npm - @quanta-intellect/vessel-browser - Versions diffs - 0.1.18 → 0.1.20 - Mend

@quanta-intellect/vessel-browser 0.1.18 → 0.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +17 -0
package/out/main/index.js +1112 -427
package/out/preload/index.js +14 -1
package/out/renderer/assets/{index-DAaJOss-.js → index-CKOT_IZt.js} +947 -209
package/out/renderer/assets/{index-DMd-y6tm.css → index-DwRZftNk.css} +110 -0
package/out/renderer/index.html +2 -2
package/package.json +1 -1

package/out/main/index.js CHANGED Viewed

@@ -4,11 +4,11 @@ const fs$1 = require("node:fs");
 const path = require("path");
 const fs = require("fs");
 const crypto = require("crypto");
+const crypto$1 = require("node:crypto");
+const path$1 = require("node:path");
 const Anthropic = require("@anthropic-ai/sdk");
 const OpenAI = require("openai");
 const zod = require("zod");
-const path$1 = require("node:path");
-const crypto$1 = require("node:crypto");
 const http = require("node:http");
 const os = require("node:os");
 const mcp_js = require("@modelcontextprotocol/sdk/server/mcp.js");
@@ -362,7 +362,7 @@ class Tab {
   get state() {
     return { ...this._state };
   }
-  navigate(url) {
+  navigate(url, postBody) {
     if (!/^https?:\/\//i.test(url) && !url.startsWith("about:")) {
       if (url.includes(".") && !url.includes(" ")) {
         url = "https://" + url;
@@ -375,7 +375,24 @@ class Tab {
     }
     const policyError = checkDomainPolicy(url);
     if (policyError) return policyError;
-    this.view.webContents.loadURL(url);
+    if (postBody) {
+      const params = new URLSearchParams();
+      for (const [key, value] of Object.entries(postBody)) {
+        params.set(key, value);
+      }
+      this.view.webContents.loadURL(url, {
+        method: "POST",
+        extraHeaders: "Content-Type: application/x-www-form-urlencoded\r\n",
+        postData: [
+          {
+            type: "rawData",
+            bytes: Buffer.from(params.toString())
+          }
+        ]
+      });
+    } else {
+      this.view.webContents.loadURL(url);
+    }
     return null;
   }
   goBack() {
@@ -1228,7 +1245,7 @@ function subscribe$1(listener) {
     listeners$1.delete(listener);
   };
 }
-function addEntry(url, title) {
+function addEntry$1(url, title) {
   if (!url || url === "about:blank") return;
   load$1();
   const last = state$2.entries[0];
@@ -1991,7 +2008,7 @@ class TabManager {
       },
       onPageLoad: (pageUrl, wc) => {
         this.reapplyHighlights(pageUrl, wc);
-        addEntry(pageUrl, wc.getTitle());
+        addEntry$1(pageUrl, wc.getTitle());
       },
       onHighlightSelection: (wc) => this.captureHighlightFromPage(wc),
       onHighlightRemove: (url2, text) => this.removeHighlightByText(url2, text),
@@ -2037,9 +2054,10 @@ class TabManager {
       this.broadcastState();
     }
   }
-  navigateTab(id, url) {
+  navigateTab(id, url, postBody) {
     const tab = this.tabs.get(id);
-    if (tab) tab.navigate(url);
+    if (!tab) return `No tab with id ${id}`;
+    return tab.navigate(url, postBody);
   }
   goBack(id) {
     return this.tabs.get(id)?.goBack() ?? false;
@@ -2349,6 +2367,12 @@ const Channels = {
   PREMIUM_PORTAL: "premium:portal",
   PREMIUM_RESET: "premium:reset",
   PREMIUM_UPDATE: "premium:update",
+  // Agent Credential Vault
+  VAULT_LIST: "vault:list",
+  VAULT_ADD: "vault:add",
+  VAULT_UPDATE: "vault:update",
+  VAULT_REMOVE: "vault:remove",
+  VAULT_AUDIT_LOG: "vault:audit-log",
   // Window controls
   WINDOW_MINIMIZE: "window:minimize",
   WINDOW_MAXIMIZE: "window:maximize",
@@ -3184,105 +3208,408 @@ function addIfPresent(target, key, value) {
     target[key] = value;
   }
 }
-const EMPTY_PAGE_CONTENT = {
-  title: "",
-  content: "",
-  htmlContent: "",
-  byline: "",
-  excerpt: "",
-  url: "",
-  headings: [],
-  navigation: [],
-  interactiveElements: [],
-  forms: [],
-  viewport: {
-    width: 0,
-    height: 0,
-    scrollX: 0,
-    scrollY: 0
-  },
-  overlays: [],
-  dormantOverlays: [],
-  landmarks: [],
-  jsonLd: [],
-  microdata: [],
-  rdfa: [],
-  metaTags: {},
-  structuredData: [],
-  pageIssues: []
-};
-const PRELOAD_EXTRACTION_SCRIPT = String.raw`
-  (function() {
-    try {
-      if (window.__vessel && typeof window.__vessel.extractContent === "function") {
-        const structured = window.__vessel.extractContent();
-        if (structured && typeof structured === "object") {
-          return structured;
-        }
-      }
-    } catch (_error) {
-    }
-    return null;
-  })()
-`;
-const DIRECT_EXTRACTION_SCRIPT = String.raw`
-  (function() {
-    // Time budget: stop expensive DOM traversals after this many ms so heavy
-    // pages (Newegg, Wikipedia, etc.) don't stall the agent for 30-60s+.
-    var BUDGET_MS = 5000;
-    var _budgetStart = performance.now();
-    function withinBudget() {
-      return (performance.now() - _budgetStart) < BUDGET_MS;
+const VERIFICATION_API = process.env.VESSEL_PREMIUM_API || "https://vesselpremium.quantaintellect.com";
+const FREE_TOOL_ITERATION_LIMIT = 50;
+const REVALIDATION_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+const OFFLINE_GRACE_PERIOD_MS = 7 * 24 * 60 * 60 * 1e3;
+const PREMIUM_TOOLS = /* @__PURE__ */ new Set([
+  "screenshot",
+  "save_session",
+  "load_session",
+  "list_sessions",
+  "delete_session",
+  "flow_start",
+  "flow_advance",
+  "flow_status",
+  "flow_end",
+  "metrics",
+  "extract_table",
+  "vault_login",
+  "vault_status",
+  "vault_totp"
+]);
+function isPremium() {
+  const { premium } = loadSettings();
+  if (premium.status === "active" || premium.status === "trialing") {
+    return true;
+  }
+  if (premium.validatedAt && premium.status !== "free") {
+    const lastValidated = new Date(premium.validatedAt).getTime();
+    if (Date.now() - lastValidated < OFFLINE_GRACE_PERIOD_MS) {
+      return true;
     }
-    function getCleanBodyText() {
-      var removed = [];
-      document
-        .querySelectorAll('.__vessel-highlight-label[data-vessel-highlight]')
-        .forEach(function(label) {
-          var parent = label.parentNode;
-          if (!parent) return;
-          removed.push({ label: label, parent: parent, nextSibling: label.nextSibling });
-          parent.removeChild(label);
-        });
-      try {
-        return document.body?.innerText || document.documentElement?.innerText || "";
-      } finally {
-        for (var i = removed.length - 1; i >= 0; i--) {
-          var entry = removed[i];
-          entry.parent.insertBefore(entry.label, entry.nextSibling);
-        }
-      }
+  }
+  return false;
+}
+function getPremiumState() {
+  return { ...loadSettings().premium };
+}
+function getEffectiveMaxIterations() {
+  if (isPremium()) {
+    return loadSettings().maxToolIterations || 200;
+  }
+  return FREE_TOOL_ITERATION_LIMIT;
+}
+function resetPremium() {
+  const fresh = {
+    status: "free",
+    customerId: "",
+    email: "",
+    validatedAt: "",
+    expiresAt: ""
+  };
+  setSetting("premium", fresh);
+  return fresh;
+}
+function isToolGated(toolName) {
+  return PREMIUM_TOOLS.has(toolName) && !isPremium();
+}
+async function getCheckoutUrl(email) {
+  try {
+    const params = new URLSearchParams();
+    if (email) params.set("email", email);
+    const res = await fetch(`${VERIFICATION_API}/checkout?${params}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" }
+    });
+    if (!res.ok) {
+      const body = await res.text();
+      return { ok: false, error: body || `HTTP ${res.status}` };
     }
-    function text(value) {
-      const trimmed = value == null ? "" : String(value).trim();
-      return trimmed || undefined;
+    const { url } = await res.json();
+    return { ok: true, url };
+  } catch (err) {
+    return {
+      ok: false,
+      error: err instanceof Error ? err.message : "Failed to create checkout"
+    };
+  }
+}
+async function getPortalUrl() {
+  const { premium } = loadSettings();
+  if (!premium.customerId) {
+    return { ok: false, error: "No active subscription" };
+  }
+  try {
+    const res = await fetch(`${VERIFICATION_API}/portal`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ customerId: premium.customerId })
+    });
+    if (!res.ok) {
+      return { ok: false, error: `HTTP ${res.status}` };
     }
-    function escapeSelectorValue(value) {
-      if (typeof CSS !== "undefined" && typeof CSS.escape === "function") {
-        return CSS.escape(value);
-      }
-      return String(value).replace(/["\\]/g, "\\$&");
+    const { url } = await res.json();
+    return { ok: true, url };
+  } catch (err) {
+    return {
+      ok: false,
+      error: err instanceof Error ? err.message : "Failed to get portal URL"
+    };
+  }
+}
+async function verifySubscription(emailOrCustomerId) {
+  const current = loadSettings().premium;
+  const identifier = emailOrCustomerId || current.customerId || current.email;
+  if (!identifier) {
+    return current;
+  }
+  try {
+    const res = await fetch(`${VERIFICATION_API}/verify`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ identifier })
+    });
+    if (!res.ok) {
+      console.warn("[Vessel Premium] Verification API returned", res.status);
+      return current;
     }
-    function uniqueSelector(candidate) {
-      if (!candidate) return null;
-      try {
-        return document.querySelectorAll(candidate).length === 1 ? candidate : null;
-      } catch {
-        return null;
-      }
+    const data = await res.json();
+    const updated = {
+      status: data.status,
+      customerId: data.customerId,
+      email: data.email,
+      validatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      expiresAt: data.expiresAt
+    };
+    setSetting("premium", updated);
+    return updated;
+  } catch (err) {
+    console.warn("[Vessel Premium] Verification failed:", err);
+    return current;
+  }
+}
+async function activateWithEmail(email) {
+  if (!email.trim()) {
+    return { ok: false, state: getPremiumState(), error: "Email is required" };
+  }
+  const state2 = await verifySubscription(email.trim());
+  if (state2.status === "active" || state2.status === "trialing") {
+    return { ok: true, state: state2 };
+  }
+  return {
+    ok: false,
+    state: state2,
+    error: state2.status === "canceled" ? "Subscription is canceled. Resubscribe to continue." : state2.status === "past_due" ? "Subscription payment is past due. Update your payment method." : "No active subscription found for this email."
