npm - agent-messenger - Versions diffs - 2.1.0 → 2.3.0 - Mend

agent-messenger 2.1.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (217) hide show

package/.claude-plugin/plugin.json +1 -1
package/.env.template +35 -17
package/README.md +7 -7
package/bun.lock +31 -7
package/dist/package.json +5 -3
package/dist/src/platforms/channeltalk/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/channeltalk/commands/auth.js +35 -28
package/dist/src/platforms/channeltalk/commands/auth.js.map +1 -1
package/dist/src/platforms/channeltalk/ensure-auth.js +6 -6
package/dist/src/platforms/channeltalk/ensure-auth.js.map +1 -1
package/dist/src/platforms/channeltalk/token-extractor.d.ts +23 -1
package/dist/src/platforms/channeltalk/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/channeltalk/token-extractor.js +299 -29
package/dist/src/platforms/channeltalk/token-extractor.js.map +1 -1
package/dist/src/platforms/discord/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/discord/commands/auth.js +57 -49
package/dist/src/platforms/discord/commands/auth.js.map +1 -1
package/dist/src/platforms/discord/ensure-auth.js +3 -3
package/dist/src/platforms/discord/ensure-auth.js.map +1 -1
package/dist/src/platforms/discord/token-extractor.d.ts +6 -1
package/dist/src/platforms/discord/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/discord/token-extractor.js +167 -14
package/dist/src/platforms/discord/token-extractor.js.map +1 -1
package/dist/src/platforms/instagram/client.d.ts +2 -0
package/dist/src/platforms/instagram/client.d.ts.map +1 -1
package/dist/src/platforms/instagram/client.js +2 -2
package/dist/src/platforms/instagram/client.js.map +1 -1
package/dist/src/platforms/instagram/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/instagram/commands/auth.js +107 -14
package/dist/src/platforms/instagram/commands/auth.js.map +1 -1
package/dist/src/platforms/instagram/ensure-auth.d.ts.map +1 -1
package/dist/src/platforms/instagram/ensure-auth.js +57 -11
package/dist/src/platforms/instagram/ensure-auth.js.map +1 -1
package/dist/src/platforms/instagram/index.d.ts +1 -0
package/dist/src/platforms/instagram/index.d.ts.map +1 -1
package/dist/src/platforms/instagram/index.js +1 -0
package/dist/src/platforms/instagram/index.js.map +1 -1
package/dist/src/platforms/instagram/token-extractor.d.ts +44 -0
package/dist/src/platforms/instagram/token-extractor.d.ts.map +1 -0
package/dist/src/platforms/instagram/token-extractor.js +407 -0
package/dist/src/platforms/instagram/token-extractor.js.map +1 -0
package/dist/src/platforms/kakaotalk/client.d.ts.map +1 -1
package/dist/src/platforms/kakaotalk/client.js +2 -1
package/dist/src/platforms/kakaotalk/client.js.map +1 -1
package/dist/src/platforms/kakaotalk/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/kakaotalk/commands/auth.js +14 -13
package/dist/src/platforms/kakaotalk/commands/auth.js.map +1 -1
package/dist/src/platforms/kakaotalk/protocol/connection.d.ts.map +1 -1
package/dist/src/platforms/kakaotalk/protocol/connection.js +2 -1
package/dist/src/platforms/kakaotalk/protocol/connection.js.map +1 -1
package/dist/src/platforms/line/client.d.ts.map +1 -1
package/dist/src/platforms/line/client.js +36 -9
package/dist/src/platforms/line/client.js.map +1 -1
package/dist/src/platforms/line/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/line/commands/auth.js +6 -5
package/dist/src/platforms/line/commands/auth.js.map +1 -1
package/dist/src/platforms/slack/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/slack/commands/auth.js +11 -10
package/dist/src/platforms/slack/commands/auth.js.map +1 -1
