@webhands/core 0.1.0

package/dist/session-rpc.js

@@ -0,0 +1,107 @@
+import { locator, } from './seam.js';
+/**
+ * The wire protocol for driving the long-lived session over HTTP (ADR-0005).
+ *
+ * The served process holds ONE live {@link Page} in memory; a thin client verb
+ * cannot hold a JS reference to it across the process boundary, so each verb
+ * call is sent as a small JSON request to the server, which runs it against its
+ * live page and returns the result. This module is the SINGLE source of truth
+ * for that request/response shape, imported by BOTH the server handler and the
+ * client proxy so they cannot drift (mirrors how `serializeCookies` is shared
+ * by the cookies verb and its test).
+ *
+ * It is a thin transport detail, NOT a second verb surface: every request maps
+ * 1:1 to a {@link Page} method, and the seam's verb semantics (ADR-0003/0004)
+ * are unchanged. The {@link LocatorString} brand and the structured
+ * {@link WaitCondition} cross as plain JSON and are re-branded on the server
+ * with {@link locator}; no Playwright/CDP type is ever named here.
+ */
+/** The path the session RPC is served under, below the server's base URL. */
+export const SESSION_RPC_PATH = '/session/call';
+/**
+ * Run one {@link SessionRpcRequest} against a live {@link Page}, returning the
+ * value the wire should carry back. The server's HTTP handler is just this plus
+ * JSON framing; keeping the dispatch here (not inline in the handler) means the
+ * verb-to-page mapping is in one place and unit-testable without HTTP.
+ *
+ * The locator string and wait condition arrive as plain JSON; we re-brand the
+ * locator with {@link locator} before handing it to the page so the seam's
+ * branded-string contract holds.
+ */
+export async function applySessionRpc(page, request) {
+    switch (request.verb) {
+        case 'navigate':
+            await page.navigate(request.url);
+            return undefined;
+        case 'snapshot':
+            return page.snapshot({ full: request.full });
+        case 'click':
+            await page.click(locator(request.locator));
+            return undefined;
+        case 'type':
+            await page.type(locator(request.locator), request.text);
+            return undefined;
+        case 'eval':
+            return page.eval(request.expression);
+        case 'wait':
+            await page.wait(rebrandWait(request.condition));
+            return undefined;
+        case 'cookies':
+            return page.cookies();
+        case 'setCookies':
+            await page.setCookies(request.cookies);
+            return undefined;
+    }
+}
+/**
+ * A {@link Page} whose verbs forward to a server via the supplied transport.
+ *
+ * Used by the client-side proxy (see `remote-session.ts`): each verb builds a
+ * {@link SessionRpcRequest}, hands it to `send`, and shapes the reply back into
+ * the verb's return type. The `send` function owns the actual HTTP; this keeps
+ * the verb-to-request mapping (the other half of {@link applySessionRpc}) in
+ * one place so request and response shapes cannot drift between the two sides.
+ */
+export function makeRpcPage(send) {
+    return {
+        async navigate(url) {
+            await send({ verb: 'navigate', url });
+        },
+        async snapshot(options) {
+            return (await send({
+                verb: 'snapshot',
+                full: options?.full,
+            }));
+        },
+        async click(target) {
+            await send({ verb: 'click', locator: target });
+        },
+        async type(target, text) {
+            await send({ verb: 'type', locator: target, text });
+        },
+        async eval(expression) {
+            return send({ verb: 'eval', expression });
+        },
+        async wait(condition) {
+            await send({ verb: 'wait', condition });
+        },
+        async cookies() {
+            return (await send({ verb: 'cookies' }));
+        },
+        async setCookies(cookies) {
+            await send({ verb: 'setCookies', cookies });
+        },
+    };
+}
+/**
+ * Re-brand a {@link WaitCondition} that arrived as plain JSON: only the
+ * `locator` form carries a branded string, which JSON flattens to a plain
+ * `string`, so we re-tag it before it reaches the page.
+ */
+function rebrandWait(condition) {
+    if (condition.kind === 'locator') {
+        return { kind: 'locator', target: locator(condition.target) };
+    }
+    return condition;
+}
+//# sourceMappingURL=session-rpc.js.map

