careervivid 1.12.4 → 1.12.6

package/dist/agent/QueryEngine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"QueryEngine.d.ts","sourceRoot":"","sources":["../../src/agent/QueryEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,uBAAuB,EAAE,OAAO,EAAQ,MAAM,eAAe,CAAC;AACpF,OAAO,EAAE,IAAI,EAAsB,MAAM,WAAW,CAAC;AAMrD,eAAO,MAAM,0BAA0B,QA8B/B,CAAC;AAKT,eAAO,MAAM,kBAAkB,QAgFI,CAAC;AAMpC,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gEAAgE;IAChE,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,0FAA0F;IAC1F,UAAU,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,uBAAuB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACtE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,IAAI,CAAC;IACvD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,kDAAkD;IAClD,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACjC,wEAAwE;IACxE,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,IAAI,CAAC;CAC3B;AAyCD;;;;GAIG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,EAAE,CAAc;IACxB,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,gBAAgB,CAAS;gBAErB,OAAO,GAAE,kBAAuB;IAyBrC,UAAU,IAAI,OAAO,EAAE;IAIvB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE;IAIpC,8CAA8C;IACvC,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE;IAW7B,OAAO,CAAC,mBAAmB;YAcb,YAAY;YAOZ,gBAAgB;IA6DjB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAqG5E;;;;OAIG;IACU,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;CAoHtF"}
+{"version":3,"file":"QueryEngine.d.ts","sourceRoot":"","sources":["../../src/agent/QueryEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,uBAAuB,EAAE,OAAO,EAAQ,MAAM,eAAe,CAAC;AACpF,OAAO,EAAE,IAAI,EAAsB,MAAM,WAAW,CAAC;AAMrD,eAAO,MAAM,0BAA0B,QA8B/B,CAAC;AAKT,eAAO,MAAM,kBAAkB,QA+FI,CAAC;AAMpC,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gEAAgE;IAChE,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;IACrB,0FAA0F;IAC1F,UAAU,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,uBAAuB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1E,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IACtE,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,IAAI,CAAC;IACvD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,kDAAkD;IAClD,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACjC,wEAAwE;IACxE,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,IAAI,CAAC;CAC3B;AAyCD;;;;GAIG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,EAAE,CAAc;IACxB,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,gBAAgB,CAAS;gBAErB,OAAO,GAAE,kBAAuB;IAyBrC,UAAU,IAAI,OAAO,EAAE;IAIvB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE;IAIpC,8CAA8C;IACvC,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE;IAW7B,OAAO,CAAC,mBAAmB;YAcb,YAAY;YAOZ,gBAAgB;IA6DjB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAqG5E;;;;OAIG;IACU,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;CAoHtF"}

package/dist/agent/QueryEngine.js

@@ -103,6 +103,21 @@ Priority Score formula: 40% attention + 30% excitement + 20% fit + 10% recency
 - Always show [ID], company, role, status, and priority score when discussing specific jobs
 - Be proactive: if you notice stale jobs or low apply velocity, mention it unprompted
 
+## URL Verification — HARNESS ENGINEERING RULE (Mandatory, No Exceptions)
+
+You must NEVER present a job application URL or any company link to the user without first verifying it is alive.
+Think like a user clicking that link — a 404 or hallucinated URL destroys trust instantly.
+
+**Rules:**
+1. After 'search_jobs' returns results, call 'verify_search_results' with all URLs before presenting them.
+2. Before saying "here is the link to apply", call 'verify_url' on that URL first.
+3. If a URL fails verification, do NOT show it. Instead say: "I couldn't confirm the application link — please search for this role directly on [Company]'s careers page or LinkedIn."
+4. If a URL looks made-up (unfamiliar company domain, no ATS path like /careers/ or /jobs/), call 'verify_url' immediately — do not present it without checking.
+5. Never bypass this rule with phrases like "the link should be..." or "visit...". Check first, then share.
+
+This rule exists because AI models can confidently produce plausible-sounding URLs that do not exist.
+Your credibility depends on only sharing links that work.
+
 ## Greeting Protocol
 When the user sends a generic greeting (e.g., "hey", "hello", "hi", "start"), you MUST return exactly this standardized routing menu, word-for-word, and do not call any tools:
 

