@apitap/core 1.0.0

package/dist/auth/refresh.d.ts

@@ -0,0 +1,43 @@
+import type { SkillFile } from '../types.js';
+import type { AuthManager } from './manager.js';
+export interface RefreshOptions {
+    domain: string;
+    refreshUrl?: string;
+    browserMode?: 'headless' | 'visible';
+    timeout?: number;
+    /** @internal Skip SSRF check — for testing only */
+    _skipSsrfCheck?: boolean;
+}
+export interface RefreshResult {
+    success: boolean;
+    tokens: Record<string, string>;
+    captchaDetected?: 'cloudflare' | 'recaptcha' | 'hcaptcha';
+    oauthRefreshed?: boolean;
+    error?: string;
+}
+/**
+ * Extract token values from a request body string.
+ *
+ * @param body - Raw request body (string)
+ * @param tokenNames - JSON paths of tokens to extract (e.g., ["csrf_token", "data.nonce"])
+ * @returns Map of token name to value
+ */
+export declare function extractTokensFromRequest(body: string, tokenNames: string[]): Record<string, string>;
+/**
+ * Detect captcha challenge in page content.
+ */
+export declare function detectCaptcha(html: string): 'cloudflare' | 'recaptcha' | 'hcaptcha' | null;
+/**
+ * Refresh tokens by spawning a browser and intercepting requests.
+ *
+ * This is the main entry point for token refresh. It:
+ * 1. Launches a browser (visible if captchaRisk is true)
+ * 2. Navigates to the refresh URL
+ * 3. Intercepts outgoing requests to capture fresh token values
+ * 4. Returns the captured tokens
+ *
+ * @param skill - Skill file with auth config and endpoint info
+ * @param authManager - Auth manager for storing refreshed tokens
+ * @param options - Refresh options
+ */
+export declare function refreshTokens(skill: SkillFile, authManager: AuthManager, options: RefreshOptions): Promise<RefreshResult>;