package/dist/session-rpc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-rpc.js","sourceRoot":"","sources":["../src/session-rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,OAAO,GAIP,MAAM,WAAW,CAAC;AAGnB;;;;;;;;;;;;;;;;GAgBG;AAEH,6EAA6E;AAC7E,MAAM,CAAC,MAAM,gBAAgB,GAAG,eAAe,CAAC;AAuBhD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACpC,IAAU,EACV,OAA0B;IAE1B,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACtB,KAAK,UAAU;YACd,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,OAAO,SAAS,CAAC;QAClB,KAAK,UAAU;YACd,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAC,IAAI,EAAE,OAAO,CAAC,IAAI,EAAC,CAAC,CAAC;QAC5C,KAAK,OAAO;YACX,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;YAC3C,OAAO,SAAS,CAAC;QAClB,KAAK,MAAM;YACV,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YACxD,OAAO,SAAS,CAAC;QAClB,KAAK,MAAM;YACV,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACtC,KAAK,MAAM;YACV,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;YAChD,OAAO,SAAS,CAAC;QAClB,KAAK,SAAS;YACb,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACvB,KAAK,YAAY;YAChB,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,SAAS,CAAC;IACnB,CAAC;AACF,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAC1B,IAAsD;IAEtD,OAAO;QACN,KAAK,CAAC,QAAQ,CAAC,GAAG;YACjB,MAAM,IAAI,CAAC,EAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAC,CAAC,CAAC;QACrC,CAAC;QACD,KAAK,CAAC,QAAQ,CAAC,OAAO;YACrB,OAAO,CAAC,MAAM,IAAI,CAAC;gBAClB,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,OAAO,EAAE,IAAI;aACnB,CAAC,CAAa,CAAC;QACjB,CAAC;QACD,KAAK,CAAC,KAAK,CAAC,MAAM;YACjB,MAAM,IAAI,CAAC,EAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAC,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI;YACtB,MAAM,IAAI,CAAC,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;QACnD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,UAAU;YACpB,OAAO,IAAI,CAAC,EAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAC,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,SAAS;YACnB,MAAM,IAAI,CAAC,EAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAC,CAAC,CAAC;QACvC,CAAC;QACD,KAAK,CAAC,OAAO;YACZ,OAAO,CAAC,MAAM,IAAI,CAAC,EAAC,IAAI,EAAE,SAAS,EAAC,CAAC,CAAsB,CAAC;QAC7D,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,OAAO;YACvB,MAAM,IAAI,CAAC,EAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAC,CAAC,CAAC;QAC3C,CAAC;KACD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,WAAW,CAAC,SAAwB;IAC5C,IAAI,SAAS,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAClC,OAAO,EAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,EAAC,CAAC;IAC7D,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC"}

package/dist/session-server.d.ts

@@ -0,0 +1,79 @@
+import { SessionAlreadyActiveError } from './errors.js';
+import type { ProfileLocationOptions } from './profile-location.js';
+import { type SessionEndpoint } from './session-endpoint.js';
+import type { OpenTarget, Transport } from './seam.js';
+/**
+ * The long-lived host that keeps ONE browser session alive between separate CLI
+ * invocations (ADR-0005; ADR-0001's control loop made concrete).
+ *
+ * This IS the controller: it opens the single live {@link Session} ONCE through
+ * a {@link Transport} and then serves that already-live page over HTTP, so each
+ * `webhands <verb>` thin-client process drives the SAME page state
+ * (not just the on-disk profile) and exits. The browser is launched once here,
+ * never per verb. It owns three things ADR-0005 calls out:
+ *
+ * 1. **Single session.** It holds exactly one session; a second {@link open}
+ *    while one is live is a {@link SessionAlreadyActiveError}, not a second
+ *    browser.
+ * 2. **Discovery.** On start it writes its endpoint (the bound URL + pid) under
+ *    the config dir so client verbs can find it; on stop it clears that file.
+ * 3. **Explicit teardown.** {@link stop} closes the browser and stops the
+ *    listener; nothing auto-spawns and nothing auto-tears-down.
+ *
+ * The HTTP surface here is the small session RPC (`/session/call`, see
+ * `session-rpc.ts`), deliberately SEPARATE from incur's per-verb commands: a
+ * verb command opens-and-closes a session per call, which is exactly what
+ * cross-invocation persistence must NOT do. The CLI's `serve` command wraps
+ * this server; the CLI's verb commands become thin clients of it.
+ *
+ * Shared-write isolation: the endpoint file lives under the controller home
+ * root, so a {@link SessionServer} created with a temp `root`/`env` (via
+ * {@link SessionServerOptions}) writes only there, and tests assert the real
+ * `~/.webhands` is untouched.
+ */
+export interface SessionServerOptions extends ProfileLocationOptions {
+    /**
+     * The transport that opens the single live session (defaults to the caller's
+     * choice of launch/attach transport). Injectable so a test drives the server
+     * with any seam transport (e.g. a real Playwright launch against the local
+     * fixture profile) without the server hard-coding one.
+     */
+    readonly transport: Transport;
+    /**
+     * Host to bind the HTTP listener to. Defaults to loopback (`127.0.0.1`): the
+     * server is a LOCAL tool on the user's machine (PRD "Out of Scope": not a
+     * hosted service), so it never listens on a public interface.
+     */
+    readonly host?: string;
+    /** TCP port to bind. Defaults to `0` (an OS-assigned ephemeral port). */
+    readonly port?: number;
+}
+/** A running {@link SessionServer}: its advertised endpoint and how to stop it. */
+export interface RunningSessionServer {
+    /** The endpoint advertised under the config dir for client discovery. */
+    readonly endpoint: SessionEndpoint;
+    /**
+     * Tear the session down: close the browser, stop the HTTP listener, and clear
+     * the endpoint file. Idempotent.
+     */
+    stop(): Promise<void>;
+}
+/**
+ * Start the long-lived session server: open the single session via the
+ * transport, bind the HTTP listener, advertise the endpoint, and serve the
+ * session RPC. Returns once the server is live and discoverable.
+ *
+ * Enforces the single-session invariant ACROSS processes via the endpoint file:
+ * if a live endpoint is already advertised, this refuses with
+ * {@link SessionAlreadyActiveError} rather than opening a second browser. (The
+ * caller checks discovery first; this is the last-line guard.)
+ */
+export declare function startSessionServer(target: OpenTarget, options: SessionServerOptions): Promise<RunningSessionServer>;
+/**
+ * Guard the single-session invariant against double-open. The mechanism a
+ * caller actually relies on is discovery (no endpoint file ⇒ no live server);
+ * this is the explicit error a caller raises when it finds one already live and
+ * wants to refuse rather than open a second.
+ */
+export declare function sessionAlreadyActive(): SessionAlreadyActiveError;
+//# sourceMappingURL=session-server.d.ts.map

