+const source = path.join(repoRoot, 'lib/atlassian-browser.js');
+const skillsDir = path.join(repoRoot, 'skills');
+
+if (!fs.existsSync(source)) {
+  console.error(`vendor: source not found at ${source}`);
+  process.exit(1);
+}
+
+const content = fs.readFileSync(source);
+const skills = fs.readdirSync(skillsDir, { withFileTypes: true }).filter(d => d.isDirectory());
+for (const skill of skills) {
+  const scriptsDir = path.join(skillsDir, skill.name, 'scripts');
+  if (!fs.existsSync(scriptsDir)) continue;
+  const dest = path.join(scriptsDir, 'atlassian-browser.js');
+  fs.writeFileSync(dest, content);
+  console.log(`vendored -> ${path.relative(repoRoot, dest)}`);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aholbreich/agent-skills",
-  "version": "0.9.0",
+  "version": "1.0.0",
   "description": "Handcrafted Agent Skills for browser-authenticated Jira and Confluence ingestion, LLM wiki workflows, and developer automation.",
   "license": "MIT",
   "type": "commonjs",
@@ -39,10 +39,13 @@
     "jira-browser-fetch": "skills/jira-browser-fetch/scripts/jira-browser-fetch.js",
     "confluence-browser-fetch": "skills/confluence-browser-fetch/scripts/confluence-browser-fetch.js",
     "confluence-update": "skills/confluence-update/scripts/confluence-update.js",
-    "bitbucket-browser-fetch": "skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js"
+    "bitbucket-browser-fetch": "skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js",
+    "jira-update": "skills/jira-update/scripts/jira-update.js"
   },
   "scripts": {
-    "check": "node --check bin/agent-skills.js && node --check skills/jira-browser-fetch/scripts/jira-browser-fetch.js && node --check skills/jira-browser-fetch/scripts/lib.js && node --check skills/confluence-browser-fetch/scripts/confluence-browser-fetch.js && node --check skills/confluence-browser-fetch/scripts/lib.js && node --check skills/confluence-update/scripts/confluence-update.js && node --check skills/confluence-update/scripts/lib.js && node --check skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js && node --check skills/bitbucket-browser-fetch/scripts/lib.js",
+    "vendor": "node bin/vendor.js",
+    "check": "node --check bin/agent-skills.js && node --check bin/vendor.js && node --check lib/atlassian-browser.js && npm run vendor && node --check skills/jira-browser-fetch/scripts/jira-browser-fetch.js && node --check skills/jira-browser-fetch/scripts/lib.js && node --check skills/jira-browser-fetch/scripts/atlassian-browser.js && node --check skills/confluence-browser-fetch/scripts/confluence-browser-fetch.js && node --check skills/confluence-browser-fetch/scripts/lib.js && node --check skills/confluence-browser-fetch/scripts/atlassian-browser.js && node --check skills/confluence-update/scripts/confluence-update.js && node --check skills/confluence-update/scripts/lib.js && node --check skills/confluence-update/scripts/atlassian-browser.js && node --check skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js && node --check skills/bitbucket-browser-fetch/scripts/lib.js && node --check skills/bitbucket-browser-fetch/scripts/atlassian-browser.js && node --check skills/jira-update/scripts/jira-update.js && node --check skills/jira-update/scripts/lib.js && node --check skills/jira-update/scripts/atlassian-browser.js",
+    "pretest": "npm run vendor",
     "test": "node --test",
     "ci": "npm run check && npm test && npm pack --dry-run",
     "pack:dry": "npm pack --dry-run",

package/skills/bitbucket-browser-fetch/scripts/atlassian-browser.js

@@ -0,0 +1,261 @@
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const { spawn } = require('node:child_process');
