@jackwener/opencli 1.7.15 → 1.7.17

package/clis/twitter/article.js

@@ -11,6 +11,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'tweet-id', type: 'string', positional: true, required: true, help: 'Tweet ID or URL containing the article' },
     ],
@@ -51,12 +52,16 @@ cli({
         // Navigate to the tweet page for cookie context
         await page.goto(`https://x.com/i/status/${tweetId}`);
         await page.wait(3);
+        // Read CSRF token directly from the cookie store via CDP — zero page.evaluate round-trip
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
+        if (!ct0)
+            throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         const queryId = await resolveTwitterQueryId(page, 'TweetResultByRestId', TWEET_RESULT_BY_REST_ID_QUERY_ID);
         const result = await page.evaluate(`
       async () => {
         const tweetId = "${tweetId}";
-        const ct0 = document.cookie.split(';').map(c=>c.trim()).find(c=>c.startsWith('ct0='))?.split('=')[1];
-        if (!ct0) return {error: 'No ct0 cookie — not logged into x.com'};
+        const ct0 = ${JSON.stringify(ct0)};
 
         const bearer = ${JSON.stringify(TWITTER_BEARER_TOKEN)};
         const headers = {
@@ -156,8 +161,6 @@ cli({
       }
     `);
         if (result?.error) {
-            if (String(result.error).includes('No ct0 cookie'))
-                throw new AuthRequiredError('x.com', result.error);
             throw new CommandExecutionError(result.error + (result.hint ? ` (${result.hint})` : ''));
         }
         return result || [];

package/clis/twitter/bookmark-folder.js

@@ -122,6 +122,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'folder-id', positional: true, type: 'string', required: true, help: 'Folder id from `opencli twitter bookmark-folders`.' },
         { name: 'limit', type: 'int', default: 20, help: 'Maximum number of bookmarks to return (default 20).' },
@@ -140,11 +141,8 @@ cli({
             throw new ArgumentError(`Invalid --limit: ${JSON.stringify(kwargs.limit)}. Expected a positive integer.`);
         }
 
-        await page.goto('https://x.com');
-        await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
 

package/clis/twitter/bookmark-folder.test.js

@@ -309,11 +309,13 @@ describe('twitter bookmark-folder command (registry)', () => {
         const page = {
             goto: vi.fn().mockResolvedValue(undefined),
             wait: vi.fn().mockResolvedValue(undefined),
+            getCookies: vi.fn().mockResolvedValue([]),
             evaluate: vi.fn().mockResolvedValue(null),
         };
         await expect(command.func(page, { 'folder-id': '12345', limit: 5 }))
             .rejects
             .toThrow(/Not logged into x.com/);
+        expect(page.getCookies).toHaveBeenCalledWith({ url: 'https://x.com' });
     });
 
     it('accepts an opaque safe folder-id and sends it in the GraphQL variables', async () => {
@@ -321,14 +323,15 @@ describe('twitter bookmark-folder command (registry)', () => {
         const page = {
             goto: vi.fn().mockResolvedValue(undefined),
             wait: vi.fn().mockResolvedValue(undefined),
+            getCookies: vi.fn().mockResolvedValue([{ name: 'ct0', value: 'ct0-token' }]),
             evaluate: vi.fn()
-                .mockResolvedValueOnce('ct0-token')
                 .mockResolvedValueOnce('queryX')
                 .mockResolvedValueOnce({ data: { bookmark_timeline_v2: { timeline: { instructions: [] } } } }),
         };
         const result = await command.func(page, { 'folder-id': 'folder_AbC-123', limit: 5 });
         expect(result).toEqual([]);
-        const fetchScript = page.evaluate.mock.calls[2][0];
+        expect(page.getCookies).toHaveBeenCalledWith({ url: 'https://x.com' });
+        const fetchScript = page.evaluate.mock.calls[1][0];
         expect(decodeURIComponent(fetchScript)).toContain('"bookmark_collection_id":"folder_AbC-123"');
     });
 });

package/clis/twitter/bookmark-folders.js

@@ -77,14 +77,12 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [],
     columns: ['id', 'name', 'items', 'created_at'],
     func: async (page) => {
-        await page.goto('https://x.com');
-        await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
 