package/dist/auth/refresh.js

@@ -0,0 +1,217 @@
+import { refreshOAuth } from './oauth-refresh.js';
+// Mutex to prevent concurrent refreshes for the same domain
+const refreshLocks = new Map();
+/**
+ * Extract token values from a request body string.
+ *
+ * @param body - Raw request body (string)
+ * @param tokenNames - JSON paths of tokens to extract (e.g., ["csrf_token", "data.nonce"])
+ * @returns Map of token name to value
+ */
+export function extractTokensFromRequest(body, tokenNames) {
+    const result = {};
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        return result;
+    }
+    if (typeof parsed !== 'object' || parsed === null) {
+        return result;
+    }
+    for (const path of tokenNames) {
+        const value = getNestedValue(parsed, path);
+        if (typeof value === 'string') {
+            result[path] = value;
+        }
+    }
+    return result;
+}
+function getNestedValue(obj, path) {
+    const parts = path.split('.');
+    let current = obj;
+    for (const part of parts) {
+        if (typeof current !== 'object' || current === null) {
+            return undefined;
+        }
+        current = current[part];
+    }
+    return current;
+}
+/**
+ * Detect captcha challenge in page content.
+ */
+export function detectCaptcha(html) {
+    // Cloudflare challenge
+    if (html.includes('Just a moment...') ||
+        html.includes('cdn-cgi/challenge-platform') ||
+        html.includes('cf-browser-verification')) {
+        return 'cloudflare';
+    }
+    // reCAPTCHA
+    if (html.includes('g-recaptcha') ||
+        html.includes('google.com/recaptcha')) {
+        return 'recaptcha';
+    }
+    // hCaptcha
+    if (html.includes('h-captcha') ||
+        html.includes('hcaptcha.com')) {
+        return 'hcaptcha';
+    }
+    return null;
+}
+/**
+ * Refresh tokens by spawning a browser and intercepting requests.
+ *
+ * This is the main entry point for token refresh. It:
+ * 1. Launches a browser (visible if captchaRisk is true)
+ * 2. Navigates to the refresh URL
+ * 3. Intercepts outgoing requests to capture fresh token values
+ * 4. Returns the captured tokens
+ *
+ * @param skill - Skill file with auth config and endpoint info
+ * @param authManager - Auth manager for storing refreshed tokens
+ * @param options - Refresh options
+ */
+export async function refreshTokens(skill, authManager, options) {
+    const { domain } = options;
+    // Check for existing refresh in progress (mutex)
+    const existingRefresh = refreshLocks.get(domain);
+    if (existingRefresh) {
+        return existingRefresh;
+    }
+    const refreshPromise = doRefresh(skill, authManager, options);
+    refreshLocks.set(domain, refreshPromise);
+    try {
+        return await refreshPromise;
+    }
+    finally {
+        refreshLocks.delete(domain);
+    }
+}
+async function doRefresh(skill, authManager, options) {
+    let oauthRefreshed = false;
+    // Step 1: OAuth path — if oauthConfig + stored credentials available
+    const oauthConfig = skill.auth?.oauthConfig;
+    if (oauthConfig) {
+        const oauthCreds = await authManager.retrieveOAuthCredentials(options.domain);
+        const canOAuth = (oauthConfig.grantType === 'refresh_token' && oauthCreds?.refreshToken) ||
+            (oauthConfig.grantType === 'client_credentials');
+        if (canOAuth) {
+            const oauthResult = await refreshOAuth(options.domain, oauthConfig, authManager, { _skipSsrfCheck: options._skipSsrfCheck });
+            if (oauthResult.success) {
+                oauthRefreshed = true;
+            }
+            else {
+                // OAuth failed — fall through to browser path if available
+            }
+        }
+    }
+    // Step 2: Browser path — if refreshable tokens exist or refreshUrl is present
+    const tokenNames = new Set();
+    for (const endpoint of skill.endpoints) {
+        if (endpoint.requestBody?.refreshableTokens) {
+            for (const name of endpoint.requestBody.refreshableTokens) {
+                tokenNames.add(name);
+            }
+        }
+    }
+    const needsBrowser = tokenNames.size > 0 || (skill.auth?.refreshUrl && !oauthRefreshed);
+    if (!needsBrowser) {
+        // No browser refresh needed — return OAuth result
