@trusty-squire/mcp 0.9.19-rc.2 → 0.9.19-rc.21

package/dist/bot/agent.js

@@ -14,7 +14,6 @@ import { decideOAuthStep } from "./oauth-flow.js";
 import { decideFormFillStep, FORM_FILL_BUDGETS as B_FF, findSignupLinkOnLoginPage, initialFormFillState, pickEmailCodeSubmitSelector, } from "./form-fill.js";
 import { accumulateCandidate, hasFullHit, initialExtractionState, resolveExtraction, } from "./extraction.js";
 import { notifyHeightenedAuth } from "./notify-api.js";
-import { sendTelegramHeightenedAuth } from "./telegram-notify.js";
 import { TwoCaptchaSolver } from "./captcha-solver-2captcha.js";
 import { redactCredentials } from "./redact.js";
 import { readOperatorOtp, fromDomainFromUrl } from "./read-otp.js";
@@ -23,18 +22,18 @@ import { SignupOAuthFlow } from "./signup-oauth-flow.js";
 import { saveDebugSnapshot } from "./debug.js";
 import { captureObservationFrame } from "./observation-frame.js";
 import { classifyObservationFrame } from "./state-classifier.js";
-import { classifyTerminalGate, isAtAccountReviewGate, isAtPaywall, isOnboardingReviewGate, isSignupsClosed, } from "./terminal-gate.js";
-export { isAtAccountReviewGate, isAtPaywall, isOnboardingReviewGate, isSignupsClosed, } from "./terminal-gate.js";
+import { classifyTerminalGate, isAtAccountReviewGate, isAtOAuthAccountLinkVerificationGate, isAtPaywall, isOnboardingReviewGate, isSignupsClosed, } from "./terminal-gate.js";
+export { isAtAccountReviewGate, isAtOAuthAccountLinkVerificationGate, isAtPaywall, isOnboardingReviewGate, isSignupsClosed, } from "./terminal-gate.js";
 import { PostSignupCredentialTracker, classifyNoCredentialPostSignup, } from "./post-signup-flow.js";
 import { PostSignupActionExecutor, } from "./post-signup-action-executor.js";
 import { PostSignupLoginFlow } from "./post-signup-login-flow.js";
 import { MAX_POST_VERIFY_NAVIGATES, MAX_PREMATURE_DONE_FALLBACKS, MAX_UPSTREAM_BLIP_RETRIES, PostSignupRecoveryFlow, PostSignupRecoveryState, } from "./post-signup-recovery-state.js";
 import { PostSignupSyntheticCapture } from "./post-signup-synthetic-capture.js";
-import { CredentialExtractionFlow, DOM_LABEL_TO_KEY, NON_CREDENTIAL_KEYS, extractAllLabeledTokensFromReason, hasAnyExtractedCredential, hasUsableCredentialBundle, } from "./credential-extraction-flow.js";
-export { extractAllLabeledTokensFromReason, hasAnyExtractedCredential, isMultiCredBundle, } from "./credential-extraction-flow.js";
+import { CredentialExtractionFlow, DOM_LABEL_TO_KEY, NON_CREDENTIAL_KEYS, extractAllLabeledTokensFromReason, hasAnyExtractedCredential, hasUsableCredentialBundle, terminalReasonInvalidatesCredentialSuccess, } from "./credential-extraction-flow.js";
+export { extractAllLabeledTokensFromReason, hasAnyExtractedCredential, isMultiCredBundle, terminalReasonInvalidatesCredentialSuccess, } from "./credential-extraction-flow.js";
 import { captureOnboardingRound, hasCapturedAnyRound, hasCapturedExtractRound, nextCaptureRound, updateCapturedRoundSemantic, } from "./onboarding-capture.js";
 import { evaluateSemanticTransition, inferSemanticTransition, } from "./semantic-transition.js";
-import { KEYS_DESTINATION_URL, runNavSearch, } from "./nav-search.js";
+import { KEYS_DESTINATION_URL, isRequiredAccountSetupForm, runNavSearch, } from "./nav-search.js";
 import { wasRecentlyPrewarmed, recordPrewarmSuccess } from "./prewarm-cache.js";
 import { pickLLMPair, } from "./llm-client.js";
 import { getDomain } from "tldts";
@@ -401,6 +400,16 @@ const SERVICE_KEYS_PATHS = {
     // /settings/* and /api-keys guesses miss it and the planner can get stuck
     // in Business Account > Team Members.
     paddle: ["/authentication-v2"],
+    // Together AI's project-scoped keys route is discoverable in the DOM, but the
+    // planner can loop between Create key and payment-skip affordances after it
+    // lands there. Pin the route so recovery starts at the credential surface.
+    togetherai: [
+        "https://api.together.ai/settings/projects/~current/api-keys",
+        "/settings/projects/~current/api-keys",
+    ],
+    // Cartesia's authenticated root/dashboard can expose key rows with Reveal
+    // controls; generic /settings/* guesses hit 404/error shells first.
+    cartesia: ["/", "/dashboard", "/start", "/api-keys"],
 };
 // Normalize a service name to the slug used as a SERVICE_KEYS_PATHS key:
 // lowercased, alphanumerics only. Mirrors guessSignupUrl's slug rule so
@@ -409,6 +418,80 @@ const SERVICE_KEYS_PATHS = {
 export function serviceSlug(service) {
     return service.toLowerCase().replace(/[^a-z0-9]/g, "");
 }
+export function hasCuratedServiceKeyPath(service) {
+    return SERVICE_KEYS_PATHS[serviceSlug(service)] !== undefined;
+}
+function elementLabel(el) {
+    return [
+        el.visibleText,
+        el.ariaLabel,
+        el.title,
+        el.labelText,
+        el.iconLabel,
+        el.href,
+        el.testId,
+    ]
+        .filter((s) => s !== null && s !== undefined)
+        .join(" ")
+        .replace(/\s+/g, " ")
+        .trim();
+}
+export function shouldRevealBeforeCredentialSweep(input) {
+    const haystack = `${input.url}\n${input.pageText}`;
+    return (/\b(?:api[\s_-]*(?:keys?|tokens?)|access[\s_-]*tokens?|personal[\s_-]*access[\s_-]*tokens?|secret[\s_-]*keys?|auth[\s_-]*tokens?|credentials?|reveal|show\s+(?:key|token|secret)|copy\s+(?:key|token|secret))\b/i.test(haystack) &&
+        /(?:•{3,}|\*{3,}|[A-Za-z0-9]{2,4}[•*]{4,}|\b(?:reveal|show|unmask|view)\b)/i.test(haystack));
+}
+export function credentialActionSignature(step, inventory) {
+    if (!("selector" in step) || step.selector === undefined)
+        return null;
+    const target = inventory.find((e) => e.selector === step.selector);
+    const label = [
+        target?.visibleText,
+        target?.ariaLabel,
+        target?.title,
+        target?.labelText,
+        target?.iconLabel,
+        step.reason,
+    ]
+        .filter((s) => s !== null && s !== undefined)
+        .join(" ")
+        .replace(/\s+/g, " ")
+        .trim();
+    if (label.length === 0)
+        return null;
+    const lower = label.toLowerCase();
+    if (/\b(?:create|generate|new|add|issue|mint)\b.*\b(?:api\s*)?(?:key|token|secret|credential)s?\b/.test(lower) ||
+        /\b(?:api\s*)?(?:key|token|secret|credential)s?\b.*\b(?:create|generate|new|add|issue|mint)\b/.test(lower)) {
+        return `${step.kind}:create-key`;
+    }
+    if (/\b(?:skip|maybe later|not now|without)\b.*\b(?:payment|billing|card|deposit|credits?)\b/.test(lower) ||
+        /\b(?:payment|billing|card|deposit|credits?)\b.*\b(?:skip|maybe later|not now|without)\b/.test(lower)) {
+        return `${step.kind}:skip-payment`;
+    }
+    if (/\b(?:add|make|initial)\b.*\b(?:payment|deposit|credits?)\b/.test(lower)) {
+        return `${step.kind}:payment`;
+    }
+    return null;
+}
+export function isRepeatingCredentialActionCycle(signatures, pageText = "") {
+    const interesting = signatures.some((s) => /(?:create-key|payment|deposit)/.test(s)) ||
+        /\b(?:api\s*keys?|tokens?|payment|billing|deposit|credits?)\b/i.test(pageText);
+    if (!interesting)
+        return false;
+    const last3 = signatures.slice(-3);
+    if (last3.length === 3 &&
+        last3.every((s) => s === last3[0]) &&
+        /(?:create-key|skip-payment|payment)/.test(last3[0] ?? "")) {
+        return true;
+    }
+    const last5 = signatures.slice(-5);
+    return (last5.length === 5 &&
+        last5[0] === last5[2] &&
+        last5[2] === last5[4] &&
+        last5[1] === last5[3] &&
+        last5[0] !== last5[1] &&
+        last5.some((s) => /(?:create-key|skip-payment|payment)/.test(s)));
+}
 // 0.8.2-rc.10 — heuristic for "this account already exists on the
 // service and its API keys are masked, with no path to reveal them."
