doordash-cli 0.3.3 → 0.4.1

package/dist/direct-api.test.js

@@ -1,6 +1,6 @@
 import test from "node:test";
 import assert from "node:assert/strict";
-import { buildAddConsumerAddressPayload, buildAddToCartPayload, buildUpdateCartPayload, extractExistingOrdersFromApolloCache, hasDoorDashCookies, normalizeItemName, parseExistingOrderLifecycleStatus, parseExistingOrdersResponse, parseOptionSelectionsJson, parseSearchRestaurantRow, resolveAvailableAddressMatch, selectManagedBrowserImportMode, } from "./direct-api.js";
+import { bootstrapAuthSessionWithDeps, buildAddConsumerAddressPayload, buildAddToCartPayload, buildUpdateCartPayload, extractExistingOrdersFromApolloCache, normalizeItemName, parseExistingOrderLifecycleStatus, parseExistingOrdersResponse, parseOptionSelectionsJson, parseSearchRestaurantRow, resolveAttachedBrowserCdpCandidates, resolveAvailableAddressMatch, resolveSystemBrowserOpenCommand, selectAttachedBrowserImportMode, summarizeDesktopBrowserReuseGap, } from "./direct-api.js";
 function configurableItemDetail() {
     return {
         success: true,
@@ -144,25 +144,540 @@ test("parseSearchRestaurantRow extracts restaurant metadata from facet rows", ()
         url: "https://www.doordash.com/store/24633898/?pickup=false",
     });
 });
-test("managed browser import falls back to cookie reuse without opening a DoorDash page", () => {
-    const cookies = [{ domain: ".doordash.com" }];
-    assert.equal(hasDoorDashCookies(cookies), true);
-    assert.equal(selectManagedBrowserImportMode({ pageUrls: [], cookies }), "cookies");
+test("resolveAttachedBrowserCdpCandidates prioritizes explicit envs, compatibility envs, config, and defaults", () => {
+    const env = {
+        DOORDASH_BROWSER_CDP_URLS: "http://127.0.0.1:9555/, http://127.0.0.1:9556",
+        DOORDASH_ATTACHED_BROWSER_CDP_URL: "http://127.0.0.1:9666/",
+        DOORDASH_BROWSER_CDP_PORTS: "9333, 9334",
+        DOORDASH_BROWSER_CDP_PORT: "9444",
+        OPENCLAW_BROWSER_CDP_URL: "http://127.0.0.1:18888/",
+    };
+    const candidates = resolveAttachedBrowserCdpCandidates(env, ["http://127.0.0.1:9777"]);
+    assert.deepEqual(candidates.slice(0, 7), [
+        "http://127.0.0.1:9555",
+        "http://127.0.0.1:9556",
+        "http://127.0.0.1:9666",
+        "http://127.0.0.1:9333",
+        "http://127.0.0.1:9334",
+        "http://127.0.0.1:9444",
+        "http://127.0.0.1:18888",
+    ]);
+    assert.ok(candidates.includes("http://127.0.0.1:9777"));
+    assert.ok(candidates.includes("http://127.0.0.1:18792"));
+    assert.ok(candidates.includes("http://127.0.0.1:18800"));
+    assert.ok(candidates.includes("http://127.0.0.1:9222"));
 });
-test("managed browser import prefers an existing DoorDash page when one is already open", () => {
-    const cookies = [{ domain: ".doordash.com" }];
-    assert.equal(selectManagedBrowserImportMode({
-        pageUrls: ["https://github.com/LatencyTDH/doordash-cli/pulls", "https://www.doordash.com/home"],
-        cookies,
-    }), "page");
+test("resolveSystemBrowserOpenCommand stays generic across operating systems", () => {
+    assert.deepEqual(resolveSystemBrowserOpenCommand("https://www.doordash.com/home", "darwin"), {
+        command: "open",
+        args: ["https://www.doordash.com/home"],
+    });
+    assert.deepEqual(resolveSystemBrowserOpenCommand("https://www.doordash.com/home", "linux"), {
+        command: "xdg-open",
+        args: ["https://www.doordash.com/home"],
+    });
+    assert.deepEqual(resolveSystemBrowserOpenCommand("https://www.doordash.com/home", "win32"), {
+        command: "cmd",
+        args: ["/c", "start", "", "https://www.doordash.com/home"],
+    });
 });
-test("managed browser import skips unrelated browser contexts", () => {
-    assert.equal(hasDoorDashCookies([{ domain: ".github.com" }]), false);
-    assert.equal(selectManagedBrowserImportMode({
+test("summarizeDesktopBrowserReuseGap explains why a merely-open Brave window is not reusable", () => {
+    const message = summarizeDesktopBrowserReuseGap({
+        processCommands: [
