autokap 1.0.8 → 1.0.10

package/assets/skill/OPCODE-REFERENCE.md

@@ -1,6 +1,6 @@
 # AutoKap Opcode Reference
 
-Detailed parameter documentation for all 24 opcodes. For workflow, rules, and examples, see [SKILL.md](SKILL.md).
+Detailed parameter documentation for all 25 opcodes. For workflow, rules, and examples, see [SKILL.md](SKILL.md).
 
 ## Common Fields (all opcodes)
 
@@ -248,6 +248,34 @@ Double-click an element.
 { "kind": "DOUBLE_CLICK", "selector": "[data-ak=\"editable-title\"]", "postcondition": { "type": "element_visible", "selector": "[data-ak=\"title-editor\"]", "waitMs": 3000 } }
 ```
 
+## DRAG
+
+Drag the source element from point A to point B with an animated cursor. In clip recordings the cursor overlay glides along a Bezier curve, shows a pressed state during the drag, and emits a drop pulse at the destination.
+
+| Param | Type | Required | Description |
+|-------|------|----------|-------------|
+| `selector` | string | yes | CSS selector of the source element (the one being dragged) |
+| `target` | SemanticTarget | no | Semantic fallback for the source |
+| `fingerprint` | string | no | AKTree fingerprint for the source |
+| `selectorAlternates` | string[] | no | Alternative source selectors |
+| `toSelector` | string | no* | CSS selector of the drop target element |
+| `toTarget` | SemanticTarget | no* | Semantic fallback for the drop target |
+| `toSelectorAlternates` | string[] | no | Alternative destination selectors |
+| `offset` | `{ dx: number, dy: number }` | no* | Pixel offset from the source center (use for sliders, canvas drawing, or any drop that isn't a DOM node) |
+
+*Provide EITHER `toSelector` / `toTarget` (element drag) OR `offset` (relative drag). Not both.
+
+**Can:** Element-to-element drag (Kanban columns, sortable lists), slider adjustments, canvas drawing, any interaction driven by mousedown + mousemove + mouseup. Works with native HTML5 drag, dnd-kit, react-dnd, Radix DnD primitives — `page.mouse.*` fires both mouse and pointer events.
+**Cannot:** Multi-touch gestures, drag between different browser windows, file drops (use a file input instead).
+
+```json
+{ "kind": "DRAG", "selector": "[data-ak=\"task-card-todo-1\"]", "toSelector": "[data-ak=\"column-in-progress\"]", "postcondition": { "type": "element_visible", "selector": "[data-ak=\"column-in-progress\"] [data-ak=\"task-card-todo-1\"]", "waitMs": 3000 } }
+```
+
+```json
+{ "kind": "DRAG", "selector": "[data-ak=\"volume-slider-thumb\"]", "offset": { "dx": 120, "dy": 0 }, "postcondition": { "type": "any_change" } }
+```
+
 ## SET_LOCALE
 
 Set the application's locale/language for the current variant.

package/assets/skill/SKILL.md

@@ -134,7 +134,7 @@ interface VariantSpec {
 
 ## Opcode Quick Reference
 
-24 opcodes available. For full parameter documentation, see [OPCODE-REFERENCE.md](OPCODE-REFERENCE.md).
+25 opcodes available. For full parameter documentation, see [OPCODE-REFERENCE.md](OPCODE-REFERENCE.md).
 
 | Kind | Selector? | Key Params | Typical Postcondition | Notes |
 |------|-----------|-----------|----------------------|-------|
@@ -149,6 +149,7 @@ interface VariantSpec {
 | `SELECT_OPTION` | yes | `optionLabel` / `optionValue` / `optionIndex` | `text_contains` | **Native `<select>` only.** Custom dropdowns: use CLICK sequence |
 | `CHECK` | yes | `checked` | `always` | Idempotent. Safer than CLICK for checkboxes |
 | `DOUBLE_CLICK` | yes | — | `element_visible` / `any_change` | Inline editing, text selection |
+| `DRAG` | yes | `toSelector?` / `toTarget?` / `offset?` | `element_visible` / `any_change` | Animated cursor A→B. Use `toSelector` for Kanban-style drops, `offset` for sliders / canvas |
 | `SET_LOCALE` | no | `locale`, `method`, `storageHints?` | `always` | Use `"$variant"`. Prefer `method: "storage"` |
 | `SET_THEME` | no | `theme`, `method`, `storageHints?` | `always` | Use `"$variant"`. Prefer `method: "storage"` |
 | `ASSERT_ROUTE` | no | `urlPattern` | `route_matches` | Validation checkpoint |

package/dist/auth-capture.js

@@ -95,7 +95,7 @@ export async function captureAuthSession(options) {
             if (!context || !browser.isConnected())
                 return;
             try {
-                const snapshot = (await context.storageState());
+                const snapshot = sanitizeStorageStateForStartUrl((await context.storageState()), startUrl);
                 const hasAny = (snapshot.cookies?.length ?? 0) > 0 || (snapshot.origins?.length ?? 0) > 0;
                 if (hasAny)
                     lastGoodState = snapshot;
@@ -119,7 +119,7 @@ export async function captureAuthSession(options) {
         // snapshot (most up-to-date) before tearing down.
