@trusty-squire/mcp 0.6.14-rc.9 → 0.6.14

package/dist/bot/agent.js

@@ -8,7 +8,7 @@
 // executor; the prompt is the contract. If a service breaks we tweak the
 // prompt rather than threading service-specific logic through the agent.
 import { rankAndCapInventory, scoreSignupButton } from "./browser.js";
-import { OAUTH_PROVIDERS, extractOAuthScopes, } from "./oauth-providers.js";
+import { OAUTH_PROVIDERS, extractOAuthScopes, isGitHubDismissible2faSetup, GITHUB_DISMISSIBLE_2FA_SKIP_TEXT, } from "./oauth-providers.js";
 import { extractGoogleNumberMatch, scrapeGoogleScopePhrases } from "./google-login.js";
 import { loggedInProviders, clearProviderLoggedIn } from "./login-state.js";
 import { saveDebugSnapshot } from "./debug.js";
@@ -59,19 +59,45 @@ const VERIFICATION_PROBE_SECONDS = 45;
 // without a key and the page reads like this, the run ends
 // `onboarding_blocked` rather than grep-looping a wall it cannot
 // satisfy (the S3-class trap named in the plan's failure modes).
+//
+// rc.27 — patterns are regexes (not substrings) so word boundaries
+// hold. `isAtPaywall` also rejects matches preceded by a negator
+// ("no", "without", "doesn't require", …) so a free-plan blurb like
+// "No credit card required, no hidden fees" — the exact phrase that
+// false-positively halted the IPInfo run on rc.26 — no longer
+// triggers a paywall verdict.
 const ONBOARDING_PAYWALL_PATTERNS = [
-    "add a payment method",
-    "add a credit card",
-    "add credit card",
-    "payment method required",
-    "a payment method is required",
-    "credit card required",
-    "enter your card",
-    "enter your payment",
-    "enter payment details",
-    "upgrade your plan to",
-    "start your paid plan",
+    /\badd\s+a\s+payment\s+method\b/i,
+    /\badd\s+(?:a\s+)?credit\s+card\b/i,
+    /\bpayment\s+method\s+(?:is\s+)?required\b/i,
+    /\bcredit\s+card\s+required\b/i,
+    /\benter\s+your\s+card\b/i,
+    /\benter\s+your\s+payment\b/i,
+    /\benter\s+payment\s+details\b/i,
+    /\bupgrade\s+your\s+plan\s+to\b/i,
+    /\bstart\s+your\s+paid\s+plan\b/i,
 ];
+// Negators that, if they appear in the ~30 characters immediately
+// before a paywall pattern match, flip its meaning from a demand
+// to a marketing reassurance. "No", "without", "doesn't require",
+// "don't need", "isn't".
+const PAYWALL_NEGATION_PREFIX = /\b(?:no|without|doesn'?t\s+(?:need|require)|don'?t\s+(?:need|require)|isn'?t)\s+$/i;
+// Exported for unit testing — the post-OAuth heuristic distinguishing
+// "the dashboard is asking for a card before issuing a key" from "the
+// dashboard happens to mention cards on a marketing tile".
+export function isAtPaywall(text) {
+    for (const pattern of ONBOARDING_PAYWALL_PATTERNS) {
+        const m = pattern.exec(text);
+        if (m === null)
+            continue;
+        const start = Math.max(0, m.index - 30);
+        const prefix = text.slice(start, m.index);
+        if (PAYWALL_NEGATION_PREFIX.test(prefix))
+            continue;
+        return true;
+    }
+    return false;
+}
 // S3: does this post-submit page text indicate the service genuinely
 // expects the user to confirm via email? Drives whether the bot polls the
 // full verification timeout or runs only a short probe. Exported so the
@@ -326,6 +352,39 @@ export function formatInventory(inventory) {
                 ? `value="" (EMPTY — fill before submitting)`
                 : `value=${JSON.stringify(e.value.slice(0, 60))}`);
         }
+        // <select> state. `value=""` is the React-defaulted-placeholder
+        // pattern (the first option's value is empty, common for
+        // "No workspace" / "Select…" / "Choose…" prompts). React Hook
+        // Form treats those fields as untouched and silently rejects
+        // submits — Railway's token-creation form was the canonical
+        // case. The planner needs the selected text and the option
+        // list to issue an explicit `select` step before clicking
+        // submit. Selectors run to end-of-line, so this annotation goes
+        // BEFORE the trailing `selector=`.
+        //
+        // rc.17: suppress the DEFAULTED marker for selects we've already
+        // selected (data-ts-touched). A successful selectOption to a
+        // value="" option leaves value=="" but the form-state is
+        // committed — without this suppression the planner would see
+        // DEFAULTED again next round and re-select indefinitely.