package/dist/src/platforms/slack/token-extractor.d.ts +9 -0
package/dist/src/platforms/slack/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/slack/token-extractor.js +300 -23
package/dist/src/platforms/slack/token-extractor.js.map +1 -1
package/dist/src/platforms/teams/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/teams/commands/auth.js +9 -8
package/dist/src/platforms/teams/commands/auth.js.map +1 -1
package/dist/src/platforms/teams/ensure-auth.d.ts.map +1 -1
package/dist/src/platforms/teams/ensure-auth.js +2 -1
package/dist/src/platforms/teams/ensure-auth.js.map +1 -1
package/dist/src/platforms/teams/token-extractor.d.ts +5 -0
package/dist/src/platforms/teams/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/teams/token-extractor.js +161 -29
package/dist/src/platforms/teams/token-extractor.js.map +1 -1
package/dist/src/platforms/telegram/client.d.ts.map +1 -1
package/dist/src/platforms/telegram/client.js +25 -7
package/dist/src/platforms/telegram/client.js.map +1 -1
package/dist/src/platforms/telegram/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/telegram/commands/auth.js +6 -5
package/dist/src/platforms/telegram/commands/auth.js.map +1 -1
package/dist/src/platforms/webex/client.d.ts +12 -0
package/dist/src/platforms/webex/client.d.ts.map +1 -1
package/dist/src/platforms/webex/client.js +168 -1
package/dist/src/platforms/webex/client.js.map +1 -1
package/dist/src/platforms/webex/commands/auth.d.ts +4 -0
package/dist/src/platforms/webex/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/webex/commands/auth.js +50 -4
package/dist/src/platforms/webex/commands/auth.js.map +1 -1
package/dist/src/platforms/webex/credential-manager.js +1 -1
package/dist/src/platforms/webex/credential-manager.js.map +1 -1
package/dist/src/platforms/webex/encryption.d.ts +10 -0
package/dist/src/platforms/webex/encryption.d.ts.map +1 -0
package/dist/src/platforms/webex/encryption.js +49 -0
package/dist/src/platforms/webex/encryption.js.map +1 -0
package/dist/src/platforms/webex/ensure-auth.d.ts.map +1 -1
package/dist/src/platforms/webex/ensure-auth.js +25 -5
package/dist/src/platforms/webex/ensure-auth.js.map +1 -1
package/dist/src/platforms/webex/index.d.ts +2 -0
package/dist/src/platforms/webex/index.d.ts.map +1 -1
package/dist/src/platforms/webex/index.js +1 -0
package/dist/src/platforms/webex/index.js.map +1 -1
package/dist/src/platforms/webex/token-extractor.d.ts +29 -0
package/dist/src/platforms/webex/token-extractor.d.ts.map +1 -0
package/dist/src/platforms/webex/token-extractor.js +393 -0
package/dist/src/platforms/webex/token-extractor.js.map +1 -0
package/dist/src/platforms/webex/types.d.ts +8 -1
package/dist/src/platforms/webex/types.d.ts.map +1 -1
package/dist/src/platforms/webex/types.js +4 -1
package/dist/src/platforms/webex/types.js.map +1 -1
package/dist/src/platforms/whatsapp/client.d.ts.map +1 -1
package/dist/src/platforms/whatsapp/client.js +6 -2
package/dist/src/platforms/whatsapp/client.js.map +1 -1
package/dist/src/shared/utils/derived-key-cache.d.ts +1 -1
package/dist/src/shared/utils/derived-key-cache.d.ts.map +1 -1
package/dist/src/shared/utils/error-handler.d.ts +1 -1
package/dist/src/shared/utils/error-handler.d.ts.map +1 -1
package/dist/src/shared/utils/error-handler.js +3 -2
package/dist/src/shared/utils/error-handler.js.map +1 -1
package/dist/src/shared/utils/stderr.d.ts +5 -0
package/dist/src/shared/utils/stderr.d.ts.map +1 -0
package/dist/src/shared/utils/stderr.js +18 -0
package/dist/src/shared/utils/stderr.js.map +1 -0
package/docs/content/docs/cli/channeltalk.mdx +7 -7
package/docs/content/docs/cli/discord.mdx +3 -3