 // The test identity (methoxine@gmail.com) accumulates state across
@@ -706,6 +789,58 @@ export function findApiKeysNavLink(inventory, alreadyClicked = new Set()) {
     candidates.sort((a, b) => b.score - a.score);
     return candidates[0].el;
 }
+export function findRenderAccountSettingsLink(inventory, alreadyClicked = new Set()) {
+    for (const el of inventory) {
+        if (el.visible === false)
+            continue;
+        if (alreadyClicked.has(el.selector))
+            continue;
+        const clickable = el.tag === "a" ||
+            el.tag === "button" ||
+            el.role === "link" ||
+            el.role === "button";
+        if (!clickable)
+            continue;
+        const label = elementLabel(el);
+        if (/\baccount settings\b/i.test(label) || /\/u\/[^/\s]+\/settings(?:[#?\s]|$)/i.test(label)) {
+            return el;
+        }
+    }
+    return null;
+}
+export function findRenderAccountMenuTrigger(inventory) {
+    const candidates = [];
+    for (const el of inventory) {
+        if (el.visible === false)
+            continue;
+        const clickable = el.tag === "button" || el.role === "button";
+        if (!clickable)
+            continue;
+        const label = elementLabel(el);
+        if (label.length === 0)
+            continue;
+        const normalized = label.toLowerCase().trim();
+        if (/\b(?:new|upgrade|search|settings|billing|projects?|blueprints?|notifications?|contact support|create|add)\b/i.test(normalized)) {
+            continue;
+        }
+        let score = 0;
+        if (el.landmark === "header")
+            score += 4;
+        if (/^[a-z]{1,3}$/i.test(normalized))
+            score += 3;
+        if (/\b(?:profile|account|user|avatar)\b/i.test(label))
+            score += 2;
+        if (el.inViewport === true)
+            score += 1;
+        if (score <= 0)
+            continue;
+        candidates.push({ el, score });
+    }
+    if (candidates.length === 0)
+        return null;
+    candidates.sort((a, b) => b.score - a.score);
+    return candidates[0].el;
+}
 const RELOCATED_PAGE_TEXT = /\b(?:404|page not found|not found|does not exist|no longer exists|has moved|moved|migrated|now (?:lives|exists)|part of .* instead|teams? list|organisations? list|organizations? list)\b/i;
 const CREDENTIAL_CONTEXT_TEXT = /\b(?:api[\s_-]*(?:keys?|tokens?)|access[\s_-]*tokens?|personal[\s_-]*access[\s_-]*tokens?|secret[\s_-]*keys?|auth[\s_-]*tokens?|credentials?|developers?)\b/i;
 const RELOCATION_RECOVERY_TEXT = /\b(?:teams?|organisations?|organizations?|accounts?|settings|profile|dashboard|developers?|api|keys?|tokens?|credentials?)\b/i;
@@ -751,12 +886,17 @@ export function findRelocatedCredentialPageRecoveryLink(input) {
         const haystack = `${href} ${text}`;
         if (!RELOCATION_RECOVERY_TEXT.test(haystack))
             continue;
+        const isScopeRecovery = /\b(?:teams?|organisations?|organizations?)\b/i.test(haystack);
+        const pageAdvertisesScopeList = /\b(?:teams? list|organisations? list|organizations? list|part of .* instead)\b/i.test(relocatedText);
+        if (isScopeRecovery && !pageAdvertisesScopeList && !SCOPE_ENTITY_HREF.test(href)) {
+            continue;
+        }
         let score = 0;
         if (API_KEYS_HREF.test(href))
             score += 6;
         if (API_KEYS_TEXT.test(text))
             score += 4;
-        if (/\b(?:teams?|organisations?|organizations?)\b/i.test(haystack))
+        if (isScopeRecovery)
             score += 3;
         if (/\b(?:settings|accounts?|profile|developers?)\b/i.test(haystack))
             score += 2;
@@ -1004,18 +1144,64 @@ function shouldComposeFallbackOnAppOrigin(current, app) {
     // replace every current origin with the original signup URL's origin.
     return /^(?:auth|authkit|login|accounts?|idp|sso|oauth|signin|signup)$/.test(firstLabel);
 }
+const SERVICE_NAME_TLD_SUFFIXES = new Set([
+    "ai",
+    "app",
+    "co",
+    "dev",
+    "io",
+    "so",
+    "xyz",
+]);
 // Last-resort canonical signup URL when the caller passed none and no
-// promoted skill / model resolution applies: <name>.com/signup, which
-// catches the common dev-SaaS case (Resend, Postmark, IPInfo, …). Non-.com
-// products and non-obvious entry points are handled upstream by
-// resolveSignupUrl (promoted-skill signup_url → model); a wrong .com guess
-// is recovered by the looksLikeSignupPage → Google-search fallback. The old
-// hand-maintained KNOWN_DOMAINS table was retired once the model + the
-// verified skill cache covered it. Exported for unit testing.
+// promoted skill / model resolution applies. Plain service names still use
+// <name>.com/signup for the common dev-SaaS case (Resend, Postmark, IPInfo,
+// …). Service names written with a plausible TLD suffix (together-ai, fly-io,
+// x-ai) preserve that signal as <name>.<tld>/signup; dogfood showed the old
+// compact .com fallback can send these to a different registered domain.