+        if (e.tag === "select") {
+            const selectedText = e.selectedOptionText ?? "";
+            const isDefaulted = e.value !== null && e.value !== undefined && e.value.length === 0;
+            const alreadyTouched = e.interactedThisRun === true;
+            bits.push(isDefaulted && !alreadyTouched
+                ? `value="" selected=${JSON.stringify(selectedText)} (DEFAULTED — pick an explicit option before submitting)`
+                : `value=${JSON.stringify((e.value ?? "").slice(0, 60))} selected=${JSON.stringify(selectedText)}${alreadyTouched ? " (touched — already selected by bot)" : ""}`);
+            if (e.selectOptions !== null && e.selectOptions !== undefined && e.selectOptions.length > 0) {
+                const optionTexts = e.selectOptions
+                    .map((o) => o.text || `(value=${JSON.stringify(o.value)})`)
+                    .filter((t) => t.length > 0)
+                    .slice(0, 6)
+                    .map((t) => JSON.stringify(t))
+                    .join(", ");
+                if (optionTexts.length > 0)
+                    bits.push(`options=[${optionTexts}]`);
+            }
+        }
         const label = e.labelText ?? e.ariaLabel;
         if (label !== null && label !== undefined) {
             bits.push(`label=${JSON.stringify(label)}`);
@@ -477,24 +536,80 @@ export function detectAntiBotBlock(html) {
         return "Imperva";
     return null;
 }
-// F17 — True when the inventory looks like an authenticated
-// dashboard rather than a sign-up page. Triggers when a prior OAuth
-// bind already linked the account and the service auto-redirects
-// past the sign-in widget on the next visit. Detection signals:
-//   - At least one element whose visible text matches an
-//     authenticated-state keyword (Sign out / Log out / Dashboard /
-//     Projects / Settings / Profile / Account)
-//   - No email/password input fields visible (a true sign-up page
-//     virtually always has at least one)
-// Conservative — both conditions must hold.
-export function detectAlreadySignedIn(inventory) {
-    const AUTH_KEYWORDS = /^\s*(?:sign out|log out|dashboard|projects|settings|profile|my account|account settings|workspaces)\s*$/i;
-    const hasAuthMarker = inventory.some((e) => AUTH_KEYWORDS.test((e.visibleText ?? e.ariaLabel ?? "").trim()));
-    if (!hasAuthMarker)
-        return false;
+// F17 — True when the page looks like an authenticated dashboard
+// rather than a sign-up page. Triggers when a prior OAuth bind
+// already linked the account and the service auto-redirects past
+// the sign-in widget on the next visit.
+//
+// **Universal precondition**: no email/password/tel input visible.
+// A true sign-up page virtually always has at least one; if any
+// such input is present, we are NOT authenticated regardless of
+// what other markers the page carries.
+//
+// **Positive signals (any one fires authentication)**:
+//   1. Explicit nav keyword (Sign out / Log out / Dashboard /
+//      Projects / Settings / Profile / Account / Workspaces) —
+//      the canonical strict-match path. Works for Sentry,
+//      OpenRouter, Postmark, etc. — sites with a real nav bar.
+//   2. Billing / trial widget visible ("$X.XX left", "N days left",
+//      "Trial") — these only render to authenticated users. Caught
+//      Railway's `/new` page where the only post-login marker was
+//      the "28 days or $5.00 leftTrial" button.
+//   3. Dashboard-route URL (path contains /new, /dashboard,
+//      /projects, /account, /settings, /workspace) AND a creation
+//      CTA visible ("New project", "Create", "New <X>") — paired
+//      signal that catches sparse SPAs whose entire layout is a
+//      single create-form on a logged-in URL.
+//
+// rc.18: signals 2 and 3 added. Previously only signal 1 was
+// checked; Railway's project-creation widget tripped the form-fill
+// fallback (and a low-confidence LLM plan that filled "Empty
+// Project" then waited for a verification email that never came).
+export function detectAlreadySignedIn(args) {
+    const { inventory, url } = args;
+    // Precondition: any visible credential input → not authenticated.
     const hasCredentialInput = inventory.some((e) => e.tag === "input" &&
         (e.type === "email" || e.type === "password" || e.type === "tel"));
-    return !hasCredentialInput;
+    if (hasCredentialInput)
+        return false;
+    const visibleTextOf = (e) => `${e.visibleText ?? ""} ${e.ariaLabel ?? ""}`.trim();
+    // Signal 1 — strict nav-keyword match (the canonical Sentry-class case).
+    const AUTH_KEYWORDS = /^\s*(?:sign out|log out|dashboard|projects|settings|profile|my account|account settings|workspaces)\s*$/i;
+    if (inventory.some((e) => AUTH_KEYWORDS.test((e.visibleText ?? e.ariaLabel ?? "").trim()))) {
+        return true;
+    }
+    // Signal 2 — billing / trial widget. Patterns observed in the wild:
+    //   "28 days or $5.00 leftTrial" (Railway, no separator)
+    //   "Trial" (most SaaS)
+    //   "$N left" / "N days left" / "remaining"
+    const BILLING = /(?:\$\d+(?:\.\d+)?\s*(?:left|remaining)|\d+\s*days?\s*(?:left|remaining|trial)|\btrial\b)/i;
+    if (inventory.some((e) => BILLING.test(visibleTextOf(e)))) {
+        return true;
+    }
+    // Signal 3 — dashboard-route URL + creation CTA visible.
