imperium-crawl 1.5.2 → 2.0.0

package/dist/constants.d.ts

@@ -1,5 +1,5 @@
 export declare const PACKAGE_NAME = "imperium-crawl";
-export declare const PACKAGE_VERSION = "1.5.1";
+export declare const PACKAGE_VERSION = "2.0.0";
 export declare const DEFAULT_TIMEOUT_MS = 30000;
 export declare const DEFAULT_MAX_PAGES = 10;
 export declare const DEFAULT_MAX_DEPTH = 2;
@@ -36,4 +36,5 @@ export declare const MAX_DURATION_SECONDS = 300;
 export declare const MAX_TIMEOUT_MS = 300000;
 export declare const MAX_SELECTOR_KEYS = 50;
 export declare const MAX_CRAWL_CONTENT_PER_PAGE = 102400;
+export declare const MAX_STORED_SNAPSHOTS = 100;
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY,mBAAmB,CAAC;AAC7C,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC,eAAO,MAAM,kBAAkB,QAAS,CAAC;AACzC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,iBAAiB,IAAI,CAAC;AACnC,eAAO,MAAM,mBAAmB,IAAI,CAAC;AACrC,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,eAAO,MAAM,eAAe,oBAAoB,CAAC;AACjD,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,eAAe,aAAa,CAAC;AAC1C,eAAO,MAAM,WAAW,SAAS,CAAC;AAElC,eAAO,MAAM,cAAc,wCAAwC,CAAC;AAEpE,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAC3C,eAAO,MAAM,+BAA+B,SAAU,CAAC;AAEvD,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAI/C,eAAO,MAAM,YAAY,EAAE,MAAM,EAgBhC,CAAC;AAEF,eAAO,MAAM,gBAAgB;;;CAAgC,CAAC;AAE9D,eAAO,MAAM,kBAAkB,MAAM,CAAC;AACtC,eAAO,MAAM,kBAAkB,OAAO,CAAC;AAEvC,eAAO,MAAM,sBAAsB,IAAI,CAAC;AAIxC,eAAO,MAAM,iBAAiB,QAAS,CAAC;AACxC,eAAO,MAAM,eAAe,UAAY,CAAC;AACzC,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AACtC,eAAO,MAAM,mBAAmB,OAAQ,CAAC;AACzC,eAAO,MAAM,cAAc,OAAQ,CAAC;AACpC,eAAO,MAAM,SAAS,MAAM,CAAC;AAC7B,eAAO,MAAM,QAAQ,QAAS,CAAC;AAC/B,eAAO,MAAM,SAAS,OAAQ,CAAC;AAC/B,eAAO,MAAM,YAAY,OAAQ,CAAC;AAClC,eAAO,MAAM,eAAe,KAAK,CAAC;AAClC,eAAO,MAAM,gBAAgB,MAAM,CAAC;AACpC,eAAO,MAAM,oBAAoB,MAAM,CAAC;AACxC,eAAO,MAAM,cAAc,SAAU,CAAC;AACtC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,0BAA0B,SAAU,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY,mBAAmB,CAAC;AAC7C,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC,eAAO,MAAM,kBAAkB,QAAS,CAAC;AACzC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,iBAAiB,IAAI,CAAC;AACnC,eAAO,MAAM,mBAAmB,IAAI,CAAC;AACrC,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,eAAO,MAAM,eAAe,oBAAoB,CAAC;AACjD,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,eAAe,aAAa,CAAC;AAC1C,eAAO,MAAM,WAAW,SAAS,CAAC;AAElC,eAAO,MAAM,cAAc,wCAAwC,CAAC;AAEpE,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAC3C,eAAO,MAAM,+BAA+B,SAAU,CAAC;AAEvD,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAI/C,eAAO,MAAM,YAAY,EAAE,MAAM,EAgBhC,CAAC;AAEF,eAAO,MAAM,gBAAgB;;;CAAgC,CAAC;AAE9D,eAAO,MAAM,kBAAkB,MAAM,CAAC;AACtC,eAAO,MAAM,kBAAkB,OAAO,CAAC;AAEvC,eAAO,MAAM,sBAAsB,IAAI,CAAC;AAIxC,eAAO,MAAM,iBAAiB,QAAS,CAAC;AACxC,eAAO,MAAM,eAAe,UAAY,CAAC;AACzC,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AACtC,eAAO,MAAM,mBAAmB,OAAQ,CAAC;AACzC,eAAO,MAAM,cAAc,OAAQ,CAAC;AACpC,eAAO,MAAM,SAAS,MAAM,CAAC;AAC7B,eAAO,MAAM,QAAQ,QAAS,CAAC;AAC/B,eAAO,MAAM,SAAS,OAAQ,CAAC;AAC/B,eAAO,MAAM,YAAY,OAAQ,CAAC;AAClC,eAAO,MAAM,eAAe,KAAK,CAAC;AAClC,eAAO,MAAM,gBAAgB,MAAM,CAAC;AACpC,eAAO,MAAM,oBAAoB,MAAM,CAAC;AACxC,eAAO,MAAM,cAAc,SAAU,CAAC;AACtC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,0BAA0B,SAAU,CAAC;AAIlD,eAAO,MAAM,oBAAoB,MAAM,CAAC"}