+        return { success: oauthRefreshed, tokens: {}, oauthRefreshed: oauthRefreshed || undefined };
+    }
+    return doBrowserRefresh(skill, authManager, options, tokenNames, oauthRefreshed);
+}
+async function doBrowserRefresh(skill, authManager, options, tokenNames, oauthRefreshed) {
+    if (tokenNames.size === 0 && !skill.auth?.refreshUrl) {
+        return { success: oauthRefreshed, tokens: {}, oauthRefreshed: oauthRefreshed || undefined };
+    }
+    const { chromium } = await import('playwright');
+    const browserMode = options.browserMode || skill.auth?.browserMode || 'headless';
+    const refreshUrl = options.refreshUrl || skill.auth?.refreshUrl || skill.baseUrl;
+    const timeout = options.timeout || (skill.auth?.captchaRisk ? 300_000 : 30_000);
+    // Try to restore session from cache
+    const cachedSession = await authManager.retrieveSession(options.domain);
+    const sessionValid = cachedSession && isSessionValid(cachedSession);
+    const browser = await chromium.launch({
+        headless: browserMode === 'headless',
+    });
+    try {
+        const context = await browser.newContext();
+        // Restore cookies if session is valid
+        if (sessionValid && cachedSession) {
+            await context.addCookies(cachedSession.cookies);
+        }
+        const page = await context.newPage();
+        const capturedTokens = {};
+        let captchaDetected = null;
+        // Intercept requests to capture token values
+        if (tokenNames.size > 0) {
+            page.on('request', (request) => {
+                const body = request.postData();
+                if (body) {
+                    const extracted = extractTokensFromRequest(body, [...tokenNames]);
+                    Object.assign(capturedTokens, extracted);
+                }
+            });
+        }
+        // Navigate and wait for network idle
+        await page.goto(refreshUrl, { waitUntil: 'networkidle', timeout });
+        // Check for captcha
+        const content = await page.content();
+        captchaDetected = detectCaptcha(content);
+        if (captchaDetected) {
+            // Extended timeout for captcha solving
+            console.error(`\u26a0\ufe0f  Captcha detected (${captchaDetected}). Please solve it in the browser window.`);
+            await page.waitForTimeout(timeout);
+            // Re-check for tokens after captcha
+            // User interaction will trigger requests containing tokens
+        }
+        // Wait a bit for any final requests
+        await page.waitForTimeout(2000);
+        // Save session for next time
+        const cookies = await context.cookies();
+        await authManager.storeSession(options.domain, {
+            cookies,
+            savedAt: new Date().toISOString(),
+            maxAgeMs: 24 * 60 * 60 * 1000, // 24 hours
+        });
+        // Store captured tokens
+        if (Object.keys(capturedTokens).length > 0) {
+            const storedTokens = {};
+            for (const [name, value] of Object.entries(capturedTokens)) {
+                storedTokens[name] = {
+                    value,
+                    refreshedAt: new Date().toISOString(),
+                };
+            }
+            await authManager.storeTokens(options.domain, storedTokens);
+        }
+        const browserSuccess = tokenNames.size === 0 || Object.keys(capturedTokens).length > 0;
+        return {
+            success: oauthRefreshed || browserSuccess,
+            tokens: capturedTokens,
+            captchaDetected: captchaDetected || undefined,
+            oauthRefreshed: oauthRefreshed || undefined,
+        };
+    }
+    catch (error) {
+        return {
+            success: oauthRefreshed, // OAuth may have succeeded even if browser failed
+            tokens: {},
+            error: error instanceof Error ? error.message : String(error),
+            oauthRefreshed: oauthRefreshed || undefined,
+        };
+    }
+    finally {
+        await browser.close();
+    }
+}
+function isSessionValid(session) {
+    const maxAge = session.maxAgeMs || 24 * 60 * 60 * 1000;
+    const savedAt = new Date(session.savedAt).getTime();
+    return Date.now() - savedAt < maxAge;
+}
+//# sourceMappingURL=refresh.js.map

