@webhands/core 0.1.0

package/src/session-server.ts

@@ -0,0 +1,231 @@
+import {createServer, type Server} from 'node:http';
+import {SessionAlreadyActiveError} from './errors.js';
+import type {ProfileLocationOptions} from './profile-location.js';
+import {
+	clearSessionEndpoint,
+	writeSessionEndpoint,
+	type SessionEndpoint,
+} from './session-endpoint.js';
+import {
+	applySessionRpc,
+	SESSION_RPC_PATH,
+	type SessionRpcRequest,
+	type SessionRpcResponse,
+} from './session-rpc.js';
+import type {OpenTarget, Session, Transport} from './seam.js';
+
+/**
+ * The long-lived host that keeps ONE browser session alive between separate CLI
+ * invocations (ADR-0005; ADR-0001's control loop made concrete).
+ *
+ * This IS the controller: it opens the single live {@link Session} ONCE through
+ * a {@link Transport} and then serves that already-live page over HTTP, so each
+ * `webhands <verb>` thin-client process drives the SAME page state
+ * (not just the on-disk profile) and exits. The browser is launched once here,
+ * never per verb. It owns three things ADR-0005 calls out:
+ *
+ * 1. **Single session.** It holds exactly one session; a second {@link open}
+ *    while one is live is a {@link SessionAlreadyActiveError}, not a second
+ *    browser.
+ * 2. **Discovery.** On start it writes its endpoint (the bound URL + pid) under
+ *    the config dir so client verbs can find it; on stop it clears that file.
+ * 3. **Explicit teardown.** {@link stop} closes the browser and stops the
+ *    listener; nothing auto-spawns and nothing auto-tears-down.
+ *
+ * The HTTP surface here is the small session RPC (`/session/call`, see
+ * `session-rpc.ts`), deliberately SEPARATE from incur's per-verb commands: a
+ * verb command opens-and-closes a session per call, which is exactly what
+ * cross-invocation persistence must NOT do. The CLI's `serve` command wraps
+ * this server; the CLI's verb commands become thin clients of it.
+ *
+ * Shared-write isolation: the endpoint file lives under the controller home
+ * root, so a {@link SessionServer} created with a temp `root`/`env` (via
+ * {@link SessionServerOptions}) writes only there, and tests assert the real
+ * `~/.webhands` is untouched.
+ */
+export interface SessionServerOptions extends ProfileLocationOptions {
+	/**
+	 * The transport that opens the single live session (defaults to the caller's
+	 * choice of launch/attach transport). Injectable so a test drives the server
+	 * with any seam transport (e.g. a real Playwright launch against the local
+	 * fixture profile) without the server hard-coding one.
+	 */
+	readonly transport: Transport;
+	/**
+	 * Host to bind the HTTP listener to. Defaults to loopback (`127.0.0.1`): the
+	 * server is a LOCAL tool on the user's machine (PRD "Out of Scope": not a
+	 * hosted service), so it never listens on a public interface.
+	 */
+	readonly host?: string;
+	/** TCP port to bind. Defaults to `0` (an OS-assigned ephemeral port). */
+	readonly port?: number;
+}
+
+/** A running {@link SessionServer}: its advertised endpoint and how to stop it. */
+export interface RunningSessionServer {
+	/** The endpoint advertised under the config dir for client discovery. */
+	readonly endpoint: SessionEndpoint;
+	/**
+	 * Tear the session down: close the browser, stop the HTTP listener, and clear
+	 * the endpoint file. Idempotent.
+	 */
+	stop(): Promise<void>;
+}
+
+/**
+ * Start the long-lived session server: open the single session via the
+ * transport, bind the HTTP listener, advertise the endpoint, and serve the
+ * session RPC. Returns once the server is live and discoverable.
+ *
+ * Enforces the single-session invariant ACROSS processes via the endpoint file:
+ * if a live endpoint is already advertised, this refuses with
+ * {@link SessionAlreadyActiveError} rather than opening a second browser. (The
+ * caller checks discovery first; this is the last-line guard.)
+ */
+export async function startSessionServer(
+	target: OpenTarget,
+	options: SessionServerOptions,
+): Promise<RunningSessionServer> {
+	const {transport, host = '127.0.0.1', port = 0, ...location} = options;
+
+	// Open the ONE live session up front: the browser launches here, once.
