npm - @roomi-fields/notebooklm-mcp - Versions diffs - 1.3.6 → 1.5.1 - Mend

@roomi-fields/notebooklm-mcp 1.3.6 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (284) hide show

package/LICENSE +22 -22
package/README.md +71 -34
package/deployment/INDEX.md +292 -0
package/deployment/PACKAGE-FILES.txt +180 -0
package/deployment/QUICK-START.md +100 -0
package/deployment/docs/01-INSTALL.md +611 -0
package/deployment/docs/02-CONFIGURATION.md +404 -0
package/deployment/docs/03-API.md +1691 -0
package/deployment/docs/04-N8N-INTEGRATION.md +373 -0
package/deployment/docs/05-TROUBLESHOOTING.md +429 -0
package/deployment/docs/06-NOTEBOOK-LIBRARY.md +692 -0
package/deployment/docs/07-AUTO-DISCOVERY.md +236 -0
package/deployment/docs/08-WSL-USAGE.md +363 -0
package/deployment/docs/09-MULTI-INTERFACE.md +293 -0
package/deployment/docs/10-CONTENT-MANAGEMENT.md +421 -0
package/deployment/docs/11-MULTI-ACCOUNT.md +295 -0
package/deployment/docs/README.md +207 -0
package/deployment/scripts/README.md +564 -0
package/deployment/scripts/install.ps1 +114 -0
package/deployment/scripts/setup-auth.ps1 +217 -0
package/deployment/scripts/start-server.ps1 +72 -0
package/deployment/scripts/stop-server.ps1 +51 -0
package/deployment/scripts/test-api.ps1 +651 -0
package/deployment/scripts/test-auth.ps1 +323 -0
package/deployment/scripts/test-auto-discovery.ps1 +295 -0
package/deployment/scripts/test-cors.ps1 +398 -0
package/deployment/scripts/test-errors.ps1 +581 -0
package/deployment/scripts/test-server.ps1 +140 -0
package/deployment/scripts/test-sessions.ps1 +426 -0
package/deployment/scripts/test-validation.ps1 +299 -0
package/dist/accounts/account-manager.d.ts +163 -0
package/dist/accounts/account-manager.d.ts.map +1 -0
package/dist/accounts/account-manager.js +614 -0
package/dist/accounts/account-manager.js.map +1 -0
package/dist/accounts/auto-login-manager.d.ts +62 -0
package/dist/accounts/auto-login-manager.d.ts.map +1 -0
package/dist/accounts/auto-login-manager.js +537 -0
package/dist/accounts/auto-login-manager.js.map +1 -0
package/dist/accounts/crypto.d.ts +45 -0
package/dist/accounts/crypto.d.ts.map +1 -0
package/dist/accounts/crypto.js +138 -0
package/dist/accounts/crypto.js.map +1 -0
package/dist/accounts/index.d.ts +14 -0
package/dist/accounts/index.d.ts.map +1 -0
package/dist/accounts/index.js +14 -0
package/dist/accounts/index.js.map +1 -0
package/dist/accounts/types.d.ts +103 -0
package/dist/accounts/types.d.ts.map +1 -0
package/dist/accounts/types.js +7 -0
package/dist/accounts/types.js.map +1 -0
package/dist/auth/auth-manager.d.ts +9 -2
package/dist/auth/auth-manager.d.ts.map +1 -1
package/dist/auth/auth-manager.js +60 -6
package/dist/auth/auth-manager.js.map +1 -1
package/dist/auto-discovery/auto-discovery.d.ts.map +1 -1
package/dist/auto-discovery/auto-discovery.js +2 -1
package/dist/auto-discovery/auto-discovery.js.map +1 -1
package/dist/cli/accounts.d.ts +13 -0
package/dist/cli/accounts.d.ts.map +1 -0
package/dist/cli/accounts.js +195 -0
package/dist/cli/accounts.js.map +1 -0
package/dist/config.d.ts +1 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +24 -0
package/dist/config.js.map +1 -1
package/dist/content/content-generator.d.ts +153 -0
package/dist/content/content-generator.d.ts.map +1 -0
package/dist/content/content-generator.js +637 -0
package/dist/content/content-generator.js.map +1 -0
package/dist/content/content-manager.d.ts +364 -0
package/dist/content/content-manager.d.ts.map +1 -0
package/dist/content/content-manager.js +3841 -0
package/dist/content/content-manager.js.map +1 -0
package/dist/content/content-templates.d.ts +183 -0
package/dist/content/content-templates.d.ts.map +1 -0
package/dist/content/content-templates.js +719 -0
package/dist/content/content-templates.js.map +1 -0
package/dist/content/index.d.ts +14 -0