+    // The URL gate is conservative: a path that READS as dashboard,
+    // not /login or /signup or /. Combined with a creation CTA
+    // ("New project", "Create workspace", "+ New") it pins the
+    // page as a post-login surface.
+    let dashboardyPath = false;
+    try {
+        const parsed = new URL(url);
+        dashboardyPath =
+            /\/(?:new|dashboard|projects?|account|settings|workspace|home)(?:\/|$)/i.test(parsed.pathname) && !/\/(?:signup|sign-up|register|login|sign-in|signin)/i.test(parsed.pathname);
+    }
+    catch {
+        // Malformed URL — skip URL signal.
+    }
+    if (dashboardyPath) {
+        const CREATION_CTA = /^\s*(?:\+\s*)?(?:new\s+(?:project|workspace|team|app|site|deployment|api\s*key)|create(?:\s+(?:new|a|project|workspace))?)/i;
+        if (inventory.some((e) => {
+            const t = e.visibleText ?? e.ariaLabel ?? "";
+            return CREATION_CTA.test(t.trim());
+        })) {
+            return true;
+        }
+    }
+    return false;
 }
 // True when the page has no fillable text input AND no button that
 // reads as an email-signup option — a genuinely OAuth/SSO-only
@@ -733,6 +848,33 @@ export function isTruncatedCapture(sourceText, capturedKey) {
     // help text.
     return /^\s*(?:\.{3,}|…)/.test(after);
 }
+// rc.28 — when the regex library doesn't recognize the credential
+// shape (e.g. IPInfo's 14-char hex token has no service-prefix and
+// no nearby "API key" label, so extractApiKeyFromText returns null),
+// the Claude vision planner often still quotes the value in its
+// `extract` step reason — e.g. "The API token 'fd3afcbe09648c' is
+// fully visible on the dashboard under 'API Access'". This pulls
+// quoted credential-shaped substrings from the reason, then keeps
+// only those that appear verbatim in the page text — the
+// verbatim-in-DOM check is the guardrail against accepting a
+// hallucinated value. Exported for unit testing.
+export function extractQuotedTokenFromReason(reason, pageText) {
+    // Single/double/back quotes around a credential-shaped value.
+    // Min 10 chars filters out short UI words ("Yes", "Copy"); max 80
+    // is the same ceiling extractApiKeyFromText effectively uses via
+    // its MAX_CREDENTIAL_LENGTH counterpart. Character class matches
+    // what real API tokens look like: alphanumeric, underscores,
+    // hyphens; no spaces, no punctuation that would gather UI text.
+    const matches = reason.matchAll(/['"`]([A-Za-z0-9_\-]{10,80})['"`]/g);
+    for (const m of matches) {
+        const candidate = m[1];
+        if (candidate === undefined)
+            continue;
+        if (pageText.includes(candidate))
+            return candidate;
+    }
+    return null;
+}
 export function extractApiKeyFromText(text) {
     const prefixed = [
         /\bre_[a-zA-Z0-9_]{20,}\b/, // Resend (key body contains underscores)
@@ -886,6 +1028,17 @@ export class SignupAgent {
             return { found: false, solved: false, blocked: false, kind: "turnstile" };
         }
         steps.push(`${label} captcha (${result.kind}): ${result.solved ? "solved" : "NOT solved (timeout)"}`);
+        // rc.32 — forensic snapshot after the captcha attempt. Without
+        // this, the only snapshot near the captcha is the pre-fill one
+        // taken BEFORE the click, so when a Turnstile fails to solve we
+        // can't tell whether (a) the bot's click didn't register (widget
+        // remains in initial state), (b) the click registered but
+        // Cloudflare immediately rejected it (red X / re-challenge), or
+        // (c) the click registered and a challenge grid rendered that
+        // we can't solve. Each path takes a different fix. Solved runs
+        // also save the snapshot — green-checkmark state is useful
+        // forensic data for tuning the success-detection regex.
+        await saveDebugSnapshot(this.browser, `captcha-after-${result.solved ? "solved" : "timeout"}`);
         // Classify the widget for spike telemetry — a pure read, after the
         // solve attempt so the challenge grid (if any) has had time to render.
         const detected = await this.browser.detectCaptchaVariant();
@@ -958,6 +1111,14 @@ export class SignupAgent {
         let emptyPlans = 0;
         let oauthScanRetries = 0;
         let hint;
+        // rc.31 — once the bot has explicitly clicked an email-flow
+        // button (e.g. Railway's "Log in using email" two-stage chooser),
+        // stay on the email path. Without this, the auto-OAuth-first
+        // detection on the *next* iteration sees the now-revealed
+        // "Continue with Google" button and reroutes — exactly the
+        // regression that produced the Security Code challenge on
+        // methoxine's account during the rc.30 Railway run.