+  };
+}
+let revalidationTimer = null;
+function startBackgroundRevalidation() {
+  if (revalidationTimer) return;
+  const { premium } = loadSettings();
+  if (premium.customerId || premium.email) {
+    const lastValidated = premium.validatedAt ? new Date(premium.validatedAt).getTime() : 0;
+    if (Date.now() - lastValidated > REVALIDATION_INTERVAL_MS) {
+      void verifySubscription();
     }
-    function uniqueAttributeSelector(el, attribute) {
-      const value = text(el.getAttribute && el.getAttribute(attribute));
-      if (!value) return null;
-      const candidate = el.tagName.toLowerCase() + "[" + attribute + "=\"" + escapeSelectorValue(value) + "\"]";
-      return uniqueSelector(candidate);
+  }
+  revalidationTimer = setInterval(() => {
+    const { premium: p } = loadSettings();
+    if (p.customerId || p.email) {
+      void verifySubscription();
     }
+  }, REVALIDATION_INTERVAL_MS);
+}
+function stopBackgroundRevalidation() {
+  if (revalidationTimer) {
+    clearInterval(revalidationTimer);
+    revalidationTimer = null;
+  }
+}
+const POSTHOG_API_KEY = process.env.POSTHOG_API_KEY || "phc_OMeM3P5cxJwl14lOKxYad0Yre52xvjNfkLEFnPtXyM";
+const POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
+const BATCH_INTERVAL_MS = 6e4;
+const MAX_BATCH_SIZE = 50;
+function getDeviceIdPath() {
+  return path.join(electron.app.getPath("userData"), ".vessel-device-id");
+}
+let deviceId = null;
+function getDeviceId() {
+  if (deviceId) return deviceId;
+  const idPath = getDeviceIdPath();
+  try {
+    deviceId = fs.readFileSync(idPath, "utf-8").trim();
+    if (deviceId) return deviceId;
+  } catch {
+  }
+  deviceId = crypto.randomUUID();
+  try {
+    fs.mkdirSync(path.dirname(idPath), { recursive: true });
+    fs.writeFileSync(idPath, deviceId, "utf-8");
+  } catch {
+  }
+  return deviceId;
+}
+let eventQueue = [];
+let flushTimer = null;
+let sessionStartedAt = null;
+function isEnabled() {
+  if (POSTHOG_API_KEY === "YOUR_POSTHOG_KEY_HERE") return false;
+  return loadSettings().telemetryEnabled !== false;
+}
+function trackEvent(event, properties = {}) {
+  if (!isEnabled()) return;
+  eventQueue.push({
+    event,
+    properties: {
+      ...properties,
+      premium_status: isPremium() ? "premium" : "free",
+      app_version: electron.app.getVersion(),
+      platform: process.platform,
+      arch: process.arch
+    },
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  if (eventQueue.length >= MAX_BATCH_SIZE) {
+    void flush();
+  }
+}
+function trackToolCall(toolName, pageType) {
+  trackEvent("tool_called", {
+    tool_name: toolName,
+    page_type: "unknown"
+  });
+}
+function trackProviderConfigured(providerId) {
+  trackEvent("provider_configured", {
+    provider_id: providerId
+  });
+}
+function trackSettingChanged(key) {
+  trackEvent("setting_changed", { setting_key: key });
+}
+function trackApprovalModeChanged(mode) {
+  trackEvent("approval_mode_changed", { mode });
+}
+function trackBookmarkAction(action) {
+  trackEvent("bookmark_action", { action });
+}
+function trackVaultAction(action) {
+  trackEvent("vault_action", { action });
+}
+function trackExtractionFailed(domain, reason) {
+  trackEvent("extraction_failed", { domain, reason });
+}
+function trackPremiumFunnel(step, context) {
+  trackEvent("premium_funnel", { step, ...context });
+}
+function startTelemetry() {
+  if (!isEnabled()) return;
+  sessionStartedAt = Date.now();
+  trackEvent("app_launched", {
+    electron_version: process.versions.electron,
+    chrome_version: process.versions.chrome
+  });
+  flushTimer = setInterval(() => {
+    void flush();
+  }, BATCH_INTERVAL_MS);
+}
+function stopTelemetry() {
+  if (sessionStartedAt) {
+    const durationMinutes = Math.round(
+      (Date.now() - sessionStartedAt) / 6e4
+    );
+    trackEvent("app_session_ended", {
+      duration_minutes: durationMinutes
+    });
+    sessionStartedAt = null;
+  }
+  if (flushTimer) {
+    clearInterval(flushTimer);
+    flushTimer = null;
+  }
+  void flush();
+}
+async function flush() {
+  if (eventQueue.length === 0) return;
+  if (!isEnabled()) {
+    eventQueue = [];
+    return;
+  }
+  const batch = eventQueue.splice(0);
+  const distinctId = getDeviceId();
+  const payload = {
+    api_key: POSTHOG_API_KEY,
+    batch: batch.map((e) => ({
+      event: e.event,
+      properties: {
+        distinct_id: distinctId,
+        ...e.properties
+      },
+      timestamp: e.timestamp
+    }))
+  };
+  try {
+    await fetch(`${POSTHOG_HOST}/batch`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload)
+    });
+  } catch {
+    if (eventQueue.length < MAX_BATCH_SIZE * 2) {
+      eventQueue.unshift(...batch);
+    }
+  }
+}
+const EMPTY_PAGE_CONTENT = {
+  title: "",
+  content: "",
+  htmlContent: "",
+  byline: "",
+  excerpt: "",
+  url: "",
+  headings: [],
+  navigation: [],
+  interactiveElements: [],
+  forms: [],
+  viewport: {
+    width: 0,
+    height: 0,
+    scrollX: 0,
+    scrollY: 0
+  },
+  overlays: [],
+  dormantOverlays: [],
+  landmarks: [],
+  jsonLd: [],
+  microdata: [],
+  rdfa: [],
+  metaTags: {},
+  structuredData: [],
+  pageIssues: []
+};
+const PRELOAD_EXTRACTION_SCRIPT = String.raw`
+  (function() {
+    try {
+      if (window.__vessel && typeof window.__vessel.extractContent === "function") {
+        const structured = window.__vessel.extractContent();
+        if (structured && typeof structured === "object") {
+          return structured;
+        }
+      }
+    } catch (_error) {
+    }
+    return null;
+  })()
+`;
+const DIRECT_EXTRACTION_SCRIPT = String.raw`
+  (function() {
+    // Time budget: stop expensive DOM traversals after this many ms so heavy
+    // pages (Newegg, Wikipedia, etc.) don't stall the agent for 30-60s+.
