npm - @vellumai/assistant - Versions diffs - 0.4.53 → 0.4.55 - Mend

@vellumai/assistant 0.4.53 → 0.4.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/bun.lock +62 -349
package/docs/architecture/integrations.md +1 -1
package/docs/architecture/keychain-broker.md +94 -29
package/docs/architecture/security.md +2 -2
package/knip.json +7 -29
package/package.json +2 -9
package/src/__tests__/agent-loop.test.ts +1 -1
package/src/__tests__/app-git-history.test.ts +0 -2
package/src/__tests__/app-git-service.test.ts +1 -6
package/src/__tests__/approval-cascade.test.ts +0 -1
package/src/__tests__/avatar-e2e.test.ts +0 -1
package/src/__tests__/browser-fill-credential.test.ts +1 -6
package/src/__tests__/call-domain.test.ts +0 -1
package/src/__tests__/call-routes-http.test.ts +0 -1
package/src/__tests__/channel-guardian.test.ts +4 -4
package/src/__tests__/channel-readiness-routes.test.ts +0 -1
package/src/__tests__/channel-readiness-service.test.ts +0 -1
package/src/__tests__/checker.test.ts +13 -11
package/src/__tests__/claude-code-skill-regression.test.ts +0 -1
package/src/__tests__/claude-code-tool-profiles.test.ts +1 -2
package/src/__tests__/config-loader-backfill.test.ts +0 -3
package/src/__tests__/config-schema.test.ts +3 -9
package/src/__tests__/config-watcher.test.ts +11 -3
package/src/__tests__/credential-broker-browser-fill.test.ts +27 -24
package/src/__tests__/credential-broker-server-use.test.ts +60 -24
package/src/__tests__/credential-security-e2e.test.ts +1 -6
package/src/__tests__/credential-security-invariants.test.ts +13 -8
package/src/__tests__/credential-vault-unit.test.ts +28 -12
package/src/__tests__/credential-vault.test.ts +40 -28
package/src/__tests__/credentials-cli.test.ts +1 -21
package/src/__tests__/email-invite-adapter.test.ts +0 -1
package/src/__tests__/fixtures/credential-security-fixtures.ts +3 -3
package/src/__tests__/fixtures/media-reuse-fixtures.ts +3 -79
package/src/__tests__/gateway-only-enforcement.test.ts +1 -21
package/src/__tests__/guardian-action-conversation-turn.test.ts +8 -8
package/src/__tests__/guardian-action-late-reply.test.ts +13 -14
package/src/__tests__/guardian-action-store.test.ts +0 -57
package/src/__tests__/guardian-outbound-http.test.ts +1 -1
package/src/__tests__/guardian-verification-voice-binding.test.ts +1 -3
package/src/__tests__/hooks-blocking.test.ts +1 -1
package/src/__tests__/hooks-config.test.ts +5 -29
package/src/__tests__/hooks-discovery.test.ts +1 -1
package/src/__tests__/hooks-integration.test.ts +1 -1
package/src/__tests__/hooks-manager.test.ts +1 -1
package/src/__tests__/hooks-runner.test.ts +1 -23
package/src/__tests__/hooks-settings.test.ts +1 -1
package/src/__tests__/hooks-templates.test.ts +1 -1
package/src/__tests__/integration-status.test.ts +0 -1
package/src/__tests__/invite-routes-http.test.ts +0 -3
package/src/__tests__/list-messages-attachments.test.ts +4 -4
package/src/__tests__/llm-usage-store.test.ts +50 -0
package/src/__tests__/managed-proxy-context.test.ts +41 -41
package/src/__tests__/media-generate-image.test.ts +2 -2
package/src/__tests__/media-reuse-story.e2e.test.ts +1 -6
package/src/__tests__/memory-regressions.experimental.test.ts +4 -4
package/src/__tests__/memory-regressions.test.ts +27 -27
package/src/__tests__/memory-retrieval.benchmark.test.ts +1 -1