+// Non-obvious entry points are still handled upstream by promoted-skill URLs,
+// the canonical map, or the model.
 export function guessSignupUrl(service) {
-    const slug = service.toLowerCase().replace(/[^a-z0-9]/g, "");
+    const parts = service
+        .toLowerCase()
+        .split(/[^a-z0-9]+/)
+        .filter((part) => part.length > 0);
+    if (parts.length >= 2) {
+        const tld = parts[parts.length - 1];
+        const root = parts.slice(0, -1).join("");
+        if (tld !== undefined && SERVICE_NAME_TLD_SUFFIXES.has(tld) && root.length > 0) {
+            return `https://${root}.${tld}/signup`;
+        }
+    }
+    const slug = parts.join("");
     return `https://${slug}.com/signup`;
 }
+function explicitServiceDomain(service) {
+    const parts = service
+        .toLowerCase()
+        .split(/[^a-z0-9]+/)
+        .filter((part) => part.length > 0);
+    if (parts.length < 2)
+        return null;
+    const tld = parts[parts.length - 1];
+    const root = parts.slice(0, -1).join("");
+    if (tld === undefined || root.length === 0 || !SERVICE_NAME_TLD_SUFFIXES.has(tld)) {
+        return null;
+    }
+    return `${root}.${tld}`;
+}
+function modelUrlContradictsExplicitServiceDomain(service, url) {
+    const expected = explicitServiceDomain(service);
+    if (expected === null)
+        return false;
+    try {
+        const host = new URL(url).hostname.toLowerCase();
+        return host !== expected && !host.endsWith(`.${expected}`);
+    }
+    catch {
+        return false;
+    }
+}
 const CANONICAL_SIGNUP_URLS = {
     // The model repeatedly returns the stale/dead host
     // console.cloud.clickhouse.com, which no longer resolves. ClickHouse's own
@@ -1042,6 +1228,13 @@ const CANONICAL_SIGNUP_URLS = {
     // verification. Current Anyscale docs identify console.anyscale.com as the
     // organization signup flow.
     anyscale: "https://console.anyscale.com",
+    // Cartesia's marketing /signup is currently a rendered 404/dead page. The
+    // self-serve auth app exposes the registration surface under its sign-in SPA.
+    cartesia: "https://play.cartesia.ai/sign-in/sign-up",
+    // Pinecone Assistant is a product, not a standalone domain. Reusing the
+    // generic service-name guess produced pineconeassistant.com, which does not
+    // resolve; assistant keys are issued from the normal Pinecone console.
+    pineconeassistant: "https://app.pinecone.io/signup",
 };
 function canonicalSignupUrl(service) {
     const slug = service.toLowerCase().replace(/[^a-z0-9]/g, "");
@@ -1144,6 +1337,10 @@ export async function resolveSignupUrl(service, llm, opts = {}) {
         });
         const url = firstHttpsUrl(resp.text);
         if (url !== null) {
+            if (modelUrlContradictsExplicitServiceDomain(service, url)) {
+                opts.log?.(`Model URL for "${service}" contradicts explicit service domain (${url}) — using guess`);
+                return guessSignupUrl(service);
+            }
             opts.log?.(`Resolved signup URL for "${service}" via ${resp.backend}: ${url}`);
             return url;
         }
@@ -2108,6 +2305,26 @@ export function looksLike404(title, bodyText) {
     // keys URLs that hit either are dead ends.
     return has404Token || notFoundPhrase;
 }
+export function looksLikeParkedDomainPage(title, bodyText) {
+    const hay = `${title} ${bodyText}`.toLowerCase().replace(/\s+/g, " ").slice(0, 1200);
+    const saleSignal = /\b(?:domain|website)\s+(?:name\s+)?(?:is\s+)?for sale\b/.test(hay) ||
+        /\bbuy this domain\b/.test(hay) ||
+        /\bthis domain may be for sale\b/.test(hay);
+    const parkingSignal = /\b(?:domain parking|parked domain|sedo domain parking|hugedomains|dan\.com|afternic)\b/.test(hay) ||
+        /\bsearch for information\b/.test(hay);
+    return saleSignal && parkingSignal;
+}
+export function looksLikeBrowserNetworkError(title, bodyText) {
+    const hay = `${title} ${bodyText}`.toLowerCase().replace(/\s+/g, " ").slice(0, 1200);
+    return (/\bthis site can'?t be reached\b/.test(hay) ||
+        /\bcheck if there is a typo in\b/.test(hay) ||
+        /\b(?:dns_probe_finished|err_name_not_resolved|err_tunnel_connection_failed|err_connection_timed_out|err_connection_refused)\b/i.test(hay));
+}
+export function shouldAbortOAuthFirstOnDeadPage(title, bodyText) {
+    return (looksLike404(title, bodyText) ||
+        looksLikeParkedDomainPage(title, bodyText) ||
+        looksLikeBrowserNetworkError(title, bodyText));
+}
 // Services whose credential is the auto-created Firebase/GCP "Browser key"
 // reachable from the Google Cloud API Credentials page. Both share the same
 // project-creation flow and the SAME AIzaSy key (it's both the firebase web
@@ -2203,6 +2420,9 @@ export function classifySignupHtml(html, title) {
         titleLower.includes("page not found")) {
         return "other";
     }
+    if (looksLikeParkedDomainPage(title ?? "", text)) {
+        return "other";
+    }
     // A password field is the structural prerequisite for an auth form. We
     // regex the RAW html (not the stripped text) because attribute values
     // live inside the tags the stripper removes. Either the input type or a
@@ -2420,6 +2640,45 @@ export function findCreateAccountCta(inventory) {
     }
     return null;
 }
+// Post-OAuth account-link bridges (Auth0/Keycloak first-broker-login class)
+// can say "Account already exists" and offer a safe in-page action like
+// "Add to existing account". This is not a terminal verification wall: taking
+// the explicit link action usually completes the provider/session attachment
+// and redirects to the app. Conservative text gate + clickable CTA only.