package/clis/twitter/bookmark-folders.test.js

@@ -143,8 +143,10 @@ describe('twitter bookmark-folders command (registry)', () => {
         const page = {
             goto: vi.fn().mockResolvedValue(undefined),
             wait: vi.fn().mockResolvedValue(undefined),
-            evaluate: vi.fn().mockResolvedValue(null), // null cookie → AuthRequired
+            getCookies: vi.fn().mockResolvedValue([]), // no ct0 cookie → AuthRequired
+            evaluate: vi.fn().mockResolvedValue(null),
         };
         await expect(command.func(page, {})).rejects.toThrow(/Not logged into x.com/);
+        expect(page.getCookies).toHaveBeenCalledWith({ url: 'https://x.com' });
     });
 });

package/clis/twitter/bookmarks.js

@@ -105,6 +105,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'limit', type: 'int', default: 20, help: 'Maximum number of bookmarks to return (default 20).' },
         { name: 'top-by-engagement', type: 'int', default: 0, help: 'When set to N>0, re-rank the bookmarks by weighted engagement (likes×1 + retweets×3 + replies×2 + bookmarks×5 + log10(views+1)×0.5) and return the top N. Default 0 keeps the API\'s native (saved-time) ordering.' },
@@ -112,11 +113,8 @@ cli({
     columns: ['id', 'author', 'text', 'likes', 'retweets', 'bookmarks', 'created_at', 'url'],
     func: async (page, kwargs) => {
         const limit = kwargs.limit || 20;
-        await page.goto('https://x.com');
-        await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-      return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-    }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         const queryId = await page.evaluate(`async () => {

package/clis/twitter/download.js

@@ -15,6 +15,7 @@ cli({
     description: 'Download Twitter/X media (images and videos). Provide either <username> to scan a profile\'s media tab, or --tweet-url to download a single tweet.',
     domain: 'x.com',
     strategy: Strategy.COOKIE,
+    siteSession: 'persistent',
     args: [
         { name: 'username', positional: true, help: 'Twitter username (with or without @) to scan their /media tab. Either <username> or --tweet-url is required.' },
         { name: 'tweet-url', help: 'Single tweet URL to download. Use this OR <username>, not both required at once.' },

package/clis/twitter/followers.js

@@ -83,6 +83,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.UI,
     browser: true,
+    siteSession: 'persistent',
     args: [
         {
             name: 'user',

package/clis/twitter/following.js

@@ -139,6 +139,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         {
             name: 'user',
@@ -157,12 +158,8 @@ cli({
         }
         let targetUser = normalizeScreenName(kwargs.user);
 
-        await page.goto('https://x.com');
-        await page.wait(3);
-
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
 

package/clis/twitter/following.test.js

@@ -205,8 +205,8 @@ function createFollowingPage(followingResponses, { ct0 = 'token', userLookup = {
     const page = {
         goto: vi.fn().mockResolvedValue(undefined),
         wait: vi.fn().mockResolvedValue(undefined),
+        getCookies: vi.fn(async () => (ct0 ? [{ name: 'ct0', value: ct0 }] : [])),
         evaluate: vi.fn(async (script) => {
-            if (script.includes('document.cookie')) return ct0;
             if (script.includes('operationName')) return null;
             if (script.includes('/UserByScreenName')) return userLookup;
             if (script.includes('/Following')) return followingResponses.shift() || followingPayload([], null);
@@ -228,6 +228,7 @@ describe('twitter following command', () => {
         const rows = await command.func(page, { user: '@elonmusk', limit: 3 });
 
         expect(rows.map((row) => row.screen_name)).toEqual(['alice', 'bob', 'carol']);
+        expect(page.getCookies).toHaveBeenCalledWith({ url: 'https://x.com' });
         const userLookupScript = page.evaluate.mock.calls.find(([script]) => script.includes('/UserByScreenName'))?.[0] || '';
         expect(decodeURIComponent(userLookupScript)).toContain('"screen_name":"elonmusk"');
         expect(decodeURIComponent(userLookupScript)).not.toContain('"screen_name":"@elonmusk"');

package/clis/twitter/likes.js

@@ -142,6 +142,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'username', type: 'string', positional: true, help: 'Twitter screen name (with or without @). Defaults to the logged-in user when omitted.' },
         { name: 'limit', type: 'int', default: 20, help: 'Maximum number of liked tweets to return (default 20).' },
@@ -151,11 +152,8 @@ cli({
     func: async (page, kwargs) => {
         const limit = kwargs.limit || 20;
         let username = (kwargs.username || '').replace(/^@/, '');
-        await page.goto('https://x.com');
-        await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-      return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-    }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         // If no username provided, detect the logged-in user

