@lobu/cli 7.0.0 → 7.1.0

package/dist/connectors/google_calendar.ts

@@ -255,7 +255,14 @@ export default class GoogleCalendarConnector extends ConnectorRuntime {
     let pageToken: string | undefined;
     let nextSyncToken: string | undefined;
 
-    while (true) {
+    // Safety bound — at 250 events/page, 200 pages = 50k events, more than
+    // any reasonable calendar window. Stops a runaway loop if the upstream
+    // ever returns a self-referential page token.
+    const MAX_PAGES = 200;
+    let pages = 0;
+
+    while (pages < MAX_PAGES) {
+      pages++;
       // Always request a full page — `maxResults` is a soft cap on *stored*
       // events, not a reason to shrink the request size (shrinking to 1 once the
       // cap is hit would crawl a busy calendar one event per round-trip).
@@ -350,7 +357,12 @@ export default class GoogleCalendarConnector extends ConnectorRuntime {
     let pageToken: string | undefined;
     let nextSyncToken: string | undefined;
 
-    while (true) {
+    // Same hard ceiling as the full-sync path — defensive only.
+    const MAX_PAGES = 200;
+    let pages = 0;
+
+    while (pages < MAX_PAGES) {
+      pages++;
       const params = new URLSearchParams({
         maxResults: String(Math.max(1, Math.min(250, maxResults - events.length))),
         syncToken,

package/dist/connectors/google_play.ts

@@ -136,6 +136,12 @@ async function fetchReviewsPage(
 
   if (!res.ok) {
     if (res.status === 404) throw new Error('App not found (404)');
+    if (res.status === 429) {
+      const retryAfter = res.headers.get('Retry-After');
+      throw new Error(
+        `Google Play rate limit (429). Retry after ${retryAfter ?? 'unknown'} seconds.`
+      );
+    }
     throw new Error(`Google Play request failed: ${res.status} ${res.statusText}`);
   }
 
@@ -143,14 +149,28 @@ async function fetchReviewsPage(
 
   // Response starts with ")]}'" (security prefix), then a newline, then JSON.
   // The library skips the first 5 characters.
-  const outer = JSON.parse(text.substring(5));
+  // Wrap parse in try/catch — Google sometimes returns an HTML interstitial
+  // (captcha / geo-block / maintenance) with status 200, which would bubble up
+  // as an unhelpful SyntaxError otherwise.
+  let outer: any;
+  try {
+    outer = JSON.parse(text.substring(5));
+  } catch {
+    const preview = text.substring(0, 120).replace(/\s+/g, ' ');
+    throw new Error(`Google Play returned non-JSON response: ${preview}`);
+  }
   const innerJson: string | null = outer?.[0]?.[2];
 
   if (innerJson === null || innerJson === undefined) {
     return { reviews: [], nextToken: null };
   }
 
-  const data = JSON.parse(innerJson);
+  let data: any;
+  try {
+    data = JSON.parse(innerJson);
+  } catch {
+    throw new Error('Google Play returned malformed inner JSON payload');
+  }
   return {
     reviews: extractReviews(data, appId),
     nextToken: extractPaginationToken(data),

package/dist/connectors/hackernews.ts

@@ -16,6 +16,7 @@ import {
   type SyncContext,
   type SyncResult,
 } from '@lobu/connector-sdk';
+import { validatePublicUrl } from './browser-scraper-utils.ts';
 
 // ---------------------------------------------------------------------------
 // Algolia HN API types
@@ -261,11 +262,36 @@ export default class HackerNewsConnector extends ConnectorRuntime {
         `&numericFilters=${encodeURIComponent(`created_at_i>${lookbackTimestamp}`)}`;
 
       const response = await fetch(url);
+
+      // Honor Algolia's rate-limit response so we don't hammer them and turn
+      // a transient 429 into "Unexpected token < in JSON" when the next call
+      // returns an HTML error page.
+      if (response.status === 429) {
+        const retryAfter = response.headers.get('Retry-After');
+        const waitMs = retryAfter ? Math.min(60_000, Math.max(1, Number(retryAfter)) * 1000) : 5000;
+        await this.sleep(Number.isFinite(waitMs) ? waitMs : 5000);
+        continue;
+      }
+
       if (!response.ok) {
-        throw new Error(`Algolia API error (${response.status}): ${await response.text()}`);
+        const text = await response.text().catch(() => '');
+        throw new Error(`Algolia API error (${response.status}): ${text}`);
+      }
+
+      // Algolia normally returns JSON, but proxies/captive portals occasionally
+      // return HTML. Surface a useful error instead of a bare SyntaxError that
+      // makes the connector look broken when the upstream is at fault.
+      let data: AlgoliaResponse;
+      try {
+        data = (await response.json()) as AlgoliaResponse;
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        throw new Error(`Algolia API returned non-JSON response: ${message}`);
       }
 