package/dist/auth/refresh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.js","sourceRoot":"","sources":["../../src/auth/refresh.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAA2B,MAAM,oBAAoB,CAAC;AAmB3E,4DAA4D;AAC5D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkC,CAAC;AAE/D;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAAY,EACZ,UAAoB;IAEpB,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAClD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAiC,EAAE,IAAI,CAAC,CAAC;QACtE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,GAA4B,EAAE,IAAY;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,OAAO,GAAY,GAAG,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACpD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY;IAEZ,uBAAuB;IACvB,IACE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QACjC,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EACxC,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,YAAY;IACZ,IACE,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EACrC,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,WAAW;IACX,IACE,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC1B,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAC7B,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAgB,EAChB,WAAwB,EACxB,OAAuB;IAEvB,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,iDAAiD;IACjD,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjD,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC9D,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAEzC,IAAI,CAAC;QACH,OAAO,MAAM,cAAc,CAAC;IAC9B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,KAAgB,EAChB,WAAwB,EACxB,OAAuB;IAEvB,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,qEAAqE;IACrE,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC;IAC5C,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,wBAAwB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9E,MAAM,QAAQ,GACZ,CAAC,WAAW,CAAC,SAAS,KAAK,eAAe,IAAI,UAAU,EAAE,YAAY,CAAC;YACvE,CAAC,WAAW,CAAC,SAAS,KAAK,oBAAoB,CAAC,CAAC;QAEnD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;YAC7H,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;gBACxB,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,2DAA2D;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,QAAQ,CAAC,WAAW,EAAE,iBAAiB,EAAE,CAAC;YAC5C,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;gBAC1D,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,IAAI,CAAC,cAAc,CAAC,CAAC;IAExF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,kDAAkD;QAClD,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,EAAE,EAAE,cAAc,EAAE,cAAc,IAAI,SAAS,EAAE,CAAC;IAC9F,CAAC;IAED,OAAO,gBAAgB,CAAC,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;AACnF,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,KAAgB,EAChB,WAAwB,EACxB,OAAuB,EACvB,UAAuB,EACvB,cAAuB;IAEvB,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC;QACrD,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,EAAE,EAAE,cAAc,EAAE,cAAc,IAAI,SAAS,EAAE,CAAC;IAC9F,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IAEhD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,EAAE,WAAW,IAAI,UAAU,CAAC;IACjF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,IAAI,EAAE,UAAU,IAAI,KAAK,CAAC,OAAO,CAAC;IACjF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAEhF,oCAAoC;IACpC,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,aAAa,IAAI,cAAc,CAAC,aAAa,CAAC,CAAC;IAEpE,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACpC,QAAQ,EAAE,WAAW,KAAK,UAAU;KACrC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;QAE3C,sCAAsC;QACtC,IAAI,YAAY,IAAI,aAAa,EAAE,CAAC;YAClC,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,IAAI,eAAe,GAAmD,IAAI,CAAC;QAE3E,6CAA6C;QAC7C,IAAI,UAAU,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE;gBAC7B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAChC,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,SAAS,GAAG,wBAAwB,CAAC,IAAI,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC;oBAClE,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;gBAC3C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,qCAAqC;QACrC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;QAEnE,oBAAoB;QACpB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrC,eAAe,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAEzC,IAAI,eAAe,EAAE,CAAC;YACpB,uCAAuC;YACvC,OAAO,CAAC,KAAK,CAAC,mCAAmC,eAAe,2CAA2C,CAAC,CAAC;YAC7G,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YAEnC,oCAAoC;YACpC,2DAA2D;QAC7D,CAAC;QAED,oCAAoC;QACpC,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEhC,6BAA6B;QAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QACxC,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE;YAC7C,OAAO;YACP,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;SAC3C,CAAC,CAAC;QAEH,wBAAwB;QACxB,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAgC,EAAE,CAAC;YACrD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC3D,YAAY,CAAC,IAAI,CAAC,GAAG;oBACnB,KAAK;oBACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACtC,CAAC;YACJ,CAAC;YACD,MAAM,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE,cAAc,IAAI,cAAc;YACzC,MAAM,EAAE,cAAc;YACtB,eAAe,EAAE,eAAe,IAAI,SAAS;YAC7C,cAAc,EAAE,cAAc,IAAI,SAAS;SAC5C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,cAAc,EAAE,kDAAkD;YAC3E,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAC7D,cAAc,EAAE,cAAc,IAAI,SAAS;SAC5C,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,OAAsB;IAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACvD,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IACpD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,MAAM,CAAC;AACvC,CAAC"}