+	const session: Session = await transport.open(target);
+
+	let server: Server;
+	try {
+		server = createServer((req, res) => {
+			handleRequest(session, req, res);
+		});
+		await listen(server, port, host);
+	} catch (cause) {
+		// Binding failed after we opened the browser; do not leak the session.
+		await session.close();
+		throw cause;
+	}
+
+	const address = server.address();
+	if (address === null || typeof address === 'string') {
+		await stopServer(server);
+		await session.close();
+		throw new Error('session server failed to bind to a TCP port');
+	}
+
+	const endpoint: SessionEndpoint = {
+		url: `http://${host}:${address.port}`,
+		pid: process.pid,
+	};
+
+	try {
+		await writeSessionEndpoint(endpoint, location);
+	} catch (cause) {
+		await stopServer(server);
+		await session.close();
+		throw cause;
+	}
+
+	let stopped = false;
+	return {
+		endpoint,
+		async stop() {
+			if (stopped) return;
+			stopped = true;
+			await clearSessionEndpoint(location);
+			await stopServer(server);
+			await session.close();
+		},
+	};
+}
+
+/**
+ * Guard the single-session invariant against double-open. The mechanism a
+ * caller actually relies on is discovery (no endpoint file ⇒ no live server);
+ * this is the explicit error a caller raises when it finds one already live and
+ * wants to refuse rather than open a second.
+ */
+export function sessionAlreadyActive(): SessionAlreadyActiveError {
+	return new SessionAlreadyActiveError();
+}
+
+/** Handle one session-RPC HTTP request against the live session's page. */
+function handleRequest(
+	session: Session,
+	req: import('node:http').IncomingMessage,
+	res: import('node:http').ServerResponse,
+): void {
+	const url = req.url ?? '/';
+	const path = url.split('?')[0];
+	if (req.method !== 'POST' || path !== SESSION_RPC_PATH) {
+		writeJson(res, 404, {
+			ok: false,
+			error: `no route for ${req.method} ${path}`,
+		});
+		return;
+	}
+
+	collectBody(req)
+		.then(async (body) => {
+			let request: SessionRpcRequest;
+			try {
+				request = JSON.parse(body) as SessionRpcRequest;
+			} catch {
+				writeJson(res, 400, {ok: false, error: 'invalid JSON request body'});
+				return;
+			}
+			try {
+				const value = await applySessionRpc(session.page, request);
+				const reply: SessionRpcResponse = {ok: true, value};
+				writeJson(res, 200, reply);
+			} catch (cause) {
+				// A verb that throws in the page (or a closed session) maps to an
+				// ok:false reply carrying the message; the client re-throws a faithful
+				// Error so the seam's "a page throw rejects" contract holds remotely.
+				const message = cause instanceof Error ? cause.message : String(cause);
+				const reply: SessionRpcResponse = {ok: false, error: message};
+				writeJson(res, 200, reply);
+			}
+		})
+		.catch((cause: unknown) => {
+			const message = cause instanceof Error ? cause.message : String(cause);
+			writeJson(res, 500, {ok: false, error: message});
+		});
+}
+
+/** Read a request body to a string. */
+function collectBody(
+	req: import('node:http').IncomingMessage,
+): Promise<string> {
+	return new Promise((resolve, reject) => {
+		const chunks: Buffer[] = [];
+		req.on('data', (chunk: Buffer) => chunks.push(chunk));
+		req.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+		req.on('error', reject);
+	});
+}
+
+/** Write a JSON response with a status code. */
+function writeJson(
+	res: import('node:http').ServerResponse,
+	status: number,
+	body: SessionRpcResponse,
+): void {
+	res.writeHead(status, {'content-type': 'application/json; charset=utf-8'});
+	res.end(JSON.stringify(body));
+}
+
+/** Promisified `server.listen`. */
+function listen(server: Server, port: number, host: string): Promise<void> {
+	return new Promise((resolve, reject) => {
+		server.once('error', reject);
+		server.listen(port, host, () => {
+			server.removeListener('error', reject);
+			resolve();
+		});
+	});
+}
+
+/** Promisified `server.close`. */
+function stopServer(server: Server): Promise<void> {
+	return new Promise((resolve, reject) => {
+		server.close((err) => (err ? reject(err) : resolve()));
+	});
+}

package/src/setup-profile.ts

@@ -0,0 +1,134 @@
+import {mkdir} from 'node:fs/promises';
+import {PlaywrightLaunchTransport} from './playwright-launch-transport.js';
+import {
+	resolveProfileLocation,
+	type ProfileLocation,
+	type ProfileLocationOptions,
+} from './profile-location.js';
+import type {Session, Transport} from './seam.js';
+
+/**
+ * The headed one-time-login flow (PRD User Story 1; CONTEXT `setup-profile`;
+ * ADR-0002).