-      const data = (await response.json()) as AlgoliaResponse;
+      if (!data || !Array.isArray(data.hits)) {
+        throw new Error('Algolia API returned an unexpected response shape');
+      }
 
       for (const hit of data.hits) {
         if (contentType === 'comment') {
@@ -404,6 +430,15 @@ export default class HackerNewsConnector extends ConnectorRuntime {
 
   private async fetchExternalContent(url: string): Promise<string | null> {
     try {
+      // SSRF guard — `url` is supplied by whoever submitted the HN story and
+      // is therefore attacker-controllable. Refuse to fetch private/internal
+      // addresses (loopback, 169.254.169.254 cloud metadata, RFC1918, etc.).
+      try {
+        validatePublicUrl(url);
+      } catch {
+        return null;
+      }
+
       const controller = new AbortController();
       const timeoutId = setTimeout(() => controller.abort(), this.CONTENT_FETCH_TIMEOUT);
 

package/dist/connectors/index.ts

@@ -1,15 +1,23 @@
 export * from './apple_health.ts';
+export * from './apple_photos.ts';
 export * from './apple_screen_time.ts';
 export * from './local_directory.ts';
 export * from './browser-scraper-utils.ts';
+// Browser primitives — connector definitions whose executors live in the
+// Owletto for Chrome extension (apps/chrome/executor.js). Kept under
+// browser/ so they're structurally distinct from third-party service
+// connectors (linkedin, revolut, github, etc.).
+export * from './browser/evaluate.ts';
+export * from './browser/fill_form.ts';
+export * from './browser/page_text.ts';
 export * from './capterra.ts';
+export * from './chrome_tabs.ts';
 export * from './g2.ts';
 export * from './github.ts';
 export * from './glassdoor.ts';
 export * from './gmaps.ts';
 export * from './google_calendar.ts';
 export * from './google_gmail.ts';
-export * from './google_photos.ts';
 export * from './google_play.ts';
 export * from './hackernews.ts';
 export * from './ios_appstore.ts';

package/dist/connectors/reddit.ts

@@ -79,6 +79,7 @@ export default class RedditConnector extends ConnectorRuntime {
     name: 'Reddit',
     description: 'Fetches posts and comments from Reddit subreddits or search queries.',
     version: '1.0.0',
+    faviconDomain: 'reddit.com',
     authSchema: {
       methods: [
         {

package/dist/connectors/revolut.ts

@@ -142,12 +142,9 @@ function extractAmountAndCurrency(
 	const amt = record.amount;
 	if (amt && typeof amt === "object") {
 		const obj = amt as Record<string, unknown>;
-		const value =
-			typeof obj.value === "number"
-				? obj.value
-				: typeof obj.amount === "number"
-					? obj.amount
-					: null;
+		let value: number | null = null;
+		if (typeof obj.value === "number") value = obj.value;
+		else if (typeof obj.amount === "number") value = obj.amount;
 		const currency = typeof obj.currency === "string" ? obj.currency : null;
 		if (value !== null && currency) return { amount: value, currency };
 	}
@@ -200,13 +197,13 @@ function extractBalance(
 	record: Record<string, unknown>,
 	currency: string,
 ): number | undefined {
-	const raw =
-		typeof record.balance === "number"
-			? record.balance
-			: record.balance && typeof record.balance === "object"
-				? ((record.balance as Record<string, unknown>).value ??
-					(record.balance as Record<string, unknown>).amount)
-				: undefined;
+	let raw: unknown;
+	if (typeof record.balance === "number") {
+		raw = record.balance;
+	} else if (record.balance && typeof record.balance === "object") {
+		const obj = record.balance as Record<string, unknown>;
+		raw = obj.value ?? obj.amount;
+	}
 	if (typeof raw !== "number" || !Number.isFinite(raw)) return undefined;
 	return Number.isInteger(raw) ? minorUnitsToMajor(raw, currency) : raw;
 }

package/dist/connectors/rss.ts

@@ -15,6 +15,7 @@ import {
   type SyncContext,
   type SyncResult,
 } from '@lobu/connector-sdk';
+import { validatePublicUrl } from './browser-scraper-utils.ts';
 
