halo-agent 1.2.2 → 1.3.1

package/browser.js

@@ -3,10 +3,19 @@
 const { chromium } = require('playwright');
 const { execSync, spawnSync, spawn } = require('child_process');
 const fs = require('fs');
+const path = require('path');
+const os = require('os');
 
 const CDP_PORT = 9222;
 const CDP_URL = `http://localhost:${CDP_PORT}`;
 
+// Dedicated user-data-dir for the agent's Chrome. Fully isolated from the
+// user's real Chrome so it can run side-by-side without profile-lock
+// collisions (which silently disable --remote-debugging-port). The
+// user logs into Workday / LinkedIn here ONCE on first run and the
+// session persists across runs because this dir is on disk, not /tmp.
+const AGENT_PROFILE_DIR = path.join(os.homedir(), '.halo-agent', 'chrome-profile');
+
 /**
  * Check if Chrome is already running with remote debugging on CDP_PORT.
  */
@@ -42,12 +51,22 @@ function findChromeMac() {
  */
 function launchChrome() {
   const platform = process.platform;
-  const flags = [
+
+  // Ensure the dedicated profile dir exists. Chrome will populate it on
+  // first launch (and persist cookies/logins there across runs).
+  try { fs.mkdirSync(AGENT_PROFILE_DIR, { recursive: true }); } catch {}
+
+  // Note: we use --user-data-dir (a full isolated dir), NOT --profile-directory
+  // (which is a sub-profile name inside the default user-data-dir and would
+  // still collide with the user's running Chrome and silently drop the
+  // --remote-debugging-port flag).
+  const baseFlags = [
     `--remote-debugging-port=${CDP_PORT}`,
-    '--profile-directory=Default',
+    `--user-data-dir=${AGENT_PROFILE_DIR}`,
     '--no-first-run',
     '--no-default-browser-check',
-  ].join(' ');
+    '--no-default-browser-check',
+  ];
 
   if (platform === 'darwin') {
     const chromePath = findChromeMac();
@@ -55,22 +74,11 @@ function launchChrome() {
       console.error('[halo-agent] Chrome not found. Install Google Chrome from https://www.google.com/chrome/');
       return;
     }
-    // CRITICAL: on macOS, spawning the Chrome executable directly while
-    // LaunchServices still has a Chrome instance registered (recent quit,
-    // dock icon still showing, etc.) causes the new launch to REACTIVATE
-    // the existing instance and silently DROP all --flags. Symptom: Chrome
-    // opens but without --remote-debugging-port, so the agent can never
-    // see it. `open -na` forces a fresh app instance and `--args` passes
-    // flags through reliably — this is the only correct way to launch
-    // Chrome with custom flags on macOS.
-    const splitFlags = [
-      `--remote-debugging-port=${CDP_PORT}`,
-      '--profile-directory=Default',
-      '--no-first-run',
-      '--no-default-browser-check',
-      '--restore-last-session',  // bring back the windows the user just had
-    ];
-    spawn('open', ['-na', chromePath, '--args', ...splitFlags], {
+    // `open -na` forces a fresh app instance (LaunchServices would otherwise
+    // reactivate the existing Chrome and drop our flags). Because we point
+    // at a dedicated --user-data-dir, this instance does NOT collide with
+    // the user's everyday Chrome — they can run side-by-side cleanly.
+    spawn('open', ['-na', chromePath, '--args', ...baseFlags], {
       detached: true,
       stdio: 'ignore',
     }).unref();
@@ -82,10 +90,12 @@ function launchChrome() {
     ];
     const chromePath = chromePaths.find(p => { try { fs.accessSync(p); return true; } catch { return false; } });
     if (!chromePath) { console.error('[halo-agent] Chrome not found on Windows.'); return; }
-    spawn(`"${chromePath}" ${flags}`, [], { shell: true, detached: true, stdio: 'ignore' }).unref();
+    const winFlags = baseFlags.map(f => f.includes(' ') ? `"${f}"` : f).join(' ');
+    spawn(`"${chromePath}" ${winFlags}`, [], { shell: true, detached: true, stdio: 'ignore' }).unref();
   } else {
     // Linux
-    spawn(`google-chrome ${flags}`, [], { shell: true, detached: true, stdio: 'ignore' }).unref();
+    const linuxFlags = baseFlags.map(f => f.includes(' ') ? `"${f}"` : f).join(' ');
+    spawn(`google-chrome ${linuxFlags}`, [], { shell: true, detached: true, stdio: 'ignore' }).unref();
   }
 }
 
