cloak22 2.2.0

package/dist/chrome-cookies.js

@@ -0,0 +1,420 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CHROME_COOKIE_APP_BOUND_UNSUPPORTED_ERROR = exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR = exports.CHROME_COOKIE_LIMITATION_WARNING = void 0;
+exports.readChromeCookies = readChromeCookies;
+exports.createChromeCookieReader = createChromeCookieReader;
+exports.candidateChromeCookieHosts = candidateChromeCookieHosts;
+exports.chromeCookieMatchesUrl = chromeCookieMatchesUrl;
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+const cookies_js_1 = require("./cookies.js");
+const chrome_profile_sites_js_1 = require("./chrome-profile-sites.js");
+const chrome_profiles_js_1 = require("./chrome-profiles.js");
+exports.CHROME_COOKIE_LIMITATION_WARNING = "Chrome cookie import is best-effort and only reuses cookies, not the rest of the browser profile. If a login still fails after injection, the site may depend on additional browser state.";
+exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR = "Chrome cookie support is not available in this environment. cloak could not access the selected profile's cookie database or the platform secret storage needed to decrypt it.";
+exports.CHROME_COOKIE_APP_BOUND_UNSUPPORTED_ERROR = "Chrome app-bound cookie encryption on Windows is not supported by cloak yet.";
+const CHROMIUM_EPOCH_MICROSECONDS = 11644473600000000n;
+const POSIX_IV = Buffer.from(" ".repeat(16), "utf8");
+const POSIX_SALT = "saltysalt";
+const MAC_SAFE_STORAGE_SERVICE = "Chrome Safe Storage";
+const MAC_SAFE_STORAGE_ACCOUNT = "Chrome";
+const LINUX_V10_PASSWORD = "peanuts";
+const WINDOWS_DPAPI_KEY_PREFIX = Buffer.from("DPAPI", "utf8");
+const WINDOWS_APP_BOUND_KEY_PREFIX = Buffer.from("APPB", "utf8");
+function loadDatabaseConstructor() {
+    const sqlite = require("node:sqlite");
+    return sqlite.DatabaseSync;
+}
+function chromiumTimestampToUnixSeconds(timestamp) {
+    if (typeof timestamp === "bigint") {
+        return Number((timestamp - CHROMIUM_EPOCH_MICROSECONDS) / 1000000n);
+    }
+    return Math.trunc((timestamp - Number(CHROMIUM_EPOCH_MICROSECONDS)) / 1000000);
+}
+function normalizeChromeCookie(raw) {
+    const normalized = {
+        name: raw.name,
+        value: raw.value,
+        domain: raw.domain,
+        path: raw.path,
+        httpOnly: raw.HttpOnly,
+        secure: raw.Secure,
+        sameSite: raw.sameSite,
+    };
+    if (!isZeroChromiumTimestamp(raw.expires)) {
+        normalized.expires = chromiumTimestampToUnixSeconds(raw.expires);
+    }
+    return (0, cookies_js_1.normalizeCookie)(normalized);
+}
+function isZeroChromiumTimestamp(timestamp) {
+    return typeof timestamp === "bigint" ? timestamp === 0n : timestamp === 0;
+}
+async function readChromeCookies(options, getCookies = createChromeCookieReader()) {
+    const cookies = await getCookies(options.url, "puppeteer", options.profile);
+    return cookies.map(normalizeChromeCookie);
+}
+function createChromeCookieReader(dependencies = {}) {
+    return async (url, format, profile) => {
+        if (format !== "puppeteer") {
+            throw new Error("cloak only supports Chrome cookie export in puppeteer format");
+        }
+        const parsedUrl = parseCookieUrl(url);
+        const chromeUserDataDir = dependencies.chromeUserDataDir ?? (0, chrome_profiles_js_1.defaultChromeUserDataDir)();
+        const pathExists = dependencies.pathExists ?? node_fs_1.default.existsSync;
+        const makeTempDir = dependencies.makeTempDir ?? node_fs_1.default.mkdtempSync;
+        const copyFile = dependencies.copyFile ?? node_fs_1.default.copyFileSync;
+        const removeDir = dependencies.removeDir ?? node_fs_1.default.rmSync;