package/dist/session-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-server.d.ts","sourceRoot":"","sources":["../src/session-server.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,yBAAyB,EAAC,MAAM,aAAa,CAAC;AACtD,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,uBAAuB,CAAC;AAClE,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,uBAAuB,CAAC;AAO/B,OAAO,KAAK,EAAC,UAAU,EAAW,SAAS,EAAC,MAAM,WAAW,CAAC;AAE9D;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,WAAW,oBAAqB,SAAQ,sBAAsB;IACnE;;;;;OAKG;IACH,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,yEAAyE;IACzE,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,mFAAmF;AACnF,MAAM,WAAW,oBAAoB;IACpC,yEAAyE;IACzE,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC;;;OAGG;IACH,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,wBAAsB,kBAAkB,CACvC,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,oBAAoB,GAC3B,OAAO,CAAC,oBAAoB,CAAC,CAiD/B;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,IAAI,yBAAyB,CAEhE"}

package/dist/session-server.js

@@ -0,0 +1,141 @@
+import { createServer } from 'node:http';
+import { SessionAlreadyActiveError } from './errors.js';
+import { clearSessionEndpoint, writeSessionEndpoint, } from './session-endpoint.js';
+import { applySessionRpc, SESSION_RPC_PATH, } from './session-rpc.js';
+/**
+ * Start the long-lived session server: open the single session via the
+ * transport, bind the HTTP listener, advertise the endpoint, and serve the
+ * session RPC. Returns once the server is live and discoverable.
+ *
+ * Enforces the single-session invariant ACROSS processes via the endpoint file:
+ * if a live endpoint is already advertised, this refuses with
+ * {@link SessionAlreadyActiveError} rather than opening a second browser. (The
+ * caller checks discovery first; this is the last-line guard.)
+ */
+export async function startSessionServer(target, options) {
+    const { transport, host = '127.0.0.1', port = 0, ...location } = options;
+    // Open the ONE live session up front: the browser launches here, once.
+    const session = await transport.open(target);
+    let server;
+    try {
+        server = createServer((req, res) => {
+            handleRequest(session, req, res);
+        });
+        await listen(server, port, host);
+    }
+    catch (cause) {
+        // Binding failed after we opened the browser; do not leak the session.
+        await session.close();
+        throw cause;
+    }
+    const address = server.address();
+    if (address === null || typeof address === 'string') {
+        await stopServer(server);
+        await session.close();
+        throw new Error('session server failed to bind to a TCP port');
+    }
+    const endpoint = {
+        url: `http://${host}:${address.port}`,
+        pid: process.pid,
+    };
+    try {
+        await writeSessionEndpoint(endpoint, location);
+    }
+    catch (cause) {
+        await stopServer(server);
+        await session.close();
+        throw cause;
+    }
+    let stopped = false;
+    return {
+        endpoint,
+        async stop() {
+            if (stopped)
+                return;
+            stopped = true;
+            await clearSessionEndpoint(location);
+            await stopServer(server);
+            await session.close();
+        },
+    };
+}
+/**
+ * Guard the single-session invariant against double-open. The mechanism a
+ * caller actually relies on is discovery (no endpoint file ⇒ no live server);
+ * this is the explicit error a caller raises when it finds one already live and
+ * wants to refuse rather than open a second.
+ */
+export function sessionAlreadyActive() {
+    return new SessionAlreadyActiveError();
+}
+/** Handle one session-RPC HTTP request against the live session's page. */
+function handleRequest(session, req, res) {
+    const url = req.url ?? '/';
+    const path = url.split('?')[0];
+    if (req.method !== 'POST' || path !== SESSION_RPC_PATH) {
+        writeJson(res, 404, {
+            ok: false,
+            error: `no route for ${req.method} ${path}`,
+        });
+        return;
+    }
+    collectBody(req)
+        .then(async (body) => {
+        let request;
+        try {
+            request = JSON.parse(body);
+        }
+        catch {
+            writeJson(res, 400, { ok: false, error: 'invalid JSON request body' });
+            return;
+        }
+        try {
+            const value = await applySessionRpc(session.page, request);
+            const reply = { ok: true, value };
+            writeJson(res, 200, reply);
+        }
+        catch (cause) {
+            // A verb that throws in the page (or a closed session) maps to an
+            // ok:false reply carrying the message; the client re-throws a faithful
+            // Error so the seam's "a page throw rejects" contract holds remotely.
+            const message = cause instanceof Error ? cause.message : String(cause);
+            const reply = { ok: false, error: message };
