@quanta-intellect/vessel-browser 0.1.44 → 0.1.46

package/out/main/index.js

@@ -32,12 +32,14 @@ const defaults = {
   premium: {
     status: "free",
     customerId: "",
+    verificationToken: "",
     email: "",
     validatedAt: "",
     expiresAt: ""
   }
 };
 const SAVE_DEBOUNCE_MS$3 = 150;
+const CHAT_PROVIDER_SECRET_FILENAME = "vessel-chat-provider-secret";
 const SETTABLE_KEYS = new Set(Object.keys(defaults));
 let settings = null;
 let settingsIssues = [];
@@ -52,6 +54,80 @@ function getUserDataPath() {
 function getSettingsPath() {
   return path.join(getUserDataPath(), "vessel-settings.json");
 }
+function getChatProviderSecretPath() {
+  return path.join(getUserDataPath(), CHAT_PROVIDER_SECRET_FILENAME);
+}
+function canUseSafeStorage() {
+  try {
+    return electron.safeStorage.isEncryptionAvailable();
+  } catch {
+    return false;
+  }
+}
+function readStoredProviderSecret() {
+  try {
+    const raw = fs.readFileSync(getChatProviderSecretPath());
+    const decoded = canUseSafeStorage() && electron.safeStorage.decryptString ? electron.safeStorage.decryptString(raw) : raw.toString("utf-8");
+    const parsed = JSON.parse(decoded);
+    if (parsed && typeof parsed === "object" && typeof parsed.providerId === "string" && typeof parsed.apiKey === "string") {
+      return parsed;
+    }
+  } catch {
+  }
+  return null;
+}
+function writeStoredProviderSecret(secret) {
+  const filePath = getChatProviderSecretPath();
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  const payload = JSON.stringify(secret);
+  if (canUseSafeStorage()) {
+    const encrypted = electron.safeStorage.encryptString(payload);
+    fs.writeFileSync(filePath, encrypted, { mode: 384 });
+    return;
+  }
+  fs.writeFileSync(filePath, payload, { mode: 384 });
+}
+function clearStoredProviderSecret() {
+  try {
+    fs.unlinkSync(getChatProviderSecretPath());
+  } catch {
+  }
+}
+function mergeChatProviderSecret(provider) {
+  if (!provider) return null;
+  const stored = readStoredProviderSecret();
+  const legacyApiKey = provider.apiKey?.trim() || "";
+  const apiKey = stored?.providerId === provider.id ? stored.apiKey : legacyApiKey;
+  if (legacyApiKey && stored?.providerId !== provider.id) {
+    writeStoredProviderSecret({ providerId: provider.id, apiKey: legacyApiKey });
+  }
+  return {
+    ...provider,
+    apiKey,
+    hasApiKey: Boolean(apiKey)
+  };
+}
+function buildPersistedSettings(source) {
+  return {
+    ...source,
+    chatProvider: source.chatProvider ? {
+      ...source.chatProvider,
+      apiKey: "",
+      hasApiKey: source.chatProvider.hasApiKey || Boolean(source.chatProvider.apiKey)
+    } : null
+  };
+}
+function getRendererSettings() {
+  const current = loadSettings();
+  return {
+    ...current,
+    chatProvider: current.chatProvider ? {
+      ...current.chatProvider,
+      apiKey: "",
+      hasApiKey: Boolean(current.chatProvider.apiKey)
+    } : null
+  };
+}
 function getSettingsLoadIssues() {
   return settingsIssues.map((issue) => ({ ...issue }));
 }
@@ -80,6 +156,7 @@ function loadSettings() {
     settings = {
       ...defaults,
       ...parsed,
+      chatProvider: mergeChatProviderSecret(parsed.chatProvider ?? null),
       mcpPort: sanitizePort(parsed.mcpPort ?? defaults.mcpPort),
       agentTranscriptMode: parsed.agentTranscriptMode === "off" || parsed.agentTranscriptMode === "summary" || parsed.agentTranscriptMode === "full" ? parsed.agentTranscriptMode : parsed.showAgentTranscript === false ? "off" : defaults.agentTranscriptMode
     };
@@ -104,7 +181,10 @@ function persistNow$3() {
     saveTimer$3 = null;
   }
   return fs.promises.mkdir(path.dirname(getSettingsPath()), { recursive: true }).then(
-    () => fs.promises.writeFile(getSettingsPath(), JSON.stringify(settings, null, 2))
+    () => fs.promises.writeFile(
+      getSettingsPath(),
+      JSON.stringify(buildPersistedSettings(settings), null, 2)
+    )
   ).catch((err) => console.error("[Vessel] Failed to save settings:", err));
 }
 function saveSettings() {
@@ -121,6 +201,30 @@ function setSetting(key, value) {
   loadSettings();
   if (key === "mcpPort") {
     settings.mcpPort = sanitizePort(value);
+  } else if (key === "chatProvider") {
+    const nextProvider = value;
+    if (!nextProvider) {
+      clearStoredProviderSecret();
+      settings.chatProvider = null;
+    } else {
+      const existingSecret = readStoredProviderSecret();
+      const incomingApiKey = nextProvider.apiKey.trim();
+      const preserveExisting = !incomingApiKey && nextProvider.hasApiKey === true && existingSecret?.providerId === nextProvider.id;
+      const resolvedApiKey = preserveExisting ? existingSecret?.apiKey || "" : incomingApiKey;
+      if (resolvedApiKey) {
+        writeStoredProviderSecret({
+          providerId: nextProvider.id,
+          apiKey: resolvedApiKey
+        });
+      } else {
+        clearStoredProviderSecret();
+      }
+      settings.chatProvider = {
+        ...nextProvider,
+        apiKey: resolvedApiKey,
+        hasApiKey: Boolean(resolvedApiKey)
+      };
+    }
   } else {
     settings[key] = value;
   }