package/src/__tests__/memory-upsert-concurrency.test.ts +4 -4
package/src/__tests__/notification-decision-fallback.test.ts +1 -1
package/src/__tests__/oauth-cli.test.ts +1 -4
package/src/__tests__/oauth-store.test.ts +1 -3
package/src/__tests__/openai-provider.test.ts +7 -7
package/src/__tests__/platform.test.ts +14 -4
package/src/__tests__/pricing.test.ts +0 -223
package/src/__tests__/provider-commit-message-generator.test.ts +1 -4
package/src/__tests__/provider-fail-open-selection.test.ts +58 -54
package/src/__tests__/provider-managed-proxy-integration.test.ts +63 -63
package/src/__tests__/provider-registry-ollama.test.ts +3 -3
package/src/__tests__/public-ingress-urls.test.ts +1 -1
package/src/__tests__/registry.test.ts +3 -103
package/src/__tests__/script-proxy-injection-runtime.test.ts +2 -7
package/src/__tests__/secret-onetime-send.test.ts +1 -6
package/src/__tests__/secret-routes-managed-proxy.test.ts +6 -13
package/src/__tests__/secure-keys.test.ts +241 -229
package/src/__tests__/session-abort-tool-results.test.ts +0 -1
package/src/__tests__/session-confirmation-signals.test.ts +0 -1
package/src/__tests__/session-messaging-secret-redirect.test.ts +1 -7
package/src/__tests__/session-pre-run-repair.test.ts +0 -1
package/src/__tests__/session-provider-retry-repair.test.ts +0 -1
package/src/__tests__/session-queue.test.ts +2 -4
package/src/__tests__/session-slash-known.test.ts +0 -1
package/src/__tests__/session-slash-queue.test.ts +0 -1
package/src/__tests__/session-slash-unknown.test.ts +0 -1
package/src/__tests__/session-workspace-injection.test.ts +0 -1
package/src/__tests__/session-workspace-tool-tracking.test.ts +0 -1
package/src/__tests__/skill-projection-feature-flag.test.ts +0 -1
package/src/__tests__/slack-channel-config.test.ts +1 -7
package/src/__tests__/swarm-recursion.test.ts +0 -1
package/src/__tests__/swarm-session-integration.test.ts +0 -1
package/src/__tests__/swarm-tool.test.ts +0 -1
package/src/__tests__/task-compiler.test.ts +1 -1
package/src/__tests__/test-support/browser-skill-harness.ts +0 -18
package/src/__tests__/test-support/computer-use-skill-harness.ts +0 -23
package/src/__tests__/tool-executor.test.ts +1 -1
package/src/__tests__/trust-store.test.ts +3 -82
package/src/__tests__/twilio-config.test.ts +0 -1
package/src/__tests__/twilio-provider.test.ts +0 -5
package/src/__tests__/twilio-routes.test.ts +0 -1
package/src/__tests__/usage-cache-backfill-migration.test.ts +10 -10
package/src/calls/guardian-question-copy.ts +1 -1
package/src/cli/commands/bash.ts +3 -0
package/src/cli/commands/doctor.ts +10 -34
package/src/cli/commands/memory.ts +3 -5
package/src/cli/commands/sessions.ts +1 -1
package/src/cli/commands/usage.ts +359 -0
package/src/cli/http-client.ts +22 -12
package/src/cli/program.ts +2 -0
package/src/cli/reference.ts +1 -0
package/src/cli.ts +251 -181
package/src/config/assistant-feature-flags.ts +0 -7
package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +1 -1
package/src/config/bundled-skills/claude-code/SKILL.md +1 -1
package/src/config/bundled-skills/claude-code/TOOLS.json +1 -1
package/src/config/bundled-skills/gmail/SKILL.md +0 -1
package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +2 -2
package/src/config/bundled-skills/media-processing/services/reduce.ts +1 -1
package/src/config/bundled-skills/messaging/SKILL.md +0 -1