package/dist/agent/tools/browser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../../src/agent/tools/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAysBlC,eAAO,MAAM,iBAAiB,EAAE,IAAI,EAanC,CAAC"}
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../../src/agent/tools/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAmtBlC,eAAO,MAAM,iBAAiB,EAAE,IAAI,EAanC,CAAC"}

package/dist/agent/tools/browser.js

@@ -499,7 +499,11 @@ const BrowserCloseTool = {
  */
 function getSidecarPath() {
     const __dirname = dirname(fileURLToPath(import.meta.url));
-    return resolve(__dirname, "../../apply/browser_sidecar.py");
+    // Compiled path: dist/agent/tools/ → three levels up → project root → src/apply/
+    const fromDist = resolve(__dirname, "../../../src/apply/browser_sidecar.py");
+    // Source path (ts-node): src/agent/tools/ → two levels up → src/apply/
+    const fromSrc = resolve(__dirname, "../../apply/browser_sidecar.py");
+    return existsSync(fromDist) ? fromDist : fromSrc;
 }
 const BrowserUseAgentTool = {
     name: "browser_use_agent",
@@ -535,48 +539,56 @@ Example: "Go to https://jobs.example.com/apply and fill out the application form
     },
     execute: async (args) => {
         const { spawn } = await import("child_process");
-        const { loadConfig, getGeminiKey } = await import("../../config.js");
-        // ── Locate Python 3.11 ────────────────────────────────────────────────
+        // ── Locate Python — venv first, then system python 3.11 ────────────────────────
         const PYTHON_CANDIDATES = [
+            join(homedir(), "careervivid", "browser-use", ".venv", "bin", "python"),
             "/opt/homebrew/bin/python3.11",
             "/usr/local/bin/python3.11",
             "/usr/bin/python3.11",
         ];
         const pythonBin = PYTHON_CANDIDATES.find(existsSync);
         if (!pythonBin) {
-            return "❌ Python 3.11 not found. Install with: brew install python@3.11";
+            return "\u274c Python 3.11 not found. Install with: brew install python@3.11";
         }
-        // ── Locate sidecar script ─────────────────────────────────────────────
+        // ── Locate sidecar script ───────────────────────────────────────────
         const sidecarPath = getSidecarPath();
         if (!existsSync(sidecarPath)) {
             return `❌ browser_sidecar.py not found at: ${sidecarPath}`;
         }
-        // ── Get Gemini API key ────────────────────────────────────────────────
+        // ── Resolve LLM config ───────────────────────────────────────────
+        const { loadConfig, getGeminiKey, getLlmConfig } = await import("../../config.js");
         const cfg = loadConfig();
-        const apiKey = cfg.geminiKey ||
-            cfg.llmApiKey ||
-            getGeminiKey() ||
-            process.env.GOOGLE_API_KEY ||
-            process.env.GEMINI_API_KEY ||
-            "";
-        if (!apiKey) {
+        const llmCfg = getLlmConfig();
+        // For the agent tool, default to using the active LLM config from cv agent session
+        const llmConfig = {
+            provider: llmCfg.provider,
+            model: args.model || llmCfg.model || "gemini-3.1-flash-lite-preview",
+            apiKey: llmCfg.apiKey || cfg.geminiKey || getGeminiKey() || process.env.GEMINI_API_KEY || "",
+            baseUrl: llmCfg.baseUrl,
+        };
+        if (!llmConfig.apiKey && llmConfig.provider !== "careervivid") {
             return [
-                "❌ No Gemini API key found for browser-use agent.",
-                "   Set one via: cv agent config  → choose 'Gemini (personal key)'",
-                "   Or set env: export GEMINI_API_KEY=AIza...",
+                `\u274c No API key found for provider: ${llmConfig.provider}`,
+                "   Set it via: cv agent config",
             ].join("\n");
         }
+        // For CareerVivid Cloud, use the CV API key as the identifier
+        if (llmConfig.provider === "careervivid") {
+            llmConfig.apiKey = cfg.apiKey || process.env.CV_API_KEY || "";
+        }
         const profileDir = join(homedir(), ".careervivid", "browser-session");
-        const model = args.model || "gemini-3.1-flash-lite-preview";
-        // ── Build input payload ───────────────────────────────────────────────
+        // ── Build input payload (new llm_config format) ────────────────────────
+        const model = llmConfig.model;
         const inputPayload = JSON.stringify({
-            task: args.task,
-            api_key: apiKey,
-            model,
+            url: "", // browser_use_agent sends task_override instead of url+profile
+            llm_config: llmConfig,
+            resume_pdf_path: "",
+            profile: {},
             profile_dir: profileDir,
+            task_override: args.task,
         });
-        // ── Spawn sidecar ─────────────────────────────────────────────────────
-        console.log(chalk.cyan(`\n🤖 Launching browser-use agent (${model})...\n`));
+        // ── Spawn sidecar ───────────────────────────────────────────
+        console.log(chalk.cyan(`\n\ud83e\udd16 Launching browser-use agent (${model} via ${llmConfig.provider})...\n`));
         return new Promise((resolve) => {
             const steps = [];
             let finalResult = "";
@@ -584,8 +596,6 @@ Example: "Go to https://jobs.example.com/apply and fill out the application form
                 stdio: ["pipe", "pipe", "pipe"],
                 env: {
                     ...process.env,
-                    GOOGLE_API_KEY: apiKey,
-                    GEMINI_API_KEY: apiKey,
                     PYTHONUNBUFFERED: "1",
                 },
             });

