assistme 0.1.13 → 0.1.14

package/dist/index.js

@@ -63,14 +63,15 @@ function getNextRunTime(cronExpr, timezone, fromDate) {
   const daysOfMonth = parseField(domExpr, 1, 31);
   const months = parseField(monExpr, 1, 12);
   const daysOfWeek = parseField(dowExpr, 0, 6);
+  const useUTC = timezone === "UTC";
   const candidate = new Date(now.getTime() + 6e4);
   candidate.setSeconds(0, 0);
   for (let i = 0; i < 527040; i++) {
-    const m = candidate.getMinutes();
-    const h = candidate.getHours();
-    const dom = candidate.getDate();
-    const mon = candidate.getMonth() + 1;
-    const dow = candidate.getDay();
+    const m = useUTC ? candidate.getUTCMinutes() : candidate.getMinutes();
+    const h = useUTC ? candidate.getUTCHours() : candidate.getHours();
+    const dom = useUTC ? candidate.getUTCDate() : candidate.getDate();
+    const mon = (useUTC ? candidate.getUTCMonth() : candidate.getMonth()) + 1;
+    const dow = useUTC ? candidate.getUTCDay() : candidate.getDay();
     if (minutes.includes(m) && hours.includes(h) && daysOfMonth.includes(dom) && months.includes(mon) && (dowExpr === "*" || daysOfWeek.includes(dow))) {
       return candidate;
     }
@@ -849,6 +850,76 @@ URL: ${info.url}`;
   isConnected() {
     return this.connected && this.ws?.readyState === WebSocket.OPEN;
   }
+  // ── Login Detection ────────────────────────────────────────────
+  /**
+   * Detect if the current page appears to be a login/authentication page.
+   * Checks URL patterns, password input fields, and login form actions.
+   */
+  async detectLoginPage() {
+    try {
+      const result = await this.send("Runtime.evaluate", {
+        expression: `
+          (function() {
+            var url = window.location.href.toLowerCase();
+
+            // URL-based detection
+            var loginPatterns = [
+              '/login', '/signin', '/sign-in', '/sign_in',
+              '/auth/', '/sso/', '/oauth/', '/session/new',
+              '/accounts/login', '/users/sign_in',
+              'accounts.google.com', 'login.microsoftonline.com',
+              'github.com/login', 'github.com/session',
+              'login.live.com', 'appleid.apple.com'
+            ];
+            for (var i = 0; i < loginPatterns.length; i++) {
+              if (url.indexOf(loginPatterns[i]) !== -1) {
+                return JSON.stringify({
+                  isLoginPage: true,
+                  reason: 'URL contains login pattern: ' + loginPatterns[i]
+                });
+              }
+            }
+
+            // Password input detection (visible only)
+            var passwordInputs = document.querySelectorAll('input[type="password"]');
+            for (var j = 0; j < passwordInputs.length; j++) {
+              var input = passwordInputs[j];
+              var rect = input.getBoundingClientRect();
+              var style = window.getComputedStyle(input);
+              if (rect.width > 0 && rect.height > 0 &&
+                  style.display !== 'none' && style.visibility !== 'hidden') {
+                return JSON.stringify({
+                  isLoginPage: true,
+                  reason: 'Page contains visible password input field'
+                });
+              }
+            }
+
+            // Login form action detection
+            var formSelectors = [
+              'form[action*="login"]', 'form[action*="signin"]',
+              'form[action*="session"]', 'form[action*="auth"]',
+              'form[action*="authenticate"]'
+            ];
+            var loginForms = document.querySelectorAll(formSelectors.join(','));
+            if (loginForms.length > 0) {
+              return JSON.stringify({
+                isLoginPage: true,
+                reason: 'Page contains login form'
+              });
+            }
+
+            return JSON.stringify({ isLoginPage: false, reason: '' });
+          })()
+        `,
+        returnByValue: true
+      });
+      const value = result.result?.value;
+      return JSON.parse(value || '{"isLoginPage":false,"reason":""}');
+    } catch {
+      return { isLoginPage: false, reason: "" };
+    }
+  }
 };
 function findChromePath() {
   const os = platform();
@@ -2275,6 +2346,60 @@ ${stderr}` : "";
 }
 
