npm - @nuanu-ai/agentbrowse - Versions diffs - 0.2.7 → 0.2.8 - Mend

@nuanu-ai/agentbrowse 0.2.7 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (191) hide show

package/README.md +36 -8
package/dist/agentpay-stagehand-llm.d.ts.map +1 -1
package/dist/agentpay-stagehand-llm.js +5 -1
package/dist/commands/act.d.ts +6 -2
package/dist/commands/act.d.ts.map +1 -1
package/dist/commands/act.js +840 -55
package/dist/commands/act.test-harness.d.ts +19 -0
package/dist/commands/act.test-harness.d.ts.map +1 -0
package/dist/commands/act.test-harness.js +245 -0
package/dist/commands/action-acceptance.d.ts +90 -0
package/dist/commands/action-acceptance.d.ts.map +1 -0
package/dist/commands/action-acceptance.js +1411 -0
package/dist/commands/action-artifacts.d.ts +33 -0
package/dist/commands/action-artifacts.d.ts.map +1 -0
package/dist/commands/action-artifacts.js +104 -0
package/dist/commands/action-execution-guards.d.ts +5 -0
package/dist/commands/action-execution-guards.d.ts.map +1 -0
package/dist/commands/action-execution-guards.js +3 -0
package/dist/commands/action-executor-helpers.d.ts +21 -0
package/dist/commands/action-executor-helpers.d.ts.map +1 -0
package/dist/commands/action-executor-helpers.js +242 -0
package/dist/commands/action-executor.d.ts +12 -0
package/dist/commands/action-executor.d.ts.map +1 -0
package/dist/commands/action-executor.js +45 -0
package/dist/commands/action-fallbacks.d.ts +6 -0
package/dist/commands/action-fallbacks.d.ts.map +1 -0
package/dist/commands/action-fallbacks.js +43 -0
package/dist/commands/action-value-projection.d.ts +32 -0
package/dist/commands/action-value-projection.d.ts.map +1 -0
package/dist/commands/action-value-projection.js +151 -0
package/dist/commands/browse-actions.d.ts +4 -0
package/dist/commands/browse-actions.d.ts.map +1 -0
package/dist/commands/browse-actions.js +4 -0
package/dist/commands/captcha-solve.d.ts.map +1 -1
package/dist/commands/captcha-solve.js +13 -3
package/dist/commands/click-action-executor.d.ts +10 -0
package/dist/commands/click-action-executor.d.ts.map +1 -0
package/dist/commands/click-action-executor.js +68 -0
package/dist/commands/create-intent.d.ts +6 -0
package/dist/commands/create-intent.d.ts.map +1 -0
package/dist/commands/create-intent.js +75 -0
package/dist/commands/datepicker-action-executor.d.ts +12 -0
package/dist/commands/datepicker-action-executor.d.ts.map +1 -0
package/dist/commands/datepicker-action-executor.js +218 -0
package/dist/commands/descriptor-validation.d.ts +27 -0
package/dist/commands/descriptor-validation.d.ts.map +1 -0
package/dist/commands/descriptor-validation.js +333 -0
package/dist/commands/extract-scope-resolution.d.ts +20 -0
package/dist/commands/extract-scope-resolution.d.ts.map +1 -0
package/dist/commands/extract-scope-resolution.js +100 -0
package/dist/commands/extract-stagehand-executor.d.ts +17 -0
package/dist/commands/extract-stagehand-executor.d.ts.map +1 -0
package/dist/commands/extract-stagehand-executor.js +18 -0
package/dist/commands/extract.d.ts +3 -2
package/dist/commands/extract.d.ts.map +1 -1
package/dist/commands/extract.js +256 -39
package/dist/commands/fill-secret.d.ts +7 -0
package/dist/commands/fill-secret.d.ts.map +1 -0
package/dist/commands/fill-secret.js +371 -0
package/dist/commands/get-secrets-catalog.d.ts +6 -0
package/dist/commands/get-secrets-catalog.d.ts.map +1 -0
package/dist/commands/get-secrets-catalog.js +23 -0
package/dist/commands/launch.d.ts.map +1 -1
package/dist/commands/launch.js +41 -7
package/dist/commands/navigate.d.ts +2 -1
package/dist/commands/navigate.d.ts.map +1 -1
package/dist/commands/navigate.js +49 -12
package/dist/commands/observe-inventory.d.ts +109 -0
package/dist/commands/observe-inventory.d.ts.map +1 -0
package/dist/commands/observe-inventory.js +2837 -0
package/dist/commands/observe-persistence.d.ts +14 -0
package/dist/commands/observe-persistence.d.ts.map +1 -0
package/dist/commands/observe-persistence.js +170 -0
package/dist/commands/observe-projection.d.ts +84 -0
package/dist/commands/observe-projection.d.ts.map +1 -0
package/dist/commands/observe-projection.js +140 -0
package/dist/commands/observe-protected.d.ts +5 -0
package/dist/commands/observe-protected.d.ts.map +1 -0
package/dist/commands/observe-protected.js +18 -0
package/dist/commands/observe-semantics.d.ts +10 -0
package/dist/commands/observe-semantics.d.ts.map +1 -0
package/dist/commands/observe-semantics.js +338 -0
package/dist/commands/observe-stagehand.d.ts +48 -0
package/dist/commands/observe-stagehand.d.ts.map +1 -0
package/dist/commands/observe-stagehand.js +105 -0
package/dist/commands/observe-surfaces.d.ts +9 -0
package/dist/commands/observe-surfaces.d.ts.map +1 -0
package/dist/commands/observe-surfaces.js +195 -0
package/dist/commands/observe.d.ts +47 -1
package/dist/commands/observe.d.ts.map +1 -1
package/dist/commands/observe.js +173 -20