+        let committedToEmailPath = false;
         const oauthCandidates = await this.resolveOAuthCandidates(task, steps);
         for (;;) {
             await this.browser.waitForFormReady();
@@ -984,7 +1145,13 @@ export class SignupAgent {
             // provider when one was requested, else every provider the profile
             // has a session for. Absent any affordance, fall through to
             // form-fill.
-            if (oauthCandidates.length > 0) {
+            //
+            // rc.31 — skip the OAuth-first scan when we've already committed
+            // to the email path on a previous round. Otherwise a two-stage
+            // chooser ("Log in using email" → reveals a page with both an
+            // email input AND a Google button) reroutes us back to OAuth on
+            // the second round.
+            if (oauthCandidates.length > 0 && !committedToEmailPath) {
                 const hit = findFirstOAuthButton(inventory, oauthCandidates);
                 if (hit !== null) {
                     const label = OAUTH_PROVIDERS[hit.provider].label;
@@ -1014,8 +1181,8 @@ export class SignupAgent {
                 // path entirely and route to the post-OAuth navigation loop
                 // to find the API key — same path Sentry/OpenRouter use post-
                 // handshake.
-                if (detectAlreadySignedIn(inventory)) {
-                    steps.push("Auto-OAuth: page shows dashboard markers (Sign out / Dashboard / etc.) — " +
+                if (detectAlreadySignedIn({ inventory, url: state.url })) {
+                    steps.push("Auto-OAuth: page shows authenticated-state markers (nav keyword, billing widget, or dashboard URL + create CTA) — " +
                         "treating as already authenticated, jumping to post-verify navigation");
                     return { kind: "already_oauth" };
                 }
@@ -1103,6 +1270,23 @@ export class SignupAgent {
                 continue;
             }
             await this.executePlan(plan, fillValues, steps, bySelector);
+            // rc.31 — flag the email-path commitment once we've executed a
+            // click whose reason explicitly targets an "email" affordance
+            // (Railway's "Log in using email", Vercel's "Continue with
+            // email", etc.). Subsequent OAuth-first scans will then be
+            // suppressed so we don't reroute back to Google/GitHub on the
+            // revealed page (the rc.30 Railway regression: clicking the
+            // email button revealed a page with BOTH an email input AND a
+            // Google button; without this flag the bot picks Google and
+            // triggers the Security Code challenge that methoxine can't
+            // navigate). One-way flag — once we're on email, we stay.
+            if (!committedToEmailPath) {
+                const emailClick = plan.actions.find((a) => a.kind === "click" && /\bemail\b/i.test(a.reason));
+                if (emailClick !== undefined) {
+                    committedToEmailPath = true;
+                    steps.push("Committed to email-fill path — auto-OAuth-first scan suppressed for the rest of this signup");
+                }
+            }
             // A plan with no fill actions either revealed/advanced the page
             // (a cookie banner, a two-stage "sign up with email" chooser) —
             // worth a re-plan — or found nothing actionable at all. A
@@ -1321,6 +1505,10 @@ export class SignupAgent {
     // diagnosed without users needing to configure debug env vars.
     // Wired from the MCP layer; undefined in unit-test contexts.
     extractFailureUploader;
+    // Per-round telemetry uploader (0.6.14-rc.11). Fires on every post-
+    // verify round so the registry has the full DOM + screenshot trail
+    // for any stuck signup, not just the ones that fail at extract.
+    roundUploader;
     // Set per-task in signup(). Lets the uploader know which service
     // was being provisioned without threading it through every call.
     currentService = "";
@@ -1342,6 +1530,9 @@ export class SignupAgent {
         if (opts.extractFailureUploader !== undefined) {
             this.extractFailureUploader = opts.extractFailureUploader;
         }
+        if (opts.roundUploader !== undefined) {
+            this.roundUploader = opts.roundUploader;
+        }
     }
     // Read-only view of how many calls landed on which backend. Exported
     // through SignupResult.llm_backends so tests and ops can verify the
@@ -1815,6 +2006,27 @@ export class SignupAgent {
         const loginCmd = provider.id === "github"
             ? "npx @trusty-squire/mcp login --provider=github"
             : "npx @trusty-squire/mcp login";
+        // rc.22 — OpenRouter (Clerk) renders a visible Cloudflare Turnstile
+        // checkbox at the bottom of the same form as the OAuth buttons.