+
+const sleep = ms => new Promise(r => setTimeout(r, ms));
+
+function isExecutable(file) {
+  try { fs.accessSync(file, fs.constants.X_OK); return true; } catch { return false; }
+}
+
+function resolveBrowserCandidate(candidate) {
+  if (!candidate) return null;
+  if (candidate.includes(path.sep)) return isExecutable(candidate) ? candidate : null;
+  for (const dir of String(process.env.PATH || '').split(path.delimiter)) {
+    if (!dir) continue;
+    const full = path.join(dir, candidate);
+    if (isExecutable(full)) return full;
+  }
+  return null;
+}
+
+function findBrowserExecutable() {
+  const candidates = [
+    process.env.CHROME,
+    process.env.CHROMIUM,
+    'google-chrome',
+    'google-chrome-stable',
+    'chromium',
+    'chromium-browser',
+    'brave-browser',
+    'brave',
+    'microsoft-edge',
+    'microsoft-edge-stable',
+    'vivaldi',
+    'vivaldi-stable',
+    '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
+    '/Applications/Chromium.app/Contents/MacOS/Chromium',
+    '/Applications/Brave Browser.app/Contents/MacOS/Brave Browser',
+    '/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge',
+    '/Applications/Vivaldi.app/Contents/MacOS/Vivaldi',
+  ];
+  for (const candidate of candidates) {
+    const resolved = resolveBrowserCandidate(candidate);
+    if (resolved) return resolved;
+  }
+  throw new Error('Could not find a Chromium-compatible browser. Install Chrome/Chromium/Brave/Edge/Vivaldi or set CHROME=/path/to/browser.');
+}
+
+function connectCdp(wsUrl) {
+  return new Promise((resolve, reject) => {
+    const ws = new WebSocket(wsUrl);
+    let id = 0;
+    const pending = new Map();
+    const failTimer = setTimeout(() => reject(new Error('CDP websocket timeout')), 10000);
+
+    ws.addEventListener('open', () => {
+      clearTimeout(failTimer);
+      resolve({
+        send(method, params = {}) {
+          return new Promise((res, rej) => {
+            const msgId = ++id;
+            pending.set(msgId, { res, rej });
+            ws.send(JSON.stringify({ id: msgId, method, params }));
+          });
+        },
+        close() { try { ws.close(); } catch {} },
+      });
+    });
+
+    ws.addEventListener('message', ev => {
+      let data = ev.data;
+      if (typeof data !== 'string') data = Buffer.from(data).toString('utf8');
+      const msg = JSON.parse(data);
+      if (!msg.id || !pending.has(msg.id)) return;
+      const { res, rej } = pending.get(msg.id);
+      pending.delete(msg.id);
+      if (msg.error) rej(new Error(`${msg.error.message || 'CDP error'} ${JSON.stringify(msg.error)}`));
+      else res(msg.result);
+    });
+
+    ws.addEventListener('error', err => reject(err));
+  });
+}
+
+function createBrowserSession({ port, profileDir, waitSec, serverHost, verifySession, cookieUrls, userAgent }) {
+  if (!serverHost) throw new Error('createBrowserSession requires serverHost');
+  if (typeof verifySession !== 'function') throw new Error('createBrowserSession requires verifySession callback');
+  const ua = userAgent || 'agent-skills/1.0';
+
+  async function endpoint(pathname) {
+    const res = await fetch(`http://127.0.0.1:${port}${pathname}`);
+    if (!res.ok) throw new Error(`DevTools HTTP ${res.status} for ${pathname}`);
+    return res.json();
+  }
+
+  async function devtoolsReady() {
+    try { await endpoint('/json/version'); return true; } catch { return false; }
+  }
+
+  async function waitDevtools() {
+    for (let i = 0; i < 80; i++) {
+      if (await devtoolsReady()) return;
+      await sleep(250);
+    }
+    throw new Error('Chrome DevTools endpoint did not start');