@@ -160,7 +264,31 @@ function checkDomainPolicy(url) {
 function matchesDomain(hostname, policyDomain) {
   return hostname === policyDomain || hostname.endsWith("." + policyDomain);
 }
+const ALLOWED_SCHEMES = /* @__PURE__ */ new Set(["http:", "https:"]);
+function isSafeNavigationURL(url) {
+  try {
+    const parsed = new URL(url);
+    return ALLOWED_SCHEMES.has(parsed.protocol);
+  } catch {
+    return false;
+  }
+}
+function assertSafeURL(url) {
+  if (!isSafeNavigationURL(url)) {
+    throw new Error(
+      `Blocked navigation to disallowed URL scheme: ${url.slice(0, 80)}`
+    );
+  }
+}
+function assertPermittedNavigationURL(url) {
+  assertSafeURL(url);
+  const policyError = checkDomainPolicy(url);
+  if (policyError) {
+    throw new Error(policyError);
+  }
+}
 const MAX_CUSTOM_HISTORY = 50;
+const READER_MODE_DATA_URL_PREFIX = "data:text/html;charset=utf-8,";
 class Tab {
   id;
   view;
@@ -181,6 +309,32 @@ class Tab {
   urlForwardStack = [];
   lastCommittedUrl = "";
   navigatingViaHistory = false;
+  isReaderModeDataUrl(url) {
+    return this._state.isReaderMode && url.startsWith(READER_MODE_DATA_URL_PREFIX);
+  }
+  getNavigationBlockReason(url) {
+    if (!url) {
+      return "Blocked navigation to empty URL";
+    }
+    if (url.startsWith("about:") || this.isReaderModeDataUrl(url)) {
+      return null;
+    }
+    try {
+      assertSafeURL(url);
+    } catch (error) {
+      return error instanceof Error ? error.message : "Blocked unsafe navigation";
+    }
+    return checkDomainPolicy(url);
+  }
+  guardedLoadURL(url, options) {
+    const blockReason = this.getNavigationBlockReason(url);
+    if (blockReason) {
+      console.warn(`[Tab] ${blockReason}`);
+      return blockReason;
+    }
+    void this.view.webContents.loadURL(url, options);
+    return null;
+  }
   constructor(id, url, onChange, options) {
     this.id = id;
     this.parentWindow = options?.parentWindow;
@@ -198,10 +352,11 @@ class Tab {
         nodeIntegration: false
       }
     });
+    const initialUrl = url || "about:blank";
     this._state = {
       id,
       title: "New Tab",
-      url: url || "about:blank",
+      url: initialUrl,
       favicon: "",
       isLoading: false,
       canGoBack: false,
@@ -222,13 +377,22 @@ class Tab {
     });
     this.setupListeners();
     if (url) {
-      this.lastCommittedUrl = url;
-      this.view.webContents.loadURL(url);
+      const error = this.guardedLoadURL(url);
+      if (error) {
+        this._state.url = "about:blank";
+      } else {
+        this.lastCommittedUrl = url;
+      }
     }
   }
   setupListeners() {
     const wc = this.view.webContents;
     wc.setWindowOpenHandler(({ url, disposition }) => {
+      const error = this.getNavigationBlockReason(url);
+      if (error) {
+        console.warn(`[Tab] ${error}`);
+        return { action: "deny" };
+      }
       this.onOpenUrl?.({
         url,
         background: disposition === "background-tab",
@@ -236,6 +400,18 @@ class Tab {
       });
       return { action: "deny" };
     });
+    const blockNavigation = (event, url, context) => {
+      const error = this.getNavigationBlockReason(url);
+      if (!error) return;
+      event.preventDefault();
+      console.warn(`[Tab] ${context}: ${error}`);
+    };
+    wc.on("will-navigate", (event, url) => {
+      blockNavigation(event, url, "Blocked top-level navigation");
+    });
+    wc.on("will-redirect", (event, url) => {
+      blockNavigation(event, url, "Blocked redirect");
+    });
     const syncNavigationState = () => {
       this._state.title = wc.getTitle() || this._state.title || "New Tab";
       this._state.url = wc.getURL() || this._state.url;
@@ -402,17 +578,12 @@ class Tab {
         url = `https://duckduckgo.com/?q=${encodeURIComponent(url)}`;
       }
     }
-    if (!/^https?:\/\//i.test(url) && !url.startsWith("about:")) {
-      return `Blocked navigation to disallowed URL scheme: ${url.slice(0, 80)}`;
-    }
-    const policyError = checkDomainPolicy(url);
-    if (policyError) return policyError;
     if (postBody) {
       const params = new URLSearchParams();
       for (const [key, value] of Object.entries(postBody)) {
         params.set(key, value);
       }
-      this.view.webContents.loadURL(url, {
+      return this.guardedLoadURL(url, {
         method: "POST",
         extraHeaders: "Content-Type: application/x-www-form-urlencoded\r\n",
         postData: [
@@ -422,27 +593,39 @@ class Tab {
           }
         ]
       });
-    } else {
-      this.view.webContents.loadURL(url);
     }
-    return null;
+    return this.guardedLoadURL(url);
   }
   goBack() {
     const previousUrl = this.urlHistory.pop();
     if (!previousUrl) return false;
+    const currentUrl = this.lastCommittedUrl;
     this.navigatingViaHistory = true;
-    this.urlForwardStack.push(this.lastCommittedUrl);
+    this.urlForwardStack.push(currentUrl);
+    const error = this.guardedLoadURL(previousUrl);
+    if (error) {
+      this.navigatingViaHistory = false;
+      this.urlForwardStack.pop();
+      this.urlHistory.push(previousUrl);
+      return false;