 // src/tools/index.ts
+async function detectAndHandleLogin(browser) {
+  const detection = await browser.detectLoginPage();
+  if (!detection.isLoginPage) return null;
+  const pageInfo = await browser.getPageInfo();
+  let siteName;
+  try {
+    siteName = new URL(pageInfo.url).hostname;
+  } catch {
+    siteName = pageInfo.url;
+  }
+  console.log("\n");
+  console.log("\u2501".repeat(60));
+  console.log("  \u{1F510} LOGIN REQUIRED");
+  console.log("\u2501".repeat(60));
+  console.log(`  ${detection.reason}`);
+  console.log(`  Site: ${siteName}`);
+  console.log(`  Please log in using the browser window.`);
+  console.log(`  Your session will be saved for future use.`);
+  console.log(`  (Waiting up to 120s for you to complete login)`);
+  console.log("\u2501".repeat(60));
+  console.log("\n");
+  const loginUrl = pageInfo.url;
+  const deadline = Date.now() + 12e4;
+  while (Date.now() < deadline) {
+    await new Promise((r) => setTimeout(r, 3e3));
+    try {
+      const currentInfo = await browser.getPageInfo();
+      if (currentInfo.url !== loginUrl) {
+        await new Promise((r) => setTimeout(r, 1500));
+        const newPage = await browser.readPage();
+        return `Login completed. Redirected to: ${currentInfo.url}
+Session saved in assistme browser profile for future use.
+
+Current page:
+${newPage.slice(0, 3e3)}`;
+      }
+      const stillLogin = await browser.detectLoginPage();
+      if (!stillLogin.isLoginPage) {
+        const newPage = await browser.readPage();
+        return `Login completed on ${siteName}.
+Session saved in assistme browser profile for future use.
+
+Current page:
+${newPage.slice(0, 3e3)}`;
+      }
+    } catch {
+      try {
+        await browser.connect();
+      } catch {
+      }
+    }
+  }
+  return `Login wait timed out after 120s. The user may still need to log in at ${siteName}.`;
+}
 async function ensureConnected(browser, tabIndex) {
   if (browser.isConnected() && tabIndex === void 0) return;
   if (!await browser.isAvailable()) {
@@ -2316,9 +2441,15 @@ async function executeTool(name, input) {
       await ensureConnected(browser, input.tab_index);
       return browser.isConnected() ? "Connected to browser." : "Failed to connect.";
     }
-    case "browser_navigate":
+    case "browser_navigate": {
       await ensureConnected(browser);
-      return browser.navigate(input.url);
+      const navResult = await browser.navigate(input.url);
+      const loginResult = await detectAndHandleLogin(browser);
+      if (loginResult) {
+        return navResult + "\n\n" + loginResult;
+      }
+      return navResult;
+    }
     case "browser_read_page":
       await ensureConnected(browser);
       return browser.readPage();
@@ -2832,7 +2963,9 @@ var BASE_SYSTEM_PROMPT = `You are AssistMe, an AI assistant that operates like a
 KEY PRINCIPLE: You operate the user's real browser, not a headless sandbox. This means:
 - The browser has the user's real cookies, logins, and sessions
 - When you navigate to amazon.com, you see the user's logged-in Amazon
-- If a site needs login, ask the user to log in using browser_request_user_action
+- If a site needs login, the browser will auto-detect the login page and prompt the user
+- After the user logs in, their session is saved in the persistent browser profile (~/.assistme/browser-profile)
+- Saved sessions persist across assistme restarts \u2014 the user only needs to log in once per site
 - You are like a human assistant sitting at the user's computer
 - Chrome is automatically managed \u2014 just call browser_connect and it will auto-launch if needed
 - NEVER ask the user to manually start Chrome or run any terminal commands for browser setup
@@ -2859,9 +2992,9 @@ Available capabilities:
 Workflow for web tasks (e.g. "\u67E5\u4E00\u4E0B kindle \u6700\u65B0\u6B3E\u4EF7\u683C"):
 1. browser_connect \u2192 connect to user's Chrome
 2. browser_new_tab \u2192 open a new tab
-3. browser_navigate \u2192 go to the website
+3. browser_navigate \u2192 go to the website (login pages are auto-detected \u2014 the user will be prompted and their session saved)
 4. browser_read_page or browser_screenshot \u2192 read the content
-5. If login required \u2192 browser_request_user_action \u2192 wait \u2192 continue
+5. If login is needed but not auto-detected \u2192 use browser_request_user_action to ask the user
 6. Repeat across multiple sites as needed
 7. Summarize findings
 
