granclaw 0.0.1-beta.3 → 0.0.1-beta.31

package/dist/backend/agent/runner-pi.js

@@ -62,7 +62,7 @@ function resolveTemplatesDir() {
 // ── bootstrapWorkspace ───────────────────────────────────────────────────────
 // Pi-specific workspace bootstrap: uses AGENT.md and .agent/skills/ instead of
 // the Claude-specific CLAUDE.md and .claude/skills/ paths.
-function bootstrapWorkspace(workspaceDir) {
+function bootstrapWorkspace(workspaceDir, agentId) {
     fs_1.default.mkdirSync(workspaceDir, { recursive: true });
     // AGENT.md — prefer AGENT.md, fall back to CLAUDE.md for existing workspaces
     const agentMd = path_1.default.join(workspaceDir, 'AGENT.md');
@@ -71,13 +71,13 @@ function bootstrapWorkspace(workspaceDir) {
         const template = path_1.default.join(resolveTemplatesDir(), 'AGENT.onboarding.md');
         if (fs_1.default.existsSync(template)) {
             // Stamp agent ID and system timezone so the agent never needs to ask
-            const agentId = path_1.default.basename(workspaceDir);
+            const workspaceName = path_1.default.basename(workspaceDir);
             const timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
             const content = fs_1.default.readFileSync(template, 'utf8')
-                .replace(/YOUR_AGENT_ID/g, agentId)
+                .replace(/YOUR_AGENT_ID/g, workspaceName)
                 .replace(/GRANCLAW_TIMEZONE/g, timezone);
             fs_1.default.writeFileSync(agentMd, content);
-            console.log(`[runner-pi] wrote AGENT.md to ${workspaceDir} (agentId=${agentId})`);
+            console.log(`[runner-pi] wrote AGENT.md to ${workspaceDir} (agentId=${agentId ?? workspaceName})`);
         }
     }
     // .mcp.json — prevent inheriting host MCP servers
@@ -133,13 +133,13 @@ function bootstrapWorkspace(workspaceDir) {
     // Sessions directory for pi JSONL session files
     fs_1.default.mkdirSync(path_1.default.join(workspaceDir, '.pi-sessions'), { recursive: true });
     // Default vault housekeeping schedule
-    const agentId = path_1.default.basename(workspaceDir);
+    const scheduleAgentId = agentId ?? path_1.default.basename(workspaceDir);
     try {
-        const existing = (0, schedules_db_js_1.listSchedules)(agentId);
+        const existing = (0, schedules_db_js_1.listSchedules)(scheduleAgentId);
         if (!existing.some(s => s.name === 'Vault housekeeping')) {
             const cron = '30 23 * * *';
             const nextRun = (0, cron_parser_1.parseExpression)(cron, { tz: 'Asia/Singapore' }).next().getTime();
-            (0, schedules_db_js_1.createSchedule)(agentId, {
+            (0, schedules_db_js_1.createSchedule)(scheduleAgentId, {
                 name: 'Vault housekeeping',
                 message: [
                     'Daily vault housekeeping. Use your built-in tools only — no scripts, no bash commands.',
@@ -186,7 +186,7 @@ function bootstrapWorkspace(workspaceDir) {
                 timezone: 'Asia/Singapore',
                 nextRun,
             });
-            console.log(`[runner-pi] created default vault housekeeping schedule for ${agentId}`);
+            console.log(`[runner-pi] created default vault housekeeping schedule for ${scheduleAgentId}`);
         }
     }
     catch { /* schedules DB may not be ready yet */ }
@@ -219,9 +219,17 @@ function providerEnvKey(provider) {
         mistral: 'MISTRAL_API_KEY',
         cerebras: 'CEREBRAS_API_KEY',
         openrouter: 'OPENROUTER_API_KEY',
+        // freetier routes through the enterprise proxy (OpenAI-compatible) using the same env var
+        freetier: 'OPENROUTER_API_KEY',
     };
     return keys[provider] ?? `${provider.toUpperCase()}_API_KEY`;
 }
+// "freetier" is an enterprise-managed provider that proxies through our internal LLM gateway.
+// Pi-ai doesn't know "freetier", so we resolve it to "openrouter" for model lookup,
+// then override the baseUrl to point at the proxy.
+function resolvePiProvider(provider) {
+    return provider === 'freetier' ? 'openrouter' : provider;
+}
 // ── Agent name extraction ────────────────────────────────────────────────────
 function extractAgentName(workspaceDir) {
