agent-messenger 2.1.0 → 2.2.0

package/src/platforms/discord/token-extractor.ts

@@ -34,6 +34,13 @@ interface CDPMessage {
   error?: { code: number; message: string }
 }
 
+interface BrowserConfig {
+  name: string
+  darwin: string
+  linux: string
+  win32: string
+}
+
 const TOKEN_REGEX = /[\w-]{24,}\.[\w-]{6}\.[\w-]{25,110}/
 const MFA_TOKEN_REGEX = /mfa\.[\w-]{84}/
 const ENCRYPTED_PREFIX = 'dQw4w9WgXcQ:'
@@ -55,6 +62,51 @@ const DISCORD_APP_PATHS: Record<DiscordVariant, { darwin: string }> = {
   ptb: { darwin: '/Applications/Discord PTB.app/Contents/MacOS/Discord PTB' },
 }
 
+const BROWSERS: BrowserConfig[] = [
+  {
+    name: 'Chrome',
+    darwin: join('Google', 'Chrome'),
+    linux: 'google-chrome',
+    win32: join('Google', 'Chrome', 'User Data'),
+  },
+  {
+    name: 'Chrome Canary',
+    darwin: join('Google', 'Chrome Canary'),
+    linux: 'google-chrome-unstable',
+    win32: join('Google', 'Chrome SxS', 'User Data'),
+  },
+  {
+    name: 'Edge',
+    darwin: 'Microsoft Edge',
+    linux: 'microsoft-edge',
+    win32: join('Microsoft', 'Edge', 'User Data'),
+  },
+  {
+    name: 'Arc',
+    darwin: join('Arc', 'User Data'),
+    linux: '',
+    win32: join('Arc', 'User Data'),
+  },
+  {
+    name: 'Brave',
+    darwin: join('BraveSoftware', 'Brave-Browser'),
+    linux: join('BraveSoftware', 'Brave-Browser'),
+    win32: join('BraveSoftware', 'Brave-Browser', 'User Data'),
+  },
+  {
+    name: 'Vivaldi',
+    darwin: 'Vivaldi',
+    linux: 'vivaldi',
+    win32: join('Vivaldi', 'User Data'),
+  },
+  {
+    name: 'Chromium',
+    darwin: 'Chromium',
+    linux: 'chromium',
+    win32: join('Chromium', 'User Data'),
+  },
+]
+
 export class DiscordTokenExtractor {
   private platform: NodeJS.Platform
   private startupWait: number
@@ -92,6 +144,75 @@ export class DiscordTokenExtractor {
     }
   }
 