+            writeJson(res, 200, reply);
+        }
+    })
+        .catch((cause) => {
+        const message = cause instanceof Error ? cause.message : String(cause);
+        writeJson(res, 500, { ok: false, error: message });
+    });
+}
+/** Read a request body to a string. */
+function collectBody(req) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        req.on('data', (chunk) => chunks.push(chunk));
+        req.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+        req.on('error', reject);
+    });
+}
+/** Write a JSON response with a status code. */
+function writeJson(res, status, body) {
+    res.writeHead(status, { 'content-type': 'application/json; charset=utf-8' });
+    res.end(JSON.stringify(body));
+}
+/** Promisified `server.listen`. */
+function listen(server, port, host) {
+    return new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(port, host, () => {
+            server.removeListener('error', reject);
+            resolve();
+        });
+    });
+}
+/** Promisified `server.close`. */
+function stopServer(server) {
+    return new Promise((resolve, reject) => {
+        server.close((err) => (err ? reject(err) : resolve()));
+    });
+}
+//# sourceMappingURL=session-server.js.map

package/dist/session-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-server.js","sourceRoot":"","sources":["../src/session-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAc,MAAM,WAAW,CAAC;AACpD,OAAO,EAAC,yBAAyB,EAAC,MAAM,aAAa,CAAC;AAEtD,OAAO,EACN,oBAAoB,EACpB,oBAAoB,GAEpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACN,eAAe,EACf,gBAAgB,GAGhB,MAAM,kBAAkB,CAAC;AA6D1B;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACvC,MAAkB,EAClB,OAA6B;IAE7B,MAAM,EAAC,SAAS,EAAE,IAAI,GAAG,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,GAAG,QAAQ,EAAC,GAAG,OAAO,CAAC;IAEvE,uEAAuE;IACvE,MAAM,OAAO,GAAY,MAAM,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEtD,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACJ,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAClC,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,uEAAuE;QACvE,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,KAAK,CAAC;IACb,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;IACjC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACrD,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;QACzB,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,QAAQ,GAAoB;QACjC,GAAG,EAAE,UAAU,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;QACrC,GAAG,EAAE,OAAO,CAAC,GAAG;KAChB,CAAC;IAEF,IAAI,CAAC;QACJ,MAAM,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;QACzB,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,KAAK,CAAC;IACb,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,OAAO;QACN,QAAQ;QACR,KAAK,CAAC,IAAI;YACT,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YACrC,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;YACzB,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;KACD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB;IACnC,OAAO,IAAI,yBAAyB,EAAE,CAAC;AACxC,CAAC;AAED,2EAA2E;AAC3E,SAAS,aAAa,CACrB,OAAgB,EAChB,GAAwC,EACxC,GAAuC;IAEvC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACxD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE;YACnB,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,gBAAgB,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE;SAC3C,CAAC,CAAC;QACH,OAAO;IACR,CAAC;IAED,WAAW,CAAC,GAAG,CAAC;SACd,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACpB,IAAI,OAA0B,CAAC;QAC/B,IAAI,CAAC;YACJ,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAsB,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACR,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAC,CAAC,CAAC;YACrE,OAAO;QACR,CAAC;QACD,IAAI,CAAC;YACJ,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,KAAK,GAAuB,EAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAC,CAAC;YACpD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,kEAAkE;YAClE,uEAAuE;YACvE,sEAAsE;YACtE,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,KAAK,GAAuB,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAC,CAAC;YAC9D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;IACF,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;QACzB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,uCAAuC;AACvC,SAAS,WAAW,CACnB,GAAwC;IAExC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;AACJ,CAAC;AAED,gDAAgD;AAChD,SAAS,SAAS,CACjB,GAAuC,EACvC,MAAc,EACd,IAAwB;IAExB,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,EAAC,cAAc,EAAE,iCAAiC,EAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,mCAAmC;AACnC,SAAS,MAAM,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY;IACzD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;YAC9B,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACvC,OAAO,EAAE,CAAC;QACX,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;AACJ,CAAC;AAED,kCAAkC;AAClC,SAAS,UAAU,CAAC,MAAc;IACjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACJ,CAAC"}