+            "/bin/bash /usr/bin/brave-browser-stable",
+            "/opt/brave.com/brave/brave",
+            "/opt/brave.com/brave/brave --type=renderer",
+        ],
+        hasAnyDevToolsActivePort: false,
+    });
+    assert.match(message ?? "", /Brave is already running on this desktop/i);
+    assert.match(message ?? "", /normal open browser window is not automatically reusable/i);
+    assert.match(message ?? "", /attach to/i);
+});
+test("summarizeDesktopBrowserReuseGap stays quiet once the browser exposes attach signals", () => {
+    assert.equal(summarizeDesktopBrowserReuseGap({
+        processCommands: ["/bin/bash /usr/bin/brave-browser-stable --remote-debugging-port=9222"],
+        hasAnyDevToolsActivePort: false,
+    }), null);
+    assert.equal(summarizeDesktopBrowserReuseGap({
+        processCommands: ["/bin/bash /usr/bin/brave-browser-stable"],
+        hasAnyDevToolsActivePort: true,
+    }), null);
+});
+test("selectAttachedBrowserImportMode treats an authenticated browser with DoorDash cookies as an immediate import candidate", () => {
+    assert.equal(selectAttachedBrowserImportMode({
+        pageUrls: ["https://github.com/LatencyTDH/doordash-cli/pulls"],
+        cookies: [{ domain: ".doordash.com" }],
+    }), "cookies");
+    assert.equal(selectAttachedBrowserImportMode({
+        pageUrls: ["https://www.doordash.com/home"],
+        cookies: [{ domain: ".github.com" }],
+    }), "page");
+    assert.equal(selectAttachedBrowserImportMode({
         pageUrls: ["https://github.com/LatencyTDH/doordash-cli"],
         cookies: [{ domain: ".github.com" }],
     }), "skip");
 });
+test("bootstrapAuthSessionWithDeps returns immediately when saved local auth is already valid", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let importCalls = 0;
+    let openCalls = 0;
+    let waitCalls = 0;
+    let markCalls = 0;
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => auth,
+        importBrowserSessionIfAvailable: async () => {
+            importCalls += 1;
+            return true;
+        },
+        markBrowserImportAttempted: () => {
+            markCalls += 1;
+        },
+        getAttachedBrowserCdpCandidates: async () => {
+            throw new Error("should not inspect candidates when saved auth is already valid");
+        },
+        getReachableCdpCandidates: async () => {
+            throw new Error("should not probe reachability when saved auth is already valid");
+        },
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => {
+            throw new Error("should not try to open an attached browser when saved auth is already valid");
+        },
+        openUrlInDefaultBrowser: async () => {
+            openCalls += 1;
+            return true;
+        },
+        waitForAttachedBrowserSessionImport: async () => {
+            waitCalls += 1;
+            return true;
+        },
+        waitForManagedBrowserLogin: async () => {
+            throw new Error("should not launch a managed browser when saved auth is already valid");
+        },
+        canPromptForManagedBrowserConfirmation: () => false,
+        checkAuthDirect: async () => {
+            throw new Error("should not re-check auth through the live session when saved auth is already valid");
+        },
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.equal(importCalls, 0);
+    assert.equal(markCalls, 0);
+    assert.equal(openCalls, 0);
+    assert.equal(waitCalls, 0);
+    assert.equal(logs.length, 0);
+    assert.equal(result.isLoggedIn, true);
+    assert.match(result.message, /Already signed in with saved local DoorDash session state/);
+});
+test("bootstrapAuthSessionWithDeps returns immediately when an attached browser session is already authenticated", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let openCalls = 0;
+    let waitCalls = 0;
+    let markCalls = 0;
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => true,
+        markBrowserImportAttempted: () => {
+            markCalls += 1;
+        },
+        getAttachedBrowserCdpCandidates: async () => {
