browser-automation-skill 0.71.0

package/scripts/browser-creds-remove.sh

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+# creds-remove — typed-name confirmation, then delete metadata + secret via
+# backend. Mirrors remove-session UX exactly: --yes-i-know skips prompt,
+# --dry-run reports without writing.
+
+set -euo pipefail
+IFS=$'\n\t'
+umask 077
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib/common.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/common.sh"
+# shellcheck source=lib/credential.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/credential.sh"
+init_paths
+
+name=""; yes=0; dry_run=0
+usage() {
+  cat <<'USAGE'
+Usage: creds-remove --as CRED_NAME [--yes-i-know] [--dry-run]
+
+  --as CRED_NAME    credential to remove (required)
+  --yes-i-know      skip the typed-name confirmation
+  --dry-run         print planned action; remove nothing
+USAGE
+}
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --as)          name="$2"; shift 2 ;;
+    --yes-i-know)  yes=1; shift ;;
+    --dry-run)     dry_run=1; shift ;;
+    -h|--help)     usage; exit 0 ;;
+    *)             die "${EXIT_USAGE_ERROR}" "unknown flag: $1" ;;
+  esac
+done
+[ -n "${name}" ] || { usage; die "${EXIT_USAGE_ERROR}" "--as is required"; }
+assert_safe_name "${name}" "credential-name"
+
+started_at_ms="$(now_ms)"
+
+if ! credential_exists "${name}"; then
+  die "${EXIT_SITE_NOT_FOUND}" "credential not found: ${name}"
+fi
+
+if [ "${dry_run}" -eq 1 ]; then
+  ok "dry-run: would remove credential ${name}"
+  duration_ms=$(( $(now_ms) - started_at_ms ))
+  summary_json verb=creds-remove tool=none why=dry-run status=ok would_run=true \
+               credential="${name}" duration_ms="${duration_ms}"
+  exit "${EXIT_OK}"
+fi
+
+if [ "${yes}" -ne 1 ]; then
+  printf 'Type the credential name (%s) to confirm removal: ' "${name}" >&2
+  answer=""
+  IFS= read -r answer || true
+  if [ "${answer}" != "${name}" ]; then
+    die "${EXIT_USAGE_ERROR}" "removal aborted (confirmation mismatch)"
+  fi
+fi
+
+credential_delete "${name}"
+ok "credential removed: ${name}"
+
+duration_ms=$(( $(now_ms) - started_at_ms ))
+summary_json verb=creds-remove tool=none why=delete status=ok \
+             credential="${name}" duration_ms="${duration_ms}"

