@apitap/core 1.5.3 → 1.5.4

package/README.md

@@ -1,7 +1,7 @@
 # ApiTap
 
 [![npm version](https://img.shields.io/npm/v/@apitap/core)](https://www.npmjs.com/package/@apitap/core)
-[![tests](https://img.shields.io/badge/tests-1172%20passing-brightgreen)](https://github.com/n1byn1kt/apitap)
+[![tests](https://img.shields.io/badge/tests-1195%20passing-brightgreen)](https://github.com/n1byn1kt/apitap)
 [![license](https://img.shields.io/badge/license-BSL--1.1-blue)](./LICENSE)
 
 **The MCP server that turns any website into an API — no docs, no SDK, no browser.**
@@ -34,13 +34,14 @@ No scraping. No browser. Just the API.
 
 ## How It Works
 
-1. **Capture** — Launch a Playwright browser, visit a site, browse normally. ApiTap intercepts all network traffic via CDP.
+1. **Capture** — Launch a Playwright browser, visit a site, browse normally. ApiTap intercepts all network traffic via CDP. Or use `apitap attach` to capture from your already-running Chrome.
 2. **Filter** — Scoring engine separates signal from noise. Analytics, tracking pixels, and framework internals are filtered out. Only real API endpoints survive.
-3. **Generate** — Captured endpoints are grouped by domain, URLs are parameterized (`/users/123` → `/users/:id`), and a JSON skill file is written to `~/.apitap/skills/`.
+3. **Generate** — Captured endpoints are grouped by domain, URLs are parameterized (`/users/123` → `/users/:id` with context-aware semantic names), and a JSON skill file is written to `~/.apitap/skills/`.
 4. **Replay** — Read the skill file, substitute parameters, call the API with `fetch()`. Zero dependencies in the replay path.
 
 ```
-Capture:  Browser → Playwright listener → Filter → Skill Generator → skill.json
+Capture:  Browser → Playwright/CDP listener → Filter → Skill Generator → skill.json
+Attach:   Running Chrome → CDP attach → Filter → Skill Generator → skill.json
 Replay:   Agent → Replay Engine (skill.json) → fetch() → API → JSON response
 ```
 
@@ -84,6 +85,22 @@ apitap capture https://polymarket.com --duration 30
 
 ApiTap opens a browser window. Browse the site normally — click around, scroll, search. Every API call is captured. Press Ctrl+C when done.
 
+### Attach to a running Chrome
+
+```bash
+# Enable remote debugging in Chrome: Settings → Remote debugging → toggle on
+
+# Attach to your signed-in Chrome — captures all tabs
+apitap attach --port 9222
+
+# Filter to specific domains
+apitap attach --port 9222 --domain *.github.com
+
+# Ctrl+C to stop — generates signed skill files for each captured domain
+```
+
+No separate browser, no re-login. Captures from your real Chrome sessions with all your cookies and auth tokens.
+
 ### List and explore captured APIs
 
 ```bash
@@ -327,7 +344,7 @@ For one-off captures without the passive index:
 2. Browse the site — extension records API traffic
 3. Click **Stop** → skill file auto-saves to `~/.apitap/skills/`
 
-The popup shows CLI connection status and live capture stats. Auth tokens are automatically stored to `~/.apitap/auth.enc` with `[stored]` placeholders in the exported skill files.
+The popup shows CLI connection status and live capture stats. Auth tokens are encrypted with AES-256-GCM in session storage and automatically persisted to `~/.apitap/auth.enc` via the native host, with `[stored]` placeholders in the exported skill files.
 
 > **Note:** Chrome Web Store submission coming soon. For now, load as an unpacked extension in Developer mode.
 
@@ -360,7 +377,7 @@ Skill files are JSON documents stored at `~/.apitap/skills/<domain>.json`. They
 
 ```json
 {
-  "version": "1.1",
+  "version": 2,
   "domain": "gamma-api.polymarket.com",
   "baseUrl": "https://gamma-api.polymarket.com",
   "endpoints": [
@@ -425,7 +442,7 @@ Endpoint replayed
   → Redirect check: if server redirects, validate new target before following
 ```
 
-**Blocked ranges:** `127.0.0.0/8`, `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `169.254.0.0/16` (cloud metadata), `0.0.0.0`, IPv6 equivalents (`::1`, `fe80::/10`, `fc00::/7`, `::ffff:` mapped addresses), `localhost`, `.local`, `.internal`, `file://`, `javascript:` schemes.