+        const queryRows = dependencies.queryRows ?? queryChromeCookieRows;
+        const sourcePath = (0, chrome_profile_sites_js_1.resolveChromeCookiesDatabasePath)({
+            chromeUserDataDir,
+            profileDirectory: profile ?? "Default",
+        }, {
+            pathExists,
+        });
+        if (!sourcePath) {
+            return [];
+        }
+        const tempRoot = makeTempDir(node_path_1.default.join(node_os_1.default.tmpdir(), "cloak-cookie-db-"));
+        const stagedPath = node_path_1.default.join(tempRoot, node_path_1.default.basename(sourcePath));
+        try {
+            copyFile(sourcePath, stagedPath);
+            copyOptionalSidecar(`${sourcePath}-wal`, `${stagedPath}-wal`, pathExists, copyFile);
+            copyOptionalSidecar(`${sourcePath}-shm`, `${stagedPath}-shm`, pathExists, copyFile);
+            const rows = queryRows(stagedPath, candidateChromeCookieHosts(parsedUrl.hostname));
+            const cryptoCache = {};
+            const cookies = [];
+            for (const row of rows) {
+                if (!chromeCookieMatchesUrl(row, parsedUrl)) {
+                    continue;
+                }
+                cookies.push(rowToPuppeteerCookie(row, {
+                    ...dependencies,
+                    chromeUserDataDir,
+                }, cryptoCache));
+            }
+            return cookies;
+        }
+        finally {
+            removeDir(tempRoot, { recursive: true, force: true });
+        }
+    };
+}
+function candidateChromeCookieHosts(hostname) {
+    const normalizedHost = hostname.trim().toLowerCase().replace(/\.$/, "");
+    if (!normalizedHost) {
+        return [];
+    }
+    const labels = normalizedHost.split(".");
+    const hosts = new Set();
+    for (let index = 0; index < labels.length; index += 1) {
+        const candidate = labels.slice(index).join(".");
+        hosts.add(candidate);
+        hosts.add(`.${candidate}`);
+    }
+    return [...hosts];
+}
+function chromeCookieMatchesUrl(row, url) {
+    if (toBoolean(row.is_secure) && url.protocol !== "https:") {
+        return false;
+    }
+    if (!hostMatchesCookieDomain(url.hostname, row.host_key)) {
+        return false;
+    }
+    return pathMatchesCookiePath(url.pathname || "/", row.path || "/");
+}
+function parseCookieUrl(url) {
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(url);
+    }
+    catch {
+        throw new Error("Could not parse URI, format should be http://www.example.com/path/");
+    }
+    if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+        throw new Error("Could not parse URI, format should be http://www.example.com/path/");
+    }
+    return parsedUrl;
+}
+function rowToPuppeteerCookie(row, dependencies, cryptoCache) {
+    const resolvedValue = resolveChromeCookieValue(row, dependencies, cryptoCache);
+    const cookie = {
+        name: row.name,
+        value: resolvedValue,
+        domain: row.host_key,
+        path: row.path,
+        expires: row.expires_utc,
+    };
+    if (toBoolean(row.is_secure)) {
+        cookie.Secure = true;
+    }
+    if (toBoolean(row.is_httponly)) {
+        cookie.HttpOnly = true;
+    }
+    const sameSite = databaseSameSiteToChromeSameSite(row.samesite);
+    if (sameSite) {
+        cookie.sameSite = sameSite;
+    }
+    return cookie;
+}
+function resolveChromeCookieValue(row, dependencies, cryptoCache) {
+    const encryptedValue = toBuffer(row.encrypted_value);
+    if (encryptedValue.length === 0) {
+        return row.value;
+    }
+    const decrypted = decryptChromeCookieValue(encryptedValue, row.host_key, dependencies, cryptoCache);
+    return stripEncryptedCookieDomainHash(decrypted, row.host_key).toString("utf8");
+}