@@ -2869,7 +3002,8 @@ Guidelines:
 - Always use the real browser for web tasks, never try to fetch URLs programmatically
 - Use browser_screenshot when you need to see the visual layout
 - Use browser_get_elements to find clickable elements before clicking
-- If a page needs authentication, use browser_request_user_action immediately
+- Login pages are auto-detected after navigation \u2014 the user is prompted and sessions are saved automatically
+- If auto-detection misses a login page, use browser_request_user_action manually
 - Be thorough: check multiple sources when comparing prices/products
 - Summarize results clearly at the end
 - When you learn something about the user (preferences, habits), use memory_store to remember it

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "assistme",
-  "version": "0.1.13",
+  "version": "0.1.14",
   "description": "AssistMe CLI Agent - AI-powered assistant that controls your real browser",
   "type": "module",
   "main": "dist/index.js",

package/src/agent/processor.ts

@@ -37,7 +37,9 @@ const BASE_SYSTEM_PROMPT = `You are AssistMe, an AI assistant that operates like
 KEY PRINCIPLE: You operate the user's real browser, not a headless sandbox. This means:
 - The browser has the user's real cookies, logins, and sessions
 - When you navigate to amazon.com, you see the user's logged-in Amazon
-- If a site needs login, ask the user to log in using browser_request_user_action
+- If a site needs login, the browser will auto-detect the login page and prompt the user
+- After the user logs in, their session is saved in the persistent browser profile (~/.assistme/browser-profile)
+- Saved sessions persist across assistme restarts — the user only needs to log in once per site
 - You are like a human assistant sitting at the user's computer
 - Chrome is automatically managed — just call browser_connect and it will auto-launch if needed
 - NEVER ask the user to manually start Chrome or run any terminal commands for browser setup
@@ -64,9 +66,9 @@ Available capabilities:
 Workflow for web tasks (e.g. "查一下 kindle 最新款价格"):
 1. browser_connect → connect to user's Chrome
 2. browser_new_tab → open a new tab
-3. browser_navigate → go to the website
+3. browser_navigate → go to the website (login pages are auto-detected — the user will be prompted and their session saved)
 4. browser_read_page or browser_screenshot → read the content
-5. If login required → browser_request_user_action → wait → continue
+5. If login is needed but not auto-detected → use browser_request_user_action to ask the user
 6. Repeat across multiple sites as needed
 7. Summarize findings
 
@@ -74,7 +76,8 @@ Guidelines:
 - Always use the real browser for web tasks, never try to fetch URLs programmatically
 - Use browser_screenshot when you need to see the visual layout
 - Use browser_get_elements to find clickable elements before clicking
-- If a page needs authentication, use browser_request_user_action immediately
+- Login pages are auto-detected after navigation — the user is prompted and sessions are saved automatically
+- If auto-detection misses a login page, use browser_request_user_action manually
 - Be thorough: check multiple sources when comparing prices/products
 - Summarize results clearly at the end
 - When you learn something about the user (preferences, habits), use memory_store to remember it

package/src/agent/scheduler.ts

@@ -25,11 +25,7 @@ export interface ScheduledTask {
  * Supports: minute hour day-of-month month day-of-week
  * Examples: "0 8 * * *" (daily 8am), "0,30 * * * *" (every 30min)
  */
-export function getNextRunTime(
-  cronExpr: string,
-  timezone: string,
-  fromDate?: Date
-): Date {
+export function getNextRunTime(cronExpr: string, timezone: string, fromDate?: Date): Date {
   const now = fromDate || new Date();
   const parts = cronExpr.trim().split(/\s+/);
   if (parts.length !== 5) {
@@ -65,6 +61,8 @@ export function getNextRunTime(
   const months = parseField(monExpr, 1, 12);
   const daysOfWeek = parseField(dowExpr, 0, 6); // 0 = Sunday
 