+ *
+ * `setup-profile` opens the dedicated profile in a VISIBLE (headed) browser so
+ * a human logs into a site and/or clears an anti-bot challenge ONCE. The
+ * cookies/state the human's session writes persist in the profile dir, so a
+ * later `launch --headless` against the SAME profile reuses that logged-in
+ * state without re-login.
+ *
+ * This is the orchestration layer over the launch transport, not a second
+ * transport: the launch transport refuses to launch a profile whose dir does
+ * not exist (a typed {@link MissingProfileError}, so a `launch` typo cannot
+ * spawn a blank profile). CREATING that dir is exactly `setup-profile`'s job,
+ * which is why the launch transport defers it here. So this flow:
+ *
+ * 1. resolves the dedicated profile dir (isolated to a temp root in tests,
+ *    never the real `~/.webhands`),
+ * 2. CREATES it if absent (the one place a profile dir is created), so the
+ *    profile is now "set up" for later launches,
+ * 3. opens it HEADED through the launch transport, and
+ * 4. emits a clear, actionable prompt telling the human what to do (log in /
+ *    clear the challenge, then close the window) and WHICH profile is being set
+ *    up.
+ *
+ * The verb only OPENS the window; it never types credentials or touches a
+ * credential (ADR-0002: the human does the one-time login, we never bypass it
+ * or solve CAPTCHAs). The caller holds the returned {@link Session} open for
+ * the interactive login and closes it when the human is done; on close the
+ * persistent context flushes the new state to the profile dir. The real
+ * third-party login is exercised only in the manual Kayak smoke, not here.
+ */
+
+/** A function that receives the headed-login prompt (one call, the full text). */
+export type PromptSink = (message: string) => void;
+
+/** Options for {@link setupProfile}. */
+export interface SetupProfileOptions extends ProfileLocationOptions {
+	/** Name of the dedicated profile to set up (e.g. `default`). */
+	readonly profile: string;
+	/**
+	 * Where the actionable prompt is delivered. Defaults to STDERR
+	 * (`console.error`), because STDOUT is reserved for the CLI's structured
+	 * output envelope; the human-facing instruction is a side-channel message.
+	 * Tests inject a sink to assert the prompt's content.
+	 */
+	readonly onPrompt?: PromptSink;
+	/**
+	 * The transport that opens the headed session. Defaults to a
+	 * {@link PlaywrightLaunchTransport} bound to this flow's profile location.
+	 * Injectable so the orchestration (dir creation, headed open, prompt) is
+	 * testable without a real browser, and so the SAME launch transport the PRD
+	 * mandates is reused rather than a parallel headed-open path.
+	 */
+	readonly transport?: Transport;
+}
+
+/** The result of {@link setupProfile}: the live headed session + where it is. */
+export interface SetupProfileResult {
+	/**
+	 * The live headed session, held OPEN for the human's interactive login. The
+	 * caller closes it when the human is done; closing flushes the session state
+	 * to the profile dir for a later headless launch.
+	 */
+	readonly session: Session;
+	/** The resolved location of the profile that was set up. */
+	readonly location: ProfileLocation;
+}
+
+/**
+ * Run the headed `setup-profile` flow for {@link SetupProfileOptions.profile}.
+ *
+ * Creates the dedicated profile dir if absent, opens it headed through the
+ * launch transport, emits the actionable prompt, and returns the live session
+ * for the caller to hold open during the interactive login (see this module's
+ * overview). Does NOT close the session: holding it open IS the headed-login
+ * window, and the caller owns its lifetime.