     // Check AGENT.md first (pi runner), fall back to CLAUDE.md (legacy)
@@ -250,7 +258,7 @@ function getLanIp() {
 async function runAgent(agent, message, onChunk, options) {
     const workspaceDir = path_1.default.resolve(config_js_1.REPO_ROOT, agent.workspaceDir);
     const channelId = options?.channelId ?? 'ui';
-    bootstrapWorkspace(workspaceDir);
+    bootstrapWorkspace(workspaceDir, agent.id);
     // Browser session state — captured by closure in the `browser` tool and
     // finalized in the finally block. Null means the agent never touched the
     // browser this turn, so there's nothing to clean up.
@@ -295,14 +303,21 @@ async function runAgent(agent, message, onChunk, options) {
         // getModel() expects KnownProvider literals at the type level, but our
         // provider string comes from runtime config. The cast is safe — getModel()
         // returns undefined for unknown provider/model combos, which we handle below.
-        const model = getModel(providerCfg.provider, modelId);
-        if (!model) {
+        // resolvePiProvider maps display-only providers (e.g. "freetier") to their
+        // underlying pi-ai provider ("openrouter") for model lookup.
+        const piProvider = resolvePiProvider(providerCfg.provider);
+        const rawModel = getModel(piProvider, modelId);
+        if (!rawModel) {
             onChunk({
                 type: 'error',
                 message: `Model "${modelId}" not found for provider "${providerCfg.provider}". Check Settings.`,
             });
             return;
         }
+        // For managed providers (e.g. "freetier"), override the baseUrl so requests
+        // are routed through the enterprise LLM proxy instead of the upstream directly.
+        const baseUrlOverride = (0, providers_config_js_1.getProviderBaseUrl)(providerCfg.provider);
+        const model = baseUrlOverride ? { ...rawModel, baseUrl: baseUrlOverride } : rawModel;
         // Inject the API key into the env so pi-ai's credential chain picks it up.
         // Done here (after model guard) so the finally block always restores it.
         envKey = providerEnvKey(providerCfg.provider);
@@ -760,8 +775,14 @@ async function runAgent(agent, message, onChunk, options) {
                         };
                     }
                     const token = (0, crypto_1.randomUUID)();
-                    const frontendPort = process.env.FRONTEND_PORT ?? process.env.PORT ?? '5173';
-                    const takeoverUrl = `http://${getLanIp()}:${frontendPort}/takeover/${token}`;
+                    // GRANCLAW_PUBLIC_URL overrides LAN-IP detection for cloud/enterprise deployments
+                    // (e.g. https://myslug.host.granclaw.com). Falls back to LAN IP for local use.
+                    const takeoverUrl = process.env.GRANCLAW_PUBLIC_URL
+                        ? `${process.env.GRANCLAW_PUBLIC_URL.replace(/\/$/, '')}/takeover/${token}`
+                        : (() => {
+                            const frontendPort = process.env.FRONTEND_PORT ?? process.env.PORT ?? '5173';
+                            return `http://${getLanIp()}:${frontendPort}/takeover/${token}`;
+                        })();
                     (0, takeover_state_js_1.setTakeover)(agent.id, {
                         agentId: agent.id,
                         channelId,
@@ -981,6 +1002,13 @@ async function runAgent(agent, message, onChunk, options) {
                 await (0, session_manager_js_1.finalizeSession)(browserState.handle, 'closed');
             }
             catch { /* best effort */ }
+            // Navigate back to about:blank to release the current site's resources
+            // (memory, service workers, open connections) while keeping the daemon alive.
+            try {
+                const bin = process.env.AGENT_BROWSER_BIN ?? 'agent-browser';
+                await execFileAsync(bin, ['--session', agent.id, 'open', 'about:blank'], { cwd: workspaceDir, timeout: 5000 });
+            }
+            catch { /* best effort */ }
         }
         // Restore env var only if it was injected (envKey is set only after model guard)
         if (envKey !== undefined) {