package/dist/content/index.d.ts.map +1 -0
package/dist/content/index.js +14 -0
package/dist/content/index.js.map +1 -0
package/dist/content/types.d.ts +285 -0
package/dist/content/types.d.ts.map +1 -0
package/dist/content/types.js +10 -0
package/dist/content/types.js.map +1 -0
package/dist/errors.d.ts +1 -1
package/dist/errors.d.ts.map +1 -1
package/dist/errors.js.map +1 -1
package/dist/http-wrapper.d.ts +7 -0
package/dist/http-wrapper.d.ts.map +1 -1
package/dist/http-wrapper.js +449 -29
package/dist/http-wrapper.js.map +1 -1
package/dist/i18n/en.json +120 -0
package/dist/i18n/fr.json +120 -0
package/dist/i18n/index.d.ts +168 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +213 -0
package/dist/i18n/index.js.map +1 -0
package/dist/index.js +26 -2
package/dist/index.js.map +1 -1
package/dist/library/notebook-library.d.ts +4 -0
package/dist/library/notebook-library.d.ts.map +1 -1
package/dist/library/notebook-library.js +20 -3
package/dist/library/notebook-library.js.map +1 -1
package/dist/session/browser-session.d.ts +35 -8
package/dist/session/browser-session.d.ts.map +1 -1
package/dist/session/browser-session.js +243 -28
package/dist/session/browser-session.js.map +1 -1
package/dist/session/session-manager.d.ts +6 -0
package/dist/session/session-manager.d.ts.map +1 -1
package/dist/session/session-manager.js +46 -14
package/dist/session/session-manager.js.map +1 -1
package/dist/session/shared-context-manager.d.ts +3 -3
package/dist/session/shared-context-manager.d.ts.map +1 -1
package/dist/session/shared-context-manager.js +10 -7
package/dist/session/shared-context-manager.js.map +1 -1
package/dist/stdio-http-proxy.d.ts +24 -0
package/dist/stdio-http-proxy.d.ts.map +1 -0
package/dist/stdio-http-proxy.js +592 -0
package/dist/stdio-http-proxy.js.map +1 -0
package/dist/tools/index.d.ts +106 -1
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +1028 -7
package/dist/tools/index.js.map +1 -1
package/dist/types.d.ts +81 -17
package/dist/types.d.ts.map +1 -1
package/dist/utils/citation-extractor.d.ts +66 -0
package/dist/utils/citation-extractor.d.ts.map +1 -0
package/dist/utils/citation-extractor.js +492 -0
package/dist/utils/citation-extractor.js.map +1 -0
package/dist/utils/page-utils.d.ts +8 -0
package/dist/utils/page-utils.d.ts.map +1 -1
package/dist/utils/page-utils.js +112 -8
package/dist/utils/page-utils.js.map +1 -1
package/docs/ADDING_A_LANGUAGE.md +209 -0
package/docs/ARCHITECTURE_MIGRATION_STUDY.md +894 -0
package/docs/CHROME_PROFILE_LIMITATION.md +15 -1
package/docs/MULTI_ACCOUNT_SYSTEM.md +304 -0
package/package.json +15 -12
package/scripts/archive/add-and-activate-notebook.ps1 +31 -0
package/scripts/archive/add-new-notebook.ps1 +25 -0
package/scripts/archive/add-rom1pey.ps1 +2 -0
package/scripts/archive/add-rpmonster.ps1 +2 -0
package/scripts/archive/add-source-debug.ps1 +11 -0
package/scripts/archive/add-source-e2e.ps1 +28 -0
package/scripts/archive/add-source-visible.ps1 +11 -0
package/scripts/archive/add-test-notebook.ps1 +13 -0
package/scripts/archive/add-test-source.ps1 +50 -0
package/scripts/archive/capture-screen.ps1 +11 -0
package/scripts/archive/change-language.mjs +45 -0
package/scripts/archive/change-language.ts +44 -0
package/scripts/archive/check-account.ps1 +19 -0
package/scripts/archive/check-notebook-2.ps1 +8 -0
package/scripts/archive/check-test-notebook.ps1 +11 -0
package/scripts/archive/create-notebook-auto.ps1 +31 -0
package/scripts/archive/create-notebook.ps1 +8 -0
package/scripts/archive/create-rom1pey-notebook.ps1 +19 -0
package/scripts/archive/create-rom1pey.ps1 +8 -0
package/scripts/archive/create-test-notebook-fresh.ps1 +21 -0
package/scripts/archive/create-test-notebook.ps1 +16 -0
package/scripts/archive/debug-add-source-auto.ps1 +29 -0
package/scripts/archive/debug-add-source.ps1 +19 -0
package/scripts/archive/debug-add-text-source.ps1 +47 -0