+    }
     this.lastCommittedUrl = previousUrl;
-    this.view.webContents.loadURL(previousUrl);
     return true;
   }
   goForward() {
     const nextUrl = this.urlForwardStack.pop();
     if (!nextUrl) return false;
+    const currentUrl = this.lastCommittedUrl;
     this.navigatingViaHistory = true;
-    this.urlHistory.push(this.lastCommittedUrl);
+    this.urlHistory.push(currentUrl);
+    const error = this.guardedLoadURL(nextUrl);
+    if (error) {
+      this.navigatingViaHistory = false;
+      this.urlHistory.pop();
+      this.urlForwardStack.push(nextUrl);
+      return false;
+    }
     this.lastCommittedUrl = nextUrl;
-    this.view.webContents.loadURL(nextUrl);
     return true;
   }
   canGoBack() {
@@ -2446,7 +2629,8 @@ const Channels = {
   DOWNLOAD_DONE: "download:done",
   // Premium
   PREMIUM_GET_STATE: "premium:get-state",
-  PREMIUM_ACTIVATE: "premium:activate",
+  PREMIUM_ACTIVATION_START: "premium:activation-start",
+  PREMIUM_ACTIVATION_VERIFY: "premium:activation-verify",
   PREMIUM_CHECKOUT: "premium:checkout",
   PREMIUM_PORTAL: "premium:portal",
   PREMIUM_RESET: "premium:reset",
@@ -3382,6 +3566,7 @@ function resetPremium() {
   const fresh = {
     status: "free",
     customerId: "",
+    verificationToken: "",
     email: "",
     validatedAt: "",
     expiresAt: ""
@@ -3414,39 +3599,22 @@ async function getCheckoutUrl(email) {
   }
 }
 async function getPortalUrl() {
-  const { premium } = loadSettings();
-  if (!premium.customerId) {
-    return { ok: false, error: "No active subscription" };
-  }
-  try {
-    const res = await fetch(`${VERIFICATION_API}/portal`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ customerId: premium.customerId })
-    });
-    if (!res.ok) {
-      return { ok: false, error: `HTTP ${res.status}` };
-    }
-    const { url } = await res.json();
-    return { ok: true, url };
-  } catch (err) {
-    return {
-      ok: false,
-      error: err instanceof Error ? err.message : "Failed to get portal URL"
-    };
-  }
+  return {
+    ok: false,
+    error: "Billing portal access is temporarily disabled while we harden the premium API. Use the Stripe billing link from your subscription email for now."
+  };
 }
-async function verifySubscription(emailOrCustomerId) {
+async function verifySubscription(identifier) {
   const current = loadSettings().premium;
-  const identifier = emailOrCustomerId || current.customerId || current.email;
-  if (!identifier) {
+  const verificationIdentifier = identifier || current.verificationToken || current.customerId;
+  if (!verificationIdentifier) {
     return current;
   }
   try {
     const res = await fetch(`${VERIFICATION_API}/verify`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ identifier })
+      body: JSON.stringify({ identifier: verificationIdentifier })
     });
     if (!res.ok) {
       console.warn("[Vessel Premium] Verification API returned", res.status);
@@ -3455,8 +3623,9 @@ async function verifySubscription(emailOrCustomerId) {
     const data = await res.json();
     const updated = {
       status: data.status,
-      customerId: data.customerId,
-      email: data.email,
+      customerId: data.customerId || current.customerId,
+      verificationToken: data.verificationToken || verificationIdentifier,
+      email: data.email || current.email,
       validatedAt: (/* @__PURE__ */ new Date()).toISOString(),
       expiresAt: data.expiresAt
     };
@@ -3467,34 +3636,104 @@ async function verifySubscription(emailOrCustomerId) {
     return current;
   }
 }
-async function activateWithEmail(email) {
-  if (!email.trim()) {
+async function requestActivationCode(email) {
+  const normalizedEmail = email.trim().toLowerCase();
+  if (!normalizedEmail) {
+    return { ok: false, error: "Email is required" };
+  }
+  try {
+    const res = await fetch(`${VERIFICATION_API}/activate/start`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email: normalizedEmail })
+    });
+    const data = await res.json().catch(() => ({}));
+    if (!res.ok || !data.challengeToken) {
+      return {
+        ok: false,
+        error: data.error || `HTTP ${res.status}`
+      };
+    }
+    return {
+      ok: true,
+      email: normalizedEmail,
+      challengeToken: data.challengeToken
+    };
+  } catch (err) {
+    return {
+      ok: false,
+      error: err instanceof Error ? err.message : "Failed to send code"
+    };
+  }
+}
+async function verifyActivationCode(email, code, challengeToken) {
+  const normalizedEmail = email.trim().toLowerCase();
+  const trimmedCode = code.trim();
+  if (!normalizedEmail) {
     return { ok: false, state: getPremiumState(), error: "Email is required" };
   }
-  const state2 = await verifySubscription(email.trim());
-  if (state2.status === "active" || state2.status === "trialing") {
-    return { ok: true, state: state2 };
+  if (!trimmedCode) {
+    return { ok: false, state: getPremiumState(), error: "Code is required" };
+  }
+  if (!challengeToken.trim()) {
+    return {
+      ok: false,
+      state: getPremiumState(),
+      error: "Request a new activation code and try again."