+  const useUTC = timezone === "UTC";
+
   // Find the next matching time after 'now'
   const candidate = new Date(now.getTime() + 60_000); // Start from next minute
   candidate.setSeconds(0, 0);
@@ -72,11 +70,11 @@ export function getNextRunTime(
   // Search up to 366 days ahead
   for (let i = 0; i < 527040; i++) {
     // 366 * 24 * 60
-    const m = candidate.getMinutes();
-    const h = candidate.getHours();
-    const dom = candidate.getDate();
-    const mon = candidate.getMonth() + 1;
-    const dow = candidate.getDay();
+    const m = useUTC ? candidate.getUTCMinutes() : candidate.getMinutes();
+    const h = useUTC ? candidate.getUTCHours() : candidate.getHours();
+    const dom = useUTC ? candidate.getUTCDate() : candidate.getDate();
+    const mon = (useUTC ? candidate.getUTCMonth() : candidate.getMonth()) + 1;
+    const dow = useUTC ? candidate.getUTCDay() : candidate.getDay();
 
     if (
       minutes.includes(m) &&
@@ -98,13 +96,9 @@ export function getNextRunTime(
 export class Scheduler {
   private timer: ReturnType<typeof setInterval> | null = null;
   private running = false;
-  private onScheduledTask:
-    | ((task: ScheduledTask) => Promise<void>)
-    | null = null;
+  private onScheduledTask: ((task: ScheduledTask) => Promise<void>) | null = null;
 
-  async start(
-    onScheduledTask: (task: ScheduledTask) => Promise<void>
-  ): Promise<void> {
+  async start(onScheduledTask: (task: ScheduledTask) => Promise<void>): Promise<void> {
     this.onScheduledTask = onScheduledTask;
     this.running = true;
 
@@ -187,16 +181,10 @@ export class Scheduler {
       try {
         await this.onScheduledTask(task);
 
-        await sb
-          .from("agent_scheduled_tasks")
-          .update({ last_error: null })
-          .eq("id", task.id);
+        await sb.from("agent_scheduled_tasks").update({ last_error: null }).eq("id", task.id);
       } catch (err) {
         const errMsg = err instanceof Error ? err.message : String(err);
-        await sb
-          .from("agent_scheduled_tasks")
-          .update({ last_error: errMsg })
-          .eq("id", task.id);
+        await sb.from("agent_scheduled_tasks").update({ last_error: errMsg }).eq("id", task.id);
         log.error(`Scheduled task "${task.name}" failed: ${errMsg}`);
       }
     } catch (err) {
@@ -234,9 +222,7 @@ export async function createScheduledTask(
   return data as ScheduledTask;
 }
 
-export async function listScheduledTasks(
-  userId: string
-): Promise<ScheduledTask[]> {
+export async function listScheduledTasks(userId: string): Promise<ScheduledTask[]> {
   const sb = getSupabase();
   const { data, error } = await sb
     .from("agent_scheduled_tasks")
@@ -248,10 +234,7 @@ export async function listScheduledTasks(
   return (data || []) as ScheduledTask[];
 }
 
-export async function toggleScheduledTask(
-  taskId: string,
-  enabled: boolean
-): Promise<void> {
+export async function toggleScheduledTask(taskId: string, enabled: boolean): Promise<void> {
   const sb = getSupabase();
   const update: Record<string, unknown> = { enabled };
   if (enabled) {
@@ -267,20 +250,14 @@ export async function toggleScheduledTask(
     }
   }
 