+    var BUDGET_MS = 8000;
+    var _budgetStart = performance.now();
+    function withinBudget() {
+      return (performance.now() - _budgetStart) < BUDGET_MS;
+    }
+    function getCleanBodyText() {
+      var removed = [];
+      document
+        .querySelectorAll('.__vessel-highlight-label[data-vessel-highlight]')
+        .forEach(function(label) {
+          var parent = label.parentNode;
+          if (!parent) return;
+          removed.push({ label: label, parent: parent, nextSibling: label.nextSibling });
+          parent.removeChild(label);
+        });
+      try {
+        return document.body?.innerText || document.documentElement?.innerText || "";
+      } finally {
+        for (var i = removed.length - 1; i >= 0; i--) {
+          var entry = removed[i];
+          entry.parent.insertBefore(entry.label, entry.nextSibling);
+        }
+      }
+    }
+    function text(value) {
+      const trimmed = value == null ? "" : String(value).trim();
+      return trimmed || undefined;
+    }
+    function escapeSelectorValue(value) {
+      if (typeof CSS !== "undefined" && typeof CSS.escape === "function") {
+        return CSS.escape(value);
+      }
+      return String(value).replace(/["\\]/g, "\\$&");
+    }
+    function uniqueSelector(candidate) {
+      if (!candidate) return null;
+      try {
+        return document.querySelectorAll(candidate).length === 1 ? candidate : null;
+      } catch {
+        return null;
+      }
+    }
+    function uniqueAttributeSelector(el, attribute) {
+      const value = text(el.getAttribute && el.getAttribute(attribute));
+      if (!value) return null;
+      const candidate = el.tagName.toLowerCase() + "[" + attribute + "=\"" + escapeSelectorValue(value) + "\"]";
+      return uniqueSelector(candidate);
+    }
     function selectorFor(el) {
       if (!el) return "";
       if (el.id) return "#" + escapeSelectorValue(el.id);
@@ -4088,7 +4415,7 @@ const SAFE_EXTRACTION_SCRIPT = String.raw`
 function delay(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
-const EXECUTE_SCRIPT_TIMEOUT_MS = 1500;
+const EXECUTE_SCRIPT_TIMEOUT_MS = 3e3;
 async function waitForDomReady(webContents, timeoutMs = 1500) {
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
@@ -4204,7 +4531,25 @@ function mergePageContent(candidates, webContents) {
     url: mergedBase.url || webContents.getURL() || ""
   };
 }
-const EXTRACT_TIMEOUT_MS = 8e3;
+const EXTRACT_TIMEOUT_BASE_MS = 12e3;
+const EXTRACT_TIMEOUT_MAX_MS = 2e4;
+async function estimateExtractionTimeout(webContents) {
+  try {
+    const elementCount = await executeScript(
+      webContents,
+      `(function() { try { return document.querySelectorAll('*').length; } catch { return 0; } })()`
+    );
+    if (typeof elementCount === "number" && elementCount > 5e3) {
+      const extra = Math.min(
+        EXTRACT_TIMEOUT_MAX_MS - EXTRACT_TIMEOUT_BASE_MS,
+        Math.ceil((elementCount - 5e3) / 2e3) * 1e3
+      );
+      return EXTRACT_TIMEOUT_BASE_MS + extra;
+    }
+  } catch {
+  }
+  return EXTRACT_TIMEOUT_BASE_MS;
+}
 async function extractContentInner(webContents) {
   await waitForDomReady(webContents);
   const [preloadResult, directResult, safeResult] = await Promise.all([
@@ -4219,20 +4564,29 @@ async function extractContentInner(webContents) {
 }
 async function extractContent(webContents) {
   try {
+    const timeoutMs = await estimateExtractionTimeout(webContents);
     return await Promise.race([
       extractContentInner(webContents),
       new Promise(
         (_, reject) => setTimeout(
           () => reject(new Error("extractContent timeout")),
-          EXTRACT_TIMEOUT_MS
+          timeoutMs
         )
       )
     ]);
-  } catch {
+  } catch (err) {
+    const url = webContents.getURL() || "";
+    let domain = "unknown";
+    try {
+      domain = new URL(url).hostname;
+    } catch {
+    }
+    const reason = err instanceof Error ? err.message : "unknown";
+    trackExtractionFailed(domain, reason);
     return {
       ...EMPTY_PAGE_CONTENT,
       title: webContents.getTitle() || "",
-      url: webContents.getURL() || ""
+      url
     };
   }
 }
@@ -4411,286 +4765,205 @@ function setMcpHealth(update) {
     }
   }
 }
-const VERIFICATION_API = process.env.VESSEL_PREMIUM_API || "https://vesselpremium.quantaintellect.com";
-const FREE_TOOL_ITERATION_LIMIT = 50;
-const REVALIDATION_INTERVAL_MS = 24 * 60 * 60 * 1e3;
-const OFFLINE_GRACE_PERIOD_MS = 7 * 24 * 60 * 60 * 1e3;
-const PREMIUM_TOOLS = /* @__PURE__ */ new Set([
-  "screenshot",
-  "save_session",
-  "load_session",
-  "list_sessions",
-  "delete_session",
-  "flow_start",
-  "flow_advance",
-  "flow_status",
-  "flow_end",
-  "metrics",
-  "extract_table"
-]);
-function isPremium() {
-  const { premium } = loadSettings();
-  if (premium.status === "active" || premium.status === "trialing") {
-    return true;
-  }
-  if (premium.validatedAt && premium.status !== "free") {
-    const lastValidated = new Date(premium.validatedAt).getTime();
-    if (Date.now() - lastValidated < OFFLINE_GRACE_PERIOD_MS) {
-      return true;
-    }
-  }
-  return false;
-}
-function getPremiumState() {
-  return { ...loadSettings().premium };
+const VAULT_FILENAME = "vessel-vault.enc";
+const KEY_FILENAME = "vessel-vault.key";
+const ALGORITHM = "aes-256-gcm";
+const IV_LENGTH = 12;
+const AUTH_TAG_LENGTH = 16;
+let cachedEntries = null;
+function getVaultDir() {
+  return electron.app.getPath("userData");
 }
-function getEffectiveMaxIterations() {
-  if (isPremium()) {
-    return loadSettings().maxToolIterations || 200;
-  }
-  return FREE_TOOL_ITERATION_LIMIT;
+function getVaultPath() {
+  return path$1.join(getVaultDir(), VAULT_FILENAME);
 }
-function resetPremium() {
-  const fresh = {
-    status: "free",
-    customerId: "",
-    email: "",
-    validatedAt: "",
-    expiresAt: ""
-  };
-  setSetting("premium", fresh);
-  return fresh;
-}
-function isToolGated(toolName) {
-  return PREMIUM_TOOLS.has(toolName) && !isPremium();
+function getKeyPath() {
+  return path$1.join(getVaultDir(), KEY_FILENAME);
 }
-async function getCheckoutUrl(email) {
-  try {
-    const params = new URLSearchParams();
-    if (email) params.set("email", email);
-    const res = await fetch(`${VERIFICATION_API}/checkout?${params}`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" }
-    });
-    if (!res.ok) {
-      const body = await res.text();
-      return { ok: false, error: body || `HTTP ${res.status}` };
+function getOrCreateEncryptionKey() {
+  const keyPath = getKeyPath();
+  if (fs$1.existsSync(keyPath)) {
+    const encryptedKey = fs$1.readFileSync(keyPath);
+    if (electron.safeStorage.isEncryptionAvailable()) {
+      return electron.safeStorage.decryptString ? Buffer.from(electron.safeStorage.decryptString(encryptedKey), "utf-8") : encryptedKey;
     }
-    const { url } = await res.json();
-    return { ok: true, url };
-  } catch (err) {
-    return {
-      ok: false,
-      error: err instanceof Error ? err.message : "Failed to create checkout"
-    };
-  }
-}
-async function getPortalUrl() {
-  const { premium } = loadSettings();
-  if (!premium.customerId) {
-    return { ok: false, error: "No active subscription" };
+    return encryptedKey;
   }
-  try {
-    const res = await fetch(`${VERIFICATION_API}/portal`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ customerId: premium.customerId })
-    });
-    if (!res.ok) {
-      return { ok: false, error: `HTTP ${res.status}` };