+        // Clerk's Google button stops at a loading spinner if Turnstile
+        // hasn't been completed — the OAuth click never redirects, the bot
+        // sees URL unchanged and times out. clickSubmit handles this for
+        // form-submit paths, but OAuth-first bypasses clickSubmit. Run the
+        // tier-2 solver here too. Best-effort: a missing widget no-ops, a
+        // failed solve still proceeds (the click may still work for some
+        // services that don't gate OAuth on Turnstile).
+        try {
+            const captcha = await this.browser.solveVisibleCaptcha(20_000);
+            if (captcha.found) {
+                steps.push(captcha.solved
+                    ? `OAuth: ticked the visible ${captcha.kind ?? "captcha"} checkbox before clicking the ${provider.label} affordance`
+                    : `OAuth: visible ${captcha.kind ?? "captcha"} present but did not solve in 20s — clicking the ${provider.label} affordance anyway`);
+            }
+        }
+        catch (err) {
+            // Solver is best-effort; never block OAuth on its failure.
+            steps.push(`OAuth: visible-captcha precheck failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`);
+        }
         steps.push(`OAuth: clicking the ${provider.label} sign-in affordance`);
         await this.browser.startOAuth(oauthSelector);
         await this.browser.wait(3);
@@ -1848,26 +2060,71 @@ export class SignupAgent {
             if (authState === "not_provider")
                 break; // flow left the provider — back on the service
             if (authState === "challenge") {
-                // Google's number-match challenge ("Tap N on your phone") is
-                // resolvable by the user without re-running the login flow —
-                // surface the number and wait for them to complete it.
+                // rc.26 — always capture forensic state at the moment the
+                // challenge is detected. Before this, snapshots fired only at
+                // before-fill / oauth-after-click / oauth-post-consent — none
+                // covered the challenge page itself. When
+                // extractGoogleNumberMatch's patterns don't match the current
+                // Google phrasing, this is the only artifact the user can read
+                // to find the number to tap.
+                await saveDebugSnapshot(this.browser, "google-challenge");
                 if (provider.id === "google") {
                     const matchNum = extractGoogleNumberMatch(body);
                     if (matchNum !== null) {
+                        // rc.26 — surface in real-time via stderr as well as the
+                        // step trail. The step trail only renders after the run
+                        // ends; stderr lands in the harvester output immediately,
+                        // inside the 2-minute window the user has to react.
+                        console.error(`[universal-bot] GOOGLE NUMBER-MATCH: tap "${matchNum}" on your phone — 2 minute window`);
                         steps.push(`Google: match the number ${matchNum} on your phone — ` +
                             `open the Google app on your phone and tap ${matchNum}`);
-                        const cleared = await this.waitForGoogleChallenge(provider, steps);
-                        if (!cleared) {
-                            return this.oauthAbort("needs_login", `Google number-match challenge timed out after 2 minutes. ` +
-                                `Re-run \`${loginCmd}\`, complete the challenge in the window, then retry.`, steps);
-                        }
-                        steps.push("Google: challenge cleared — continuing OAuth");
-                        // Re-classify on the next iteration without burning the
-                        // OAuth-navigation budget (which assumes continuous
-                        // browser progress, not a 2-minute human pause).
+                    }
+                    else {
+                        // Extractor missed the number — Google phrasing has
+                        // drifted again. Surface a banner so the user knows to
+                        // check the just-saved snapshot before the 2-minute wait
+                        // expires.
+                        console.error(`[universal-bot] GOOGLE CHALLENGE detected (number-match phrasing not recognized) — ` +
+                            `read the most recent google-challenge.png in the debug dir to find the number — 2 minute window`);
+                        steps.push("Google: challenge detected, number-match extractor missed it. " +
+                            "See the latest google-challenge snapshot in the debug dir to read the number.");
+                    }
+                    // Either way (number found or not), the user can still
+                    // clear the challenge in the bot's browser window or by
+                    // tapping on their phone. Wait the full 2 minutes.
+                    const cleared = await this.waitForGoogleChallenge(provider, steps);
+                    if (!cleared) {
+                        return this.oauthAbort("needs_login", `Google challenge timed out after 2 minutes. ` +
+                            `Re-run \`${loginCmd}\`, complete the challenge in the window, then retry.`, steps);
+                    }
+                    steps.push("Google: challenge cleared — continuing OAuth");
+                    // Re-classify on the next iteration without burning the
+                    // OAuth-navigation budget (which assumes continuous
+                    // browser progress, not a 2-minute human pause).
+                    i--;
+                    continue;
+                }
+                // rc.34 — GitHub 2FA sanity-check page is dismissible. When
+                // the user recently (re)configured 2FA, GitHub injects a
+                // "Verify your two-factor authentication (2FA) settings"
+                // overlay on the OAuth /authorize URL with a literal
+                // "skip 2FA verification at this moment" link. That's a
+                // non-blocking nag, not a real challenge — clicking skip
+                // returns the user to the OAuth handshake. Detect + auto-
+                // click before aborting.
