agent-messenger 2.23.6 → 2.24.1

package/src/platforms/slack/index.test.ts

@@ -12,6 +12,8 @@ import {
   SlackUserSchema,
   WorkspaceCredentialsSchema,
   ConfigSchema,
+  decodeSlackQr,
+  loginWithQr,
 } from '@/platforms/slack/index'
 
 it('SlackClient is exported from barrel', () => {
@@ -57,3 +59,11 @@ it('WorkspaceCredentialsSchema is exported from barrel', () => {
 it('ConfigSchema is exported from barrel', () => {
   expect(typeof ConfigSchema.parse).toBe('function')
 })
+
+it('loginWithQr is exported from barrel', () => {
+  expect(typeof loginWithQr).toBe('function')
+})
+
+it('decodeSlackQr is exported from barrel', () => {
+  expect(typeof decodeSlackQr).toBe('function')
+})

package/src/platforms/slack/index.ts

@@ -1,6 +1,10 @@
 export { SlackClient, SlackError } from './client'
 export { SlackCredentialManager, CredentialManager } from './credential-manager'
 export { SlackListener } from './listener'
+export { loginWithQr } from './qr-http-login'
+export type { QrLoginOptions, QrSession } from './qr-http-login'
+export { decodeSlackQr } from './qr-login'
+export type { SlackQrLogin } from './qr-login'
 export type {
   SlackBookmark,
   SlackChannel,