+ */
+export async function setupProfile(
+	options: SetupProfileOptions,
+): Promise<SetupProfileResult> {
+	const {profile, onPrompt, transport, ...locationOptions} = options;
+	const location = resolveProfileLocation(profile, locationOptions);
+
+	// Create the dedicated profile dir (idempotent). This is the ONE place a
+	// profile dir is created: the launch transport refuses a missing one with
+	// MissingProfileError precisely so `setup-profile` owns its creation.
+	await mkdir(location.profileDir, {recursive: true});
+
+	const driver = transport ?? new PlaywrightLaunchTransport(locationOptions);
+
+	// Open the profile HEADED (visible) so the human can interact with it.
+	const session = await driver.open({
+		mode: 'launch',
+		profile,
+		headed: true,
+	});
+
+	const sink: PromptSink = onPrompt ?? ((m) => console.error(m));
+	sink(buildPrompt(location));
+
+	return {session, location};
+}
+
+/**
+ * Compose the clear, actionable headed-login prompt (PRD acceptance: tell the
+ * user what to do AND which profile is being set up). Kept pure so a test can
+ * assert its content directly.
+ */
+export function buildPrompt(location: ProfileLocation): string {
+	return [
+		`Setting up the "${location.profile}" profile for webhands.`,
+		`Profile directory: ${location.profileDir}`,
+		'',
+		'A browser window is now open. In that window:',
+		'  1. Log in to the site(s) you want this profile to stay signed in to.',
+		'  2. Clear any anti-bot challenge / CAPTCHA if one appears.',
+		'  3. When you are done, CLOSE the browser window.',
+		'',
+		'Your session (cookies, logins, challenge clearance) is saved into the',
+		'profile directory above, so a later `launch --headless` against the same',
+		'profile reuses it without re-login. Nobody but you types your credentials:',
+		'this tool only opens the window.',
+	].join('\n');
+}

package/src/stub-transport.ts

@@ -0,0 +1,100 @@
+import type {
+	Cookie,
+	OpenTarget,
+	Page,
+	Session,
+	Snapshot,
+	SnapshotOptions,
+	Transport,
+	WaitCondition,
+} from './seam.js';
+
+/**
+ * A record of one verb call against the stub, for assertions in seam tests.
+ */
+export interface StubCall {
+	readonly verb: keyof Page;
+	readonly args: readonly unknown[];
+}
+
+/**
+ * An in-process, no-op {@link Transport} used to exercise the SEAM SHAPE
+ * without a real browser. It is NOT the Playwright transport (that lands in a
+ * later task) and implements no real verb behaviour: every verb is a no-op
+ * that records the call so a unit test can assert an `open` -> `Session` ->
+ * verb round-trip through the `core` `Driver` interface.
+ *
+ * Session lifetime: a session lives from {@link StubTransport.open} until its
+ * {@link Session.close} is called. After `close()` the page rejects further
+ * verb calls, mirroring the real "the browser is gone" contract so the seam's
+ * lifetime is testable.
+ */
+export class StubTransport implements Transport {
+	/** Every verb call across every session this transport opened, in order. */
+	readonly calls: StubCall[] = [];
+
+	async open(target: OpenTarget): Promise<Session> {
+		const calls = this.calls;
+		let closed = false;
+
+		const ensureOpen = () => {
+			if (closed) {
+				throw new Error('session is closed');
+			}
+		};
+
+		const url =
+			target.mode === 'launch'
+				? `stub://launch/${target.profile}`
+				: `stub://attach/${target.endpoint}`;
+
+		const page: Page = {
+			async navigate(to: string): Promise<void> {
+				ensureOpen();
+				calls.push({verb: 'navigate', args: [to]});
+			},
+			async snapshot(options?: SnapshotOptions): Promise<Snapshot> {
+				ensureOpen();
+				calls.push({verb: 'snapshot', args: [options]});
+				return {
+					url,
+					view: options?.full === true ? 'full' : 'accessibility',
+					content: '',
+				};
+			},
+			async click(t): Promise<void> {
+				ensureOpen();
+				calls.push({verb: 'click', args: [t]});
+			},
+			async type(t, text): Promise<void> {
+				ensureOpen();
+				calls.push({verb: 'type', args: [t, text]});
+			},
+			async eval(expression: string): Promise<unknown> {
+				ensureOpen();
+				calls.push({verb: 'eval', args: [expression]});
+				return undefined;
+			},
+			async wait(condition: WaitCondition): Promise<void> {
+				ensureOpen();
+				calls.push({verb: 'wait', args: [condition]});
+			},
+			async cookies(): Promise<readonly Cookie[]> {
+				ensureOpen();
+				calls.push({verb: 'cookies', args: []});
+				return [];
+			},
+			async setCookies(cookies): Promise<void> {
+				ensureOpen();
+				calls.push({verb: 'setCookies', args: [cookies]});
+			},
+		};
+
+		return {
+			page,
+			async close(): Promise<void> {
+				closed = true;
+			},
+		};
+	}
+}

package/src/test-fixtures/fixture-pages.ts

@@ -0,0 +1,210 @@
+/**
+ * The controlled static fixture pages served by {@link startFixtureServer}.