+  getBrowserLevelDBDirs(): string[] {
+    const dirs: string[] = []
+
+    for (const browser of BROWSERS) {
+      const browserBase = this.getBrowserBasePath(browser)
+      if (!browserBase) continue
+
+      const profileDirs = this.discoverProfileDirs(browserBase)
+      for (const profileDir of profileDirs) {
+        dirs.push(join(profileDir, 'Local Storage', 'leveldb'))
+      }
+    }
+
+    return dirs
+  }
+
+  private getBrowserBasePath(browser: BrowserConfig): string | null {
+    let relative: string
+
+    switch (this.platform) {
+      case 'darwin':
+        relative = browser.darwin
+        if (!relative) return null
+        return join(homedir(), 'Library', 'Application Support', relative)
+      case 'linux':
+        relative = browser.linux
+        if (!relative) return null
+        return join(homedir(), '.config', relative)
+      case 'win32':
+        relative = browser.win32
+        if (!relative) return null
+        return join(
+          process.env.LOCALAPPDATA || join(homedir(), 'AppData', 'Local'),
+          relative,
+        )
+      default:
+        return null
+    }
+  }
+
+  private discoverProfileDirs(browserBase: string): string[] {
+    const dirs: string[] = []
+
+    dirs.push(join(browserBase, 'Default'))
+
+    if (!existsSync(browserBase)) return dirs
+
+    try {
+      const entries = readdirSync(browserBase, { withFileTypes: true })
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue
+        if (!/^Profile \d+$/i.test(entry.name)) continue
+        dirs.push(join(browserBase, entry.name))
+      }
+    } catch {}
+
+    return dirs
+  }
+
+  private findBrowserBaseDirForPath(path: string): string | null {
+    const parts = path.split(/[/\\]/)
+    for (let levels = 2; levels <= 5; levels++) {
+      if (parts.length < levels) break
+      const base = parts.slice(0, parts.length - levels).join('/')
+      if (existsSync(join(base, 'Local State'))) return base
+    }
+    return null
+  }
+
   getKeychainVariants(): KeychainVariant[] {
     return [
       // Modern Discord (lowercase)
@@ -102,6 +223,14 @@ export class DiscordTokenExtractor {
       { service: 'Discord Safe Storage', account: 'Discord' },
       { service: 'Discord Canary Safe Storage', account: 'Discord Canary' },
       { service: 'Discord PTB Safe Storage', account: 'Discord PTB' },
+      // Browser keychain entries for fallback
+      { service: 'Chrome Safe Storage', account: 'Chrome' },
+      { service: 'Chrome Canary Safe Storage', account: 'Chrome Canary' },
+      { service: 'Microsoft Edge Safe Storage', account: 'Microsoft Edge' },
+      { service: 'Arc Safe Storage', account: 'Arc' },
+      { service: 'Brave Safe Storage', account: 'Brave' },
+      { service: 'Vivaldi Safe Storage', account: 'Vivaldi' },
+      { service: 'Chromium Safe Storage', account: 'Chromium' },
     ]
   }
 
@@ -121,22 +250,34 @@ export class DiscordTokenExtractor {
     return token.startsWith(ENCRYPTED_PREFIX)
   }
 
-  async extract(): Promise<ExtractedDiscordToken | null> {
+  async extract(): Promise<ExtractedDiscordToken[]> {
     await this.loadCachedKey()
 
-    const levelDbToken = await this.extractFromLevelDB()
-    if (levelDbToken) {
-      return levelDbToken
+    const results: ExtractedDiscordToken[] = []
+    const seenTokens = new Set<string>()
+
+    for (const t of await this.extractFromLevelDB()) {
+      if (!seenTokens.has(t.token)) {
+        seenTokens.add(t.token)
+        results.push(t)
+      }
     }
 
-    if (this.platform === 'darwin') {
+    for (const t of await this.extractFromBrowserLevelDB()) {
+      if (!seenTokens.has(t.token)) {
+        seenTokens.add(t.token)
+        results.push(t)
+      }
+    }
+
+    if (results.length === 0 && this.platform === 'darwin') {
       const cdpToken = await this.tryExtractViaCDP()
-      if (cdpToken) {
-        return { token: cdpToken }
+      if (cdpToken && !seenTokens.has(cdpToken)) {
+        results.push({ token: cdpToken })
       }
     }
 
-    return null
+    return results
   }
 
   private async loadCachedKey(): Promise<void> {
@@ -175,19 +316,45 @@ export class DiscordTokenExtractor {
     return null
   }
 
-  private async extractFromLevelDB(): Promise<ExtractedDiscordToken | null> {
+  private async extractFromLevelDB(): Promise<ExtractedDiscordToken[]> {
     const dirs = this.getDiscordDirs()
+    const results: ExtractedDiscordToken[] = []
+    const seenTokens = new Set<string>()
 
     for (const dir of dirs) {
       if (!existsSync(dir)) continue
 
       const token = await this.extractFromDir(dir)
-      if (token) {
-        return { token }
+      if (token && !seenTokens.has(token)) {
+        seenTokens.add(token)
+        results.push({ token })
       }
     }
 