+function decryptChromeCookieValue(encryptedValue, hostKey, dependencies, cryptoCache) {
+    const platform = dependencies.platform ?? process.platform;
+    if (platform === "darwin") {
+        return decryptPosixCookieValue(encryptedValue, getMacEncryptionKey(dependencies, cryptoCache));
+    }
+    if (platform === "linux") {
+        return decryptLinuxCookieValue(encryptedValue, dependencies, cryptoCache);
+    }
+    if (platform === "win32") {
+        return decryptWindowsCookieValue(encryptedValue, hostKey, dependencies, cryptoCache);
+    }
+    throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+}
+function decryptPosixCookieValue(encryptedValue, key) {
+    const version = encryptedValue.subarray(0, 3).toString("utf8");
+    if (version !== "v10" && version !== "v11") {
+        throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+    }
+    const decipher = (0, node_crypto_1.createDecipheriv)("aes-128-cbc", key, POSIX_IV);
+    return Buffer.concat([
+        decipher.update(encryptedValue.subarray(3)),
+        decipher.final(),
+    ]);
+}
+function decryptLinuxCookieValue(encryptedValue, dependencies, cryptoCache) {
+    const version = encryptedValue.subarray(0, 3).toString("utf8");
+    if (version === "v10") {
+        return decryptPosixCookieValue(encryptedValue, derivePosixKey(LINUX_V10_PASSWORD, 1));
+    }
+    if (version === "v11") {
+        const key = getLinuxV11EncryptionKey(dependencies, cryptoCache);
+        if (key) {
+            return decryptPosixCookieValue(encryptedValue, key);
+        }
+        return decryptPosixCookieValue(encryptedValue, derivePosixKey("", 1));
+    }
+    throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+}
+function decryptWindowsCookieValue(encryptedValue, _hostKey, dependencies, cryptoCache) {
+    const version = encryptedValue.subarray(0, 3).toString("utf8");
+    if (version === "v20") {
+        throw new Error(exports.CHROME_COOKIE_APP_BOUND_UNSUPPORTED_ERROR);
+    }
+    if (version !== "v10") {
+        return decryptWindowsDpapi(encryptedValue, dependencies);
+    }
+    const key = getWindowsEncryptionKey(dependencies, cryptoCache);
+    const nonce = encryptedValue.subarray(3, 15);
+    const ciphertext = encryptedValue.subarray(15, encryptedValue.length - 16);
+    const authTag = encryptedValue.subarray(encryptedValue.length - 16);
+    const decipher = (0, node_crypto_1.createDecipheriv)("aes-256-gcm", key, nonce);
+    decipher.setAuthTag(authTag);
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+function getMacEncryptionKey(dependencies, cryptoCache) {
+    if (cryptoCache.macKey) {
+        return cryptoCache.macKey;
+    }
+    const password = runCommand(dependencies, "security", [
+        "find-generic-password",
+        "-w",
+        "-s",
+        MAC_SAFE_STORAGE_SERVICE,
+        "-a",
+        MAC_SAFE_STORAGE_ACCOUNT,
+    ]).trimEnd();
+    if (!password) {
+        throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+    }
+    cryptoCache.macKey = derivePosixKey(password, 1003);
+    return cryptoCache.macKey;
+}
+function getLinuxV11EncryptionKey(dependencies, cryptoCache) {
+    if (cryptoCache.linuxV11Key !== undefined) {
+        return cryptoCache.linuxV11Key;
+    }
+    try {
+        const password = runCommand(dependencies, "secret-tool", [
+            "lookup",
+            "xdg:schema",
+            "chrome_libsecret_os_crypt_password",
+        ]).trimEnd();
+        cryptoCache.linuxV11Key =
+            password.length > 0 ? derivePosixKey(password, 1) : null;
+    }
+    catch {
+        cryptoCache.linuxV11Key = null;
+    }
+    return cryptoCache.linuxV11Key;
+}
+function getWindowsEncryptionKey(dependencies, cryptoCache) {
+    if (cryptoCache.windowsKey) {