+ *
+ * Kept as in-module strings (rather than separate `.html` assets) so they
+ * survive `tsc` compilation into `dist` without a copy step, and so the
+ * deterministic verb tests have a single source of truth for the markup they
+ * assert against. Later verb-behaviour tasks extend these pages with whatever
+ * controlled elements they need; the seam scaffold ships a minimal index page.
+ */
+
+const INDEX = `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>webhands fixture</title>
+	</head>
+	<body>
+		<h1 id="heading">Fixture Page</h1>
+		<p id="status">ready</p>
+		<input id="query" type="text" aria-label="Query" />
+		<button id="search" type="button">Search</button>
+	</body>
+</html>
+`;
+
+/**
+ * A page whose content is rendered LATE, client-side: the "Loaded" heading and a
+ * marker element are injected by script ~150ms after the `load` event fires, the
+ * way an XHR-rendered price or a hydrated result list appears AFTER the document
+ * itself has settled. So the `load`-settled `goto` returns BEFORE this content
+ * exists, and only `wait({kind: 'locator'})` (PRD story 10) makes a reader block
+ * until it does. The delay is deterministic (driven by `setTimeout` against the
+ * fixture's own clock, not a network round-trip), so the wait-for-selector test
+ * is not flaky.
+ */
+const DELAYED_CONTENT = `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>delayed content fixture</title>
+	</head>
+	<body>
+		<h1 id="heading">Loading…</h1>
+		<div id="results"></div>
+		<script>
+			window.setTimeout(function () {
+				document.getElementById('heading').textContent = 'Loaded';
+				var el = document.createElement('p');
+				el.id = 'late';
+				el.setAttribute('aria-label', 'Late Content');
+				el.textContent = 'late content rendered';
+				document.getElementById('results').appendChild(el);
+			}, 150);
+		</script>
+	</body>
+</html>
+`;
+
+/**
+ * A page exercising the `click` and `type` verbs (PRD story 8).
+ *
+ * - `#search` is a VISIBLE button; clicking it runs its handler, which writes
+ *   `clicked` into `#status`. A normal `click()` (actionability-checked)
+ *   handles this path.
+ * - `#query` is a VISIBLE text input the `type` verb fills.
+ * - `#hidden-toggle` is a HIDDEN custom control (`display:none`), the case the
+ *   prd calls out: a normal `click()` AUTO-WAITS for the element to become
+ *   visible/actionable and TIMES OUT, because it never does. The verb's escape
+ *   path DISPATCHES a click event (no actionability check); the handler then
+ *   sets `#hidden-state` to `toggled`, so the test can assert the dispatch path
+ *   actually fired the element's behaviour (not merely that it did not throw).