-    }
-    const { url } = await res.json();
-    return { ok: true, url };
-  } catch (err) {
-    return {
-      ok: false,
-      error: err instanceof Error ? err.message : "Failed to get portal URL"
-    };
+  const key = crypto$1.randomBytes(32);
+  fs$1.mkdirSync(path$1.dirname(keyPath), { recursive: true });
+  if (electron.safeStorage.isEncryptionAvailable()) {
+    const encrypted = electron.safeStorage.encryptString(key.toString("utf-8"));
+    fs$1.writeFileSync(keyPath, encrypted);
+  } else {
+    fs$1.writeFileSync(keyPath, key);
+    fs$1.chmodSync(keyPath, 384);
   }
+  return key;
 }
-async function verifySubscription(emailOrCustomerId) {
-  const current = loadSettings().premium;
-  const identifier = emailOrCustomerId || current.customerId || current.email;
-  if (!identifier) {
-    return current;
+function encrypt(plaintext) {
+  const key = getOrCreateEncryptionKey();
+  const iv = crypto$1.randomBytes(IV_LENGTH);
+  const cipher = crypto$1.createCipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH
+  });
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf-8"),
+    cipher.final()
+  ]);
+  const authTag = cipher.getAuthTag();
+  return Buffer.concat([iv, authTag, encrypted]);
+}
+function decrypt(data) {
+  const key = getOrCreateEncryptionKey();
+  const iv = data.subarray(0, IV_LENGTH);
+  const authTag = data.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+  const ciphertext = data.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+  const decipher = crypto$1.createDecipheriv(ALGORITHM, key, iv, {
+    authTagLength: AUTH_TAG_LENGTH
+  });
+  decipher.setAuthTag(authTag);
+  return decipher.update(ciphertext, void 0, "utf-8") + decipher.final("utf-8");
+}
+function loadVault() {
+  if (cachedEntries) return cachedEntries;
+  const vaultPath = getVaultPath();
+  if (!fs$1.existsSync(vaultPath)) {
+    cachedEntries = [];
+    return cachedEntries;
   }
   try {
-    const res = await fetch(`${VERIFICATION_API}/verify`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ identifier })
-    });
-    if (!res.ok) {
-      console.warn("[Vessel Premium] Verification API returned", res.status);
-      return current;
-    }
-    const data = await res.json();
-    const updated = {
-      status: data.status,
-      customerId: data.customerId,
-      email: data.email,
-      validatedAt: (/* @__PURE__ */ new Date()).toISOString(),
-      expiresAt: data.expiresAt
-    };
-    setSetting("premium", updated);
-    return updated;
+    const raw = fs$1.readFileSync(vaultPath);
+    const json = decrypt(raw);
+    cachedEntries = JSON.parse(json);
+    return cachedEntries;
   } catch (err) {
-    console.warn("[Vessel Premium] Verification failed:", err);
-    return current;
-  }
-}
-async function activateWithEmail(email) {
-  if (!email.trim()) {
-    return { ok: false, state: getPremiumState(), error: "Email is required" };
-  }
-  const state2 = await verifySubscription(email.trim());
-  if (state2.status === "active" || state2.status === "trialing") {
-    return { ok: true, state: state2 };
-  }
-  return {
-    ok: false,
-    state: state2,
-    error: state2.status === "canceled" ? "Subscription is canceled. Resubscribe to continue." : state2.status === "past_due" ? "Subscription payment is past due. Update your payment method." : "No active subscription found for this email."
-  };
-}
-let revalidationTimer = null;
-function startBackgroundRevalidation() {
-  if (revalidationTimer) return;
-  const { premium } = loadSettings();
-  if (premium.customerId || premium.email) {
-    const lastValidated = premium.validatedAt ? new Date(premium.validatedAt).getTime() : 0;
-    if (Date.now() - lastValidated > REVALIDATION_INTERVAL_MS) {
-      void verifySubscription();
-    }
-  }
-  revalidationTimer = setInterval(() => {
-    const { premium: p } = loadSettings();
-    if (p.customerId || p.email) {
-      void verifySubscription();
-    }
-  }, REVALIDATION_INTERVAL_MS);
-}
-function stopBackgroundRevalidation() {
-  if (revalidationTimer) {
-    clearInterval(revalidationTimer);
-    revalidationTimer = null;
+    console.error("[Vessel Vault] Failed to load vault:", err);
+    cachedEntries = [];
+    return cachedEntries;
+  }
+}
+function saveVault(entries) {
+  const json = JSON.stringify(entries, null, 2);
+  const encrypted = encrypt(json);
+  const vaultPath = getVaultPath();
+  fs$1.mkdirSync(path$1.dirname(vaultPath), { recursive: true });
+  fs$1.writeFileSync(vaultPath, encrypted);
+  fs$1.chmodSync(vaultPath, 384);
+  cachedEntries = entries;
+}
+function domainMatches(pattern, hostname) {
+  const p = pattern.toLowerCase().trim();
+  const h = hostname.toLowerCase().trim();
+  if (p === h) return true;
+  if (p.startsWith("*.")) {
+    const suffix = p.slice(2);
+    return h === suffix || h.endsWith("." + suffix);
   }
+  return false;
 }
-const POSTHOG_API_KEY = process.env.POSTHOG_API_KEY || "phc_OMeM3P5cxJwl14lOKxYad0Yre52xvjNfkLEFnPtXyM";
-const POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
-const BATCH_INTERVAL_MS = 6e4;
-const MAX_BATCH_SIZE = 50;
-function getDeviceIdPath() {
-  return path.join(electron.app.getPath("userData"), ".vessel-device-id");
+function listEntries() {
+  return loadVault().map(({ password, totpSecret, ...rest }) => rest);
 }
-let deviceId = null;
-function getDeviceId() {
-  if (deviceId) return deviceId;
-  const idPath = getDeviceIdPath();
-  try {
-    deviceId = fs.readFileSync(idPath, "utf-8").trim();
-    if (deviceId) return deviceId;
-  } catch {
-  }
-  deviceId = crypto.randomUUID();
+function findEntriesForDomain(url) {
+  let hostname;
   try {
-    fs.mkdirSync(path.dirname(idPath), { recursive: true });
-    fs.writeFileSync(idPath, deviceId, "utf-8");
+    hostname = new URL(url).hostname;
   } catch {
+    return [];
   }
-  return deviceId;
-}
-let eventQueue = [];
-let flushTimer = null;
-let sessionStartedAt = null;
-function isEnabled() {
-  if (POSTHOG_API_KEY === "YOUR_POSTHOG_KEY_HERE") return false;
-  return loadSettings().telemetryEnabled !== false;
-}
-function trackEvent(event, properties = {}) {
-  if (!isEnabled()) return;
-  eventQueue.push({
-    event,
-    properties: {
-      ...properties,
-      premium_status: isPremium() ? "premium" : "free",
-      app_version: electron.app.getVersion(),
-      platform: process.platform,
-      arch: process.arch
-    },
-    timestamp: (/* @__PURE__ */ new Date()).toISOString()
-  });
-  if (eventQueue.length >= MAX_BATCH_SIZE) {
-    void flush();
-  }
-}
-function trackToolCall(toolName, pageType) {
-  trackEvent("tool_called", {
-    tool_name: toolName,
-    page_type: "unknown"
-  });
-}
-function trackProviderConfigured(providerId) {
-  trackEvent("provider_configured", {
-    provider_id: providerId
-  });
+  return loadVault().filter((e) => domainMatches(e.domainPattern, hostname)).map(({ password, totpSecret, ...rest }) => rest);
 }
-function startTelemetry() {
-  if (!isEnabled()) return;
-  sessionStartedAt = Date.now();
-  trackEvent("app_launched", {
-    electron_version: process.versions.electron,
-    chrome_version: process.versions.chrome
-  });
-  flushTimer = setInterval(() => {
-    void flush();
-  }, BATCH_INTERVAL_MS);
+function addEntry(entry) {
+  const entries = loadVault();
+  const newEntry = {
+    ...entry,
+    id: crypto$1.randomUUID(),
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    useCount: 0
+  };
+  entries.push(newEntry);