package/dist/agent/tools/jobs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jobs.d.ts","sourceRoot":"","sources":["../../../src/agent/tools/jobs.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAmBlC,eAAO,MAAM,cAAc,EAAE,IA0F5B,CAAC;AAMF,eAAO,MAAM,WAAW,EAAE,IA4EzB,CAAC;AAMF,eAAO,MAAM,YAAY,EAAE,IAgE1B,CAAC;AAMF,eAAO,MAAM,mBAAmB,EAAE,IAwDjC,CAAC;AAMF,eAAO,MAAM,aAAa,EAAE,IAgC3B,CAAC;AAMF,eAAO,MAAM,eAAe,EAAE,IA6B7B,CAAC;AAMF,eAAO,MAAM,gBAAgB,EAAE,IAmE9B,CAAC;AAMF,eAAO,MAAM,gBAAgB,EAAE,IAwB9B,CAAC;AAMF,eAAO,MAAM,cAAc,EAAE,IAkO5B,CAAC;AAMF,eAAO,MAAM,aAAa,EAAE,IAAI,EAU/B,CAAC"}
+{"version":3,"file":"jobs.d.ts","sourceRoot":"","sources":["../../../src/agent/tools/jobs.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAmBlC,eAAO,MAAM,cAAc,EAAE,IA0F5B,CAAC;AAMF,eAAO,MAAM,WAAW,EAAE,IA4EzB,CAAC;AAMF,eAAO,MAAM,YAAY,EAAE,IAgE1B,CAAC;AAMF,eAAO,MAAM,mBAAmB,EAAE,IAwDjC,CAAC;AAMF,eAAO,MAAM,aAAa,EAAE,IAgC3B,CAAC;AAMF,eAAO,MAAM,eAAe,EAAE,IA6B7B,CAAC;AAMF,eAAO,MAAM,gBAAgB,EAAE,IAmE9B,CAAC;AAMF,eAAO,MAAM,gBAAgB,EAAE,IAwB9B,CAAC;AAMF,eAAO,MAAM,cAAc,EAAE,IAyO5B,CAAC;AAMF,eAAO,MAAM,aAAa,EAAE,IAAI,EAU/B,CAAC"}

