agentgate-mcp 0.2.0

package/src/playwright-engine.js

@@ -0,0 +1,391 @@
+import fs from 'node:fs';
+import { BrowserRuntime } from './browser-runtime.js';
+import { CaptchaSolver } from './integrations/captcha-solver.js';
+import { GmailWatcher } from './integrations/gmail-watcher.js';
+import { createLogger } from './logger.js';
+
+const log = createLogger('playwright');
+
+async function importPlaywright() {
+  try {
+    return await import('playwright');
+  } catch {
+    throw new Error(
+      'Playwright is not installed. Run `npm i playwright` and `npx playwright install chromium`.'
+    );
+  }
+}
+
+// Common Google OAuth button selectors
+const GOOGLE_SIGN_IN_SELECTORS = [
+  'button:has-text("Continue with Google")',
+  'button:has-text("Sign in with Google")',
+  'button:has-text("Sign up with Google")',
+  'a:has-text("Continue with Google")',
+  'a:has-text("Sign in with Google")',
+  'a:has-text("Sign up with Google")',
+  'button:has-text("Google")',
+  'a:has-text("Google")',
+  '[data-provider="google"]',
+  '[data-action="google"]',
+  '[aria-label*="Google"]',
+  '.google-login',
+  '#google-signin',
+  '[class*="google"]'
+];
+
+// Common "Create API Key" button selectors
+const CREATE_KEY_SELECTORS = [
+  'button:has-text("Create API Key")',
+  'button:has-text("Create API key")',
+  'button:has-text("Create new key")',
+  'button:has-text("Generate API Key")',
+  'button:has-text("Generate Key")',
+  'button:has-text("Generate new key")',
+  'button:has-text("Create key")',
+  'button:has-text("New Key")',
+  'button:has-text("Add Key")',
+  'button:has-text("Create secret key")',
+  'a:has-text("Create API Key")',
+  'a:has-text("Create key")',
+  'a:has-text("Generate Key")',
+  'a:has-text("New Key")',
+  '[data-testid*="create"][data-testid*="key"]',
+  '[data-testid*="generate"][data-testid*="key"]'
+];
+
+// Selectors that might contain a displayed API key
+const KEY_EXTRACT_SELECTORS = [
+  'input[type="text"][readonly]',
+  'input[readonly][value]',
+  'code',
+  'pre',
+  '.api-key',
+  '[data-testid*="key"]',
+  '[data-testid*="secret"]',
+  '[class*="api-key"]',
+  '[class*="apikey"]',
+  '[class*="secret"]',
+  'input[value*="sk-"]',
+  'input[value*="sk_"]',
+  'input[value*="key_"]',
+  'input[value*="pk_"]',
+  '.mono',
+  '[class*="monospace"]',
+  'samp'
+];
+
+export class PlaywrightEngine {
+  constructor({ db, vault, browserProfileDir }) {
+    this.db = db;
+    this.vault = vault;
+    this.browserProfileDir = browserProfileDir;
+    this.gmailWatcher = new GmailWatcher({ vault });
+    this.captchaSolver = new CaptchaSolver({ vault });
+  }
+
+  /**
+   * Open a visible browser for the user to sign into Google.
+   * Saves the session to the persistent browser profile.
+   */
+  async login() {
+    const playwright = await importPlaywright();
+
+    log.info('Opening browser for Google login');
+    fs.mkdirSync(this.browserProfileDir, { recursive: true });
+
+    const context = await playwright.chromium.launchPersistentContext(
+      this.browserProfileDir,
+      {
+        headless: false,
+        viewport: { width: 1280, height: 900 },
+        args: ['--disable-blink-features=AutomationControlled']
+      }
+    );
+
+    const page = context.pages()[0] || await context.newPage();
+    await page.goto('https://accounts.google.com');
+
+    log.info('Waiting for user to complete Google sign-in...');
+
+    // Wait until user is logged in — detect by URL change or profile element
+    try {
+      await page.waitForURL(
+        (url) => url.href.includes('myaccount.google.com') || url.href.includes('google.com/search'),
+        { timeout: 300_000 } // 5 minutes
+      );
+      log.info('Google sign-in detected');
+    } catch {
+      // User might close browser manually — that's fine, profile is still saved
+      log.info('Login window closed or timed out — profile saved if login completed');
+    }
+
+    await context.close();
+    log.info('Browser profile saved');
+  }
+
+  /**
+   * Create an API key for any service.
+   * Uses the persistent browser profile (Google session) for authentication.
+   *
+   * If a service recipe exists in the registry, uses its workflow.
+   * Otherwise, uses smart navigation.
+   */