@@ -166,11 +176,11 @@ async function connectToChrome(retries = 10, opts = {}) {
 
   console.log(''); // newline after dots
   throw new Error(
-    `Could not connect to Chrome after ${retries} attempts.\n` +
-    `Chrome may have launched without the --remote-debugging-port=9222 flag\n` +
-    `(macOS reactivates an existing Chrome instance and drops flags).\n` +
-    `Try: fully quit Chrome (Cmd+Q in every window + check the dock), then run:\n\n` +
-    `  halo-agent start\n`
+    `Could not connect to the agent's Chrome on port ${CDP_PORT} after ${retries} attempts.\n` +
+    `The agent uses an isolated Chrome profile at ${AGENT_PROFILE_DIR}.\n` +
+    `If a previous run is still alive, kill it:\n\n` +
+    `  pkill -f "user-data-dir=${AGENT_PROFILE_DIR}"\n\n` +
+    `Then run \`halo-agent start\` again.\n`
   );
 }
 

package/captcha.js

@@ -17,49 +17,56 @@ const CAPSOLVER_API = 'https://api.capsolver.com';
  * Returns { detected, type, sitekey, pageUrl }
  */
 async function detectCaptcha(page) {
+  // The pageUrl CapSolver wants is the top-level URL the user sees, not an
+  // inner iframe URL. Anchor it here so every branch returns the same thing.
+  const pageUrl = page.url();
+
   // First try the top-level frame via evaluate
   const topResult = await page.evaluate(() => {
-    // reCAPTCHA v2 via iframe src
+    // reCAPTCHA v2 via iframe src — also check size=invisible in the URL
     const rcFrame = document.querySelector('iframe[src*="recaptcha/api2"], iframe[src*="google.com/recaptcha"]');
     if (rcFrame) {
-      const match = (rcFrame.src || '').match(/[?&]k=([^&]+)/);
-      return { detected: true, type: 'recaptcha_v2', sitekey: match?.[1] || null, pageUrl: location.href };
+      const src = rcFrame.src || '';
+      const match = src.match(/[?&]k=([^&]+)/);
+      const isInvisible = /[?&]size=invisible/.test(src);
+      return { detected: true, type: 'recaptcha_v2', sitekey: match?.[1] || null, isInvisible };
     }
-    // reCAPTCHA via data-sitekey
+    // reCAPTCHA via data-sitekey — check data-size="invisible" on the element
     const rcEl = document.querySelector('.g-recaptcha[data-sitekey], [data-sitekey]:not(.h-captcha)');
     if (rcEl) {
-      return { detected: true, type: 'recaptcha_v2', sitekey: rcEl.getAttribute('data-sitekey'), pageUrl: location.href };
+      const isInvisible = rcEl.getAttribute('data-size') === 'invisible';
+      return { detected: true, type: 'recaptcha_v2', sitekey: rcEl.getAttribute('data-sitekey'), isInvisible };
     }
     // hCAPTCHA
     const hcEl = document.querySelector('.h-captcha[data-sitekey]');
     if (hcEl) {
-      return { detected: true, type: 'hcaptcha', sitekey: hcEl.getAttribute('data-sitekey'), pageUrl: location.href };
+      return { detected: true, type: 'hcaptcha', sitekey: hcEl.getAttribute('data-sitekey'), isInvisible: false };
     }
     const hcFrame = document.querySelector('iframe[src*="hcaptcha.com"]');
     if (hcFrame) {
       const match = (hcFrame.src || '').match(/[?&]sitekey=([^&]+)/);
-      return { detected: true, type: 'hcaptcha', sitekey: match?.[1] || null, pageUrl: location.href };
+      return { detected: true, type: 'hcaptcha', sitekey: match?.[1] || null, isInvisible: false };
     }
     // Cloudflare
     if (document.getElementById('cf-challenge-running') || document.querySelector('.cf-browser-verification')) {
-      return { detected: true, type: 'cloudflare', sitekey: null, pageUrl: location.href };
+      return { detected: true, type: 'cloudflare', sitekey: null, isInvisible: false };
     }
     return null;
   });
 