package/dist/agent/tools/jobs.js

@@ -513,61 +513,71 @@ FILLING RULES:
         if (args.dry_run) {
             return `[DRY RUN] Would launch browser-use with:\n\n${task.substring(0, 600)}...`;
         }
-        // ── 4. Resolve Python 3.11 and sidecar path ────────────────────────────
+        // ── 4. Resolve Python and sidecar path ─────────────────────────────────
         const { existsSync } = await import("fs");
         const { spawn } = await import("child_process");
         const pathMod = await import("path");
         const { fileURLToPath } = await import("url");
         const PYTHON_CANDIDATES = [
+            pathMod.join(pathMod.dirname(fileURLToPath(import.meta.url)), "../../../..", "browser-use", ".venv", "bin", "python"),
+            "/Users/jiawenzhu/careervivid/browser-use/.venv/bin/python",
             "/opt/homebrew/bin/python3.11",
             "/usr/local/bin/python3.11",
             "/usr/bin/python3.11",
         ];
         const pythonBin = PYTHON_CANDIDATES.find(existsSync);
         if (!pythonBin) {
-            return "❌ Python 3.11 not found.\n   Install: brew install python@3.11\n   Then: pip3.11 install browser-use";
+            return "\u274c Python 3.11 not found.\n   Install: brew install python@3.11\n   Then: pip3.11 install browser-use";
         }
         const __dirname = pathMod.dirname(fileURLToPath(import.meta.url));
-        const sidecarPath = pathMod.resolve(__dirname, "../../apply/browser_sidecar.py");
+        // dist/agent/tools/ → ../../../ → project root → src/apply/
+        const sidecarFromDist = pathMod.resolve(__dirname, "../../../src/apply/browser_sidecar.py");
+        const sidecarFromSrc = pathMod.resolve(__dirname, "../../apply/browser_sidecar.py");
+        const sidecarPath = existsSync(sidecarFromDist) ? sidecarFromDist : sidecarFromSrc;
         if (!existsSync(sidecarPath)) {
-            return `❌ browser_sidecar.py not found at expected path: ${sidecarPath}`;
+            return `\u274c browser_sidecar.py not found at expected path: ${sidecarPath}`;
         }
-        // ── 5. Resolve Gemini API key ──────────────────────────────────────────
-        const { loadConfig, getGeminiKey } = await import("../../config.js");
+        // ── 5. Resolve LLM config ─────────────────────────────────────────
+        const { loadConfig, getGeminiKey, getLlmConfig } = await import("../../config.js");
         const cfg = loadConfig();
-        const apiKey = cfg.geminiKey ||
-            cfg.llmApiKey ||
-            getGeminiKey() ||
-            process.env.GOOGLE_API_KEY ||
-            process.env.GEMINI_API_KEY ||
-            "";
-        if (!apiKey) {
+        const llmCfg = getLlmConfig();
+        const llmConfig = {
+            provider: llmCfg.provider,
+            model: args.model || llmCfg.model || "gemini-3.1-flash-lite-preview",
+            apiKey: llmCfg.apiKey || cfg.geminiKey || cfg.llmApiKey || getGeminiKey() || process.env.GOOGLE_API_KEY || process.env.GEMINI_API_KEY || "",
+            baseUrl: llmCfg.baseUrl,
+        };
+        // For CareerVivid Cloud, use the CV account key for the proxy — no personal LLM key needed
+        if (llmConfig.provider === "careervivid") {
+            llmConfig.apiKey = cfg.apiKey || process.env.CV_API_KEY || "";
+        }
+        else if (!llmConfig.apiKey) {
             return [
-                "❌ No Gemini API key found — browser-use agent cannot start.",
-                "   Fix options:",
-                "   1. Run `cv agent` → Settings → choose 'Gemini (personal key)' → enter your key",
-                "   2. Or: export GEMINI_API_KEY=AIzaSy...  in your terminal before running cv agent",
+                `❌ No API key found for provider: ${llmConfig.provider}`,
+                "   Run `cv agent config` and choose your provider to set a key.",
             ].join("\n");
         }
         const { homedir } = await import("os");
         const profileDir = pathMod.join(homedir(), ".careervivid", "browser-session");
-        // ── 6. Spawn browser-use sidecar ───────────────────────────────────────
+        // ── 6. Spawn browser-use sidecar ─────────────────────────────────────────
         const chalk = (await import("chalk")).default;
         console.log(chalk.cyan(`\n🤖 Launching browser-use agent → ${args.job_url}\n`));
         console.log(chalk.dim("   Chrome will open and fill the form autonomously."));
         console.log(chalk.dim("   It will stop BEFORE the Submit button — you review and submit.\n"));
-        const model = args.model || "gemini-3.1-flash-lite-preview";
+        // Build input payload using the new llm_config format
         const inputPayload = JSON.stringify({
-            task,
-            api_key: apiKey,
-            model,
+            url: args.job_url,
+            llm_config: llmConfig,
+            resume_pdf_path: "",
+            profile: {},
             profile_dir: profileDir,
+            task_override: task, // sidecar uses this full task string
         });
         return new Promise((resolve) => {
             let finalResult = "";
             const child = spawn(pythonBin, [sidecarPath], {
                 stdio: ["pipe", "pipe", "pipe"],
-                env: { ...process.env, GOOGLE_API_KEY: apiKey, GEMINI_API_KEY: apiKey, PYTHONUNBUFFERED: "1" },
+                env: { ...process.env, PYTHONUNBUFFERED: "1" },
             });
             child.stdin.write(inputPayload);
             child.stdin.end();