+  saveVault(entries);
+  return newEntry;
+}
+function updateEntry(id, updates) {
+  const entries = loadVault();
+  const idx = entries.findIndex((e) => e.id === id);
+  if (idx === -1) return null;
+  entries[idx] = { ...entries[idx], ...updates };
+  saveVault(entries);
+  return entries[idx];
+}
+function removeEntry(id) {
+  const entries = loadVault();
+  const idx = entries.findIndex((e) => e.id === id);
+  if (idx === -1) return false;
+  entries.splice(idx, 1);
+  saveVault(entries);
+  return true;
 }
-function stopTelemetry() {
-  if (sessionStartedAt) {
-    const durationMinutes = Math.round(
-      (Date.now() - sessionStartedAt) / 6e4
-    );
-    trackEvent("app_session_ended", {
-      duration_minutes: durationMinutes
-    });
-    sessionStartedAt = null;
-  }
-  if (flushTimer) {
-    clearInterval(flushTimer);
-    flushTimer = null;
+function recordUsage(id) {
+  const entries = loadVault();
+  const entry = entries.find((e) => e.id === id);
+  if (!entry) return;
+  entry.lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
+  entry.useCount += 1;
+  saveVault(entries);
+}
+function getCredential(id) {
+  const entry = loadVault().find((e) => e.id === id);
+  if (!entry) return null;
+  return { username: entry.username, password: entry.password };
+}
+function getTotpSecret(id) {
+  const entry = loadVault().find((e) => e.id === id);
+  return entry?.totpSecret ?? null;
+}
+function generateTotpCode(secret) {
+  const epoch = Math.floor(Date.now() / 1e3);
+  const counter = Math.floor(epoch / 30);
+  const base32Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+  const cleanSecret = secret.replace(/[\s=-]/g, "").toUpperCase();
+  let bits = "";
+  for (const ch of cleanSecret) {
+    const val = base32Chars.indexOf(ch);
+    if (val === -1) continue;
+    bits += val.toString(2).padStart(5, "0");
+  }
+  const keyBytes = Buffer.alloc(Math.floor(bits.length / 8));
+  for (let i = 0; i < keyBytes.length; i++) {
+    keyBytes[i] = parseInt(bits.slice(i * 8, i * 8 + 8), 2);
+  }
+  const counterBuf = Buffer.alloc(8);
+  counterBuf.writeUInt32BE(Math.floor(counter / 4294967296), 0);
+  counterBuf.writeUInt32BE(counter & 4294967295, 4);
+  const hmac = crypto$1.createHmac("sha1", keyBytes).update(counterBuf).digest();
+  const offset = hmac[hmac.length - 1] & 15;
+  const code = (hmac[offset] & 127) << 24 | (hmac[offset + 1] & 255) << 16 | (hmac[offset + 2] & 255) << 8 | hmac[offset + 3] & 255;
+  return (code % 1e6).toString().padStart(6, "0");
+}
+const AUDIT_FILENAME = "vessel-vault-audit.jsonl";
+const MAX_ENTRIES = 1e3;
+function getAuditPath() {
+  return path$1.join(electron.app.getPath("userData"), AUDIT_FILENAME);
+}
+function appendAuditEntry(entry) {
+  try {
+    const auditPath = getAuditPath();
+    fs$1.mkdirSync(path$1.dirname(auditPath), { recursive: true });
+    fs$1.appendFileSync(auditPath, JSON.stringify(entry) + "\n");
+  } catch (err) {
+    console.error("[Vessel Vault] Failed to write audit log:", err);
   }
-  void flush();
 }
-async function flush() {
-  if (eventQueue.length === 0) return;
-  if (!isEnabled()) {
-    eventQueue = [];
-    return;
-  }
-  const batch = eventQueue.splice(0);
-  const distinctId = getDeviceId();
-  const payload = {
-    api_key: POSTHOG_API_KEY,
-    batch: batch.map((e) => ({
-      event: e.event,
-      properties: {
-        distinct_id: distinctId,
-        ...e.properties
-      },
-      timestamp: e.timestamp
-    }))
-  };
+function readAuditLog(limit = 100) {
   try {
-    await fetch(`${POSTHOG_HOST}/batch`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(payload)
-    });
-  } catch {
-    if (eventQueue.length < MAX_BATCH_SIZE * 2) {
-      eventQueue.unshift(...batch);
-    }
+    const auditPath = getAuditPath();
+    if (!fs$1.existsSync(auditPath)) return [];
+    const lines = fs$1.readFileSync(auditPath, "utf-8").split("\n").filter((l) => l.trim());
+    return lines.slice(-Math.min(limit, MAX_ENTRIES)).map((line) => JSON.parse(line)).reverse();
+  } catch (err) {
+    console.error("[Vessel Vault] Failed to read audit log:", err);
+    return [];
   }
 }
 function isRichToolResult(value) {
@@ -4811,7 +5084,8 @@ class AnthropicProvider {
                 toolUseBlocks.push({
                   id: currentToolUse.id,
                   name: currentToolUse.name,
-                  input: {}
+                  input: {},
+                  _malformedArgs: currentToolUse.inputJson
                 });
               }
               currentToolUse = null;
@@ -4839,6 +5113,18 @@ class AnthropicProvider {
         }
         const toolResults = [];
         for (const tb of toolUseBlocks) {
+          if (tb._malformedArgs !== void 0) {
+            onChunk(`
+<<tool:${tb.name}:⚠ invalid args>>
+`);
+            toolResults.push({
+              type: "tool_result",
+              tool_use_id: tb.id,
+              content: `Error: Invalid JSON in tool arguments — could not parse. Please retry with valid JSON. Raw input: ${tb._malformedArgs.slice(0, 200)}`,
+              is_error: true
+            });
+            continue;
+          }
           const argSummary = tb.input.url || tb.input.text || tb.input.direction || "";
           onChunk(`
 <<tool:${tb.name}${argSummary ? ":" + argSummary : ""}>>
@@ -5103,10 +5389,12 @@ class OpenAICompatProvider {
         for (const tc of Object.values(toolCallAccums)) {
           if (!tc.id) tc.id = `call_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
         }
+        const malformedToolCalls = /* @__PURE__ */ new Set();
         for (const tc of toolCalls) {
           try {
             JSON.parse(tc.argsJson || "{}");
           } catch {
+            malformedToolCalls.add(tc.id);
             tc.argsJson = "{}";
           }
         }
@@ -5124,6 +5412,17 @@ class OpenAICompatProvider {
         messages.push(assistantMsg);
         if (toolCalls.length === 0) break;
         for (const tc of toolCalls) {
+          if (malformedToolCalls.has(tc.id)) {
+            onChunk(`
+<<tool:${tc.name}:⚠ invalid args>>
+`);
+            messages.push({
+              role: "tool",
+              tool_call_id: tc.id,
+              content: `Error: Invalid JSON in tool arguments. The arguments could not be parsed. Please retry with valid JSON.`
+            });
+            continue;
+          }
           let args = {};
           try {
             args = JSON.parse(tc.argsJson || "{}");
@@ -5134,7 +5433,7 @@ class OpenAICompatProvider {
             messages.push({
               role: "tool",
               tool_call_id: tc.id,
-              content: `Error: Invalid JSON in tool arguments. Please retry with valid JSON. Raw: ${tc.argsJson}`
+              content: `Error: Invalid JSON in tool arguments. Please retry with valid JSON.`
             });
             continue;
           }
@@ -6856,9 +7155,12 @@ const TOOL_DEFINITIONS = [
   {
     name: "navigate",
     title: "Navigate",
-    description: "Navigate the browser to a URL.",
+    description: "Navigate the browser to a URL. Use postBody to submit data via POST request (e.g. form submissions).",
     inputSchema: {
-      url: zod.z.string().describe("The URL to navigate to")
+      url: zod.z.string().describe("The URL to navigate to"),
+      postBody: zod.z.record(zod.z.string(), zod.z.string()).optional().describe(
+        "Optional form fields to submit via POST (application/x-www-form-urlencoded). Only supported on http/https URLs."