+            throw new Error("should not inspect candidates on immediate browser-session import");
+        },
+        getReachableCdpCandidates: async () => {
+            throw new Error("should not probe reachability on immediate browser-session import");
+        },
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => {
+            throw new Error("should not open a browser when immediate browser-session import succeeded");
+        },
+        openUrlInDefaultBrowser: async () => {
+            openCalls += 1;
+            return true;
+        },
+        waitForAttachedBrowserSessionImport: async () => {
+            waitCalls += 1;
+            return true;
+        },
+        waitForManagedBrowserLogin: async () => {
+            throw new Error("should not launch a managed browser when immediate browser-session import succeeded");
+        },
+        canPromptForManagedBrowserConfirmation: () => false,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.equal(markCalls, 1);
+    assert.equal(openCalls, 0);
+    assert.equal(waitCalls, 0);
+    assert.equal(logs.length, 0);
+    assert.equal(result.isLoggedIn, true);
+    assert.match(result.message, /Imported an existing signed-in browser session/);
+});
+test("bootstrapAuthSessionWithDeps opens a watchable attached browser session before entering the full wait path", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let openAttachedCalls = 0;
+    let openDefaultCalls = 0;
+    let waitCalls = 0;
+    let reachableCalls = 0;
+    let waitTimeoutMs = 0;
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => false,
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => ["http://127.0.0.1:9222"],
+        getReachableCdpCandidates: async (candidates) => {
+            reachableCalls += 1;
+            return candidates;
+        },
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => {
+            openAttachedCalls += 1;
+            return true;
+        },
+        openUrlInDefaultBrowser: async () => {
+            openDefaultCalls += 1;
+            return true;
+        },
+        waitForAttachedBrowserSessionImport: async (input) => {
+            waitCalls += 1;
+            waitTimeoutMs = input.timeoutMs;
+            return true;
+        },
+        waitForManagedBrowserLogin: async () => {
+            throw new Error("should not launch a managed browser when an attached browser is reachable");
+        },
+        canPromptForManagedBrowserConfirmation: () => false,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.equal(reachableCalls, 1);
+    assert.equal(openAttachedCalls, 1);
+    assert.equal(openDefaultCalls, 0);
+    assert.equal(waitCalls, 1);
+    assert.equal(waitTimeoutMs, 180_000);
+    assert.match(logs.join("\n"), /Opened DoorDash in the attachable browser session I'm watching/);
+    assert.match(logs.join("\n"), /Detected 1 attachable browser session/);
+    assert.match(result.message, /saved it for direct API use/);
+});
+test("bootstrapAuthSessionWithDeps falls back to a managed browser login window and auto-completes when it can prove login", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let managedCalls = 0;
+    let attachedWaitCalls = 0;
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => false,
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => ["http://127.0.0.1:9222"],
+        getReachableCdpCandidates: async () => [],
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => false,
+        openUrlInDefaultBrowser: async () => true,
+        waitForAttachedBrowserSessionImport: async () => {
+            attachedWaitCalls += 1;
+            return false;
+        },
+        waitForManagedBrowserLogin: async () => {
+            managedCalls += 1;
+            return {
+                status: "completed",
+                completion: "automatic",
+                auth,
+            };
+        },
+        canPromptForManagedBrowserConfirmation: () => true,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.equal(managedCalls, 1);
+    assert.equal(attachedWaitCalls, 0);
+    assert.match(logs.join("\n"), /temporary Chromium login window/);