+  }
+
+  async function openDevtoolsTab(url) {
+    if (!url) return false;
+    const endpointUrl = `http://127.0.0.1:${port}/json/new?${encodeURIComponent(url)}`;
+    for (const init of [{ method: 'PUT' }, {}]) {
+      try {
+        const res = await fetch(endpointUrl, init);
+        if (res.ok) { await sleep(500); return true; }
+      } catch {}
+    }
+    return false;
+  }
+
+  async function hasDevtoolsTabForHost(url, pathPrefix) {
+    if (!url) return false;
+    const host = new URL(url).host;
+    const list = await endpoint('/json/list');
+    return list.some(t => t.type === 'page' && t.url && (() => {
+      try {
+        const tabUrl = new URL(t.url);
+        if (tabUrl.host !== host) return false;
+        if (pathPrefix && !tabUrl.pathname.startsWith(pathPrefix)) return false;
+        return true;
+      } catch { return false; }
+    })());
+  }
+
+  function launchChrome(url) {
+    const browser = findBrowserExecutable();
+    const args = [
+      `--remote-debugging-port=${port}`,
+      '--remote-debugging-address=127.0.0.1',
+      '--remote-allow-origins=*',
+      `--user-data-dir=${profileDir}`,
+      '--no-first-run',
+      '--no-default-browser-check',
+      url,
+    ];
+    console.log(`Launching browser: ${browser}`);
+    const child = spawn(browser, args, { detached: true, stdio: 'ignore' });
+    child.on('error', err => console.error(`Failed to launch browser ${browser}: ${err.message}`));
+    child.unref();
+  }
+
+  async function ensureBrowser(openUrl, { tabPathPrefix } = {}) {
+    if (!(await devtoolsReady())) {
+      console.log(`Opening Chromium-compatible browser with reusable profile: ${profileDir}`);
+      launchChrome(openUrl);
+    } else {
+      console.log(`Reusing Chrome DevTools on port ${port}`);
+      if (openUrl) {
+        const hasTab = await hasDevtoolsTabForHost(openUrl, tabPathPrefix);
+        if (hasTab) {
+          console.log(`Found existing tab for ${new URL(openUrl).host}; not opening another tab.`);
+        } else {
+          const opened = await openDevtoolsTab(openUrl);
+          if (opened) console.log(`Opened target URL in reused browser: ${openUrl}`);
+          else console.warn('Could not open target URL through DevTools; continuing with existing tabs.');
+        }
+      }
+    }
+    await waitDevtools();
+  }
+
+  async function getPageWsUrl() {
+    const list = await endpoint('/json/list');
+    const pages = list.filter(t => t.type === 'page' && t.webSocketDebuggerUrl);
+    const preferred = pages.find(t => (t.url || '').includes(serverHost)) || pages[0];
+    return preferred && preferred.webSocketDebuggerUrl;
+  }
+
+  async function getCookieHeader() {
+    const wsUrl = await getPageWsUrl();
+    if (!wsUrl) return '';
+    const cdp = await connectCdp(wsUrl);
+    try {
+      await cdp.send('Network.enable');
+      const urls = (cookieUrls && cookieUrls.length) ? cookieUrls : [`https://${serverHost}/`];
+      const result = await cdp.send('Network.getCookies', { urls });
+      const cookies = (result.cookies || [])
+        .filter(c => c.domain && (c.domain === serverHost || c.domain.endsWith(`.${serverHost}`)))
+        .map(c => `${c.name}=${c.value}`);
+      return cookies.join('; ');
+    } finally {
+      cdp.close();
+    }
+  }
+
+  async function fetchText(url, cookie, options = {}) {
+    const method = options.method || 'GET';
+    const headers = {
+      Cookie: cookie,
+      Accept: options.accept || '*/*',
+      'User-Agent': ua,
+    };
+    if (options.body !== undefined && options.body !== null) headers['Content-Type'] = options.contentType || 'application/json';