-  const { error } = await sb
-    .from("agent_scheduled_tasks")
-    .update(update)
-    .eq("id", taskId);
+  const { error } = await sb.from("agent_scheduled_tasks").update(update).eq("id", taskId);
 
   if (error) throw new Error(`Failed to toggle schedule: ${error.message}`);
 }
 
 export async function deleteScheduledTask(taskId: string): Promise<void> {
   const sb = getSupabase();
-  const { error } = await sb
-    .from("agent_scheduled_tasks")
-    .delete()
-    .eq("id", taskId);
+  const { error } = await sb.from("agent_scheduled_tasks").delete().eq("id", taskId);
 
   if (error) throw new Error(`Failed to delete schedule: ${error.message}`);
 }

package/src/db/supabase.test.ts

@@ -8,14 +8,28 @@ let finalResult: Record<string, unknown> = { data: [], error: null };
 
 const chain: Record<string, unknown> = {};
 const chainMethods = [
-  "select", "insert", "update", "delete", "eq", "neq", "not",
-  "or", "in", "order", "limit", "single", "from", "lt",
+  "select",
+  "insert",
+  "update",
+  "delete",
+  "eq",
+  "neq",
+  "not",
+  "or",
+  "in",
+  "order",
+  "limit",
+  "single",
+  "from",
+  "lt",
 ];
 for (const method of chainMethods) {
   chain[method] = vi.fn().mockImplementation(() => chain);
 }
 // Make chain thenable — always resolves to current finalResult
-chain.then = function (resolve: (value: unknown) => void) { return resolve(finalResult); };
+chain.then = function (resolve: (value: unknown) => void) {
+  return resolve(finalResult);
+};
 chain.single = vi.fn().mockImplementation(() => ({
   ...chain,
   then: (resolve: (value: unknown) => void) => resolve(finalResult),
@@ -48,7 +62,9 @@ const stableMockClient = {
 
 function setResult(result: Record<string, unknown>) {
   finalResult = result;
-  chain.then = function (resolve: (value: unknown) => void) { return resolve(result); };
+  chain.then = function (resolve: (value: unknown) => void) {
+    return resolve(result);
+  };
   chain.single = vi.fn().mockImplementation(() => ({
     ...chain,
     then: (resolve: (value: unknown) => void) => resolve(result),
@@ -73,7 +89,10 @@ vi.mock("../utils/config.js", () => ({
 
 vi.mock("../utils/logger.js", () => ({
   log: {
-    debug: vi.fn(), info: vi.fn(), warn: vi.fn(), error: vi.fn(),
+    debug: vi.fn(),
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
   },
 }));
 
@@ -81,9 +100,9 @@ vi.mock("fs", async (importOriginal) => {
   const original = (await importOriginal()) as Record<string, unknown>;
   return {
     ...original,
-    existsSync: vi.fn().mockReturnValue(false),
+    existsSync: vi.fn().mockReturnValue(true),
     mkdirSync: vi.fn(),
-    readFileSync: vi.fn().mockReturnValue("{}"),
+    readFileSync: vi.fn().mockReturnValue(JSON.stringify({ mcp_token: "am_test_token_123" })),
     writeFileSync: vi.fn(),
   };
 });
@@ -131,7 +150,14 @@ describe("Supabase DB Layer", () => {
 
       const result = await createSession("user-123", "Test", "/tmp", "0.1.0");
 
-      expect(mockFrom).toHaveBeenCalledWith("agent_sessions");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_create_session",
+        expect.objectContaining({
+          p_session_name: "Test",
+          p_workspace_path: "/tmp",
+          p_version: "0.1.0",
+        })
+      );
       expect(result.id).toBe("sess-001");
       expect(result.status).toBe("online");
     });
@@ -139,9 +165,9 @@ describe("Supabase DB Layer", () => {
     it("throws on DB error", async () => {
       setResult({ data: null, error: { message: "insert failed" } });
 
-      await expect(
-        createSession("user-123", "Test", "/tmp", "0.1.0")
-      ).rejects.toThrow("Failed to create session");
+      await expect(createSession("user-123", "Test", "/tmp", "0.1.0")).rejects.toThrow(
+        "Failed to create session"
+      );
     });
   });
 
@@ -149,8 +175,12 @@ describe("Supabase DB Layer", () => {
     it("updates the heartbeat timestamp", async () => {
       setResult({ error: null });
       await updateHeartbeat("sess-001");
-      expect(mockFrom).toHaveBeenCalledWith("agent_sessions");
-      expect(chain.eq).toHaveBeenCalledWith("id", "sess-001");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_heartbeat",
+        expect.objectContaining({
+          p_session_id: "sess-001",
+        })
+      );
     });
   });
 