package/dist/constants.js

@@ -1,5 +1,5 @@
 export const PACKAGE_NAME = "imperium-crawl";
-export const PACKAGE_VERSION = "1.5.1";
+export const PACKAGE_VERSION = "2.0.0";
 export const DEFAULT_TIMEOUT_MS = 30_000;
 export const DEFAULT_MAX_PAGES = 10;
 export const DEFAULT_MAX_DEPTH = 2;
@@ -51,4 +51,6 @@ export const MAX_DURATION_SECONDS = 300;
 export const MAX_TIMEOUT_MS = 300_000;
 export const MAX_SELECTOR_KEYS = 50;
 export const MAX_CRAWL_CONTENT_PER_PAGE = 102_400; // 100KB
+// ── Snapshot system ──
+export const MAX_STORED_SNAPSHOTS = 100;
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,YAAY,GAAG,gBAAgB,CAAC;AAC7C,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CAAC;AAEvC,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AACzC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AACnC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AACrC,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAEpE,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AACjD,MAAM,CAAC,MAAM,aAAa,GAAG,QAAQ,CAAC;AACtC,MAAM,CAAC,MAAM,eAAe,GAAG,UAAU,CAAC;AAC1C,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAElC,MAAM,CAAC,MAAM,cAAc,GAAG,qCAAqC,CAAC;AAEpE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AAC3C,MAAM,CAAC,MAAM,+BAA+B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAEhE,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAE/C,yBAAyB;AAEzB,MAAM,CAAC,MAAM,YAAY,GAAa;IACpC,+CAA+C;IAC/C,yCAAyC;IACzC,oBAAoB;IACpB,gBAAgB;IAChB,4BAA4B;IAC5B,iCAAiC;IACjC,4BAA4B;IAC5B,wBAAwB;IACxB,wBAAwB;IACxB,0BAA0B;IAC1B,4BAA4B;IAC5B,gBAAgB;IAChB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAE9D,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEvC,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,gCAAgC;AAEhC,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACxC,MAAM,CAAC,MAAM,eAAe,GAAG,SAAS,CAAC,CAAI,MAAM;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AACtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,CAAC;AACzC,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,CAAC;AACpC,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,CAAC;AAC7B,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC;AAC/B,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,CAAC;AAC/B,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,CAAC;AAClC,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AACpC,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACxC,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AACtC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,0BAA0B,GAAG,OAAO,CAAC,CAAC,QAAQ"}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,YAAY,GAAG,gBAAgB,CAAC;AAC7C,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CAAC;AAEvC,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AACzC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AACnC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AACrC,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAEpE,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AACjD,MAAM,CAAC,MAAM,aAAa,GAAG,QAAQ,CAAC;AACtC,MAAM,CAAC,MAAM,eAAe,GAAG,UAAU,CAAC;AAC1C,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAElC,MAAM,CAAC,MAAM,cAAc,GAAG,qCAAqC,CAAC;AAEpE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AAC3C,MAAM,CAAC,MAAM,+BAA+B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAEhE,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAE/C,yBAAyB;AAEzB,MAAM,CAAC,MAAM,YAAY,GAAa;IACpC,+CAA+C;IAC/C,yCAAyC;IACzC,oBAAoB;IACpB,gBAAgB;IAChB,4BAA4B;IAC5B,iCAAiC;IACjC,4BAA4B;IAC5B,wBAAwB;IACxB,wBAAwB;IACxB,0BAA0B;IAC1B,4BAA4B;IAC5B,gBAAgB;IAChB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAE9D,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEvC,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,gCAAgC;AAEhC,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACxC,MAAM,CAAC,MAAM,eAAe,GAAG,SAAS,CAAC,CAAI,MAAM;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AACtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,CAAC;AACzC,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,CAAC;AACpC,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,CAAC;AAC7B,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC;AAC/B,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,CAAC;AAC/B,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,CAAC;AAClC,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AACpC,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACxC,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AACtC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,0BAA0B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAE3D,wBAAwB;AAExB,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC"}