+export function findOAuthAccountLinkCta(pageText, inventory) {
+    const text = pageText.toLowerCase().replace(/\s+/g, " ");
+    const accountLinkState = /\baccount already exists\b/.test(text) ||
+        /\blink (?:your )?(?:google|github|oauth|social) account\b/.test(text) ||
+        /\badd to existing account\b/.test(text);
+    if (!accountLinkState)
+        return null;
+    const acceptLink = /\b(?:add to existing account|link (?:account|accounts|existing account)|continue with existing account|use existing account|connect (?:account|accounts))\b/i;
+    const rejectLink = /\b(?:create new account|new account|review profile|cancel|back|not now|sign out|log out)\b/i;
+    for (const el of inventory) {
+        if (el.visible === false)
+            continue;
+        if (el.tag !== "a" && el.tag !== "button" && el.role !== "button")
+            continue;
+        const label = [
+            el.visibleText,
+            el.ariaLabel,
+            el.labelText,
+            el.title,
+            el.name,
+            el.id,
+        ]
+            .filter((part) => typeof part === "string" && part.trim().length > 0)
+            .join(" ")
+            .trim();
+        if (label === "")
+            continue;
+        if (rejectLink.test(label))
+            continue;
+        if (acceptLink.test(label))
+            return el;
+    }
+    return null;
+}
 // Conventional signup paths to probe, in priority order. Small + ordered
 // on purpose — we want the FIRST real signup form, not a fan-out across
 // dozens of guesses that each cost a round-trip over a residential
@@ -2650,6 +2909,16 @@ export function detectAntiBotBlock(html) {
         return "Imperva";
     return null;
 }
+export function detectCredentialExtractionBlock(html, visibleText = "") {
+    const vendor = detectAntiBotBlock(html);
+    if (vendor !== null) {
+        return `${vendor} anti-bot interstitial`;
+    }
+    if (visibleText.trim().length <= 600 && isAntiBotInterstitialText(visibleText)) {
+        return "anti-bot interstitial";
+    }
+    return null;
+}
 // F17 — True when the page looks like an authenticated dashboard
 // rather than a sign-up page. Triggers when a prior OAuth bind
 // already linked the account and the service auto-redirects past
@@ -3245,6 +3514,18 @@ export function detectSsoRestriction(pageText) {
     // "Single Sign-On is required", "SSO organization membership".
     return /(?:managed\s+via\s+(?:sso|single\s+sign-?on)|sso[\s-]?managed|sso\s+organization|single\s+sign-?on\s+is\s+required|enforced\s+by\s+(?:sso|saml))/.test(lower);
 }
+export function detectOAuthRegistrationDisabled(url, bodyText) {
+    let query = "";
+    try {
+        query = decodeURIComponent(new URL(url).search.replace(/\+/g, " ")).toLowerCase();
+    }
+    catch {
+        query = "";
+    }
+    const hay = `${query} ${bodyText}`.toLowerCase().replace(/\s+/g, " ");
+    return (/\b(?:sso|oauth|social|google|github)\s+account\s+registration\s+is\s+disabled\b/.test(hay) ||
+        /\bregistration\s+(?:via|with)\s+(?:sso|oauth|social|google|github)\s+is\s+disabled\b/.test(hay));
+}
 // Google-OAuth-is-LOGIN-ONLY (plunk class). Some services accept Google
 // only to log an EXISTING account in; they do NOT auto-provision a new
 // account for a first-time Google identity. The OAuth handshake
@@ -4366,6 +4647,23 @@ export function isSignupOrLoginRoute(url) {
         return false;
     }
 }
+export function isPostVerifyAuthResetRoute(input) {
+    return (input.round > 0 &&
+        !input.hasExtractedCredential &&
+        isSignupOrLoginRoute(input.url));
+}
+export function isGitHubOAuthRateLimitPage(url, htmlOrText) {
+    try {
+        const u = new URL(url);
+        if (u.hostname !== "github.com" || !/^\/login\/oauth\/authorize\b/i.test(u.pathname)) {
+            return false;
+        }
+    }
+    catch {
+        return false;
+    }
+    return /\btoo many requests\b/i.test(htmlOrText) || /\bsecondary rate limit\b/i.test(htmlOrText);
+}
 // The scheme://host root of a URL (no path/query) — the place a service
 // redirects an authenticated user to their dashboard. Null on a malformed
 // URL. Exported for unit tests.
@@ -5037,6 +5335,8 @@ export class SignupAgent {
         // regression that produced the Security Code challenge on
         // methoxine's account during the rc.30 Railway run.
         let committedToEmailPath = forceFormFill;
+        let lastGitHubAuthorizeUrl = null;
+        let repeatedGitHubAuthorizeApprovals = 0;
         const oauthCandidates = await this.resolveOAuthCandidates(task, steps);
         for (;;) {
             await this.browser.waitForFormReady();
@@ -5072,9 +5372,26 @@ export class SignupAgent {
                 };
             }
             if (/^https:\/\/github\.com\/login\/oauth\/authorize\b/i.test(state.url)) {
+                if (isGitHubOAuthRateLimitPage(state.url, state.html)) {
+                    steps.push("OAuth: GitHub authorize page returned a secondary rate limit — stopping instead of retrying consent.");
+                    return {
+                        kind: "planning_failed",
+                        reason: "oauth_provider_rate_limited: GitHub returned a secondary rate limit during OAuth authorize",
+                    };
+                }
                 const advanced = await this.browser.advanceOAuthConsent("github");
                 steps.push(`OAuth: GitHub authorize page appeared during form-fill — ${advanced ? "approved consent" : "no approve control found"}`);
                 if (advanced) {
+                    repeatedGitHubAuthorizeApprovals =
+                        lastGitHubAuthorizeUrl === state.url ? repeatedGitHubAuthorizeApprovals + 1 : 1;
+                    lastGitHubAuthorizeUrl = state.url;
+                    if (repeatedGitHubAuthorizeApprovals > 2) {
+                        steps.push("OAuth: GitHub authorize page repeated after consent approval — aborting instead of re-approving in a loop.");
+                        return {
+                            kind: "planning_failed",
+                            reason: "oauth_loop_detected: GitHub OAuth authorize page repeated after consent approval during form-fill",
+                        };
+                    }
                     await this.browser.wait(3);
                     continue;
                 }
@@ -5824,6 +6141,8 @@ export class SignupAgent {
             }
         };
         const oauthCandidates = await this.resolveOAuthCandidates(task, steps);
+        let lastGitHubAuthorizeUrl = null;
+        let repeatedGitHubAuthorizeApprovals = 0;
         for (;;) {
             await this.browser.waitForFormReady();
             const dismissed = await this.browser.dismissConsentBanner();
@@ -5837,6 +6156,20 @@ export class SignupAgent {
             }
             const browserState = frame.state;
             const inventory = frame.inventory;
+            if (looksLikeParkedDomainPage(browserState.title, browserState.html)) {
+                steps.push("Form-fill: parked/domain-for-sale page detected — aborting signup automation.");
+                return {
+                    kind: "planning_failed",
+                    reason: "parked_domain: signup URL resolved to a domain-for-sale or parking page",
+                };
+            }
+            if (shouldAbortOAuthFirstOnDeadPage(browserState.title, browserState.html)) {
+                steps.push("Form-fill: dead/404 signup page detected — aborting OAuth-first wait.");
+                return {
+                    kind: "planning_failed",
+                    reason: "dead_signup_url: signup URL rendered a 404/dead page before any OAuth provider appeared",
+                };
+            }
             const googleIdentifierAdvance = await this.advancePinnedGoogleIdentifierPage({
                 task,
                 url: browserState.url,
@@ -5853,9 +6186,28 @@ export class SignupAgent {
                 };
             }
             if (/^https:\/\/github\.com\/login\/oauth\/authorize\b/i.test(browserState.url)) {
+                if (isGitHubOAuthRateLimitPage(browserState.url, browserState.html)) {
+                    steps.push("OAuth: GitHub authorize page returned a secondary rate limit — stopping instead of retrying consent.");
+                    return {
+                        kind: "planning_failed",
+                        reason: "oauth_provider_rate_limited: GitHub returned a secondary rate limit during OAuth authorize",
+                    };
+                }
                 const advanced = await this.browser.advanceOAuthConsent("github");
                 steps.push(`OAuth: GitHub authorize page appeared during form-fill — ${advanced ? "approved consent" : "no approve control found"}`);
                 if (advanced) {
+                    repeatedGitHubAuthorizeApprovals =
+                        lastGitHubAuthorizeUrl === browserState.url
+                            ? repeatedGitHubAuthorizeApprovals + 1
+                            : 1;
+                    lastGitHubAuthorizeUrl = browserState.url;
+                    if (repeatedGitHubAuthorizeApprovals > 2) {
+                        steps.push("OAuth: GitHub authorize page repeated after consent approval — aborting instead of re-approving in a loop.");
+                        return {
+                            kind: "planning_failed",
+                            reason: "oauth_loop_detected: GitHub OAuth authorize page repeated after consent approval during form-fill",
+                        };
+                    }
                     await this.browser.wait(3);
                     continue;
                 }
@@ -6758,7 +7110,7 @@ export class SignupAgent {
         }
     }
     // 0.8.3-rc.1 — widened from 2 → 4 minutes. The 2-min window forced
-    // the operator to drop everything immediately on a Telegram alert.