package/clis/twitter/list-add.js

@@ -84,11 +84,12 @@ cli({
         if (!username) {
             throw new CommandExecutionError('Username is required');
         }
+        // Strategy.UI does not get a domain URL pre-nav from the framework.
+        // This page context is load-bearing for pre-target GraphQL calls below.
         await page.goto('https://x.com');
         await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0) throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
 
         const userByScreenNameQueryId = await resolveTwitterQueryId(page, 'UserByScreenName', USER_BY_SCREEN_NAME_QUERY_ID);

package/clis/twitter/list-add.test.js

@@ -1,4 +1,4 @@
-import { describe, expect, it } from 'vitest';
+import { describe, expect, it, vi } from 'vitest';
 import { getRegistry } from '@jackwener/opencli/registry';
 import './list-add.js';
 
@@ -12,4 +12,26 @@ describe('twitter list-add registration', () => {
         expect(listIdArg?.required).toBe(true);
         expect(listIdArg?.positional).toBe(true);
     });
+
+    it('keeps the x.com root navigation before pre-target GraphQL calls', async () => {
+        const cmd = getRegistry().get('twitter/list-add');
+        const page = {
+            goto: vi.fn().mockResolvedValue(undefined),
+            wait: vi.fn().mockResolvedValue(undefined),
+            getCookies: vi.fn().mockResolvedValue([{ name: 'ct0', value: 'token' }]),
+            evaluate: vi.fn()
+                .mockResolvedValueOnce(null) // UserByScreenName queryId fallback
+                .mockResolvedValueOnce('user-1')
+                .mockResolvedValueOnce(null) // ListsManagement queryId fallback
+                .mockResolvedValueOnce({}),
+        };
+
+        await expect(cmd.func(page, { listId: '123', username: 'alice' }))
+            .rejects
+            .toThrow(/List 123 not found/);
+        expect(page.goto).toHaveBeenCalledWith('https://x.com');
+        expect(page.goto).toHaveBeenCalledTimes(1);
+        expect(page.wait).toHaveBeenCalledWith(3);
+        expect(page.getCookies).toHaveBeenCalledWith({ url: 'https://x.com' });
+    });
 });

package/clis/twitter/list-remove.js

@@ -92,11 +92,12 @@ cli({
         }
         if (!username) throw new CommandExecutionError('Username is required');
 
+        // Strategy.UI does not get a domain URL pre-nav from the framework.
+        // This page context is load-bearing for pre-target GraphQL calls below.
         await page.goto('https://x.com');
         await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0) throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
 
         const userByScreenNameQueryId = await resolveTwitterQueryId(page, 'UserByScreenName', USER_BY_SCREEN_NAME_QUERY_ID);

package/clis/twitter/list-remove.test.js

@@ -1,4 +1,4 @@
-import { describe, expect, it } from 'vitest';
+import { describe, expect, it, vi } from 'vitest';
 import { getRegistry } from '@jackwener/opencli/registry';
 import './list-remove.js';
 
@@ -11,4 +11,26 @@ describe('twitter list-remove registration', () => {
         expect(listIdArg).toBeTruthy();
         expect(listIdArg?.required).toBe(true);
     });
+
+    it('keeps the x.com root navigation before pre-target GraphQL calls', async () => {
+        const cmd = getRegistry().get('twitter/list-remove');
+        const page = {
+            goto: vi.fn().mockResolvedValue(undefined),
+            wait: vi.fn().mockResolvedValue(undefined),
+            getCookies: vi.fn().mockResolvedValue([{ name: 'ct0', value: 'token' }]),
+            evaluate: vi.fn()
+                .mockResolvedValueOnce(null) // UserByScreenName queryId fallback
+                .mockResolvedValueOnce('user-1')
+                .mockResolvedValueOnce(null) // ListsManagement queryId fallback
+                .mockResolvedValueOnce({}),
+        };
+
+        await expect(cmd.func(page, { listId: '123', username: 'alice' }))
+            .rejects
+            .toThrow(/List 123 not found/);
+        expect(page.goto).toHaveBeenCalledWith('https://x.com');
+        expect(page.goto).toHaveBeenCalledTimes(1);
+        expect(page.wait).toHaveBeenCalledWith(3);
+        expect(page.getCookies).toHaveBeenCalledWith({ url: 'https://x.com' });
+    });
 });