+  async createKey(serviceDef) {
+    const hasProfile = fs.existsSync(this.browserProfileDir);
+    if (!hasProfile) {
+      throw new Error('No browser profile found. Run `agentgate login` first to sign in with Google.');
+    }
+
+    const playwright = await importPlaywright();
+    const headless = serviceDef.runtime?.headless !== false;
+
+    log.info(`Launching browser for ${serviceDef.name}`, { headless });
+
+    let context;
+    try {
+      context = await playwright.chromium.launchPersistentContext(
+        this.browserProfileDir,
+        {
+          headless,
+          viewport: { width: 1366, height: 900 },
+          args: ['--disable-blink-features=AutomationControlled']
+        }
+      );
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes('Permission denied') || message.includes('Operation not permitted')) {
+        throw new Error(
+          'Playwright could not launch browser (permission denied). Run AgentGate outside restricted sandbox.'
+        );
+      }
+      throw error;
+    }
+
+    try {
+      const page = context.pages()[0] || await context.newPage();
+
+      // If service has a pre-built workflow (recipe), use it
+      if (Array.isArray(serviceDef.workflow) && serviceDef.workflow.length > 0) {
+        return await this.runWorkflow(page, serviceDef);
+      }
+
+      // Otherwise, smart navigation
+      return await this.smartCreateKey(page, serviceDef);
+    } finally {
+      await context.close();
+    }
+  }
+
+  /**
+   * Run a pre-built workflow recipe.
+   */
+  async runWorkflow(page, serviceDef) {
+    const state = {
+      service: serviceDef,
+      vault: this.vault.getPayload(),
+      generated: {},
+      result: { apiKey: null },
+      scratch: {}
+    };
+
+    const runtime = new BrowserRuntime({
+      page,
+      state,
+      db: this.db,
+      gmailWatcher: this.gmailWatcher,
+      captchaSolver: this.captchaSolver
+    });
+
+    log.info(`Running ${serviceDef.workflow.length} workflow actions for ${serviceDef.name}`);
+    await runtime.run(serviceDef.workflow);
+
+    if (!state.result.apiKey) {
+      throw new Error(
+        `Workflow completed for ${serviceDef.name} but no API key was captured in result.apiKey`
+      );
+    }
+
+    return {
+      apiKey: state.result.apiKey,
+      metadata: { flow: 'recipe', service: serviceDef.name, createdAt: new Date().toISOString() }
+    };
+  }
+
+  /**
+   * Smart navigation: sign up via Google, navigate to API keys, extract key.
+   * Works for any service without a pre-built recipe.
+   */
+  async smartCreateKey(page, serviceDef) {
+    const signupUrl = serviceDef.signup_url;
+    const apiKeyUrl = serviceDef.api_key_url;
+    const name = serviceDef.name;
+
+    // Step 1: Navigate to signup/main page
+    log.info(`Smart navigation: going to ${signupUrl}`);
+    await page.goto(signupUrl, { waitUntil: 'domcontentloaded', timeout: 30_000 });
+    await page.waitForTimeout(2_000);
+
+    // Step 2: Try to find and click Google sign-in
+    const clickedGoogle = await this.tryClickFirst(page, GOOGLE_SIGN_IN_SELECTORS, 3_000);
+    if (clickedGoogle) {
+      log.info('Clicked Google sign-in button');
+      // Wait for OAuth flow to complete (popup or redirect)
+      await page.waitForTimeout(5_000);
+      // Handle popup if it appeared
+      await this.handleGooglePopup(page);
+    } else {
+      log.info('No Google sign-in button found — may already be logged in');
+    }
+
+    // Step 3: Navigate to API keys page if URL provided
+    if (apiKeyUrl) {
+      log.info(`Navigating to API keys page: ${apiKeyUrl}`);
+      await page.goto(apiKeyUrl, { waitUntil: 'domcontentloaded', timeout: 30_000 });
+      await page.waitForTimeout(2_000);
+    }
+
+    // Step 4: Try to click "Create API Key" button
+    const clickedCreate = await this.tryClickFirst(page, CREATE_KEY_SELECTORS, 5_000);
+    if (clickedCreate) {
+      log.info('Clicked create API key button');
+      await page.waitForTimeout(3_000);
+    }
+
+    // Step 5: Try to confirm any dialog (some services show a confirmation)
+    await this.tryClickFirst(page, [
+      'button:has-text("Create")',
+      'button:has-text("Confirm")',
+      'button:has-text("Generate")',