@@ -158,8 +188,12 @@ describe("Supabase DB Layer", () => {
     it("sets session to offline", async () => {
       setResult({ error: null });
       await endSession("sess-001");
-      expect(mockFrom).toHaveBeenCalledWith("agent_sessions");
-      expect(chain.update).toHaveBeenCalled();
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_end_session",
+        expect.objectContaining({
+          p_session_id: "sess-001",
+        })
+      );
     });
   });
 
@@ -167,7 +201,13 @@ describe("Supabase DB Layer", () => {
     it("sets session to busy", async () => {
       setResult({ error: null });
       await setSessionBusy("sess-001", true);
-      expect(chain.update).toHaveBeenCalled();
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_set_session_busy",
+        expect.objectContaining({
+          p_session_id: "sess-001",
+          p_busy: true,
+        })
+      );
     });
   });
 
@@ -208,9 +248,12 @@ describe("Supabase DB Layer", () => {
     it("updates status to running", async () => {
       setResult({ error: null });
       await claimTask("msg-001");
-      expect(mockFrom).toHaveBeenCalledWith("conversation_messages");
-      expect(chain.eq).toHaveBeenCalledWith("id", "msg-001");
-      expect(chain.eq).toHaveBeenCalledWith("status", "pending");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_claim_task",
+        expect.objectContaining({
+          p_message_id: "msg-001",
+        })
+      );
     });
 
     it("throws on DB error", async () => {
@@ -223,7 +266,13 @@ describe("Supabase DB Layer", () => {
     it("updates status to completed with result", async () => {
       setResult({ data: { metadata: {} }, error: null });
       await completeTask("msg-001", "Task completed successfully");
-      expect(mockFrom).toHaveBeenCalledWith("conversation_messages");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_complete_task",
+        expect.objectContaining({
+          p_message_id: "msg-001",
+          p_result: "Task completed successfully",
+        })
+      );
     });
   });
 
@@ -231,7 +280,13 @@ describe("Supabase DB Layer", () => {
     it("updates status to failed with error", async () => {
       setResult({ data: { metadata: {} }, error: null });
       await failTask("msg-001", "Something went wrong");
-      expect(mockFrom).toHaveBeenCalledWith("conversation_messages");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_fail_task",
+        expect.objectContaining({
+          p_message_id: "msg-001",
+          p_error: "Something went wrong",
+        })
+      );
     });
   });
 
@@ -242,42 +297,44 @@ describe("Supabase DB Layer", () => {
       await emitEvent("msg-001", "text_delta", { text: "hello" });
       await emitEvent("msg-001", "text_delta", { text: "world" });
 
-      expect(mockFrom).toHaveBeenCalledWith("message_events");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "mcp_emit_event",
+        expect.objectContaining({
+          p_message_id: "msg-001",
+          p_event_type: "text_delta",
+        })
+      );
     });
   });
 
   describe("loginWithToken()", () => {
-    it("decodes base64 token and sets session", async () => {
-      const token = Buffer.from(
-        JSON.stringify({
-          access_token: "test-access",
-          refresh_token: "test-refresh",
-        })
-      ).toString("base64");
+    it("validates am_ token via RPC and returns user ID", async () => {
+      setResult({ data: [{ out_user_id: "user-123" }], error: null });
 
-      const userId = await loginWithToken(token);
+      const userId = await loginWithToken("am_valid_test_token");
       expect(userId).toBe("user-123");
+      expect(mockRpc).toHaveBeenCalledWith(
+        "validate_mcp_token",
+        expect.objectContaining({
+          p_token_hash: expect.any(String),
+        })
+      );
     });
 
-    it("throws on invalid token format", async () => {
-      await expect(loginWithToken("not-base64")).rejects.toThrow(
-        "Invalid token format"
-      );
+    it("throws on invalid token format (no am_ prefix)", async () => {
+      await expect(loginWithToken("not-am-token")).rejects.toThrow("Invalid token format");
     });
 
-    it("throws on missing token fields", async () => {
-      const token = Buffer.from(
-        JSON.stringify({ access_token: "only-one" })
-      ).toString("base64");
+    it("throws on RPC validation failure", async () => {
+      setResult({ data: null, error: { message: "validation failed" } });
 