package/dist/backend/app-config.js

@@ -0,0 +1,30 @@
+"use strict";
+// packages/backend/src/app-config.ts
+//
+// Enterprise UI overrides. Reads config-app.json from GRANCLAW_HOME.
+// If the file is absent (standard install), all flags default to true (show everything).
+// Enterprise control seeds this file at provision time to restrict certain UI elements.
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAppConfig = getAppConfig;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const config_js_1 = require("./config.js");
+const CONFIG_APP_PATH = path_1.default.join(config_js_1.GRANCLAW_HOME, 'config-app.json');
+const DEFAULTS = {
+    showWorkspaceDirConfig: true,
+    showBraveSearchConfig: true,
+};
+function getAppConfig() {
+    try {
+        const envPath = process.env.APP_CONFIG_PATH?.trim();
+        const p = envPath ? path_1.default.resolve(envPath) : CONFIG_APP_PATH;
+        const raw = JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+        return { ...DEFAULTS, ...raw };
+    }
+    catch {
+        return { ...DEFAULTS };
+    }
+}

package/dist/backend/assets/stealth-extension/stealth.js

@@ -217,4 +217,154 @@
       return result.replace(/at .*puppeteer_evaluation_script.*\n?/g, '');
     };
   });
+
+  // ── 10. navigator.userAgent — strip HeadlessChrome ─────────────────────
+  // Headless Chrome embeds "HeadlessChrome/" in the UA string instead of
+  // "Chrome/". Primary fix is Emulation.setUserAgentOverride via CDP (applied
+  // in stealth.ts before this script runs). This JS patch is a belt-and-braces
+  // fallback covering any reads that bypass the CDP override.
+  // Two-level attempt: prototype first (cleanest), then instance-level if the
+  // prototype property is non-configurable (Chrome 120+ tightened this).
+  safe(() => {
+    const realUA = navigator.userAgent.replace('HeadlessChrome/', 'Chrome/');
+    if (realUA === navigator.userAgent) return; // CDP override already applied — no-op
+    try {
+      Object.defineProperty(Navigator.prototype, 'userAgent', {
+        get: () => realUA,
+        configurable: true,
+      });
+    } catch (_) {
+      // Prototype descriptor is non-configurable — fall back to instance property
+      Object.defineProperty(navigator, 'userAgent', {
+        get: () => realUA,
+        configurable: true,
+      });
+    }
+  });
+
+  // ── 11. navigator.userAgentData — Client Hints API ─────────────────────
+  // The modern Client Hints UA API also leaks "Headless" in its brand list.
+  // Patch brands to strip the "Headless" prefix so sites using getHighEntropyValues
+  // or brands directly see a normal Chrome brand string.
+  safe(() => {
+    if (typeof navigator.userAgentData === 'undefined') return;
+    const uad = navigator.userAgentData;
+    const brands = (uad.brands || []).map((b) => ({
+      brand: b.brand.replace(/^Headless/i, ''),
+      version: b.version,
+    }));
+    const patchedUad = new Proxy(uad, {
+      get(target, prop) {
+        if (prop === 'brands') return brands;
+        if (prop === 'mobile') return false;
+        const val = Reflect.get(target, prop);
+        return typeof val === 'function' ? val.bind(target) : val;
+      },
+    });
+    try {
+      Object.defineProperty(Navigator.prototype, 'userAgentData', {
+        get: () => patchedUad,
+        configurable: true,
+      });
+    } catch (_) {
+      Object.defineProperty(navigator, 'userAgentData', {
+        get: () => patchedUad,
+        configurable: true,
+      });
+    }
+  });
+
+  // ── 12. navigator.deviceMemory ──────────────────────────────────────────
+  // Headless Chrome may expose the host's actual RAM or a low default.
+  // Spoofing 8 GB matches the most common desktop tier and avoids leaking
+  // the container/VM memory footprint to fingerprinting scripts.
+  safe(() => {
+    try {
+      Object.defineProperty(Navigator.prototype, 'deviceMemory', {
+        get: () => 8,
+        configurable: true,
+      });
+    } catch (_) {
+      Object.defineProperty(navigator, 'deviceMemory', {
+        get: () => 8,
+        configurable: true,
+      });
+    }
+  });
+
+  // ── 12b. performance.memory (CHR_MEMORY) ───────────────────────────────
+  // Sannysoft's CHR_MEMORY test reads performance.memory — the non-standard
+  // V8 heap API. It is disabled by default in headless Chrome (returns undefined).
+  // We enable it at the Chrome level via --enable-precise-memory-info, but also
+  // define it here as a belt-and-braces fallback. Do NOT guard on !performance.memory
+  // — the whole point is to make it exist when it otherwise wouldn't.
+  safe(() => {
+    if (typeof performance === 'undefined') return;
+    const fakeMem = {
+      jsHeapSizeLimit:  2172649472, // ~2 GB — typical 64-bit Chrome desktop
+      totalJSHeapSize:   67108864,  // 64 MB used
+      usedJSHeapSize:    23068672,  // 22 MB live
+    };
+    try {
+      Object.defineProperty(performance, 'memory', {
+        get: () => fakeMem,
+        configurable: true,
+        enumerable: true,
+      });
+    } catch (_) { /* already defined and non-configurable — --enable-precise-memory-info handles it */ }
+  });
+
+  // ── 13. screen dimensions ───────────────────────────────────────────────
+  // Headless Chrome defaults to 800×600 which is trivially detected.
+  // Spoof a common 1920×1080 desktop resolution.
+  safe(() => {
+    const W = 1920, H = 1080;
+    const props = {
+      width:       { get: () => W, configurable: true },
+      height:      { get: () => H, configurable: true },
+      availWidth:  { get: () => W, configurable: true },
+      availHeight: { get: () => H - 40, configurable: true }, // taskbar ~40px
+      colorDepth:  { get: () => 24, configurable: true },
+      pixelDepth:  { get: () => 24, configurable: true },
+    };
+    Object.defineProperties(Screen.prototype, props);
+  });
+
+  // ── 14. Canvas fingerprint noise ────────────────────────────────────────
+  // Sites call toDataURL() or getImageData() on a hidden canvas and hash the
+  // result. The hash is deterministic per GPU/driver combination — headless
+  // SwiftShader produces a known fingerprint. Adding sub-pixel noise to each
+  // getImageData call makes the hash unique per session while remaining
+  // visually imperceptible.
+  safe(() => {
+    const origGetImageData = CanvasRenderingContext2D.prototype.getImageData;
+    CanvasRenderingContext2D.prototype.getImageData = function (x, y, w, h) {
+      const imageData = origGetImageData.call(this, x, y, w, h);
+      const data = imageData.data;
+      // XOR the last byte of every 4th pixel with a session-stable noise value
+      // so the fingerprint changes across sessions but is stable within one.
+      const noise = (Math.random() * 10 + 1) | 0; // 1–10, chosen once per page
+      for (let i = 3; i < data.length; i += 4 * 50) { // every 50th pixel's alpha
+        data[i] = Math.max(0, Math.min(255, data[i] ^ noise));
+      }
+      return imageData;
+    };
+  });
+
+  // ── 15. AudioContext fingerprint noise ──────────────────────────────────
+  // AudioContext.createOscillator + OfflineAudioContext rendering produces a
+  // deterministic output that fingerprinters hash. Patching getChannelData to
+  // add imperceptible noise breaks the hash without affecting audible output.
+  safe(() => {
+    const origGetChannelData = AudioBuffer.prototype.getChannelData;
+    AudioBuffer.prototype.getChannelData = function (channel) {
+      const channelData = origGetChannelData.call(this, channel);
+      if (channelData.length > 0) {
+        // Perturb a single sample by a sub-perceptible amount
+        const idx = channelData.length >> 1;
+        channelData[idx] += (Math.random() - 0.5) * 1e-7;
+      }
+      return channelData;
+    };
+  });
 })();