+    };
+  }
+  try {
+    const res = await fetch(`${VERIFICATION_API}/activate/verify`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        email: normalizedEmail,
+        code: trimmedCode,
+        challengeToken: challengeToken.trim()
+      })
+    });
+    const data = await res.json().catch(() => ({}));
+    if (!res.ok) {
+      return {
+        ok: false,
+        state: getPremiumState(),
+        error: data.error || `HTTP ${res.status}`
+      };
+    }
+    const updated = {
+      status: data.status ?? "free",
+      customerId: data.customerId || "",
+      verificationToken: data.verificationToken || "",
+      email: data.email || normalizedEmail,
+      validatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      expiresAt: data.expiresAt || ""
+    };
+    setSetting("premium", updated);
+    return { ok: isPremiumActiveState(updated), state: updated };
+  } catch (err) {
+    return {
+      ok: false,
+      state: getPremiumState(),
+      error: err instanceof Error ? err.message : "Failed to verify code"
+    };
   }
-  return {
-    ok: false,
-    state: state2,
-    error: state2.status === "canceled" ? "Subscription is canceled. Resubscribe to continue." : state2.status === "past_due" ? "Subscription payment is past due. Update your payment method." : "No active subscription found for this email."
-  };
 }
 let revalidationTimer = null;
 function startBackgroundRevalidation() {
   if (revalidationTimer) return;
   const { premium } = loadSettings();
-  if (premium.customerId || premium.email) {
+  const identifier = premium.verificationToken || premium.customerId;
+  if (identifier) {
     const lastValidated = premium.validatedAt ? new Date(premium.validatedAt).getTime() : 0;
     if (Date.now() - lastValidated > REVALIDATION_INTERVAL_MS) {
-      void verifySubscription();
+      void verifySubscription(identifier);
     }
   }
   revalidationTimer = setInterval(() => {
     const { premium: p } = loadSettings();
-    if (p.customerId || p.email) {
-      void verifySubscription();
+    const currentIdentifier = p.verificationToken || p.customerId;
+    if (currentIdentifier) {
+      void verifySubscription(currentIdentifier);
     }
   }, REVALIDATION_INTERVAL_MS);
 }
@@ -4185,6 +4424,20 @@ const DIRECT_EXTRACTION_SCRIPT = String.raw`
       return meta;
     }
 
+    function shouldExposeFieldValue(el) {
+      if (!(el instanceof HTMLInputElement)) return false;
+      var elType = (el.type || "").toLowerCase();
+      if (elType !== "number") return false;
+      var signals = [
+        el.name,
+        el.id,
+        el.getAttribute("placeholder"),
+        el.getAttribute("aria-label"),
+        labelFor(el),
+      ].filter(Boolean).join(" ").toLowerCase();
+      return /\b(qty|quantity|count|items?)\b/.test(signals);
+    }
+
     function serializeInteractive(el, kind) {
       var base = {
         type: kind,
@@ -4219,7 +4472,6 @@ const DIRECT_EXTRACTION_SCRIPT = String.raw`
         return {
           ...base,
           label: labelFor(el)?.slice(0, 100),
-          value: text(el.value),
           options: Array.from(el.options || []).map(function(option) { return { label: text(option.textContent || option.value) || option.value, value: option.value }; }).filter(function(o) { return o.label || o.value; }).slice(0, 25),
           required: el.hasAttribute("required") || undefined,
           ...fieldMeta(el),
@@ -4231,7 +4483,6 @@ const DIRECT_EXTRACTION_SCRIPT = String.raw`
           ...base,
           label: labelFor(el)?.slice(0, 100),
           placeholder: text(el.getAttribute("placeholder")),
-          value: text(el.value),
           required: el.hasAttribute("required") || undefined,
           ...fieldMeta(el),
         };
@@ -4243,7 +4494,7 @@ const DIRECT_EXTRACTION_SCRIPT = String.raw`
         label: labelFor(el)?.slice(0, 100),
         inputType: text(el.getAttribute("type")),
         placeholder: text(el.getAttribute("placeholder")),
-        value: (elType === "password" || elType === "checkbox" || elType === "radio") ? undefined : text(el.value),
+        value: shouldExposeFieldValue(el) ? text(el.value) : undefined,
         required: el.hasAttribute("required") || undefined,
         ...fieldMeta(el),
       };
@@ -4499,7 +4750,7 @@ const SAFE_EXTRACTION_SCRIPT = String.raw`
           label: labelFor(el)?.slice(0, 100),
           inputType: text(el.getAttribute && el.getAttribute("type")),
           placeholder: text(el.getAttribute && el.getAttribute("placeholder")),
-          value: tag === "select" ? text(el.value) : (elType === "password" || elType === "checkbox" || elType === "radio") ? undefined : text(el.value),
+          value: shouldExposeFieldValue(el) ? text(el.value) : undefined,
           options: tag === "select"
             ? Array.from(el.options || []).map(function(option) { return { label: text(option.textContent || option.value) || option.value, value: option.value }; }).filter(function(o) { return o.label || o.value; }).slice(0, 25)
             : undefined,
@@ -4752,11 +5003,13 @@ function normalizePageContent(value) {
 function generateReaderHTML(page) {
   const escapedTitle = escapeHtml(page.title);
   const escapedByline = escapeHtml(page.byline);
+  const renderedContent = renderReaderContent(page);
   return `<!DOCTYPE html>
 <html lang="en">
 <head>
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1">
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; base-uri 'none'; form-action 'none'">
   <title>${escapedTitle}</title>
   <style>
     * { margin: 0; padding: 0; box-sizing: border-box; }
@@ -4827,13 +5080,20 @@ function generateReaderHTML(page) {
   <div class="reader-container">
     <h1>${escapedTitle}</h1>
     ${escapedByline ? `<div class="byline">${escapedByline}</div>` : ""}
-    <div class="reader-content">${page.htmlContent || escapeHtml(page.content)}</div>
+    <div class="reader-content">${renderedContent}</div>
   </div>
 </body>
 </html>`;
 }
+function renderReaderContent(page) {
+  const source = (page.content || page.excerpt || "").trim();
+  if (!source) {
+    return "<p>No readable content was available for this page.</p>";
+  }
+  return source.split(/\n{2,}/).map((block) => block.trim()).filter(Boolean).map((block) => `<p>${escapeHtml(block).replace(/\n/g, "<br>")}</p>`).join("\n");
+}
 function escapeHtml(str) {
-  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
 const mcpStatusChangeListeners = /* @__PURE__ */ new Set();
 const runtimeHealthChangeListeners = /* @__PURE__ */ new Set();
@@ -4927,24 +5187,24 @@ function getVaultPath() {
 function getKeyPath() {
   return path$1.join(getVaultDir(), KEY_FILENAME);
 }
+function assertVaultSecretStorageAvailable() {
+  if (!electron.safeStorage.isEncryptionAvailable()) {
+    throw new Error(
+      "Agent Credential Vault requires OS-backed secret storage. Enable Keychain, DPAPI, or libsecret support and restart Vessel."