+**Blocked ranges:** `127.0.0.0/8`, `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `169.254.0.0/16` (cloud metadata), `100.64.0.0/10` (CGNAT/Tailscale), `198.18.0.0/15` (benchmarking), `240.0.0.0/4` (reserved), `0.0.0.0`, IPv6 equivalents (`::1`, `fe80::/10`, `fc00::/7`, `::ffff:` mapped addresses), `localhost`, `.local`, `.internal`, `file://`, `javascript:` schemes. Alternative IP representations (decimal integer, octal, hex) are normalized before checking.
 
 This is especially relevant now that [MCP servers are being used as attack vectors in the wild](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use) — Google's Threat Intelligence Group recently documented underground toolkits built on compromised MCP servers. ApiTap is designed to be safe even when processing untrusted inputs.
 
@@ -442,6 +459,7 @@ All commands support `--json` for machine-readable output.
 | `apitap read <url>` | Extract content without a browser |
 | `apitap discover <url>` | Detect APIs without launching a browser |
 | `apitap capture <url>` | Capture API traffic from a website |
+| `apitap attach --port <port>` | Attach to running Chrome and capture API traffic |
 | `apitap list` | List available skill files |
 | `apitap show <domain>` | Show endpoints for a domain |
 | `apitap search <query>` | Search skill files by domain or endpoint |
@@ -452,6 +470,7 @@ All commands support `--json` for machine-readable output.
 | `apitap serve <domain>` | Serve a skill file as an MCP server |
 | `apitap inspect <url>` | Discover APIs without saving |
 | `apitap stats` | Show token savings report |
+| `apitap index [domain]` | View passive index from Chrome extension |
 | `apitap audit` | Audit stored skill files and credentials |
 | `apitap forget <domain>` | Remove skill file and credentials for a domain |
 | `apitap --version` | Print version |
@@ -468,6 +487,7 @@ All commands support `--json` for machine-readable output.
 | `--attach` | Only attach to existing browser |
 | `--no-scrub` | Disable PII scrubbing |
 | `--no-verify` | Skip auto-verification of GET endpoints |
+| `--domain <glob>` | Filter traffic by domain glob (attach mode, e.g. `*.github.com`) |
 
 ## Development
 
@@ -475,7 +495,7 @@ All commands support `--json` for machine-readable output.
 git clone https://github.com/n1byn1kt/apitap.git
 cd apitap
 npm install
-npm test          # 1051 tests, Node built-in test runner
+npm test          # ~1195 tests, Node built-in test runner
 npm run typecheck # Type checking
 npm run build     # Compile to dist/
 npx tsx src/cli.ts capture <url>  # Run from source

package/dist/auth/handoff.js

@@ -236,7 +236,7 @@ async function doHandoff(authManager, options) {
             const cookieDomain = (c.domain || '').replace(/^\./, ''); // Remove leading dot
             return cookieDomain === domain ||
                 cookieDomain.endsWith('.' + domain) ||
-                domain.endsWith('.' + cookieDomain);
+                (domain.endsWith('.' + cookieDomain) && cookieDomain.includes('.'));
         });
         if (cookies.length === 0 && !authDetected) {
             return {

package/dist/auth/handoff.js.map

@@ -1 +1 @@
-{"version":3,"file":"handoff.js","sourceRoot":"","sources":["../../src/auth/handoff.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAuBtD,6CAA6C;AAC7C,MAAM,kBAAkB,GAAG;IACzB,YAAY;IACZ,iBAAiB;IACjB,kBAAkB;IAClB,qBAAqB;IACrB,+BAA+B;CAChC,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,GAAW,EACX,MAAc,EACd,IAAY;IAEZ,IAAI,MAAM,GAAG,GAAG,IAAI,MAAM,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5D,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEzD,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QACzF,SAAS,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChF,SAAS,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChF,KAAK,EAAE,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnE,CAAC;AACJ,CAAC;AAED,oCAAoC;AACpC,MAAM,uBAAuB,GAAG;IAC9B,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ;IAC5C,OAAO,EAAE,YAAY,EAAE,iBAAiB;CACzC,CAAC;AAEF,sEAAsE;AACtE,MAAM,wBAAwB,GAAG;IAC/B,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;CAChD,CAAC;AAEF,mEAAmE;AACnE,MAAM,yBAAyB,GAAG;IAChC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW;CAC5E,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAA4B,EAC5B,MAAc;IAEd,IAAI,MAAM,GAAG,GAAG,IAAI,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IAEhD,wBAAwB;IACxB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAChD,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QACxF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iCAAiC;IACjC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC5C,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAE7B,2CAA2C;IAC3C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAElD,2BAA2B;IAC3B,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzE,6BAA6B;IAC7B,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,oBAAyC,EACzC,cAAsD;IAEtD,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,MAAM,CAAC,KAAK,CAAC;QACzE,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACxD,IAAI,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACpD,IAAI,