-  if (topResult) return topResult;
+  if (topResult) return { ...topResult, pageUrl };
 
-  // Search all frames for reCAPTCHA (Ashby loads it inside a sandboxed iframe)
-  const pageUrl = page.url();
+  // Search all frames for reCAPTCHA (Ashby/Greenhouse load it inside a sandboxed iframe)
   for (const frame of page.frames()) {
     if (frame === page.mainFrame()) continue;
     const frameSrc = frame.url();
 
-    // If the frame itself is a reCAPTCHA anchor frame, extract sitekey from its URL
+    // If the frame itself is a reCAPTCHA anchor frame, extract sitekey + invisible from URL
     if (frameSrc.includes('recaptcha/api2/anchor') || frameSrc.includes('recaptcha/enterprise/anchor')) {
       const match = frameSrc.match(/[?&]k=([^&]+)/);
+      const isInvisible = /[?&]size=invisible/.test(frameSrc);
       if (match) {
-        return { detected: true, type: 'recaptcha_v2', sitekey: match[1], pageUrl };
+        return { detected: true, type: 'recaptcha_v2', sitekey: match[1], pageUrl, isInvisible };
       }
     }
 
@@ -67,22 +74,29 @@ async function detectCaptcha(page) {
     try {
       const frameResult = await frame.evaluate(() => {
         const rcEl = document.querySelector('.g-recaptcha[data-sitekey], [data-sitekey]:not(.h-captcha)');
-        if (rcEl) return { sitekey: rcEl.getAttribute('data-sitekey'), type: 'recaptcha_v2' };
+        if (rcEl) {
+          return {
+            sitekey: rcEl.getAttribute('data-sitekey'),
+            type: 'recaptcha_v2',
+            isInvisible: rcEl.getAttribute('data-size') === 'invisible',
+          };
+        }
         const rcFrame = document.querySelector('iframe[src*="recaptcha"]');
         if (rcFrame) {
-          const match = (rcFrame.src || '').match(/[?&]k=([^&]+)/);
-          return match ? { sitekey: match[1], type: 'recaptcha_v2' } : null;
+          const src = rcFrame.src || '';
+          const match = src.match(/[?&]k=([^&]+)/);
+          return match ? { sitekey: match[1], type: 'recaptcha_v2', isInvisible: /[?&]size=invisible/.test(src) } : null;
         }
         return null;
       }).catch(() => null);
 
       if (frameResult?.sitekey) {
-        return { detected: true, type: frameResult.type, sitekey: frameResult.sitekey, pageUrl };
+        return { detected: true, type: frameResult.type, sitekey: frameResult.sitekey, pageUrl, isInvisible: !!frameResult.isInvisible };
       }
     } catch {}
   }
 
-  return { detected: false, type: null, sitekey: null, pageUrl };
+  return { detected: false, type: null, sitekey: null, pageUrl, isInvisible: false };
 }
 
 /**
@@ -101,21 +115,26 @@ async function solveCaptcha(captchaInfo, apiKey) {
     ? 'HCaptchaTaskProxyless'
     : 'ReCaptchaV2TaskProxyless';
 