package/dist/commands/observe.test-harness.d.ts +67 -0
package/dist/commands/observe.test-harness.d.ts.map +1 -0
package/dist/commands/observe.test-harness.js +107 -0
package/dist/commands/poll-intent.d.ts +6 -0
package/dist/commands/poll-intent.d.ts.map +1 -0
package/dist/commands/poll-intent.js +57 -0
package/dist/commands/screenshot.d.ts +2 -1
package/dist/commands/screenshot.d.ts.map +1 -1
package/dist/commands/screenshot.js +44 -12
package/dist/commands/select-action-executor.d.ts +10 -0
package/dist/commands/select-action-executor.d.ts.map +1 -0
package/dist/commands/select-action-executor.js +91 -0
package/dist/commands/semantic-observe.d.ts +24 -0
package/dist/commands/semantic-observe.d.ts.map +1 -0
package/dist/commands/semantic-observe.js +344 -0
package/dist/commands/status.d.ts.map +1 -1
package/dist/commands/status.js +75 -2
package/dist/commands/structured-grid-action-executor.d.ts +3 -0
package/dist/commands/structured-grid-action-executor.d.ts.map +1 -0
package/dist/commands/structured-grid-action-executor.js +4 -0
package/dist/commands/target-resolution.d.ts +4 -0
package/dist/commands/target-resolution.d.ts.map +1 -0
package/dist/commands/target-resolution.js +33 -0
package/dist/commands/text-input-action-executor.d.ts +5 -0
package/dist/commands/text-input-action-executor.d.ts.map +1 -0
package/dist/commands/text-input-action-executor.js +116 -0
package/dist/commands/user-actionable.d.ts +4 -0
package/dist/commands/user-actionable.d.ts.map +1 -0
package/dist/commands/user-actionable.js +95 -0
package/dist/control-semantics.d.ts +29 -0
package/dist/control-semantics.d.ts.map +1 -0
package/dist/control-semantics.js +299 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +95 -32
package/dist/output.d.ts +14 -2
package/dist/output.d.ts.map +1 -1
package/dist/output.js +17 -29
package/dist/playwright-runtime.d.ts +35 -0
package/dist/playwright-runtime.d.ts.map +1 -0
package/dist/playwright-runtime.js +224 -0
package/dist/runtime-resolution.d.ts +9 -0
package/dist/runtime-resolution.d.ts.map +1 -0
package/dist/runtime-resolution.js +19 -0
package/dist/runtime-state.d.ts +217 -0
package/dist/runtime-state.d.ts.map +1 -0
package/dist/runtime-state.js +629 -0
package/dist/secrets/backend.d.ts +32 -0
package/dist/secrets/backend.d.ts.map +1 -0
package/dist/secrets/backend.js +169 -0
package/dist/secrets/catalog-applicability.d.ts +5 -0
package/dist/secrets/catalog-applicability.d.ts.map +1 -0
package/dist/secrets/catalog-applicability.js +59 -0
package/dist/secrets/catalog-sync.d.ts +14 -0
package/dist/secrets/catalog-sync.d.ts.map +1 -0
package/dist/secrets/catalog-sync.js +35 -0
package/dist/secrets/field-policy.d.ts +3 -0
package/dist/secrets/field-policy.d.ts.map +1 -0
package/dist/secrets/field-policy.js +3 -0
package/dist/secrets/fill-ordering.d.ts +11 -0
package/dist/secrets/fill-ordering.d.ts.map +1 -0
package/dist/secrets/fill-ordering.js +44 -0
package/dist/secrets/form-matcher.d.ts +60 -0
package/dist/secrets/form-matcher.d.ts.map +1 -0
package/dist/secrets/form-matcher.js +596 -0
package/dist/secrets/intent-output.d.ts +11 -0
package/dist/secrets/intent-output.d.ts.map +1 -0
package/dist/secrets/intent-output.js +64 -0
package/dist/secrets/mock-agentpay-backend.d.ts +13 -0
package/dist/secrets/mock-agentpay-backend.d.ts.map +1 -0
package/dist/secrets/mock-agentpay-backend.js +87 -0
package/dist/secrets/mock-agentpay-cabinet.d.ts +43 -0
package/dist/secrets/mock-agentpay-cabinet.d.ts.map +1 -0
package/dist/secrets/mock-agentpay-cabinet.js +195 -0
package/dist/secrets/protected-artifact-guard.d.ts +25 -0
package/dist/secrets/protected-artifact-guard.d.ts.map +1 -0
package/dist/secrets/protected-artifact-guard.js +26 -0
package/dist/secrets/protected-bindings.d.ts +10 -0
package/dist/secrets/protected-bindings.d.ts.map +1 -0
package/dist/secrets/protected-bindings.js +17 -0
package/dist/secrets/protected-field-values.d.ts +13 -0
package/dist/secrets/protected-field-values.d.ts.map +1 -0
package/dist/secrets/protected-field-values.js +100 -0
package/dist/secrets/protected-fill.d.ts +47 -0
package/dist/secrets/protected-fill.d.ts.map +1 -0
package/dist/secrets/protected-fill.js +512 -0
package/dist/secrets/types.d.ts +84 -0
package/dist/secrets/types.d.ts.map +1 -0
package/dist/secrets/types.js +27 -0
package/dist/session.d.ts +22 -0
package/dist/session.d.ts.map +1 -1
package/dist/session.js +74 -2
package/dist/solver/browser-launcher.d.ts.map +1 -1
package/dist/solver/browser-launcher.js +6 -3
package/dist/stagehand-runtime.d.ts +4 -0
package/dist/stagehand-runtime.d.ts.map +1 -0
package/dist/stagehand-runtime.js +10 -0
package/dist/stagehand.d.ts +0 -5
package/dist/stagehand.d.ts.map +1 -1
package/dist/stagehand.js +0 -6
package/package.json +5 -2

package/dist/secrets/form-matcher.js ADDED Viewed

@@ -0,0 +1,596 @@
+import { z } from 'zod';
+import { AgentpayStagehandLlmClient } from '../agentpay-stagehand-llm.js';