package/dist/capture/anti-bot.d.ts

@@ -0,0 +1,15 @@
+export type AntiBotSignal = 'cloudflare' | 'akamai' | 'rate-limited' | 'captcha' | 'challenge';
+export interface AntiBotResult {
+    detected: boolean;
+    signals: AntiBotSignal[];
+}
+/**
+ * Detect anti-bot protection signals from response headers and body.
+ */
+export declare function detectAntiBot(options: {
+    headers: Record<string, string>;
+    cookies?: string;
+    body?: string;
+    status?: number;
+    contentType?: string;
+}): AntiBotResult;

package/dist/capture/anti-bot.js

@@ -0,0 +1,43 @@
+// src/capture/anti-bot.ts
+/**
+ * Detect anti-bot protection signals from response headers and body.
+ */
+export function detectAntiBot(options) {
+    const signals = [];
+    const { headers, cookies, body, status, contentType } = options;
+    const headerLower = lowerKeys(headers);
+    // Cloudflare: cf-ray header or __cf_bm cookie
+    if (headerLower['cf-ray'] || headerLower['cf-cache-status'] || cookies?.includes('__cf_bm')) {
+        signals.push('cloudflare');
+    }
+    // Akamai: _abck cookie
+    if (cookies?.includes('_abck')) {
+        signals.push('akamai');
+    }
+    // Rate limiting: X-RateLimit-* or Retry-After
+    if (headerLower['retry-after'] ||
+        Object.keys(headerLower).some(k => k.startsWith('x-ratelimit'))) {
+        signals.push('rate-limited');
+    }
+    // CAPTCHA in response body
+    if (body && /\b(captcha|hcaptcha|recaptcha|cf-turnstile)\b/i.test(body)) {
+        signals.push('captcha');
+    }
+    // Challenge page: HTML response when JSON expected + 403
+    if (status === 403 && contentType?.includes('text/html') &&
+        !contentType.includes('json')) {
+        signals.push('challenge');
+    }
+    return {
+        detected: signals.length > 0,
+        signals: [...new Set(signals)],
+    };
+}
+function lowerKeys(obj) {
+    const result = {};
+    for (const [k, v] of Object.entries(obj)) {
+        result[k.toLowerCase()] = v;
+    }
+    return result;
+}
+//# sourceMappingURL=anti-bot.js.map

package/dist/capture/anti-bot.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anti-bot.js","sourceRoot":"","sources":["../../src/capture/anti-bot.ts"],"names":[],"mappings":"AAAA,0BAA0B;AAS1B;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,OAM7B;IACC,MAAM,OAAO,GAAoB,EAAE,CAAC;IACpC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAChE,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAEvC,8CAA8C;IAC9C,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,WAAW,CAAC,iBAAiB,CAAC,IAAI,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5F,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC7B,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;IAED,8CAA8C;IAC9C,IAAI,WAAW,CAAC,aAAa,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC/B,CAAC;IAED,2BAA2B;IAC3B,IAAI,IAAI,IAAI,gDAAgD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;IAED,yDAAyD;IACzD,IAAI,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,QAAQ,CAAC,WAAW,CAAC;QACpD,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,GAA2B;IAC5C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/capture/blocklist.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check if a hostname is on the blocklist.
+ * Matches exact hostnames and subdomains of blocklisted domains.
+ * e.g. "sentry.io" blocks "o123.ingest.sentry.io"
+ */
+export declare function isBlocklisted(hostname: string): boolean;

package/dist/capture/blocklist.js

@@ -0,0 +1,70 @@
+// src/capture/blocklist.ts
+const BLOCKLIST = new Set([
+    // Analytics
+    'google-analytics.com',
+    'analytics.google.com',
+    'googletagmanager.com',
+    'segment.io',
+    'cdn.segment.com',
+    'mixpanel.com',
+    'amplitude.com',
+    'hotjar.com',
+    'heapanalytics.com',
+    'plausible.io',
+    'posthog.com',
+    'clarity.ms',
+    'fullstory.com',
+    // Ads
+    'doubleclick.net',
+    'googlesyndication.com',
+    'googleadservices.com',
+    'facebook.net',
+    'connect.facebook.net',
+    'adsrvr.org',
+    'adnxs.com',
+    'criteo.com',
+    'outbrain.com',
+    'taboola.com',
+    // Error tracking / monitoring
+    'sentry.io',
+    'datadoghq.com',
+    'browser-intake-datadoghq.com',
+    'newrelic.com',
+    'bam.nr-data.net',
+    'logrocket.com',
+    'logr-ingest.com',
+    'bugsnag.com',
+    'rollbar.com',
+    // Social tracking
+    'bat.bing.com',
+    'ct.pinterest.com',
+    'snap.licdn.com',
+    'px.ads.linkedin.com',
+    'analytics.twitter.com',
+    'analytics.tiktok.com',
+    // Customer engagement
+    'intercom.io',
+    'widget.intercom.io',
+    'api-iam.intercom.io',
+    'zendesk.com',
+    'drift.com',
+    'crisp.chat',
+]);
+/**
+ * Check if a hostname is on the blocklist.
+ * Matches exact hostnames and subdomains of blocklisted domains.
+ * e.g. "sentry.io" blocks "o123.ingest.sentry.io"
+ */
+export function isBlocklisted(hostname) {
+    if (BLOCKLIST.has(hostname))
+        return true;
+    // Check parent domains: "a.b.sentry.io" → "b.sentry.io" → "sentry.io"
+    const parts = hostname.split('.');
+    for (let i = 1; i < parts.length - 1; i++) {
+        const parent = parts.slice(i).join('.');
+        if (BLOCKLIST.has(parent))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=blocklist.js.map