+    );
+  }
+}
 function getOrCreateEncryptionKey() {
+  assertVaultSecretStorageAvailable();
   const keyPath = getKeyPath();
   if (fs$1.existsSync(keyPath)) {
     const encryptedKey = fs$1.readFileSync(keyPath);
-    if (electron.safeStorage.isEncryptionAvailable()) {
-      return electron.safeStorage.decryptString ? Buffer.from(electron.safeStorage.decryptString(encryptedKey), "utf-8") : encryptedKey;
-    }
-    return encryptedKey;
+    return Buffer.from(electron.safeStorage.decryptString(encryptedKey), "utf-8");
   }
   const key = crypto$2.randomBytes(32);
   fs$1.mkdirSync(path$1.dirname(keyPath), { recursive: true });
-  if (electron.safeStorage.isEncryptionAvailable()) {
-    const encrypted = electron.safeStorage.encryptString(key.toString("utf-8"));
-    fs$1.writeFileSync(keyPath, encrypted);
-  } else {
-    fs$1.writeFileSync(keyPath, key);
-    fs$1.chmodSync(keyPath, 384);
-  }
+  const encrypted = electron.safeStorage.encryptString(key.toString("utf-8"));
+  fs$1.writeFileSync(keyPath, encrypted, { mode: 384 });
   return key;
 }
 function encrypt(plaintext) {
@@ -4985,8 +5245,9 @@ function loadVault() {
     return cachedEntries;
   } catch (err) {
     console.error("[Vessel Vault] Failed to load vault:", err);
-    cachedEntries = [];
-    return cachedEntries;
+    throw new Error(
+      "Could not unlock the Agent Credential Vault. Check that OS secret storage is available and that the stored vault key can be decrypted."
+    );
   }
 }
 function saveVault(entries) {
@@ -5380,7 +5641,7 @@ function buildPhaseReminder(userMessage, assistantText) {
   const multiClickSelectionSignals = /i(?:'| a)?ll start by clicking on the following books|i will start by clicking on the following books|i will click on the following books|clicked on five different book titles|clicked on \d+ different book titles|clicking through the selected titles|click each of the selected titles/.test(
     text
   );
-  const staleSelectionSignals = /cannot locate the elements to click|page structure is not being reliably captured|specific titles failed|page may have changed|stale-index/.test(
+  const staleSelectionSignals = /cannot locate the elements to click|page structure is not being reliably captured|specific titles failed|page may have changed|stale-index|no visible area|not visible/.test(
     text
   );
   const intermediateCartDialogSignals = /(added to cart|has been added to the cart|cart confirmation)/.test(text) && /(continue shopping|search results page|return to the search results page|back button|go back)/.test(
@@ -6728,6 +6989,10 @@ function limitItems(items, max = MAX_STRUCTURED_ITEMS) {
   if (items.length <= max) return items;
   return items.slice(0, max);
 }
+function shouldRenderFieldValue(el) {
+  const value = typeof el.value === "string" && el.value.trim() ? el.value.trim() : "";
+  return Boolean(value) && isQuantityLike(el);
+}
 function formatElementMeta(el) {
   const meta = [];
   if (el.context && el.context !== "content") {
@@ -6795,7 +7060,7 @@ function formatElementMeta(el) {
   if (el.description) {
     meta.push(`desc="${el.description.slice(0, 80)}"`);
   }
-  if (el.value !== void 0 && el.value !== null && el.value !== "") {
+  if (shouldRenderFieldValue(el)) {
     meta.push(`value="${el.value.slice(0, 60)}"`);
   }
   if (el.selector) {
@@ -6806,7 +7071,7 @@ function formatElementMeta(el) {
 }
 function summarizeElementValue(el) {
   const value = typeof el.value === "string" && el.value.trim() ? el.value.trim() : "";
-  if (!value) return null;
+  if (!value || !shouldRenderFieldValue(el)) return null;
   if (el.type === "select") {
     return { label: "selected", value: value.slice(0, 60) };
   }
@@ -8212,6 +8477,8 @@ const COMPACT_FOCUS_INSTRUCTIONS = [
   "When read_page or inspect_element gives you an element index, prefer click(index=N) over selector-based clicks.",
   'If a product page has no visible purchase control, scroll and call read_page(mode="visible_only") again. Do not loop on generic inspect_element calls against navigation or unrelated regions.',
   "After adding an item to cart and going back, ALWAYS call read_page to see the current results. The system shows which products are already in your cart — do NOT click those again. Pick a DIFFERENT product from the list. If all visible results are already in cart, scroll down for more.",
+  'On search results pages, always call read_page(mode="results_only") first. Click products by their [#N] index from the Results section. Never click filter or sort links (e.g. Used, New, Format, Price).',
+  "After go_back, always call read_page before clicking. The page may have changed.",
   "Keep your reasoning short. Prefer taking the next tool action over writing a long plan."