         if (userConfirmed && browser.isConnected()) {
             try {
-                lastGoodState = (await context.storageState());
+                lastGoodState = sanitizeStorageStateForStartUrl((await context.storageState()), startUrl);
             }
             catch {
                 // fall back to whatever the poll captured
@@ -161,4 +161,37 @@ export async function captureAuthSession(options) {
         }
     }
 }
+function sanitizeStorageStateForStartUrl(state, startUrl) {
+    try {
+        const parsed = new URL(startUrl);
+        const allowedSuffix = buildAllowedCookieSuffix(parsed.hostname);
+        const cookies = (state.cookies ?? []).filter((cookie) => {
+            const domain = String(cookie.domain ?? '').trim().replace(/^\./, '').toLowerCase();
+            return domain === parsed.hostname || domain.endsWith(`.${allowedSuffix}`) || domain === allowedSuffix;
+        });
+        const origins = (state.origins ?? []).filter((originEntry) => {
+            try {
+                const origin = new URL(String(originEntry.origin ?? ''));
+                return origin.hostname === parsed.hostname
+                    || origin.hostname === allowedSuffix
+                    || origin.hostname.endsWith(`.${allowedSuffix}`);
+            }
+            catch {
+                return false;
+            }
+        });
+        return { cookies, origins };
+    }
+    catch {
+        return state;
+    }
+}
+function buildAllowedCookieSuffix(hostname) {
+    const normalized = hostname.trim().toLowerCase().replace(/^\.+/, '');
+    if (!normalized || normalized === 'localhost' || /^\d{1,3}(?:\.\d{1,3}){3}$/.test(normalized)) {
+        return normalized;
+    }
+    const parts = normalized.split('.');
+    return parts.length >= 2 ? parts.slice(-2).join('.') : normalized;
+}
 //# sourceMappingURL=auth-capture.js.map

package/dist/billing-operation-logging.d.ts

@@ -1,6 +1,6 @@
 import type { SupabaseClient } from '@supabase/supabase-js';
 import type { StepUsage } from './types.js';
-export type BillingOperationType = 'screenshot' | 'clip' | 'video';
+export type BillingOperationType = 'screenshot' | 'clip' | 'video' | 'interactive_demo';
 type BillingOperationOutcome = 'succeeded' | 'failed' | 'cancelled';
 interface BillingOperationContext {
     runId: string;
@@ -10,6 +10,7 @@ interface BillingOperationContext {
     captureId?: string | null;
     videoId?: string | null;
     clipRecordId?: string | null;
+    interactiveDemoStateId?: string | null;
     operationType: BillingOperationType;
     captureType?: 'fullpage' | 'element' | 'video' | null;
     lang?: string | null;
@@ -33,6 +34,7 @@ export declare function insertBillingOperationLog(supabase: SupabaseClient, ctx:
 export declare function insertScreenshotOperationLog(supabase: SupabaseClient, ctx: Omit<BillingOperationContext, 'operationType'>, params: BillingOperationParams): Promise<string | null>;
 export declare function insertClipOperationLog(supabase: SupabaseClient, ctx: Omit<BillingOperationContext, 'operationType'>, params: BillingOperationParams): Promise<string | null>;
 export declare function insertVideoOperationLog(supabase: SupabaseClient, ctx: Omit<BillingOperationContext, 'operationType'>, params: BillingOperationParams): Promise<string | null>;
+export declare function insertInteractiveDemoOperationLog(supabase: SupabaseClient, ctx: Omit<BillingOperationContext, 'operationType'>, params: BillingOperationParams): Promise<string | null>;
 export declare function cancelScreenshotOperationLogsForCapture(supabase: SupabaseClient, captureId: string, reason: string): Promise<void>;
 export declare function reconcilePendingBillingOperationCosts(supabase: SupabaseClient, operationIds?: string[]): Promise<void>;
 export {};

package/dist/billing-operation-logging.js

@@ -131,6 +131,7 @@ export async function insertBillingOperationLog(supabase, ctx, params) {
         capture_id: ctx.captureId ?? null,