+    assert.match(logs.join("\n"), /press Enter here to force an immediate recheck/i);
+    assert.match(result.message, /detected the signed-in session there automatically/i);
+    assert.equal(result.success, true);
+    assert.equal(result.isLoggedIn, true);
+});
+test("bootstrapAuthSessionWithDeps logs why an already-open desktop browser still is not reusable", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => false,
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => [],
+        getReachableCdpCandidates: async () => [],
+        describeDesktopBrowserReuseGap: async () => "I can see Brave is already running on this desktop, but it is not exposing an attachable browser automation session right now.",
+        openUrlInAttachedBrowser: async () => false,
+        openUrlInDefaultBrowser: async () => true,
+        waitForAttachedBrowserSessionImport: async () => false,
+        waitForManagedBrowserLogin: async () => ({
+            status: "completed",
+            completion: "automatic",
+            auth,
+        }),
+        canPromptForManagedBrowserConfirmation: () => true,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.match(logs.join("\n"), /Brave is already running on this desktop/i);
+    assert.match(logs.join("\n"), /couldn't find an attachable browser session I can reuse/i);
+    assert.equal(result.success, true);
+    assert.equal(result.isLoggedIn, true);
+});
+test("bootstrapAuthSessionWithDeps restores an explicit Enter-style completion path for the managed browser fallback", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => false,
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => [],
+        getReachableCdpCandidates: async () => [],
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => false,
+        openUrlInDefaultBrowser: async () => true,
+        waitForAttachedBrowserSessionImport: async () => false,
+        waitForManagedBrowserLogin: async () => ({
+            status: "completed",
+            completion: "manual",
+            auth,
+        }),
+        canPromptForManagedBrowserConfirmation: () => true,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.match(logs.join("\n"), /press Enter here to force an immediate recheck/i);
+    assert.match(result.message, /After you pressed Enter to confirm the browser login was complete/i);
+    assert.equal(result.success, true);
+    assert.equal(result.isLoggedIn, true);
+});
+test("bootstrapAuthSessionWithDeps returns a bounded failure instead of a dead-end when managed browser auto-detection cannot prove login", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: false,
+        email: null,
+        firstName: null,
+        lastName: null,
+        consumerId: null,
+        marketId: null,
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let attachedWaitCalls = 0;
+    let attachedWaitTimeoutMs = 0;
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => false,
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => ["http://127.0.0.1:9222"],
+        getReachableCdpCandidates: async () => [],
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => false,
+        openUrlInDefaultBrowser: async () => true,
+        waitForAttachedBrowserSessionImport: async (input) => {
+            attachedWaitCalls += 1;
+            attachedWaitTimeoutMs = input.timeoutMs;
+            return false;
+        },
+        waitForManagedBrowserLogin: async () => ({
+            status: "timed-out",
+            auth,
+        }),
+        canPromptForManagedBrowserConfirmation: () => true,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.equal(attachedWaitCalls, 0);
+    assert.equal(attachedWaitTimeoutMs, 0);
+    assert.match(logs.join("\n"), /temporary Chromium login window/i);
+    assert.match(logs.join("\n"), /press Enter here to force an immediate recheck/i);
+    assert.equal(result.success, false);
+    assert.equal(result.isLoggedIn, false);
+    assert.match(result.message, /couldn't prove an authenticated DoorDash session/i);
+    assert.match(result.message, /press Enter sooner next time/i);