package/dist/setup-profile.d.ts

@@ -0,0 +1,84 @@
+import { type ProfileLocation, type ProfileLocationOptions } from './profile-location.js';
+import type { Session, Transport } from './seam.js';
+/**
+ * The headed one-time-login flow (PRD User Story 1; CONTEXT `setup-profile`;
+ * ADR-0002).
+ *
+ * `setup-profile` opens the dedicated profile in a VISIBLE (headed) browser so
+ * a human logs into a site and/or clears an anti-bot challenge ONCE. The
+ * cookies/state the human's session writes persist in the profile dir, so a
+ * later `launch --headless` against the SAME profile reuses that logged-in
+ * state without re-login.
+ *
+ * This is the orchestration layer over the launch transport, not a second
+ * transport: the launch transport refuses to launch a profile whose dir does
+ * not exist (a typed {@link MissingProfileError}, so a `launch` typo cannot
+ * spawn a blank profile). CREATING that dir is exactly `setup-profile`'s job,
+ * which is why the launch transport defers it here. So this flow:
+ *
+ * 1. resolves the dedicated profile dir (isolated to a temp root in tests,
+ *    never the real `~/.webhands`),
+ * 2. CREATES it if absent (the one place a profile dir is created), so the
+ *    profile is now "set up" for later launches,
+ * 3. opens it HEADED through the launch transport, and
+ * 4. emits a clear, actionable prompt telling the human what to do (log in /
+ *    clear the challenge, then close the window) and WHICH profile is being set
+ *    up.
+ *
+ * The verb only OPENS the window; it never types credentials or touches a
+ * credential (ADR-0002: the human does the one-time login, we never bypass it
+ * or solve CAPTCHAs). The caller holds the returned {@link Session} open for
+ * the interactive login and closes it when the human is done; on close the
+ * persistent context flushes the new state to the profile dir. The real
+ * third-party login is exercised only in the manual Kayak smoke, not here.
+ */
+/** A function that receives the headed-login prompt (one call, the full text). */
+export type PromptSink = (message: string) => void;
+/** Options for {@link setupProfile}. */
+export interface SetupProfileOptions extends ProfileLocationOptions {
+    /** Name of the dedicated profile to set up (e.g. `default`). */
+    readonly profile: string;
+    /**
+     * Where the actionable prompt is delivered. Defaults to STDERR
+     * (`console.error`), because STDOUT is reserved for the CLI's structured
+     * output envelope; the human-facing instruction is a side-channel message.
+     * Tests inject a sink to assert the prompt's content.
+     */
+    readonly onPrompt?: PromptSink;
+    /**
+     * The transport that opens the headed session. Defaults to a
+     * {@link PlaywrightLaunchTransport} bound to this flow's profile location.
+     * Injectable so the orchestration (dir creation, headed open, prompt) is
+     * testable without a real browser, and so the SAME launch transport the PRD
+     * mandates is reused rather than a parallel headed-open path.
+     */
+    readonly transport?: Transport;
+}
+/** The result of {@link setupProfile}: the live headed session + where it is. */
+export interface SetupProfileResult {
+    /**
+     * The live headed session, held OPEN for the human's interactive login. The
+     * caller closes it when the human is done; closing flushes the session state
+     * to the profile dir for a later headless launch.
+     */
+    readonly session: Session;
+    /** The resolved location of the profile that was set up. */
+    readonly location: ProfileLocation;
+}
+/**
+ * Run the headed `setup-profile` flow for {@link SetupProfileOptions.profile}.
+ *
+ * Creates the dedicated profile dir if absent, opens it headed through the
+ * launch transport, emits the actionable prompt, and returns the live session
+ * for the caller to hold open during the interactive login (see this module's
+ * overview). Does NOT close the session: holding it open IS the headed-login
+ * window, and the caller owns its lifetime.
+ */
+export declare function setupProfile(options: SetupProfileOptions): Promise<SetupProfileResult>;
+/**
+ * Compose the clear, actionable headed-login prompt (PRD acceptance: tell the
+ * user what to do AND which profile is being set up). Kept pure so a test can
+ * assert its content directly.
+ */
+export declare function buildPrompt(location: ProfileLocation): string;
+//# sourceMappingURL=setup-profile.d.ts.map