package/dist/backend/browser/stealth.js

@@ -2,25 +2,28 @@
 /**
  * stealth.ts
  *
- * Central place where we build the agent-browser launch flags that hide
- * automation fingerprints. Two levers, both applied when available:
+ * Builds the agent-browser launch flags that hide automation fingerprints.
  *
- *   1. --extension <path>       loads the GranClaw stealth Chrome extension
- *                               which patches navigator.webdriver and friends
- *                               at document_start, before any page script runs.
+ *   stealthArgv() returns an argv fragment for the `agent-browser` boot command:
  *
- *   2. --executable-path <path> points agent-browser at the user's real
- *                               Google Chrome install (macOS/Linux/Windows)
- *                               instead of the Chromium it downloads itself.
- *                               Real Chrome is less flagged by Google/Cloudflare
- *                               than Chromium for generic fingerprint reasons.
+ *   --args --load-extension=<dir>
+ *     Loads the GranClaw stealth MV3 extension. The extension content script
+ *     runs at document_start in world=MAIN — before any page JS — patching
+ *     navigator.webdriver, UA, plugins, WebGL, canvas, audio, and more.
+ *     Works in Chrome 112+ new headless mode without a display (no Xvfb needed).
  *
- * Both are best-effort: if the extension directory is missing or Chrome isn't
- * installed we simply skip that flag. Callers always get back a flat argv
- * fragment they can spread into their existing spawn line.
+ *   --args --enable-extensions
+ *     Required to activate extension loading in headless mode.
  *
- * Override hooks for users who want to pin a specific Chrome:
- *   GRANCLAW_STEALTH_DISABLED=1           → no flags at all
+ *   --args --disable-blink-features=AutomationControlled
+ *     Removes navigator.webdriver = true at the Chrome level, the #1 signal.
+ *
+ *   --executable-path <path>
+ *     Uses real installed Chrome/Chromium instead of Playwright's bundled
+ *     build (less fingerprinted).
+ *
+ * Override hooks:
+ *   GRANCLAW_STEALTH_DISABLED=1           → no-op
  *   GRANCLAW_CHROME_PATH=/abs/path/chrome → force a specific binary
  */
 var __importDefault = (this && this.__importDefault) || function (mod) {
@@ -32,16 +35,13 @@ exports.stealthArgv = stealthArgv;
 exports.__resetStealthCacheForTests = __resetStealthCacheForTests;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
+const child_process_1 = require("child_process");
+// ── Extension dir ─────────────────────────────────────────────────────────────
 /**
  * Resolve the stealth-extension directory across three layouts:
- *
  *   - dev (tsx src):        packages/backend/src/browser/      → ../../assets/stealth-extension
  *   - backend standalone:   packages/backend/dist/browser/     → ../../assets/stealth-extension
- *   - cli bundled publish:  packages/cli/dist/backend/browser/ → ../../assets/stealth-extension
- *                                                              OR ../assets/stealth-extension
- *
- * We probe both candidates and take the first that exists so the helper is
- * layout-agnostic. Callers fall back gracefully when none resolve.
+ *   - cli bundled publish:  packages/cli/dist/backend/browser/ → ../assets/stealth-extension
  */
 function resolveExtensionDir() {
     const candidates = [
@@ -54,17 +54,13 @@ function resolveExtensionDir() {
     }
     return null;
 }
-const STEALTH_EXTENSION_DIR = resolveExtensionDir();
-exports.STEALTH_EXTENSION_DIR = STEALTH_EXTENSION_DIR;
-/**
- * Probe a list of well-known Chrome install paths and return the first that
- * exists. Resolved once per process to keep the per-launch cost at zero.
- */
+exports.STEALTH_EXTENSION_DIR = resolveExtensionDir();
+// ── Chrome binary detection + UA derivation ───────────────────────────────────
 let cachedChromePath;
 function detectChromePath() {
     if (cachedChromePath !== undefined)
         return cachedChromePath;
-    const override = process.env.GRANCLAW_CHROME_PATH;
+    const override = process.env.GRANCLAW_CHROME_PATH || process.env.AGENT_BROWSER_CHROME_PATH;