package/docs/content/docs/cli/instagram.mdx +28 -6
package/docs/content/docs/cli/slack.mdx +2 -2
package/docs/content/docs/cli/teams.mdx +6 -4
package/docs/content/docs/cli/webex.mdx +32 -11
package/e2e/README.md +132 -8
package/e2e/channeltalk.e2e.test.ts +2 -7
package/e2e/channeltalkbot.e2e.test.ts +2 -6
package/e2e/config.ts +172 -10
package/e2e/helpers.ts +7 -0
package/e2e/instagram.e2e.test.ts +97 -0
package/e2e/kakaotalk.e2e.test.ts +74 -0
package/e2e/line.e2e.test.ts +92 -0
package/e2e/teams.e2e.test.ts +46 -1
package/e2e/telegram.e2e.test.ts +84 -0
package/e2e/webex.e2e.test.ts +190 -0
package/e2e/whatsapp.e2e.test.ts +90 -0
package/e2e/whatsappbot.e2e.test.ts +78 -0
package/package.json +5 -3
package/skills/agent-channeltalk/SKILL.md +9 -9
package/skills/agent-channeltalk/references/authentication.md +21 -18
package/skills/agent-channeltalkbot/SKILL.md +1 -1
package/skills/agent-discord/SKILL.md +5 -5
package/skills/agent-discord/references/authentication.md +8 -8
package/skills/agent-discordbot/SKILL.md +1 -1
package/skills/agent-instagram/SKILL.md +51 -9
package/skills/agent-instagram/references/authentication.md +35 -3
package/skills/agent-kakaotalk/SKILL.md +1 -1
package/skills/agent-line/SKILL.md +1 -1
package/skills/agent-slack/SKILL.md +5 -5
package/skills/agent-slack/references/authentication.md +8 -8
package/skills/agent-slackbot/SKILL.md +1 -1
package/skills/agent-teams/SKILL.md +6 -6
package/skills/agent-teams/references/authentication.md +8 -8
package/skills/agent-telegram/SKILL.md +1 -1
package/skills/agent-webex/SKILL.md +35 -15
package/skills/agent-webex/references/authentication.md +63 -9
package/skills/agent-webex/references/common-patterns.md +6 -3
package/skills/agent-whatsapp/SKILL.md +1 -1
package/skills/agent-whatsappbot/SKILL.md +1 -1
package/src/platforms/channeltalk/commands/auth.test.ts +5 -5
package/src/platforms/channeltalk/commands/auth.ts +38 -32
package/src/platforms/channeltalk/ensure-auth.test.ts +6 -6
package/src/platforms/channeltalk/ensure-auth.ts +6 -6
package/src/platforms/channeltalk/token-extractor.test.ts +182 -15
package/src/platforms/channeltalk/token-extractor.ts +344 -30
package/src/platforms/discord/commands/auth.test.ts +3 -3
package/src/platforms/discord/commands/auth.ts +58 -54
package/src/platforms/discord/ensure-auth.test.ts +3 -3
package/src/platforms/discord/ensure-auth.ts +3 -3
package/src/platforms/discord/token-extractor.test.ts +199 -27
package/src/platforms/discord/token-extractor.ts +190 -17
package/src/platforms/instagram/client.ts +2 -2
package/src/platforms/instagram/commands/auth.ts +133 -14
package/src/platforms/instagram/ensure-auth.ts +63 -12
package/src/platforms/instagram/index.ts +1 -0
package/src/platforms/instagram/token-extractor.test.ts +424 -0
package/src/platforms/instagram/token-extractor.ts +478 -0
package/src/platforms/kakaotalk/client.ts +3 -1
package/src/platforms/kakaotalk/commands/auth.ts +14 -13
package/src/platforms/kakaotalk/protocol/connection.ts +3 -1
package/src/platforms/line/client.ts +39 -14
package/src/platforms/line/commands/auth.ts +7 -6
package/src/platforms/slack/cli.test.ts +6 -5
package/src/platforms/slack/commands/auth.test.ts +11 -7
package/src/platforms/slack/commands/auth.ts +11 -10
package/src/platforms/slack/token-extractor.test.ts +98 -1
package/src/platforms/slack/token-extractor.ts +338 -26
package/src/platforms/teams/commands/auth.ts +9 -8
package/src/platforms/teams/ensure-auth.ts +3 -1
package/src/platforms/teams/token-extractor.test.ts +136 -17
package/src/platforms/teams/token-extractor.ts +182 -31
package/src/platforms/telegram/client.test.ts +134 -0