package/src/config/bundled-skills/sequences/SKILL.md +0 -1
package/src/config/env.ts +13 -0
package/src/config/feature-flag-registry.json +9 -41
package/src/config/schemas/security.ts +1 -2
package/src/config/skills.ts +1 -1
package/src/contacts/contact-store.ts +0 -50
package/src/daemon/approved-devices-store.ts +0 -44
package/src/daemon/classifier.ts +1 -1
package/src/daemon/config-watcher.ts +14 -8
package/src/daemon/handlers/config-model.ts +1 -1
package/src/daemon/handlers/sessions.ts +4 -116
package/src/daemon/handlers/skills.ts +1 -1
package/src/daemon/lifecycle.ts +13 -15
package/src/daemon/providers-setup.ts +1 -1
package/src/daemon/server.ts +20 -3
package/src/daemon/session-slash.ts +2 -2
package/src/daemon/shutdown-handlers.ts +15 -0
package/src/daemon/watch-handler.ts +2 -2
package/src/email/guardrails.ts +1 -1
package/src/email/service.ts +0 -5
package/src/hooks/templates.ts +1 -1
package/src/media/app-icon-generator.ts +2 -2
package/src/media/avatar-router.ts +2 -2
package/src/media/gemini-image-service.ts +5 -5
package/src/memory/admin.ts +2 -2
package/src/memory/app-git-service.ts +0 -7
package/src/memory/conversation-crud.ts +1 -1
package/src/memory/conversation-title-service.ts +2 -2
package/src/memory/embedding-backend.ts +30 -26
package/src/memory/external-conversation-store.ts +0 -30
package/src/memory/guardian-action-store.ts +0 -31
package/src/memory/guardian-approvals.ts +1 -56
package/src/memory/indexer.ts +4 -3
package/src/memory/items-extractor.ts +1 -1
package/src/memory/job-handlers/backfill.ts +5 -2
package/src/memory/job-handlers/index-maintenance.ts +2 -2
package/src/memory/job-handlers/media-processing.ts +2 -2
package/src/memory/job-handlers/summarization.ts +1 -1
package/src/memory/job-utils.ts +1 -2
package/src/memory/jobs-worker.ts +2 -2
package/src/memory/llm-usage-store.ts +57 -11
package/src/memory/media-store.ts +4 -535
package/src/memory/migrations/032-guardian-delivery-conversation-index.ts +2 -2
package/src/memory/migrations/110-channel-guardian.ts +0 -1
package/src/memory/published-pages-store.ts +0 -83
package/src/memory/qdrant-circuit-breaker.ts +0 -8
package/src/memory/retriever.ts +1 -1
package/src/memory/schema/calls.ts +0 -67
package/src/memory/search/semantic.ts +1 -8
package/src/memory/shared-app-links-store.ts +0 -15
package/src/messaging/registry.ts +0 -5
package/src/messaging/style-analyzer.ts +1 -1
package/src/notifications/copy-composer.ts +5 -13
package/src/notifications/decision-engine.ts +2 -2
package/src/notifications/deliveries-store.ts +0 -39
package/src/notifications/guardian-question-mode.ts +6 -10
package/src/notifications/preference-extractor.ts +1 -1
package/src/oauth/byo-connection.test.ts +29 -20
package/src/oauth/provider-behaviors.ts +1 -1
package/src/permissions/checker.ts +1 -1
package/src/permissions/shell-identity.ts +0 -5
package/src/permissions/trust-store.ts +0 -37
package/src/prompts/system-prompt.ts +4 -4
package/src/prompts/templates/SOUL.md +1 -1
package/src/providers/managed-proxy/constants.ts +8 -10
package/src/providers/managed-proxy/context.ts +14 -9
package/src/providers/provider-send-message.ts +4 -52
package/src/providers/registry.ts +16 -50
package/src/runtime/actor-token-store.ts +0 -23
package/src/runtime/auth/__tests__/guard-tests.test.ts +64 -0