package/dist/agent/tools/urlVerifier.d.ts

@@ -0,0 +1,41 @@
+/**
+ * urlVerifier.ts — URL safety & reachability checker for the CareerVivid Job Agent.
+ *
+ * Harness Engineering Mindset:
+ *   The agent must think like a real user clicking a link. A 98%-match job means
+ *   nothing if the URL is broken, hallucinated, or redirects to a homepage.
+ *   Every URL we return to the user must pass this verification harness BEFORE
+ *   we present it.
+ *
+ * The harness performs layered checks:
+ *   1. Structural validity — is this even a parseable URL?
+ *   2. Domain plausibility — does this look like a real company domain?
+ *   3. HTTP reachability — does it respond with 200/301/302?
+ *   4. Content sanity   — does the final page look like a real job listing?
+ *   5. ATS legitimacy   — is it on a known ATS (Ashby, Greenhouse, Lever, etc.)?
+ */
+import { Tool } from "../Tool.js";
+export interface UrlVerificationResult {
+    url: string;
+    ok: boolean;
+    status?: number;
+    finalUrl?: string;
+    isTrustedAts: boolean;
+    redirected: boolean;
+    reason: string;
+    warning?: string;
+}
+/**
+ * Verify a single URL is reachable and looks like a legitimate job posting.
+ * Uses harness-engineering thinking: emulate a real user clicking the link.
+ */
+export declare function verifyUrl(url: string): Promise<UrlVerificationResult>;
+/**
+ * Verify a batch of URLs in parallel (max 5 concurrent).
+ * Returns results in the same order as input.
+ */
+export declare function verifyUrlBatch(urls: string[]): Promise<UrlVerificationResult[]>;
+export declare const VerifyUrlTool: Tool;
+export declare const VerifySearchResultsTool: Tool;
+export declare const ALL_URL_VERIFIER_TOOLS: Tool[];
+//# sourceMappingURL=urlVerifier.d.ts.map

package/dist/agent/tools/urlVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"urlVerifier.d.ts","sourceRoot":"","sources":["../../../src/agent/tools/urlVerifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AA8ClC,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CA4I3E;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAalC;AAID,eAAO,MAAM,aAAa,EAAE,IAkD3B,CAAC;AAIF,eAAO,MAAM,uBAAuB,EAAE,IAiDrC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,IAAI,EAGxC,CAAC"}