         video_id: ctx.videoId ?? null,
         clip_record_id: ctx.clipRecordId ?? null,
+        interactive_demo_state_id: ctx.interactiveDemoStateId ?? null,
         operation_type: ctx.operationType,
         operation_outcome: params.outcome,
         outcome_reason: params.outcomeReason ?? null,
@@ -180,6 +181,9 @@ export async function insertClipOperationLog(supabase, ctx, params) {
 export async function insertVideoOperationLog(supabase, ctx, params) {
     return insertBillingOperationLog(supabase, { ...ctx, operationType: 'video' }, params);
 }
+export async function insertInteractiveDemoOperationLog(supabase, ctx, params) {
+    return insertBillingOperationLog(supabase, { ...ctx, operationType: 'interactive_demo' }, params);
+}
 export async function cancelScreenshotOperationLogsForCapture(supabase, captureId, reason) {
     try {
         const { error } = await supabase

package/dist/browser.d.ts

@@ -107,20 +107,20 @@ export declare class Browser {
      */
     static fromPool(options: BrowserOptions): Promise<Browser>;
     /**
-     * Create a Browser with a dedicated Chromium process and video recording enabled.
-     * The context is configured with `recordVideo` so Playwright records the session.
+     * Create a Browser dedicated to clip capture. Frames are pulled via CDP
+     * `Page.captureScreenshot` in a tight loop by `ClipCaptureLoop` — NOT via
+     * Playwright's built-in `recordVideo` (which plateaus at 27 FPS with ~12%
+     * duplicates due to the CDP screencast throttler).
      *
-     * IMPORTANT: After calling `browser.close()`, retrieve the video file path via
-     * `browser.currentPage.video()?.path()` BEFORE closing (save ref beforehand).
-     * Or call `browser.saveVideo(outputPath)` before closing.
-     *
-     * @param videoDir - Directory where Playwright will write the WebM file.
+     * Preserves the HiDPI rendering path (`--force-device-scale-factor` +
+     * `--window-size`) so the captured frames match viewport × DSF pixels, and
+     * the cursor overlay script so clicks/hover moments are visible.
      */
-    static forVideoRecording(options: BrowserOptions, videoDir: string, cursorScript: string): Promise<Browser>;
+    static forClipCapture(options: BrowserOptions, cursorScript: string): Promise<Browser>;
     /**
      * Close only the browser context (not the browser process).
-     * Use this for video recording: closing the context finalizes the WebM on disk
-     * while keeping the browser process alive so that saveAs() can still use the IPC channel.
+     * Used by clip capture to release the context promptly after the CDP loop
+     * has stopped, while keeping the browser process alive for any pending teardown.
      * Call browser.close() afterwards to shut down the browser process.
      */
     closeContext(): Promise<void>;

package/dist/browser.js

@@ -141,16 +141,6 @@ function normalizeDeviceScaleFactor(value) {
         return 2;
     return Math.max(0.5, Math.min(4, Number(value)));
 }
-function resolveRecordedVideoSize(viewport) {
-    // Playwright's video recorder expects a canvas size close to the CSS viewport.
-    // Using viewport × deviceScaleFactor can produce a larger recording surface
-    // with the page rendered only in the top-left corner, leaving the remainder
-    // as empty matte. Keep the recorded frame size aligned to the viewport and
-    // let the browser's deviceScaleFactor handle HiDPI rendering internally.
-    const width = Math.max(2, Math.round(viewport.width)) & ~1;
-    const height = Math.max(2, Math.round(viewport.height)) & ~1;
-    return { width, height };
-}
 function escapeCssAttributeValue(value) {
     return value
         .replace(/\\/g, '\\\\')
@@ -327,24 +317,42 @@ export class Browser {
         return instance;
     }
     /**
-     * Create a Browser with a dedicated Chromium process and video recording enabled.
-     * The context is configured with `recordVideo` so Playwright records the session.