+});
+test("bootstrapAuthSessionWithDeps falls back to quick troubleshooting guidance when the managed browser login window cannot launch", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: false,
+        email: null,
+        firstName: null,
+        lastName: null,
+        consumerId: null,
+        marketId: null,
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let attachedWaitCalls = 0;
+    let attachedWaitTimeoutMs = 0;
+    const logs = [];
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => { },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => false,
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => ["http://127.0.0.1:9222"],
+        getReachableCdpCandidates: async () => [],
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => false,
+        openUrlInDefaultBrowser: async () => true,
+        waitForAttachedBrowserSessionImport: async (input) => {
+            attachedWaitCalls += 1;
+            attachedWaitTimeoutMs = input.timeoutMs;
+            return false;
+        },
+        waitForManagedBrowserLogin: async () => ({ status: "launch-failed" }),
+        canPromptForManagedBrowserConfirmation: () => true,
+        checkAuthDirect: async () => auth,
+        log: (message) => {
+            logs.push(message);
+        },
+    });
+    assert.equal(attachedWaitCalls, 1);
+    assert.equal(attachedWaitTimeoutMs, 10_000);
+    assert.match(logs.join("\n"), /couldn't launch the temporary Chromium login window/i);
+    assert.match(logs.join("\n"), /won't keep you waiting for the full login timeout/i);
+    assert.equal(result.success, false);
+    assert.equal(result.isLoggedIn, false);
+    assert.match(result.message, /still isn't exposing an attachable browser session/);
+});
+test("bootstrapAuthSessionWithDeps clears the logout block before an explicit login reuses an attached browser session", async () => {
+    const auth = {
+        success: true,
+        isLoggedIn: true,
+        email: "user@example.com",
+        firstName: "Test",
+        lastName: "User",
+        consumerId: "consumer-1",
+        marketId: "market-1",
+        defaultAddress: null,
+        cookiesPath: "/tmp/cookies.json",
+        storageStatePath: "/tmp/storage-state.json",
+    };
+    let blocked = true;
+    let clearCalls = 0;
+    let importCalls = 0;
+    const result = await bootstrapAuthSessionWithDeps({
+        clearBlockedBrowserImport: async () => {
+            clearCalls += 1;
+            blocked = false;
+        },
+        checkPersistedAuth: async () => null,
+        importBrowserSessionIfAvailable: async () => {
+            importCalls += 1;
+            return blocked === false;
+        },
+        markBrowserImportAttempted: () => { },
+        getAttachedBrowserCdpCandidates: async () => [],
+        getReachableCdpCandidates: async () => [],
+        describeDesktopBrowserReuseGap: async () => null,
+        openUrlInAttachedBrowser: async () => false,
+        openUrlInDefaultBrowser: async () => false,
+        waitForAttachedBrowserSessionImport: async () => false,
+        waitForManagedBrowserLogin: async () => {
+            throw new Error("should not launch a managed browser when explicit login can immediately reuse an attached browser session");
+        },
+        canPromptForManagedBrowserConfirmation: () => false,
+        checkAuthDirect: async () => auth,
+        log: () => { },
+    });
+    assert.equal(clearCalls, 1);
+    assert.equal(importCalls, 1);
+    assert.equal(result.success, true);
+    assert.equal(result.isLoggedIn, true);
+    assert.match(result.message, /Imported an existing signed-in browser session/);
+});
 test("parseOptionSelectionsJson parses structured recursive option selections", () => {
     assert.deepEqual(parseOptionSelectionsJson('[{"groupId":"703393388","optionId":"4716032529"},{"groupId":"recommended_option_546935995","optionId":"546936011","children":[{"groupId":"780057412","optionId":"4702669757","quantity":2}]}]'), [
         { groupId: "703393388", optionId: "4716032529" },