package/src/platforms/slack/qr-http-login.test.ts

@@ -0,0 +1,157 @@
+import { afterEach, describe, expect, it } from 'bun:test'
+
+import QRCode from 'qrcode'
+
+import { SlackError } from '@/platforms/slack/client'
+import { isSlackHost, loginWithQr, parseDCookie } from '@/platforms/slack/qr-http-login'
+
+const WORKSPACE = 'acme'
+const ZAPP_URL = `https://app.slack.com/t/${WORKSPACE}/login/z-app-1-2-abcdef?src=qr_code&user_id=U1&team_id=T1`
+const D_COOKIE = 'xoxd-abc%2Bdef123'
+const TOKEN = `xoxc-1-2-3-${'a'.repeat(64)}`
+
+async function qrDataUrl(text: string): Promise<string> {
+  return QRCode.toDataURL(text, { margin: 2, width: 256 })
+}
+
+function redirect(location: string, setCookie?: string): Response {
+  const headers = new Headers({ location })
+  if (setCookie) headers.append('set-cookie', setCookie)
+  return new Response(null, { status: 302, headers })
+}
+
+const originalFetch = globalThis.fetch
+
+afterEach(() => {
+  globalThis.fetch = originalFetch
+})
+
+describe('parseDCookie', () => {
+  it('extracts the d cookie value from a Set-Cookie header', () => {
+    expect(parseDCookie(`d=${D_COOKIE}; Path=/; HttpOnly; Secure`)).toBe(D_COOKIE)
+  })
+
+  it('ignores a non-d cookie', () => {
+    expect(parseDCookie('x=somevalue; Path=/')).toBeNull()
+  })
+
+  it('ignores a d cookie that is not an xoxd value', () => {
+    expect(parseDCookie('d=plainvalue; Path=/')).toBeNull()
+  })
+})
+
+describe('isSlackHost', () => {
+  it('accepts slack.com and its subdomains over https', () => {
+    expect(isSlackHost('https://slack.com/checkcookie')).toBe(true)
+    expect(isSlackHost('https://app.slack.com/t/acme/login/z-app-1')).toBe(true)
+    expect(isSlackHost('https://acme.slack.com/ssb/redirect')).toBe(true)
+  })
+
+  it('rejects non-Slack hosts, http, and lookalikes', () => {
+    expect(isSlackHost('https://idp.example.com/saml')).toBe(false)
+    expect(isSlackHost('http://app.slack.com/x')).toBe(false)
+    expect(isSlackHost('https://slack.com.evil.com/x')).toBe(false)
+    expect(isSlackHost('not a url')).toBe(false)
+  })
+})
+
+describe('loginWithQr', () => {
+  it('captures cookie and mints a token through a single injected fetch', async () => {
+    // Given a QR encoding the z-app login URL
+    const dataUrl = await qrDataUrl(ZAPP_URL)
+
+    // And a single fetchImpl serving both the redirect chain and the token page
+    // (no globalThis.fetch monkeypatching)
+    const fetchImpl = (async (input: string | URL) => {
+      const url = typeof input === 'string' ? input : input.toString()
+      if (url.startsWith('https://app.slack.com/t/')) {
+        return redirect(`https://${WORKSPACE}.slack.com/app-redir/login/x`)
+      }
+      if (url.includes('/app-redir/login/')) {
+        return redirect(`https://${WORKSPACE}.slack.com/z-app-secret`, `d=${D_COOKIE}; HttpOnly`)
+      }
+      if (url.includes('/z-app-secret')) {
+        return redirect('https://slack.com/checkcookie?redir=x')
+      }
+      if (url.includes('/checkcookie')) {
+        return new Response(null, { status: 200 })
+      }
+      if (url.includes('/ssb/redirect')) {
+        return new Response(`<script>var boot_data={"api_token":"${TOKEN}"}</script>`, { status: 200 })
+      }
+      throw new Error(`unexpected fetch: ${url}`)
+    }) as typeof fetch
+
+    // When logging in with only fetchImpl
+    const session = await loginWithQr(dataUrl, { fetchImpl })
+
+    // Then the cookie, token, and workspace are returned
+    expect(session.cookie).toBe(D_COOKIE)
+    expect(session.token).toBe(TOKEN)
+    expect(session.workspace).toBe(WORKSPACE)
+  })
+
+  it('never sends the d cookie to a non-Slack redirect target', async () => {
+    // Given a chain that sets the d cookie, then redirects off-domain to an IdP
+    const dataUrl = await qrDataUrl(ZAPP_URL)
+    const requests: Array<{ url: string; cookie: string | null }> = []
+
+    const fetchImpl = (async (input: string | URL, init?: RequestInit) => {
+      const url = typeof input === 'string' ? input : input.toString()
+      const headers = new Headers(init?.headers)
+      requests.push({ url, cookie: headers.get('cookie') })
+
+      if (url.startsWith('https://app.slack.com/t/')) {
+        return redirect(`https://${WORKSPACE}.slack.com/z-app-secret`, `d=${D_COOKIE}; HttpOnly`)
+      }
+      if (url.includes('/z-app-secret')) {
+        return redirect('https://idp.example.com/saml/login')
+      }
+      throw new Error(`d cookie leaked to non-Slack host: ${url}`)
+    }) as typeof fetch
+
+    // When logging in, the off-domain redirect is refused (so no token is minted)
+    await expect(loginWithQr(dataUrl, { fetchImpl })).rejects.toThrow(/expired|client token/)
+
+    // Then the IdP host was never requested at all
+    expect(requests.some((r) => r.url.includes('idp.example.com'))).toBe(false)
+    // And no request ever carried the d session cookie to a non-Slack host
+    for (const r of requests) {
+      if (r.cookie?.includes('xoxd-')) {
+        expect(isSlackHost(r.url)).toBe(true)
+      }
+    }
+  })
+
+  it('fails with qr_session_failed when no d cookie is set', async () => {
+    const dataUrl = await qrDataUrl(ZAPP_URL)
+    const stepAFetch = (async () => new Response(null, { status: 200 })) as typeof fetch
+
+    const promise = loginWithQr(dataUrl, { fetchImpl: stepAFetch })
+    await expect(promise).rejects.toThrow(SlackError)
+    await expect(promise).rejects.toThrow(/expired/)
+  })
+
+  it('fails with qr_token_failed when the token cannot be retrieved', async () => {
+    const dataUrl = await qrDataUrl(ZAPP_URL)
+
+    globalThis.fetch = (async () => new Response('<html>no token here</html>', { status: 200 })) as typeof fetch
+    const stepAFetch = (async (input: string | URL) => {
+      const url = typeof input === 'string' ? input : input.toString()
+      if (url.startsWith('https://app.slack.com/t/')) {
+        return redirect(`https://${WORKSPACE}.slack.com/end`, `d=${D_COOKIE}; HttpOnly`)
+      }
+      return new Response(null, { status: 200 })
+    }) as typeof fetch
+
+    const promise = loginWithQr(dataUrl, { fetchImpl: stepAFetch })
+    await expect(promise).rejects.toThrow(/client token could not be retrieved/)
+  })
+
+  it('rejects a QR that is not a Slack login link', async () => {
+    const dataUrl = await qrDataUrl('https://example.com/not-slack')
+    await expect(loginWithQr(dataUrl, { fetchImpl: (async () => new Response()) as typeof fetch })).rejects.toThrow(
+      SlackError,
+    )
+  })
+})