package/clis/twitter/list-tweets.js

@@ -112,6 +112,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'listId', positional: true, type: 'string', required: true, help: 'Numeric ID of a Twitter/X list (e.g. from `opencli twitter lists`)' },
         { name: 'limit', type: 'int', default: 50 },
@@ -124,11 +125,8 @@ cli({
             throw new CommandExecutionError(`Invalid listId: ${JSON.stringify(kwargs.listId)}. Expected a numeric ID (see \`opencli twitter lists\`).`);
         }
         const limit = kwargs.limit || 50;
-        await page.goto('https://x.com');
-        await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         const queryId = await page.evaluate(`async () => {

package/clis/twitter/lists.js

@@ -92,17 +92,15 @@ export const command = cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'limit', type: 'int', default: 50, help: 'Maximum number of lists to return (default 50).' },
     ],
     columns: ['id', 'name', 'members', 'followers', 'mode'],
     func: async (page, kwargs) => {
         const limit = kwargs.limit || 50;
-        await page.goto('https://x.com');
-        await page.wait(3);
-        const ct0 = await page.evaluate(`() => {
-            return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-        }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         const queryId = await page.evaluate(`async () => {

package/clis/twitter/notifications.js

@@ -8,6 +8,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.INTERCEPT,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'limit', type: 'int', default: 20, help: 'Maximum number of notifications to return (default 20).' },
     ],

package/clis/twitter/profile.js

@@ -11,6 +11,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'username', type: 'string', positional: true, help: 'Twitter screen name (with or without @). Defaults to the logged-in user when omitted.' },
     ],
@@ -32,12 +33,16 @@ cli({
         // Navigate directly to the user's profile page (gives us cookie context)
         await page.goto(`https://x.com/${username}`);
         await page.wait(3);
+        // Read CSRF token directly from the cookie store via CDP — zero page.evaluate round-trip
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
+        if (!ct0)
+            throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         const queryId = await resolveTwitterQueryId(page, 'UserByScreenName', USER_BY_SCREEN_NAME_QUERY_ID);
         const result = await page.evaluate(`
       async () => {
         const screenName = "${username}";
-        const ct0 = document.cookie.split(';').map(c=>c.trim()).find(c=>c.startsWith('ct0='))?.split('=')[1];
-        if (!ct0) return {error: 'No ct0 cookie — not logged into x.com'};
+        const ct0 = ${JSON.stringify(ct0)};
 
         const bearer = ${JSON.stringify(TWITTER_BEARER_TOKEN)};
         const headers = {
@@ -96,8 +101,6 @@ cli({
       }
     `);
         if (result?.error) {
-            if (String(result.error).includes('No ct0 cookie'))
-                throw new AuthRequiredError('x.com', result.error);
             throw new CommandExecutionError(result.error + (result.hint ? ` (${result.hint})` : ''));
         }
         return result || [];

package/clis/twitter/search.js

@@ -228,6 +228,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.INTERCEPT, // Use intercept strategy
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'query', type: 'string', required: true, positional: true, help: 'Search query. Raw X operators (e.g. "exact phrase", #tag, OR, lang:en, since:YYYY-MM-DD, from:, since:) are passed through unchanged.' },
         { name: 'filter', type: 'string', default: 'top', choices: ['top', 'live'], help: 'Legacy alias for --product. Kept for backwards compatibility; if --product is set it wins.' },

package/clis/twitter/thread.js

@@ -100,6 +100,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'tweet-id', positional: true, type: 'string', required: true, help: 'Tweet numeric ID (e.g. 1234567890) or full status URL' },
         { name: 'limit', type: 'int', default: 50 },
@@ -111,13 +112,10 @@ cli({
         const urlMatch = tweetId.match(/\/status\/(\d+)/);
         if (urlMatch)
             tweetId = urlMatch[1];
-        // Navigate to x.com for cookie context
-        await page.goto('https://x.com');
-        await page.wait(3);
-        // Extract CSRF token — the only thing we need from the browser
-        const ct0 = await page.evaluate(`() => {
-      return document.cookie.split(';').map(c=>c.trim()).find(c=>c.startsWith('ct0='))?.split('=')[1] || null;
-    }`);
+        // Cookie context auto-established by framework pre-nav (Strategy.COOKIE + domain).
+        // Read CSRF token directly from the cookie store via CDP — zero page.evaluate round-trip.
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         // Build auth headers in TypeScript