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2DAA2D;AAC3D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkC,CAAC;AAE/D;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAwB,EACxB,OAAuB;IAEvB,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,qDAAqD;IACrD,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAChD,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAElC,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC;IACvB,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,WAAwB,EACxB,OAAuB;IAEvB,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,WAAW,MAAM,EAAE,CAAC;IACzD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,YAAY;IAExD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtE,IAAI,CAAC;QAEH,6DAA6D;QAC7D,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAC5E,IAAI,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;YACnC,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QACrC,IAAI,YAAyD,CAAC;QAC9D,IAAI,YAAoC,CAAC;QACzC,IAAI,aAA8C,CAAC;QACnD,IAAI,aAAa,GAAmK,EAAE,CAAC;QAEvL,wEAAwE;QACxE,MAAM,YAAY,GAAG,MAAM,CAAC;QAE5B,mFAAmF;QACnF,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;YACrC,uEAAuE;YACvE,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO;YAAC,CAAC;YACnB,IAAI,OAAO,KAAK,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,CAAC;gBACtE,OAAO,CAAC,6BAA6B;YACvC,CAAC;YAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;YAEhD,mCAAmC;YACnC,MAAM,UAAU,GAAG,UAAU,CAAC,eAAe,CAAC,CAAC;YAC/C,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACrC,YAAY,GAAG,QAAQ,CAAC;oBACxB,YAAY,GAAG;wBACb,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE,eAAe;wBACvB,KAAK,EAAE,UAAU;qBAClB,CAAC;gBACJ,CAAC;qBAAM,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7G,YAAY,GAAG,SAAS,CAAC;oBACzB,YAAY,GAAG;wBACb,IAAI,EAAE,SAAS;wBACf,MAAM,EAAE,eAAe;wBACvB,KAAK,EAAE,UAAU;qBAClB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAC3B,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;oBAC/E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAG,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;oBAC1D,IAAI,KAAK,EAAE,CAAC;wBACV,aAAa,GAAG,KAAK,CAAC;oBACxB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,wCAAwC,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,yBAAyB;QACzB,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAE9E,+CAA+C;QAC/C,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE;YACvB,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC7C,MAAM,CAAC,WAAW,GAAG,gFAAgF,CAAC;YACtG,MAAM,CAAC,KAAK,CAAC,OAAO;gBAClB,yDAAyD;oBACzD,uFAAuF;oBACvF,yDAAyD,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,iDAAiD;QAErE,2EAA2E;QAC3E,uDAAuD;QACvD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;YAC5C,IAAI,CAAC;gBACH,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;YAChD,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,CAAC;QAET,8DAA8D;QAC9D,yEAAyE;QACzE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC3C,OAAO,CAAC,EAAE,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC9B,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,aAAa,CAAC,cAAc,CAAC,CAAC;QAE9B,sEAAsE;QACtE,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;QAED,sEAAsE;QACtE,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACvC,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB;YAC/E,OAAO,YAAY,KAAK,MAAM;gBAC5B,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC;gBACnC,MAAM,CAAC,QAAQ,CAAC,GAAG,GAAG,YAAY,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,WAAW,EAAE,CAAC;gBACd,KAAK,EAAE,uEAAuE;aAC/E,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,MAAM,OAAO,GAAkB;YAC7B,OAAO;YACP,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;SAC3C,CAAC;QACF,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEhD,uDAAuD;QACvD,IAAI,aAAa,EAAE,CAAC;YAClB,YAAY,GAAG;gBACb,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,UAAU,aAAa,CAAC,WAAW,EAAE;gBAC5C,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC5B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;iBAC/E,CAAC,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;YACF,YAAY,GAAG,QAAQ,CAAC;YAExB,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;gBAC/B,MAAM,WAAW,CAAC,qBAAqB,CAAC,MAAM,EAAE;oBAC9C,YAAY,EAAE,aAAa,CAAC,YAAY;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,uBAAuB;YACvB,MAAM,cAAc,GAAG,OAAO;iBAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;iBAC9D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAEpE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,YAAY,GAAG,QAAQ,CAAC;gBACxB,MAAM,YAAY,GAAG,cAAc;qBAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;qBAChC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACd,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;oBAC9B,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,YAAY;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,OAAO,CAAC,MAAM;YAC3B,YAAY;SACb,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,WAAW,EAAE,CAAC;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"handoff.js","sourceRoot":"","sources":["../../src/auth/handoff.