package/src/platforms/telegram/client.ts +27 -6
package/src/platforms/telegram/commands/auth.ts +6 -5
package/src/platforms/webex/client.test.ts +314 -0
package/src/platforms/webex/client.ts +231 -1
package/src/platforms/webex/commands/auth.ts +71 -4
package/src/platforms/webex/commands/member.test.ts +10 -1
package/src/platforms/webex/commands/message.test.ts +9 -5
package/src/platforms/webex/commands/snapshot.test.ts +13 -4
package/src/platforms/webex/commands/space.test.ts +12 -2
package/src/platforms/webex/credential-manager.ts +1 -1
package/src/platforms/webex/encryption.ts +53 -0
package/src/platforms/webex/ensure-auth.test.ts +4 -0
package/src/platforms/webex/ensure-auth.ts +27 -4
package/src/platforms/webex/index.ts +2 -0
package/src/platforms/webex/token-extractor.test.ts +327 -0
package/src/platforms/webex/token-extractor.ts +460 -0
package/src/platforms/webex/types.ts +8 -2
package/src/platforms/webex/typings/node-jose.d.ts +27 -0
package/src/platforms/whatsapp/client.ts +11 -7
package/src/shared/utils/derived-key-cache.ts +1 -1
package/src/shared/utils/error-handler.ts +4 -2
package/src/shared/utils/stderr.ts +22 -0

package/src/platforms/instagram/token-extractor.test.ts ADDED Viewed

@@ -0,0 +1,424 @@
+import { beforeEach, describe, expect, spyOn, test } from 'bun:test'
+import { homedir } from 'node:os'
+import { join } from 'node:path'
+import { InstagramTokenExtractor } from './token-extractor'
+describe('InstagramTokenExtractor', () => {
+  let extractor: InstagramTokenExtractor
+  beforeEach(() => {
+    extractor = new InstagramTokenExtractor()
+  })
+  describe('getBrowserCookiesPaths', () => {
+    test('returns darwin paths for all browsers on macOS', () => {
+      const darwinExtractor = new InstagramTokenExtractor('darwin')
+      const paths = darwinExtractor.getBrowserCookiesPaths()
+      const base = join(homedir(), 'Library', 'Application Support')
+      expect(paths).toContain(join(base, 'Google', 'Chrome', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'Google', 'Chrome', 'Default', 'Network', 'Cookies'))
+      expect(paths).toContain(join(base, 'Microsoft Edge', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'Arc', 'User Data', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'BraveSoftware', 'Brave-Browser', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'Vivaldi', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'Chromium', 'Default', 'Cookies'))
+    })
+    test('returns linux paths for supported browsers', () => {
+      const linuxExtractor = new InstagramTokenExtractor('linux')
+      const paths = linuxExtractor.getBrowserCookiesPaths()
+      const base = join(homedir(), '.config')
+      expect(paths).toContain(join(base, 'google-chrome', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'microsoft-edge', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'BraveSoftware', 'Brave-Browser', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'vivaldi', 'Default', 'Cookies'))
+      expect(paths).toContain(join(base, 'chromium', 'Default', 'Cookies'))
+    })
+    test('returns win32 paths for all browsers on Windows', () => {
+      const winExtractor = new InstagramTokenExtractor('win32')
+      const paths = winExtractor.getBrowserCookiesPaths()
+      const localAppData = process.env.LOCALAPPDATA || join(homedir(), 'AppData', 'Local')
+      expect(paths).toContain(join(localAppData, 'Google', 'Chrome', 'User Data', 'Default', 'Cookies'))
+      expect(paths).toContain(join(localAppData, 'Microsoft', 'Edge', 'User Data', 'Default', 'Cookies'))