+import { tryResolveAgentpayGatewayConfig } from '../agentpay-gateway.js';
+import { IDENTITY_FIELD_KEYS, LOGIN_FIELD_KEYS, PAYMENT_CARD_FIELD_KEYS, } from './types.js';
+import { recommendedTimingForProtectedForm } from './fill-ordering.js';
+import { normalizeProtectedBindingValueHint, protectedBindingKey, protectedBindingValueHintSchema, } from './protected-bindings.js';
+const PROMPT_VALUE_MAX_CHARS = 180;
+const PROMPT_SIGNAL_MAX_CHARS = 220;
+const PROMPT_SIGNAL_MAX_VALUES = 8;
+const PAYMENT_CARD_CORE_FIELD_KEYS = new Set([
+    'pan',
+    'exp_month',
+    'exp_year',
+    'cvv',
+]);
+const PAYMENT_CARD_CORE_SIGNAL_RE = /\b(card number|card no|cc-number|cc number|expiration|expiry|exp(?:iry)? date|mm\s*\/\s*yy|security code|cvv|cvc)\b/i;
+const PAYMENT_CARD_NAME_SIGNAL_RE = /\b(cardholder|card holder|name on card|cardholder name|full name)\b/i;
+const PAYMENT_CARD_PAN_SIGNAL_RE = /\b(card number|card no|cc-number|cc number)\b/i;
+const PAYMENT_CARD_EXP_SIGNAL_RE = /\b(expiration|expiry|exp(?:iry)? date|exp date|mm\s*\/\s*yy|mmyy|mm\/yy)\b/i;
+const PAYMENT_CARD_CVV_SIGNAL_RE = /\b(security code|cvv|cvc)\b/i;
+const protectedFormPlanSchema = z.object({
+    confidence: z.enum(['high', 'medium', 'low']),
+    bindings: z
+        .array(z.object({
+        targetRef: z.string(),
+        fieldKey: z.string(),
+        valueHint: protectedBindingValueHintSchema.optional(),
+    }))
+        .max(24),
+});
+function normalizeText(value) {
+    return value?.replace(/\s+/g, ' ').trim().toLowerCase() ?? '';
+}
+function compactPromptValue(value, maxChars = PROMPT_VALUE_MAX_CHARS) {
+    const normalized = value?.replace(/\s+/g, ' ').trim();
+    if (!normalized) {
+        return undefined;
+    }
+    return normalized.length > maxChars ? `${normalized.slice(0, maxChars - 1)}…` : normalized;
+}
+function isTargetEligibleForProtectedFill(target) {
+    if (target.lifecycle !== 'live') {
+        return false;
+    }
+    if (!allowsProtectedAvailability(target.availability)) {
+        return false;
+    }
+    return (target.allowedActions.includes('fill') ||
+        target.allowedActions.includes('type') ||
+        target.allowedActions.includes('select'));
+}
+function allowsProtectedAvailability(availability) {
+    return availability?.state === undefined || availability.state === 'available';
+}
+function selectorSignalFragments(selector) {
+    const fragments = [];
+    for (const match of selector.matchAll(/\[name="([^"]+)"\]/g)) {
+        fragments.push(match[1] ?? '');
+    }
+    for (const match of selector.matchAll(/#([a-zA-Z0-9_-]+)/g)) {
+        fragments.push(match[1] ?? '');
+    }
+    return fragments;
+}
+function signalValuesOf(target) {
+    const values = new Set();
+    const push = (value) => {
+        const normalized = normalizeText(value);
+        if (normalized) {
+            values.add(normalized.length > PROMPT_SIGNAL_MAX_CHARS
+                ? `${normalized.slice(0, PROMPT_SIGNAL_MAX_CHARS - 1)}…`
+                : normalized);
+        }
+    };
+    push(target.label);
+    push(target.displayLabel);
+    push(target.kind);
+    push(target.semantics?.role);
+    push(target.semantics?.name);
+    push(target.context?.hintText);
+    push(target.context?.group?.label);
+    push(target.context?.group?.text);
+    push(target.context?.container?.label);
+    push(target.context?.container?.text);
+    push(target.context?.landmark?.label);
+    push(target.context?.landmark?.text);
+    for (const candidate of target.locatorCandidates) {
+        push(candidate.name);
+        push(candidate.value);
+        if (candidate.strategy === 'css' || candidate.strategy === 'xpath') {
+            for (const fragment of selectorSignalFragments(candidate.value)) {
+                push(fragment);
+            }
+        }
+    }
+    return [...values];
+}
+function localSignalValuesOf(target) {
+    const values = new Set();
+    const push = (value) => {
+        const normalized = normalizeText(value);
+        if (normalized) {
+            values.add(normalized.length > PROMPT_SIGNAL_MAX_CHARS
+                ? `${normalized.slice(0, PROMPT_SIGNAL_MAX_CHARS - 1)}…`
+                : normalized);
+        }
+    };
+    push(target.label);
+    push(target.displayLabel);
+    push(target.kind);
+    push(target.semantics?.role);
+    push(target.semantics?.name);
+    push(target.placeholder);
+    push(target.inputName);
+    push(target.inputType);
+    push(target.autocomplete);
+    for (const candidate of target.locatorCandidates) {
+        push(candidate.name);
+        if (candidate.strategy === 'css' || candidate.strategy === 'xpath') {
+            push(candidate.value);
+            for (const fragment of selectorSignalFragments(candidate.value)) {
+                push(fragment);
+            }
+            continue;