package/src/platforms/slack/qr-http-login.ts

@@ -0,0 +1,120 @@
+import { SlackError } from './client'
+import { refreshTokenFromWeb } from './ensure-auth'
+import { decodeSlackQr } from './qr-login'
+
+export interface QrSession {
+  token: string
+  cookie: string
+  workspace: string
+}
+
+export interface QrLoginOptions {
+  fetchImpl?: typeof fetch
+  maxRedirects?: number
+  debug?: (message: string) => void
+}
+
+const BROWSER_USER_AGENT =
+  'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36'
+const DEFAULT_MAX_REDIRECTS = 10
+
+export async function loginWithQr(dataUrl: string, options: QrLoginOptions = {}): Promise<QrSession> {
+  const login = decodeSlackQr(dataUrl.trim())
+  const debug = options.debug
+  debug?.(`Decoded QR for workspace ${login.workspace}`)
+
+  const cookie = await captureDCookie(login.url, options)
+  if (!cookie) {
+    throw new SlackError(
+      'Could not establish a Slack session from the QR code. The link may have expired — generate a new QR code and try again.',
+      'qr_session_failed',
+    )
+  }
+  debug?.('Captured session cookie')
+
+  const token = await refreshTokenFromWeb(login.workspace, cookie, options.fetchImpl ?? fetch)
+  if (!token) {
+    throw new SlackError(
+      'Slack session was established but the client token could not be retrieved.',
+      'qr_token_failed',
+    )
+  }
+  debug?.('Retrieved client token')
+
+  return { token, cookie, workspace: login.workspace }
+}
+
+async function captureDCookie(startUrl: string, options: QrLoginOptions): Promise<string | null> {
+  const doFetch = options.fetchImpl ?? fetch
+  const maxRedirects = options.maxRedirects ?? DEFAULT_MAX_REDIRECTS
+  const debug = options.debug
+
+  let url = startUrl
+  let dCookie: string | null = null
+  const cookieJar: string[] = []
+
+  for (let hop = 0; hop < maxRedirects; hop++) {
+    // Only ever send captured cookies (including the d session cookie) to Slack
+    // hosts. A redirect to an off-domain host (e.g. an SSO IdP) must never
+    // receive the d=xoxd- session cookie.
+    if (!isSlackHost(url)) {
+      debug?.(`hop ${hop}: refusing non-Slack host`)
+      break
+    }
+
+    const response = await doFetch(url, {
+      redirect: 'manual',
+      headers: {
+        'User-Agent': BROWSER_USER_AGENT,
+        Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+        'Accept-Language': 'en-US,en;q=0.9',
+        ...(cookieJar.length ? { Cookie: cookieJar.join('; ') } : {}),
+      },
+    })
+
+    for (const setCookie of getSetCookies(response)) {
+      const value = parseDCookie(setCookie)
+      if (value) dCookie = value
+      const pair = setCookie.split(';')[0]?.trim()
+      if (pair) cookieJar.push(pair)
+    }
+
+    debug?.(`hop ${hop}: ${response.status}`)
+
+    const location = response.status >= 300 && response.status < 400 ? response.headers.get('location') : null
+    if (!location) break
+
+    const next = new URL(location, url).toString()
+    if (!isSlackHost(next)) {
+      debug?.(`hop ${hop}: redirect target is not a Slack host, stopping`)
+      break
+    }
+    url = next
+  }
+
+  return dCookie
+}
+
+export function isSlackHost(rawUrl: string): boolean {
+  try {
+    const { protocol, hostname } = new URL(rawUrl)
+    if (protocol !== 'https:') return false
+    return hostname === 'slack.com' || hostname.endsWith('.slack.com')
+  } catch {
+    return false
+  }
+}
+
+export function parseDCookie(setCookieHeader: string): string | null {
+  const match = setCookieHeader.match(/(?:^|,\s*)d=(xoxd-[^;]+)/)
+  return match ? match[1] : null
+}
+
+function getSetCookies(response: Response): string[] {
+  const withGetter = response.headers as Headers & { getSetCookie?: () => string[] }
+  if (typeof withGetter.getSetCookie === 'function') {
+    return withGetter.getSetCookie()
+  }
+  const single = response.headers.get('set-cookie')
+  return single ? [single] : []
+}