package/src/runtime/http-router.ts +5 -1
package/src/runtime/http-server.ts +101 -4
package/src/runtime/invite-instruction-generator.ts +25 -51
package/src/runtime/invite-service.ts +0 -20
package/src/runtime/routes/attachment-routes.ts +1 -1
package/src/runtime/routes/brain-graph-routes.ts +1 -1
package/src/runtime/routes/call-routes.ts +1 -1
package/src/runtime/routes/conversation-routes.ts +32 -11
package/src/runtime/routes/debug-routes.ts +1 -1
package/src/runtime/routes/diagnostics-routes.ts +2 -2
package/src/runtime/routes/documents-routes.ts +3 -3
package/src/runtime/routes/global-search-routes.ts +1 -1
package/src/runtime/routes/guardian-bootstrap-routes.ts +0 -20
package/src/runtime/routes/guardian-refresh-routes.ts +0 -20
package/src/runtime/routes/secret-routes.ts +4 -4
package/src/runtime/routes/session-management-routes.ts +27 -0
package/src/runtime/routes/trust-rules-routes.ts +1 -1
package/src/security/credential-backend.ts +148 -0
package/src/security/oauth2.ts +1 -1
package/src/security/secret-allowlist.ts +1 -1
package/src/security/secure-keys.ts +98 -160
package/src/security/token-manager.ts +0 -7
package/src/sequence/guardrails.ts +0 -4
package/src/sequence/store.ts +1 -20
package/src/sequence/types.ts +1 -36
package/src/signals/bash.ts +33 -0
package/src/signals/cancel.ts +69 -0
package/src/signals/conversation-undo.ts +127 -0
package/src/signals/trust-rule.ts +174 -0
package/src/skills/clawhub.ts +5 -5
package/src/skills/managed-store.ts +4 -4
package/src/subagent/manager.ts +8 -1
package/src/telemetry/usage-telemetry-reporter.test.ts +366 -0
package/src/telemetry/usage-telemetry-reporter.ts +181 -0
package/src/tools/claude-code/claude-code.ts +2 -2
package/src/tools/credentials/vault.ts +8 -4
package/src/tools/memory/handlers.test.ts +24 -26
package/src/tools/memory/handlers.ts +1 -13
package/src/tools/registry.ts +5 -100
package/src/tools/terminal/parser.ts +34 -4
package/src/tools/tool-manifest.ts +0 -10
package/src/usage/actors.ts +0 -12
package/src/util/canonicalize-identity.ts +0 -9
package/src/util/errors.ts +0 -3
package/src/util/platform.ts +24 -7
package/src/util/pricing.ts +0 -38
package/src/watcher/constants.ts +0 -7
package/src/watcher/providers/linear.ts +1 -1
package/src/work-items/work-item-store.ts +4 -4
package/src/workspace/commit-message-provider.ts +1 -1
package/src/workspace/git-service.ts +44 -1
package/src/workspace/provider-commit-message-generator.ts +1 -1
package/src/__tests__/fixtures/proxy-fixtures.ts +0 -147
package/src/browser-extension-relay/client.ts +0 -155
package/src/contacts/index.ts +0 -18
package/src/daemon/tls-certs.ts +0 -270
package/src/errors.ts +0 -41
package/src/events/index.ts +0 -18
package/src/followups/index.ts +0 -10
package/src/playbooks/index.ts +0 -10
package/src/runtime/auth/index.ts +0 -44
package/src/tasks/candidate-store.ts +0 -95
package/src/tools/browser/api-map.ts +0 -313
package/src/tools/browser/auto-navigate.ts +0 -469
package/src/tools/browser/headless-browser.ts +0 -590
package/src/tools/browser/recording-store.ts +0 -75
package/src/tools/computer-use/registry.ts +0 -21
package/src/tools/tasks/index.ts +0 -27

package/src/tools/browser/auto-navigate.ts DELETED Viewed

@@ -1,469 +0,0 @@
-/**
- * CDP-based auto-navigation for any domain.