-     *
-     * IMPORTANT: After calling `browser.close()`, retrieve the video file path via
-     * `browser.currentPage.video()?.path()` BEFORE closing (save ref beforehand).
-     * Or call `browser.saveVideo(outputPath)` before closing.
+     * Create a Browser dedicated to clip capture. Frames are pulled via CDP
+     * `Page.captureScreenshot` in a tight loop by `ClipCaptureLoop` — NOT via
+     * Playwright's built-in `recordVideo` (which plateaus at 27 FPS with ~12%
+     * duplicates due to the CDP screencast throttler).
      *
-     * @param videoDir - Directory where Playwright will write the WebM file.
+     * Preserves the HiDPI rendering path (`--force-device-scale-factor` +
+     * `--window-size`) so the captured frames match viewport × DSF pixels, and
+     * the cursor overlay script so clicks/hover moments are visible.
      */
-    static async forVideoRecording(options, videoDir, cursorScript) {
+    static async forClipCapture(options, cursorScript) {
         const instance = new Browser(options);
         const deviceScaleFactor = normalizeDeviceScaleFactor(options.deviceScaleFactor);
-        const recordedVideoSize = resolveRecordedVideoSize(options.viewport);
-        // Dedicated browser process for video — cannot use the pool because
-        // `recordVideo` must be set at context creation time.
+        // Enable GPU compositor on non-Linux platforms so Chrome can render
+        // 2880×1800 without saturating the CPU. Linux (Docker/CI) keeps
+        // `--disable-gpu` from CHROMIUM_ARGS because GPU is rarely available there.
+        const baseArgs = process.platform === 'linux'
+            ? CHROMIUM_ARGS
+            : CHROMIUM_ARGS.filter(arg => arg !== '--disable-gpu' && arg !== '--disable-gpu-sandbox');
+        // Pin ANGLE to the platform's native graphics API. Chrome's default
+        // backend is OpenGL on macOS, which is far slower than Metal for the
+        // compositor (measured 4 FPS vs 32 FPS at 2880×1800 on a heavy React UI).
+        // Same story on Windows where D3D11 is the native fast path.
+        const angleArg = process.platform === 'darwin' ? '--use-angle=metal'
+            : process.platform === 'win32' ? '--use-angle=d3d11'
+                : null; // Linux: skip — GPU is rarely present in CI anyway
+        const clipArgs = [
+            ...baseArgs,
+            `--force-device-scale-factor=${deviceScaleFactor}`,
+            `--window-size=${Math.round(options.viewport.width)},${Math.round(options.viewport.height)}`,
+            ...(angleArg ? [angleArg] : []),
+        ];
+        // Dedicated browser process for clip capture. Not pooled because clip
+        // capture installs context-level init scripts (cursor overlay).
         instance.browser = await chromium.launch({
             headless: !options.headed,
-            args: CHROMIUM_ARGS,
+            args: clipArgs,
         });
         instance.context = await instance.browser.newContext({
             viewport: options.viewport,
@@ -352,10 +360,6 @@ export class Browser {
             locale: langToLocale(options.lang ?? 'en'),
             colorScheme: options.colorScheme ?? 'light',
             storageState: options.storageState,
-            recordVideo: {
-                dir: videoDir,
-                size: recordedVideoSize,
-            },
         });
         // Inject cursor overlay at context level — survives all navigations in this session
         await instance.context.addInitScript(cursorScript);
@@ -364,8 +368,8 @@ export class Browser {
     }
     /**
      * Close only the browser context (not the browser process).
-     * Use this for video recording: closing the context finalizes the WebM on disk
-     * while keeping the browser process alive so that saveAs() can still use the IPC channel.
+     * Used by clip capture to release the context promptly after the CDP loop
+     * has stopped, while keeping the browser process alive for any pending teardown.
      * Call browser.close() afterwards to shut down the browser process.