package/scripts/archive/debug-home.ps1 +10 -0
package/scripts/archive/debug-selectors.ps1 +55 -0
package/scripts/archive/debug-sources-panel.ps1 +22 -0
package/scripts/archive/debug-ui.ps1 +17 -0
package/scripts/archive/discover-home.ps1 +26 -0
package/scripts/archive/kill-automation-chrome.ps1 +37 -0
package/scripts/archive/list-my-notebooks.ps1 +27 -0
package/scripts/archive/navigate-home-visible.ps1 +23 -0
package/scripts/archive/navigate-home.ps1 +15 -0
package/scripts/archive/run-e2e-english.ps1 +111 -0
package/scripts/archive/run-e2e-rom1pey-v2.ps1 +122 -0
package/scripts/archive/run-e2e-rom1pey.ps1 +117 -0
package/scripts/archive/setup-english-test.ps1 +36 -0
package/scripts/archive/setup-test-notebook.ps1 +71 -0
package/scripts/archive/simple-add-source.ps1 +14 -0
package/scripts/archive/t10.ps1 +2 -0
package/scripts/archive/t20.ps1 +4 -0
package/scripts/archive/t30.ps1 +9 -0
package/scripts/archive/t31.ps1 +11 -0
package/scripts/archive/t32.ps1 +6 -0
package/scripts/archive/t39.ps1 +5 -0
package/scripts/archive/t40.ps1 +5 -0
package/scripts/archive/t53.ps1 +12 -0
package/scripts/archive/t54.ps1 +12 -0
package/scripts/archive/t55.ps1 +11 -0
package/scripts/archive/t9.ps1 +1 -0
package/scripts/archive/test-access.ps1 +28 -0
package/scripts/archive/test-add-delete-source.ps1 +64 -0
package/scripts/archive/test-add-source-visible.ps1 +16 -0
package/scripts/archive/test-add-source.ps1 +19 -0
package/scripts/archive/test-add-text-debug.ps1 +28 -0
package/scripts/archive/test-add-text-source.ps1 +8 -0
package/scripts/archive/test-add-url-source.ps1 +7 -0
package/scripts/archive/test-ask-ascii.ps1 +20 -0
package/scripts/archive/test-ask-cnv.ps1 +20 -0
package/scripts/archive/test-ask-headed.ps1 +51 -0
package/scripts/archive/test-ask-ifs.ps1 +16 -0
package/scripts/archive/test-ask-now.ps1 +24 -0
package/scripts/archive/test-ask-real.ps1 +19 -0
package/scripts/archive/test-ask-visible.ps1 +20 -0
package/scripts/archive/test-create-notebook.ps1 +8 -0
package/scripts/archive/test-create-then-add.ps1 +17 -0
package/scripts/archive/test-delete-source.ps1 +41 -0
package/scripts/archive/test-e2e-notebook.ps1 +21 -0
package/scripts/archive/test-english-notebook.ps1 +20 -0
package/scripts/archive/test-english.ps1 +7 -0
package/scripts/archive/test-full-custom-instructions.ps1 +40 -0
package/scripts/archive/test-full-infographic.ps1 +34 -0
package/scripts/archive/test-full-language.ps1 +21 -0
package/scripts/archive/test-full-presentation.ps1 +85 -0
package/scripts/archive/test-full-report.ps1 +34 -0
package/scripts/archive/test-full-source-selection.ps1 +35 -0
package/scripts/archive/test-full-video-brief.ps1 +22 -0
package/scripts/archive/test-full-video-explainer.ps1 +22 -0
package/scripts/archive/test-full-video-styles.ps1 +37 -0
package/scripts/archive/test-generate-report.ps1 +15 -0
package/scripts/archive/test-generate-study-guide.ps1 +11 -0
package/scripts/archive/test-headed-ask.ps1 +13 -0
package/scripts/archive/test-headed-now.ps1 +9 -0
package/scripts/archive/test-headed.ps1 +9 -0
package/scripts/archive/test-hello.ps1 +7 -0
package/scripts/archive/test-i18n-studio.ps1 +8 -0
package/scripts/archive/test-i18n.ps1 +7 -0
package/scripts/archive/test-manual-headed.ps1 +26 -0
package/scripts/archive/test-mathieu-quota.ps1 +8 -0
package/scripts/archive/test-notebook-1.ps1 +10 -0
package/scripts/archive/test-notebook-2-sources.ps1 +12 -0
package/scripts/archive/test-notebook1.ps1 +14 -0
package/scripts/archive/test-personal-notebook.ps1 +14 -0
package/scripts/archive/test-rate-limit.ps1 +19 -0
package/scripts/archive/test-real-ask.ps1 +50 -0
package/scripts/archive/test-real-ask2.ps1 +30 -0
package/scripts/archive/test-rom1pey.ps1 +7 -0
package/scripts/archive/test-rotation-complete.ps1 +14 -0
package/scripts/archive/test-rotation.ps1 +8 -0