+    // the operator to drop everything immediately on a heightened-auth alert.
     // For batch-harvest runs the operator is rarely staring at the
     // phone; 4 minutes gives realistic time to switch devices, unlock,
     // open the Google app, and tap. Matches the same wait window the
@@ -7118,10 +7470,11 @@ export class SignupAgent {
             // landing as a wrong-URL signal: clear signedIn so the recovery path
             // (Tier B CTA → real signup entry) runs instead of skipping signup.
             const landedBodyText = await this.browser.extractText().catch(() => "");
+            const landedDead = shouldAbortOAuthFirstOnDeadPage(landed.title, landedBodyText);
             const landed404 = looksLike404(landed.title, landedBodyText);
-            if (landed404 && signedIn) {
+            if (landedDead && signedIn) {
                 signedIn = false;
-                steps.push(`${task.service}: landing ${pathOf(landed.url)} is a 404 shell, not an ` +
+                steps.push(`${task.service}: landing ${pathOf(landed.url)} is a dead/404 shell, not an ` +
                     `authenticated dashboard — recovering the real signup entry`);
             }
             // SPA-settle re-check (returning-user cluster). An authenticated SPA
@@ -7160,6 +7513,10 @@ export class SignupAgent {
                     `skipping signup, routing straight to key extraction`);
                 alreadyAuthenticated = true;
             }
+            else if (landedDead) {
+                needsRecovery = true;
+                steps.push(`${task.service}: landing ${pathOf(landed.url)} is a dead/404 signup page — attempting recovery`);
+            }
             else if (task.signupUrl === undefined) {
                 needsRecovery = !(await this.looksLikeSignupPage());
             }
@@ -7623,9 +7980,11 @@ export class SignupAgent {
                                 ...(task.scopeHint !== undefined ? { scopeHint: task.scopeHint } : {}),
                                 ...(task.machineToken !== undefined ? { machineToken: task.machineToken } : {}),
                                 ...(task.apiBase !== undefined ? { apiBase: task.apiBase } : {}),
+                                allowOperatorInboxOtp: task.allowOperatorInboxOtp === true,
                             });
                         }
-                        if (hasUsableCredentialBundle(credentials)) {
+                        if (hasUsableCredentialBundle(credentials) &&
+                            !terminalReasonInvalidatesCredentialSuccess(this.lastPostVerifyDoneReason)) {
                             // 0.8.3-rc.1 — when extractCredentials short-circuited
                             // before postVerifyLoop ran, no captures were written.
                             // Emit a synthetic extract round so auto-promote can
@@ -7640,6 +7999,10 @@ export class SignupAgent {
                                 ...this.resultTail(),
                             };
                         }
+                        if (terminalReasonInvalidatesCredentialSuccess(this.lastPostVerifyDoneReason)) {
+                            this.lastPostVerifyDoneReason =
+                                `[existing_account_no_extract] terminal planner reason invalidated the extracted candidate: ${this.lastPostVerifyDoneReason}`;
+                        }
                         // 0.8.2-rc.10 — same sentinel-pattern routing the runOAuthFlow
                         // path uses. The post-verify loop sets lastPostVerifyDoneReason
                         // with [stuck_loop] or [existing_account_no_extract] markers
@@ -7894,6 +8257,7 @@ export class SignupAgent {
                                         ...(task.scopeHint !== undefined ? { scopeHint: task.scopeHint } : {}),
                                         ...(task.machineToken !== undefined ? { machineToken: task.machineToken } : {}),
                                         ...(task.apiBase !== undefined ? { apiBase: task.apiBase } : {}),
+                                        allowOperatorInboxOtp: task.allowOperatorInboxOtp === true,
                                     });
                                 }
                             }
@@ -7941,7 +8305,7 @@ export class SignupAgent {
                     }
                 }
             }
-            if (credentials.api_key !== undefined || credentials.username !== undefined) {
+            if (hasUsableCredentialBundle(credentials)) {
                 // Form-fill + email success returns here WITHOUT entering the post-verify
                 // loop, so its extract-round salvage never ran — write one now (mailjet).
                 await this.salvageExtractCaptureIfNeeded(task.service, credentials, false);
@@ -8418,14 +8782,6 @@ export class SignupAgent {
                             machineToken: task.machineToken,
                             apiBase: task.apiBase,
                         });
-                        // rc.18 — opt-in Telegram fallback. Bypasses the email
-                        // path (which collapses to Sent only when GMAIL_USER ==
-                        // account.email). No-op without TELEGRAM_BOT_TOKEN env.
-                        void sendTelegramHeightenedAuth({
-                            service: task.service,
-                            digit: String(matchNum),
-                            windowSeconds: 240,
-                        });
                     }
                     else {
                         // Extractor missed the number — Google phrasing has
@@ -8443,11 +8799,6 @@ export class SignupAgent {
                             machineToken: task.machineToken,
                             apiBase: task.apiBase,
                         });
-                        void sendTelegramHeightenedAuth({
-                            service: task.service,
-                            digit: null,
-                            windowSeconds: 240,
-                        });
                     }
                     // Either way (number found or not), the user can still
                     // clear the challenge in the bot's browser window or by
@@ -8509,7 +8860,8 @@ export class SignupAgent {
                 // degrades to the phone-tap path below.