+        return cryptoCache.windowsKey;
+    }
+    const chromeUserDataDir = dependencies.chromeUserDataDir ?? (0, chrome_profiles_js_1.defaultChromeUserDataDir)();
+    const readFile = dependencies.readFile ?? ((targetPath) => node_fs_1.default.readFileSync(targetPath, "utf8"));
+    const localStatePath = node_path_1.default.join(chromeUserDataDir, "Local State");
+    const localState = JSON.parse(readFile(localStatePath));
+    const encodedKey = localState.os_crypt?.encrypted_key;
+    if (!encodedKey) {
+        throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+    }
+    const encryptedKey = Buffer.from(encodedKey, "base64");
+    if (encryptedKey.subarray(0, WINDOWS_APP_BOUND_KEY_PREFIX.length).equals(WINDOWS_APP_BOUND_KEY_PREFIX)) {
+        throw new Error(exports.CHROME_COOKIE_APP_BOUND_UNSUPPORTED_ERROR);
+    }
+    if (!encryptedKey.subarray(0, WINDOWS_DPAPI_KEY_PREFIX.length).equals(WINDOWS_DPAPI_KEY_PREFIX)) {
+        throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+    }
+    cryptoCache.windowsKey = decryptWindowsDpapi(encryptedKey.subarray(WINDOWS_DPAPI_KEY_PREFIX.length), dependencies);
+    return cryptoCache.windowsKey;
+}
+function decryptWindowsDpapi(encryptedValue, dependencies) {
+    const script = [
+        "$inputBase64 = $args[0]",
+        "$bytes = [Convert]::FromBase64String($inputBase64)",
+        "$plain = [System.Security.Cryptography.ProtectedData]::Unprotect(",
+        "  $bytes,",
+        "  $null,",
+        "  [System.Security.Cryptography.DataProtectionScope]::CurrentUser",
+        ")",
+        "[Console]::Out.Write([Convert]::ToBase64String($plain))",
+    ].join("; ");
+    const base64Value = encryptedValue.toString("base64");
+    const binaries = ["powershell.exe", "powershell", "pwsh"];
+    for (const binary of binaries) {
+        try {
+            const output = runCommand(dependencies, binary, [
+                "-NoProfile",
+                "-NonInteractive",
+                "-Command",
+                script,
+                base64Value,
+            ]).trim();
+            return Buffer.from(output, "base64");
+        }
+        catch {
+            continue;
+        }
+    }
+    throw new Error(exports.CHROME_COOKIE_SUPPORT_MISSING_ERROR);
+}
+function derivePosixKey(password, iterations) {
+    return (0, node_crypto_1.pbkdf2Sync)(password, POSIX_SALT, iterations, 16, "sha1");
+}
+function stripEncryptedCookieDomainHash(decryptedValue, hostKey) {
+    const domainHash = (0, node_crypto_1.createHash)("sha256").update(hostKey).digest();
+    if (decryptedValue.length < domainHash.length) {
+        return decryptedValue;
+    }
+    if (decryptedValue.subarray(0, domainHash.length).equals(domainHash)) {
+        return decryptedValue.subarray(domainHash.length);
+    }
+    return decryptedValue;
+}
+function hostMatchesCookieDomain(hostname, cookieDomain) {
+    const normalizedHost = hostname.toLowerCase().replace(/\.$/, "");
+    const normalizedDomain = cookieDomain.toLowerCase().replace(/^\./, "").replace(/\.$/, "");
+    const isDomainCookie = cookieDomain.startsWith(".");
+    if (!isDomainCookie) {
+        return normalizedHost === normalizedDomain;
+    }
+    return (normalizedHost === normalizedDomain ||
+        normalizedHost.endsWith(`.${normalizedDomain}`));
+}
+function pathMatchesCookiePath(requestPath, cookiePath) {
+    const normalizedRequestPath = requestPath || "/";
+    const normalizedCookiePath = cookiePath || "/";
+    if (normalizedRequestPath === normalizedCookiePath) {
+        return true;
+    }
+    if (!normalizedRequestPath.startsWith(normalizedCookiePath)) {
+        return false;
+    }
+    if (normalizedCookiePath.endsWith("/")) {
+        return true;