+        }
+        if (candidate.strategy === 'label' || candidate.strategy === 'placeholder' || candidate.strategy === 'title') {
+            push(candidate.value);
+        }
+    }
+    return [...values];
+}
+function targetLooksLikePaymentCardCore(target) {
+    const autocomplete = normalizeText(target.autocomplete);
+    const inputName = normalizeText(target.inputName);
+    const signals = localSignalValuesOf(target);
+    if (autocomplete.includes('cc-number') || autocomplete.includes('cc-exp') || autocomplete.includes('cc-csc')) {
+        return true;
+    }
+    if (signals.some((signal) => PAYMENT_CARD_CORE_SIGNAL_RE.test(signal))) {
+        return true;
+    }
+    return /\b(card(number)?|expiry|exp|cvc|cvv)\b/.test(inputName);
+}
+function targetLooksRelevantToPaymentCard(target) {
+    if (targetLooksLikePaymentCardCore(target)) {
+        return true;
+    }
+    const autocomplete = normalizeText(target.autocomplete);
+    const inputName = normalizeText(target.inputName);
+    const signals = localSignalValuesOf(target);
+    if (autocomplete.includes('cc-name')) {
+        return true;
+    }
+    if (PAYMENT_CARD_NAME_SIGNAL_RE.test(normalizeText(target.label))) {
+        return true;
+    }
+    if (signals.some((signal) => PAYMENT_CARD_NAME_SIGNAL_RE.test(signal))) {
+        return true;
+    }
+    return /\b(cardholder|card-holder|cc-name)\b/.test(inputName);
+}
+function deterministicPaymentCardFieldKeysForTarget(target) {
+    const autocomplete = normalizeText(target.autocomplete);
+    const inputName = normalizeText(target.inputName);
+    const signals = localSignalValuesOf(target);
+    if (autocomplete.includes('cc-number')) {
+        return ['pan'];
+    }
+    if (autocomplete.includes('cc-exp')) {
+        return ['exp_month', 'exp_year'];
+    }
+    if (autocomplete.includes('cc-csc')) {
+        return ['cvv'];
+    }
+    if (autocomplete.includes('cc-name')) {
+        return ['cardholder'];
+    }
+    if (signals.some((signal) => PAYMENT_CARD_PAN_SIGNAL_RE.test(signal))) {
+        return ['pan'];
+    }
+    if (signals.some((signal) => PAYMENT_CARD_EXP_SIGNAL_RE.test(signal))) {
+        return ['exp_month', 'exp_year'];
+    }
+    if (signals.some((signal) => PAYMENT_CARD_CVV_SIGNAL_RE.test(signal))) {
+        return ['cvv'];
+    }
+    if (signals.some((signal) => PAYMENT_CARD_NAME_SIGNAL_RE.test(signal))) {
+        return ['cardholder'];
+    }
+    if (/\b(card(number)?|cc-?number)\b/.test(inputName)) {
+        return ['pan'];
+    }
+    if (/\b(exp|expiry|expiration)\b/.test(inputName)) {
+        return ['exp_month', 'exp_year'];
+    }
+    if (/\b(cvv|cvc|security)\b/.test(inputName)) {
+        return ['cvv'];
+    }
+    if (/\b(cardholder|card-holder|cc-name)\b/.test(inputName)) {
+        return ['cardholder'];
+    }
+    return [];
+}
+function deterministicPaymentCardPlan(plannerGroup, fullGroup) {
+    const fieldTargets = new Map();
+    for (const target of plannerGroup.targets) {
+        for (const fieldKey of deterministicPaymentCardFieldKeysForTarget(target)) {
+            const refs = fieldTargets.get(fieldKey) ?? new Set();
+            refs.add(target.ref);
+            fieldTargets.set(fieldKey, refs);
+        }
+    }
+    for (const fieldKey of PAYMENT_CARD_CORE_FIELD_KEYS) {
+        const refs = fieldTargets.get(fieldKey);
+        if (!refs || refs.size !== 1) {
+            return null;
+        }
+    }
+    const bindings = [];
+    const targetByRef = new Map(fullGroup.targets.map((target) => [target.ref, target]));
+    const seen = new Set();
+    const push = (fieldKey, targetRef) => {
+        const key = protectedBindingKey({ fieldKey, targetRef, valueHint: 'direct' });
+        if (seen.has(key)) {
+            return;
+        }
+        seen.add(key);
+        bindings.push({
+            fieldKey,
+            targetRef,
+            label: targetByRef.get(targetRef)?.displayLabel ?? targetByRef.get(targetRef)?.label,
+            valueHint: 'direct',
+        });
+    };
+    push('pan', [...fieldTargets.get('pan')][0]);
+    const expiryTargetRef = [...fieldTargets.get('exp_month')][0];
+    push('exp_month', expiryTargetRef);
+    push('exp_year', expiryTargetRef);
+    push('cvv', [...fieldTargets.get('cvv')][0]);
+    const cardholderRefs = fieldTargets.get('cardholder');
+    if (cardholderRefs?.size === 1) {
+        push('cardholder', [...cardholderRefs][0]);
+    }
+    const sortedBindings = bindings.sort((left, right) => {
+        const leftPriority = canonicalFieldOrder('payment_card').indexOf(left.fieldKey);
+        const rightPriority = canonicalFieldOrder('payment_card').indexOf(right.fieldKey);
+        if (leftPriority !== rightPriority) {
+            return leftPriority - rightPriority;
+        }
+        return left.targetRef.localeCompare(right.targetRef);