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAuBtD,6CAA6C;AAC7C,MAAM,kBAAkB,GAAG;IACzB,YAAY;IACZ,iBAAiB;IACjB,kBAAkB;IAClB,qBAAqB;IACrB,+BAA+B;CAChC,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,GAAW,EACX,MAAc,EACd,IAAY;IAEZ,IAAI,MAAM,GAAG,GAAG,IAAI,MAAM,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5D,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEzD,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;QACzF,SAAS,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChF,SAAS,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChF,KAAK,EAAE,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnE,CAAC;AACJ,CAAC;AAED,oCAAoC;AACpC,MAAM,uBAAuB,GAAG;IAC9B,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ;IAC5C,OAAO,EAAE,YAAY,EAAE,iBAAiB;CACzC,CAAC;AAEF,sEAAsE;AACtE,MAAM,wBAAwB,GAAG;IAC/B,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;CAChD,CAAC;AAEF,mEAAmE;AACnE,MAAM,yBAAyB,GAAG;IAChC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW;CAC5E,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAA4B,EAC5B,MAAc;IAEd,IAAI,MAAM,GAAG,GAAG,IAAI,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IAEhD,wBAAwB;IACxB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAChD,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QACxF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iCAAiC;IACjC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC5C,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAE7B,2CAA2C;IAC3C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAElD,2BAA2B;IAC3B,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzE,6BAA6B;IAC7B,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,oBAAyC,EACzC,cAAsD;IAEtD,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,MAAM,CAAC,KAAK,CAAC;QACzE,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACxD,IAAI,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACpD,IAAI,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2DAA2D;AAC3D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkC,CAAC;AAE/D;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAwB,EACxB,OAAuB;IAEvB,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,qDAAqD;IACrD,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAChD,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAElC,IAAI,CAAC;QACH,OAAO,MAAM,OAAO,CAAC;IACvB,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,WAAwB,EACxB,OAAuB;IAEvB,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,WAAW,MAAM,EAAE,CAAC;IACzD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,YAAY;IAExD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtE,IAAI,CAAC;QAEH,6DAA6D;QAC7D,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAC5E,IAAI,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;YACnC,MAAM,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QACrC,IAAI,YAAyD,CAAC;QAC9D,IAAI,YAAoC,CAAC;QACzC,IAAI,aAA8C,CAAC;QACnD,IAAI,aAAa,GAAmK,EAAE,CAAC;QAEvL,wEAAwE;QACxE,MAAM,YAAY,GAAG,MAAM,CAAC;QAE5B,mFAAmF;QACnF,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;YACrC,uEAAuE;YACvE,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO;YAAC,CAAC;YACnB,IAAI,OAAO,KAAK,YAAY,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,CAAC;gBACtE,OAAO,CAAC,6BAA6B;YACvC,CAAC;YAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;YAEhD,mCAAmC;YACnC,MAAM,UAAU,GAAG,UAAU,CAAC,eAAe,CAAC,CAAC;YAC/C,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACrC,YAAY,GAAG,QAAQ,CAAC;oBACxB,YAAY,GAAG;wBACb,IAAI,EAAE,QAAQ;wBACd,MAAM,EAAE,eAAe;wBACvB,KAAK,EAAE,UAAU;qBAClB,CAAC;gBACJ,CAAC;qBAAM,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7G,YAAY,GAAG,SAAS,CAAC;oBACzB,YAAY,GAAG;wBACb,IAAI,EAAE,SAAS;wBACf,MAAM,EAAE,eAAe;wBACvB,KAAK,EAAE,UAAU;qBAClB,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;gBAC3B,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;oBAC/E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAG,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;oBAC1D,IAAI,KAAK,EAAE,CAAC;wBACV,aAAa,GAAG,KAAK,CAAC;oBACxB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,wCAAwC,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,yBAAyB;QACzB,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAE9E,+CAA+C;QAC/C,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE;YACvB,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC7C,MAAM,CAAC,WAAW,GAAG,gFAAgF,CAAC;YACtG,MAAM,CAAC,KAAK,CAAC,OAAO;gBAClB,yDAAyD;oBACzD,uFAAuF;oBACvF,yDAAyD,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,iDAAiD;QAErE,2EAA2E;QAC3E,uDAAuD;QACvD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;YAC5C,IAAI,CAAC;gBACH,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;YAChD,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,CAAC;QAET,8DAA8D;QAC9D,yEAAyE;QACzE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAClC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC3C,OAAO,CAAC,EAAE,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC9B,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,aAAa,CAAC,cAAc,CAAC,CAAC;QAE9B,sEAAsE;QACtE,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;QAED,sEAAsE;QACtE,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACvC,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB;YAC/E,OAAO,YAAY,KAAK,MAAM;gBAC5B,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC;gBACnC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