package/dist/network/interceptor.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Network Interceptor — Request interception and logging via page.route().
+ *
+ * Supports block, mock, modify, and log actions.
+ * Captures request log with timing for analysis.
+ */
+import type { InterceptRule, NetworkRequest } from "./types.js";
+type Page = import("rebrowser-playwright").Page;
+/**
+ * Set up network interception rules on a page.
+ * Also starts request logging.
+ */
+export declare function setupInterception(page: Page, rules: InterceptRule[]): Promise<void>;
+/**
+ * Get the captured request log for a page.
+ */
+export declare function getRequestLog(page: Page): NetworkRequest[];
+export {};
+//# sourceMappingURL=interceptor.d.ts.map

package/dist/network/interceptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interceptor.d.ts","sourceRoot":"","sources":["../../src/network/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEhE,KAAK,IAAI,GAAG,OAAO,sBAAsB,EAAE,IAAI,CAAC;AAMhD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,aAAa,EAAE,GACrB,OAAO,CAAC,IAAI,CAAC,CAoEf;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,cAAc,EAAE,CAE1D"}

package/dist/network/interceptor.js

@@ -0,0 +1,82 @@
+/**
+ * Network Interceptor — Request interception and logging via page.route().
+ *
+ * Supports block, mock, modify, and log actions.
+ * Captures request log with timing for analysis.
+ */
+// Per-page request logs
+const requestLogs = new WeakMap();
+/**
+ * Set up network interception rules on a page.
+ * Also starts request logging.
+ */
+export async function setupInterception(page, rules) {
+    const log = [];
+    requestLogs.set(page, log);
+    // Set up request logging
+    page.on("request", (request) => {
+        log.push({
+            url: request.url(),
+            method: request.method(),
+            resourceType: request.resourceType(),
+            timing: { startTime: Date.now() },
+        });
+    });
+    page.on("response", (response) => {
+        const url = response.url();
+        const entry = log.find((e) => e.url === url && !e.status);
+        if (entry) {
+            entry.status = response.status();
+            entry.timing.duration = Date.now() - entry.timing.startTime;
+        }
+    });
+    // Apply interception rules
+    for (const rule of rules) {
+        await page.route(rule.url_pattern, async (route) => {
+            switch (rule.action) {
+                case "block":
+                    await route.abort("blockedbyclient");
+                    break;
+                case "mock":
+                    await route.fulfill({
+                        status: rule.response?.status ?? 200,
+                        body: rule.response?.body ?? "",
+                        headers: rule.response?.headers,
+                        contentType: rule.response?.contentType ?? "text/plain",
+                    });
+                    break;
+                case "modify":
+                    // Modify response: fetch original, then override parts
+                    try {
+                        const response = await route.fetch();
+                        const body = rule.response?.body ?? await response.text();
+                        await route.fulfill({
+                            status: rule.response?.status ?? response.status(),
+                            body,
+                            headers: {
+                                ...response.headers(),
+                                ...(rule.response?.headers ?? {}),
+                            },
+                        });
+                    }
+                    catch {
+                        await route.continue();
+                    }
+                    break;
+                case "log":
+                    // Just continue — logging is handled by event listeners above
+                    await route.continue();
+                    break;
+                default:
+                    await route.continue();
+            }
+        });
+    }
+}
+/**
+ * Get the captured request log for a page.
+ */
+export function getRequestLog(page) {
+    return requestLogs.get(page) ?? [];
+}
+//# sourceMappingURL=interceptor.js.map