      */
     async closeContext() {

package/dist/capture-encryption.d.ts

@@ -1,9 +1,11 @@
 export interface EncryptedEnvelope {
     __encrypted: true;
-    version: 1;
+    version: 1 | 2;
+    keyVersion?: 2;
     iv: string;
     tag: string;
     ciphertext: string;
+    salt?: string;
 }
 export declare function encrypt(plaintext: string, secret: string): EncryptedEnvelope;
 export declare function decrypt(envelope: EncryptedEnvelope, secret: string): string;

package/dist/capture-encryption.js

@@ -1,9 +1,18 @@
 import crypto from 'node:crypto';
-function deriveKey(secret) {
+function deriveLegacyKey(secret) {
     return crypto.createHash('sha256').update(secret).digest();
 }
+function deriveKey(secret, salt) {
+    return crypto.scryptSync(secret, salt, 32, {
+        N: 1 << 15,
+        r: 8,
+        p: 1,
+        maxmem: 128 * 1024 * 1024,
+    });
+}
 export function encrypt(plaintext, secret) {
-    const key = deriveKey(secret);
+    const salt = crypto.randomBytes(16);
+    const key = deriveKey(secret, salt);
     const iv = crypto.randomBytes(12);
     const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
     const ciphertext = Buffer.concat([
@@ -13,14 +22,18 @@ export function encrypt(plaintext, secret) {
     const tag = cipher.getAuthTag();
     return {
         __encrypted: true,
-        version: 1,
+        version: 2,
+        keyVersion: 2,
         iv: iv.toString('base64'),
         tag: tag.toString('base64'),
         ciphertext: ciphertext.toString('base64'),
+        salt: salt.toString('base64'),
     };
 }
 export function decrypt(envelope, secret) {
-    const key = deriveKey(secret);
+    const key = envelope.version === 1
+        ? deriveLegacyKey(secret)
+        : deriveKey(secret, Buffer.from(envelope.salt ?? '', 'base64'));
     const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(envelope.iv, 'base64'));
     decipher.setAuthTag(Buffer.from(envelope.tag, 'base64'));
     return Buffer.concat([
@@ -33,9 +46,11 @@ export function isEncryptedEnvelope(value) {
         return false;
     const candidate = value;
     return (candidate.__encrypted === true
-        && candidate.version === 1
+        && (candidate.version === 1 || candidate.version === 2)
         && typeof candidate.iv === 'string'
         && typeof candidate.tag === 'string'
-        && typeof candidate.ciphertext === 'string');
+        && typeof candidate.ciphertext === 'string'
+        && (candidate.version === 1
+            || (candidate.keyVersion === 2 && typeof candidate.salt === 'string')));
 }
 //# sourceMappingURL=capture-encryption.js.map

package/dist/capture-strategy.js

@@ -34,8 +34,9 @@ export class ClipStrategy {
     mediaMode = 'clip';
     async prepare(adapter, _spec) {
         // Clip recording preparation:
-        // - The browser context is created with video recording enabled
-        // - Cursor overlay is injected by Browser.forVideoRecording()
+        // - Browser is launched via Browser.forClipCapture() with HiDPI flags
+        // - Cursor overlay script is injected at context level
+        // - Frame capture starts in adapter.beginRecording() via ClipCaptureLoop
     }
     async capture(adapter, _spec) {
         // Clip capture is bounded by BEGIN_CLIP / END_CLIP opcodes.

package/dist/cli-config.d.ts

@@ -9,6 +9,7 @@ declare const LOCAL_API_BASE_URL = "http://localhost:3000";
 declare const LOCAL_WS_URL = "ws://localhost:3000/ws";
 declare const API_BASE_URL_ENV_VAR = "AUTOKAP_API_BASE_URL";
 declare const WS_URL_ENV_VAR = "AUTOKAP_WS_URL";
+declare const ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR = "AUTOKAP_ALLOW_UNSAFE_SERVER_ORIGIN";
 export declare function getConfigDir(): string;
 export declare function getConfigPath(): string;
 export declare function getDefaultApiBaseUrl(): string;
@@ -17,4 +18,4 @@ export declare function readConfig(): Promise<AutokapConfig | null>;
 export declare function writeConfig(config: AutokapConfig): Promise<void>;