package/dist/agent/tools/urlVerifier.js

@@ -0,0 +1,293 @@
+/**
+ * urlVerifier.ts — URL safety & reachability checker for the CareerVivid Job Agent.
+ *
+ * Harness Engineering Mindset:
+ *   The agent must think like a real user clicking a link. A 98%-match job means
+ *   nothing if the URL is broken, hallucinated, or redirects to a homepage.
+ *   Every URL we return to the user must pass this verification harness BEFORE
+ *   we present it.
+ *
+ * The harness performs layered checks:
+ *   1. Structural validity — is this even a parseable URL?
+ *   2. Domain plausibility — does this look like a real company domain?
+ *   3. HTTP reachability — does it respond with 200/301/302?
+ *   4. Content sanity   — does the final page look like a real job listing?
+ *   5. ATS legitimacy   — is it on a known ATS (Ashby, Greenhouse, Lever, etc.)?
+ */
+import { Type } from "@google/genai";
+// ── Known ATS domains that are always trustworthy ─────────────────────────────
+const TRUSTED_ATS_DOMAINS = [
+    "greenhouse.io",
+    "lever.co",
+    "ashbyhq.com",
+    "workday.com",
+    "workdayjobs.com",
+    "myworkdayjobs.com",
+    "icims.com",
+    "smartrecruiters.com",
+    "jobvite.com",
+    "taleo.net",
+    "oracle.com",
+    "brassring.com",
+    "successfactors.com",
+    "linkedin.com/jobs",
+    "indeed.com",
+    "careers.google.com",
+    "jobs.microsoft.com",
+    "amazon.jobs",
+    "meta.com/careers",
+    "apple.com/jobs",
+    "openai.com/careers",
+    "anthropic.com/careers",
+    "jobs.ashbyhq.com",
+    "boards.greenhouse.io",
+    "apply.workable.com",
+    "recruitee.com",
+    "bamboohr.com",
+    "rippling.com",
+    "ripplinghq.com",
+];
+// ── Suspicious patterns — usually hallucinated or spam ────────────────────────
+const SUSPICIOUS_PATTERNS = [
+    /localhost/i,
+    /127\.0\.0\./,
+    /example\.(com|org|net)/i,
+    /test\.(com|org)/i,
+    /careers\.(io|app|xyz|online|site|info|biz)$/i, // generic TLDs on "careers" domains
+    /jobs\.(io|app|xyz|online|site|info|biz)$/i,
+];
+/**
+ * Verify a single URL is reachable and looks like a legitimate job posting.
+ * Uses harness-engineering thinking: emulate a real user clicking the link.
+ */
+export async function verifyUrl(url) {
+    // ── 1. Structural check ───────────────────────────────────────────────────
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return {
+            url, ok: false, isTrustedAts: false, redirected: false,
+            reason: `❌ Malformed URL — not a valid link: "${url}"`,
+        };
+    }
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+        return {
+            url, ok: false, isTrustedAts: false, redirected: false,
+            reason: `❌ Non-HTTP URL — cannot open in browser: "${url}"`,
+        };
+    }
+    // ── 2. Suspicious pattern check ───────────────────────────────────────────
+    for (const pattern of SUSPICIOUS_PATTERNS) {
+        if (pattern.test(url)) {
+            return {
+                url, ok: false, isTrustedAts: false, redirected: false,
+                reason: `❌ URL looks hallucinated or is a placeholder domain: "${url}"`,
+                warning: "This URL matches a known fake/test domain pattern.",
+            };
+        }
+    }
+    // ── 3. Trusted ATS domain shortcut ───────────────────────────────────────
+    const isTrustedAts = TRUSTED_ATS_DOMAINS.some((d) => parsed.hostname.includes(d) || url.includes(d));
+    // ── 4. HTTP reachability (HEAD → GET fallback) ────────────────────────────
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 8000); // 8s timeout
+    try {
+        let res;
+        let finalUrl = url;
+        try {
+            res = await fetch(url, {
+                method: "HEAD",
+                redirect: "follow",
+                signal: controller.signal,
+                headers: {
+                    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
+                },
+            });
+            finalUrl = res.url;
+        }
+        catch {
+            // HEAD blocked — try GET (some servers reject HEAD)
+            res = await fetch(url, {
+                method: "GET",
+                redirect: "follow",
+                signal: controller.signal,
+                headers: {
+                    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
+                },
+            });
+            finalUrl = res.url;
+        }
+        const status = res.status;
+        const redirected = finalUrl !== url;
+        // ── 5. Content sanity — did we land on a real page? ────────────────────
+        if (status === 404) {
+            return {
+                url, ok: false, status, finalUrl, isTrustedAts, redirected,
+                reason: `❌ Page not found (404) — this job posting may have been removed or the URL is incorrect.`,
+            };
+        }
+        if (status === 403 || status === 401) {
+            // Could be a valid page behind auth — treat as uncertain but not broken
+            return {
+                url, ok: true, status, finalUrl, isTrustedAts, redirected,
+                reason: `⚠️ Page requires authentication (${status}) — link may be valid but access restricted.`,
+                warning: "User may need to log in to view this posting.",
+            };
+        }
+        if (status >= 500) {
+            return {
+                url, ok: false, status, finalUrl, isTrustedAts, redirected,
+                reason: `❌ Server error (${status}) — the job site is having issues. Try again later.`,
+            };
+        }
+        // Check if we got redirected to a homepage (common when job is removed)
+        if (redirected) {
+            const finalParsed = new URL(finalUrl);
+            const landedOnHomepage = finalParsed.pathname === "/" ||
+                finalParsed.pathname === "" ||
+                finalParsed.pathname === "/careers" ||
+                finalParsed.pathname === "/jobs";
+            if (landedOnHomepage && !isTrustedAts) {