 ];
 function buildInstructionBlock(instructions) {
@@ -8563,11 +8830,11 @@ function buildCompactScopedContext(page, mode, pageType = detectPageType(page))
   const primaryResultElements = getPrimaryResultLinks(page);
   const primaryResults = primaryResultElements.map(formatElement);
   if (primaryResults.length > 0) {
-    pushSection(
-      lines,
-      "### Primary Results",
-      primaryResults
-    );
+    lines.push("");
+    lines.push("### Results — click one of these to open a product");
+    lines.push(...primaryResults.map((item) => `- ${item}`));
+    lines.push("");
+    lines.push("IMPORTANT: Use click(index=N) on a result above. Do NOT click filter or sort links.");
   }
   if (pageType === "FORM" || pageType === "LOGIN" || mode === "forms_only") {
     pushSection(
@@ -8583,7 +8850,7 @@ function buildCompactScopedContext(page, mode, pageType = detectPageType(page))
     ).map(formatElement);
     pushSection(
       lines,
-      "### Visible Controls",
+      "### Page Controls (filters, sorts — avoid when selecting products)",
       visibleControls
     );
   }
@@ -10136,22 +10403,6 @@ function formatDeadLinkMessage(label, result) {
   const status = result.statusCode ? `HTTP ${result.statusCode}` : "dead link";
   return `Skipped stale link "${label}" because ${destination} returned ${status}. Try a different link or URL instead.`;
 }
-const ALLOWED_SCHEMES = /* @__PURE__ */ new Set(["http:", "https:"]);
-function isSafeNavigationURL(url) {
-  try {
-    const parsed = new URL(url);
-    return ALLOWED_SCHEMES.has(parsed.protocol);
-  } catch {
-    return false;
-  }
-}
-function assertSafeURL(url) {
-  if (!isSafeNavigationURL(url)) {
-    throw new Error(
-      `Blocked navigation to disallowed URL scheme: ${url.slice(0, 80)}`
-    );
-  }
-}
 async function captureScreenshot(wc) {
   for (let attempt = 0; attempt < 3; attempt += 1) {
     await new Promise((resolve) => setTimeout(resolve, 120 * (attempt + 1)));
@@ -10661,6 +10912,17 @@ function resolveTextTargetInDocument(doc, rawQuery, mode) {
       score += 30;
     }
     if (inViewport(el)) score += 25;
+    if (tag === "a") {
+      const href = htmlEl.href || "";
+      const filterParams = /\b(condition|binding|format|availability|sort|filter|price|category_id)\b=[^&]/i;
+      const filterPath = /\/(condition|binding|format|availability|sort|filter|price|category)\/[^/?#]+/i;
+      if (filterParams.test(href) || filterPath.test(href)) {
+        score -= 40;
+      }
+      if (/\b(used|new|paperback|hardcover|hardback|ebook|kindle|refine|clear all|remove filter)\b/.test(label)) {
+        score -= 30;
+      }
+    }
     return score;
   }
   function regionBonus(el) {
@@ -10865,6 +11127,10 @@ function formatCompactToolResult(name, result) {
 const DEFAULT_PAGE_SCRIPT_TIMEOUT_MS = 1500;
 const QUIET_NAVIGATION_WINDOW_MS = 1200;
 const PAGE_SCRIPT_TIMEOUT = /* @__PURE__ */ Symbol("page-script-timeout");
+async function loadPermittedUrl$1(wc, url) {
+  assertPermittedNavigationURL(url);
+  await wc.loadURL(url);
+}
 function pageBusyError(action) {
   return `Error: Page is still busy; ${action} timed out waiting for page scripts. Retry in a moment.`;
 }
@@ -11080,9 +11346,9 @@ function waitForLoad$1(wc, timeout = 5e3) {
       finish();
       return;
     }
-    wc.on("did-finish-load", onLoadEvent);
-    wc.on("did-stop-loading", onLoadEvent);
-    wc.on("did-fail-load", onLoadEvent);
+    wc.once("did-finish-load", onLoadEvent);
+    wc.once("did-stop-loading", onLoadEvent);
+    wc.once("did-fail-load", onLoadEvent);
   });
 }
 function waitForPotentialNavigation$1(wc, beforeUrl, timeout = 2500) {
@@ -11135,8 +11401,8 @@ function waitForPotentialNavigation$1(wc, beforeUrl, timeout = 2500) {
     wc.once("did-start-loading", onStart);
     wc.once("did-navigate", onNavigate);
     wc.once("did-navigate-in-page", onNavigateInPage);
-    wc.on("did-stop-loading", onNativeChange);
-    wc.on("page-title-updated", onNativeChange);
+    wc.once("did-stop-loading", onNativeChange);
+    wc.once("page-title-updated", onNativeChange);
   });
 }
 async function getPostNavSummary(wc) {
@@ -11336,7 +11602,7 @@ async function clickElement$1(wc, selector) {
 
       const rect = el.getBoundingClientRect();
       if (rect.width <= 0 || rect.height <= 0) {
-        return { error: "Error[hidden]: Element has no visible area" };
+        return { error: "Error[hidden]: Element has no visible area. It may be inside a collapsed, lazy-loaded, or virtual-scroll section. Scroll toward it (scroll or scroll_to_element) then call read_page to refresh visible elements before clicking again." };
       }
 
       const points = samplePoints(rect);
@@ -11903,6 +12169,12 @@ function getCartAddedSummary(url) {
 Already in cart (${count} items):
 ${items}`;
 }
+function clearCartState() {
+  cartAddedProducts.clear();
+  recentCartClicks.clear();
+  clickStreakUrl = null;
+  clickStreakCount = 0;
+}
 async function buildCartSuccessSuffix(wc, productUrl, overlayHint) {
   const productTitle = await getProductPageTitle(wc);
   recordProductAddedToCart(productUrl, productTitle);
@@ -11968,8 +12240,7 @@ Go back and select a different product.`;
       const hrefMatch = typeof result === "string" ? result.match(/\nhref: (https?:\/\/\S+)/) : null;