                 if (provider.id === "github" &&
                     task.machineToken !== undefined &&
-                    task.machineToken.length > 0) {
+                    task.machineToken.length > 0 &&
+                    task.allowOperatorInboxOtp === true) {
                     steps.push("GitHub: verify-it's-you challenge — polling operator inbox for a device-confirmation link (up to 60s)");
                     try {
                         const { readGitHubChallengeLink } = await import("./read-otp.js");
@@ -8538,8 +8890,8 @@ export class SignupAgent {
                     catch (err) {
                         steps.push(`GitHub: challenge-clearing import/call threw (${err instanceof Error ? err.message : String(err)})`);
                     }
-                    // 0.8.3-rc.1 — fall back to the phone-tap path: fire
-                    // Telegram + heightened-auth notifications and wait 4
+                    // 0.8.3-rc.1 — fall back to the phone-tap path: fire a
+                    // heightened-auth notification and wait 4
                     // minutes for the operator to tap their phone. This is the
                     // same shape Google's challenge path already uses; without
                     // it the bot just times out silently with no operator
@@ -8553,11 +8905,6 @@ export class SignupAgent {
                         machineToken: task.machineToken,
                         apiBase: task.apiBase,
                     });
-                    void sendTelegramHeightenedAuth({
-                        service: task.service,
-                        digit: null,
-                        windowSeconds: 240,
-                    });
                     const cleared = await this.waitForGitHubChallenge(steps);
                     if (cleared) {
                         steps.push("GitHub: challenge cleared — re-classifying for the consent flow");
@@ -9090,6 +9437,15 @@ export class SignupAgent {
             // detectManualLoginFallback would otherwise swallow it as
             // oauth_session_not_persisted and abort. The account simply needs
             // creating via email, so re-route to form-fill instead of bailing.
+            if (detectOAuthRegistrationDisabled(gateState.url, gateText)) {
+                return {
+                    success: false,
+                    error: `oauth_signup_disabled: ${task.service} rejected OAuth signup because account ` +
+                        `registration through this SSO/OAuth provider is disabled. Try a non-OAuth signup path manually.`,
+                    steps,
+                    ...this.resultTail(),
+                };
+            }
             if (detectGoogleNoAccount(gateState.url, gateText)) {
                 // Commit to email for the rest of the run — OAuth is login-only here, so
                 // the OAuth-first scan must not re-fire after the form-fill re-route.
@@ -9127,6 +9483,9 @@ export class SignupAgent {
                     machineToken.length === 0) {
                     otpResult = { code: null, reason: "no_machine_token" };
                 }
+                else if (task.allowOperatorInboxOtp !== true) {
+                    otpResult = { code: null, reason: "operator_inbox_consent_missing" };
+                }
                 else {
                     steps.push(`Email-OTP gate detected (${pathOf(gateState.url)}) — polling operator inbox for the code` +
                         (domain !== null ? ` (from_domain=${domain})` : ""));
@@ -9280,6 +9639,7 @@ export class SignupAgent {
                 ...(task.scopeHint !== undefined ? { scopeHint: task.scopeHint } : {}),
                 ...(task.machineToken !== undefined ? { machineToken: task.machineToken } : {}),
                 ...(task.apiBase !== undefined ? { apiBase: task.apiBase } : {}),
+                allowOperatorInboxOtp: task.allowOperatorInboxOtp === true,
             });
         }
         catch (err) {
@@ -9314,7 +9674,8 @@ export class SignupAgent {
         // complete, usable bundle. Require >=2 named (non-metadata) credentials
         // so a lone ID (e.g. just application_id) still fails honestly: an ID
         // without a secret isn't a usable credential.
-        if (hasUsableCredentialBundle(credentials)) {
+        if (hasUsableCredentialBundle(credentials) &&
+            !terminalReasonInvalidatesCredentialSuccess(this.lastPostVerifyDoneReason)) {
             return {
                 success: true,
                 credentials: { ...credentials },
@@ -9322,6 +9683,10 @@ export class SignupAgent {
                 ...this.resultTail(),
             };
         }
+        if (terminalReasonInvalidatesCredentialSuccess(this.lastPostVerifyDoneReason)) {
+            this.lastPostVerifyDoneReason =
+                `[existing_account_no_extract] terminal planner reason invalidated the extracted candidate: ${this.lastPostVerifyDoneReason}`;
+        }
         // No API key. Distinguish a billing/card wall (onboarding_blocked)
         // from a generic navigation miss — never grep-loop a paid wall.
         // rc.39 — fold the planner's `done` reason into the text we
@@ -9349,7 +9714,8 @@ export class SignupAgent {
             };
         }
         if (postSignupGate.failure?.kind === "payment" ||
-            postSignupGate.failure?.kind === "phone") {
+            postSignupGate.failure?.kind === "phone" ||
+            postSignupGate.failure?.kind === "permission_denied") {
             return {
                 success: false,
                 error: postSignupGate.failure.error,
@@ -9750,6 +10116,7 @@ ${formatInventory(input.inventory)}`,
             ...(task.scopeHint !== undefined ? { scopeHint: task.scopeHint } : {}),
             ...(task.machineToken !== undefined ? { machineToken: task.machineToken } : {}),
             ...(task.apiBase !== undefined ? { apiBase: task.apiBase } : {}),
+            allowOperatorInboxOtp: task.allowOperatorInboxOtp === true,
         });
     }
     // Drive the browser toward the API key after the account exists —
@@ -9784,15 +10151,10 @@ ${formatInventory(input.inventory)}`,
             machineToken: this.currentMachineToken,
             apiBase: this.currentApiBase,
         });
-        void sendTelegramHeightenedAuth({
-            service,
-            digit,
-            windowSeconds: 240,
-        });
         // 0.8.3-rc.1 — vision-LLM fallback for the mid-post-verify path.
         // When the planner's reason names a challenge but no digit, take
         // a screenshot, ask Claude vision what number is on screen, and
-        // fire a SECOND Telegram with the extracted number. The first
+        // fire a SECOND notification with the extracted number. The first
         // notification went out immediately (so the operator knows to
         // grab their phone); this follows up with the number as soon as
         // vision returns (~2-5s).
@@ -9804,11 +10166,6 @@ ${formatInventory(input.inventory)}`,
                         const followUp = `Google challenge mid-post-verify: vision LLM read "${visionDigit}" from the screen — tap that on your phone.`;
                         console.error(`[universal-bot] ${followUp}`);
                         steps.push(`Post-verify: ${followUp}`);
-                        void sendTelegramHeightenedAuth({
-                            service,
-                            digit: visionDigit,
-                            windowSeconds: 240,
-                        });
                         void notifyHeightenedAuth({
                             service,
                             digit: visionDigit,
@@ -10370,9 +10727,17 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
         if (!/^(0|false|off|no)$/i.test(process.env.NAV_SEARCH ?? "")) {
             try {
                 const navResult = await this.runNavSearchPhase(args, oauth);
-                if (Object.keys(navResult).some((k) => !NON_CREDENTIAL_KEYS.has(k))) {
+                if (hasUsableCredentialBundle(navResult)) {
                     return navResult;
                 }
+                if (hasAnyExtractedCredential(navResult)) {
+                    for (const [k, v] of Object.entries(navResult)) {
+                        if (credentials[k] === undefined)
+                            credentials[k] = v;
+                    }
+                    args.steps.push("nav-search: found credential-shaped data, but not a final usable bundle yet — " +
+                        "continuing post-verify extraction instead of returning a false failure");
+                }
                 if (this.resolvedSignupUrl !== undefined &&
                     KEYS_DESTINATION_URL.test(this.resolvedSignupUrl)) {
                     args.steps.push("nav-search: curated signup_url is a credential surface and no key was found — " +
@@ -10380,6 +10745,32 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
                     return navResult;
                 }
                 args.steps.push("nav-search: no key via navigation alone — handing off to the planner from the current surface");
+                const afterNavText = await this.browser.extractText().catch(() => "");
+                const afterNavInventory = await this.browser
+                    .extractInteractiveElements()
+                    .catch(() => []);
+                const accountLinkCta = findOAuthAccountLinkCta(afterNavText, afterNavInventory);
+                if (accountLinkCta !== null) {
+                    const label = (accountLinkCta.visibleText ??