,GAAG,YAAY,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,WAAW,EAAE,CAAC;gBACd,KAAK,EAAE,uEAAuE;aAC/E,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,MAAM,OAAO,GAAkB;YAC7B,OAAO;YACP,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,QAAQ,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;SAC3C,CAAC;QACF,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAEhD,uDAAuD;QACvD,IAAI,aAAa,EAAE,CAAC;YAClB,YAAY,GAAG;gBACb,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,UAAU,aAAa,CAAC,WAAW,EAAE;gBAC5C,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC5B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;iBAC/E,CAAC,CAAC,CAAC,EAAE,CAAC;aACR,CAAC;YACF,YAAY,GAAG,QAAQ,CAAC;YAExB,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;gBAC/B,MAAM,WAAW,CAAC,qBAAqB,CAAC,MAAM,EAAE;oBAC9C,YAAY,EAAE,aAAa,CAAC,YAAY;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,uBAAuB;YACvB,MAAM,cAAc,GAAG,OAAO;iBAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;iBAC9D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAEpE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,YAAY,GAAG,QAAQ,CAAC;gBACxB,MAAM,YAAY,GAAG,cAAc;qBAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;qBAChC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACd,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE;oBAC9B,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAE,YAAY;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,OAAO,CAAC,MAAM;YAC3B,YAAY;SACb,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,WAAW,EAAE,CAAC;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/capture/cdp-attach.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Test if a hostname matches any pattern in a domain glob list.
+ * Empty list means "match all" (no filter).
+ *
+ * Glob rules:
+ * - "api.github.com" — exact match
+ * - "*.github.com" — matches any subdomain AND the bare domain
+ *   (the *. prefix means "zero or more subdomains")
+ */
+export declare function matchesDomainGlob(hostname: string, patterns: string[]): boolean;
+/**
+ * Parse a comma-separated domain pattern string into a list.
+ */
+export declare function parseDomainPatterns(input: string | undefined): string[];
+/**
+ * Discover Chrome's browser-level WebSocket URL via the /json/version endpoint.
+ */
+export declare function discoverBrowserWsUrl(port: number): Promise<{
+    wsUrl: string;
+    browser: string;
+    tabCount: number;
+}>;
+/**
+ * Minimal CDP session over a single WebSocket.
+ * Supports browser-level commands and session-multiplexed target commands
+ * (via the sessionId parameter on send/events, using flatten: true).
+ */
+export declare class CDPSession {
+    private wsUrl;
+    private ws;
+    private nextId;
+    private callbacks;
+    private listeners;
+    constructor(wsUrl: string);
+    connect(): Promise<void>;
+    send(method: string, params?: Record<string, unknown>, sessionId?: string): Promise<Record<string, unknown>>;
+    on(event: string, handler: (params: Record<string, unknown>) => void): void;
+    close(): void;
+}
+export interface AttachOptions {
+    port: number;
+    domainPatterns: string[];
+    json: boolean;
+    onProgress?: (line: string) => void;
+}
+export interface AttachResult {
+    domains: Array<{
+        domain: string;
+        endpoints: number;
+        skillFile: string;
+    }>;
+    totalRequests: number;
+    filteredRequests: number;
+    duration: number;
+}
+/**
+ * Attach to a running Chrome instance via CDP, passively capture API traffic
+ * across all tabs, and generate signed skill files on SIGINT.
+ */
+export declare function attach(options: AttachOptions): Promise<AttachResult>;

package/dist/capture/cdp-attach.js

@@ -0,0 +1,422 @@
+// src/capture/cdp-attach.ts
+import http from 'node:http';
+import { homedir } from 'node:os';
+import { shouldCapture } from './filter.js';
+import { SkillGenerator, deduplicateAuth } from '../skill/generator.js';
+import { signSkillFile } from '../skill/signing.js';
+import { writeSkillFile } from '../skill/store.js';
+import { AuthManager, getMachineId } from '../auth/manager.js';
+import { deriveSigningKey } from '../auth/crypto.js';
+import { join } from 'node:path';
+// ---- Domain glob matching ----
+/**
+ * Test if a hostname matches any pattern in a domain glob list.
+ * Empty list means "match all" (no filter).
+ *
+ * Glob rules:
+ * - "api.github.com" — exact match
+ * - "*.github.com" — matches any subdomain AND the bare domain
+ *   (the *. prefix means "zero or more subdomains")
+ */
+export function matchesDomainGlob(hostname, patterns) {
+    if (patterns.length === 0)
+        return true;
+    for (const pattern of patterns) {
+        if (pattern.startsWith('*.')) {
+            const base = pattern.slice(2); // "github.com"
+            // Match bare domain or any subdomain
+            if (hostname === base || hostname.endsWith('.' + base)) {
+                return true;
+            }
+        }
+        else {
+            if (hostname === pattern)
+                return true;
+        }
+    }
+    return false;
+}
+/**
+ * Parse a comma-separated domain pattern string into a list.