 export declare function deleteConfig(): Promise<void>;
 export declare function requireConfig(): Promise<AutokapConfig>;
-export { DEFAULT_API_BASE_URL, DEFAULT_WS_URL, LOCAL_API_BASE_URL, LOCAL_WS_URL, API_BASE_URL_ENV_VAR, WS_URL_ENV_VAR, };
+export { DEFAULT_API_BASE_URL, DEFAULT_WS_URL, LOCAL_API_BASE_URL, LOCAL_WS_URL, API_BASE_URL_ENV_VAR, WS_URL_ENV_VAR, ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR, };

package/dist/cli-config.js

@@ -8,6 +8,7 @@ const LOCAL_API_BASE_URL = 'http://localhost:3000';
 const LOCAL_WS_URL = 'ws://localhost:3000/ws';
 const API_BASE_URL_ENV_VAR = 'AUTOKAP_API_BASE_URL';
 const WS_URL_ENV_VAR = 'AUTOKAP_WS_URL';
+const ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR = 'AUTOKAP_ALLOW_UNSAFE_SERVER_ORIGIN';
 export function getConfigDir() {
     return path.join(os.homedir(), '.autokap');
 }
@@ -32,6 +33,10 @@ export async function readConfig() {
         const apiBaseUrl = envApiBaseUrl ?? storedApiBaseUrl;
         const wsUrl = envWsUrl
             ?? (envApiBaseUrl ? deriveWsUrl(apiBaseUrl) : normalizeUrl(parsed.wsUrl) ?? deriveWsUrl(apiBaseUrl));
+        assertAllowedApiOrigin(apiBaseUrl, storedApiBaseUrl, envApiBaseUrl ? API_BASE_URL_ENV_VAR : undefined);
+        if (envWsUrl) {
+            assertAllowedApiOrigin(wsUrl.replace(/^ws/, 'http'), deriveWsUrl(storedApiBaseUrl).replace(/^ws/, 'http'), WS_URL_ENV_VAR);
+        }
         return {
             apiKey: parsed.apiKey,
             apiBaseUrl,
@@ -67,7 +72,14 @@ export async function deleteConfig() {
     }
 }
 export async function requireConfig() {
-    const config = await readConfig();
+    let config = null;
+    try {
+        config = await readConfig();
+    }
+    catch (error) {
+        logger.error(error instanceof Error ? error.message : String(error));
+        process.exit(1);
+    }
     if (!config) {
         logger.error('Not authenticated. Run `npx autokap@latest init --cli-key <key>` first.');
         process.exit(1);
@@ -94,5 +106,42 @@ function deriveWsUrl(apiBaseUrl) {
         return DEFAULT_WS_URL;
     }
 }
-export { DEFAULT_API_BASE_URL, DEFAULT_WS_URL, LOCAL_API_BASE_URL, LOCAL_WS_URL, API_BASE_URL_ENV_VAR, WS_URL_ENV_VAR, };
+function normalizeOrigin(value) {
+    const normalized = normalizeUrl(value);
+    if (!normalized)
+        return null;
+    try {
+        const parsed = new URL(normalized);
+        if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:')
+            return null;
+        return parsed.origin;
+    }
+    catch {
+        return null;
+    }
+}
+function isUnsafeOverrideEnabled() {
+    const raw = process.env[ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR]?.trim().toLowerCase();
+    return raw === '1' || raw === 'true';
+}
+function isTrustedOrigin(origin) {
+    return origin === normalizeOrigin(DEFAULT_API_BASE_URL)
+        || origin === normalizeOrigin(LOCAL_API_BASE_URL);
+}
+function assertAllowedApiOrigin(candidateUrl, baselineUrl, envVar) {
+    const candidateOrigin = normalizeOrigin(candidateUrl);
+    const baselineOrigin = normalizeOrigin(baselineUrl);
+    if (!candidateOrigin || !baselineOrigin) {
+        throw new Error('AutoKap CLI config contains an invalid server origin');
+    }
+    if (candidateOrigin === baselineOrigin || isTrustedOrigin(candidateOrigin)) {
+        return;
+    }
+    if (isUnsafeOverrideEnabled()) {
+        logger.warn(`[config] Allowing unsafe server override from ${baselineOrigin} to ${candidateOrigin} because ${ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR}=1`);
+        return;
+    }
+    throw new Error(`Refusing unsafe server override to ${candidateOrigin}. Set ${ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR}=1 to allow ${envVar ?? 'this override'} explicitly.`);
+}
+export { DEFAULT_API_BASE_URL, DEFAULT_WS_URL, LOCAL_API_BASE_URL, LOCAL_WS_URL, API_BASE_URL_ENV_VAR, WS_URL_ENV_VAR, ALLOW_UNSAFE_SERVER_ORIGIN_ENV_VAR, };
 //# sourceMappingURL=cli-config.js.map

package/dist/cli-contract.d.ts