+                if (provider.id === "github" && isGitHubDismissible2faSetup(body)) {
+                    steps.push("GitHub: 2FA sanity-check overlay detected (post-setup nag, not a real challenge). " +
+                        "Clicking 'skip 2FA verification at this moment' to defer.");
+                    const clicked = await this.browser.clickLinkByText(GITHUB_DISMISSIBLE_2FA_SKIP_TEXT);
+                    if (clicked) {
+                        // Give GitHub a moment to navigate back to the consent flow.
+                        await this.browser.wait(2);
+                        // Re-classify on the next iteration; the URL + body should
+                        // now be the actual OAuth /authorize consent page.
                         i--;
                         continue;
                     }
+                    steps.push("GitHub: skip-link click did not register — falling back to needs_login abort.");
                 }
                 return this.oauthAbort("needs_login", `${provider.label} interrupted the sign-in with a security challenge ("verify it's you"). ` +
                     `Re-run \`${loginCmd}\`, clear the challenge in the window, then retry.`, steps);
@@ -2006,8 +2263,8 @@ export class SignupAgent {
         }
         // No API key. Distinguish a billing/card wall (onboarding_blocked)
         // from a generic navigation miss — never grep-loop a paid wall.
-        const finalText = (await this.browser.extractText().catch(() => "")).toLowerCase();
-        if (ONBOARDING_PAYWALL_PATTERNS.some((p) => finalText.includes(p))) {
+        const finalText = await this.browser.extractText().catch(() => "");
+        if (isAtPaywall(finalText)) {
             return {
                 success: false,
                 error: `onboarding_blocked: ${task.service}'s API key sits behind a billing or ` +
@@ -2283,10 +2540,12 @@ ${formatInventory(input.inventory)}`,
                 continue;
             }
             args.steps.push(`Post-verify ${round + 1}/${args.maxRounds}: ${nextStep.kind} — ${nextStep.reason}`);
-            // Dev-only (env-gated): dump this round's real page state +
-            // inventory into the E1 eval-corpus format, so onboarding
-            // adapters can be iterated offline without re-running the
-            // rate-limited OAuth handshake.
+            // Dump this round's real page state + inventory in the E1
+            // eval-corpus format so onboarding adapters can be iterated
+            // offline without re-running the rate-limited OAuth handshake.
+            // Default-on as of 0.6.14-rc.11 — writes to
+            // ~/.trusty-squire/corpus/onboarding/ unless an env override
+            // points elsewhere or disables it.
             captureOnboardingRound({
                 service: args.service,
                 round,
@@ -2295,6 +2554,34 @@ ${formatInventory(input.inventory)}`,
                 inventory,
                 observed: nextStep,
             });
+            // Per-round telemetry upload (rc.11). Mirrors the disk capture
+            // but ships to the registry so debugging works from any host —
+            // the bot may be running in Goose or a sibling agent that
+            // doesn't share a filesystem with whoever's diagnosing the run.
+            // Fire-and-forget; failures must never abort the loop.
+            if (this.roundUploader !== undefined) {
+                const observedReason = "reason" in nextStep ? nextStep.reason : "";
+                void (async () => {
+                    try {
+                        await this.roundUploader({
+                            service: args.service,
+                            round,
+                            kind: nextStep.kind,
+                            url: state.url,
+                            title: state.title,
+                            inventory_count: inventory.length,
+                            observed_reason: observedReason,
+                            html: state.html,
+                            ...(state.screenshot !== undefined && state.screenshot.length > 0
+                                ? { screenshot_jpeg_base64: state.screenshot }
+                                : {}),
+                        });
+                    }
+                    catch {
+                        // best-effort — telemetry upload is diagnostic, never load-bearing
+                    }
+                })();
+            }
             // Stuck-loop detector. Re-planning steps (done/extract/login/
             // wait/navigate) are exempt: extract is its own progress signal,
             // navigate intentionally changes the URL not the current DOM,
@@ -2334,6 +2621,40 @@ ${formatInventory(input.inventory)}`,
                     const emptyInputHint = emptyInputs.length > 0
                         ? `\n\nVisible empty inputs on this page (any of these is a likely required field):\n${emptyInputs.join("\n")}\n\nIssue {"kind":"fill"} on one of them with a sensible value.`
                         : "";
+                    // Defaulted <select>s — value="" means the first <option>
+                    // (typically "Select…", "No workspace", "Choose…") is still
+                    // showing. React Hook Form treats those as untouched and
+                    // silently rejects submits. The Railway token-create form
+                    // was the canonical case: the Workspace dropdown's "No
+                    // workspace" placeholder was visually selected, but its
+                    // value="" left React state undefined, so Create did
+                    // nothing. Surface them explicitly so the planner emits a
+                    // select step before another click.