package/dist/setup-profile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-profile.d.ts","sourceRoot":"","sources":["../src/setup-profile.ts"],"names":[],"mappings":"AAEA,OAAO,EAEN,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,OAAO,EAAE,SAAS,EAAC,MAAM,WAAW,CAAC;AAElD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,kFAAkF;AAClF,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;AAEnD,wCAAwC;AACxC,MAAM,WAAW,mBAAoB,SAAQ,sBAAsB;IAClE,gEAAgE;IAChE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,UAAU,CAAC;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;CAC/B;AAED,iFAAiF;AACjF,MAAM,WAAW,kBAAkB;IAClC;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,4DAA4D;IAC5D,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;CACnC;AAED;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CACjC,OAAO,EAAE,mBAAmB,GAC1B,OAAO,CAAC,kBAAkB,CAAC,CAsB7B;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,eAAe,GAAG,MAAM,CAe7D"}

package/dist/setup-profile.js

@@ -0,0 +1,52 @@
+import { mkdir } from 'node:fs/promises';
+import { PlaywrightLaunchTransport } from './playwright-launch-transport.js';
+import { resolveProfileLocation, } from './profile-location.js';
+/**
+ * Run the headed `setup-profile` flow for {@link SetupProfileOptions.profile}.
+ *
+ * Creates the dedicated profile dir if absent, opens it headed through the
+ * launch transport, emits the actionable prompt, and returns the live session
+ * for the caller to hold open during the interactive login (see this module's
+ * overview). Does NOT close the session: holding it open IS the headed-login
+ * window, and the caller owns its lifetime.
+ */
+export async function setupProfile(options) {
+    const { profile, onPrompt, transport, ...locationOptions } = options;
+    const location = resolveProfileLocation(profile, locationOptions);
+    // Create the dedicated profile dir (idempotent). This is the ONE place a
+    // profile dir is created: the launch transport refuses a missing one with
+    // MissingProfileError precisely so `setup-profile` owns its creation.
+    await mkdir(location.profileDir, { recursive: true });
+    const driver = transport ?? new PlaywrightLaunchTransport(locationOptions);
+    // Open the profile HEADED (visible) so the human can interact with it.
+    const session = await driver.open({
+        mode: 'launch',
+        profile,
+        headed: true,
+    });
+    const sink = onPrompt ?? ((m) => console.error(m));
+    sink(buildPrompt(location));
+    return { session, location };
+}
+/**
+ * Compose the clear, actionable headed-login prompt (PRD acceptance: tell the
+ * user what to do AND which profile is being set up). Kept pure so a test can
+ * assert its content directly.
+ */
+export function buildPrompt(location) {
+    return [
+        `Setting up the "${location.profile}" profile for webhands.`,
+        `Profile directory: ${location.profileDir}`,
+        '',
+        'A browser window is now open. In that window:',
+        '  1. Log in to the site(s) you want this profile to stay signed in to.',
+        '  2. Clear any anti-bot challenge / CAPTCHA if one appears.',
+        '  3. When you are done, CLOSE the browser window.',
+        '',
+        'Your session (cookies, logins, challenge clearance) is saved into the',
+        'profile directory above, so a later `launch --headless` against the same',
+        'profile reuses it without re-login. Nobody but you types your credentials:',
+        'this tool only opens the window.',
+    ].join('\n');
+}
+//# sourceMappingURL=setup-profile.js.map

