@apitap/core 1.0.8 → 1.0.10

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apitap/core",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "Intercept web API traffic during browsing. Generate portable skill files so AI agents can call APIs directly instead of scraping.",
   "type": "module",
   "main": "dist/index.js",

package/src/auth/handoff.ts

@@ -144,21 +144,26 @@ async function doHandoff(
     // Navigate to login page
     await page.goto(loginUrl, { waitUntil: 'domcontentloaded', timeout: 30_000 });
 
-    // Poll for login success: check cookies periodically
+    // Baseline: snapshot cookie names present BEFORE login so we can detect new ones
+    const baselineCookies = await context.cookies();
+    const baselineCookieNames = new Set(baselineCookies.map(c => c.name));
+
+    // Poll for login success: check for NEW session-like cookies
     const startTime = Date.now();
     let loginDetected = false;
 
     while (Date.now() - startTime < timeout) {
       await page.waitForTimeout(2000);
 
-      // Check if we've detected session cookies
+      // Only trigger on NEW session-like cookies not present at page load
       const cookies = await context.cookies();
-      const hasSessionCookie = cookies.some(c =>
+      const hasNewSessionCookie = cookies.some(c =>
+        !baselineCookieNames.has(c.name) &&
         SESSION_COOKIE_PATTERNS.some(p => p.test(c.name)) &&
         !TRACKING_COOKIE_PATTERNS.some(p => p.test(c.name))
       );
 
-      if (hasSessionCookie || authDetected) {
+      if (hasNewSessionCookie || authDetected) {
         // Grace period: 4 additional polls at 2s each (~8s total)
         // Allows time for MFA, CAPTCHAs, and post-login redirects
         for (let grace = 0; grace < 4; grace++) {

package/src/capture/session.ts

@@ -75,13 +75,8 @@ export class CaptureSession {
 
     this.setupResponseListener();
 
-    // Auto-timeout to prevent leaked browsers (unref so it doesn't block process exit)
-    const timeoutMs = this.options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-    this.timeoutTimer = setTimeout(() => {
-      this.expired = true;
-      this.cleanup().catch(() => {});
-    }, timeoutMs);
-    if (this.timeoutTimer.unref) this.timeoutTimer.unref();
+    // Auto-timeout to prevent leaked browsers (resets on each interaction)
+    this.resetTimeout();
 
     await this.page.goto(this.targetUrl, { waitUntil: 'domcontentloaded' });
     return this.takeSnapshot();
@@ -92,6 +87,9 @@ export class CaptureSession {
     if (this.closed) return { success: false, error: 'Session closed', snapshot: this.emptySnapshot() };
     if (!this.page) return { success: false, error: 'Session not started', snapshot: this.emptySnapshot() };
 
+    // Reset timeout on each interaction — active sessions aren't leaked browsers
+    this.resetTimeout();
+
     try {
       switch (action.action) {
         case 'snapshot':
@@ -468,6 +466,17 @@ export class CaptureSession {
     };
   }
 
+  /** Reset the auto-timeout timer (called on each interaction to prevent premature close) */
+  private resetTimeout(): void {
+    if (this.timeoutTimer) clearTimeout(this.timeoutTimer);
+    const timeoutMs = this.options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    this.timeoutTimer = setTimeout(() => {
+      this.expired = true;
+      this.cleanup().catch(() => {});
+    }, timeoutMs);
+    if (this.timeoutTimer.unref) this.timeoutTimer.unref();
+  }
+
   private async cleanup(): Promise<void> {
     if (this.closed) return;
     this.closed = true;