- *
- * Drives Chrome through a domain's pages by discovering internal links,
- * so the NetworkRecorder captures the API surface without manual browsing.
- */
-import { getLogger } from "../../util/logger.js";
-const log = getLogger("auto-navigate");
-const DEFAULT_CDP_BASE = "http://localhost:9222";
-const MAX_PAGES = 10;
-const PAGE_WAIT_MS = 2500;
-const SCROLL_WAIT_MS = 1000;
-/** Minimal CDP client — connects to one page tab. */
-class MiniCDP {
-  private ws: WebSocket | null = null;
-  private nextId = 1;
-  private callbacks = new Map<
-    number,
-    { resolve: (v: unknown) => void; reject: (e: Error) => void }
-  >();
-  async connect(wsUrl: string): Promise<void> {
-    return new Promise((resolve, reject) => {
-      const ws = new WebSocket(wsUrl);
-      ws.onopen = () => {
-        this.ws = ws;
-        resolve();
-      };
-      ws.onerror = (e) => reject(new Error(`CDP error: ${e}`));
-      ws.onclose = () => {
-        this.ws = null;
-        for (const [, cb] of this.callbacks) {
-          cb.reject(new Error("WebSocket closed"));
-        }
-        this.callbacks.clear();
-      };
-      ws.onmessage = (event) => {
-        const msg = JSON.parse(String(event.data));
-        if (msg.id != null) {
-          const cb = this.callbacks.get(msg.id);
-          if (cb) {
-            this.callbacks.delete(msg.id);
-            if (msg.error) {
-              cb.reject(new Error(msg.error.message));
-            } else {
-              cb.resolve(msg.result);
-            }
-          }
-        }
-      };
-    });
-  }
-  async send(
-    method: string,
-    params?: Record<string, unknown>,
-  ): Promise<unknown> {
-    if (!this.ws) throw new Error("Not connected");
-    const id = this.nextId++;
-    return new Promise((resolve, reject) => {
-      this.callbacks.set(id, { resolve, reject });
-      this.ws!.send(JSON.stringify({ id, method, params }));
-    });
-  }
-  close() {
-    this.ws?.close();
-  }
-}
-export interface AutoNavProgress {
-  type: "visiting" | "discovered" | "done";
-  url?: string;
-  pageNumber?: number;
-  totalDiscovered?: number;
-  visitedCount?: number;
-}
-export interface AutoNavOptions {
-  abortSignal?: { aborted: boolean };
-  onProgress?: (p: AutoNavProgress) => void;
-  cdpBaseUrl?: string;
-}
-/**
- * Navigate Chrome through a domain's pages to trigger API calls.
- * Discovers internal links from the DOM and visits up to ~15 unique paths.
- *
- * @param domain The domain to crawl (e.g. "example.com").
- * @param options Optional configuration for abort, progress, and CDP base URL.
- * @returns List of visited page URLs.
- */
-export async function autoNavigate(
-  domain: string,
-  options?: AutoNavOptions,
-): Promise<string[]> {
-  const {
-    abortSignal,
-    onProgress,
-    cdpBaseUrl = DEFAULT_CDP_BASE,
-  } = options ?? {};
-  let wsUrl: string | null = null;
-  try {
-    const res = await fetch(`${cdpBaseUrl}/json/list`);
-    if (!res.ok) {
-      log.warn("CDP not available for auto-navigation");
-      return [];
-    }
-    const targets = (await res.json()) as Array<{
-      type: string;
-      url: string;
-      webSocketDebuggerUrl: string;
-    }>;
-    const domainTab = targets.find((t) => {
-      if (t.type !== "page") return false;
-      try {
-        const hostname = new URL(t.url).hostname;
-        return hostname === domain || hostname.endsWith("." + domain);
-      } catch {
-        return false;
-      }
-    });
-    wsUrl =
-      domainTab?.webSocketDebuggerUrl ??