package/dist/setup-profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-profile.js","sourceRoot":"","sources":["../src/setup-profile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAC,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAC,yBAAyB,EAAC,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EACN,sBAAsB,GAGtB,MAAM,uBAAuB,CAAC;AAwE/B;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CACjC,OAA4B;IAE5B,MAAM,EAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,eAAe,EAAC,GAAG,OAAO,CAAC;IACnE,MAAM,QAAQ,GAAG,sBAAsB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAElE,yEAAyE;IACzE,0EAA0E;IAC1E,sEAAsE;IACtE,MAAM,KAAK,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAG,SAAS,IAAI,IAAI,yBAAyB,CAAC,eAAe,CAAC,CAAC;IAE3E,uEAAuE;IACvE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC;QACjC,IAAI,EAAE,QAAQ;QACd,OAAO;QACP,MAAM,EAAE,IAAI;KACZ,CAAC,CAAC;IAEH,MAAM,IAAI,GAAe,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE5B,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,QAAyB;IACpD,OAAO;QACN,mBAAmB,QAAQ,CAAC,OAAO,yBAAyB;QAC5D,sBAAsB,QAAQ,CAAC,UAAU,EAAE;QAC3C,EAAE;QACF,+CAA+C;QAC/C,wEAAwE;QACxE,6DAA6D;QAC7D,mDAAmD;QACnD,EAAE;QACF,uEAAuE;QACvE,0EAA0E;QAC1E,4EAA4E;QAC5E,kCAAkC;KAClC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACd,CAAC"}

package/dist/stub-transport.d.ts

@@ -0,0 +1,26 @@
+import type { OpenTarget, Page, Session, Transport } from './seam.js';
+/**
+ * A record of one verb call against the stub, for assertions in seam tests.
+ */
+export interface StubCall {
+    readonly verb: keyof Page;
+    readonly args: readonly unknown[];
+}
+/**
+ * An in-process, no-op {@link Transport} used to exercise the SEAM SHAPE
+ * without a real browser. It is NOT the Playwright transport (that lands in a
+ * later task) and implements no real verb behaviour: every verb is a no-op
+ * that records the call so a unit test can assert an `open` -> `Session` ->
+ * verb round-trip through the `core` `Driver` interface.
+ *
+ * Session lifetime: a session lives from {@link StubTransport.open} until its
+ * {@link Session.close} is called. After `close()` the page rejects further
+ * verb calls, mirroring the real "the browser is gone" contract so the seam's
+ * lifetime is testable.
+ */
+export declare class StubTransport implements Transport {
+    /** Every verb call across every session this transport opened, in order. */
+    readonly calls: StubCall[];
+    open(target: OpenTarget): Promise<Session>;
+}
+//# sourceMappingURL=stub-transport.d.ts.map

package/dist/stub-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stub-transport.d.ts","sourceRoot":"","sources":["../src/stub-transport.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEX,UAAU,EACV,IAAI,EACJ,OAAO,EAGP,SAAS,EAET,MAAM,WAAW,CAAC;AAEnB;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,SAAS,OAAO,EAAE,CAAC;CAClC;AAED;;;;;;;;;;;GAWG;AACH,qBAAa,aAAc,YAAW,SAAS;IAC9C,4EAA4E;IAC5E,QAAQ,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAM;IAE1B,IAAI,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;CAgEhD"}

package/dist/stub-transport.js

@@ -0,0 +1,76 @@
+/**
+ * An in-process, no-op {@link Transport} used to exercise the SEAM SHAPE
+ * without a real browser. It is NOT the Playwright transport (that lands in a
+ * later task) and implements no real verb behaviour: every verb is a no-op
+ * that records the call so a unit test can assert an `open` -> `Session` ->
+ * verb round-trip through the `core` `Driver` interface.
+ *
+ * Session lifetime: a session lives from {@link StubTransport.open} until its
+ * {@link Session.close} is called. After `close()` the page rejects further
+ * verb calls, mirroring the real "the browser is gone" contract so the seam's
+ * lifetime is testable.
+ */
+export class StubTransport {
+    /** Every verb call across every session this transport opened, in order. */
+    calls = [];
+    async open(target) {
+        const calls = this.calls;
+        let closed = false;
+        const ensureOpen = () => {
+            if (closed) {
+                throw new Error('session is closed');
+            }
+        };
+        const url = target.mode === 'launch'
+            ? `stub://launch/${target.profile}`
+            : `stub://attach/${target.endpoint}`;
+        const page = {
+            async navigate(to) {
+                ensureOpen();
+                calls.push({ verb: 'navigate', args: [to] });
+            },
+            async snapshot(options) {
+                ensureOpen();
+                calls.push({ verb: 'snapshot', args: [options] });
+                return {
+                    url,
+                    view: options?.full === true ? 'full' : 'accessibility',
+                    content: '',
+                };
+            },
+            async click(t) {
+                ensureOpen();
+                calls.push({ verb: 'click', args: [t] });
+            },
+            async type(t, text) {
+                ensureOpen();
+                calls.push({ verb: 'type', args: [t, text] });
+            },
+            async eval(expression) {
+                ensureOpen();
+                calls.push({ verb: 'eval', args: [expression] });
+                return undefined;
+            },
+            async wait(condition) {
+                ensureOpen();
+                calls.push({ verb: 'wait', args: [condition] });
+            },
+            async cookies() {
+                ensureOpen();
+                calls.push({ verb: 'cookies', args: [] });
+                return [];
+            },
+            async setCookies(cookies) {
+                ensureOpen();
+                calls.push({ verb: 'setCookies', args: [cookies] });
+            },
+        };
+        return {
+            page,
+            async close() {
+                closed = true;
+            },
+        };
+    }
+}
+//# sourceMappingURL=stub-transport.js.map