 // ---------------------------------------------------------------------------
 // Types
@@ -211,6 +212,11 @@ export default class RSSConnector extends ConnectorRuntime {
   // -------------------------------------------------------------------------
 
   private async fetchAndParseFeed(feedUrl: string, maxItems: number): Promise<RSSFeedItem[]> {
+    // SSRF guard at the trust boundary. `feed_urls` is operator/user supplied
+    // via connector config and must not be allowed to target loopback, RFC1918,
+    // or cloud-metadata IPs from the gateway process.
+    validatePublicUrl(feedUrl);
+
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), this.FETCH_TIMEOUT_MS);
 
@@ -222,18 +228,13 @@ export default class RSSConnector extends ConnectorRuntime {
           Accept: 'application/rss+xml, application/atom+xml, application/xml, text/xml, */*',
         },
       });
-
-      clearTimeout(timeoutId);
-
       if (!response.ok) {
         throw new Error(`HTTP ${response.status}: ${response.statusText}`);
       }
-
       const xml = await response.text();
       return this.parseXml(xml, feedUrl, maxItems);
-    } catch (err) {
+    } finally {
       clearTimeout(timeoutId);
-      throw err;
     }
   }
 
@@ -413,8 +414,32 @@ export default class RSSConnector extends ConnectorRuntime {
           case '#39':
             return "'";
           default:
-            if (hex) return String.fromCharCode(parseInt(hex, 16));
-            if (decimal) return String.fromCharCode(parseInt(decimal, 10));
+            // Use fromCodePoint, not fromCharCode — astral-plane characters
+            // (emoji, CJK extension B+, etc.) have code points > 0xFFFF which
+            // fromCharCode silently truncates, producing mojibake in feed
+            // titles. Guard the range so a malformed entity doesn't throw.
+            if (hex) {
+              const cp = parseInt(hex, 16);
+              if (Number.isFinite(cp) && cp >= 0 && cp <= 0x10ffff) {
+                try {
+                  return String.fromCodePoint(cp);
+                } catch {
+                  return _match;
+                }
+              }
+              return _match;
+            }
+            if (decimal) {
+              const cp = parseInt(decimal, 10);
+              if (Number.isFinite(cp) && cp >= 0 && cp <= 0x10ffff) {
+                try {
+                  return String.fromCodePoint(cp);
+                } catch {
+                  return _match;
+                }
+              }
+              return _match;
+            }
             return _match;
         }
       }

package/dist/connectors/trustpilot.ts

@@ -98,7 +98,11 @@ export default class TrustpilotConnector extends ConnectorRuntime {
       throw new Error('Either business_url or business_name is required');
     }
 
-    const baseUrl = businessUrl || `https://www.trustpilot.com/review/${businessName}`;
+    // encodeURIComponent the user-supplied businessName so a value like
+    // "../search?foo=bar" can't escape the /review/ path on trustpilot.com.
+    const baseUrl =
+      businessUrl ||
+      `https://www.trustpilot.com/review/${encodeURIComponent(businessName ?? '')}`;
     validateUrlDomain(baseUrl, 'trustpilot.com');
 
     const userDataDir = getBrowserUserDataDir(ctx.sessionState);
@@ -161,27 +165,34 @@ export default class TrustpilotConnector extends ConnectorRuntime {
       // Filter reviews with meaningful content (more than 10 chars)
       const reviews: TrustpilotReview[] = rawReviews.filter((r) => r.text && r.text.length > 10);
 