+                return {
+                    url, ok: false, status, finalUrl, isTrustedAts, redirected,
+                    reason: `❌ URL redirects to homepage (${finalUrl}) — job posting likely no longer exists.`,
+                    warning: "This job posting may have been removed.",
+                };
+            }
+        }
+        if (status >= 200 && status < 400) {
+            const verdict = isTrustedAts
+                ? `✅ Verified — reachable on trusted ATS (${parsed.hostname})`
+                : `✅ Reachable (status ${status})${redirected ? ` → redirected to ${finalUrl}` : ""}`;
+            return {
+                url, ok: true, status, finalUrl, isTrustedAts, redirected,
+                reason: verdict,
+            };
+        }
+        return {
+            url, ok: false, status, finalUrl, isTrustedAts, redirected,
+            reason: `❌ Unexpected HTTP status: ${status}`,
+        };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        const isTimeout = msg.includes("abort") || msg.includes("timeout");
+        return {
+            url, ok: false, isTrustedAts, redirected: false,
+            reason: isTimeout
+                ? `❌ Connection timed out (>8s) — site may be down or the URL is unreachable.`
+                : `❌ Network error: ${msg}`,
+        };
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+/**
+ * Verify a batch of URLs in parallel (max 5 concurrent).
+ * Returns results in the same order as input.
+ */
+export async function verifyUrlBatch(urls) {
+    const CONCURRENCY = 5;
+    const results = new Array(urls.length);
+    for (let i = 0; i < urls.length; i += CONCURRENCY) {
+        const batch = urls.slice(i, i + CONCURRENCY);
+        const batchResults = await Promise.all(batch.map((u) => verifyUrl(u)));
+        batchResults.forEach((r, j) => {
+            results[i + j] = r;
+        });
+    }
+    return results;
+}
+// ── Tool: verify_url ─────────────────────────────────────────────────────────
+export const VerifyUrlTool = {
+    name: "verify_url",
+    description: `Verify that a URL is actually reachable and looks like a real job posting before showing it to the user.
+
+HARNESS ENGINEERING RULE: You MUST call this tool before presenting any job URL to the user.
+Think like a user clicking a link — a broken or hallucinated URL wastes their time and destroys trust.
+
+Use this tool when:
+- You have a job URL from search_jobs or any other source
+- You are about to tell the user "here is the link to apply"
+- You suspect a URL might be invalid, outdated, or hallucinated
+- You want to confirm a job is still accepting applications
+
+This tool checks: URL validity, HTTP reachability, redirect detection, homepage-redirect detection,
+and whether the URL is on a trusted ATS (Ashby, Greenhouse, Lever, etc.).`,
+    parameters: {
+        type: Type.OBJECT,
+        properties: {
+            url: {
+                type: Type.STRING,
+                description: "The full URL to verify (must start with http:// or https://).",
+            },
+        },
+        required: ["url"],
+    },
+    execute: async (args) => {
+        const result = await verifyUrl(args.url);
+        const lines = [result.reason];
+        if (result.redirected && result.finalUrl) {
+            lines.push(`   Redirected to: ${result.finalUrl}`);
+        }
+        if (result.isTrustedAts) {
+            lines.push(`   ✓ Trusted ATS domain — application form should be available`);
+        }
+        if (result.warning) {
+            lines.push(`   ⚠️  ${result.warning}`);
+        }
+        if (!result.ok) {
+            lines.push(`\nAgent Instruction: Do NOT show this URL to the user — it is broken or unreachable.`, `Instead, tell the user you couldn't verify the application link and suggest they`, `search for the job directly on the company's careers page or LinkedIn.`);
+        }
+        return lines.join("\n");
+    },
+};
+// ── Tool: verify_search_results ──────────────────────────────────────────────
+export const VerifySearchResultsTool = {
+    name: "verify_search_results",
+    description: `Verify a batch of job URLs returned from search_jobs are all reachable.
+Use this after search_jobs to filter out dead or hallucinated links before showing results to the user.
+Returns a summary of which URLs passed and which failed, so you can present only working links.`,
+    parameters: {
+        type: Type.OBJECT,
+        properties: {
+            urls: {
+                type: Type.ARRAY,
+                items: { type: Type.STRING },
+                description: "Array of job URLs to verify in parallel.",
+            },
+        },
+        required: ["urls"],
+    },
+    execute: async (args) => {
+        if (!args.urls || args.urls.length === 0) {
+            return "No URLs provided to verify.";
+        }
+        const results = await verifyUrlBatch(args.urls);
+        const passed = results.filter((r) => r.ok);
+        const failed = results.filter((r) => !r.ok);
+        const lines = [
+            `URL Verification Results (${passed.length}/${results.length} passed):\n`,
+        ];
+        for (const r of results) {
+            lines.push(`${r.ok ? "✅" : "❌"} ${r.url}`);
+            lines.push(`   ${r.reason}`);
+            if (r.warning)
+                lines.push(`   ⚠️  ${r.warning}`);
+        }
+        if (failed.length > 0) {
+            lines.push(`\nAgent Instruction: Only show the ${passed.length} passing URLs to the user.`, `For the ${failed.length} failed URL(s), do NOT include them in your response.`, `If too many failed, tell the user you couldn't verify all links and suggest`, `they search directly on LinkedIn or the company careers page.`);
+        }
+        else {
+            lines.push(`\nAll URLs verified successfully — safe to show to the user.`);
+        }
+        return lines.join("\n");
+    },
+};
+export const ALL_URL_VERIFIER_TOOLS = [
+    VerifyUrlTool,
+    VerifySearchResultsTool,
+];