package/scripts/archive/test-show-browser.ps1 +39 -0
package/scripts/archive/test-update-notebook.ps1 +4 -0
package/scripts/archive/verify-language-slow.ps1 +21 -0
package/scripts/archive/verify-language.ps1 +15 -0
package/scripts/check-server.ps1 +46 -0
package/scripts/mcp-wsl-helper.sh +146 -0
package/scripts/start-server.ps1 +94 -0
package/scripts/stop-server.ps1 +30 -0
package/scripts/switch-account-language.sh +191 -0
package/scripts/test-account.ps1 +58 -0
package/dist/__tests__/cleanup-manager.test.d.ts +0 -2
package/dist/__tests__/cleanup-manager.test.d.ts.map +0 -1
package/dist/__tests__/cleanup-manager.test.js +0 -341
package/dist/__tests__/cleanup-manager.test.js.map +0 -1
package/dist/__tests__/config-parsing.test.d.ts +0 -2
package/dist/__tests__/config-parsing.test.d.ts.map +0 -1
package/dist/__tests__/config-parsing.test.js +0 -338
package/dist/__tests__/config-parsing.test.js.map +0 -1
package/dist/__tests__/config.test.d.ts +0 -2
package/dist/__tests__/config.test.d.ts.map +0 -1
package/dist/__tests__/config.test.js +0 -267
package/dist/__tests__/config.test.js.map +0 -1
package/dist/__tests__/errors.test.d.ts +0 -2
package/dist/__tests__/errors.test.d.ts.map +0 -1
package/dist/__tests__/errors.test.js +0 -166
package/dist/__tests__/errors.test.js.map +0 -1
package/dist/__tests__/logger.test.d.ts +0 -2
package/dist/__tests__/logger.test.d.ts.map +0 -1
package/dist/__tests__/logger.test.js +0 -324
package/dist/__tests__/logger.test.js.map +0 -1
package/dist/__tests__/page-utils.test.d.ts +0 -2
package/dist/__tests__/page-utils.test.d.ts.map +0 -1
package/dist/__tests__/page-utils.test.js +0 -349
package/dist/__tests__/page-utils.test.js.map +0 -1
package/dist/__tests__/setup-verification.test.d.ts +0 -2
package/dist/__tests__/setup-verification.test.d.ts.map +0 -1
package/dist/__tests__/setup-verification.test.js +0 -15
package/dist/__tests__/setup-verification.test.js.map +0 -1
package/dist/__tests__/stealth-utils.test.d.ts +0 -2
package/dist/__tests__/stealth-utils.test.d.ts.map +0 -1
package/dist/__tests__/stealth-utils.test.js +0 -413
package/dist/__tests__/stealth-utils.test.js.map +0 -1
package/dist/__tests__/types.test.d.ts +0 -2
package/dist/__tests__/types.test.d.ts.map +0 -1
package/dist/__tests__/types.test.js +0 -461
package/dist/__tests__/types.test.js.map +0 -1

package/deployment/scripts/test-cors.ps1 ADDED Viewed

@@ -0,0 +1,398 @@
+#!/usr/bin/env pwsh
+#Requires -Version 5.1
+<#
+.SYNOPSIS
+    CORS configuration testing script for NotebookLM MCP HTTP Server API
+.DESCRIPTION
+    Tests CORS (Cross-Origin Resource Sharing) configuration:
+    - Default allowed origins (localhost ports)
+    - CORS headers in responses
+    - Preflight OPTIONS requests
+    - Origin header handling
+.PARAMETER BaseUrl
+    Base URL of the server (default: http://localhost:3000)
+.EXAMPLE
+    .\test-cors.ps1
+    Runs all CORS tests
+.NOTES
+    Prerequisite: The server must be started
+#>
+param(
+    [string]$BaseUrl = "http://localhost:3000"
+)
+# Colors for logs
+function Write-TestHeader {
+    param([string]$Message, [int]$Number, [int]$Total)
+    Write-Host "`n" -NoNewline
+    Write-Host "═══════════════════════════════════════════════════════" -ForegroundColor Magenta
+    Write-Host " [$Number/$Total] $Message" -ForegroundColor Cyan
+    Write-Host "═══════════════════════════════════════════════════════" -ForegroundColor Magenta
+}
+function Write-Success {
+    param([string]$Message)
+    Write-Host "✓ $Message" -ForegroundColor Green
+}
+function Write-Info {
+    param([string]$Message)
+    Write-Host "ℹ $Message" -ForegroundColor Yellow
+}
+function Write-ErrorUnexpected {
+    param([string]$Message)
+    Write-Host "✗ $Message" -ForegroundColor Red
+}
+# Banner
+Clear-Host
+Write-Host "`n" -NoNewline