+                        accountLinkCta.ariaLabel ??
+                        accountLinkCta.labelText ??
+                        "link existing account").trim();
+                    args.steps.push(`Post-verify: OAuth account-link bridge detected — clicking "${label}" before planner handoff.`);
+                    try {
+                        await this.browser.click(accountLinkCta.selector);
+                        await this.browser.wait(2);
+                        await this.browser.waitForInteractiveDom(5, 15_000).catch(() => undefined);
+                    }
+                    catch (err) {
+                        args.steps.push(`Post-verify: account-link bridge click threw (${err instanceof Error ? err.message : String(err)}) — continuing with planner handoff.`);
+                    }
+                }
+                if (isAtOAuthAccountLinkVerificationGate(afterNavText)) {
+                    this.lastPostVerifyDoneReason =
+                        `[oauth_account_link_verification] ${afterNavText.slice(0, 300)}`;
+                    args.steps.push("Post-verify: OAuth account-link email verification wall detected — stopping before fallback URL guesses.");
+                    return {};
+                }
             }
             catch (err) {
                 args.steps.push(`nav-search: errored (${err instanceof Error ? err.message : String(err)}) — falling back to the planner`);
@@ -10409,6 +10800,43 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
         // form-fill phase already captured (captureSignupFormRounds); 0 on the
         // OAuth path, so this is unchanged for OAuth skills.
         let capturedRound = this.captureChainRound;
+        const prePlannerInventory = await this.browser.extractInteractiveElements().catch(() => []);
+        const setupFormBlocksCuratedRoute = isRequiredAccountSetupForm(prePlannerInventory);
+        if (hasCuratedServiceKeyPath(args.service) && !setupFormBlocksCuratedRoute) {
+            const fallback = pickStuckLoopFallbackUrl(this.browser.currentUrl(), recovery.triedFallbackUrls, args.service, this.resolvedSignupUrl);
+            if (fallback !== null) {
+                recovery.triedFallbackUrls.add(fallback);
+                args.steps.push(`Post-verify: nav-search exhausted but ${args.service} has a curated credential route — trying ${fallback} before greedy planning.`);
+                try {
+                    await this.browser.goto(fallback);
+                    await this.browser.waitForInteractiveDom(5, 15_000).catch(() => undefined);
+                    const direct = await this.harvestVisibleCredentials();
+                    for (const [k, v] of Object.entries(direct)) {
+                        if (credentials[k] === undefined)
+                            credentials[k] = v;
+                    }
+                    if (hasAnyExtractedCredential(credentials)) {
+                        await this.writeFastPathSyntheticCapture(args.service, capturedRound, oauth, "curated credential route synthetic extract — nav-search exhausted, fallback route exposed credentials");
+                        return credentials;
+                    }
+                    const minted = await this.attemptMintNewKey(args.steps, args.service);
+                    if (minted !== null && hasAnyExtractedCredential(minted)) {
+                        for (const [k, v] of Object.entries(minted)) {
+                            if (credentials[k] === undefined)
+                                credentials[k] = v;
+                        }
+                        await this.writeFastPathSyntheticCapture(args.service, capturedRound, oauth, "curated credential route synthetic extract — minted/extracted after nav-search fallback");
+                        return credentials;
+                    }
+                }
+                catch (err) {
+                    args.steps.push(`Post-verify: curated credential route fallback errored (${err instanceof Error ? err.message : String(err)}) — continuing with greedy planner.`);
+                }
+            }
+        }
+        else if (setupFormBlocksCuratedRoute) {
+            args.steps.push("Post-verify: required account setup form is still active — deferring curated credential route until setup is complete.");
+        }
         const credentialTracker = new PostSignupCredentialTracker(credentials);
         // Gate URLs we've already polled the operator's gmail for, so a
         // multi-round wait on the same email-OTP page doesn't re-poll.
@@ -10448,6 +10876,23 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
             // the planner choosing the right click, so an on-screen key is never
             // missed into a maxRounds bail. Merge-only (never overwrites a prior
             // capture); both extractors are best-effort.
+            try {
+                const currentUrl = this.browser.currentUrl();
+                if (!recovery.revealSweepUrls.has(currentUrl)) {
+                    const sweepText = await this.browser.extractVisibleText().catch(() => "");
+                    if (shouldRevealBeforeCredentialSweep({ url: currentUrl, pageText: sweepText })) {
+                        recovery.revealSweepUrls.add(currentUrl);
+                        const reveal = await this.browser.revealMaskedCredentials();
+                        if (reveal.clicked > 0) {
+                            args.steps.push(`Post-verify round ${round}: credential surface has reveal controls — clicked ${reveal.clicked} before sweeping.`);
+                            await this.browser.wait(1);
+                        }
+                    }
+                }
+            }
+            catch {
+                // reveal is opportunistic; normal extraction still runs below
+            }
             try {
                 const sweep = await this.extractCredentials();
                 for (const [k, v] of Object.entries(sweep)) {
@@ -10771,6 +11216,89 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
             else {
                 lastReachablePostVerifyUrl = state.url;
             }
+            if (isPostVerifyAuthResetRoute({
+                url: state.url,
+                round,
+                hasExtractedCredential: hasAnyExtractedCredential(credentials),
+            })) {
+                this.lastPostVerifyDoneReason =
+                    `[stuck_loop] post-verify credential search returned to auth/signup route ${state.url}; ` +
+                        `stopping instead of starting a second signup.`;
+                args.steps.push(`Post-verify round ${round}: credential search returned to auth/signup route (${pathOf(state.url)}) — ` +
+                    `stopping instead of starting a second signup.`);
+                break;
+            }
+            if (serviceSlug(args.service) === "render" &&
+                !hasAnyExtractedCredential(credentials) &&
+                /dashboard\.render\.com/i.test(state.url)) {
+                const onRenderAccountSettings = /\/u\/[^/]+\/settings\b/i.test(state.url);
+                if (!onRenderAccountSettings) {
+                    const accountSettingsLink = findRenderAccountSettingsLink(inventory, recovery.clickedKeysLinks);
+                    if (accountSettingsLink !== null) {
+                        recovery.clickedKeysLinks.add(accountSettingsLink.selector);
+                        const label = accountSettingsLink.visibleText ??
+                            accountSettingsLink.ariaLabel ??
+                            accountSettingsLink.href ??