+      expect(paths).toContain(join(localAppData, 'BraveSoftware', 'Brave-Browser', 'User Data', 'Default', 'Cookies'))
+    })
+    test('returns empty array for unsupported platform', () => {
+      const unsupportedExtractor = new InstagramTokenExtractor('freebsd' as NodeJS.Platform)
+      const paths = unsupportedExtractor.getBrowserCookiesPaths()
+      expect(paths).toEqual([])
+    })
+    test('includes Network/Cookies variant paths', () => {
+      const darwinExtractor = new InstagramTokenExtractor('darwin')
+      const paths = darwinExtractor.getBrowserCookiesPaths()
+      const base = join(homedir(), 'Library', 'Application Support')
+      expect(paths).toContain(join(base, 'Google', 'Chrome', 'Default', 'Network', 'Cookies'))
+    })
+  })
+  describe('getLocalStatePaths', () => {
+    test('returns darwin Local State paths for all browsers', () => {
+      const darwinExtractor = new InstagramTokenExtractor('darwin')
+      const paths = darwinExtractor.getLocalStatePaths()
+      const base = join(homedir(), 'Library', 'Application Support')
+      expect(paths).toContain(join(base, 'Google', 'Chrome', 'Local State'))
+      expect(paths).toContain(join(base, 'Microsoft Edge', 'Local State'))
+      expect(paths).toContain(join(base, 'BraveSoftware', 'Brave-Browser', 'Local State'))
+    })
+    test('returns linux Local State paths for supported browsers', () => {
+      const linuxExtractor = new InstagramTokenExtractor('linux')
+      const paths = linuxExtractor.getLocalStatePaths()
+      const base = join(homedir(), '.config')
+      expect(paths).toContain(join(base, 'google-chrome', 'Local State'))
+      expect(paths).toContain(join(base, 'microsoft-edge', 'Local State'))
+    })
+    test('returns win32 Local State paths for all browsers', () => {
+      const winExtractor = new InstagramTokenExtractor('win32')
+      const paths = winExtractor.getLocalStatePaths()
+      const localAppData = process.env.LOCALAPPDATA || join(homedir(), 'AppData', 'Local')
+      expect(paths).toContain(join(localAppData, 'Google', 'Chrome', 'User Data', 'Local State'))
+      expect(paths).toContain(join(localAppData, 'Microsoft', 'Edge', 'User Data', 'Local State'))
+    })
+  })
+  describe('getKeychainVariants', () => {
+    test('returns all Chromium browser keychain variants', () => {
+      expect(extractor.getKeychainVariants()).toEqual([
+        { service: 'Chrome Safe Storage', account: 'Chrome' },
+        { service: 'Chrome Canary Safe Storage', account: 'Chrome Canary' },
+        { service: 'Microsoft Edge Safe Storage', account: 'Microsoft Edge' },
+        { service: 'Arc Safe Storage', account: 'Arc' },
+        { service: 'Brave Safe Storage', account: 'Brave' },
+        { service: 'Vivaldi Safe Storage', account: 'Vivaldi' },
+        { service: 'Chromium Safe Storage', account: 'Chromium' },
+      ])
+    })
+  })
+  describe('isEncryptedValue', () => {
+    test('detects v10 encrypted values', () => {
+      const encrypted = Buffer.from('v10encrypted_data')
+      expect(extractor.isEncryptedValue(encrypted)).toBe(true)
+    })
+    test('detects v11 encrypted values', () => {
+      const encrypted = Buffer.from('v11encrypted_data')
+      expect(extractor.isEncryptedValue(encrypted)).toBe(true)
+    })
+    test('rejects non-encrypted values', () => {
+      const plain = Buffer.from('plain_text')
+      expect(extractor.isEncryptedValue(plain)).toBe(false)
+    })
+    test('rejects empty buffers', () => {
+      const empty = Buffer.alloc(0)
+      expect(extractor.isEncryptedValue(empty)).toBe(false)
+    })
+    test('rejects short buffers under 4 bytes', () => {