+Write-Host "╔════════════════════════════════════════════════════════╗" -ForegroundColor Magenta
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "║         CORS CONFIGURATION TESTS - HTTP API            ║" -ForegroundColor Cyan
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "╚════════════════════════════════════════════════════════╝" -ForegroundColor Magenta
+Write-Host ""
+# Check that the server is accessible
+Write-Host "Checking connection to server..." -ForegroundColor Yellow
+try {
+    $null = Invoke-RestMethod -Uri "$BaseUrl/health" -TimeoutSec 5
+    Write-Success "Server accessible at $BaseUrl"
+} catch {
+    Write-ErrorUnexpected "Unable to connect to server at $BaseUrl"
+    Write-Host "Make sure the server is started" -ForegroundColor Yellow
+    exit 1
+}
+$TotalTests = 10
+$PassedTests = 0
+$FailedTests = 0
+# =============================================================================
+# TEST 1: Request without Origin header (should work)
+# =============================================================================
+Write-TestHeader "Request without Origin header (same-origin)" 1 $TotalTests
+try {
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -TimeoutSec 10
+    if ($response.StatusCode -eq 200) {
+        Write-Success "Request without Origin header accepted"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Unexpected status code: $($response.StatusCode)"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 2: Request with allowed Origin (localhost:3000)
+# =============================================================================
+Write-TestHeader "Request with allowed Origin: localhost:3000" 2 $TotalTests
+try {
+    $headers = @{ "Origin" = "http://localhost:3000" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader -eq "http://localhost:3000" -or $corsHeader -eq "*") {
+        Write-Success "CORS header returned for allowed origin"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Missing or incorrect CORS header: $corsHeader"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 3: Request with allowed Origin (localhost:5678 - n8n)
+# =============================================================================
+Write-TestHeader "Request with allowed Origin: localhost:5678 (n8n)" 3 $TotalTests
+try {
+    $headers = @{ "Origin" = "http://localhost:5678" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader -eq "http://localhost:5678" -or $corsHeader -eq "*") {
+        Write-Success "CORS header returned for n8n origin"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Missing or incorrect CORS header: $corsHeader"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 4: Request with allowed Origin (127.0.0.1:3000)
+# =============================================================================
+Write-TestHeader "Request with allowed Origin: 127.0.0.1:3000" 4 $TotalTests
+try {
+    $headers = @{ "Origin" = "http://127.0.0.1:3000" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader -eq "http://127.0.0.1:3000" -or $corsHeader -eq "*") {
+        Write-Success "CORS header returned for 127.0.0.1 origin"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Missing or incorrect CORS header: $corsHeader"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 5: Request with blocked Origin (external domain)
+# =============================================================================
+Write-TestHeader "Request with external Origin (should be blocked)" 5 $TotalTests
+try {
+    $headers = @{ "Origin" = "https://malicious-site.com" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+    # Request should still succeed (CORS is browser-enforced), but check header
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($null -eq $corsHeader -or $corsHeader -eq "") {
+        Write-Success "External origin correctly blocked (no CORS header)"