+ */
+export function parseDomainPatterns(input) {
+    if (!input || input.trim() === '')
+        return [];
+    return input.split(',').map(p => p.trim()).filter(p => p.length > 0);
+}
+// ---- CDP HTTP discovery ----
+function cdpGet(url) {
+    return new Promise((resolve, reject) => {
+        http.get(url, (res) => {
+            let data = '';
+            res.on('data', (chunk) => data += chunk);
+            res.on('end', () => {
+                try {
+                    resolve(JSON.parse(data));
+                }
+                catch {
+                    reject(new Error(`Invalid JSON from ${url}`));
+                }
+            });
+        }).on('error', reject);
+    });
+}
+/**
+ * Discover Chrome's browser-level WebSocket URL via the /json/version endpoint.
+ */
+export async function discoverBrowserWsUrl(port) {
+    const versionInfo = await cdpGet(`http://127.0.0.1:${port}/json/version`);
+    const targets = await cdpGet(`http://127.0.0.1:${port}/json/list`);
+    const tabCount = targets.filter(t => t.type === 'page').length;
+    return {
+        wsUrl: versionInfo.webSocketDebuggerUrl,
+        browser: versionInfo.Browser,
+        tabCount,
+    };
+}
+// ---- CDP WebSocket session ----
+/**
+ * Minimal CDP session over a single WebSocket.
+ * Supports browser-level commands and session-multiplexed target commands
+ * (via the sessionId parameter on send/events, using flatten: true).
+ */
+export class CDPSession {
+    wsUrl;
+    ws = null;
+    nextId = 1;
+    callbacks = new Map();
+    listeners = new Map();
+    constructor(wsUrl) {
+        this.wsUrl = wsUrl;
+    }
+    connect() {
+        return new Promise((resolve, reject) => {
+            this.ws = new WebSocket(this.wsUrl);
+            this.ws.onopen = () => resolve();
+            this.ws.onerror = (e) => reject(new Error(`CDP WebSocket error: ${e}`));
+            this.ws.onclose = () => {
+                // Reject all pending callbacks
+                for (const [, cb] of this.callbacks) {
+                    clearTimeout(cb.timer);
+                    cb.reject(new Error('CDP connection closed'));
+                }
+                this.callbacks.clear();
+                // Fire close listeners
+                for (const handler of this.listeners.get('close') ?? []) {
+                    handler({});
+                }
+            };
+            this.ws.onmessage = (event) => {
+                const msg = JSON.parse(typeof event.data === 'string' ? event.data : String(event.data));
+                // Handle command responses
+                if (msg.id !== undefined && this.callbacks.has(msg.id)) {
+                    const cb = this.callbacks.get(msg.id);
+                    clearTimeout(cb.timer);
+                    this.callbacks.delete(msg.id);
+                    if (msg.error) {
+                        const err = msg.error;
+                        cb.reject(new Error(`CDP: ${err.message}`));
+                    }
+                    else {
+                        cb.resolve(msg.result);
+                    }
+                }
+                // Handle events
+                if (msg.method) {
+                    const sessionId = msg.sessionId;
+                    // Fire session-scoped handlers: "sessionId:Event.name"
+                    if (sessionId) {
+                        const scopedKey = `${sessionId}:${msg.method}`;
+                        for (const handler of this.listeners.get(scopedKey) ?? []) {
+                            handler(msg.params);
+                        }
+                    }
+                    // Fire global handlers (non-session-scoped)
+                    for (const handler of this.listeners.get(msg.method) ?? []) {
+                        handler({
+                            ...msg.params,
+                            ...(sessionId ? { _sessionId: sessionId } : {}),
+                        });
+                    }
+                }
+            };
+        });
+    }
+    send(method, params = {}, sessionId) {
+        const id = this.nextId++;
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                this.callbacks.delete(id);
+                reject(new Error(`CDP timeout: ${method}`));
+            }, 15000);
+            this.callbacks.set(id, {
+                resolve: resolve,
+                reject,
+                timer,
+            });
+            const msg = { id, method, params };
+            if (sessionId)
+                msg.sessionId = sessionId;
+            this.ws.send(JSON.stringify(msg));
+        });
+    }
+    on(event, handler) {
+        if (!this.listeners.has(event))
+            this.listeners.set(event, []);
+        this.listeners.get(event).push(handler);
+    }
+    close() {
+        if (this.ws) {
+            this.ws.close();
+            this.ws = null;
+        }
+    }
+}
+/**
+ * Attach to a running Chrome instance via CDP, passively capture API traffic
+ * across all tabs, and generate signed skill files on SIGINT.