+    }
+    return normalizedRequestPath.charAt(normalizedCookiePath.length) === "/";
+}
+function databaseSameSiteToChromeSameSite(sameSite) {
+    const normalizedSameSite = typeof sameSite === "bigint" ? Number(sameSite) : sameSite;
+    switch (normalizedSameSite) {
+        case 0:
+            return "no_restriction";
+        case 1:
+            return "lax";
+        case 2:
+            return "strict";
+        default:
+            return undefined;
+    }
+}
+function queryChromeCookieRows(databasePath, hostKeys) {
+    if (hostKeys.length === 0) {
+        return [];
+    }
+    const DatabaseSync = loadDatabaseConstructor();
+    const database = new DatabaseSync(databasePath, {
+        readOnly: true,
+    });
+    try {
+        const placeholders = hostKeys.map(() => "?").join(", ");
+        const statement = database.prepare([
+            "SELECT",
+            "host_key,",
+            "path,",
+            "is_secure,",
+            "expires_utc,",
+            "name,",
+            "value,",
+            "encrypted_value,",
+            "creation_utc,",
+            "is_httponly,",
+            "samesite",
+            "FROM cookies",
+            `WHERE host_key IN (${placeholders})`,
+            "ORDER BY LENGTH(path) DESC, creation_utc ASC",
+        ].join(" "));
+        statement.setReadBigInts?.(true);
+        return statement.all(...hostKeys);
+    }
+    finally {
+        database.close();
+    }
+}
+function copyOptionalSidecar(sourcePath, targetPath, pathExists, copyFile) {
+    if (!pathExists(sourcePath)) {
+        return;
+    }
+    copyFile(sourcePath, targetPath);
+}
+function runCommand(dependencies, command, args) {
+    const invoke = dependencies.runCommand ??
+        ((binary, binaryArgs) => (0, node_child_process_1.execFileSync)(binary, binaryArgs, {
+            encoding: "utf8",
+            windowsHide: true,
+        }));
+    return invoke(command, args);
+}
+function toBoolean(value) {
+    if (typeof value === "bigint") {
+        return value !== 0n;
+    }
+    return value !== 0;
+}
+function toBuffer(value) {
+    return value ? Buffer.from(value) : Buffer.alloc(0);
+}

package/dist/chrome-profile-sites.js

@@ -0,0 +1,155 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeCookieHosts = normalizeCookieHosts;
+exports.siteHostToUrl = siteHostToUrl;
+exports.listChromeProfileCookieUrls = listChromeProfileCookieUrls;
+exports.resolveChromeCookiesDatabasePath = resolveChromeCookiesDatabasePath;
+exports.listChromeProfileSites = listChromeProfileSites;
+exports.formatChromeProfileSitesReport = formatChromeProfileSitesReport;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_net_1 = __importDefault(require("node:net"));
+const node_os_1 = __importDefault(require("node:os"));
+const node_path_1 = __importDefault(require("node:path"));
+const chrome_profiles_js_1 = require("./chrome-profiles.js");
+function loadDatabaseConstructor() {
+    const sqlite = require("node:sqlite");
+    return sqlite.DatabaseSync;
+}
+function normalizeCookieHosts(hosts) {
+    const seen = new Set();
+    const normalized = [];
+    for (const host of hosts) {
+        const candidate = host.trim().toLowerCase().replace(/^\.+/, "");
+        if (!candidate || seen.has(candidate)) {
+            continue;
+        }
+        seen.add(candidate);
+        normalized.push(candidate);
+    }
+    return normalized.sort((left, right) => left.localeCompare(right));
+}
+function siteHostToUrl(host) {
+    const ipCandidate = host.startsWith("[") && host.endsWith("]") ? host.slice(1, -1) : host;
+    const protocol = host === "localhost" || node_net_1.default.isIP(ipCandidate) !== 0 ? "http" : "https";
+    return `${protocol}://${host}`;