     if (override && fs_1.default.existsSync(override)) {
         cachedChromePath = override;
         return override;
@@ -104,26 +100,70 @@ function detectChromePath() {
     return null;
 }
 /**
- * Return the argv fragment to pass to `agent-browser` on the command that
- * boots the daemon. agent-browser ignores launch flags on subsequent calls
- * to an already-running daemon, so these must land on the first command.
+ * Detect the installed Chrome/Chromium version and return a non-headless UA string.
+ * e.g. "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
  *
- * The caller splices the result into its own argv — e.g.:
- *
- *   const argv = ['--session', agentId, ...stealthArgv(), 'open', url];
+ * Returns null if Chrome can't be found or version can't be parsed.
+ */
+let cachedChromeUA;
+function detectChromeUA() {
+    if (cachedChromeUA !== undefined)
+        return cachedChromeUA;
+    const override = process.env.GRANCLAW_STEALTH_UA;
+    if (override) {
+        cachedChromeUA = override;
+        return override;
+    }
+    const chromePath = detectChromePath();
+    if (!chromePath) {
+        cachedChromeUA = null;
+        return null;
+    }
+    try {
+        const output = (0, child_process_1.execFileSync)(chromePath, ['--version'], { encoding: 'utf8', timeout: 5000 });
+        // "Chromium 147.0.7280.66 built on Debian..." or "Google Chrome 120.0.6099.109"
+        const match = output.match(/(\d+)\.\d+\.\d+\.\d+/);
+        if (!match) {
+            cachedChromeUA = null;
+            return null;
+        }
+        const major = match[1];
+        const platform = process.platform === 'darwin'
+            ? 'Macintosh; Intel Mac OS X 10_15_7'
+            : 'X11; Linux x86_64';
+        cachedChromeUA = `Mozilla/5.0 (${platform}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${major}.0.0.0 Safari/537.36`;
+        return cachedChromeUA;
+    }
+    catch {
+        cachedChromeUA = null;
+        return null;
+    }
+}
+// ── argv builder ──────────────────────────────────────────────────────────────
+/**
+ * Return the argv fragment for the `agent-browser` boot command.
+ * Spread into the argv before the subcommand, e.g.:
+ *   agent-browser --session <id> ...stealthArgv() open about:blank
  */
 function stealthArgv() {
-    // DISABLED 2026-04-11: the stealth extension / real-Chrome swap was
-    // producing buggy behaviour in agent browser sessions. Keep the code
-    // in place so we can re-enable with one edit once we understand why.
-    // Set GRANCLAW_STEALTH_ENABLED=1 to opt back in.
-    if (process.env.GRANCLAW_STEALTH_ENABLED !== '1')
-        return [];
     if (process.env.GRANCLAW_STEALTH_DISABLED === '1')
         return [];
-    const argv = [];
-    if (STEALTH_EXTENSION_DIR) {
-        argv.push('--extension', STEALTH_EXTENSION_DIR);
+    const argv = [
+        '--args', '--disable-blink-features=AutomationControlled',
+        '--args', '--enable-extensions',
+        // Enable the V8 heap memory API (performance.memory) — disabled by default in headless.
+        '--args', '--enable-precise-memory-info',
+    ];
+    // Override the UA at the Chrome level. navigator.userAgent in Chrome 120+ has
+    // a non-configurable prototype property that JS Object.defineProperty cannot
+    // patch — the only reliable fix is to set it before the browser starts.
+    const ua = detectChromeUA();
+    if (ua) {
+        argv.push('--args', `--user-agent=${ua}`);
+    }
+    if (exports.STEALTH_EXTENSION_DIR) {
+        argv.push('--args', `--load-extension=${exports.STEALTH_EXTENSION_DIR}`);
+        argv.push('--args', `--disable-extensions-except=${exports.STEALTH_EXTENSION_DIR}`);
     }
     const chrome = detectChromePath();
     if (chrome) {
@@ -131,10 +171,9 @@ function stealthArgv() {
     }
     return argv;
 }
-/**
- * Test-only hook to reset the Chrome-path cache between tests.
- * @internal
- */
+// ── Test helpers ──────────────────────────────────────────────────────────────
+/** @internal */
 function __resetStealthCacheForTests() {
     cachedChromePath = undefined;
+    cachedChromeUA = undefined;
 }