+    });
+    return {
+        confidence: 'high',
+        fields: dropSuspiciousIframePaymentCardBindings(sortedBindings, fullGroup, targetByRef),
+    };
+}
+function plannerGroupForKind(kind, group) {
+    switch (kind) {
+        case 'payment_card': {
+            const relevantTargets = group.targets.filter((target) => targetLooksRelevantToPaymentCard(target));
+            if (relevantTargets.length === 0) {
+                return null;
+            }
+            const hasCore = relevantTargets.some((target) => targetLooksLikePaymentCardCore(target));
+            if (!hasCore) {
+                return null;
+            }
+            return {
+                groupKey: group.groupKey,
+                targets: relevantTargets,
+            };
+        }
+        default:
+            return group;
+    }
+}
+function formGroupKeyOf(target) {
+    for (const node of [
+        target.context?.landmark,
+        target.context?.container,
+        target.context?.group,
+        target.context?.item,
+    ]) {
+        if (normalizeText(node?.kind) !== 'form') {
+            continue;
+        }
+        const label = normalizeText(node?.label ?? node?.text);
+        return label ? `form:${label}` : `form:${target.pageRef}`;
+    }
+    return `page:${target.pageRef}`;
+}
+function groupTargetsByForm(targets) {
+    const groups = new Map();
+    for (const target of targets) {
+        if (!isTargetEligibleForProtectedFill(target)) {
+            continue;
+        }
+        const groupKey = formGroupKeyOf(target);
+        const group = groups.get(groupKey) ?? [];
+        group.push(target);
+        groups.set(groupKey, group);
+    }
+    return [...groups.entries()].map(([groupKey, groupTargets]) => ({
+        groupKey,
+        targets: groupTargets,
+    }));
+}
+function canonicalFieldOrder(kind) {
+    switch (kind) {
+        case 'login':
+            return LOGIN_FIELD_KEYS;
+        case 'identity':
+            return IDENTITY_FIELD_KEYS;
+        case 'payment_card':
+            return PAYMENT_CARD_FIELD_KEYS;
+    }
+}
+function purposePrompt(kind) {
+    switch (kind) {
+        case 'login':
+            return [
+                'Purpose: login form.',
+                'Expected canonical fields: username, password.',
+                'Match email/login/account fields to username when clearly used for sign-in.',
+                'Do not invent additional fields.',
+            ].join('\n');
+        case 'identity':
+            return [
+                'Purpose: identity or traveler details form.',
+                'Expected canonical fields: full_name, document_number, date_of_birth, nationality, issue_date, expiry_date, issuing_country.',
+                'full_name may be one direct full-name field or two split fields:',
+                '- First/Given name -> fieldKey=full_name, valueHint=full_name.given',
+                '- Last/Family/Surname -> fieldKey=full_name, valueHint=full_name.family',
+                'Do not confuse contact fields like email, phone, address, city, country/region with identity fields.',
+                'Do not treat generic contact-only forms as identity forms.',
+            ].join('\n');
+        case 'payment_card':
+            return [
+                'Purpose: payment card form.',
+                'Expected canonical fields: cardholder, pan, exp_month, exp_year, cvv.',
+                'A single expiry field may map to both exp_month and exp_year.',
+                'Do not confuse promo codes or billing ZIP/postcode with card data.',
+            ].join('\n');
+    }
+}
+function buildTargetSummary(target) {
+    const parts = [`targetRef=${JSON.stringify(target.ref)}`];
+    const push = (key, value) => {
+        const compact = compactPromptValue(value);
+        if (compact) {
+            parts.push(`${key}=${JSON.stringify(compact)}`);
+        }
+    };
+    if (target.kind)
+        parts.push(`kind=${JSON.stringify(target.kind)}`);
+    push('label', target.label);
+    push('displayLabel', target.displayLabel);
+    push('role', target.semantics?.role);
+    push('semanticsName', target.semantics?.name);
+    push('hintText', target.context?.hintText);
+    push('groupLabel', target.context?.group?.label);
+    push('groupText', target.context?.group?.text);
+    if (target.context?.container?.label) {
+        push('containerLabel', target.context.container.label);
+    }
+    if (target.context?.container?.text) {
+        push('containerText', target.context.container.text);
+    }
+    if (target.context?.landmark?.label) {
+        push('landmarkLabel', target.context.landmark.label);
+    }
+    if (target.allowedActions.length > 0) {
+        parts.push(`allowedActions=${JSON.stringify(target.allowedActions)}`);
+    }
+    if (target.controlFamily) {
+        parts.push(`controlFamily=${JSON.stringify(target.controlFamily)}`);