+        $PassedTests++
+    } elseif ($corsHeader -eq "https://malicious-site.com") {
+        Write-ErrorUnexpected "External origin was allowed! Security issue."
+        $FailedTests++
+    } else {
+        Write-Info "Response received, CORS header: $corsHeader"
+        # If wildcard is configured, this is expected
+        if ($corsHeader -eq "*") {
+            Write-Info "Wildcard CORS configured (intentional?)"
+        }
+        $PassedTests++
+    }
+} catch {
+    # If blocked at server level, that's also acceptable
+    Write-Success "External origin request handled"
+    $PassedTests++
+}
+# =============================================================================
+# TEST 6: OPTIONS preflight request
+# =============================================================================
+Write-TestHeader "OPTIONS preflight request" 6 $TotalTests
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Method" = "POST"
+        "Access-Control-Request-Headers" = "Content-Type"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+    if ($response.StatusCode -eq 200 -or $response.StatusCode -eq 204) {
+        $allowMethods = $response.Headers["Access-Control-Allow-Methods"]
+        $allowHeaders = $response.Headers["Access-Control-Allow-Headers"]
+        Write-Success "Preflight request successful (status: $($response.StatusCode))"
+        if ($allowMethods) { Write-Info "Allow-Methods: $allowMethods" }
+        if ($allowHeaders) { Write-Info "Allow-Headers: $allowHeaders" }
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Unexpected status code: $($response.StatusCode)"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Preflight request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 7: CORS headers include required methods
+# =============================================================================
+Write-TestHeader "CORS allows required HTTP methods" 7 $TotalTests
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Method" = "DELETE"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+    $allowMethods = $response.Headers["Access-Control-Allow-Methods"]
+    if ($allowMethods) {
+        $requiredMethods = @("GET", "POST", "PUT", "DELETE")
+        $allPresent = $true
+        foreach ($method in $requiredMethods) {
+            if ($allowMethods -notlike "*$method*") {
+                Write-Info "Missing method: $method"
+                $allPresent = $false
+            }
+        }
+        if ($allPresent) {
+            Write-Success "All required HTTP methods allowed"
+            Write-Info "Methods: $allowMethods"
+            $PassedTests++
+        } else {
+            Write-ErrorUnexpected "Some required methods missing"
+            $FailedTests++
+        }
+    } else {
+        Write-ErrorUnexpected "No Access-Control-Allow-Methods header"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 8: CORS allows Content-Type header
+# =============================================================================
+Write-TestHeader "CORS allows Content-Type header" 8 $TotalTests
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Headers" = "Content-Type"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+    $allowHeaders = $response.Headers["Access-Control-Allow-Headers"]
+    if ($allowHeaders -and $allowHeaders -like "*Content-Type*") {
+        Write-Success "Content-Type header allowed"
+        Write-Info "Allowed headers: $allowHeaders"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Content-Type not in allowed headers: $allowHeaders"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# TEST 9: POST request with Origin header
+# =============================================================================
+Write-TestHeader "POST /ask with Origin header" 9 $TotalTests