+    const res = await fetch(url, { method, redirect: 'follow', headers, body: options.body ?? null });
+    return { status: res.status, contentType: res.headers.get('content-type') || '', text: await res.text() };
+  }
+
+  async function fetchJson(url, cookie, options = {}) {
+    const result = await fetchText(url, cookie, { ...options, accept: options.accept || 'application/json' });
+    let json = null;
+    try { json = JSON.parse(result.text); } catch {}
+    return { ...result, json };
+  }
+
+  async function getCookieWithWait(openUrl, { tabPathPrefix } = {}) {
+    await ensureBrowser(openUrl, { tabPathPrefix });
+    console.log(`If prompted in Chrome, complete SSO for: ${openUrl}`);
+    const deadline = Date.now() + waitSec * 1000;
+    let last = '';
+    while (Date.now() < deadline) {
+      try {
+        const cookie = await getCookieHeader();
+        const result = await verifySession(cookie);
+        if (result && result.ok) {
+          if (process.stdout.isTTY) process.stdout.write('\n');
+          console.log(`Authenticated session verified${result.url ? ` via ${result.url}` : ''}`);
+          return cookie;
+        }
+        last = (result && result.message) || 'session not yet verified';
+      } catch (e) { last = e.message; }
+      if (process.stdout.isTTY) {
+        process.stdout.write(`\r${new Date().toLocaleTimeString()} ${last.padEnd(120).slice(0, 120)}`);
+      }
+      await sleep(3000);
+    }
+    if (process.stdout.isTTY) process.stdout.write('\n');
+    throw new Error(`Could not verify authenticated session. Last result: ${last}`);
+  }
+
+  return {
+    devtoolsReady,
+    waitDevtools,
+    openDevtoolsTab,
+    hasDevtoolsTabForHost,
+    launchChrome,
+    ensureBrowser,
+    getPageWsUrl,
+    getCookieHeader,
+    getCookieWithWait,
+    fetchText,
+    fetchJson,
+  };
+}
+
+module.exports = {
+  createBrowserSession,
+  findBrowserExecutable,
+  resolveBrowserCandidate,
+  connectCdp,
+};

package/skills/bitbucket-browser-fetch/scripts/bitbucket-browser-fetch.js

@@ -1,11 +1,10 @@
 #!/usr/bin/env node
 'use strict';
 
-const fs = require('fs');
 const fsp = require('fs/promises');
 const os = require('os');
 const path = require('path');
-const { spawn } = require('child_process');
+const { createBrowserSession } = require('./atlassian-browser');
 const {
   parseProjectInput,
   repositoriesApiUrl,
@@ -71,182 +70,23 @@ project.browseUrl = `https://bitbucket.org/${project.workspace}/workspace/projec
 opts.rawDir = path.resolve(opts.rawDir);
 opts.pagelen = Math.min(100, Math.max(1, opts.pagelen || 100));
 
-const sleep = ms => new Promise(r => setTimeout(r, ms));
-
-async function endpoint(pathname) {
-  const res = await fetch(`http://127.0.0.1:${opts.port}${pathname}`);
-  if (!res.ok) throw new Error(`DevTools HTTP ${res.status} for ${pathname}`);
-  return res.json();
-}
-
-async function devtoolsReady() {
-  try { await endpoint('/json/version'); return true; } catch { return false; }
-}
-
-async function waitDevtools() {
-  for (let i = 0; i < 80; i++) {
-    if (await devtoolsReady()) return;
-    await sleep(250);
-  }
-  throw new Error('Chrome DevTools endpoint did not start');
-}
-
-async function openDevtoolsTab(url) {
-  const endpointUrl = `http://127.0.0.1:${opts.port}/json/new?${encodeURIComponent(url)}`;
-  for (const init of [{ method: 'PUT' }, {}]) {
-    try {
-      const res = await fetch(endpointUrl, init);
-      if (res.ok) { await sleep(1000); return true; }
-    } catch {}
-  }
-  return false;
-}
-
-async function hasBitbucketTab(url) {
-  const host = new URL(url).host;