-      await expect(loginWithToken(token)).rejects.toThrow(
-        "Invalid token format"
-      );
+      await expect(loginWithToken("am_bad_token")).rejects.toThrow("Token validation failed");
     });
   });
 
   describe("getCurrentUserId()", () => {
     it("returns user ID when authenticated", async () => {
+      setResult({ data: [{ out_user_id: "user-123" }], error: null });
       const userId = await getCurrentUserId();
       expect(userId).toBe("user-123");
     });

package/src/tools/browser.ts

@@ -583,6 +583,79 @@ export class BrowserController {
   isConnected(): boolean {
     return this.connected && this.ws?.readyState === WebSocket.OPEN;
   }
+
+  // ── Login Detection ────────────────────────────────────────────
+
+  /**
+   * Detect if the current page appears to be a login/authentication page.
+   * Checks URL patterns, password input fields, and login form actions.
+   */
+  async detectLoginPage(): Promise<{ isLoginPage: boolean; reason: string }> {
+    try {
+      const result = await this.send("Runtime.evaluate", {
+        expression: `
+          (function() {
+            var url = window.location.href.toLowerCase();
+
+            // URL-based detection
+            var loginPatterns = [
+              '/login', '/signin', '/sign-in', '/sign_in',
+              '/auth/', '/sso/', '/oauth/', '/session/new',
+              '/accounts/login', '/users/sign_in',
+              'accounts.google.com', 'login.microsoftonline.com',
+              'github.com/login', 'github.com/session',
+              'login.live.com', 'appleid.apple.com'
+            ];
+            for (var i = 0; i < loginPatterns.length; i++) {
+              if (url.indexOf(loginPatterns[i]) !== -1) {
+                return JSON.stringify({
+                  isLoginPage: true,
+                  reason: 'URL contains login pattern: ' + loginPatterns[i]
+                });
+              }
+            }
+
+            // Password input detection (visible only)
+            var passwordInputs = document.querySelectorAll('input[type="password"]');
+            for (var j = 0; j < passwordInputs.length; j++) {
+              var input = passwordInputs[j];
+              var rect = input.getBoundingClientRect();
+              var style = window.getComputedStyle(input);
+              if (rect.width > 0 && rect.height > 0 &&
+                  style.display !== 'none' && style.visibility !== 'hidden') {
+                return JSON.stringify({
+                  isLoginPage: true,
+                  reason: 'Page contains visible password input field'
+                });
+              }
+            }
+
+            // Login form action detection
+            var formSelectors = [
+              'form[action*="login"]', 'form[action*="signin"]',
+              'form[action*="session"]', 'form[action*="auth"]',
+              'form[action*="authenticate"]'
+            ];
+            var loginForms = document.querySelectorAll(formSelectors.join(','));
+            if (loginForms.length > 0) {
+              return JSON.stringify({
+                isLoginPage: true,
+                reason: 'Page contains login form'
+              });
+            }
+
+            return JSON.stringify({ isLoginPage: false, reason: '' });
+          })()
+        `,
+        returnByValue: true,
+      });
+
+      const value = (result as CDPEvalResult).result?.value as string;
+      return JSON.parse(value || '{"isLoginPage":false,"reason":""}');
+    } catch {
+      return { isLoginPage: false, reason: "" };
+    }
+  }
 }
 
 // ── Chrome Auto-Launch ──────────────────────────────────────────────

package/src/tools/index.ts

@@ -270,6 +270,81 @@ export function getToolDefinitions(): ToolDefinition[] {
   ];
 }
 