package/dist/stub-transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stub-transport.js","sourceRoot":"","sources":["../src/stub-transport.ts"],"names":[],"mappings":"AAmBA;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,aAAa;IACzB,4EAA4E;IACnE,KAAK,GAAe,EAAE,CAAC;IAEhC,KAAK,CAAC,IAAI,CAAC,MAAkB;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,MAAM,GAAG,KAAK,CAAC;QAEnB,MAAM,UAAU,GAAG,GAAG,EAAE;YACvB,IAAI,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YACtC,CAAC;QACF,CAAC,CAAC;QAEF,MAAM,GAAG,GACR,MAAM,CAAC,IAAI,KAAK,QAAQ;YACvB,CAAC,CAAC,iBAAiB,MAAM,CAAC,OAAO,EAAE;YACnC,CAAC,CAAC,iBAAiB,MAAM,CAAC,QAAQ,EAAE,CAAC;QAEvC,MAAM,IAAI,GAAS;YAClB,KAAK,CAAC,QAAQ,CAAC,EAAU;gBACxB,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAC,CAAC,CAAC;YAC5C,CAAC;YACD,KAAK,CAAC,QAAQ,CAAC,OAAyB;gBACvC,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAC,CAAC,CAAC;gBAChD,OAAO;oBACN,GAAG;oBACH,IAAI,EAAE,OAAO,EAAE,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe;oBACvD,OAAO,EAAE,EAAE;iBACX,CAAC;YACH,CAAC;YACD,KAAK,CAAC,KAAK,CAAC,CAAC;gBACZ,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAC,CAAC,CAAC;YACxC,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI;gBACjB,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,EAAC,CAAC,CAAC;YAC7C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,UAAkB;gBAC5B,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,UAAU,CAAC,EAAC,CAAC,CAAC;gBAC/C,OAAO,SAAS,CAAC;YAClB,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,SAAwB;gBAClC,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAC,CAAC,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,OAAO;gBACZ,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAC,CAAC,CAAC;gBACxC,OAAO,EAAE,CAAC;YACX,CAAC;YACD,KAAK,CAAC,UAAU,CAAC,OAAO;gBACvB,UAAU,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAC,CAAC,CAAC;YACnD,CAAC;SACD,CAAC;QAEF,OAAO;YACN,IAAI;YACJ,KAAK,CAAC,KAAK;gBACV,MAAM,GAAG,IAAI,CAAC;YACf,CAAC;SACD,CAAC;IACH,CAAC;CACD"}

package/dist/test-fixtures/fixture-pages.d.ts

@@ -0,0 +1,12 @@
+/**
+ * The controlled static fixture pages served by {@link startFixtureServer}.
+ *
+ * Kept as in-module strings (rather than separate `.html` assets) so they
+ * survive `tsc` compilation into `dist` without a copy step, and so the
+ * deterministic verb tests have a single source of truth for the markup they
+ * assert against. Later verb-behaviour tasks extend these pages with whatever
+ * controlled elements they need; the seam scaffold ships a minimal index page.
+ */
+/** Map of request path (relative to root, no leading slash) to page markup. */
+export declare const FIXTURE_PAGES: Readonly<Record<string, string>>;
+//# sourceMappingURL=fixture-pages.d.ts.map

package/dist/test-fixtures/fixture-pages.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fixture-pages.d.ts","sourceRoot":"","sources":["../../src/test-fixtures/fixture-pages.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAiMH,+EAA+E;AAC/E,eAAO,MAAM,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAO1D,CAAC"}