package/scripts/browser-creds-rotate-totp.sh

@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+# creds-rotate-totp — re-enroll the TOTP shared secret for an existing
+# credential. Use case: service forces a new TOTP secret (re-issued QR code
+# during account recovery, security-incident rotation, etc.). Replaces the
+# `<name>__totp` backend slot with a new value; metadata.totp_enabled stays
+# true; password slot untouched.
+#
+# Usage: bash scripts/browser-creds-rotate-totp.sh \
+#          --as CRED_NAME --totp-secret-stdin [--yes-i-know] [--dry-run]
+#
+# Phase-5 part 4-iv. Mirrors creds-migrate's typed-phrase confirmation.
+# AP-7: TOTP secret comes via stdin only — never argv.
+
+set -euo pipefail
+IFS=$'\n\t'
+umask 077
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib/common.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/common.sh"
+# shellcheck source=lib/credential.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/credential.sh"
+init_paths
+
+name=""; yes=0; dry_run=0; read_stdin=0
+
+usage() {
+  cat <<'USAGE'
+Usage: creds-rotate-totp --as CRED_NAME --totp-secret-stdin [options]
+
+  --as CRED_NAME           credential to rotate (must be totp_enabled).
+  --totp-secret-stdin      REQUIRED — read NEW base32 TOTP secret from stdin
+                            (one chunk; no NUL needed). AP-7: never argv.
+  --yes-i-know             skip the typed-name confirmation prompt.
+  --dry-run                print planned action; backend unchanged.
+  -h, --help               this message
+
+Behavior:
+  1. Validates cred exists + is totp_enabled.
+  2. Reads new TOTP secret from stdin.
+  3. Typed-phrase confirmation (unless --yes-i-know).
+  4. Overwrites <name>__totp backend slot.
+  5. Metadata + password slot UNCHANGED.
+
+Privacy: summary JSON NEVER includes the new TOTP secret value.
+USAGE
+}
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --as)                 name="$2"; shift 2 ;;
+    --totp-secret-stdin)  read_stdin=1; shift ;;
+    --yes-i-know)         yes=1; shift ;;
+    --dry-run)            dry_run=1; shift ;;
+    -h|--help)            usage; exit 0 ;;
+    *)                    die "${EXIT_USAGE_ERROR}" "unknown flag: $1" ;;
+  esac
+done
+
+[ -n "${name}" ]              || { usage; die "${EXIT_USAGE_ERROR}" "--as is required"; }
+[ "${read_stdin}" -eq 1 ]     || { usage; die "${EXIT_USAGE_ERROR}" "--totp-secret-stdin is required (AP-7: secrets via stdin only)"; }
+assert_safe_name "${name}" "credential-name"
+
+if ! credential_exists "${name}"; then
+  die "${EXIT_SITE_NOT_FOUND}" "credential not found: ${name}"
+fi
+
+cred_meta="$(credential_load "${name}")"
+totp_enabled="$(printf '%s' "${cred_meta}" | jq -r '.totp_enabled // false')"
+if [ "${totp_enabled}" != "true" ]; then
+  die "${EXIT_USAGE_ERROR}" "credential ${name} is not totp_enabled (use creds-add --enable-totp instead)"
+fi
+
+# Read new TOTP secret from stdin. Single chunk — no NUL splitting needed.
+new_totp="$(cat)"
+if [ -z "${new_totp}" ]; then
+  die "${EXIT_USAGE_ERROR}" "--totp-secret-stdin: empty secret on stdin"
+fi
+
+started_at_ms="$(now_ms)"
+
+if [ "${dry_run}" -eq 1 ]; then
+  ok "dry-run: would rotate TOTP secret for ${name} (${#new_totp} chars on stdin)"
+  duration_ms=$(( $(now_ms) - started_at_ms ))
+  summary_json verb=creds-rotate-totp tool=none why=dry-run status=ok would_run=true \
+               credential="${name}" duration_ms="${duration_ms}"
+  exit "${EXIT_OK}"
+fi
+
+if [ "${yes}" -ne 1 ]; then
+  printf 'Type the credential name (%s) to confirm TOTP rotation: ' "${name}" >&2
+  answer=""
+  IFS= read -r answer || true
+  if [ "${answer}" != "${name}" ]; then
+    die "${EXIT_USAGE_ERROR}" "rotation aborted (confirmation mismatch)"
+  fi
+fi
+
+# Overwrite the <name>__totp backend slot. credential_set_totp_secret reads
+# stdin — pipe the new secret in.
+printf '%s' "${new_totp}" | credential_set_totp_secret "${name}"
+
+ok "TOTP secret rotated: ${name}"
+
+duration_ms=$(( $(now_ms) - started_at_ms ))
+summary_json verb=creds-rotate-totp tool=none why=rotate-totp status=ok \
+             credential="${name}" duration_ms="${duration_ms}"

package/scripts/browser-creds-show.sh

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+# creds-show — emit credential metadata. Optional --reveal exposes the secret
+# value behind a typed-phrase confirmation gate.
+#
+# CRITICAL SECURITY INVARIANT (default mode): this verb NEVER emits the secret
+# payload. Only the metadata sidecar (site, account, backend, auto_relogin,
+# totp_enabled, created_at) is surfaced. The agent has no business seeing raw
+# secret material; downstream auth flows pass the payload via stdin pipes.
+#
+# --reveal flow: typed-phrase confirmation (mirror remove-session UX). User
+# must type the credential name back via stdin (single line). On match, the
+# secret is fetched (via credential_get_secret) and emitted alongside its
+# masked preview (via mask_string). On mismatch, the verb dies with a
+# self-healing hint. The masked preview lets the user confirm visually they
+# revealed the right thing without re-leaking the value.
+
+set -euo pipefail
+IFS=$'\n\t'
+umask 077
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib/common.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/common.sh"
+# shellcheck source=lib/credential.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/credential.sh"
+# shellcheck source=lib/mask.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/mask.sh"
+init_paths
+
+name=""; reveal=0
+usage() {
+  cat <<'USAGE'
+Usage: creds-show --as CRED_NAME [--reveal]
+
+  --as CRED_NAME    credential to show (required)
+  --reveal          after typed-phrase confirmation, include secret value
+                    + masked preview in the output JSON
+USAGE
+}
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --as)      name="$2"; shift 2 ;;
+    --reveal)  reveal=1; shift ;;
+    -h|--help) usage; exit 0 ;;
+    *) die "${EXIT_USAGE_ERROR}" "unknown flag: $1" ;;
+  esac
+done
+[ -n "${name}" ] || { usage; die "${EXIT_USAGE_ERROR}" "--as is required"; }
+assert_safe_name "${name}" "credential-name"
+
+started_at_ms="$(now_ms)"
+
+if ! credential_exists "${name}"; then
+  die "${EXIT_SITE_NOT_FOUND}" "credential not found: ${name}"
+fi
+
+meta="$(credential_load "${name}")"
+
+if [ "${reveal}" -eq 1 ]; then
+  printf 'Type the credential name (%s) to confirm reveal: ' "${name}" >&2
+  answer=""
+  IFS= read -r answer || true
+  if [ "${answer}" != "${name}" ]; then
+    die "${EXIT_USAGE_ERROR}" "reveal aborted (confirmation mismatch)"
+  fi
+  secret="$(credential_get_secret "${name}")"
+  secret_masked="$(mask_string "${secret}")"
+  duration_ms=$(( $(now_ms) - started_at_ms ))
+  jq -cn --arg n "${name}" --argjson m "${meta}" --arg s "${secret}" --arg sm "${secret_masked}" --argjson d "${duration_ms}" \
+    '{verb: "creds-show", tool: "none", why: "reveal", status: "ok",
+      credential: $n, meta: $m, secret_masked: $sm, secret: $s,
+      duration_ms: $d}'
+  exit "${EXIT_OK}"
+fi
+
+duration_ms=$(( $(now_ms) - started_at_ms ))
+jq -cn --arg n "${name}" --argjson m "${meta}" --argjson d "${duration_ms}" \
+  '{verb: "creds-show", tool: "none", why: "show", status: "ok",
+    credential: $n, meta: $m, duration_ms: $d}'