+      const short = Buffer.from('v1')
+      expect(extractor.isEncryptedValue(short)).toBe(false)
+    })
+  })
+  describe('isValidSessionId', () => {
+    test('accepts session IDs of 20 or more chars', () => {
+      const valid = 'abcdefghijklmnopqrstu'
+      expect(extractor.isValidSessionId(valid)).toBe(true)
+    })
+    test('accepts long session IDs', () => {
+      const valid = 'a'.repeat(100)
+      expect(extractor.isValidSessionId(valid)).toBe(true)
+    })
+    test('rejects session IDs shorter than 20 chars', () => {
+      expect(extractor.isValidSessionId('short')).toBe(false)
+    })
+    test('rejects empty string', () => {
+      expect(extractor.isValidSessionId('')).toBe(false)
+    })
+    test('rejects null and undefined', () => {
+      expect(extractor.isValidSessionId(null as unknown as string)).toBe(false)
+      expect(extractor.isValidSessionId(undefined as unknown as string)).toBe(false)
+    })
+  })
+  describe('extract', () => {
+    test('returns empty array when no cookie paths exist', async () => {
+      const linuxExtractor = new InstagramTokenExtractor('linux')
+      const spy = spyOn(linuxExtractor as any, 'copyAndExtract').mockResolvedValue(null)
+      const result = await linuxExtractor.extract()
+      expect(result).toEqual([])
+      spy.mockRestore()
+    })
+    test('returns extracted cookies when found', async () => {
+      const mockCookies = {
+        sessionid: 'a'.repeat(25),
+        ds_user_id: '12345678',
+        csrftoken: 'abc123',
+        mid: 'some_mid_value',
+      }
+      const linuxExtractor = new InstagramTokenExtractor('linux')
+      const getBrowserCookiesPathsSpy = spyOn(linuxExtractor, 'getBrowserCookiesPaths').mockReturnValue([
+        '/fake/path/Cookies',
+      ])
+      const existsSyncSpy = spyOn(
+        await import('node:fs'),
+        'existsSync',
+      ).mockReturnValue(true)
+      const copyAndExtractSpy = spyOn(linuxExtractor as any, 'copyAndExtract').mockResolvedValue(mockCookies)
+      const result = await linuxExtractor.extract()
+      expect(result).toEqual([mockCookies])
+      getBrowserCookiesPathsSpy.mockRestore()
+      existsSyncSpy.mockRestore()
+      copyAndExtractSpy.mockRestore()
+    })
+    test('tries next path when first fails', async () => {
+      const mockCookies = {
+        sessionid: 'a'.repeat(25),
+        ds_user_id: '12345678',
+        csrftoken: 'abc123',
+      }
+      const darwinExtractor = new InstagramTokenExtractor('darwin')
+      const getBrowserCookiesPathsSpy = spyOn(darwinExtractor, 'getBrowserCookiesPaths').mockReturnValue([
+        '/fake/path1/Cookies',
+        '/fake/path2/Cookies',
+      ])
+      const existsSyncSpy = spyOn(
+        await import('node:fs'),
+        'existsSync',
+      ).mockReturnValue(true)
+      const copyAndExtractSpy = spyOn(darwinExtractor as any, 'copyAndExtract')
+        .mockResolvedValueOnce(null)
+        .mockResolvedValueOnce(mockCookies)
+      const result = await darwinExtractor.extract()
+      expect(copyAndExtractSpy).toHaveBeenCalledTimes(2)
+      expect(result).toEqual([mockCookies])
+      getBrowserCookiesPathsSpy.mockRestore()
+      existsSyncSpy.mockRestore()
+      copyAndExtractSpy.mockRestore()
+    })
+    test('returns multiple entries when different ds_user_id values found across profiles', async () => {
+      const mockCookies1 = {
+        sessionid: 'a'.repeat(25),
+        ds_user_id: '11111111',
+        csrftoken: 'token1',
+      }
+      const mockCookies2 = {
+        sessionid: 'b'.repeat(25),
+        ds_user_id: '22222222',