package/dist/backend/data-db.js

@@ -85,14 +85,6 @@ function getDataDb() {
     CREATE INDEX IF NOT EXISTS idx_takeovers_agent
       ON takeovers (agent_id);
 
-    -- ── secrets table ──────────────────────────────────────────────────────
-    CREATE TABLE IF NOT EXISTS secrets (
-      agent_id    TEXT NOT NULL,
-      name        TEXT NOT NULL,
-      value       TEXT NOT NULL,
-      created_at  INTEGER NOT NULL DEFAULT (unixepoch()),
-      PRIMARY KEY (agent_id, name)
-    );
   `);
     _db = db;
     return db;

package/dist/backend/index.js

@@ -8,6 +8,7 @@ const net_1 = __importDefault(require("net"));
 const server_js_1 = require("./orchestrator/server.js");
 const agent_manager_js_1 = require("./orchestrator/agent-manager.js");
 const scheduler_js_1 = require("./scheduler.js");
+const telemetry_js_1 = require("./telemetry.js");
 const PORT = Number(process.env.PORT ?? 3001);
 function checkPortAvailable(port, label) {
     return new Promise((resolve, reject) => {
@@ -40,6 +41,8 @@ async function preflight() {
 }
 preflight()
     .then(() => {
+    (0, telemetry_js_1.initTelemetry)();
+    (0, telemetry_js_1.capture)('server_started', { port: PORT, nodeVersion: process.version });
     (0, agent_manager_js_1.startAllAgents)();
     (0, scheduler_js_1.startScheduler)();
     const server = (0, server_js_1.createServer)();
@@ -51,3 +54,5 @@ preflight()
     console.error(err.message);
     process.exit(1);
 });
+process.on('SIGTERM', () => { void (0, telemetry_js_1.shutdownTelemetry)(); });
+process.on('SIGINT', () => { void (0, telemetry_js_1.shutdownTelemetry)(); });