+ */
+export async function attach(options) {
+    const { port, domainPatterns, json } = options;
+    const log = (msg) => {
+        if (!json)
+            process.stderr.write(msg + '\n');
+        options.onProgress?.(msg);
+    };
+    // SIGINT state — registered before any connection attempt (spec requirement)
+    let stopping = false;
+    // Phase 0: Discover browser
+    let browserInfo;
+    try {
+        browserInfo = await discoverBrowserWsUrl(port);
+    }
+    catch {
+        log(`[attach] Cannot connect to Chrome on :${port}`);
+        log('');
+        log('To enable remote debugging, relaunch Chrome with:');
+        log(`  google-chrome --remote-debugging-port=${port}`);
+        log('');
+        log('Or on macOS:');
+        log(`  /Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --remote-debugging-port=${port}`);
+        process.exit(1);
+    }
+    log(`[attach] Connected to ${browserInfo.browser} on :${port} (${browserInfo.tabCount} tabs)`);
+    if (domainPatterns.length > 0) {
+        log(`[attach] Watching domains: ${domainPatterns.join(', ')}`);
+    }
+    else {
+        log('[attach] Watching all domains');
+    }
+    // Phase 1: Connect browser-level CDP session
+    const browser = new CDPSession(browserInfo.wsUrl);
+    await browser.connect();
+    // Capture state
+    const generators = new Map();
+    const requests = new Map();
+    const responses = new Map();
+    let totalRequests = 0;
+    let filteredRequests = 0;
+    const startTime = Date.now();
+    const activeSessions = new Set();
+    const loggedSkippedDomains = new Set();
+    function enableNetworkForSession(sessionId) {
+        if (activeSessions.has(sessionId))
+            return;
+        activeSessions.add(sessionId);
+        // Prefix requestIds with sessionId to avoid collisions across tabs
+        const prefix = sessionId.slice(0, 8);
+        browser.on(`${sessionId}:Network.requestWillBeSent`, (params) => {
+            // Evict oldest entries if Maps grow too large (memory safety)
+            if (requests.size > 10000) {
+                const keys = [...requests.keys()].slice(0, 1000);
+                for (const k of keys) {
+                    requests.delete(k);
+                    responses.delete(k);
+                }
+            }
+            const key = `${prefix}:${params.requestId}`;
+            const request = params.request;
+            requests.set(key, {
+                url: request.url,
+                method: request.method,
+                headers: request.headers,
+                postData: request.postData,
+            });
+        });
+        browser.on(`${sessionId}:Network.responseReceived`, (params) => {
+            const key = `${prefix}:${params.requestId}`;
+            const response = params.response;
+            responses.set(key, {
+                status: response.status,
+                headers: response.headers,
+                mimeType: response.mimeType,
+            });
+        });
+        browser.on(`${sessionId}:Network.loadingFinished`, (params) => {
+            const key = `${prefix}:${params.requestId}`;
+            const req = requests.get(key);
+            const resp = responses.get(key);
+            if (!req || !resp)
+                return;
+            totalRequests++;
+            // Get response body immediately (before Chrome evicts it from buffer).
+            // This MUST be called synchronously in the handler — deferring risks
+            // "No resource with given identifier found" on high-traffic tabs.