+}
+async function listChromeProfileCookieUrls(options, dependencies = {}) {
+    const chromeUserDataDir = dependencies.chromeUserDataDir ?? (0, chrome_profiles_js_1.defaultChromeUserDataDir)();
+    const readCookieHosts = dependencies.readCookieHosts ?? readCookieHostsForChromeProfile;
+    const hosts = await readCookieHosts({
+        chromeUserDataDir,
+        profileDirectory: options.profileDirectory,
+    }, {
+        ...dependencies,
+        chromeUserDataDir,
+    });
+    return hosts.map(siteHostToUrl);
+}
+function resolveChromeCookiesDatabasePath(options, dependencies = {}) {
+    const pathExists = dependencies.pathExists ?? node_fs_1.default.existsSync;
+    const profileDir = node_path_1.default.join(options.chromeUserDataDir, options.profileDirectory);
+    const candidates = [
+        node_path_1.default.join(profileDir, "Network", "Cookies"),
+        node_path_1.default.join(profileDir, "Cookies"),
+    ];
+    return candidates.find((candidate) => pathExists(candidate));
+}
+async function readCookieHostsForChromeProfile(options, dependencies = {}) {
+    const pathExists = dependencies.pathExists ?? node_fs_1.default.existsSync;
+    const makeTempDir = dependencies.makeTempDir ?? node_fs_1.default.mkdtempSync;
+    const copyFile = dependencies.copyFile ?? node_fs_1.default.copyFileSync;
+    const removeDir = dependencies.removeDir ?? node_fs_1.default.rmSync;
+    const queryHosts = dependencies.queryHosts ?? queryDistinctCookieHosts;
+    const sourcePath = resolveChromeCookiesDatabasePath(options, {
+        pathExists,
+    });
+    if (!sourcePath) {
+        return [];
+    }
+    const tempRoot = makeTempDir(node_path_1.default.join(node_os_1.default.tmpdir(), "cloak-cookie-db-"));
+    const stagedPath = node_path_1.default.join(tempRoot, node_path_1.default.basename(sourcePath));
+    try {
+        copyFile(sourcePath, stagedPath);
+        copyOptionalSidecar(`${sourcePath}-wal`, `${stagedPath}-wal`, pathExists, copyFile);
+        copyOptionalSidecar(`${sourcePath}-shm`, `${stagedPath}-shm`, pathExists, copyFile);
+        const hosts = await queryHosts(stagedPath);
+        return normalizeCookieHosts(hosts);
+    }
+    catch {
+        return [];
+    }
+    finally {
+        removeDir(tempRoot, { recursive: true, force: true });
+    }
+}
+async function listChromeProfileSites(dependencies = {}) {
+    const chromeUserDataDir = dependencies.chromeUserDataDir ?? (0, chrome_profiles_js_1.defaultChromeUserDataDir)();
+    const listProfiles = dependencies.listProfiles ?? chrome_profiles_js_1.listChromeProfiles;
+    const readCookieHosts = dependencies.readCookieHosts ?? readCookieHostsForChromeProfile;
+    const profiles = listProfiles({ chromeUserDataDir });
+    return Promise.all(profiles.map(async (profile) => {
+        const hosts = await readCookieHosts({
+            chromeUserDataDir,
+            profileDirectory: profile.directory,
+        }, {
+            chromeUserDataDir,
+        });
+        return {
+            ...profile,
+            sites: hosts.map((host) => ({
+                host,
+                url: siteHostToUrl(host),
+            })),
+        };
+    }));
+}
+function formatChromeProfileSitesReport(profiles) {
+    if (profiles.length === 0) {
+        return "No Chrome profiles found.\n";
+    }
+    const lines = [];
+    for (const profile of profiles) {
+        const label = profile.accountName ?? profile.name;
+        const countLabel = `${profile.sites.length} ${profile.sites.length === 1 ? "site" : "sites"}`;
+        lines.push(`${profile.directory}: ${label} (${countLabel})`);
+        if (profile.sites.length === 0) {
+            lines.push("  (no cookie-bearing sites found)");