+    }
+    const signals = signalValuesOf(target);
+    if (signals.length > 0) {
+        parts.push(`signals=${JSON.stringify(signals.slice(0, PROMPT_SIGNAL_MAX_VALUES))}`);
+    }
+    return parts.join(' | ');
+}
+function buildMatcherPrompt(kind, group) {
+    return [
+        'You are matching protected form fields from an already discovered deterministic DOM inventory.',
+        'Return only bindings that are clearly supported by the visible field labels, placeholders, context, and locator-derived signals.',
+        'Fail closed. If the form is ambiguous, return low confidence with no bindings.',
+        'Use only the provided targetRef values.',
+        'For direct matches, omit valueHint or use valueHint=direct.',
+        purposePrompt(kind),
+        '',
+        `Form group key: ${group.groupKey}`,
+        'Targets:',
+        ...group.targets.map((target) => buildTargetSummary(target)),
+    ].join('\n');
+}
+function sanitizeBindings(kind, group, bindings) {
+    const allowedFieldKeys = new Set(canonicalFieldOrder(kind));
+    const allowedTargetRefs = new Set(group.targets.map((target) => target.ref));
+    const uniqueBindings = new Map();
+    const targetByRef = new Map(group.targets.map((target) => [target.ref, target]));
+    for (const binding of bindings) {
+        if (!allowedTargetRefs.has(binding.targetRef)) {
+            continue;
+        }
+        if (!allowedFieldKeys.has(binding.fieldKey)) {
+            continue;
+        }
+        const fieldKey = binding.fieldKey;
+        const normalizedValueHint = normalizeProtectedBindingValueHint(fieldKey, binding.valueHint);
+        const key = protectedBindingKey({
+            fieldKey,
+            targetRef: binding.targetRef,
+            valueHint: normalizedValueHint,
+        });
+        if (uniqueBindings.has(key)) {
+            continue;
+        }
+        uniqueBindings.set(key, {
+            fieldKey,
+            targetRef: binding.targetRef,
+            label: targetByRef.get(binding.targetRef)?.displayLabel ?? targetByRef.get(binding.targetRef)?.label,
+            valueHint: normalizedValueHint,
+        });
+    }
+    return [...uniqueBindings.values()].sort((left, right) => {
+        const leftPriority = canonicalFieldOrder(kind).indexOf(left.fieldKey);
+        const rightPriority = canonicalFieldOrder(kind).indexOf(right.fieldKey);
+        if (leftPriority !== rightPriority) {
+            return leftPriority - rightPriority;
+        }
+        return left.targetRef.localeCompare(right.targetRef);
+    });
+}
+function isCredibleKindMatch(_kind, fieldBindings) {
+    return fieldBindings.length > 0;
+}
+function frameKeyOf(target) {
+    if (!target.framePath || target.framePath.length === 0) {
+        return null;
+    }
+    return target.framePath.join('>');
+}
+function targetLooksLikeIframeEnrollmentField(target) {
+    const inputType = normalizeText(target.inputType);
+    const autocomplete = normalizeText(target.autocomplete);
+    const signals = signalValuesOf(target);
+    if (inputType === 'email' || autocomplete.includes('email')) {
+        return true;
+    }
+    if (inputType === 'tel' ||
+        autocomplete.includes('tel') ||
+        signals.some((signal) => /\b(phone|mobile|telephone|tel)\b/.test(signal))) {
+        return true;
+    }
+    return false;
+}
+function dropSuspiciousIframePaymentCardBindings(fields, group, targetByRef) {
+    const iframeEnrollmentFrames = new Set();
+    for (const target of group.targets) {
+        const frameKey = frameKeyOf(target);
+        if (!frameKey) {
+            continue;
+        }
+        if (targetLooksLikeIframeEnrollmentField(target)) {
+            iframeEnrollmentFrames.add(frameKey);
+        }
+    }
+    if (iframeEnrollmentFrames.size === 0) {
+        return [...fields];
+    }
+    return fields.filter((field) => {
+        if (PAYMENT_CARD_CORE_FIELD_KEYS.has(field.fieldKey)) {
+            return true;
+        }
+        if (field.fieldKey !== 'cardholder') {
+            return true;
+        }
+        const target = targetByRef.get(field.targetRef);
+        const frameKey = target ? frameKeyOf(target) : null;
+        if (!frameKey) {
+            return true;
+        }
+        return !iframeEnrollmentFrames.has(frameKey);
+    });
+}
+function formScopeRef(fields, targetByRef) {
+    const surfaceRefs = new Set();
+    for (const field of fields) {
+        const surfaceRef = targetByRef.get(field.targetRef)?.surfaceRef;
+        if (surfaceRef) {
+            surfaceRefs.add(surfaceRef);
+        }
+    }
+    return surfaceRefs.size === 1 ? [...surfaceRefs][0] : undefined;
+}
+function buildStoredSecretCandidates(catalog, kind, confidence, matchedFieldKeys) {
+    return catalog.storedSecrets
+        .filter((secret) => secret.kind === kind && secret.fieldKeys.some((fieldKey) => matchedFieldKeys.has(fieldKey)))