       if (hrefMatch) {
         try {
-          assertSafeURL(hrefMatch[1]);
-          await wc.loadURL(hrefMatch[1]);
+          await loadPermittedUrl$1(wc, hrefMatch[1]);
           await waitForLoad$1(wc, 8e3);
           const hrefUrl = wc.getURL();
           if (hrefUrl !== beforeUrl2) return `${result.split("\n")[0]} -> ${hrefUrl}`;
@@ -12036,8 +12307,7 @@ Go back and select a different product.`;
       const hrefMatch = typeof result === "string" ? result.match(/\nhref: (https?:\/\/\S+)/) : null;
       if (hrefMatch) {
         try {
-          assertSafeURL(hrefMatch[1]);
-          await wc.loadURL(hrefMatch[1]);
+          await loadPermittedUrl$1(wc, hrefMatch[1]);
           await waitForLoad$1(wc, 8e3);
           const hrefUrl = wc.getURL();
           if (hrefUrl !== beforeUrl2) return `${result.split("\n")[0]} -> ${hrefUrl}`;
@@ -12132,8 +12402,7 @@ ${postActivationOverlayHint}`;
     const validation = await validateLinkDestination(elInfo.href);
     if (validation.status !== "dead") {
       try {
-        assertSafeURL(elInfo.href);
-        await wc.loadURL(elInfo.href);
+        await loadPermittedUrl$1(wc, elInfo.href);
         await waitForLoad$1(wc, 8e3);
         const hrefFallbackUrl = wc.getURL();
         if (hrefFallbackUrl !== beforeUrl) {
@@ -13685,8 +13954,7 @@ async function submitForm$1(wc, args) {
     if (formInfo.params) {
       url.search = formInfo.params;
     }
-    assertSafeURL(url.toString());
-    wc.loadURL(url.toString());
+    await loadPermittedUrl$1(wc, url.toString());
     await waitForPotentialNavigation$1(wc, beforeUrl);
     const afterUrl = wc.getURL();
     return afterUrl !== beforeUrl ? `Submitted form via GET -> ${afterUrl}` : "Submitted form via GET";
@@ -14323,8 +14591,7 @@ async function searchPage(wc, args) {
     const shortcut = buildSearchShortcut(wc.getURL(), query);
     if (shortcut) {
       const beforeUrl2 = wc.getURL();
-      assertSafeURL(shortcut.url);
-      wc.loadURL(shortcut.url);
+      await loadPermittedUrl$1(wc, shortcut.url);
       await waitForPotentialNavigation$1(wc, beforeUrl2, 4e3);
       const afterUrl2 = wc.getURL();
       const applied = shortcut.appliedFilters.length > 0 ? ` (${shortcut.appliedFilters.join(", ")})` : "";
@@ -14480,6 +14747,18 @@ WARNING: You drifted to ${drift.targetDomain} but the task requires staying on $
         warnings += `${cartSummary}
 Select a DIFFERENT product that is not in the cart. Call read_page if needed to see available results.`;
       }
+      if (ctx.toolProfile === "compact" && name === "go_back") {
+        warnings += `
+Call read_page(mode="results_only") to see available products before clicking.`;
+      }
+    }
+    if (name === "click" && ctx.toolProfile === "compact") {
+      const filterParams = /\b(condition|binding|format|availability|sort|filter|price|category_id|view)\b=[^&]/i;
+      const filterPath = /\/(condition|binding|format|availability|sort|filter|price|category)\/[^/?#]+/i;
+      if (filterParams.test(currentUrl) || filterPath.test(currentUrl)) {
+        warnings += `
+WARNING: The clicked link appears to be a filter or sort control, not a product. If you intended to click a product, call go_back and use click(index=N) on a result from read_page(mode="results_only").`;
+      }
     }
     return `
 [state: url=${currentUrl}, title=${JSON.stringify(wc.getTitle() || "")}, canGoBack=${tab.canGoBack()}, canGoForward=${tab.canGoForward()}, loading=${wc.isLoading()}]${warnings}`;
@@ -15713,9 +15992,14 @@ async function handleAIQuery(query, provider, activeWebContents, onChunk, onEnd,
       const pageType = detectPageType(pageContent);
       const defaultReadMode = chooseAgentReadMode(pageContent);
       if (provider.agentToolProfile === "compact") {
+        const prevGoal = runtime2.getState().taskTracker?.goal?.trim();
         runtime2.ensureTaskTracker(query, pageContent.url || activeWebContents.getURL());
+        if (prevGoal !== query.trim()) {
+          clearCartState();
+        }
       } else {
         runtime2.clearTaskTracker();
+        clearCartState();
       }
       const structuredContext = provider.agentToolProfile === "compact" ? buildCompactScopedContext(
         pageContent,
@@ -16739,6 +17023,10 @@ function clearMcpAuthFile() {
 function asTextResponse(text) {
   return { content: [{ type: "text", text }] };
 }
+async function loadPermittedUrl(wc, url) {
+  assertPermittedNavigationURL(url);
+  await wc.loadURL(url);
+}
 function asPromptResponse(text) {
   return {
     messages: [
@@ -16938,7 +17226,7 @@ async function clickElement(wc, selector) {
 
       const rect = el.getBoundingClientRect();
       if (rect.width <= 0 || rect.height <= 0) {
-        return { error: "Element is not visible" };
+        return { error: "Element is not visible. It may be inside a collapsed, lazy-loaded, or virtual-scroll section. Scroll toward it (scroll or scroll_to_element) then call read_page to refresh visible elements before clicking again." };
       }
 
       const points = samplePoints(rect);
@@ -17058,7 +17346,7 @@ async function clickResolvedSelector(wc, selector) {
       const hrefMatch = typeof result === "string" ? result.match(/\nhref: (https?:\/\/\S+)/) : null;
       if (hrefMatch) {