package/src/platforms/slack/qr-login.test.ts

@@ -0,0 +1,103 @@
+import { describe, expect, it } from 'bun:test'
+
+import QRCode from 'qrcode'
+
+import { SlackError } from '@/platforms/slack/client'
+import { decodeQrImage, decodeSlackQr, parseSlackQrUrl } from '@/platforms/slack/qr-login'
+
+const VALID_QR_URL =
+  'https://app.slack.com/t/acme/login/z-app-1234567890-1234567890-abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcd?src=qr_code&user_id=U0123456789&team_id=T0123456789'
+
+async function qrDataUrl(text: string): Promise<string> {
+  return QRCode.toDataURL(text, { margin: 2, width: 256 })
+}
+
+describe('parseSlackQrUrl', () => {
+  it('extracts workspace, team_id, and user_id from a valid Slack QR URL', () => {
+    // Given a real-shaped Slack mobile sign-in URL
+    // When parsed
+    const result = parseSlackQrUrl(VALID_QR_URL)
+
+    // Then the identifying fields are extracted
+    expect(result.workspace).toBe('acme')
+    expect(result.teamId).toBe('T0123456789')
+    expect(result.userId).toBe('U0123456789')
+    expect(result.url).toBe(VALID_QR_URL)
+  })
+
+  it('allows missing optional query params', () => {
+    const url = 'https://app.slack.com/t/acme/login/z-app-1-2-abc'
+    const result = parseSlackQrUrl(url)
+
+    expect(result.workspace).toBe('acme')
+    expect(result.teamId).toBeNull()
+    expect(result.userId).toBeNull()
+  })
+
+  it('rejects a non-URL string', () => {
+    expect(() => parseSlackQrUrl('not a url')).toThrow(SlackError)
+  })
+
+  it('rejects a non-Slack host', () => {
+    expect(() => parseSlackQrUrl('https://evil.example.com/t/x/login/z-app-1')).toThrow(/not a Slack sign-in link/)
+  })
+
+  it('rejects http (non-https) URLs', () => {
+    expect(() => parseSlackQrUrl('http://app.slack.com/t/x/login/z-app-1')).toThrow(SlackError)
+  })
+
+  it('rejects a Slack URL that is not a mobile sign-in link', () => {
+    expect(() => parseSlackQrUrl('https://app.slack.com/client/T0123456789/C123')).toThrow(
+      /not a Slack mobile sign-in link/,
+    )
+  })
+
+  it('rejects a sign-in link with an unparseable workspace', () => {
+    expect(() => parseSlackQrUrl('https://app.slack.com/login/z-app-1')).toThrow(/determine the workspace/)
+  })
+})
+
+describe('decodeQrImage', () => {
+  it('reads the encoded URL back from a generated QR PNG', async () => {
+    // Given a QR PNG encoding the Slack URL
+    const dataUrl = await qrDataUrl(VALID_QR_URL)
+
+    // When decoded
+    const decoded = decodeQrImage(dataUrl)
+
+    // Then the original URL is recovered
+    expect(decoded).toBe(VALID_QR_URL)
+  })
+
+  it('rejects a data URL without the PNG header', () => {
+    expect(() => decodeQrImage('data:image/jpeg;base64,AAAA')).toThrow(/PNG data URL/)
+  })
+
+  it('rejects a PNG header with no data', () => {
+    expect(() => decodeQrImage('data:image/png;base64,')).toThrow(/no image data/)
+  })
+
+  it('rejects a PNG header with non-PNG payload', () => {
+    expect(() => decodeQrImage('data:image/png;base64,Zm9vYmFy')).toThrow(/valid PNG/)
+  })
+})
+
+describe('decodeSlackQr', () => {
+  it('decodes a QR PNG and parses the Slack login URL end to end', async () => {
+    // Given a QR PNG encoding a valid Slack sign-in URL
+    const dataUrl = await qrDataUrl(VALID_QR_URL)
+
+    // When decoded end to end
+    const result = decodeSlackQr(dataUrl)
+
+    // Then both decode and parse succeed
+    expect(result.workspace).toBe('acme')
+    expect(result.teamId).toBe('T0123456789')
+  })
+
+  it('decodes the QR but rejects a non-Slack URL', async () => {
+    const dataUrl = await qrDataUrl('https://example.com/whatever')
+
+    expect(() => decodeSlackQr(dataUrl)).toThrow(SlackError)
+  })
+})