+        .map((secret) => ({
+        storedSecretRef: secret.storedSecretRef,
+        kind: secret.kind,
+        scope: secret.scope,
+        displayName: secret.displayName,
+        matchConfidence: confidence,
+        intentRequired: secret.intentRequired,
+        fieldKeys: [...secret.fieldKeys],
+        fieldPolicies: secret.fieldPolicies ? { ...secret.fieldPolicies } : undefined,
+    }));
+}
+function hasApplicableStoredSecretKind(catalog, kind) {
+    return catalog.storedSecrets.some((secret) => secret.kind === kind);
+}
+function purposesByPriority(catalog) {
+    const orderedKinds = ['login', 'identity', 'payment_card'];
+    return orderedKinds.filter((kind) => hasApplicableStoredSecretKind(catalog, kind));
+}
+async function planBindingsForGroup(client, kind, group) {
+    const plannerGroup = plannerGroupForKind(kind, group);
+    if (!plannerGroup) {
+        return null;
+    }
+    if (kind === 'payment_card') {
+        const deterministicPlan = deterministicPaymentCardPlan(plannerGroup, group);
+        if (deterministicPlan) {
+            return deterministicPlan;
+        }
+    }
+    const result = await client.createChatCompletion({
+        logger: () => { },
+        options: {
+            messages: [{ role: 'user', content: buildMatcherPrompt(kind, plannerGroup) }],
+            response_model: {
+                name: 'ProtectedFormPlan',
+                schema: protectedFormPlanSchema,
+            },
+        },
+    });
+    return {
+        confidence: result.data.confidence,
+        fields: kind === 'payment_card'
+            ? dropSuspiciousIframePaymentCardBindings(sanitizeBindings(kind, plannerGroup, result.data.bindings), group, new Map(group.targets.map((target) => [target.ref, target])))
+            : sanitizeBindings(kind, plannerGroup, result.data.bindings),
+    };
+}
+export async function matchStoredSecretsToObservedTargets(pageRef, targets, catalog, options = {}) {
+    if (!catalog) {
+        return [];
+    }
+    const gateway = options.gatewayConfig === undefined
+        ? tryResolveAgentpayGatewayConfig()
+        : options.gatewayConfig;
+    if (!gateway) {
+        return [];
+    }
+    const client = new AgentpayStagehandLlmClient(gateway);
+    const targetByRef = new Map(targets.map((target) => [target.ref, target]));
+    const groups = groupTargetsByForm(targets);
+    const nextObservedAt = options.observedAt ?? new Date().toISOString();
+    const forms = [];
+    for (const group of groups) {
+        for (const kind of purposesByPriority(catalog)) {
+            const planned = await planBindingsForGroup(client, kind, group).catch(() => null);
+            if (!planned || planned.confidence === 'low') {
+                continue;
+            }
+            if (!isCredibleKindMatch(kind, planned.fields)) {
+                continue;
+            }
+            const matchedFieldKeys = new Set(planned.fields.map((field) => field.fieldKey));
+            const storedSecretCandidates = buildStoredSecretCandidates(catalog, kind, planned.confidence, matchedFieldKeys);
+            if (storedSecretCandidates.length === 0) {
+                continue;
+            }
+            forms.push({
+                pageRef,
+                scopeRef: formScopeRef(planned.fields, targetByRef),
+                purpose: kind,
+                recommendedTiming: recommendedTimingForProtectedForm(kind),
+                fields: planned.fields,
+                storedSecretCandidates,
+                observedAt: nextObservedAt,
+            });
+        }
+    }
+    return forms;
+}
+export const __testFormMatcher = {
+    buildMatcherPrompt,
+    formGroupKeyOf,
+    groupTargetsByForm,
+    sanitizeBindings,
+    selectorSignalFragments,
+    signalValuesOf,
+};

package/dist/secrets/intent-output.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { SecretIntentSnapshot, SecretIntentStatus } from './types.js';
+export declare function serializeSecretIntent(snapshot: SecretIntentSnapshot): Record<string, unknown>;
+export declare function serializeSecretIntentContext(snapshot: SecretIntentSnapshot): Record<string, unknown>;
+export type SecretIntentStatusContract = {
+    message: string;
+    reason: string;
+    nextAction?: string;
+    outcomeType?: 'approval_pending' | 'approval_denied' | 'intent_expired';
+};
+export declare function describeSecretIntentStatus(status: SecretIntentStatus): SecretIntentStatusContract;
+//# sourceMappingURL=intent-output.d.ts.map

package/dist/secrets/intent-output.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"intent-output.d.ts","sourceRoot":"","sources":["../../src/secrets/intent-output.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAE3E,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAY7F;AAED,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,oBAAoB,GAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,kBAAkB,GAAG,iBAAiB,GAAG,gBAAgB,CAAC;CACzE,CAAC;AAEF,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,kBAAkB,GAAG,0BAA0B,CA0CjG"}