+                            accountSettingsLink.selector;
+                        args.steps.push(`Post-verify round ${round}: Render account menu exposes "${label.slice(0, 60)}" — entering account settings before API-key navigation.`);
+                        try {
+                            await this.browser.click(accountSettingsLink.selector);
+                            await this.browser.waitForInteractiveDom(5, 15_000).catch(() => undefined);
+                            hint = undefined;
+                            recovery.prevSignature = null;
+                            recovery.prevInventorySize = -1;
+                            continue;
+                        }
+                        catch (err) {
+                            args.steps.push(`Post-verify round ${round}: Render account-settings click failed (${err instanceof Error ? err.message : String(err)}) — continuing.`);
+                        }
+                    }
+                    else if (!recovery.triedRenderAccountMenu) {
+                        const accountMenu = findRenderAccountMenuTrigger(inventory);
+                        if (accountMenu !== null) {
+                            recovery.triedRenderAccountMenu = true;
+                            const label = accountMenu.visibleText ??
+                                accountMenu.ariaLabel ??
+                                accountMenu.title ??
+                                accountMenu.selector;
+                            args.steps.push(`Post-verify round ${round}: Render dashboard has no API-key link visible — opening account menu "${label.slice(0, 40)}".`);
+                            try {
+                                await this.browser.click(accountMenu.selector);
+                                await this.browser.waitForInteractiveDom(5, 15_000).catch(() => undefined);
+                                hint = undefined;
+                                recovery.prevSignature = null;
+                                recovery.prevInventorySize = -1;
+                                continue;
+                            }
+                            catch (err) {
+                                args.steps.push(`Post-verify round ${round}: Render account-menu click failed (${err instanceof Error ? err.message : String(err)}) — continuing.`);
+                            }
+                        }
+                    }
+                }
+                else if (!/#api-keys\b/i.test(state.url)) {
+                    const keysLink = findApiKeysNavLink(inventory, recovery.clickedKeysLinks);
+                    if (keysLink !== null) {
+                        recovery.clickedKeysLinks.add(keysLink.selector);
+                        const label = keysLink.visibleText ??
+                            keysLink.ariaLabel ??
+                            keysLink.href ??
+                            keysLink.selector;
+                        args.steps.push(`Post-verify round ${round}: Render account settings reached — clicking API-key anchor "${label.slice(0, 60)}".`);
+                        try {
+                            await this.browser.click(keysLink.selector);
+                            await this.browser.waitForInteractiveDom(5, 15_000).catch(() => undefined);
+                            hint = undefined;
+                            recovery.prevSignature = null;
+                            recovery.prevInventorySize = -1;
+                            continue;
+                        }
+                        catch (err) {
+                            args.steps.push(`Post-verify round ${round}: Render API-key anchor click failed (${err instanceof Error ? err.message : String(err)}) — continuing.`);
+                        }
+                    }
+                }
+            }
             const emailAlias = args.verificationEmailAlias ??
                 args.credentials?.email ??
                 args.oauthAccountEmail;
@@ -11168,6 +11696,7 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
             if (hint === undefined &&
                 args.machineToken !== undefined &&
                 args.machineToken.length > 0 &&
+                args.allowOperatorInboxOtp === true &&
                 !otpPolledUrls.has(state.url) &&
                 detectEmailOtpGate(state.url, state.title, await this.browser.extractText().catch(() => ""), inventory)) {
                 otpPolledUrls.add(state.url);
@@ -11735,6 +12264,46 @@ Prefer items naming keys / tokens / API / developer / secrets; then credentials
                 recovery.prevSignature = null;
                 recovery.prevInventorySize = inventory.length;
             }
+            const actionCycleSignature = credentialActionSignature(nextStep, inventory);
+            if (actionCycleSignature !== null) {
+                recovery.recentCredentialActionSignatures.push(actionCycleSignature);
+                if (recovery.recentCredentialActionSignatures.length > 8) {
+                    recovery.recentCredentialActionSignatures =
+                        recovery.recentCredentialActionSignatures.slice(-8);
+                }
+                if (isRepeatingCredentialActionCycle(recovery.recentCredentialActionSignatures, visiblePageText)) {
+                    args.steps.push(`Post-verify: detected repeating credential-action cycle (${recovery.recentCredentialActionSignatures.slice(-5).join(" → ")}) — trying extraction/fallback instead of repeating it.`);
+                    const harvested = await this.harvestVisibleCredentials().catch(() => ({}));
+                    for (const [k, v] of Object.entries(harvested)) {
+                        if (credentials[k] === undefined)
+                            credentials[k] = v;
+                    }
+                    if (hasAnyExtractedCredential(credentials)) {
+                        await this.writeFastPathSyntheticCapture(args.service, capturedRound, oauth, "repeating credential-action cycle synthetic extract — credentials were already visible");
+                        return credentials;
+                    }
+                    const fallback = pickStuckLoopFallbackUrl(state.url, recovery.triedFallbackUrls, args.service, this.resolvedSignupUrl);
+                    if (fallback !== null) {
+                        recovery.triedFallbackUrls.add(fallback);
+                        args.steps.push(`Post-verify: credential-action cycle fallback — navigating to ${fallback}`);
+                        try {
+                            await this.browser.goto(fallback);
+                            await this.browser.waitForInteractiveDom(5, 15_000).catch(() => undefined);
+                        }
+                        catch (err) {
+                            args.steps.push(`Post-verify: credential-action cycle fallback navigate failed (${err instanceof Error ? err.message : String(err)}) — continuing.`);
+                        }
+                        recovery.prevSignature = null;
+                        recovery.prevInventorySize = -1;
+                        hint = undefined;
+                        continue;
+                    }
+                    this.lastPostVerifyDoneReason =
+                        `[stuck_loop] planner repeated credential/payment actions (${recovery.recentCredentialActionSignatures.slice(-5).join(" → ")}) with no usable credential and no fallback URL remaining.`;
+                    args.steps.push(`Post-verify: credential-action cycle unresolvable — breaking out with planner_stuck.`);
+                    break;
+                }
+            }
             // Record the kind of the step we're ABOUT to execute (all re-plan
             // `continue` guards are behind us here) so next round can judge
             // whether it changed the page — the stalled-wizard breaker above.
@@ -12829,6 +13398,11 @@ ${formatInventory(input.inventory)}${input.hint !== undefined ? `\n\nIMPORTANT
         if (typeof curUrl === "string" && isDocumentationUrl(curUrl)) {
             return credentials;
         }
+        const currentState = await this.browser.getState().catch(() => null);
+        if (currentState !== null &&
+            detectCredentialExtractionBlock(currentState.html, titleFromHtml(currentState.html)) !== null) {
+            return credentials;
+        }
         for (const candidate of await this.browser.extractCredentialCandidates()) {
             const hit = extractApiKeyFromText(candidate);
             if (hit === null)
@@ -12931,6 +13505,11 @@ ${formatInventory(input.inventory)}${input.hint !== undefined ? `\n\nIMPORTANT
         const curUrl = typeof this.browser.currentUrl === "function" ? this.browser.currentUrl() : "";
         if (typeof curUrl === "string" && isDocumentationUrl(curUrl))
             return {};
+        const currentState = await this.browser.getState().catch(() => null);
+        if (currentState !== null &&
+            detectCredentialExtractionBlock(currentState.html, titleFromHtml(currentState.html)) !== null) {
+            return {};
+        }
         let st = initialExtractionState();
         const classify = (text) => {
             const hit = extractApiKeyFromText(text);