-      targets.find((t) => t.type === "page")?.webSocketDebuggerUrl ??
-      null;
-  } catch (err) {
-    log.warn({ err }, "Failed to discover Chrome tabs");
-    return [];
-  }
-  if (!wsUrl) {
-    log.warn("No Chrome tab found for auto-navigation");
-    return [];
-  }
-  const cdp = new MiniCDP();
-  try {
-    await cdp.connect(wsUrl);
-  } catch (err) {
-    log.warn({ err }, "Failed to connect CDP for auto-navigation");
-    return [];
-  }
-  await cdp.send("Page.bringToFront").catch(() => {});
-  await cdp.send("Page.enable").catch(() => {});
-  const rootUrl = `https://${domain}/`;
-  const visited = new Set<string>();
-  const visitedUrls: string[] = [];
-  // Navigate to the domain root first
-  try {
-    onProgress?.({ type: "visiting", url: rootUrl, pageNumber: 1 });
-    await cdp.send("Page.navigate", { url: rootUrl });
-    await sleep(PAGE_WAIT_MS);
-    visited.add("/");
-    visitedUrls.push(rootUrl);
-    log.info({ url: rootUrl }, "Visited root page");
-  } catch (err) {
-    log.warn({ err }, "Failed to navigate to domain root");
-    cdp.close();
-    return [];
-  }
-  if (abortSignal?.aborted) {
-    cdp.close();
-    return visitedUrls;
-  }
-  // Scroll the root page to trigger lazy content
-  await scrollPage(cdp);
-  await sleep(SCROLL_WAIT_MS);
-  // Discover internal links from the current page
-  let discoveredLinks = await discoverInternalLinks(cdp, domain);
-  // Sort links: deeper paths first (more likely to be content pages), skip shallow nav links
-  discoveredLinks = rankLinks(discoveredLinks);
-  onProgress?.({ type: "discovered", totalDiscovered: discoveredLinks.length });
-  log.info(
-    { count: discoveredLinks.length },
-    "Discovered internal links from root",
-  );
-  // Visit discovered pages
-  for (const link of discoveredLinks) {
-    if (abortSignal?.aborted) break;
-    if (visited.size >= MAX_PAGES) break;
-    if (visited.has(link.key)) continue;
-    const url = link.url;
-    onProgress?.({
-      type: "visiting",
-      url,
-      pageNumber: visited.size + 1,
-      totalDiscovered: discoveredLinks.length,
-    });
-    log.info({ url }, "Auto-navigate visiting page");
-    try {
-      await cdp.send("Page.navigate", { url });
-      await sleep(PAGE_WAIT_MS);
-      visited.add(link.key);
-      visitedUrls.push(url);
-      // Scroll to trigger lazy-loaded content
-      await scrollPage(cdp);
-      await sleep(SCROLL_WAIT_MS);
-      // Click tabs/buttons within the page (NOT nav links — those navigate away)
-      await clickPageTabs(cdp);
-      await sleep(800);
-      // Discover more links from this page
-      const newLinks = await discoverInternalLinks(cdp, domain);
-      for (const nl of newLinks) {
-        if (
-          !visited.has(nl.key) &&
-          !discoveredLinks.some((l) => l.key === nl.key)
-        ) {
-          discoveredLinks.push(nl);
-        }
-      }
-      log.info({ url }, "Auto-navigate page completed");
-    } catch (err) {
-      log.warn({ err, url }, "Auto-navigate page failed");
-    }
-  }
-  cdp.close();
-  onProgress?.({
-    type: "done",
-    visitedCount: visitedUrls.length,
-    totalDiscovered: discoveredLinks.length,
-  });
-  log.info(
-    { visited: visitedUrls.length, total: discoveredLinks.length + 1 },
-    "Auto-navigation finished",
-  );
-  return visitedUrls;
-}
-interface DiscoveredLink {
-  /** Full URL to navigate to (preserves subdomain). */