-  const list = await endpoint('/json/list');
-  return list.some(t => t.type === 'page' && t.url && (() => {
-    try { return new URL(t.url).host === host; } catch { return false; }
-  })());
-}
-
-function isExecutable(file) {
-  try { fs.accessSync(file, fs.constants.X_OK); return true; } catch { return false; }
-}
-
-function resolveBrowserCandidate(candidate) {
-  if (!candidate) return null;
-  if (candidate.includes(path.sep)) return isExecutable(candidate) ? candidate : null;
-  for (const dir of String(process.env.PATH || '').split(path.delimiter)) {
-    if (!dir) continue;
-    const full = path.join(dir, candidate);
-    if (isExecutable(full)) return full;
-  }
-  return null;
-}
-
-function findBrowserExecutable() {
-  const candidates = [
-    process.env.CHROME,
-    process.env.CHROMIUM,
-    'google-chrome',
-    'google-chrome-stable',
-    'chromium',
-    'chromium-browser',
-    'brave-browser',
-    'brave',
-    'microsoft-edge',
-    'microsoft-edge-stable',
-    'vivaldi',
-    'vivaldi-stable',
-    '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
-    '/Applications/Chromium.app/Contents/MacOS/Chromium',
-    '/Applications/Brave Browser.app/Contents/MacOS/Brave Browser',
-    '/Applications/Microsoft Edge.app/Contents/MacOS/Microsoft Edge',
-    '/Applications/Vivaldi.app/Contents/MacOS/Vivaldi',
-  ];
-  for (const candidate of candidates) {
-    const resolved = resolveBrowserCandidate(candidate);
-    if (resolved) return resolved;
-  }
-  throw new Error('Could not find a Chromium-compatible browser. Install Chrome/Chromium/Brave/Edge/Vivaldi or set CHROME=/path/to/browser.');
-}
-
-function launchChrome(url) {
-  const browser = findBrowserExecutable();
-  const args = [
-    `--remote-debugging-port=${opts.port}`,
-    '--remote-debugging-address=127.0.0.1',
-    '--remote-allow-origins=*',
-    `--user-data-dir=${opts.profileDir}`,
-    '--no-first-run',
-    '--no-default-browser-check',
-    url,
-  ];
-  console.log(`Launching browser: ${browser}`);
-  const child = spawn(browser, args, { detached: true, stdio: 'ignore' });
-  child.on('error', err => console.error(`Failed to launch browser ${browser}: ${err.message}`));
-  child.unref();
-}
-
-async function ensureBrowser(openUrl) {
-  if (!(await devtoolsReady())) {
-    console.log(`Opening Chromium-compatible browser with reusable profile: ${opts.profileDir}`);
-    launchChrome(openUrl);
-  } else {
-    console.log(`Reusing Chrome DevTools on port ${opts.port}`);
-    if (await hasBitbucketTab(openUrl)) console.log(`Found existing Bitbucket tab for ${new URL(openUrl).host}; not opening another tab.`);
-    else if (await openDevtoolsTab(openUrl)) console.log(`Opened target URL in reused browser: ${openUrl}`);
-    else console.warn('Could not open target URL through DevTools; continuing with existing tabs.');
-  }
-  await waitDevtools();
-}
-
-async function getPageWsUrl() {
-  const list = await endpoint('/json/list');
-  const pages = list.filter(t => t.type === 'page' && t.webSocketDebuggerUrl);
-  const preferred = pages.find(t => (t.url || '').includes('bitbucket.org')) || pages[0];
-  return preferred && preferred.webSocketDebuggerUrl;
-}
-
-function connectCdp(wsUrl) {
-  return new Promise((resolve, reject) => {
-    const ws = new WebSocket(wsUrl);
-    let id = 0;
-    const pending = new Map();
-    const failTimer = setTimeout(() => reject(new Error('CDP websocket timeout')), 10000);
-    ws.addEventListener('open', () => {
-      clearTimeout(failTimer);
-      resolve({
-        send(method, params = {}) {
-          return new Promise((res, rej) => {
-            const msgId = ++id;