-    return null
+    return results
+  }
+
+  private async extractFromBrowserLevelDB(): Promise<ExtractedDiscordToken[]> {
+    const leveldbDirs = this.getBrowserLevelDBDirs()
+    const results: ExtractedDiscordToken[] = []
+    const seenTokens = new Set<string>()
+
+    for (const leveldbDir of leveldbDirs) {
+      if (!existsSync(leveldbDir)) continue
+
+      // The browser base dir contains the Local State file needed for Windows decryption
+      const browserBaseDir = this.findBrowserBaseDirForPath(leveldbDir)
+      const tokens = this.extractTokensFromLDBFiles(leveldbDir, browserBaseDir ?? leveldbDir)
+
+      for (const token of tokens) {
+        if (!seenTokens.has(token)) {
+          seenTokens.add(token)
+          results.push({ token })
+        }
+      }
+    }
+
+    return results
   }
 
   private async extractFromDir(discordDir: string): Promise<string | null> {
@@ -196,7 +363,7 @@ export class DiscordTokenExtractor {
     if (!existsSync(levelDbPath)) return null
 
     const tokens = this.extractTokensFromLDBFiles(levelDbPath, discordDir)
-    return tokens.length > 0 ? tokens[0] : null
+    return tokens.length > 0 ? tokens[0]! : null
   }
 
   private extractTokensFromLDBFiles(dbPath: string, discordDir: string): string[] {
@@ -307,11 +474,12 @@ export class DiscordTokenExtractor {
   private decryptMacToken(encryptedData: Buffer, discordDir: string): string | null {
     if (this.cachedKey) {
       const decrypted = this.decryptAESCBC(encryptedData, this.cachedKey)
-      if (decrypted) return decrypted
+      if (decrypted && this.isValidToken(decrypted)) return decrypted
     }
 
     const variant = this.getVariantFromPath(discordDir)
-    const keychainVariants = this.getKeychainVariants().filter((v) => {
+    // Try Discord-specific variants first, then fall back to all browser variants
+    const discordVariants = this.getKeychainVariants().filter((v) => {
       const lowerAccount = v.account.toLowerCase()
       if (variant === 'stable') return lowerAccount === 'discord' || lowerAccount === 'discord key'
       if (variant === 'canary') return lowerAccount === 'discord canary' || lowerAccount === 'discordcanary key'
@@ -319,7 +487,12 @@ export class DiscordTokenExtractor {
       return false
     })
 
-    for (const keychainVariant of keychainVariants) {
+    const browserVariants = this.getKeychainVariants().filter((v) => {
+      const lowerService = v.service.toLowerCase()
+      return !lowerService.includes('discord')
+    })
+
+    for (const keychainVariant of [...discordVariants, ...browserVariants]) {
       try {
         const password = execSync(
           `security find-generic-password -s "${keychainVariant.service}" -a "${keychainVariant.account}" -w 2>/dev/null`,
@@ -328,7 +501,7 @@ export class DiscordTokenExtractor {
 
         const key = pbkdf2Sync(password, 'saltysalt', 1003, 16, 'sha1')
         const decrypted = this.decryptAESCBC(encryptedData, key)
-        if (decrypted) {
+        if (decrypted && this.isValidToken(decrypted)) {
           this.cachedKey = key
           this.keyCache.set('discord', key).catch(() => {})
           return decrypted

package/src/platforms/instagram/client.ts

@@ -24,7 +24,7 @@ const DEVICE_MANUFACTURER = 'samsung'
 const DEVICE_MODEL = 'SM-S911B'
 const DEVICE_CHIPSET = 'qcom'
 
-function generateDeviceString(): string {
+export function generateDeviceString(): string {
   return `${ANDROID_VERSION}/${ANDROID_RELEASE}; ${DEVICE_DPI}; ${DEVICE_RESOLUTION}; ${DEVICE_MANUFACTURER}; ${DEVICE_MODEL}; ${DEVICE_MODEL}; ${DEVICE_CHIPSET}; en_US; ${IG_VERSION_CODE}`
 }
 
@@ -32,7 +32,7 @@ function buildUserAgent(deviceString: string): string {
   return `Instagram ${IG_VERSION} Android (${deviceString})`
 }
 