package/dist/secrets/intent-output.js ADDED Viewed

@@ -0,0 +1,64 @@
+export function serializeSecretIntent(snapshot) {
+    return {
+        intentId: snapshot.intentId,
+        fillRef: snapshot.fillRef,
+        storedSecretRef: snapshot.storedSecretRef,
+        status: snapshot.status,
+        ...(snapshot.approvalChannel ? { approvalChannel: snapshot.approvalChannel } : {}),
+        createdAt: snapshot.createdAt,
+        ...(snapshot.expiresAt ? { expiresAt: snapshot.expiresAt } : {}),
+        ...(snapshot.approvedAt ? { approvedAt: snapshot.approvedAt } : {}),
+        ...(snapshot.completedAt ? { completedAt: snapshot.completedAt } : {}),
+    };
+}
+export function serializeSecretIntentContext(snapshot) {
+    return {
+        storedSecretRef: snapshot.storedSecretRef,
+        ...(snapshot.approvalChannel ? { approvalChannel: snapshot.approvalChannel } : {}),
+        createdAt: snapshot.createdAt,
+        ...(snapshot.expiresAt ? { expiresAt: snapshot.expiresAt } : {}),
+        ...(snapshot.approvedAt ? { approvedAt: snapshot.approvedAt } : {}),
+        ...(snapshot.completedAt ? { completedAt: snapshot.completedAt } : {}),
+    };
+}
+export function describeSecretIntentStatus(status) {
+    switch (status) {
+        case 'pending':
+        case 'checking':
+        case 'notify':
+        case 'confirmation':
+            return {
+                outcomeType: 'approval_pending',
+                message: 'Protected intent is waiting for user approval.',
+                reason: 'AgentPay Cabinet has not approved this intent yet.',
+                nextAction: 'wait-for-approval',
+            };
+        case 'approved':
+            return {
+                message: 'Protected intent is approved and waiting for one-time delivery polling.',
+                reason: 'AgentPay approved this protected request, but AgentBrowse must poll again to receive the one-time secret payload.',
+                nextAction: 'poll-intent',
+            };
+        case 'denied':
+            return {
+                outcomeType: 'approval_denied',
+                message: 'Protected intent was denied and cannot be used.',
+                reason: 'AgentPay Cabinet reports that the user denied this protected action.',
+                nextAction: 'ask-user',
+            };
+        case 'timed_out':
+            return {
+                outcomeType: 'intent_expired',
+                message: 'Protected intent is no longer usable.',
+                reason: 'AgentPay Cabinet reports that this intent timed out before it could be used.',
+                nextAction: 'ask-user',
+            };
+        case 'completed':
+            return {
+                outcomeType: 'intent_expired',
+                message: 'Protected intent is no longer reusable.',
+                reason: 'AgentPay reports that this intent already completed, so any further protected action requires a new intent.',
+                nextAction: 'ask-user',
+            };
+    }
+}

package/dist/secrets/mock-agentpay-backend.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { type SecretCatalogSnapshot, type StoredSecretMetadata } from './types.js';
+export declare function setMockSecretStorePathForTests(storePath?: string): void;
+export declare function normalizeMerchantKey(value: string): string;
+export declare function resolveHostFromInput(value: string): string;
+export declare function listMockStoredSecretsForHost(hostOrUrl: string, options?: {
+    merchantKey?: string;
+}): StoredSecretMetadata[];
+export declare function syncMockSecretCatalog(hostOrUrl: string, options?: {
+    merchantKey?: string;
+    syncedAt?: string;
+}): SecretCatalogSnapshot;
+export declare function resolveMockStoredSecretValues(storedSecretRef: string): Record<string, string> | null;
+//# sourceMappingURL=mock-agentpay-backend.d.ts.map

package/dist/secrets/mock-agentpay-backend.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mock-agentpay-backend.d.ts","sourceRoot":"","sources":["../../src/secrets/mock-agentpay-backend.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EAC1B,MAAM,YAAY,CAAC;AAapB,wBAAgB,8BAA8B,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAEvE;AAYD,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAe1D;AAuBD,wBAAgB,4BAA4B,CAC1C,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE;IACP,WAAW,CAAC,EAAE,MAAM,CAAC;CACjB,GACL,oBAAoB,EAAE,CAexB;AAED,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE;IACP,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACd,GACL,qBAAqB,CAWvB;AAED,wBAAgB,6BAA6B,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CASpG"}