-      // Transform to EventEnvelope format
-      const events: EventEnvelope[] = reviews.map((review) => {
+      // Transform to EventEnvelope format. Drop rows whose `date` attribute
+      // was missing/invalid in the DOM — `new Date("")` yields an Invalid
+      // Date, which downstream sorting/checkpointing then can't compare, and
+      // an empty `date` made `origin_id` collide on `-<author>` across rows.
+      const events: EventEnvelope[] = reviews.flatMap((review) => {
         const content = review.title ? `${review.title}\n\n${review.text}` : review.text;
-
-        return {
-          origin_id: `${review.date}-${review.author}`,
-          payload_text: content,
-          author_name: review.author,
-          occurred_at: new Date(review.date),
-          origin_type: 'review',
-          score: calculateEngagementScore('trustpilot', {
-            rating: review.rating,
-            helpful_count: 0,
-          }),
-          source_url: baseUrl,
-          metadata: {
-            rating: review.rating,
-            helpful_count: 0,
-            title: review.title,
+        const parsedDate = review.date ? new Date(review.date) : null;
+        if (!parsedDate || Number.isNaN(parsedDate.getTime())) return [];
+
+        return [
+          {
+            origin_id: `${review.date}-${review.author}`,
+            payload_text: content,
+            author_name: review.author,
+            occurred_at: parsedDate,
+            origin_type: 'review',
+            score: calculateEngagementScore('trustpilot', {
+              rating: review.rating,
+              helpful_count: 0,
+            }),
+            source_url: baseUrl,
+            metadata: {
+              rating: review.rating,
+              helpful_count: 0,
+              title: review.title,
+            },
           },
-        };
+        ];
       });
 
       return {

package/dist/connectors/website.ts

@@ -20,6 +20,7 @@ import {
   type SyncResult,
 } from '@lobu/connector-sdk';
 import type { Page } from 'playwright';
+import { validatePublicUrl } from './browser-scraper-utils.ts';
 
 interface PageSection {
   heading: string;
@@ -50,72 +51,6 @@ function shouldSkipCookieBannerText(text: string): boolean {
   return countPatternMatches(normalized, COOKIE_BANNER_PATTERNS) >= 3;
 }
 
-/**
- * Validates a URL is safe for server-side fetching.
- * Blocks private/internal network addresses to prevent SSRF attacks.
- */
-function validatePublicUrl(url: string): void {
-  let parsed: URL;
-  try {
-    parsed = new URL(url);
-  } catch {
-    throw new Error(`Invalid URL: ${url}`);
-  }
-
-  if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
-    throw new Error(`URL must use http: or https: protocol, got ${parsed.protocol}`);
-  }
-
-  const hostname = parsed.hostname.toLowerCase();
-
-  // Block localhost variants
-  if (hostname === 'localhost' || hostname === '[::1]' || hostname.endsWith('.localhost')) {
-    throw new Error(`URL must not point to localhost: ${hostname}`);
-  }
-
-  // Block private/internal IP ranges
-  // IPv4 patterns: 127.x.x.x, 10.x.x.x, 192.168.x.x, 172.16-31.x.x, 169.254.x.x, 0.x.x.x
-  const ipv4Match = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
-  if (ipv4Match) {
-    const [, a, b] = ipv4Match.map(Number);
-    if (
-      a === 127 || // 127.0.0.0/8 loopback
-      a === 10 || // 10.0.0.0/8 private
-      (a === 172 && b >= 16 && b <= 31) || // 172.16.0.0/12 private
-      (a === 192 && b === 168) || // 192.168.0.0/16 private
-      (a === 169 && b === 254) || // 169.254.0.0/16 link-local
-      a === 0 // 0.0.0.0/8
-    ) {
-      throw new Error(`URL must not point to a private/internal IP address: ${hostname}`);
-    }
-  }
-
-  // Block IPv6 private ranges (bracketed notation in URLs)
-  if (hostname.startsWith('[')) {
-    const ipv6 = hostname.slice(1, -1).toLowerCase();
-    if (
-      ipv6 === '::1' ||
-      ipv6.startsWith('fe80:') || // link-local
-      ipv6.startsWith('fc') || // unique local (fc00::/7)
-      ipv6.startsWith('fd') || // unique local (fc00::/7)
-      ipv6 === '::' || // unspecified
-      ipv6.startsWith('::ffff:') // IPv4-mapped IPv6
-    ) {
-      throw new Error(`URL must not point to a private/internal IPv6 address: ${hostname}`);
-    }
-  }
-
-  // Block common internal hostnames
-  if (
-    hostname.endsWith('.internal') ||
-    hostname.endsWith('.local') ||
-    hostname.endsWith('.corp') ||
-    hostname.endsWith('.lan')
-  ) {
-    throw new Error(`URL must not point to an internal hostname: ${hostname}`);
-  }
-}
-
 export default class WebsiteConnector extends ConnectorRuntime {
   readonly definition: ConnectorDefinition = {
     key: 'website',
@@ -457,7 +392,11 @@ export default class WebsiteConnector extends ConnectorRuntime {
     return result.join('\n');
   }
 