package/dist/backend/orchestrator/agent-manager.js

@@ -110,7 +110,8 @@ function spawnAgent(agent, wsPort) {
     const isTs = __filename.endsWith('.ts');
     const ext = isTs ? '.ts' : '.js';
     const agentScript = path_1.default.resolve(__dirname, `../agent/process${ext}`);
-    const secrets = (0, secrets_vault_js_1.getSecrets)(agent.id);
+    const workspaceDir = path_1.default.resolve(config_js_1.REPO_ROOT, agent.workspaceDir);
+    const secrets = (0, secrets_vault_js_1.getSecrets)(workspaceDir);
     const secretKeys = Object.keys(secrets);
     if (secretKeys.length > 0) {
         console.log(`[orchestrator] injecting ${secretKeys.length} secrets into agent "${agent.id}": ${secretKeys.join(', ')}`);

package/dist/backend/orchestrator/browser-live.js

@@ -39,6 +39,9 @@ const http_1 = __importDefault(require("http"));
 const ws_1 = require("ws");
 const child_process_1 = require("child_process");
 const util_1 = require("util");
+const stealth_js_1 = require("../browser/stealth.js");
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
 const execFileAsync = (0, util_1.promisify)(child_process_1.execFile);
 const TAB_POLL_INTERVAL_MS = 2000;
 /**
@@ -261,6 +264,57 @@ function pickCdpPageForTab(pages, activeUrl) {
     const real = pages.filter((p) => !isInert(p.url));
     return real.length > 0 ? real[real.length - 1] : pages[pages.length - 1];
 }
+/**
+ * Lazily read stealth.js once and cache it. Returns null if the extension
+ * directory is missing (e.g. the package wasn't installed with assets).
+ */
+let cachedStealthScript;
+function readStealthScript() {
+    if (cachedStealthScript !== undefined)
+        return cachedStealthScript;
+    if (!stealth_js_1.STEALTH_EXTENSION_DIR) {
+        cachedStealthScript = null;
+        return null;
+    }
+    const scriptPath = path_1.default.join(stealth_js_1.STEALTH_EXTENSION_DIR, 'stealth.js');
+    try {
+        cachedStealthScript = fs_1.default.readFileSync(scriptPath, 'utf-8');
+    }
+    catch {
+        cachedStealthScript = null;
+    }
+    return cachedStealthScript;
+}
+/**
+ * Inject the stealth patches on an already-open CDP WebSocket. Uses the
+ * stream's cdpMessageId counter so IDs stay monotonically increasing.
+ *
+ * Two commands:
+ *   - Page.addScriptToEvaluateOnNewDocument — persists across navigations
+ *   - Runtime.evaluate                       — applies to the current document immediately
+ *
+ * Best-effort: silently skipped when stealth is disabled or the script is unavailable.
+ */
+function injectStealthOnPage(chromeWs, stream) {
+    if (process.env.GRANCLAW_STEALTH_DISABLED === '1')
+        return;
+    const script = readStealthScript();
+    if (!script)
+        return;
+    try {
+        chromeWs.send(JSON.stringify({
+            id: ++stream.cdpMessageId,
+            method: 'Page.addScriptToEvaluateOnNewDocument',
+            params: { source: script },
+        }));
+        chromeWs.send(JSON.stringify({
+            id: ++stream.cdpMessageId,
+            method: 'Runtime.evaluate',
+            params: { expression: script, returnByValue: false },
+        }));
+    }
+    catch { /* ws closed between open and send — ignore */ }
+}
 /**
  * Attach to a specific CDP page target and begin screencasting. Called on
  * initial attach and again whenever we need to rebind to a new tab.
@@ -278,6 +332,9 @@ function attachPageCdp(stream, page) {
             catch { }
             return;
         }
+        // Inject stealth patches on every page attach — works headlessly via CDP,
+        // no display or extension loader needed.
+        injectStealthOnPage(chromeWs, stream);
         chromeWs.send(JSON.stringify({
             id: ++stream.cdpMessageId,
             method: 'Page.startScreencast',