+        }
+        else {
+            for (const site of profile.sites) {
+                lines.push(`  ${site.host}`);
+            }
+        }
+        lines.push("");
+    }
+    return `${lines.join("\n").trimEnd()}\n`;
+}
+function copyOptionalSidecar(sourcePath, targetPath, pathExists, copyFile) {
+    if (!pathExists(sourcePath)) {
+        return;
+    }
+    copyFile(sourcePath, targetPath);
+}
+async function queryDistinctCookieHosts(databasePath) {
+    const DatabaseSync = loadDatabaseConstructor();
+    const database = new DatabaseSync(databasePath);
+    try {
+        const rows = database
+            .prepare([
+            "SELECT DISTINCT host_key",
+            "FROM cookies",
+            "WHERE host_key IS NOT NULL AND host_key != ''",
+            "ORDER BY host_key COLLATE NOCASE",
+        ].join(" "))
+            .all();
+        return rows
+            .map((row) => row.host_key ?? "")
+            .filter((host) => host.length > 0);
+    }
+    finally {
+        database.close();
+    }
+}

package/dist/chrome-profiles.js

@@ -0,0 +1,71 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultChromeUserDataDir = defaultChromeUserDataDir;
+exports.listChromeProfiles = listChromeProfiles;
+exports.hasChromeUserDataDir = hasChromeUserDataDir;
+const node_path_1 = __importDefault(require("node:path"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_os_1 = __importDefault(require("node:os"));
+function defaultChromeUserDataDir() {
+    const platform = node_os_1.default.platform();
+    const home = node_os_1.default.homedir();
+    if (platform === "darwin") {
+        return node_path_1.default.join(home, "Library", "Application Support", "Google", "Chrome");
+    }
+    if (platform === "win32") {
+        return node_path_1.default.join(home, "AppData", "Local", "Google", "Chrome", "User Data");
+    }
+    // Linux
+    return node_path_1.default.join(home, ".config", "google-chrome");
+}
+function readProfileInfo(prefsPath, readFile) {
+    try {
+        const raw = readFile(prefsPath);
+        const prefs = JSON.parse(raw);
+        const name = prefs?.profile?.name;
+        if (name === undefined)
+            return undefined;
+        const accountName = prefs?.account_info?.[0]?.full_name || undefined;
+        return { name, accountName };
+    }
+    catch {
+        return undefined;
+    }
+}
+function listChromeProfiles(dependencies = {}) {
+    const userDataDir = dependencies.chromeUserDataDir ?? defaultChromeUserDataDir();
+    const readdir = dependencies.readdir ?? ((dir) => node_fs_1.default.readdirSync(dir));
+    const readFile = dependencies.readFile ?? ((p) => node_fs_1.default.readFileSync(p, "utf8"));
+    let entries;
+    try {
+        entries = readdir(userDataDir);
+    }
+    catch {
+        return [];
+    }
+    const profiles = [];
+    for (const entry of entries) {
+        if (entry !== "Default" && !entry.startsWith("Profile ")) {
+            continue;
+        }
+        const prefsPath = node_path_1.default.join(userDataDir, entry, "Preferences");
+        const info = readProfileInfo(prefsPath, readFile);
+        if (info !== undefined) {
+            profiles.push({
+                directory: entry,
+                name: info.name,
+                ...(info.accountName ? { accountName: info.accountName } : {}),
+            });
+        }
+    }
+    profiles.sort((a, b) => a.directory.localeCompare(b.directory));
+    return profiles;
+}
+function hasChromeUserDataDir(dependencies = {}) {
+    const userDataDir = dependencies.chromeUserDataDir ?? defaultChromeUserDataDir();
+    const pathExists = dependencies.pathExists ?? node_fs_1.default.existsSync;
+    return pathExists(userDataDir);
+}