-  url: string;
-  /** Deduplication key: origin + pathname. */
-  key: string;
-  /** Path depth (number of segments). */
-  depth: number;
-}
-/** Paths that are typically navigation chrome, not content pages. */
-const SKIP_PATHS = [
-  "/home",
-  "/login",
-  "/signup",
-  "/register",
-  "/sign-up",
-  "/sign-in",
-  "/help",
-  "/support",
-  "/contact",
-  "/about",
-  "/terms",
-  "/privacy",
-  "/careers",
-  "/press",
-  "/blog",
-  "/faq",
-  "/sitemap",
-];
-/** Path patterns that indicate high-value purchase/content flows. */
-const HIGH_VALUE_PATTERNS = [
-  /\/orders/i,
-  /\/cart/i,
-  /\/checkout/i,
-  /\/account/i,
-  /\/settings/i,
-  /\/store\//i,
-  /\/restaurant\//i,
-  /\/menu/i,
-  /\/payment/i,
-  /\/profile/i,
-  /\/history/i,
-  /\/favorites/i,
-  /\/saved/i,
-  /\/search/i,
-  /\/category/i,
-  /\/collection/i,
-];
-/** Sort links to prioritize purchase/content flows, deduplicate by pattern. */
-function rankLinks(links: DiscoveredLink[]): DiscoveredLink[] {
-  const filtered = links.filter((l) => {
-    const path = new URL(l.url).pathname.toLowerCase();
-    if (SKIP_PATHS.some((skip) => path === skip || path === skip + "/"))
-      return false;
-    return true;
-  });
-  // Deduplicate by host+path pattern — keep only one of /store/123, /store/456
-  // but preserve different subdomains (shop.example.com vs admin.example.com)
-  const byPattern = new Map<string, DiscoveredLink>();
-  for (const link of filtered) {
-    const parsed = new URL(link.url);
-    // Collapse numeric/hash segments to find the pattern
-    const pathPattern = parsed.pathname
-      .replace(/\/\d+/g, "/{id}")
-      .replace(/\/[a-f0-9]{8,}/gi, "/{id}");
-    const pattern = parsed.hostname + pathPattern;
-    if (!byPattern.has(pattern)) {
-      byPattern.set(pattern, link);
-    }
-  }
-  return [...byPattern.values()].sort((a, b) => {
-    const aPath = new URL(a.url).pathname.toLowerCase();
-    const bPath = new URL(b.url).pathname.toLowerCase();
-    // High-value paths first
-    const aHighValue = HIGH_VALUE_PATTERNS.some((p) => p.test(aPath)) ? 1 : 0;
-    const bHighValue = HIGH_VALUE_PATTERNS.some((p) => p.test(bPath)) ? 1 : 0;
-    if (aHighValue !== bHighValue) return bHighValue - aHighValue;
-    // Then by depth (deeper = more specific)
-    return Math.min(b.depth, 4) - Math.min(a.depth, 4);
-  });
-}
-/** Extract internal links from the current page DOM, preserving subdomains. */
-async function discoverInternalLinks(
-  cdp: MiniCDP,
-  domain: string,
-): Promise<DiscoveredLink[]> {
-  try {
-    const result = (await cdp.send("Runtime.evaluate", {
-      expression: `
-        (function() {
-          const domain = ${JSON.stringify(domain)};
-          const seen = new Set();
-          const links = [];
-          for (const a of document.querySelectorAll('a[href]')) {
-            const href = a.getAttribute('href');
-            if (!href) continue;
-            try {
-              const url = new URL(href, location.origin);
-              if (url.hostname !== domain && !url.hostname.endsWith('.' + domain)) continue;
-              const path = url.pathname;
-              // Skip anchors, query-only links, file downloads, and trivial paths
-              if (path === '/' || path === '') continue;
-              if (path.match(/\\.(png|jpg|jpeg|gif|svg|css|js|woff|pdf|zip)$/i)) continue;