-function generateAndroidDeviceId(): string {
+export function generateAndroidDeviceId(): string {
   return `android-${randomBytes(8).toString('hex')}`
 }
 

package/src/platforms/instagram/commands/auth.ts

@@ -1,10 +1,14 @@
+import { randomUUID } from 'node:crypto'
+import { mkdir, writeFile } from 'node:fs/promises'
 import { Writable } from 'node:stream'
 
 import { Command } from 'commander'
 import { handleError } from '@/shared/utils/error-handler'
 import { formatOutput } from '@/shared/utils/output'
-import { InstagramClient } from '../client'
+import { info, warn, error as stderrError, debug } from '@/shared/utils/stderr'
+import { InstagramClient, generateAndroidDeviceId, generateDeviceString } from '../client'
 import { InstagramCredentialManager } from '../credential-manager'
+import { InstagramTokenExtractor } from '../token-extractor'
 import { createAccountId } from '../types'
 
 function isInteractive(): boolean {
@@ -88,7 +92,7 @@ async function loginAction(options: LoginOptions): Promise<void> {
         process.exit(1)
       }
       username = await promptText('Instagram username')
-      if (!username) { console.error('Username is required.'); process.exit(1) }
+      if (!username) { stderrError('Username is required.'); process.exit(1) }
     }
 
     if (!password) {
@@ -99,7 +103,7 @@ async function loginAction(options: LoginOptions): Promise<void> {
         process.exit(1)
       }
       password = await promptHidden('Password')
-      if (!password) { console.error('Password is required.'); process.exit(1) }
+      if (!password) { stderrError('Password is required.'); process.exit(1) }
     }
 
     const manager = new InstagramCredentialManager()
@@ -109,7 +113,7 @@ async function loginAction(options: LoginOptions): Promise<void> {
     const client = new InstagramClient(manager)
     client.setSessionPath(paths.session_path)
     if (options.debug) {
-      client.setDebugLog((msg) => console.error(`[debug] ${msg}`))
+      client.setDebugLog((msg) => debug(`[debug] ${msg}`))
     }
 
     const result = await client.authenticate(username, password)
@@ -118,9 +122,9 @@ async function loginAction(options: LoginOptions): Promise<void> {
       const twoFactorIdentifier = (result.twoFactorInfo?.['two_factor_identifier'] as string) ?? ''
 
       if (interactive) {
-        console.error('\n  Two-factor authentication required.')
+        info('\n  Two-factor authentication required.')
         const code = await promptText('Verification code')
-        if (!code) { console.error('Code is required.'); process.exit(1) }
+        if (!code) { stderrError('Code is required.'); process.exit(1) }
 
         const tfResult = await client.twoFactorLogin(username, code, twoFactorIdentifier)
         await saveAccountAndPrint(manager, accountId, username, tfResult.userId, options.pretty)
@@ -161,24 +165,24 @@ async function handleInteractiveChallenge(
   challengePath: string,
   pretty?: boolean,
 ): Promise<void> {
-  console.error('\n  Security challenge required by Instagram.')
-  console.error('  Choose verification method:')
-  console.error('  1. Email')
-  console.error('  2. SMS')
-  console.error('')
+  info('\n  Security challenge required by Instagram.')
+  info('  Choose verification method:')
+  info('  1. Email')
+  info('  2. SMS')
+  info('')
 
   const choice = await promptText('Method (1/2)')
   const method = choice === '2' ? 'sms' as const : 'email' as const
 
   const sendResult = await client.challengeSendCode(challengePath, method)
   if (sendResult.contactPoint) {
-    console.error(`\n  Code sent to: ${sendResult.contactPoint}`)
+    info(`\n  Code sent to: ${sendResult.contactPoint}`)
   } else {
-    console.error('\n  Verification code sent.')
+    info('\n  Verification code sent.')
   }
 
   const code = await promptText('Verification code')
-  if (!code) { console.error('Code is required.'); process.exit(1) }
+  if (!code) { stderrError('Code is required.'); process.exit(1) }
 
   const verifyResult = await client.challengeSubmitCode(challengePath, code)
   await saveAccountAndPrint(manager, accountId, username, verifyResult.userId, pretty)
@@ -322,6 +326,114 @@ async function useAction(accountId: string, options: { pretty?: boolean }): Prom
   }
 }
 