package/src/platforms/slack/qr-login.ts

@@ -0,0 +1,90 @@
+import jsQR from 'jsqr'
+import { PNG } from 'pngjs'
+
+import { SlackError } from './client'
+
+const PNG_DATA_URL_PREFIX = 'data:image/png;base64,'
+
+// Slack's "Sign in on Mobile" QR encodes a login URL of the form:
+//   https://app.slack.com/t/<workspace>/login/z-app-<app_id>-<secret>?src=qr_code&user_id=...&team_id=...
+// The `z-app-` segment is the single-use cross-device auth secret; `src=qr_code` marks the source.
+const SLACK_QR_HOST = 'app.slack.com'
+const SLACK_QR_PATH_SEGMENT = '/login/z-app-'
+
+export interface SlackQrLogin {
+  url: string
+  workspace: string
+  teamId: string | null
+  userId: string | null
+}
+
+export function decodeQrImage(dataUrl: string): string {
+  const png = decodePngDataUrl(dataUrl)
+  const result = jsQR(new Uint8ClampedArray(png.data), png.width, png.height)
+  if (!result) {
+    throw new SlackError('Could not read a QR code from the image.', 'qr_unreadable')
+  }
+  return result.data
+}
+
+export function parseSlackQrUrl(raw: string): SlackQrLogin {
+  let parsed: URL
+  try {
+    parsed = new URL(raw)
+  } catch {
+    throw new SlackError('QR code does not contain a valid URL.', 'qr_invalid_url')
+  }
+
+  if (parsed.protocol !== 'https:' || parsed.hostname !== SLACK_QR_HOST) {
+    throw new SlackError(`QR code is not a Slack sign-in link (expected https://${SLACK_QR_HOST}).`, 'qr_not_slack')
+  }
+
+  if (!parsed.pathname.includes(SLACK_QR_PATH_SEGMENT)) {
+    throw new SlackError('QR code is not a Slack mobile sign-in link.', 'qr_not_signin')
+  }
+
+  const workspace = extractWorkspace(parsed.pathname)
+  if (!workspace) {
+    throw new SlackError('Could not determine the workspace from the QR code.', 'qr_no_workspace')
+  }
+
+  return {
+    url: parsed.toString(),
+    workspace,
+    teamId: parsed.searchParams.get('team_id'),
+    userId: parsed.searchParams.get('user_id'),
+  }
+}
+
+export function decodeSlackQr(dataUrl: string): SlackQrLogin {
+  return parseSlackQrUrl(decodeQrImage(dataUrl))
+}
+
+function extractWorkspace(pathname: string): string | null {
+  const match = pathname.match(/^\/t\/([^/]+)\/login\/z-app-/)
+  return match ? match[1] : null
+}
+
+function decodePngDataUrl(dataUrl: string): PNG {
+  if (!dataUrl.startsWith(PNG_DATA_URL_PREFIX)) {
+    throw new SlackError(`Expected a PNG data URL starting with "${PNG_DATA_URL_PREFIX}".`, 'qr_invalid_header')
+  }
+
+  const base64 = dataUrl.slice(PNG_DATA_URL_PREFIX.length)
+  if (!base64) {
+    throw new SlackError('QR data URL contains no image data.', 'qr_no_data')
+  }
+
+  let buffer: Buffer
+  try {
+    buffer = Buffer.from(base64, 'base64')
+  } catch {
+    throw new SlackError('QR data URL is not valid base64.', 'qr_invalid_base64')
+  }
+
+  try {
+    return PNG.sync.read(buffer)
+  } catch {
+    throw new SlackError('QR data URL is not a valid PNG image.', 'qr_invalid_png')
+  }
+}