-  console.log(`[captcha] Submitting ${taskType} task to CapSolver (sitekey: ${captchaInfo.sitekey.slice(0, 12)}...)`);
+  // CapSolver requires `isInvisible: true` for invisible reCAPTCHA — sending
+  // a normal v2 task for an invisible sitekey returns
+  // "Invalid input, please check captcha type or pageUrl and invisible".
+  const task = {
+    type: taskType,
+    websiteURL: captchaInfo.pageUrl,
+    websiteKey: captchaInfo.sitekey,
+  };
+  if (captchaInfo.type === 'recaptcha_v2' && captchaInfo.isInvisible) {
+    task.isInvisible = true;
+  }
+
+  console.log(`[captcha] Submitting ${taskType}${task.isInvisible ? ' (invisible)' : ''} task to CapSolver (sitekey: ${captchaInfo.sitekey.slice(0, 12)}..., url: ${captchaInfo.pageUrl})`);
 
   let taskId;
   try {
     const createRes = await fetch(`${CAPSOLVER_API}/createTask`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        clientKey: apiKey,
-        task: {
-          type: taskType,
-          websiteURL: captchaInfo.pageUrl,
-          websiteKey: captchaInfo.sitekey,
-        },
-      }),
+      body: JSON.stringify({ clientKey: apiKey, task }),
     });
     const createData = await createRes.json();
     if (createData.errorId !== 0) {

package/index.js

@@ -453,34 +453,16 @@ async function runStart() {
   console.log('\nHALO Agent starting...');
   console.log('Connecting to your Chrome browser...\n');
 
-  // Pre-check: Chrome must be running with --remote-debugging-port=9222 for
-  // CDP to work. If it's running WITHOUT that flag, Chrome can't have it
-  // added retroactively — it's a Chrome architecture limit. We offer to
-  // restart Chrome gracefully (preserves tabs via Chrome's "Continue where
-  // you left off" setting) and relaunch with the flag.
-  const { isChromeDebuggable } = require('./browser');
-  // weRestartedIt: tracks whether THIS process launched/restarted Chrome.
-  // When true, connectToChrome must NOT launch again — that's the double-
-  // launch bug that was spawning extra Chrome windows.
-  let weRestartedIt = false;
-  const alreadyDebuggable = await isChromeDebuggable();
-  if (!alreadyDebuggable) {
-    const needsRestart = await detectChromeRunningWithoutDebug();
-    if (needsRestart) {
-      const ok = await offerChromeRestart();
-      if (!ok) {
-        console.error('\nOK — leaving Chrome alone. Run `halo-agent start` again after you’ve quit Chrome.');
-        process.exit(1);
-      }
-      await restartChromeWithDebugFlag();
-      weRestartedIt = true;
-    }
-  }
-
+  // The agent runs its own isolated Chrome instance (separate --user-data-dir
+  // at ~/.halo-agent/chrome-profile) so it never collides with the user's
+  // everyday Chrome. First launch will be a blank profile — the user logs
+  // into Workday / LinkedIn ONCE in the agent's Chrome and those sessions
+  // persist across runs. No need to detect or restart the user's Chrome.
   let chromeConn;
   try {
-    chromeConn = await connectToChrome(10, { skipLaunch: weRestartedIt });
+    chromeConn = await connectToChrome(10);
     console.log('\nConnected to Chrome. Polling for queued jobs...');
+    console.log('First time? Log into Workday/LinkedIn in this Chrome window — sessions persist.');
     console.log('Go to your HALO dashboard and click "Auto-Apply" on any job.\n');
   } catch (err) {
     console.error('\nCould not connect to Chrome:', err.message);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "halo-agent",
-  "version": "1.2.2",
+  "version": "1.3.1",
   "description": "HALO local apply agent — auto-fills job applications using your real Chrome session",
   "main": "index.js",
   "bin": {