package/dist/session-storage.d.ts

@@ -1,3 +1,4 @@
 export declare function getSessionConfigDir(): string;
 export declare function getCookiesPath(): string;
 export declare function getStorageStatePath(): string;
+export declare function getBrowserImportBlockPath(): string;

package/dist/session-storage.js

@@ -5,6 +5,7 @@ import { join } from "node:path";
 const SESSION_CONFIG_DIR = join(homedir(), ".config", "striderlabs-mcp-doordash");
 const COOKIES_FILE = join(SESSION_CONFIG_DIR, "cookies.json");
 const STORAGE_STATE_FILE = join(SESSION_CONFIG_DIR, "storage-state.json");
+const BROWSER_IMPORT_BLOCK_FILE = join(SESSION_CONFIG_DIR, "browser-import-blocked");
 export function getSessionConfigDir() {
     return SESSION_CONFIG_DIR;
 }
@@ -14,3 +15,6 @@ export function getCookiesPath() {
 export function getStorageStatePath() {
     return STORAGE_STATE_FILE;
 }
+export function getBrowserImportBlockPath() {
+    return BROWSER_IMPORT_BLOCK_FILE;
+}

package/dist/session-storage.test.js

@@ -2,10 +2,11 @@ import test from "node:test";
 import assert from "node:assert/strict";
 import { homedir } from "node:os";
 import { join } from "node:path";
-import { getCookiesPath, getSessionConfigDir, getStorageStatePath } from "./session-storage.js";
+import { getBrowserImportBlockPath, getCookiesPath, getSessionConfigDir, getStorageStatePath } from "./session-storage.js";
 test("session storage paths stay compatible with the historical StriderLabs location", () => {
     const configDir = join(homedir(), ".config", "striderlabs-mcp-doordash");
     assert.equal(getSessionConfigDir(), configDir);
     assert.equal(getCookiesPath(), join(configDir, "cookies.json"));
     assert.equal(getStorageStatePath(), join(configDir, "storage-state.json"));
+    assert.equal(getBrowserImportBlockPath(), join(configDir, "browser-import-blocked"));
 });

package/docs/examples.md

@@ -14,7 +14,7 @@ All commands print JSON.
 
 ## Session setup
 
-Install the matching Chromium build once if you do not already have it:
+If your environment does not already have the bundled Playwright runtime installed, install it once:
 
 ```bash
 doordash-cli install-browser
@@ -26,13 +26,13 @@ Check whether you already have reusable session state:
 doordash-cli auth-check
 ```
 
-If needed, launch Chromium for a one-time sign-in and save reusable state:
+If your saved local state is still valid, this exits immediately. Otherwise it tries to reuse a discoverable attachable signed-in browser session. A merely-open Chrome/Brave window is not automatically reusable unless the CLI can actually attach to it, so the fallback is a temporary Chromium login window the CLI can watch directly. In that temporary-browser fallback, the CLI keeps checking automatically and you can also press Enter in the terminal to force an immediate recheck once the page shows you are signed in:
 
 ```bash
 doordash-cli login
 ```
 
-Reset saved session state when you want a clean start:
+Reset saved session state when you want a clean logged-out start. This also disables passive browser-session reuse until your next explicit `doordash-cli login`:
 
 ```bash
 doordash-cli logout

package/docs/install.md

@@ -31,9 +31,9 @@ npm run cli -- --help
 
 If you stay in checkout mode, replace `doordash-cli` with `npm run cli --` in the examples below.
 
-## Install the browser once
+## Install the bundled runtime if needed
 
-If you plan to sign in with `login`, install the matching Playwright Chromium build:
+If your environment does not already have Playwright's bundled Chromium runtime installed, install it once:
 
 ### Global or linked install
 
@@ -47,6 +47,8 @@ doordash-cli install-browser
 npm run install:browser
 ```
 
+That runtime is used when the CLI needs a local browser, including the temporary login window fallback.
+
 ## First run
 
 ```bash
@@ -56,8 +58,16 @@ doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
 doordash-cli search --query sushi
 ```
 
-## Session reuse
+## Login and session reuse
+
+`doordash-cli login` reuses saved local auth when it is still valid. Otherwise it tries to import a discoverable attachable signed-in browser session. A merely-open Chrome/Brave window is not automatically reusable unless the CLI can actually attach to it. If no attachable session is available, it opens a temporary Chromium login window and saves the session there. If authentication still is not established, `login` exits non-zero.
+
+`doordash-cli auth-check` can also quietly import a discoverable attachable signed-in browser session unless `doordash-cli logout` disabled that auto-reuse.
+
+`doordash-cli logout` clears persisted cookies and stored browser state, then keeps passive browser-session reuse disabled until your next explicit `doordash-cli login` attempt.
+
+## Browser-session troubleshooting
 
-If you already have a compatible signed-in DoorDash managed-browser session available, direct commands may quietly reuse it instead of opening or navigating a DoorDash tab.
+Normally you should not need to think about browser plumbing. If `doordash-cli login` opens a temporary Chromium window, finish signing in there and let the CLI save the session. The CLI keeps checking automatically, and if the page already shows you are signed in but the command has not finished yet, press Enter in the terminal to force an immediate recheck.
 
-If not, run `doordash-cli login` once to save reusable state for later commands.
+If you expected reuse from another browser instead, make sure that browser exposes an attachable browser automation session the CLI can actually import. A merely-open browser window is not enough today, even if it is already your main browser.