+      )
     },
     tier: 0
   },
@@ -11137,7 +11439,7 @@ async function executeAction(name, args, ctx) {
           const createdId = ctx.tabManager.createTab(
             typeof args.url === "string" && args.url.trim() ? args.url.trim() : "about:blank"
           );
-          const created = ctx.tabManager.getActiveTab();
+          const created = ctx.tabManager.getTab(createdId);
           if (created) {
             await waitForLoad$1(created.view.webContents);
             return `Created tab ${createdId}${await getPostNavSummary(created.view.webContents)}`;
@@ -11150,7 +11452,8 @@ async function executeAction(name, args, ctx) {
           if (navValidation.status === "dead") {
             return `Navigation blocked: ${args.url} returned ${navValidation.detail || "dead link"}. Try a different URL or go back and choose another link.`;
           }
-          ctx.tabManager.navigateTab(tabId, args.url);
+          const navError = ctx.tabManager.navigateTab(tabId, args.url, args.postBody);
+          if (navError) return navError;
           await waitForLoad$1(wc);
           return `Navigated to ${wc.getURL()}${await getPostNavSummary(wc)}`;
         }
@@ -13183,6 +13486,41 @@ Exception: ${result.exceptionDetails}`);
     }
   );
 }
+const sessionTrustedDomains = /* @__PURE__ */ new Set();
+async function requestConsent(request) {
+  const domain = request.domain.toLowerCase();
+  if (sessionTrustedDomains.has(domain)) {
+    return { approved: true, trustForSession: true };
+  }
+  const focusedWindow = electron.BrowserWindow.getFocusedWindow();
+  const { response } = await electron.dialog.showMessageBox(
+    focusedWindow ?? (electron.BrowserWindow.getAllWindows()[0] || null),
+    {
+      type: "question",
+      title: "Agent Credential Access",
+      message: `Agent wants to sign in to ${request.domain}`,
+      detail: [
+        `Credential: ${request.credentialLabel}`,
+        `Username: ${request.username}`,
+        "",
+        "The agent is requesting to fill a login form with stored credentials.",
+        "Credential values will NOT be sent to the AI provider."
+      ].join("\n"),
+      buttons: ["Deny", "Allow Once", "Allow for Session"],
+      defaultId: 1,
+      cancelId: 0,
+      noLink: true
+    }
+  );
+  if (response === 0) {
+    return { approved: false, trustForSession: false };
+  }
+  const trustForSession = response === 2;
+  if (trustForSession) {
+    sessionTrustedDomains.add(domain);
+  }
+  return { approved: true, trustForSession };
+}
 let httpServer = null;
 let mcpAuthToken = null;
 function asTextResponse(text) {
@@ -14859,10 +15197,15 @@ ${buildScopedContext(pageContent, mode)}`;
     "vessel_navigate",
     {
       title: "Navigate",
-      description: "Navigate the active browser tab to a URL.",
-      inputSchema: { url: zod.z.string().describe("The URL to navigate to") }
+      description: "Navigate the active browser tab to a URL. Use postBody to submit data via POST request (e.g. form submissions).",
+      inputSchema: {
+        url: zod.z.string().describe("The URL to navigate to"),
+        postBody: zod.z.record(zod.z.string(), zod.z.string()).optional().describe(
+          "Optional form fields to submit via POST (application/x-www-form-urlencoded). Only supported on http/https URLs."
+        )
+      }
     },
-    async ({ url }) => {
+    async ({ url, postBody }) => {
       const tab = tabManager.getActiveTab();
       if (!tab) return asTextResponse("Error: No active tab");
       const preCheck = await validateLinkDestination(url);
@@ -14873,7 +15216,8 @@ ${buildScopedContext(pageContent, mode)}`;
       }
       return withAction(runtime2, tabManager, "navigate", { url }, async () => {
         const id = tabManager.getActiveTabId();
-        tabManager.navigateTab(id, url);
+        const navError = tabManager.navigateTab(id, url, postBody);
+        if (navError) return navError;
         const { httpStatus } = await waitForLoadWithStatus(
           tab.view.webContents
         );
@@ -17332,6 +17676,244 @@ ${JSON.stringify(tableJson, null, 2)}`;
       );
     }
   );
+  server.registerTool(
+    "vessel_vault_status",
+    {
+      title: "Check Vault Credentials",
+      description: "Check whether stored credentials exist for a domain. Returns credential labels and usernames but NEVER password values. Use this before vault_login to verify credentials are available.",
+      inputSchema: {
+        domain: zod.z.string().describe(
+          "The domain to check credentials for (e.g. 'github.com'). If omitted, checks the active tab's domain."
+        ).optional()
+      }
+    },
+    async ({ domain }) => {
+      let targetDomain = domain;
+      if (!targetDomain) {
+        const tab = tabManager.getActiveTab();
+        if (!tab) return asTextResponse("Error: No active tab and no domain specified");
+        try {
+          targetDomain = new URL(tab.state.url).hostname;
+        } catch {
+          return asTextResponse("Error: Could not parse active tab URL");
+        }
+      }
+      const matches = findEntriesForDomain(
+        targetDomain.includes("://") ? targetDomain : `https://${targetDomain}`
+      );
+      if (matches.length === 0) {
+        return asTextResponse(
+          `No stored credentials found for ${targetDomain}. The user needs to add credentials in Settings > Agent Credential Vault before the agent can log in.`
+        );
+      }
+      appendAuditEntry({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        credentialId: matches[0].id,
+        credentialLabel: matches[0].label,
+        domain: targetDomain,
+        action: "status_check",
+        approved: true
+      });
+      const summary = matches.map((m) => `  - "${m.label}" (${m.username})`).join("\n");
+      return asTextResponse(
+        `Found ${matches.length} credential(s) for ${targetDomain}:
+${summary}
+Use vessel_vault_login to fill the login form. Credentials are filled directly — you will NOT see the password values.`
+      );
+    }
+  );
+  server.registerTool(
+    "vessel_vault_login",
+    {
+      title: "Fill Login with Vault Credentials",
+      description: "Fill a login form on the current page using stored credentials from the Agent Credential Vault. The credential values are filled directly into the page — they are NEVER returned in this response. The user will see a consent dialog before credentials are used.",
+      inputSchema: {
+        credential_label: zod.z.string().optional().describe(
+          "Label of the credential to use. If omitted, uses the first matching credential for the current domain."
+        ),
+        username_index: zod.z.number().optional().describe(
+          "Element index of the username/email input field from read_page."
+        ),
+        password_index: zod.z.number().optional().describe(
+          "Element index of the password input field from read_page."
+        ),
+        submit_after: zod.z.boolean().optional().describe(
+          "Whether to click the submit button after filling credentials. Defaults to false."
+        ),
+        submit_index: zod.z.number().optional().describe(
+          "Element index of the submit button. Required if submit_after is true."
+        )
+      }
+    },
+    async ({
+      credential_label,
+      username_index,
+      password_index,
+      submit_after,
+      submit_index
+    }) => {
+      const tab = tabManager.getActiveTab();
+      if (!tab) return asTextResponse("Error: No active tab");
+      const wc = tab.view.webContents;
+      let hostname;
+      try {
+        hostname = new URL(tab.state.url).hostname;
+      } catch {
+        return asTextResponse("Error: Could not parse active tab URL");
+      }
+      const matches = findEntriesForDomain(`https://${hostname}`);
+      if (matches.length === 0) {
+        return asTextResponse(
+          `No stored credentials for ${hostname}. The user needs to add credentials in Settings > Agent Credential Vault.`
+        );
+      }
+      const match = credential_label ? matches.find(
+        (m) => m.label.toLowerCase() === credential_label.toLowerCase()
+      ) : matches[0];
+      if (!match) {
+        return asTextResponse(
+          `No credential named "${credential_label}" found for ${hostname}. Available: ${matches.map((m) => m.label).join(", ")}`
+        );
+      }
+      const consent = await requestConsent({
+        credentialLabel: match.label,
+        username: match.username,
+        domain: hostname
+      });
+      appendAuditEntry({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        credentialId: match.id,
+        credentialLabel: match.label,
+        domain: hostname,
+        action: "login_fill",
+        approved: consent.approved
+      });
+      if (!consent.approved) {
+        return asTextResponse(
+          `User denied credential access for ${hostname}. The agent should not retry without being asked.`
+        );
+      }
+      const creds = getCredential(match.id);
+      if (!creds) {
+        return asTextResponse("Error: Credential not found in vault");
+      }
+      const results = [];
+      if (username_index != null) {
+        const usernameResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${username_index}, "value", ${JSON.stringify(creds.username)}) || "Error: interactByIndex not available"`
+        );
+        results.push(`Username: ${usernameResult}`);
+      }
+      if (password_index != null) {
+        const passwordResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${password_index}, "value", ${JSON.stringify(creds.password)}) || "Error: interactByIndex not available"`
+        );
+        results.push(`Password: ${passwordResult.replace(/Typed into:.*/, "Typed into: [password field]")}`);
+      }
+      recordUsage(match.id);
+      trackVaultAction("login_fill");
+      if (submit_after && submit_index != null) {
+        const submitResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${submit_index}, "click") || "Error: interactByIndex not available"`
+        );
+        results.push(`Submit: ${submitResult}`);
+      }
+      return asTextResponse(
+        [
+          `Login form filled for ${hostname} using credential "${match.label}".`,
+          ...results,
+          "",
+          "Note: Credential values were filled directly into the page. They are NOT included in this response."