package/src/platforms/slack/token-extractor-node-test.ts

@@ -1,11 +1,13 @@
 import { mkdirSync, mkdtempSync, rmSync } from 'node:fs'
+import { createRequire } from 'node:module'
 import { tmpdir } from 'node:os'
 import { join } from 'node:path'
 
-import Database from 'better-sqlite3'
-
 import { TokenExtractor } from './token-extractor'
 
+const require = createRequire(import.meta.url)
+const { DatabaseSync } = require('node:sqlite')
+
 const tempDir = mkdtempSync(join(tmpdir(), 'token-extractor-test-'))
 const slackDir = join(tempDir, 'Slack')
 mkdirSync(slackDir)
@@ -13,7 +15,7 @@ mkdirSync(slackDir)
 const dbPath = join(slackDir, 'Cookies')
 
 try {
-  const db = new Database(dbPath)
+  const db = new DatabaseSync(dbPath)
   db.exec(`
     CREATE TABLE cookies (
       name TEXT,

package/src/platforms/slack/token-extractor.ts

@@ -1,7 +1,6 @@
 import { execSync } from 'node:child_process'
 import { createDecipheriv, pbkdf2Sync } from 'node:crypto'
 import { copyFileSync, existsSync, mkdirSync, readdirSync, readFileSync, rmSync, statSync } from 'node:fs'
-import { createRequire } from 'node:module'
 import { homedir, tmpdir } from 'node:os'
 import { join } from 'node:path'
 
@@ -16,11 +15,10 @@ import {
   getBrowserBasePath,
   getAgentBrowserProfileDirs,
 } from '@/shared/chromium'
+import { openReadonlyDatabase } from '@/shared/sqlite'
 import { DerivedKeyCache } from '@/shared/utils/derived-key-cache'
 import { lookupLinuxKeyringPassword } from '@/shared/utils/linux-keyring'
 
-const require = createRequire(import.meta.url)
-
 export interface ExtractedWorkspace {
   workspace_id: string
   workspace_name: string
@@ -872,16 +870,11 @@ export class TokenExtractor {
         encrypted_value?: Uint8Array | Buffer
       } | null
 
+      const db = openReadonlyDatabase(tempDbPath)
       let row: CookieRow
-      if (typeof globalThis.Bun !== 'undefined') {
-        const { Database } = require('bun:sqlite')
-        const db = new Database(tempDbPath, { readonly: true })
-        row = db.query(sql).get() as CookieRow
-        db.close()
-      } else {
-        const Database = require('better-sqlite3')
-        const db = new Database(tempDbPath, { readonly: true })
+      try {
         row = db.prepare(sql).get() as CookieRow
+      } finally {
         db.close()
       }
 