+/**
+ * After navigation, detect if the page requires login and automatically prompt
+ * the user to log in. Waits for login completion and returns context about the
+ * login result. Returns null if no login was needed.
+ *
+ * The browser uses a persistent profile (~/.assistme/browser-profile), so once
+ * the user logs in, their session is saved and reused in future sessions.
+ */
+async function detectAndHandleLogin(browser: BrowserController): Promise<string | null> {
+  const detection = await browser.detectLoginPage();
+  if (!detection.isLoginPage) return null;
+
+  const pageInfo = await browser.getPageInfo();
+  let siteName: string;
+  try {
+    siteName = new URL(pageInfo.url).hostname;
+  } catch {
+    siteName = pageInfo.url;
+  }
+
+  // Notify user via terminal
+  console.log("\n");
+  console.log("\u2501".repeat(60));
+  console.log("  \uD83D\uDD10 LOGIN REQUIRED");
+  console.log("\u2501".repeat(60));
+  console.log(`  ${detection.reason}`);
+  console.log(`  Site: ${siteName}`);
+  console.log(`  Please log in using the browser window.`);
+  console.log(`  Your session will be saved for future use.`);
+  console.log(`  (Waiting up to 120s for you to complete login)`);
+  console.log("\u2501".repeat(60));
+  console.log("\n");
+
+  // Wait for user to log in — poll for URL change or login form disappearing
+  const loginUrl = pageInfo.url;
+  const deadline = Date.now() + 120_000;
+
+  while (Date.now() < deadline) {
+    await new Promise((r) => setTimeout(r, 3000));
+    try {
+      const currentInfo = await browser.getPageInfo();
+      // URL changed = user likely logged in and was redirected
+      if (currentInfo.url !== loginUrl) {
+        // Give the page a moment to settle after redirect
+        await new Promise((r) => setTimeout(r, 1500));
+        const newPage = await browser.readPage();
+        return (
+          `Login completed. Redirected to: ${currentInfo.url}\n` +
+          `Session saved in assistme browser profile for future use.\n\n` +
+          `Current page:\n${newPage.slice(0, 3000)}`
+        );
+      }
+      // Check if login form disappeared (user logged in on same page)
+      const stillLogin = await browser.detectLoginPage();
+      if (!stillLogin.isLoginPage) {
+        const newPage = await browser.readPage();
+        return (
+          `Login completed on ${siteName}.\n` +
+          `Session saved in assistme browser profile for future use.\n\n` +
+          `Current page:\n${newPage.slice(0, 3000)}`
+        );
+      }
+    } catch {
+      // Connection may drop during navigation — reconnect
+      try {
+        await browser.connect();
+      } catch {
+        /* best effort */
+      }
+    }
+  }
+
+  return `Login wait timed out after 120s. The user may still need to log in at ${siteName}.`;
+}
+
 /**
  * Ensure Chrome is running with CDP and we have an active WebSocket connection.
  * Called lazily by every browser tool so the user never has to call browser_connect explicitly.
@@ -320,9 +395,18 @@ export async function executeTool(name: string, input: Record<string, unknown>):
       await ensureConnected(browser, input.tab_index as number | undefined);
       return browser.isConnected() ? "Connected to browser." : "Failed to connect.";
     }
-    case "browser_navigate":
+    case "browser_navigate": {
       await ensureConnected(browser);
-      return browser.navigate(input.url as string);
+      const navResult = await browser.navigate(input.url as string);
+
+      // Auto-detect login pages and prompt user if needed
+      const loginResult = await detectAndHandleLogin(browser);
+      if (loginResult) {
+        return navResult + "\n\n" + loginResult;
+      }
+
+      return navResult;
+    }
     case "browser_read_page":
       await ensureConnected(browser);
       return browser.readPage();

package/src/utils/config.test.ts

@@ -28,9 +28,7 @@ vi.mock("conf", () => {
   };
 });
 
-const { getConfig, setConfig, clearConfig, getConfigPath } = await import(
-  "./config.js"
-);
+const { getConfig, setConfig, clearConfig, getConfigPath } = await import("./config.js");
 
 describe("config module", () => {
   const originalEnv = { ...process.env };
@@ -74,10 +72,10 @@ describe("config module", () => {
     expect(config.supabaseUrl).toBe("https://config.supabase.co");
   });
 
-  it("returns empty string for unset values", () => {
+  it("returns defaults for supabase and empty string for unset optional values", () => {
     const config = getConfig();
-    expect(config.supabaseUrl).toBe("");
-    expect(config.supabaseAnonKey).toBe("");
+    expect(config.supabaseUrl).toContain("supabase.co");
+    expect(config.supabaseAnonKey).toBeTruthy();
     expect(config.anthropicApiKey).toBe("");
   });