+        ].join("\n")
+      );
+    }
+  );
+  server.registerTool(
+    "vessel_vault_totp",
+    {
+      title: "Fill TOTP Code from Vault",
+      description: "Generate a TOTP 2FA code from a stored secret and fill it into a code input field. The TOTP secret and generated code are NEVER returned — only filled directly into the page.",
+      inputSchema: {
+        credential_label: zod.z.string().optional().describe(
+          "Label of the credential whose TOTP secret to use. If omitted, uses the first matching credential with a TOTP secret."
+        ),
+        code_index: zod.z.number().describe(
+          "Element index of the TOTP/2FA code input field from read_page."
+        ),
+        submit_after: zod.z.boolean().optional().describe("Whether to click submit after filling the code."),
+        submit_index: zod.z.number().optional().describe("Element index of the submit button.")
+      }
+    },
+    async ({ credential_label, code_index, submit_after, submit_index }) => {
+      const tab = tabManager.getActiveTab();
+      if (!tab) return asTextResponse("Error: No active tab");
+      const wc = tab.view.webContents;
+      let hostname;
+      try {
+        hostname = new URL(tab.state.url).hostname;
+      } catch {
+        return asTextResponse("Error: Could not parse active tab URL");
+      }
+      const matches = findEntriesForDomain(`https://${hostname}`);
+      const match = credential_label ? matches.find(
+        (m) => m.label.toLowerCase() === credential_label.toLowerCase()
+      ) : matches.find((m) => {
+        const secret2 = getTotpSecret(m.id);
+        return secret2 != null;
+      });
+      if (!match) {
+        return asTextResponse(
+          `No credential with TOTP secret found for ${hostname}.`
+        );
+      }
+      const secret = getTotpSecret(match.id);
+      if (!secret) {
+        return asTextResponse(
+          `Credential "${match.label}" does not have a TOTP secret configured.`
+        );
+      }
+      const consent = await requestConsent({
+        credentialLabel: match.label,
+        username: match.username,
+        domain: hostname
+      });
+      appendAuditEntry({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        credentialId: match.id,
+        credentialLabel: match.label,
+        domain: hostname,
+        action: "totp_generate",
+        approved: consent.approved
+      });
+      if (!consent.approved) {
+        return asTextResponse(
+          `User denied TOTP access for ${hostname}.`
+        );
+      }
+      const code = generateTotpCode(secret);
+      const fillResult = await wc.executeJavaScript(
+        `window.__vessel?.interactByIndex?.(${code_index}, "value", ${JSON.stringify(code)}) || "Error: interactByIndex not available"`
+      );
+      recordUsage(match.id);
+      trackVaultAction("totp_fill");
+      const results = [`2FA code filled: ${fillResult.replace(/Typed into:.*/, "Typed into: [2FA field]")}`];
+      if (submit_after && submit_index != null) {
+        const submitResult = await wc.executeJavaScript(
+          `window.__vessel?.interactByIndex?.(${submit_index}, "click") || "Error: interactByIndex not available"`
+        );
+        results.push(`Submit: ${submitResult}`);
+      }
+      return asTextResponse(
+        [
+          `TOTP code filled for ${hostname} using credential "${match.label}".`,
+          ...results,
+          "",
+          "Note: The TOTP code was filled directly into the page. It is NOT included in this response."
+        ].join("\n")
+      );
+    }
+  );
   server.registerTool(
     "vessel_metrics",
     {
@@ -17648,6 +18230,16 @@ function stopMcpServer() {
   });
 }
 let activeChatProvider = null;
+function assertString(value, name) {
+  if (typeof value !== "string") throw new Error(`${name} must be a string`);
+}
+function assertOptionalString(value, name) {
+  if (value !== void 0 && typeof value !== "string") throw new Error(`${name} must be a string`);
+}
+function assertNumber(value, name) {
+  if (typeof value !== "number" || Number.isNaN(value)) throw new Error(`${name} must be a number`);
+}
+const VALID_APPROVAL_MODES = /* @__PURE__ */ new Set(["auto", "confirm-dangerous", "manual"]);
 function registerIpcHandlers(windowState, runtime2) {
   const { tabManager, chromeView, sidebarView, devtoolsPanelView, mainWindow } = windowState;
   const sendToRendererViews = (channel, ...args) => {
@@ -17671,9 +18263,14 @@ function registerIpcHandlers(windowState, runtime2) {
     tabManager.switchTab(id);
     layoutViews(windowState);
   });
-  electron.ipcMain.handle(Channels.TAB_NAVIGATE, (_, id, url) => {
-    tabManager.navigateTab(id, url);
-  });
+  electron.ipcMain.handle(
+    Channels.TAB_NAVIGATE,
+    (_, id, url, postBody) => {
+      assertString(id, "tabId");
+      assertString(url, "url");
+      return tabManager.navigateTab(id, url, postBody);
+    }
+  );
   electron.ipcMain.handle(Channels.TAB_BACK, (_, id) => {
     tabManager.goBack(id);
   });
@@ -17723,6 +18320,9 @@ function registerIpcHandlers(windowState, runtime2) {
   });
   electron.ipcMain.handle(Channels.AI_FETCH_MODELS, async (_, config) => {
     try {
+      if (!config || typeof config !== "object" || !("id" in config)) {
+        return { ok: false, models: [], error: "Invalid provider configuration" };
+      }
       const models = await fetchProviderModels(config);
       return { ok: true, models };
     } catch (err) {
@@ -17766,6 +18366,7 @@ function registerIpcHandlers(windowState, runtime2) {
     windowState.sidebarView.setBounds({ x: 0, y: 0, width, height });
   });
   electron.ipcMain.handle(Channels.SIDEBAR_RESIZE, (_, width) => {
+    assertNumber(width, "width");
     const clamped = Math.max(240, Math.min(800, Math.round(width)));
     windowState.uiState.sidebarWidth = clamped;
     return clamped;
@@ -17789,11 +18390,13 @@ function registerIpcHandlers(windowState, runtime2) {
   });
   electron.ipcMain.handle(Channels.SETTINGS_HEALTH_GET, () => getRuntimeHealth());
   electron.ipcMain.handle(Channels.SETTINGS_SET, async (_, key, value) => {
+    assertString(key, "key");
     if (!SETTABLE_KEYS.has(key)) {
       throw new Error(`Unknown setting key: ${key}`);
     }
     const settingsKey = key;
     const updatedSettings = setSetting(settingsKey, value);
+    trackSettingChanged(key);
     if (key === "approvalMode") {
       runtime2.setApprovalMode(value);
     }
@@ -17810,6 +18413,11 @@ function registerIpcHandlers(windowState, runtime2) {
   electron.ipcMain.handle(
     Channels.AGENT_SET_APPROVAL_MODE,
     (_, mode) => {
+      assertString(mode, "mode");
+      if (!VALID_APPROVAL_MODES.has(mode)) {
+        throw new Error(`Invalid approval mode: ${mode}`);
+      }
+      trackApprovalModeChanged(mode);
       setSetting("approvalMode", mode);
       return runtime2.setApprovalMode(mode);
     }
@@ -17840,17 +18448,23 @@ function registerIpcHandlers(windowState, runtime2) {
   electron.ipcMain.handle(
     Channels.FOLDER_CREATE,
     (_, name, summary) => {
+      trackBookmarkAction("folder_create");
       return createFolderWithSummary(name, summary);
     }
   );
   electron.ipcMain.handle(
     Channels.BOOKMARK_SAVE,
-    (_, url, title, folderId, note) => saveBookmark(url, title, folderId, note)
+    (_, url, title, folderId, note) => {
+      trackBookmarkAction("save");
+      return saveBookmark(url, title, folderId, note);
+    }
   );
   electron.ipcMain.handle(Channels.BOOKMARK_REMOVE, (_, id) => {
+    trackBookmarkAction("remove");
     return removeBookmark(id);
   });
   electron.ipcMain.handle(Channels.FOLDER_REMOVE, (_, id) => {
+    trackBookmarkAction("folder_remove");
     return removeFolder(id);
   });
   electron.ipcMain.handle(
@@ -18002,13 +18616,22 @@ function registerIpcHandlers(windowState, runtime2) {
     return getPremiumState();
   });
   electron.ipcMain.handle(Channels.PREMIUM_ACTIVATE, async (_, email) => {
+    assertString(email, "email");
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email.trim())) {
+      return { ok: false, state: getPremiumState(), error: "Invalid email format" };