package/dist/capture/blocklist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blocklist.js","sourceRoot":"","sources":["../../src/capture/blocklist.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAE3B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,YAAY;IACZ,sBAAsB;IACtB,sBAAsB;IACtB,sBAAsB;IACtB,YAAY;IACZ,iBAAiB;IACjB,cAAc;IACd,eAAe;IACf,YAAY;IACZ,mBAAmB;IACnB,cAAc;IACd,aAAa;IACb,YAAY;IACZ,eAAe;IAEf,MAAM;IACN,iBAAiB;IACjB,uBAAuB;IACvB,sBAAsB;IACtB,cAAc;IACd,sBAAsB;IACtB,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,cAAc;IACd,aAAa;IAEb,8BAA8B;IAC9B,WAAW;IACX,eAAe;IACf,8BAA8B;IAC9B,cAAc;IACd,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,aAAa;IACb,aAAa;IAEb,kBAAkB;IAClB,cAAc;IACd,kBAAkB;IAClB,gBAAgB;IAChB,qBAAqB;IACrB,uBAAuB;IACvB,sBAAsB;IAEtB,sBAAsB;IACtB,aAAa;IACb,oBAAoB;IACpB,qBAAqB;IACrB,aAAa;IACb,WAAW;IACX,YAAY;CACb,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,IAAI,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAEzC,sEAAsE;IACtE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;IACzC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/capture/body-diff.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Cross-request body diffing (Strategy 1).
+ *
+ * Compare request bodies across multiple captures of the same endpoint.
+ * Any field whose value changed between requests is dynamic by definition.
+ * Returns JSON paths of changed fields.
+ */
+export declare function diffBodies(bodies: string[]): string[];