+                    const defaultedSelects = inventory
+                        .filter((e) => e.tag === "select" &&
+                        e.value !== null &&
+                        e.value !== undefined &&
+                        e.value.length === 0 &&
+                        e.selectOptions !== null &&
+                        e.selectOptions !== undefined &&
+                        e.selectOptions.length > 1 &&
+                        // rc.17 — skip selects we've already touched; their
+                        // form state is committed even though the visible
+                        // value="" still trips the DEFAULTED heuristic.
+                        e.interactedThisRun !== true)
+                        .slice(0, 5)
+                        .map((e) => {
+                        const label = e.labelText ?? e.ariaLabel ?? e.name ?? e.placeholder ?? "(no label)";
+                        // Show the first non-empty-value option as the suggested
+                        // pick — the obvious target when the planner doesn't
+                        // have a domain reason to prefer a specific one.
+                        const realOptions = (e.selectOptions ?? []).filter((o) => o.value.length > 0 && o.text.length > 0);
+                        const firstReal = realOptions[0]?.text ?? "(none)";
+                        return `  - ${JSON.stringify(label)} → selector=${e.selector} (first real option: ${JSON.stringify(firstReal)})`;
+                    });
+                    const defaultedSelectHint = defaultedSelects.length > 0
+                        ? `\n\nVisible DEFAULTED dropdowns on this page (value="" — React form-state likely treats these as UNTOUCHED, which silently fails submit):\n${defaultedSelects.join("\n")}\n\nIssue {"kind":"select", "option_text":"…"} to commit a choice. Even if the default visible label ("No workspace", "None") is what you want, you MUST emit the select step to register it with the form's state.`
+                        : "";
                     args.steps.push(sameSelector
                         ? `Post-verify: no-progress detected — same ${nextStep.kind} on same selector, inventory unchanged. Re-planning instead of re-running.`
                         : `Post-verify: no-progress detected — successive click steps with no inventory change. Forcing a non-click action.`);
@@ -2345,7 +2666,8 @@ ${formatInventory(input.inventory)}`,
                             `DIFFERENT KIND: {"kind":"fill"} on any empty text input, {"kind":"check"} on ` +
                             `any unticked checkbox, {"kind":"select"} on any unselected dropdown, or ` +
                             `{"kind":"done"} if there is genuinely nothing to do.` +
-                            emptyInputHint;
+                            emptyInputHint +
+                            defaultedSelectHint;
                     prevSignature = signature;
                     prevInventorySize = inventory.length;
                     continue;
@@ -2367,6 +2689,23 @@ ${formatInventory(input.inventory)}`,
                 if (nextStep.kind === "extract") {
                     credentials = await this.extractCredentials();
                     if (credentials.api_key === undefined) {
+                        // rc.28 — planner-quoted-token fallback. The regex
+                        // library missed (IPInfo's 14-char hex; some other
+                        // shape) but the planner's reason often literally
+                        // quotes the value. Accept it IF it's also present
+                        // verbatim in the visible page text — that's the
+                        // anti-hallucination guardrail.
+                        const pageText = await this.browser
+                            .extractText()
+                            .catch(() => "");
+                        const quoted = extractQuotedTokenFromReason(nextStep.reason, pageText);
+                        if (quoted !== null) {
+                            credentials = { ...credentials, api_key: quoted };
+                            args.steps.push(`Post-verify ${round + 1}/${args.maxRounds}: extracted token via ` +
+                                `planner-quoted fallback (${quoted.slice(0, 4)}…${quoted.slice(-4)})`);
+                            consecutiveFailedExtracts = 0;
+                            continue;
+                        }
                         consecutiveFailedExtracts += 1;
                         // Best-effort diagnostic upload: when extract returns
                         // null despite the planner asserting a credential is
@@ -2508,12 +2847,74 @@ ${formatInventory(input.inventory)}`,
             }
             // Re-extract — but tolerate the page still navigating from the
             // step just taken; the next round settles and re-reads.
+            const hadCredentialsBefore = credentials.api_key !== undefined || credentials.username !== undefined;
             try {
                 credentials = await this.extractCredentials();
             }
             catch {
                 // page mid-navigation — next round's waitForFormReady handles it
             }
+            // rc.16 — synthetic extract round capture. When the implicit
+            // extractCredentials() above pulls a credential out of the page
+            // *without* the planner ever having picked an `extract` step,
+            // the for-loop's early-return at the next iteration's top fires
+            // before any further capture is written. The chain that
+            // auto-promote sees then has no `observed.kind === "extract"`
+            // round, so promoteToSkill rejects with no_extract_step. Fix:
+            // when an implicit extract just succeeded and the planner's
+            // chosen step this round wasn't already `extract`, write a
+            // synthetic extract round with fresh state+inventory captured
+            // RIGHT NOW (the action just ran, the token row is now visible).
+            // Best-effort — a capture failure must never block returning the
+            // credential we already have.