package/clis/twitter/timeline.js

@@ -141,6 +141,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         {
             name: 'type',
@@ -156,13 +157,10 @@ cli({
         const limit = kwargs.limit || 20;
         const timelineType = kwargs.type === 'following' ? 'following' : 'for-you';
         const { endpoint, method, fallbackQueryId } = TIMELINE_ENDPOINTS[timelineType];
-        // Navigate to x.com for cookie context
-        await page.goto('https://x.com');
-        await page.wait(3);
-        // Extract CSRF token
-        const ct0 = await page.evaluate(`() => {
-      return document.cookie.split(';').map(c=>c.trim()).find(c=>c.startsWith('ct0='))?.split('=')[1] || null;
-    }`);
+        // Cookie context auto-established by framework pre-nav (Strategy.COOKIE + domain).
+        // Read CSRF token directly from the cookie store via CDP — zero page.evaluate round-trip.
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         // Dynamically resolve queryId for the selected endpoint

package/clis/twitter/trending.js

@@ -17,6 +17,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'limit', type: 'int', default: 20, help: 'Number of trends to show' },
     ],
@@ -26,10 +27,9 @@ cli({
         // Navigate to trending page
         await page.goto('https://x.com/explore/tabs/trending');
         await page.wait(3);
-        // Verify login via CSRF cookie
-        const ct0 = await page.evaluate(`(() => {
-      return document.cookie.split(';').map(c=>c.trim()).find(c=>c.startsWith('ct0='))?.split('=')[1] || null;
-    })()`);
+        // Verify login via CSRF cookie (read directly from cookie store via CDP)
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0)
             throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
         await page.wait(2);

package/clis/twitter/tweets.js

@@ -149,6 +149,7 @@ cli({
     domain: 'x.com',
     strategy: Strategy.COOKIE,
     browser: true,
+    siteSession: 'persistent',
     args: [
         { name: 'username', type: 'string', positional: true, required: true, help: 'Twitter screen name (with or without @)' },
         { name: 'limit', type: 'int', default: 20, help: 'Max tweets to return' },
@@ -160,12 +161,8 @@ cli({
         const username = String(kwargs.username || '').replace(/^@/, '').trim();
         if (!username) throw new CommandExecutionError('username is required');
 
-        await page.goto('https://x.com');
-        await page.wait(3);
-
-        const ct0 = await page.evaluate(`() => {
-      return document.cookie.split(';').map(c => c.trim()).find(c => c.startsWith('ct0='))?.split('=')[1] || null;
-    }`);
+        const cookies = await page.getCookies({ url: 'https://x.com' });
+        const ct0 = cookies.find((c) => c.name === 'ct0')?.value || null;
         if (!ct0) throw new AuthRequiredError('x.com', 'Not logged into x.com (no ct0 cookie)');
 
         const userTweetsQueryId = await resolveTwitterQueryId(page, 'UserTweets', USER_TWEETS_QUERY_ID);

package/clis/youtube/like.js

@@ -2,7 +2,7 @@
  * YouTube like — like a video via InnerTube like API (requires SAPISIDHASH auth).
  */
 import { cli, Strategy } from '@jackwener/opencli/registry';
-import { parseVideoId, prepareYoutubeApiPage, SAPISID_HASH_FN } from './utils.js';
+import { parseVideoId, prepareYoutubeApiPage, readYoutubeSapisid, SAPISID_HASH_FN } from './utils.js';
 import { CommandExecutionError, AuthRequiredError } from '@jackwener/opencli/errors';
 
 cli({
@@ -19,6 +19,10 @@ cli({
     func: async (page, kwargs) => {
         const videoId = parseVideoId(String(kwargs.url));
         await prepareYoutubeApiPage(page);
+        // Read SAPISID directly from the cookie store via CDP — zero document.cookie round-trip
+        const sapisid = await readYoutubeSapisid(page);
+        if (!sapisid)
+            throw new AuthRequiredError('www.youtube.com', 'Not logged in (SAPISID cookie missing)');
         const result = await page.evaluate(`
       (async () => {
         ${SAPISID_HASH_FN}
@@ -28,7 +32,7 @@ cli({
         const context = cfg.INNERTUBE_CONTEXT;
         if (!apiKey || !context) return { error: 'config', message: 'YouTube config not found' };
 