+      'button:has-text("Done")',
+      'button:has-text("Copy")'
+    ], 2_000);
+    await page.waitForTimeout(2_000);
+
+    // Step 6: Extract the API key
+    const apiKey = await this.extractApiKey(page);
+    if (!apiKey) {
+      // Take a screenshot for debugging
+      const screenshotPath = `/tmp/agentgate-${name}-${Date.now()}.png`;
+      await page.screenshot({ path: screenshotPath, fullPage: true });
+      throw new Error(
+        `Could not extract API key for ${name}. Screenshot saved to ${screenshotPath}. ` +
+        `You may need to create a service recipe in services/${name}.json for this service.`
+      );
+    }
+
+    log.info(`API key extracted for ${name}`);
+    return {
+      apiKey,
+      metadata: { flow: 'smart', service: name, createdAt: new Date().toISOString() }
+    };
+  }
+
+  /**
+   * Try to click the first matching selector from a list.
+   */
+  async tryClickFirst(page, selectors, timeout = 3_000) {
+    for (const selector of selectors) {
+      try {
+        const el = await page.waitForSelector(selector, { timeout, state: 'visible' });
+        if (el) {
+          await el.click();
+          return true;
+        }
+      } catch {
+        // Not found, try next
+      }
+    }
+    return false;
+  }
+
+  /**
+   * Handle Google OAuth popup window if it appeared.
+   */
+  async handleGooglePopup(page) {
+    const context = page.context();
+    const pages = context.pages();
+    const popup = pages.find((p) => p.url().includes('accounts.google.com'));
+    if (popup && popup !== page) {
+      log.info('Handling Google OAuth popup');
+      try {
+        // If already logged in, the popup might auto-select the account
+        // Try clicking the first account if visible
+        await popup.waitForSelector('[data-email]', { timeout: 5_000 });
+        await popup.click('[data-email]');
+        await page.waitForTimeout(3_000);
+      } catch {
+        // Popup may have auto-closed
+      }
+    }
+  }
+
+  /**
+   * Try multiple strategies to extract an API key from the page.
+   */
+  async extractApiKey(page) {
+    // Strategy 1: Check common selectors
+    for (const selector of KEY_EXTRACT_SELECTORS) {
+      try {
+        const elements = await page.$$(selector);
+        for (const el of elements) {
+          // Try input value first
+          const value = await el.inputValue().catch(() => null);
+          if (value && this.looksLikeApiKey(value)) {
+            return value.trim();
+          }
+          // Try text content
+          const text = await el.textContent().catch(() => null);
+          if (text && this.looksLikeApiKey(text.trim())) {
+            return text.trim();
+          }
+        }
+      } catch {
+        // Selector not found
+      }
+    }
+
+    // Strategy 2: Scan full page text for key patterns
+    try {
+      const bodyText = await page.textContent('body');
+      if (bodyText) {
+        const patterns = [
+          /\b(sk-[A-Za-z0-9_\-]{20,})\b/,
+          /\b(sk_[A-Za-z0-9_\-]{20,})\b/,
+          /\b(pk_[A-Za-z0-9_\-]{20,})\b/,
+          /\b(key_[A-Za-z0-9_\-]{20,})\b/,
+          /\b(api_[A-Za-z0-9_\-]{20,})\b/,
+          /\b(token_[A-Za-z0-9_\-]{20,})\b/,
+          /\b(AKIA[A-Z0-9]{16})\b/,  // AWS-style
+          /(?:api.?key|token|secret)[:\s"'=]+([A-Za-z0-9_\-]{20,})/i,
+          /\b([A-Za-z0-9_\-]{32,})\b/  // Last resort: any long alphanumeric string
+        ];
+
+        for (const pattern of patterns) {
+          const match = bodyText.match(pattern);
+          if (match && match[1] && this.looksLikeApiKey(match[1])) {
+            return match[1];
+          }
+        }
+      }
+    } catch {
+      // Page text extraction failed
+    }
+
+    return null;
+  }
+
+  /**
+   * Heuristic: does this string look like an API key?
+   */
+  looksLikeApiKey(str) {
+    if (!str || typeof str !== 'string') return false;
+    const trimmed = str.trim();
+    if (trimmed.length < 10) return false;
+    if (trimmed.length > 256) return false;
+    if (trimmed.includes(' ') || trimmed.includes('\n')) return false;
+    // Must have some mix of characters (not just "Loading..." or "Click here")
+    if (/^[a-z\s]+$/i.test(trimmed)) return false;
+    return true;
+  }
+}