package/dist/network/interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interceptor.js","sourceRoot":"","sources":["../../src/network/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,wBAAwB;AACxB,MAAM,WAAW,GAAG,IAAI,OAAO,EAA4B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAU,EACV,KAAsB;IAEtB,MAAM,GAAG,GAAqB,EAAE,CAAC;IACjC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAE3B,yBAAyB;IACzB,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE;QAC7B,GAAG,CAAC,IAAI,CAAC;YACP,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE;YACxB,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE;YACpC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE;SAClC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1D,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,KAAY,EAAE,EAAE;YACxD,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACpB,KAAK,OAAO;oBACV,MAAM,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,MAAM;gBAER,KAAK,MAAM;oBACT,MAAM,KAAK,CAAC,OAAO,CAAC;wBAClB,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG;wBACpC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,EAAE;wBAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO;wBAC/B,WAAW,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,IAAI,YAAY;qBACxD,CAAC,CAAC;oBACH,MAAM;gBAER,KAAK,QAAQ;oBACX,uDAAuD;oBACvD,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;wBACrC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;wBAC1D,MAAM,KAAK,CAAC,OAAO,CAAC;4BAClB,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,QAAQ,CAAC,MAAM,EAAE;4BAClD,IAAI;4BACJ,OAAO,EAAE;gCACP,GAAG,QAAQ,CAAC,OAAO,EAAE;gCACrB,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE,CAAC;6BAClC;yBACF,CAAC,CAAC;oBACL,CAAC;oBAAC,MAAM,CAAC;wBACP,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACzB,CAAC;oBACD,MAAM;gBAER,KAAK,KAAK;oBACR,8DAA8D;oBAC9D,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACvB,MAAM;gBAER;oBACE,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAU;IACtC,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AACrC,CAAC"}

package/dist/network/types.d.ts

@@ -0,0 +1,27 @@
+/** Rule for network request interception */
+export interface InterceptRule {
+    url_pattern: string;
+    /** Action to take on matching requests */
+    action: "block" | "mock" | "modify" | "log";
+    /** Mock response (required for "mock" action) */
+    response?: {
+        status?: number;
+        body?: string;
+        headers?: Record<string, string>;
+        contentType?: string;
+    };
+}
+/** Captured network request */
+export interface NetworkRequest {
+    url: string;
+    method: string;
+    resourceType: string;
+    status?: number;
+    timing: {
+        startTime: number;
+        duration?: number;
+    };
+    headers?: Record<string, string>;
+    responseSize?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/network/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/network/types.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,MAAM,WAAW,aAAa;IAE5B,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAC5C,iDAAiD;IACjD,QAAQ,CAAC,EAAE;QACT,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,+BAA+B;AAC/B,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE;QACN,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}

package/dist/network/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/network/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/network/types.ts"],"names":[],"mappings":""}