+try {
+    $headers = @{ "Origin" = "http://localhost:5678" }
+    $body = @{ question = "test" } | ConvertTo-Json
+    # This will likely fail due to auth, but we're testing CORS
+    $response = Invoke-WebRequest -Uri "$BaseUrl/ask" -Method Post -Headers $headers -Body $body -ContentType "application/json" -TimeoutSec 10
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader) {
+        Write-Success "CORS header present on POST response"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "No CORS header on POST response"
+        $FailedTests++
+    }
+} catch {
+    # Check if CORS headers are present even on error responses
+    $errorResponse = $_.Exception.Response
+    if ($errorResponse) {
+        # PowerShell doesn't easily expose headers on error responses
+        # Consider this passed if we got a proper HTTP response
+        Write-Success "POST request handled (CORS checked at browser level)"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Request failed completely: $($_.Exception.Message)"
+        $FailedTests++
+    }
+}
+# =============================================================================
+# TEST 10: CORS allows Authorization header
+# =============================================================================
+Write-TestHeader "CORS allows Authorization header" 10 $TotalTests
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Headers" = "Authorization"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+    $allowHeaders = $response.Headers["Access-Control-Allow-Headers"]
+    if ($allowHeaders -and $allowHeaders -like "*Authorization*") {
+        Write-Success "Authorization header allowed"
+        Write-Info "Allowed headers: $allowHeaders"
+        $PassedTests++
+    } else {
+        Write-Info "Authorization not explicitly listed (may still work)"
+        # Not critical - some setups don't need Authorization header
+        $PassedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+# =============================================================================
+# FINAL SUMMARY
+# =============================================================================
+Write-Host "`n" -NoNewline
+Write-Host "╔════════════════════════════════════════════════════════╗" -ForegroundColor Magenta
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "║              CORS TEST SUMMARY                         ║" -ForegroundColor Cyan
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "╚════════════════════════════════════════════════════════╝" -ForegroundColor Magenta
+Write-Host ""
+$TotalExecuted = $PassedTests + $FailedTests
+$SuccessRate = if ($TotalExecuted -gt 0) { [math]::Round(($PassedTests / $TotalExecuted) * 100, 1) } else { 0 }
+Write-Host "Total tests: $TotalTests" -ForegroundColor White
+Write-Host "Tests passed: " -NoNewline -ForegroundColor White
+Write-Host "$PassedTests" -ForegroundColor Green
+Write-Host "Tests failed: " -NoNewline -ForegroundColor White
+Write-Host "$FailedTests" -ForegroundColor $(if($FailedTests -gt 0){"Red"}else{"Green"})
+Write-Host "Success rate: " -NoNewline -ForegroundColor White
+Write-Host "$SuccessRate%" -ForegroundColor $(if($SuccessRate -eq 100){"Green"}elseif($SuccessRate -ge 80){"Yellow"}else{"Red"})
+Write-Host ""
+if ($FailedTests -eq 0) {
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Green
+    Write-Host "  ✓ ALL CORS CONFIGURATION TESTS PASSED!" -ForegroundColor Green
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Green
+    exit 0
+} else {
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Yellow
+    Write-Host "  ⚠ SOME CORS TESTS FAILED" -ForegroundColor Yellow
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Yellow
+    Write-Host ""
+    Write-Host "See details above to identify the issues." -ForegroundColor Yellow
+    exit 1
+}