+        csrftoken: 'token2',
+      }
+      const linuxExtractor = new InstagramTokenExtractor('linux')
+      const getBrowserCookiesPathsSpy = spyOn(linuxExtractor, 'getBrowserCookiesPaths').mockReturnValue([
+        '/fake/profile1/Cookies',
+        '/fake/profile2/Cookies',
+      ])
+      const existsSyncSpy = spyOn(
+        await import('node:fs'),
+        'existsSync',
+      ).mockReturnValue(true)
+      const copyAndExtractSpy = spyOn(linuxExtractor as any, 'copyAndExtract')
+        .mockResolvedValueOnce(mockCookies1)
+        .mockResolvedValueOnce(mockCookies2)
+      const result = await linuxExtractor.extract()
+      expect(result).toHaveLength(2)
+      expect(result[0]?.ds_user_id).toBe('11111111')
+      expect(result[1]?.ds_user_id).toBe('22222222')
+      getBrowserCookiesPathsSpy.mockRestore()
+      existsSyncSpy.mockRestore()
+      copyAndExtractSpy.mockRestore()
+    })
+    test('deduplicates entries with the same ds_user_id across profiles', async () => {
+      const mockCookies = {
+        sessionid: 'a'.repeat(25),
+        ds_user_id: '12345678',
+        csrftoken: 'abc123',
+      }
+      const linuxExtractor = new InstagramTokenExtractor('linux')
+      const getBrowserCookiesPathsSpy = spyOn(linuxExtractor, 'getBrowserCookiesPaths').mockReturnValue([
+        '/fake/profile1/Cookies',
+        '/fake/profile2/Cookies',
+      ])
+      const existsSyncSpy = spyOn(
+        await import('node:fs'),
+        'existsSync',
+      ).mockReturnValue(true)
+      const copyAndExtractSpy = spyOn(linuxExtractor as any, 'copyAndExtract').mockResolvedValue(mockCookies)
+      const result = await linuxExtractor.extract()
+      expect(result).toHaveLength(1)
+      expect(result[0]?.ds_user_id).toBe('12345678')
+      getBrowserCookiesPathsSpy.mockRestore()
+      existsSyncSpy.mockRestore()
+      copyAndExtractSpy.mockRestore()
+    })
+  })
+  describe('copyAndExtract', () => {
+    test('returns null when copy fails due to locked database', async () => {
+      const darwinExtractor = new InstagramTokenExtractor('darwin')
+      const copyFileSpy = spyOn(darwinExtractor as any, 'copyDatabaseToTemp').mockImplementation(() => {
+        throw new Error('EBUSY: resource busy or locked')
+      })
+      const result = await (darwinExtractor as any).copyAndExtract('/path/to/Cookies')
+      expect(result).toBeNull()
+      copyFileSpy.mockRestore()
+    })
+    test('cleans up temp file after extraction', async () => {
+      const darwinExtractor = new InstagramTokenExtractor('darwin')
+      const copyFileSpy = spyOn(darwinExtractor as any, 'copyDatabaseToTemp').mockReturnValue('/tmp/test-cookies')
+      const extractSpy = spyOn(darwinExtractor as any, 'extractFromSQLite').mockResolvedValue(null)
+      const cleanupSpy = spyOn(darwinExtractor as any, 'cleanupTempFile').mockImplementation(() => {})
+      await (darwinExtractor as any).copyAndExtract('/path/to/Cookies')
+      expect(copyFileSpy).toHaveBeenCalled()
+      expect(cleanupSpy).toHaveBeenCalled()
+      copyFileSpy.mockRestore()
+      extractSpy.mockRestore()
+      cleanupSpy.mockRestore()
+    })
+  })
+  describe('decryption', () => {
+    describe('decryptAESGCM', () => {
+      test('returns null for data too short for AES-GCM', () => {
+        const invalidData = Buffer.from('too_short')
+        const key = Buffer.alloc(32, 0)
+        const result = (extractor as any).decryptAESGCM(invalidData, key)
+        expect(result).toBeNull()
+      })
+      test('returns null when AES-GCM decryption fails with wrong key', () => {
+        const fakeEncrypted = Buffer.concat([