+ */
+const CLICK_TYPE = `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>click + type fixture</title>
+	</head>
+	<body>
+		<h1 id="heading">Click + Type Fixture</h1>
+		<p id="status">idle</p>
+		<input id="query" type="text" aria-label="Query" />
+		<button id="search" type="button">Search</button>
+
+		<!-- A hidden custom control: a normal click times out (never actionable);
+		     only a dispatched click fires its handler. -->
+		<div id="hidden-toggle" role="button" aria-label="Hidden Toggle" style="display: none"></div>
+		<p id="hidden-state">untoggled</p>
+
+		<script>
+			document.getElementById('search').addEventListener('click', function () {
+				document.getElementById('status').textContent = 'clicked';
+			});
+			document
+				.getElementById('hidden-toggle')
+				.addEventListener('click', function () {
+					document.getElementById('hidden-state').textContent = 'toggled';
+				});
+		</script>
+	</body>
+</html>
+`;
+
+/**
+ * A page that NAVIGATES itself to `index.html` ~150ms after load, the way a
+ * landing/redirect page bounces to the real destination. `goto` here settles on
+ * THIS page's `load`; only `wait({kind: 'navigation'})` (PRD story 10) blocks
+ * until the subsequent navigation has settled, after which a reader is on
+ * `index.html`. Deterministic (a `setTimeout`-driven `location.assign`), so the
+ * wait-for-navigation test is not flaky.
+ */
+const REDIRECTING = `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>redirecting fixture</title>
+	</head>
+	<body>
+		<h1 id="heading">Redirecting…</h1>
+		<script>
+			window.setTimeout(function () {
+				window.location.assign('/index.html');
+			}, 150);
+		</script>
+	</body>
+</html>
+`;
+
+/**
+ * A page carrying controlled, deterministic state for the `eval` verb (PRD
+ * story 9) to read back. The escape-hatch tests evaluate expressions against
+ * THIS fixture's own state and assert the serialized result, never against
+ * third-party DOM (PRD "Testing Decisions"):
+ *
+ * - `#marker` holds a known text the verb can read.
+ * - `window.__fixture` is a known object graph (a number, a string, a nested
+ *   array) so an object result can be asserted by value.
+ * - `window.__fixtureAsync()` resolves to a known value after a tick, so the
+ *   Promise-awaiting behaviour of `eval` is exercised on the fixture's own
+ *   clock (deterministic, not a network round-trip).
+ * - `window.__fixtureCircular` is a circular structure, the controlled case for
+ *   asserting that the transport's structured clone PRESERVES circular refs (a
+ *   `[Circular]` marker) rather than throwing, unlike a JSON-based encoding.
+ */
+const EVAL = `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>eval fixture</title>
+	</head>
+	<body>
+		<h1 id="heading">Eval Fixture</h1>
+		<p id="marker">marker-value</p>
+		<script>
+			window.__fixture = {
+				count: 42,
+				label: 'fixture-label',
+				nested: [1, 2, 3],
+			};
+			window.__fixtureAsync = function () {
+				return new Promise(function (resolve) {
+					window.setTimeout(function () {
+						resolve('async-resolved');
+					}, 10);
+				});
+			};
+			var circular = {};
+			circular.self = circular;
+			window.__fixtureCircular = circular;
+		</script>
+	</body>
+</html>
+`;
+
+/**
+ * A page that SETS its own cookies client-side on load (PRD story 11), so the
+ * `cookies export`/`cookies import` round-trip exports cookies the PAGE
+ * created (not only ones seeded through the seam) and re-imports them into a
+ * fresh context. Two cookies make the round-trip meaningful: a session-like
+ * value and a second name, so the test asserts the whole set crosses, not just
+ * one. `document.cookie` writes are visible to the browser context's cookie
+ * store, which is exactly what the seam's `cookies()` reads.
+ */
+const COOKIES = `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>cookies fixture</title>
+	</head>
+	<body>
+		<h1 id="heading">Cookies Fixture</h1>
+		<p id="status">setting cookies</p>
+		<script>
+			document.cookie = 'mbc_session=session-value-123; path=/';
+			document.cookie = 'mbc_pref=dark-mode; path=/';
+			document.getElementById('status').textContent = 'cookies set';
+		</script>
+	</body>
+</html>
+`;
+
+/** Map of request path (relative to root, no leading slash) to page markup. */
+export const FIXTURE_PAGES: Readonly<Record<string, string>> = {
+	'index.html': INDEX,
+	'click-type.html': CLICK_TYPE,
+	'delayed.html': DELAYED_CONTENT,
+	'redirecting.html': REDIRECTING,
+	'eval.html': EVAL,
+	'cookies.html': COOKIES,
+};