+async function extractAction(options: { pretty?: boolean; debug?: boolean }): Promise<void> {
+  try {
+    const extractor = new InstagramTokenExtractor(
+      undefined,
+      options.debug ? (msg) => debug(`[debug] ${msg}`) : undefined,
+    )
+
+    if (options.debug) {
+      debug('[debug] Searching browser profiles for Instagram cookies...')
+    }
+
+    const results = await extractor.extract()
+
+    if (results.length === 0) {
+      console.log(
+        formatOutput(
+          {
+            error: 'No Instagram cookies found in any browser. Make sure you are logged in to instagram.com in Chrome, Edge, Arc, or Brave.',
+            hint: 'Run "auth login --username <username>" to log in manually.',
+          },
+          options.pretty,
+        ),
+      )
+      process.exit(1)
+      return
+    }
+
+    const manager = new InstagramCredentialManager()
+
+    for (const extracted of results) {
+      const session = {
+        cookies: [
+          `sessionid=${extracted.sessionid}`,
+          `ds_user_id=${extracted.ds_user_id}`,
+          `csrftoken=${extracted.csrftoken}`,
+          extracted.mid ? `mid=${extracted.mid}` : null,
+          extracted.ig_did ? `ig_did=${extracted.ig_did}` : null,
+          extracted.rur ? `rur=${extracted.rur}` : null,
+        ]
+          .filter(Boolean)
+          .join('; '),
+        device: {
+          phone_id: randomUUID(),
+          uuid: randomUUID(),
+          android_device_id: generateAndroidDeviceId(),
+          advertising_id: randomUUID(),
+          client_session_id: randomUUID(),
+          device_string: generateDeviceString(),
+        },
+        user_id: extracted.ds_user_id,
+        mid: extracted.mid,
+      }
+
+      const accountId = createAccountId(extracted.ds_user_id)
+      const paths = await manager.ensureAccountPaths(accountId)
+
+      await mkdir(paths.account_dir, { recursive: true })
+      await writeFile(paths.session_path, JSON.stringify(session, null, 2), { mode: 0o600 })
+
+      const client = new InstagramClient(manager)
+      client.setSessionPath(paths.session_path)
+      if (options.debug) {
+        client.setDebugLog((msg) => debug(`[debug] ${msg}`))
+      }
+
+      await client.loadSession(paths.session_path)
+
+      let username = extracted.ds_user_id
+      try {
+        const { data } = await (client as any).request('GET', '/accounts/current_user/?edit=true')
+        const user = data['user'] as Record<string, unknown> | undefined
+        if (user?.['username']) {
+          username = user['username'] as string
+        }
+        await (client as any).saveSession()
+      } catch (err) {
+        if (options.debug) {
+          debug(`[debug] Session validation failed: ${err}`)
+        }
+        warn('Warning: Could not validate session. Cookies may be expired.')
+      }
+
+      const now = new Date().toISOString()
+      await manager.setAccount({
+        account_id: accountId,
+        username,
+        pk: extracted.ds_user_id,
+        created_at: now,
+        updated_at: now,
+      })
+      await manager.setCurrent(accountId)
+
+      console.log(
+        formatOutput(
+          {
+            authenticated: true,
+            account_id: accountId,
+            username,
+          },
+          options.pretty,
+        ),
+      )
+    }
+  } catch (error) {
+    handleError(error as Error)
+  }
+}
+
 async function logoutAction(options: { account?: string; pretty?: boolean }): Promise<void> {
   try {
     const manager = new InstagramCredentialManager()
@@ -354,6 +466,13 @@ export const authCommand = new Command('auth')
       .option('--debug', 'Show raw API responses')
       .action(loginAction),
   )
+  .addCommand(
+    new Command('extract')
+      .description('Extract Instagram cookies from browser (Chrome, Edge, Arc, Brave)')
+      .option('--pretty', 'Pretty print JSON output')
+      .option('--debug', 'Show debug output')
+      .action(extractAction),
+  )
   .addCommand(
     new Command('verify')
       .description('Complete two-factor authentication (non-interactive)')