+            const haveNewCredentials = !hadCredentialsBefore &&
+                (credentials.api_key !== undefined || credentials.username !== undefined);
+            if (haveNewCredentials && nextStep.kind !== "extract") {
+                try {
+                    const [postState, postInventory] = await Promise.all([
+                        this.browser.getState(),
+                        this.buildInventory(args.steps, undefined, 80),
+                    ]);
+                    const syntheticExtract = {
+                        kind: "extract",
+                        reason: `implicit extract after ${nextStep.kind} — credentials surfaced on the page`,
+                    };
+                    captureOnboardingRound({
+                        service: args.service,
+                        round: round + 1,
+                        oauth,
+                        state: postState,
+                        inventory: postInventory,
+                        observed: syntheticExtract,
+                    });
+                    if (this.roundUploader !== undefined) {
+                        void (async () => {
+                            try {
+                                await this.roundUploader({
+                                    service: args.service,
+                                    round: round + 1,
+                                    kind: syntheticExtract.kind,
+                                    url: postState.url,
+                                    title: postState.title,
+                                    inventory_count: postInventory.length,
+                                    observed_reason: syntheticExtract.reason,
+                                    html: postState.html,
+                                    ...(postState.screenshot !== undefined && postState.screenshot.length > 0
+                                        ? { screenshot_jpeg_base64: postState.screenshot }
+                                        : {}),
+                                });
+                            }
+                            catch {
+                                // best-effort
+                            }
+                        })();
+                    }
+                }
+                catch {
+                    // best-effort — synthetic capture is auto-promote plumbing,
+                    // never load-bearing for the parent signup
+                }
+            }
         }
         return credentials;
     }
@@ -2609,7 +3010,9 @@ ${loginGuidance}
 - If a "Create"/"Continue" button is disabled, look for a required terms-of-service / agreement checkbox and tick it with {"kind":"check"} — use the checkbox's own inventory selector (an entry with type=checkbox), NOT the adjacent "Terms of Service" link. A "click" on a styled checkbox often fails to flip it; use "check".
 - If an Accept / Agree / Continue button is DISABLED and the page shows a ToS / agreement modal (a long scrollable block of legal text, often inside a dialog), AND there is no agreement checkbox in the inventory to tick, return {"kind":"scroll"}. Some services (Railway is the canonical case) only enable the Accept button after the user scrolls the modal body to the bottom. The bot auto-detects the scrollable container — you do NOT need a selector. Do NOT use "click" to try to scroll; "click" does not scroll, it lands a click and returns. After scrolling, the next round should re-read the page and click the now-enabled Accept button (which will appear in the inventory).
 - Prefer the simplest credential path: a project- or organization-level API token / auth token usually needs only a name. A "personal token" with a grid of per-scope permission dropdowns is more work — choose it only if no simpler token type is offered.
+- **Token names must be unique within the account.** Many services (Railway is the canonical case) silently reject submits whose name collides with an existing token — the click registers, the button takes focus, but no token is created and no error toast is shown. Before filling a token-name input, READ the visible existing-tokens list on the page (names like "mykey", "mytoken123", any others). For the name you fill, prefer a fresh unique name like \`ts-<random>\` or \`agent-<short-suffix>\`; NEVER reuse a name that appears in the existing list — including names with sequential suffixes like \`mykey2\`, \`mykey3\` if the un-suffixed name is also present (assume the user has been iterating). If you cannot see the existing-tokens list (it scrolled off, the page hides it), pick a name with high entropy (8+ random alphanumeric chars).
 - On a token-creation form whose permission/scope dropdowns default to "No Access" / "None", you MUST set permissions BEFORE clicking the create button.
+- **Defaulted dropdowns (value="") gate submit, even when the visible label looks fine.** An inventory line marked \`(DEFAULTED — pick an explicit option before submitting)\` means a \`<select>\` is showing its first option visually but its underlying value is empty. React-form-state libraries (React Hook Form, Formik) treat those as UNTOUCHED and reject submits silently — the click on the submit button visually focuses it but no submission occurs. Issue \`{"kind":"select", "option_text":"…"}\` to commit a choice BEFORE clicking submit, even if the existing visible label ("No workspace", "None", "Select…") is the option you want. The Railway token-create form was the canonical case: typing the name and clicking Create did nothing for six rounds because the Workspace dropdown was never explicitly selected.
 - **PERMISSION SCOPE — default is MAXIMUM.** ${input.scopeHint !== undefined
             ? `The user provided a scope hint: "${input.scopeHint}". Pick option_text values aligned with this on each permission dropdown.`
             : `No scope hint was provided. Default to the HIGHEST available permission level on EVERY permission dropdown (Admin > Write > Read > anything lower). Most agent use-cases need write access; a read-only token will fail downstream when the agent tries to push data. Set "Admin" if offered; "Write" otherwise. Explicitly use option_text to specify — do NOT rely on first-option behavior, which often picks Read.`}