         try {
-          await wc.loadURL(hrefMatch[1]);
+          await loadPermittedUrl(wc, hrefMatch[1]);
           await waitForLoad(wc, 8e3);
           const hrefUrl = wc.getURL();
           if (hrefUrl !== beforeUrl2) return `${result.split("\n")[0]} -> ${hrefUrl}`;
@@ -17111,7 +17399,7 @@ ${overlayHint2}${actionsSuffix}`;
       const hrefMatch = typeof result === "string" ? result.match(/\nhref: (https?:\/\/\S+)/) : null;
       if (hrefMatch) {
         try {
-          await wc.loadURL(hrefMatch[1]);
+          await loadPermittedUrl(wc, hrefMatch[1]);
           await waitForLoad(wc, 8e3);
           const hrefUrl = wc.getURL();
           if (hrefUrl !== beforeUrl2) return `${result.split("\n")[0]} -> ${hrefUrl}`;
@@ -17841,7 +18129,7 @@ async function hoverElement(wc, selector) {
         el.scrollIntoView({ behavior: 'instant', block: 'center', inline: 'center' });
       }
       const rect = el.getBoundingClientRect();
-      if (rect.width <= 0 || rect.height <= 0) return { error: 'Error[hidden]: Element has no visible area' };
+      if (rect.width <= 0 || rect.height <= 0) return { error: 'Error[hidden]: Element has no visible area. It may be inside a collapsed, lazy-loaded, or virtual-scroll section. Scroll toward it then call read_page to refresh visible elements.' };
       el.dispatchEvent(new MouseEvent('mouseover', { bubbles: true, cancelable: true }));
       el.dispatchEvent(new MouseEvent('mouseenter', { bubbles: false }));
       const label = (el.textContent || el.tagName || 'Element').trim().slice(0, 80);
@@ -18022,8 +18310,7 @@ async function submitForm(wc, index, selector) {
     if (formInfo.params) {
       url.search = formInfo.params;
     }
-    assertSafeURL(url.toString());
-    wc.loadURL(url.toString());
+    await loadPermittedUrl(wc, url.toString());
     await waitForPotentialNavigation(wc, beforeUrl);
     const afterUrl = wc.getURL();
     return afterUrl !== beforeUrl ? `Submitted form via GET -> ${afterUrl}` : "Submitted form via GET";
@@ -22175,7 +22462,7 @@ function registerIpcHandlers(windowState, runtime2) {
     return windowState.uiState.settingsOpen;
   });
   electron.ipcMain.handle(Channels.SETTINGS_GET, () => {
-    return loadSettings();
+    return getRendererSettings();
   });
   electron.ipcMain.handle(Channels.SETTINGS_HEALTH_GET, () => getRuntimeHealth());
   electron.ipcMain.handle(Channels.SETTINGS_SET, async (_, key, value) => {
@@ -22193,8 +22480,9 @@ function registerIpcHandlers(windowState, runtime2) {
       await stopMcpServer();
       await startMcpServer(tabManager, runtime2, updatedSettings.mcpPort);
     }
-    sendToRendererViews(Channels.SETTINGS_UPDATE, updatedSettings);
-    return updatedSettings;
+    const rendererSettings = getRendererSettings();
+    sendToRendererViews(Channels.SETTINGS_UPDATE, rendererSettings);
+    return rendererSettings;
   });
   electron.ipcMain.handle(Channels.AGENT_RUNTIME_GET, () => runtime2.getState());
   electron.ipcMain.handle(Channels.AGENT_PAUSE, () => runtime2.pause());
@@ -22409,21 +22697,44 @@ function registerIpcHandlers(windowState, runtime2) {
   electron.ipcMain.handle(Channels.PREMIUM_GET_STATE, () => {
     return getPremiumState();
   });
-  electron.ipcMain.handle(Channels.PREMIUM_ACTIVATE, async (_, email) => {
+  electron.ipcMain.handle(Channels.PREMIUM_ACTIVATION_START, async (_, email) => {
     assertString(email, "email");
     if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email.trim())) {
-      return { ok: false, state: getPremiumState(), error: "Invalid email format" };
+      return { ok: false, error: "Invalid email format" };
     }
     trackPremiumFunnel("activation_attempted");
-    const result = await activateWithEmail(email);
-    if (result.ok) {
-      trackPremiumFunnel("activation_succeeded", { status: result.state.status });
-      sendToRendererViews(Channels.PREMIUM_UPDATE, result.state);
-    } else {
-      trackPremiumFunnel("activation_failed", { status: result.state.status });
+    const result = await requestActivationCode(email);
+    if (!result.ok) {
+      trackPremiumFunnel("activation_failed");
     }
     return result;
   });
+  electron.ipcMain.handle(
+    Channels.PREMIUM_ACTIVATION_VERIFY,
+    async (_, email, code, challengeToken) => {
+      assertString(email, "email");
+      assertString(code, "code");
+      assertString(challengeToken, "challengeToken");
+      if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email.trim())) {
+        return {
+          ok: false,
+          state: getPremiumState(),
+          error: "Invalid email format"
+        };
+      }
+      trackPremiumFunnel("activation_attempted");
+      const result = await verifyActivationCode(email, code, challengeToken);
+      if (result.ok) {
+        trackPremiumFunnel("activation_succeeded", {
+          status: result.state.status
+        });
+        sendToRendererViews(Channels.PREMIUM_UPDATE, result.state);
+      } else {
+        trackPremiumFunnel("activation_failed", { status: result.state.status });
+      }
+      return result;
+    }
+  );
   electron.ipcMain.handle(Channels.PREMIUM_CHECKOUT, async (_, email) => {
     trackPremiumFunnel("checkout_clicked");
     const result = await getCheckoutUrl(email);