package/src/platforms/instagram/ensure-auth.ts

@@ -1,24 +1,75 @@
+import { randomUUID } from 'node:crypto'
 import { existsSync } from 'node:fs'
+import { mkdir, writeFile } from 'node:fs/promises'
+
 import { formatOutput } from '@/shared/utils/output'
+
+import { generateAndroidDeviceId, generateDeviceString } from './client'
 import { InstagramCredentialManager } from './credential-manager'
+import { InstagramTokenExtractor } from './token-extractor'
+import { createAccountId } from './types'
 
 export async function ensureInstagramAuth(): Promise<void> {
   const manager = new InstagramCredentialManager()
   const account = await manager.getAccount()
 
-  if (!account) {
-    console.log(formatOutput({
-      error: 'Not authenticated. Run "agent-instagram auth login --username <username>" first.',
-    }))
-    process.exit(1)
+  if (account) {
+    const paths = manager.getAccountPaths(account.account_id)
+    if (existsSync(paths.session_path)) {
+      return
+    }
   }
 
-  const paths = manager.getAccountPaths(account.account_id)
+  try {
+    const extractor = new InstagramTokenExtractor()
+    const results = await extractor.extract()
+    const cookies = results[0]
 
-  if (!existsSync(paths.session_path)) {
-    console.log(formatOutput({
-      error: 'Session expired or missing. Run "agent-instagram auth login --username <username>" to re-authenticate.',
-    }))
-    process.exit(1)
-  }
+    if (cookies) {
+      const session = {
+        cookies: [
+          `sessionid=${cookies.sessionid}`,
+          `ds_user_id=${cookies.ds_user_id}`,
+          `csrftoken=${cookies.csrftoken}`,
+          cookies.mid ? `mid=${cookies.mid}` : null,
+          cookies.ig_did ? `ig_did=${cookies.ig_did}` : null,
+          cookies.rur ? `rur=${cookies.rur}` : null,
+        ]
+          .filter(Boolean)
+          .join('; '),
+        device: {
+          phone_id: randomUUID(),
+          uuid: randomUUID(),
+          android_device_id: generateAndroidDeviceId(),
+          advertising_id: randomUUID(),
+          client_session_id: randomUUID(),
+          device_string: generateDeviceString(),
+        },
+        user_id: cookies.ds_user_id,
+        mid: cookies.mid,
+      }
+
+      const accountId = createAccountId(cookies.ds_user_id)
+      const paths = await manager.ensureAccountPaths(accountId)
+
+      await mkdir(paths.account_dir, { recursive: true })
+      await writeFile(paths.session_path, JSON.stringify(session, null, 2), { mode: 0o600 })
+
+      const now = new Date().toISOString()
+      await manager.setAccount({
+        account_id: accountId,
+        username: cookies.ds_user_id,
+        pk: cookies.ds_user_id,
+        created_at: now,
+        updated_at: now,
+      })
+      await manager.setCurrent(accountId)
+      return
+    }
+  } catch {}
+
+  console.log(formatOutput({
+    error: 'Not authenticated. Run "agent-instagram auth extract" to extract from browser, or "agent-instagram auth login --username <username>" to log in.',
+  }))
+  process.exit(1)
 }

package/src/platforms/instagram/index.ts

@@ -1,6 +1,7 @@
 export { InstagramClient } from './client'
 export { InstagramCredentialManager } from './credential-manager'
 export { InstagramListener, type InstagramListenerEventMap } from './listener'
+export { InstagramTokenExtractor, type ExtractedInstagramCookies } from './token-extractor'
 export {
   createAccountId,
   extractMediaUrl,