+            browser.send('Network.getResponseBody', { requestId: params.requestId }, sessionId).then((result) => {
+                processExchange(key, req, resp, result.body ?? '', log);
+            }).catch(() => {
+                // Body evicted or unavailable — still process exchange without body
+                processExchange(key, req, resp, '', log);
+            });
+        });
+        // Enable network capture for this session (fire-and-forget)
+        browser.send('Network.enable', {}, sessionId).catch(() => {
+            // Session may have been destroyed
+        });
+    }
+    function processExchange(key, req, resp, body, logFn) {
+        // Apply shouldCapture filter
+        if (!shouldCapture({ url: req.url, status: resp.status, contentType: resp.mimeType })) {
+            filteredRequests++;
+            if (req.url.startsWith('chrome-extension://')) {
+                logFn(`  [skip] ${req.url.slice(0, 50)}... (extension)`);
+            }
+            return;
+        }
+        // Apply domain glob filter
+        let hostname;
+        try {
+            hostname = new URL(req.url).hostname;
+        }
+        catch {
+            return;
+        }
+        if (!matchesDomainGlob(hostname, domainPatterns)) {
+            filteredRequests++;
+            if (!loggedSkippedDomains.has(hostname)) {
+                loggedSkippedDomains.add(hostname);
+                logFn(`  [skip] ${hostname} (not in domain filter)`);
+            }
+            return;
+        }
+        // Get or create generator for this domain
+        if (!generators.has(hostname)) {
+            generators.set(hostname, new SkillGenerator());
+        }
+        const gen = generators.get(hostname);
+        const exchange = {
+            request: {
+                url: req.url,
+                method: req.method,
+                headers: req.headers,
+                postData: req.postData,
+            },
+            response: {
+                status: resp.status,
+                headers: resp.headers,
+                body,
+                contentType: resp.mimeType,
+            },
+            timestamp: new Date().toISOString(),
+        };
+        const endpoint = gen.addExchange(exchange);
+        if (endpoint) {
+            logFn(`  [api] ${req.method} ${resp.status} ${hostname} ${endpoint.path}`);
+        }
+        // Clean up to avoid memory growth
+        requests.delete(key);
+        responses.delete(key);
+    }
+    // Phase 2: Attach to all existing page targets
+    const { targetInfos } = await browser.send('Target.getTargets');
+    for (const target of targetInfos) {
+        if (target.type === 'page') {
+            try {
+                const result = await browser.send('Target.attachToTarget', {
+                    targetId: target.targetId,
+                    flatten: true,
+                });
+                enableNetworkForSession(result.sessionId);
+            }
+            catch {
+                // Target may have navigated away
+            }
+        }
+    }
+    // Phase 3: Auto-attach to future targets (new tabs, popups, OAuth redirects).
+    // flatten: true is critical — uses session-based CDP multiplexing instead
+    // of legacy nested WebSocket connections.
+    browser.on('Target.attachedToTarget', (params) => {
+        const targetInfo = params.targetInfo;
+        if (targetInfo?.type === 'page') {
+            enableNetworkForSession(params.sessionId);
+        }
+    });
+    await browser.send('Target.setAutoAttach', {
+        autoAttach: true,
+        waitForDebuggerOnStart: false,
+        flatten: true,
+    });
+    // Phase 4: Wait for SIGINT or browser disconnect
+    const result = await new Promise((resolve) => {
+        const shutdown = async () => {
+            if (stopping) {
+                // Second SIGINT — force exit immediately
+                process.exit(1);
+            }
+            stopping = true;
+            log('');
+            const duration = Math.round((Date.now() - startTime) / 1000);
+            if (generators.size === 0) {
+                log('[attach] Nothing captured');
+                browser.close();
+                resolve({ domains: [], totalRequests, filteredRequests, duration });
+                return;
+            }
+            log('[attach] Generating skill files...');
+            const machineId = await getMachineId();
+            const signingKey = deriveSigningKey(machineId);
+            const apitapDir = process.env.APITAP_DIR || join(homedir(), '.apitap');
+            const authManager = new AuthManager(apitapDir, machineId);
+            const domains = [];
+            for (const [domain, gen] of generators) {
+                let skill = gen.toSkillFile(domain);
+                if (skill.endpoints.length === 0)
+                    continue;
+                // Store extracted auth credentials
+                const auth = deduplicateAuth(gen.getExtractedAuth());
+                if (auth) {
+                    await authManager.store(domain, auth);
+                }
+                // Store OAuth credentials if detected
+                const oauthConfig = gen.getOAuthConfig();
+                if (oauthConfig) {
+                    const clientSecret = gen.getOAuthClientSecret();
+                    const refreshToken = gen.getOAuthRefreshToken();
+                    if (clientSecret || refreshToken) {
+                        await authManager.storeOAuthCredentials(domain, {
+                            ...(clientSecret ? { clientSecret } : {}),
+                            ...(refreshToken ? { refreshToken } : {}),
+                        });
+                    }
+                }
+                skill = signSkillFile(skill, signingKey);
+                const skillPath = await writeSkillFile(skill);
+                const displayPath = skillPath.replace(homedir(), '~');
+                const count = skill.endpoints.length;
+                log(`  ${domain} — ${count} endpoint${count === 1 ? '' : 's'} → ${displayPath}`);
+                domains.push({ domain, endpoints: count, skillFile: displayPath });
+            }
+            browser.close();
+            resolve({ domains, totalRequests, filteredRequests, duration });
+        };
+        process.on('SIGINT', shutdown);
+        // Handle browser disconnect (user closed Chrome)
+        browser.on('close', () => {
+            if (!stopping)
+                shutdown();
+        });
+    });
+    return result;
+}
+//# sourceMappingURL=cdp-attach.js.map