-        const authHash = await getSapisidHash('https://www.youtube.com');
+        const authHash = await getSapisidHash(${JSON.stringify(sapisid)}, 'https://www.youtube.com');
         if (!authHash) return { error: 'auth', message: 'Not logged in (SAPISID cookie missing)' };
 
         const resp = await fetch('/youtubei/v1/like/like?key=' + apiKey + '&prettyPrint=false', {

package/clis/youtube/subscribe.js

@@ -2,7 +2,7 @@
  * YouTube subscribe — subscribe to a channel via InnerTube subscription API.
  */
 import { cli, Strategy } from '@jackwener/opencli/registry';
-import { prepareYoutubeApiPage, SAPISID_HASH_FN, RESOLVE_CHANNEL_HANDLE_FN } from './utils.js';
+import { prepareYoutubeApiPage, readYoutubeSapisid, SAPISID_HASH_FN, RESOLVE_CHANNEL_HANDLE_FN } from './utils.js';
 import { CommandExecutionError, AuthRequiredError } from '@jackwener/opencli/errors';
 
 cli({
@@ -19,6 +19,10 @@ cli({
     func: async (page, kwargs) => {
         const channelInput = String(kwargs.channel);
         await prepareYoutubeApiPage(page);
+        // Read SAPISID directly from the cookie store via CDP — zero document.cookie round-trip
+        const sapisid = await readYoutubeSapisid(page);
+        if (!sapisid)
+            throw new AuthRequiredError('www.youtube.com', 'Not logged in (SAPISID cookie missing)');
         const result = await page.evaluate(`
       (async () => {
         ${SAPISID_HASH_FN}
@@ -28,7 +32,7 @@ cli({
         const context = cfg.INNERTUBE_CONTEXT;
         if (!apiKey || !context) return { error: 'config', message: 'YouTube config not found' };
 
-        const authHash = await getSapisidHash('https://www.youtube.com');
+        const authHash = await getSapisidHash(${JSON.stringify(sapisid)}, 'https://www.youtube.com');
         if (!authHash) return { error: 'auth', message: 'Not logged in (SAPISID cookie missing)' };
 
         ${RESOLVE_CHANNEL_HANDLE_FN}

package/clis/youtube/unlike.js

@@ -2,7 +2,7 @@
  * YouTube unlike — remove like from a video via InnerTube like API.
  */
 import { cli, Strategy } from '@jackwener/opencli/registry';
-import { parseVideoId, prepareYoutubeApiPage, SAPISID_HASH_FN } from './utils.js';
+import { parseVideoId, prepareYoutubeApiPage, readYoutubeSapisid, SAPISID_HASH_FN } from './utils.js';
 import { CommandExecutionError, AuthRequiredError } from '@jackwener/opencli/errors';
 
 cli({
@@ -19,6 +19,10 @@ cli({
     func: async (page, kwargs) => {
         const videoId = parseVideoId(String(kwargs.url));
         await prepareYoutubeApiPage(page);
+        // Read SAPISID directly from the cookie store via CDP — zero document.cookie round-trip
+        const sapisid = await readYoutubeSapisid(page);
+        if (!sapisid)
+            throw new AuthRequiredError('www.youtube.com', 'Not logged in (SAPISID cookie missing)');
         const result = await page.evaluate(`
       (async () => {
         ${SAPISID_HASH_FN}
@@ -28,7 +32,7 @@ cli({
         const context = cfg.INNERTUBE_CONTEXT;
         if (!apiKey || !context) return { error: 'config', message: 'YouTube config not found' };
 
-        const authHash = await getSapisidHash('https://www.youtube.com');
+        const authHash = await getSapisidHash(${JSON.stringify(sapisid)}, 'https://www.youtube.com');
         if (!authHash) return { error: 'auth', message: 'Not logged in (SAPISID cookie missing)' };
 
         const resp = await fetch('/youtubei/v1/like/removelike?key=' + apiKey + '&prettyPrint=false', {