package/dist/apply/adapter-generator.d.ts

@@ -0,0 +1,42 @@
+/**
+ * adapter-generator.ts — AI-powered ATS adapter generator
+ *
+ * When cv jobs apply encounters a URL from an unknown ATS platform, this module:
+ *   1. Scrapes the HTML skeleton of the form (headless Playwright)
+ *   2. Calls Gemini to generate a TypeScript ATSAdapter implementation
+ *   3. Saves the generated adapter to ~/.careervivid/adapters/<hostname>.js (runtime)
+ *   4. Optionally syncs to Firebase Storage (user's "memory space") so it's
+ *      available across devices/reinstalls without needing a CLI rebuild
+ *
+ * Generated adapters are saved as pre-transpiled JavaScript (not TypeScript)
+ * so they can be loaded via dynamic import() at runtime without a build step.
+ *
+ * Firebase Storage path: gs://<bucket>/users/<uid>/adapters/<hostname>.js
+ */
+export interface GeneratedAdapter {
+    hostname: string;
+    filePath: string;
+    source: "cache" | "generated" | "firebase";
+}
+/**
+ * Try to load or generate a TypeScript adapter for the given URL.
+ *
+ * @param url       The job application URL
+ * @param apiKey    Gemini API key for generating the adapter
+ * @param model     Gemini model to use (e.g. "gemini-3-flash-preview")
+ * @returns         Path to the generated .js adapter file, or null on failure
+ */
+export declare function getOrGenerateAdapter(url: string, apiKey: string, model: string): Promise<GeneratedAdapter | null>;
+/**
+ * Dynamically load a generated adapter from a .mjs file.
+ * Returns an ATSAdapter-like object or null on failure.
+ */
+export declare function loadGeneratedAdapter(adapterPath: string): Promise<any | null>;
+/**
+ * List all locally cached adapters (for debugging / cv agent --jobs info).
+ */
+export declare function listCachedAdapters(): Array<{
+    hostname: string;
+    path: string;
+}>;
+//# sourceMappingURL=adapter-generator.d.ts.map

package/dist/apply/adapter-generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter-generator.d.ts","sourceRoot":"","sources":["../../src/apply/adapter-generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAyDH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,GAAG,WAAW,GAAG,UAAU,CAAC;CAC5C;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAoClC;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAanF;AAiMD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,KAAK,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAS9E"}