+          Buffer.from('v10'),
+          Buffer.alloc(12, 1),
+          Buffer.alloc(20, 2),
+          Buffer.alloc(16, 3),
+        ])
+        const key = Buffer.alloc(32, 0)
+        const result = (extractor as any).decryptAESGCM(fakeEncrypted, key)
+        expect(result).toBeNull()
+      })
+    })
+    describe('decryptAESCBC', () => {
+      test('strips 32-byte non-printable integrity hash prefix (Chromium v130+)', () => {
+        // given — AES-128-CBC encrypted buffer where decrypted result has a 32-byte non-printable prefix
+        const { createCipheriv, pbkdf2Sync } = require('node:crypto')
+        const key = pbkdf2Sync('peanuts', 'saltysalt', 1, 16, 'sha1')
+        const iv = Buffer.alloc(16, 0x20)
+        const actualValue = 'test-session-id-value-for-hash-stripping'
+        const prefix = Buffer.alloc(32, 0x01) // 32 bytes of non-printable (0x01 < 0x20)
+        const plaintext = Buffer.concat([prefix, Buffer.from(actualValue)])
+        const cipher = createCipheriv('aes-128-cbc', key, iv)
+        const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()])
+        const encrypted = Buffer.concat([Buffer.from('v10'), ciphertext])
+        // when
+        const result = (extractor as any).decryptAESCBC(encrypted, key)
+        // then
+        expect(result).toBe(actualValue)
+      })
+      test('returns plaintext as-is when no non-printable prefix detected', () => {
+        // given — AES-128-CBC encrypted buffer without integrity hash prefix
+        const { createCipheriv, pbkdf2Sync } = require('node:crypto')
+        const key = pbkdf2Sync('peanuts', 'saltysalt', 1, 16, 'sha1')
+        const iv = Buffer.alloc(16, 0x20)
+        const plainValue = 'normal-cookie-value-no-prefix'
+        const cipher = createCipheriv('aes-128-cbc', key, iv)
+        const ciphertext = Buffer.concat([cipher.update(plainValue, 'utf8'), cipher.final()])
+        const encrypted = Buffer.concat([Buffer.from('v10'), ciphertext])
+        // when
+        const result = (extractor as any).decryptAESCBC(encrypted, key)
+        // then
+        expect(result).toBe(plainValue)
+      })
+    })
+    describe('getKeychainPassword on macOS', () => {
+      test('tries multiple keychain variants until one succeeds', () => {
+        const darwinExtractor = new InstagramTokenExtractor('darwin')
+        const execSyncSpy = spyOn(darwinExtractor as any, 'execSecurityCommand')
+          .mockReturnValueOnce(null)
+          .mockReturnValueOnce('test_password')
+        const result = (darwinExtractor as any).getKeychainPassword()
+        expect(execSyncSpy).toHaveBeenCalledTimes(2)
+        expect(result).toBe('test_password')
+        execSyncSpy.mockRestore()
+      })
+      test('returns null when all keychain variants fail', () => {
+        const darwinExtractor = new InstagramTokenExtractor('darwin')
+        const execSyncSpy = spyOn(darwinExtractor as any, 'execSecurityCommand').mockReturnValue(null)
+        const result = (darwinExtractor as any).getKeychainPassword()
+        expect(result).toBeNull()
+        execSyncSpy.mockRestore()
+      })
+    })
+  })
+  describe('SQLite extraction', () => {
+    test('returns null when database path does not exist', async () => {
+      const result = await (extractor as any).extractFromSQLite('/nonexistent/path', '/nonexistent/path')
+      expect(result).toBeNull()
+    })
+    test('returns null when extraction throws', async () => {
+      const result = await (extractor as any).extractFromSQLite('/dev/null', '/dev/null')
+      expect(result).toBeNull()
+    })
+  })
+})