package/scripts/browser-creds-totp.sh

@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+# scripts/browser-creds-totp.sh — produce the current TOTP code for a stored
+# credential. Reads the base32 shared secret from the backend (`<name>:totp`
+# slot stored at `creds-add --enable-totp --totp-secret-stdin` time), generates
+# the RFC 6238 6-digit code via scripts/lib/node/totp.mjs, prints to stdout.
+#
+# Usage: bash scripts/browser-creds-totp.sh --as CRED_NAME [--dry-run]
+#
+# Phase-5 part 4-ii. login --auto auto-replay of TOTP codes is part 4-iii.
+
+set -euo pipefail
+IFS=$'\n\t'
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib/common.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/common.sh"
+# shellcheck source=lib/output.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/output.sh"
+# shellcheck source=lib/credential.sh
+# shellcheck disable=SC1091
+source "${SCRIPT_DIR}/lib/credential.sh"
+
+init_paths
+
+SUMMARY_T0="$(now_ms)"; export SUMMARY_T0
+
+as=""
+dry_run=0
+
+usage() {
+  cat <<'USAGE'
+Usage: creds-totp --as CRED_NAME [--dry-run]
+
+  --as CRED_NAME    credential name (must be totp_enabled, must have a
+                     stored TOTP secret).
+  --dry-run         report planned action; emit nothing on stdout.
+  -h, --help        this message
+
+Stdout: 6-digit code (or empty on dry-run).
+Stderr: human-friendly status / errors.
+USAGE
+}
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --as)       as="$2";  shift 2 ;;
+    --dry-run)  dry_run=1; shift ;;
+    -h|--help)  usage; exit 0 ;;
+    *)          die "${EXIT_USAGE_ERROR}" "unknown flag: $1" ;;
+  esac
+done
+
+[ -n "${as}" ] || { usage; die "${EXIT_USAGE_ERROR}" "--as is required"; }
+assert_safe_name "${as}" "credential-name"
+
+if ! credential_exists "${as}"; then
+  die "${EXIT_SITE_NOT_FOUND}" "credential not found: ${as}"
+fi
+
+cred_meta="$(credential_load "${as}")"
+totp_enabled="$(printf '%s' "${cred_meta}" | jq -r '.totp_enabled // false')"
+if [ "${totp_enabled}" != "true" ]; then
+  die "${EXIT_USAGE_ERROR}" "credential ${as} is not totp_enabled (re-add with --enable-totp --totp-secret-stdin)"
+fi
+
+if [ "${dry_run}" -eq 1 ]; then
+  ok "dry-run: would generate TOTP code for ${as}"
+  duration_ms=$(( $(now_ms) - $(printf '%s' "${SUMMARY_T0}") ))
+  summary_json verb=creds-totp tool=node why=dry-run status=ok would_run=true \
+               credential="${as}" duration_ms="${duration_ms}"
+  exit "${EXIT_OK}"
+fi
+
+# Pipe the TOTP secret to the node generator via stdin (AP-7: never argv).
+node_bin="${BROWSER_SKILL_NODE_BIN:-node}"
+totp_script="${SCRIPT_DIR}/lib/node/totp.mjs"
+
+set +e
+code="$(credential_get_totp_secret "${as}" | "${node_bin}" "${totp_script}")"
+gen_rc=$?
+set -e
+
+if [ "${gen_rc}" -ne 0 ]; then
+  die "${EXIT_GENERIC_ERROR}" "TOTP code generation failed (rc=${gen_rc})"
+fi
+
+# Emit code on stdout — agent reads it then types into browser.
+printf '%s\n' "${code}"
+
+duration_ms=$(( $(now_ms) - $(printf '%s' "${SUMMARY_T0}") ))
+summary_json verb=creds-totp tool=node why=generate-totp-code status=ok \
+             credential="${as}" duration_ms="${duration_ms}"