package/src/registry.js

@@ -0,0 +1,47 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+export class ServiceRegistry {
+  constructor(registryDir) {
+    this.registryDir = registryDir;
+  }
+
+  listServices() {
+    if (!fs.existsSync(this.registryDir)) {
+      return [];
+    }
+
+    const files = fs
+      .readdirSync(this.registryDir)
+      .filter((name) => name.endsWith('.json') && !name.startsWith('_'))
+      .sort();
+
+    return files.map((file) => {
+      const fullPath = path.join(this.registryDir, file);
+      const raw = fs.readFileSync(fullPath, 'utf8');
+      const parsed = JSON.parse(raw);
+      this.validateService(parsed, file);
+      return parsed;
+    });
+  }
+
+  getService(name) {
+    const service = this.listServices().find((item) => item.name === name);
+    return service ?? null;
+  }
+
+  validateService(service, fileName) {
+    if (!service || typeof service !== 'object') {
+      throw new Error(`Invalid service definition in ${fileName}: expected object`);
+    }
+    if (!service.name || typeof service.name !== 'string') {
+      throw new Error(`Invalid service definition in ${fileName}: missing name`);
+    }
+    if (!service.signup_url || typeof service.signup_url !== 'string') {
+      throw new Error(`Invalid service definition in ${fileName}: missing signup_url`);
+    }
+    if (!Array.isArray(service.workflow)) {
+      throw new Error(`Invalid service definition in ${fileName}: workflow must be an array`);
+    }
+  }
+}

package/src/scaffold.js

@@ -0,0 +1,103 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+function sanitizeServiceName(input) {
+  return String(input || '')
+    .trim()
+    .toLowerCase()
+    .replace(/^https?:\/\//, '')
+    .replace(/^www\./, '')
+    .split('/')[0]
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '');
+}
+
+function deriveNameFromUrl(url) {
+  try {
+    const host = new URL(url).hostname;
+    return sanitizeServiceName(host.split('.').slice(-2, -1)[0] || host);
+  } catch {
+    return '';
+  }
+}
+
+function buildTemplate({ name, url }) {
+  return {
+    name,
+    signup_url: url,
+    requires: {
+      google: false,
+      card: false
+    },
+    runtime: {
+      headless: true
+    },
+    workflow: [
+      { type: 'goto', url: '{{service.signup_url}}' },
+      { type: 'wait_for', selector: 'body' },
+      { type: 'fill', selector: "input[type='email']", value: '{{generated.emailAlias}}' },
+      { type: 'fill', selector: "input[type='password']", value: '{{generated.password}}' },
+      { type: 'click', selector: "button[type='submit']" },
+      { type: 'store_alias' },
+      { type: 'wait_for_email_code', target: 'scratch.emailCode', timeoutMs: 120000 },
+      { type: 'fill', selector: "input[name='code']", value: '{{scratch.emailCode}}' },
+      { type: 'click', selector: "button[type='submit']" },
+      { type: 'solve_captcha', target: 'scratch.captchaToken', provider: 'capsolver' },
+      { type: 'goto', url: '{{service.signup_url}}' },
+      { type: 'extract_text', selector: 'body', target: 'scratch.pageText' },
+      {
+        type: 'regex_extract',
+        source: 'scratch.pageText',
+        pattern: '(?:api[_-]?key|token)[^A-Za-z0-9]+([A-Za-z0-9_\\-]{20,})',
+        target: 'result.apiKey'
+      },
+      { type: 'assert_present', path: 'result.apiKey' }
+    ]
+  };
+}
+
+export function runScaffold({ registryDir, argv, stdout, stderr }) {
+  const arg1 = argv[0] || '';
+  const arg2 = argv[1] || '';
+
+  let name = '';
+  let url = '';
+
+  if (arg1.startsWith('http://') || arg1.startsWith('https://')) {
+    url = arg1;
+    name = sanitizeServiceName(arg2) || deriveNameFromUrl(url);
+  } else {
+    name = sanitizeServiceName(arg1);
+    url = arg2;
+  }
+
+  if (!name || !url) {
+    stderr.write('Usage: node src/cli.js scaffold <service-name> <signup-url>\n');
+    stderr.write('   or: node src/cli.js scaffold <signup-url> [service-name]\n');
+    return 1;
+  }
+
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    stderr.write(`Invalid URL: ${url}\n`);
+    return 1;
+  }
+
+  const normalizedUrl = parsed.toString();
+  fs.mkdirSync(registryDir, { recursive: true });
+  const filePath = path.join(registryDir, `${name}.json`);
+
+  if (fs.existsSync(filePath)) {
+    stderr.write(`Service definition already exists: ${filePath}\n`);
+    return 1;
+  }
+
+  const template = buildTemplate({ name, url: normalizedUrl });
+  fs.writeFileSync(filePath, `${JSON.stringify(template, null, 2)}\n`, { mode: 0o600 });
+
+  stdout.write(`Created service scaffold: ${filePath}\n`);
+  stdout.write('Next: edit selectors and workflow actions for the target service.\n');
+  return 0;
+}