-  private async fetchSitemap(sitemapUrl: string): Promise<string[]> {
+  private async fetchSitemap(sitemapUrl: string, depth = 0): Promise<string[]> {
+    // Sitemap-index recursion bound — caps fan-out from a remote sitemap that
+    // links to a sitemap that links to a sitemap... untrusted XML must not
+    // drive unbounded outbound traffic.
+    if (depth > 2) return [];
     const response = await fetch(sitemapUrl, {
       headers: { 'User-Agent': 'Mozilla/5.0 (compatible; LobuBot/1.0)' },
     });
@@ -493,7 +432,7 @@ export default class WebsiteConnector extends ConnectorRuntime {
       }
       for (const childUrl of childSitemaps.slice(0, 5)) {
         validatePublicUrl(childUrl);
-        const childUrls = await this.fetchSitemap(childUrl);
+        const childUrls = await this.fetchSitemap(childUrl, depth + 1);
         urls.push(...childUrls);
       }
     }

package/dist/connectors/whatsapp.ts

@@ -424,11 +424,7 @@ export default class WhatsAppConnector extends ConnectorRuntime {
         },
       };
     } catch (error) {
-      try {
-        sock.end(undefined);
-      } catch {
-        /* ignore */
-      }
+      safeEnd(sock);
       throw error;
     }
   }
@@ -478,11 +474,7 @@ async function attemptPairing(
       sock.ev.off('connection.update', handler);
       sock.ev.off('creds.update', credsListener);
       ctx.signal.removeEventListener('abort', onAbort);
-      try {
-        sock.end(undefined);
-      } catch {
-        /* ignore */
-      }
+      safeEnd(sock);
       resolve(outcome);
     };
 
@@ -592,11 +584,7 @@ async function drainHistory(
     sock.ev.off('chats.upsert', chatsListener);
     sock.ev.off('messaging-history.set', historyListener);
     sock.ev.off('messages.upsert', messagesListener);
-    try {
-      sock.end(undefined);
-    } catch {
-      /* ignore */
-    }
+    safeEnd(sock);
   };
 
   try {
@@ -829,6 +817,14 @@ function delay(ms: number): Promise<void> {
   return new Promise((r) => setTimeout(r, ms));
 }
 
+function safeEnd(sock: ReturnType<typeof makeWASocket>): void {
+  try {
+    sock.end(undefined);
+  } catch {
+    /* ignore */
+  }
+}
+
 function waitForOpen(sock: ReturnType<typeof makeWASocket>, timeoutMs: number): Promise<boolean> {
   return new Promise((resolve) => {
     let newLogin = false;
@@ -963,12 +959,7 @@ export function toEvent(
   const text = extractText(m.message);
   if (!text) return null;
 
-  const tsRaw =
-    typeof m.messageTimestamp === 'number'
-      ? m.messageTimestamp
-      : ((m.messageTimestamp as { low?: number; toNumber?: () => number } | null)?.toNumber?.() ??
-        (m.messageTimestamp as { low?: number } | null)?.low ??
-        0);
+  const tsRaw = extractTs(m);
   if (!tsRaw) return null;
   const occurredAt = new Date(tsRaw * 1000);
 