+    }
+    trackPremiumFunnel("activation_attempted");
     const result = await activateWithEmail(email);
     if (result.ok) {
+      trackPremiumFunnel("activation_succeeded", { status: result.state.status });
       sendToRendererViews(Channels.PREMIUM_UPDATE, result.state);
+    } else {
+      trackPremiumFunnel("activation_failed", { status: result.state.status });
     }
     return result;
   });
   electron.ipcMain.handle(Channels.PREMIUM_CHECKOUT, async (_, email) => {
+    trackPremiumFunnel("checkout_clicked");
     const result = await getCheckoutUrl(email);
     if (result.ok && result.url) {
       tabManager.createTab(result.url);
@@ -18016,17 +18639,56 @@ function registerIpcHandlers(windowState, runtime2) {
     return result;
   });
   electron.ipcMain.handle(Channels.PREMIUM_RESET, () => {
+    trackPremiumFunnel("reset");
     const state2 = resetPremium();
     sendToRendererViews(Channels.PREMIUM_UPDATE, state2);
     return state2;
   });
   electron.ipcMain.handle(Channels.PREMIUM_PORTAL, async () => {
+    trackPremiumFunnel("portal_opened");
     const result = await getPortalUrl();
     if (result.ok && result.url) {
       tabManager.createTab(result.url);
     }
     return result;
   });
+  electron.ipcMain.handle(Channels.VAULT_LIST, () => {
+    return listEntries();
+  });
+  electron.ipcMain.handle(
+    Channels.VAULT_ADD,
+    (_, entry) => {
+      if (!entry || typeof entry !== "object") throw new Error("Invalid vault entry");
+      assertString(entry.label, "label");
+      assertString(entry.domainPattern, "domainPattern");
+      assertString(entry.username, "username");
+      assertString(entry.password, "password");
+      if (!entry.label.trim() || !entry.domainPattern.trim() || !entry.username.trim() || !entry.password.trim()) {
+        throw new Error("Label, domain, username, and password are required");
+      }
+      assertOptionalString(entry.totpSecret, "totpSecret");
+      assertOptionalString(entry.notes, "notes");
+      trackVaultAction("credential_added");
+      const created = addEntry(entry);
+      return { id: created.id, label: created.label, domainPattern: created.domainPattern, username: created.username };
+    }
+  );
+  electron.ipcMain.handle(
+    Channels.VAULT_UPDATE,
+    (_, id, updates) => {
+      assertString(id, "id");
+      if (!updates || typeof updates !== "object") throw new Error("Invalid updates");
+      return updateEntry(id, updates) !== null;
+    }
+  );
+  electron.ipcMain.handle(Channels.VAULT_REMOVE, (_, id) => {
+    assertString(id, "id");
+    trackVaultAction("credential_removed");
+    return removeEntry(id);
+  });
+  electron.ipcMain.handle(Channels.VAULT_AUDIT_LOG, (_, limit) => {
+    return readAuditLog(limit);
+  });
   electron.ipcMain.handle(Channels.WINDOW_MINIMIZE, () => {
     mainWindow.minimize();
   });
@@ -18659,13 +19321,70 @@ function installDownloadHandler(chromeView) {
     });
   });
 }
-let runtime = null;
+function registerHighlightShortcut(mainWindow, tabManager) {
+  const register = () => {
+    electron.globalShortcut.unregister("CommandOrControl+H");
+    const success = electron.globalShortcut.register("CommandOrControl+H", () => {
+      const activeTab = tabManager.getActiveTab();
+      if (!activeTab) return;
+      tabManager.captureHighlightFromActiveTab();
+    });
+    if (!success) {
+      console.warn("[Vessel] Failed to register Ctrl+H shortcut");
+    }
+  };
+  register();
+  mainWindow.on("focus", register);
+  return () => {
+    electron.globalShortcut.unregister("CommandOrControl+H");
+    mainWindow.removeListener("focus", register);
+  };
+}
+function setupAppMenu() {
+  const appMenu = electron.Menu.buildFromTemplate([
+    {
+      label: "Edit",
+      submenu: [
+        { role: "undo" },
+        { role: "redo" },
+        { type: "separator" },
+        { role: "cut" },
+        { role: "copy" },
+        { role: "paste" },
+        { role: "selectAll" }
+      ]
+    }
+  ]);
+  electron.Menu.setApplicationMenu(appMenu);
+}
 function rendererUrlFor(view) {
   if (!process.env.ELECTRON_RENDERER_URL) return null;
   const url = new URL(process.env.ELECTRON_RENDERER_URL);
   url.searchParams.set("view", view);
   return url.toString();
 }
+function loadRenderers(chromeView, sidebarView, devtoolsPanelView) {
+  const chromeUrl = rendererUrlFor("chrome");
+  const sidebarUrl = rendererUrlFor("sidebar");
+  const devtoolsUrl = rendererUrlFor("devtools");
+  if (chromeUrl && sidebarUrl && devtoolsUrl) {
+    chromeView.webContents.loadURL(chromeUrl);
+    sidebarView.webContents.loadURL(sidebarUrl);
+    devtoolsPanelView.webContents.loadURL(devtoolsUrl);
+  } else {
+    const rendererFile = path$1.join(__dirname, "../../renderer/index.html");
+    chromeView.webContents.loadFile(rendererFile, {
+      query: { view: "chrome" }
+    });
+    sidebarView.webContents.loadFile(rendererFile, {
+      query: { view: "sidebar" }
+    });
+    devtoolsPanelView.webContents.loadFile(rendererFile, {
+      query: { view: "devtools" }
+    });
+  }
+}
+let runtime = null;
 function checkWritableUserData(userDataPath) {
   const issues = [];
   try {
@@ -18758,34 +19477,8 @@ async function bootstrap() {
     }
   });
   registerIpcHandlers(windowState, runtime);
-  const registerHighlightShortcut = () => {
-    electron.globalShortcut.unregister("CommandOrControl+H");
-    const success = electron.globalShortcut.register("CommandOrControl+H", () => {
-      const activeTab = tabManager.getActiveTab();
-      if (!activeTab) return;
-      tabManager.captureHighlightFromActiveTab();
-    });
-    if (!success) {
-      console.warn("[Vessel] Failed to register Ctrl+H shortcut");
-    }
-  };
-  registerHighlightShortcut();
-  windowState.mainWindow.on("focus", registerHighlightShortcut);
-  const appMenu = electron.Menu.buildFromTemplate([
-    {
-      label: "Edit",
-      submenu: [
-        { role: "undo" },
-        { role: "redo" },
-        { type: "separator" },
-        { role: "cut" },
-        { role: "copy" },
-        { role: "paste" },
-        { role: "selectAll" }
-      ]
-    }
-  ]);
-  electron.Menu.setApplicationMenu(appMenu);
+  registerHighlightShortcut(windowState.mainWindow, tabManager);
+  setupAppMenu();
   subscribe((state2) => {
     chromeView.webContents.send(Channels.BOOKMARKS_UPDATE, state2);
     sidebarView.webContents.send(Channels.BOOKMARKS_UPDATE, state2);
@@ -18797,25 +19490,7 @@ async function bootstrap() {
   installDownloadHandler(chromeView);
   startBackgroundRevalidation();
   startTelemetry();
-  const chromeUrl = rendererUrlFor("chrome");
-  const sidebarUrl = rendererUrlFor("sidebar");
-  const devtoolsUrl = rendererUrlFor("devtools");
-  if (chromeUrl && sidebarUrl && devtoolsUrl) {
-    chromeView.webContents.loadURL(chromeUrl);
-    sidebarView.webContents.loadURL(sidebarUrl);
-    devtoolsPanelView.webContents.loadURL(devtoolsUrl);
-  } else {
-    const rendererFile = path.join(__dirname, "../renderer/index.html");
-    chromeView.webContents.loadFile(rendererFile, {
-      query: { view: "chrome" }
-    });
-    sidebarView.webContents.loadFile(rendererFile, {
-      query: { view: "sidebar" }
-    });
-    devtoolsPanelView.webContents.loadFile(rendererFile, {
-      query: { view: "devtools" }
-    });
-  }
+  loadRenderers(chromeView, sidebarView, devtoolsPanelView);
   await startMcpServer(tabManager, runtime, settings2.mcpPort);
   chromeView.webContents.once("did-finish-load", () => {
     const savedSession = runtime.getState().session;
@@ -18830,6 +19505,16 @@ async function bootstrap() {
     void maybeShowStartupHealthDialog(windowState);
   });
 }
+process.on("uncaughtException", (error) => {
+  console.error("[Vessel] Uncaught exception:", error.message, error.stack);
+  electron.app.quit();
+});
+process.on("unhandledRejection", (reason) => {
+  console.error(
+    "[Vessel] Unhandled rejection:",
+    reason instanceof Error ? reason.message : reason
+  );
+});
 electron.app.whenReady().then(bootstrap).catch((error) => {
   console.error("[Vessel] Failed to bootstrap application:", error);
   electron.app.quit();