-            pending.set(msgId, { res, rej });
-            ws.send(JSON.stringify({ id: msgId, method, params }));
-          });
-        },
-        close() { try { ws.close(); } catch {} },
-      });
-    });
-    ws.addEventListener('message', ev => {
-      let data = ev.data;
-      if (typeof data !== 'string') data = Buffer.from(data).toString('utf8');
-      const msg = JSON.parse(data);
-      if (!msg.id || !pending.has(msg.id)) return;
-      const { res, rej } = pending.get(msg.id);
-      pending.delete(msg.id);
-      if (msg.error) rej(new Error(`${msg.error.message || 'CDP error'} ${JSON.stringify(msg.error)}`));
-      else res(msg.result);
-    });
-    ws.addEventListener('error', err => reject(err));
+let session = null;
+function getSession() {
+  if (session) return session;
+  session = createBrowserSession({
+    port: opts.port,
+    profileDir: opts.profileDir,
+    waitSec: opts.waitSec,
+    serverHost: 'bitbucket.org',
+    cookieUrls: ['https://bitbucket.org/'],
+    userAgent: 'bitbucket-browser-fetch/1.0',
+    verifySession: cookie => verifyBitbucketSession(cookie),
   });
-}
-
-async function getCookieHeader() {
-  const wsUrl = await getPageWsUrl();
-  if (!wsUrl) return '';
-  const cdp = await connectCdp(wsUrl);
-  try {
-    await cdp.send('Network.enable');
-    const result = await cdp.send('Network.getCookies', { urls: ['https://bitbucket.org/'] });
-    return (result.cookies || [])
-      .filter(c => c.domain && (c.domain === 'bitbucket.org' || c.domain.endsWith('.bitbucket.org')))
-      .map(c => `${c.name}=${c.value}`)
-      .join('; ');
-  } finally {
-    cdp.close();
-  }
+  return session;
 }
 
 async function fetchJson(url, cookie) {
-  const res = await fetch(url, {
-    headers: { Cookie: cookie, Accept: 'application/json', 'User-Agent': 'bitbucket-browser-fetch/1.0' },
-    redirect: 'follow',
-  });
-  const text = await res.text();
-  let json = null;
-  try { json = JSON.parse(text); } catch {}
-  return { status: res.status, contentType: res.headers.get('content-type') || '', text, json };
+  return getSession().fetchJson(url, cookie, { accept: 'application/json' });
 }
 
 async function verifyBitbucketSession(cookie) {
@@ -260,29 +100,8 @@ async function verifyBitbucketSession(cookie) {
   return { ok: false, message: `session probe HTTP ${result.status} from ${url}` };
 }
 
-async function getCookieWithWait() {
-  await ensureBrowser(project.browseUrl);
-  console.log(`If prompted in Chrome, complete Bitbucket/Atlassian login for: ${project.browseUrl}`);
-  const deadline = Date.now() + opts.waitSec * 1000;
-  let last = '';
-  let printedWait = false;
-  while (Date.now() < deadline) {
-    try {
-      const cookie = await getCookieHeader();
-      const session = await verifyBitbucketSession(cookie);
-      if (session.ok) {
-        if (process.stdout.isTTY) process.stdout.write('\n');
-        console.log(`Authenticated Bitbucket session verified via ${session.url}`);
-        return cookie;
-      }
-      last = session.message;
-    } catch (e) { last = e.message; }
-    if (process.stdout.isTTY) process.stdout.write(`\r${new Date().toLocaleTimeString()} ${last.padEnd(120).slice(0, 120)}`);
-    else if (!printedWait) { console.log(`Waiting up to ${opts.waitSec}s for Bitbucket session...`); printedWait = true; }
-    await sleep(3000);
-  }
-  if (process.stdout.isTTY) process.stdout.write('\n');
-  throw new Error(`Could not verify authenticated Bitbucket session. Last result: ${last}`);
+function getCookieWithWait() {
+  return getSession().getCookieWithWait(project.browseUrl);
 }
 
 async function fetchRepositories(cookie) {