@@ -5,11 +5,15 @@ export interface CliPublicCommandDescriptor {
     docsDescriptionKey?: string;
 }
 export declare const CLI_KEY_TERM = "CLI key";
+export declare const CLI_VERSION_HEADER = "x-autokap-cli-version";
+export declare const MIN_CLI_VERSION_FOR_SIGNED_PROGRAMS = "1.0.9";
 export declare const CLI_DEFAULT_INSTALL_COMMAND = "npm install -g autokap";
+export declare const CLI_DEFAULT_INSTALLED_SETUP_COMMAND = "autokap init --cli-key <your-cli-key>";
 export declare const CLI_DEFAULT_SETUP_COMMAND = "npx autokap@latest init --cli-key <your-cli-key>";
-export declare const CLI_ADVANCED_SKILL_COMMAND = "npx autokap@latest skill --agent <agent>";
+export declare const CLI_ADVANCED_SKILL_COMMAND = "autokap skill --agent <agent>";
 export declare const CLI_FALLBACK_PROGRAM_COMMAND = "autokap run <preset-id> --program <file>";
 export declare function buildCliRunCommand(presetId: string, options?: {
     local?: boolean;
 }): string;
+export declare function buildCliInstalledSetupCommand(cliKey: string): string;
 export declare const CLI_PUBLIC_COMMANDS: CliPublicCommandDescriptor[];

package/dist/cli-contract.js

@@ -1,11 +1,17 @@
 export const CLI_KEY_TERM = "CLI key";
+export const CLI_VERSION_HEADER = "x-autokap-cli-version";
+export const MIN_CLI_VERSION_FOR_SIGNED_PROGRAMS = "1.0.9";
 export const CLI_DEFAULT_INSTALL_COMMAND = "npm install -g autokap";
+export const CLI_DEFAULT_INSTALLED_SETUP_COMMAND = "autokap init --cli-key <your-cli-key>";
 export const CLI_DEFAULT_SETUP_COMMAND = "npx autokap@latest init --cli-key <your-cli-key>";
-export const CLI_ADVANCED_SKILL_COMMAND = "npx autokap@latest skill --agent <agent>";
+export const CLI_ADVANCED_SKILL_COMMAND = "autokap skill --agent <agent>";
 export const CLI_FALLBACK_PROGRAM_COMMAND = "autokap run <preset-id> --program <file>";
 export function buildCliRunCommand(presetId, options = {}) {
     return `autokap run${options.local ? " --local" : ""} ${presetId}`;
 }
+export function buildCliInstalledSetupCommand(cliKey) {
+    return `autokap init --cli-key ${cliKey}`;
+}
 export const CLI_PUBLIC_COMMANDS = [
     {
         id: "init",

package/dist/cli-runner-local.js

@@ -87,16 +87,29 @@ async function persistArtifactsLocally(presetId, outputDirOption, variants) {
             let suffix = '';
             if (artifact.mediaMode === 'dom') {
                 if (artifact.fragmentName && artifact.parentStateName) {
-                    suffix = `-${artifact.parentStateName}-fragment-${artifact.fragmentName}`;
+                    suffix = `-${sanitizePathToken(artifact.parentStateName)}-fragment-${sanitizePathToken(artifact.fragmentName)}`;
                 }
                 else if (artifact.stateName) {
-                    suffix = `-${artifact.stateName}`;
+                    suffix = `-${sanitizePathToken(artifact.stateName)}`;
                 }
             }
-            const filePath = path.join(outputDir, `capture-${presetId.slice(0, 8)}-${variant.variantId}${suffix}-${index}.${ext}`);
+            const fileName = `capture-${sanitizePathToken(presetId.slice(0, 8))}-${sanitizePathToken(variant.variantId)}${suffix}-${index}.${ext}`;
+            const filePath = resolveContainedPath(outputDir, fileName);
             await fs.writeFile(filePath, artifact.buffer);
             logger.info(`[capture] Artifact saved locally: ${filePath}`);
         }
     }
 }
+function sanitizePathToken(value) {
+    const cleaned = value.trim().replace(/[^a-zA-Z0-9._-]+/g, '-').replace(/-+/g, '-');
+    return cleaned.length > 0 ? cleaned.slice(0, 80) : 'artifact';
+}
+function resolveContainedPath(outputDir, fileName) {
+    const resolved = path.resolve(outputDir, fileName);
+    const relative = path.relative(outputDir, resolved);
+    if (relative.startsWith('..') || path.isAbsolute(relative)) {
+        throw new Error(`Refusing to write outside output directory: ${fileName}`);
+    }
+    return resolved;
+}
 //# sourceMappingURL=cli-runner-local.js.map