package/src/setup.js

@@ -0,0 +1,109 @@
+import fs from 'node:fs';
+import readline from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+
+export async function runSetup({ vault, settingsFile }) {
+  const rl = readline.createInterface({ input, output });
+
+  try {
+    const googleEmail = await getValue(rl, {
+      env: 'AGENTGATE_GOOGLE_EMAIL',
+      prompt: 'Google account email: '
+    });
+    const gmailToken = await getValue(rl, {
+      env: 'AGENTGATE_GMAIL_TOKEN',
+      prompt: 'Gmail OAuth token (paste token for now): ',
+      allowEmpty: true
+    });
+    const cardHolder = await getValue(rl, {
+      env: 'AGENTGATE_CARD_HOLDER',
+      prompt: 'Card holder name: ',
+      allowEmpty: true
+    });
+    const cardNumber = await getValue(rl, {
+      env: 'AGENTGATE_CARD_NUMBER',
+      prompt: 'Card number (numbers only): ',
+      allowEmpty: true
+    });
+    const cardExpMonth = await getValue(rl, {
+      env: 'AGENTGATE_CARD_EXP_MONTH',
+      prompt: 'Card expiry month (MM): ',
+      allowEmpty: true
+    });
+    const cardExpYear = await getValue(rl, {
+      env: 'AGENTGATE_CARD_EXP_YEAR',
+      prompt: 'Card expiry year (YYYY): ',
+      allowEmpty: true
+    });
+    const cardCvc = await getValue(rl, {
+      env: 'AGENTGATE_CARD_CVC',
+      prompt: 'Card CVC: ',
+      allowEmpty: true
+    });
+    const cardZip = await getValue(rl, {
+      env: 'AGENTGATE_CARD_ZIP',
+      prompt: 'Billing ZIP/postal code: ',
+      allowEmpty: true
+    });
+
+    vault.setGoogleAccount({
+      email: googleEmail,
+      cookies: null,
+      gmailOAuthToken: gmailToken || null
+    });
+
+    vault.setBilling({
+      cardHolder: cardHolder || null,
+      cardNumber: cardNumber || null,
+      cardLast4: cardNumber ? cardNumber.slice(-4) : null,
+      cardExpMonth: cardExpMonth || null,
+      cardExpYear: cardExpYear || null,
+      cardCvc: cardCvc || null,
+      cardZip: cardZip || null
+    });
+
+    const settings = {
+      initializedAt: new Date().toISOString(),
+      googleEmail,
+      setupVersion: 2
+    };
+
+    fs.writeFileSync(settingsFile, JSON.stringify(settings, null, 2), { mode: 0o600 });
+
+    output.write('\nSetup complete. Use this MCP config snippet:\n\n');
+    output.write(
+      JSON.stringify(
+        {
+          mcpServers: {
+            agentgate: {
+              command: 'node',
+              args: ['src/cli.js', 'serve']
+            }
+          }
+        },
+        null,
+        2
+      )
+    );
+    output.write('\n');
+  } finally {
+    rl.close();
+  }
+}
+
+async function getValue(rl, { env, prompt, allowEmpty = false }) {
+  const fromEnv = process.env[env];
+  if (typeof fromEnv === 'string') {
+    const value = fromEnv.trim();
+    if (!value && !allowEmpty) {
+      throw new Error(`Environment variable ${env} cannot be empty.`);
+    }
+    return value;
+  }
+
+  const value = (await rl.question(prompt)).trim();
+  if (!value && !allowEmpty) {
+    throw new Error(`Value required for prompt: ${prompt}`);
+  }
+  return value;
+}

package/src/signup-engine.js

@@ -0,0 +1,24 @@
+import { PlaywrightEngine } from './playwright-engine.js';
+import { createLogger } from './logger.js';
+
+const log = createLogger('signup-engine');
+
+export class SignupEngine extends PlaywrightEngine {
+  async createKey(serviceDef) {
+    log.info(`Creating key for ${serviceDef.name}`, {
+      mode: serviceDef.workflow?.length > 0 ? 'recipe' : 'smart',
+      signup_url: serviceDef.signup_url
+    });
+
+    try {
+      const result = await super.createKey(serviceDef);
+      log.info(`Key created for ${serviceDef.name}`);
+      return result;
+    } catch (error) {
+      log.error(`Failed to create key for ${serviceDef.name}`, {
+        error: error instanceof Error ? error.message : String(error)
+      });
+      throw error;
+    }
+  }
+}