package/src/shared/chromium/cookie-reader-node-test.ts

@@ -0,0 +1,70 @@
+import { mkdtempSync, rmSync } from 'node:fs'
+import { createRequire } from 'node:module'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+
+import { ChromiumCookieReader } from '@/shared/chromium'
+
+const require = createRequire(import.meta.url)
+const { DatabaseSync } = require('node:sqlite')
+
+function fail(message: string): never {
+  console.error(message)
+  process.exit(1)
+}
+
+const tempDir = mkdtempSync(join(tmpdir(), 'cookie-reader-node-test-'))
+const dbPath = join(tempDir, 'Cookies')
+
+try {
+  const db = new DatabaseSync(dbPath)
+  db.exec('CREATE TABLE cookies (name TEXT, value TEXT, encrypted_value BLOB, host_key TEXT, last_access_utc INTEGER)')
+  const insert = db.prepare(
+    'INSERT INTO cookies (name, value, encrypted_value, host_key, last_access_utc) VALUES (?, ?, ?, ?, ?)',
+  )
+  // Chromium *_utc columns are microseconds since 1601; real values exceed
+  // Number.MAX_SAFE_INTEGER, which node:sqlite throws on when SELECTed.
+  insert.run('d', 'xoxd-newer', null, '.slack.com', 13380000000000200n)
+  insert.run('d', 'xoxd-older', null, '.slack.com', 13380000000000100n)
+  insert.run('other', 'ignored', null, '.example.com', 13380000000000300n)
+  insert.run('enc', '', Buffer.from('v10-secret-bytes'), '.slack.com', 13380000000000100n)
+  db.close()
+
+  if (typeof (globalThis as { Bun?: unknown }).Bun !== 'undefined') {
+    fail('Expected Node.js runtime (node:sqlite), but Bun was detected')
+  }
+
+  const reader = new ChromiumCookieReader()
+
+  const first = await reader.queryFirst<{ value: string }>(
+    dbPath,
+    "SELECT value FROM cookies WHERE name = 'd' AND host_key LIKE ? ORDER BY last_access_utc DESC LIMIT 1",
+    ['%slack.com%'],
+  )
+  if (first?.value !== 'xoxd-newer') fail(`queryFirst expected xoxd-newer, got ${String(first?.value)}`)
+
+  const all = await reader.queryAll<{ value: string }>(
+    dbPath,
+    "SELECT value FROM cookies WHERE name = 'd' ORDER BY last_access_utc DESC",
+  )
+  if (all.length !== 2) fail(`queryAll expected 2 rows, got ${all.length}`)
+  if (all[0]?.value !== 'xoxd-newer') fail('queryAll expected newest-first ordering')
+
+  const none = await reader.queryFirst(dbPath, "SELECT value FROM cookies WHERE host_key = 'no.match'")
+  if (none !== null) fail(`no-row queryFirst expected null, got ${String(none)}`)
+
+  // node:sqlite returns BLOBs as Uint8Array (not Buffer); Buffer.from must
+  // preserve the bytes so cookie decryption keeps working
+  const encrypted = await reader.queryFirst<{ encrypted_value?: Uint8Array }>(
+    dbPath,
+    "SELECT encrypted_value FROM cookies WHERE name = 'enc' LIMIT 1",
+  )
+  if (!(encrypted?.encrypted_value instanceof Uint8Array)) fail('encrypted_value expected Uint8Array')
+  if (Buffer.from(encrypted.encrypted_value).toString('utf8') !== 'v10-secret-bytes') {
+    fail('Buffer.from(BLOB) did not round-trip the original bytes')
+  }
+
+  console.log('ok')
+} finally {
+  rmSync(tempDir, { recursive: true })
+}

package/src/shared/chromium/cookie-reader-node.test.ts

@@ -0,0 +1,10 @@
+import { expect, it } from 'bun:test'
+import { execSync } from 'node:child_process'
+
+it('ChromiumCookieReader works in Node.js (node:sqlite)', () => {
+  const result = execSync('bun tsx src/shared/chromium/cookie-reader-node-test.ts', {
+    cwd: process.cwd(),
+    encoding: 'utf-8',
+  })
+  expect(result.trim()).toBe('ok')
+})