package/dist/db/migrations/20260514130000_connection_action_modes.sql

@@ -0,0 +1,103 @@
+-- migrate:up
+
+-- Collapse `connection.config.auto_approve_actions` (string[]) and
+-- `connection.config.require_approval_actions` (string[]) into a single
+-- `action_modes` (Record<string, 'disabled' | 'approval' | 'auto'>) map.
+--
+-- The old two-array model couldn't express "agent must not call this op
+-- at all" — every action the connector defined was always reachable, the
+-- arrays only flipped approval prompts. The new map adds 'disabled' as the
+-- third state and gives every op an explicit user-chosen mode.
+--
+-- Backfill rule, per row, for every op listed in either array:
+--   op in auto_approve_actions      → action_modes[op] = 'auto'
+--   op in require_approval_actions  → action_modes[op] = 'approval'
+-- When an op appears in both, 'approval' wins (it's the stricter signal:
+-- the user explicitly opted in to seeing an approval prompt).
+--
+-- Ops the user never touched are not stored in action_modes; the server
+-- falls back to the connector's per-op `requires_approval` default at read
+-- time, which preserves today's "all on" behavior.
+--
+-- We drop the two old keys in the same statement so the new state is the
+-- only state on disk after migration.
+
+UPDATE public.connections
+SET config = (
+        COALESCE(config, '{}'::jsonb)
+        - 'auto_approve_actions'
+        - 'require_approval_actions'
+    )
+    || jsonb_build_object(
+        'action_modes',
+        COALESCE(
+            (
+                -- 'approval' wins over 'auto' when an op appears in both arrays
+                -- (MIN('approval', 'auto') = 'approval' lexicographically).
+                SELECT jsonb_object_agg(op_key, mode)
+                FROM (
+                    SELECT op_key, MIN(mode) AS mode
+                    FROM (
+                        SELECT op_key, 'approval'::text AS mode
+                        FROM jsonb_array_elements_text(
+                            CASE
+                                WHEN jsonb_typeof(config->'require_approval_actions') = 'array'
+                                    THEN config->'require_approval_actions'
+                                ELSE '[]'::jsonb
+                            END
+                        ) AS op_key
+                        UNION ALL
+                        SELECT op_key, 'auto'::text AS mode
+                        FROM jsonb_array_elements_text(
+                            CASE
+                                WHEN jsonb_typeof(config->'auto_approve_actions') = 'array'
+                                    THEN config->'auto_approve_actions'
+                                ELSE '[]'::jsonb
+                            END
+                        ) AS op_key
+                    ) all_modes
+                    GROUP BY op_key
+                ) collapsed
+            ),
+            '{}'::jsonb
+        )
+    )
+WHERE config IS NOT NULL
+  AND (
+      config ? 'auto_approve_actions'
+      OR config ? 'require_approval_actions'
+  );
+
+-- migrate:down
+
+-- Reverse the collapse: split action_modes back into the two arrays.
+-- 'auto'     → auto_approve_actions
+-- 'approval' → require_approval_actions
+-- 'disabled' has no pre-refactor equivalent and is silently dropped on
+-- downgrade — the agent will see the op again as if no override existed.
+UPDATE public.connections
+SET config = (
+        COALESCE(config, '{}'::jsonb) - 'action_modes'
+    )
+    || jsonb_build_object(
+        'auto_approve_actions',
+        COALESCE(
+            (
+                SELECT jsonb_agg(key)
+                FROM jsonb_each_text(config->'action_modes')
+                WHERE value = 'auto'
+            ),
+            '[]'::jsonb
+        ),
+        'require_approval_actions',
+        COALESCE(
+            (
+                SELECT jsonb_agg(key)
+                FROM jsonb_each_text(config->'action_modes')
+                WHERE value = 'approval'
+            ),
+            '[]'::jsonb
+        )
+    )
+WHERE config IS NOT NULL
+  AND jsonb_typeof(config->'action_modes') = 'object';

package/dist/db/migrations/20260514160000_auth_profiles_mirror_mode.sql

@@ -0,0 +1,32 @@
+-- migrate:up
+-- Relax the device-binding XOR for browser_session profiles to allow
+-- mirror mode, where neither user_data_dir nor cdp_url is set on the
+-- row (the source profile dir lives in auth_data.source_profile_dir).
+-- Keep the mutual exclusion of the two columns so they can't be set
+-- together; application validation enforces "exactly one of mirror /
+-- cdp / legacy" per row.
+
+ALTER TABLE auth_profiles
+  DROP CONSTRAINT IF EXISTS auth_profiles_device_browser_path_xor;
+
+ALTER TABLE auth_profiles
+  ADD CONSTRAINT auth_profiles_device_browser_path_mutex
+  CHECK (
+    device_worker_id IS NULL
+    OR profile_kind <> 'browser_session'
+    OR user_data_dir IS NULL
+    OR cdp_url IS NULL
+  );
+
+-- migrate:down
+ALTER TABLE auth_profiles
+  DROP CONSTRAINT IF EXISTS auth_profiles_device_browser_path_mutex;
+
+ALTER TABLE auth_profiles
+  ADD CONSTRAINT auth_profiles_device_browser_path_xor
+  CHECK (
+    device_worker_id IS NULL
+    OR profile_kind <> 'browser_session'
+    OR ((user_data_dir IS NOT NULL) AND (cdp_url IS NULL))
+    OR ((user_data_dir IS NULL) AND (cdp_url IS NOT NULL))
+  );