package/dist/capture/body-diff.js

@@ -0,0 +1,102 @@
+// src/capture/body-diff.ts
+/**
+ * Cross-request body diffing (Strategy 1).
+ *
+ * Compare request bodies across multiple captures of the same endpoint.
+ * Any field whose value changed between requests is dynamic by definition.
+ * Returns JSON paths of changed fields.
+ */
+export function diffBodies(bodies) {
+    if (bodies.length < 2)
+        return [];
+    // Try JSON first
+    const parsed = [];
+    for (const body of bodies) {
+        try {
+            parsed.push(JSON.parse(body));
+        }
+        catch {
+            // Fall back to form-encoded diffing
+            return diffFormEncoded(bodies);
+        }
+    }
+    // All parsed as JSON — diff objects
+    const changed = new Set();
+    for (let i = 1; i < parsed.length; i++) {
+        diffObjects(parsed[0], parsed[i], '', changed);
+    }
+    return [...changed].sort();
+}
+function diffObjects(a, b, prefix, changed) {
+    // Different types → the whole path is dynamic
+    if (typeof a !== typeof b || Array.isArray(a) !== Array.isArray(b)) {
+        if (prefix)
+            changed.add(prefix);
+        return;
+    }
+    // Both arrays
+    if (Array.isArray(a) && Array.isArray(b)) {
+        if (a.length !== b.length) {
+            // Different lengths → mark whole array as dynamic
+            if (prefix)
+                changed.add(prefix);
+            return;
+        }
+        for (let i = 0; i < a.length; i++) {
+            diffObjects(a[i], b[i], prefix ? `${prefix}[${i}]` : `[${i}]`, changed);
+        }
+        return;
+    }
+    // Both objects
+    if (a && b && typeof a === 'object' && typeof b === 'object' && !Array.isArray(a)) {
+        const aObj = a;
+        const bObj = b;
+        const allKeys = new Set([...Object.keys(aObj), ...Object.keys(bObj)]);
+        for (const key of allKeys) {
+            const path = prefix ? `${prefix}.${key}` : key;
+            if (!(key in aObj) || !(key in bObj)) {
+                // Key only exists in one → dynamic
+                changed.add(path);
+            }
+            else {
+                diffObjects(aObj[key], bObj[key], path, changed);
+            }
+        }
+        return;
+    }
+    // Primitive comparison
+    if (a !== b && prefix) {
+        changed.add(prefix);
+    }
+}
+function diffFormEncoded(bodies) {
+    const parsed = bodies.map(parseFormEncoded);
+    if (parsed.some(m => m.size === 0))
+        return [];
+    const changed = new Set();
+    const firstMap = parsed[0];
+    for (let i = 1; i < parsed.length; i++) {
+        const otherMap = parsed[i];
+        const allKeys = new Set([...firstMap.keys(), ...otherMap.keys()]);
+        for (const key of allKeys) {
+            if (firstMap.get(key) !== otherMap.get(key)) {
+                changed.add(key);
+            }
+        }
+    }
+    return [...changed].sort();
+}
+function parseFormEncoded(body) {
+    const map = new Map();
+    const pairs = body.split('&');
+    for (const pair of pairs) {
+        const idx = pair.indexOf('=');
+        if (idx === -1)
+            continue;
+        const key = decodeURIComponent(pair.slice(0, idx).replace(/\+/g, ' '));
+        const val = decodeURIComponent(pair.slice(idx + 1).replace(/\+/g, ' '));
+        map.set(key, val);
+    }
+    return map;
+}
+//# sourceMappingURL=body-diff.js.map

package/dist/capture/body-diff.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"body-diff.js","sourceRoot":"","sources":["../../src/capture/body-diff.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAE3B;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,MAAgB;IACzC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAEjC,iBAAiB;IACjB,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;YACpC,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAAC,CAAU,EAAE,CAAU,EAAE,MAAc,EAAE,OAAoB;IAC/E,8CAA8C;IAC9C,IAAI,OAAO,CAAC,KAAK,OAAO,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO;IACT,CAAC;IAED,cAAc;IACd,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC1B,kDAAkD;YAClD,IAAI,MAAM;gBAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAChC,OAAO;QACT,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO;IACT,CAAC;IAED,eAAe;IACf,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,IAAI,GAAG,CAA4B,CAAC;QAC1C,MAAM,IAAI,GAAG,CAA4B,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEtE,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YAE/C,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC;gBACrC,mCAAmC;gBACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QACD,OAAO;IACT,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,MAAgB;IACvC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC5C,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAElE,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,SAAS;QACzB,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QACxE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/capture/body-variables.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Detect which fields in a JSON body are likely dynamic variables.
+ * Uses three strategies:
+ *   Strategy 1 (cross-request diffing) is in body-diff.ts
+ *   Strategy 2: Name-based key heuristics
+ *   Strategy 3: Pattern-based value detection
+ *   Plus existing: numeric values, UUIDs, base64 cursors, numeric strings
+ */
+export declare function detectBodyVariables(body: unknown, prefix?: string): string[];
+/**
+ * Substitute variables in a body template.
+ */
+export declare function substituteBodyVariables(template: string | Record<string, unknown>, values: Record<string, string>): string | Record<string, unknown>;