-              const key = url.origin + url.pathname;
-              if (!seen.has(key)) {
-                seen.add(key);
-                links.push({
-                  url: url.origin + url.pathname,
-                  key,
-                  depth: path.split('/').filter(Boolean).length,
-                });
-              }
-            } catch { /* skip malformed URLs */ }
-          }
-          return links;
-        })()
-      `,
-      awaitPromise: false,
-      returnByValue: true,
-    })) as { result?: { value?: DiscoveredLink[] } };
-    return result?.result?.value ?? [];
-  } catch {
-    return [];
-  }
-}
-/** Scroll the page to trigger lazy-loaded content. */
-async function scrollPage(cdp: MiniCDP): Promise<void> {
-  // Scroll in increments to trigger multiple lazy-load thresholds
-  for (let i = 0; i < 3; i++) {
-    await cdp
-      .send("Runtime.evaluate", {
-        expression: "window.scrollBy(0, 600)",
-        awaitPromise: false,
-      })
-      .catch(() => {});
-    await sleep(500);
-  }
-}
-/**
- * Click tabs, buttons, and flow-relevant elements within the current page.
- * Avoids clicking navigation links (which would navigate away).
- */
-async function clickPageTabs(cdp: MiniCDP): Promise<void> {
-  const selectors = [
-    '[role="tab"]:not(:first-child)',
-    '[role="tablist"] button:not(:first-child)',
-    "button[data-tab]",
-    '[data-testid*="tab"]',
-    'button[aria-expanded="false"]',
-  ];
-  for (const selector of selectors) {
-    await clickInPage(cdp, selector);
-    await sleep(600);
-  }
-  // Also try clicking purchase-flow buttons to trigger API calls
-  // (Add to Cart, etc. — these fire API requests even if we don't complete the flow)
-  await clickByText(cdp, "Add to Cart");
-  await clickByText(cdp, "Add to Order");
-  await clickByText(cdp, "Add Item");
-}
-/** Click a button by its visible text content. */
-async function clickByText(cdp: MiniCDP, text: string): Promise<boolean> {
-  try {
-    const result = (await cdp.send("Runtime.evaluate", {
-      expression: `
-        (function() {
-          const buttons = document.querySelectorAll('button, [role="button"]');
-          for (const btn of buttons) {
-            if (btn.textContent && btn.textContent.trim().toLowerCase().includes(${JSON.stringify(
-              text.toLowerCase(),
-            )})) {
-              btn.scrollIntoView({ block: 'center' });
-              btn.click();
-              return true;
-            }
-          }
-          return false;
-        })()
-      `,
-      awaitPromise: false,
-      returnByValue: true,
-    })) as { result?: { value?: boolean } };
-    return result?.result?.value === true;
-  } catch {
-    return false;
-  }
-}
-async function clickInPage(cdp: MiniCDP, selector: string): Promise<boolean> {
-  try {
-    const result = (await cdp.send("Runtime.evaluate", {
-      expression: `
-        (function() {
-          const el = document.querySelector(${JSON.stringify(selector)});
-          if (!el) return false;
-          el.scrollIntoView({ block: 'center' });
-          el.click();
-          return true;
-        })()
-      `,
-      awaitPromise: false,
-      returnByValue: true,
-    })) as { result?: { value?: boolean } };
-    return result?.result?.value === true;
-  } catch {
-    return false;
-  }
-}
-function sleep(ms: number): Promise<void> {
-  return new Promise((r) => setTimeout(r, ms));
-}