package/dist/security/action-policy.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Action Policy — Granular access control for interact actions.
+ *
+ * Maps action types to categories, then evaluates against a policy config.
+ * Supports hot-reload: checks file mtime every 5s.
+ */
+import type { PolicyDecision } from "./types.js";
+/**
+ * Get the category for an action type.
+ */
+export declare function getActionCategory(actionType: string): string;
+/**
+ * Check policy for a given action type.
+ *
+ * @param actionType - The action type (e.g. "click", "evaluate")
+ * @param policyPath - Path to JSON policy file
+ * @returns Policy decision: allow, deny, or confirm
+ */
+export declare function checkPolicy(actionType: string, policyPath: string): Promise<PolicyDecision>;
+/**
+ * Human-readable description of an action for confirm prompts.
+ */
+export declare function describeAction(actionType: string, details?: Record<string, unknown>): string;
+/** Clear policy cache (for testing) */
+export declare function resetPolicyCache(): void;
+//# sourceMappingURL=action-policy.d.ts.map

package/dist/security/action-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-policy.d.ts","sourceRoot":"","sources":["../../src/security/action-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAsB,cAAc,EAAE,MAAM,YAAY,CAAC;AAwCrE;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE5D;AAgDD;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,CAAC,CAmBzB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CA2B5F;AAED,uCAAuC;AACvC,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC"}

package/dist/security/action-policy.js

@@ -0,0 +1,136 @@
+/**
+ * Action Policy — Granular access control for interact actions.
+ *
+ * Maps action types to categories, then evaluates against a policy config.
+ * Supports hot-reload: checks file mtime every 5s.
+ */
+import fs from "node:fs/promises";
+// ── Action → Category mapping ──
+const ACTION_CATEGORIES = {
+    // Navigation
+    navigate: "navigate",
+    // Click/interact
+    click: "click",
+    hover: "click",
+    drag: "click",
+    // Form input
+    type: "fill",
+    select: "fill",
+    upload: "fill",
+    // Script execution
+    evaluate: "eval",
+    // Read state
+    screenshot: "snapshot",
+    pdf: "snapshot",
+    cookie_get: "state",
+    storage_get: "state",
+    // Write state
+    cookie_set: "state_write",
+    storage_set: "state_write",
+    // Passive
+    scroll: "scroll",
+    wait: "wait",
+    press: "interact",
+};
+// Internal actions always allowed
+const INTERNAL_CATEGORY = "_internal";
+/**
+ * Get the category for an action type.
+ */
+export function getActionCategory(actionType) {
+    return ACTION_CATEGORIES[actionType] ?? "unknown";
+}
+const policyCache = new Map();
+const POLICY_CHECK_INTERVAL_MS = 5000;
+/**
+ * Load and cache a policy file with hot-reload support.
+ */
+async function loadPolicy(policyPath) {
+    const now = Date.now();
+    const cached = policyCache.get(policyPath);
+    // Check if cached and recent enough
+    if (cached && now - cached.loadedAt < POLICY_CHECK_INTERVAL_MS) {
+        return cached.config;
+    }
+    // Check mtime for hot-reload
+    try {
+        const stat = await fs.stat(policyPath);
+        const mtime = stat.mtimeMs;
+        if (cached && cached.mtime === mtime) {
+            cached.loadedAt = now;
+            return cached.config;
+        }
+        const raw = await fs.readFile(policyPath, "utf-8");
+        const config = JSON.parse(raw);
+        policyCache.set(policyPath, { config, mtime, loadedAt: now });
+        return config;
+    }
+    catch {
+        // If file doesn't exist or is invalid, use permissive default
+        const defaultConfig = { default: "allow" };
+        policyCache.set(policyPath, { config: defaultConfig, mtime: 0, loadedAt: now });
+        return defaultConfig;
+    }
+}
+/**
+ * Check policy for a given action type.
+ *
+ * @param actionType - The action type (e.g. "click", "evaluate")
+ * @param policyPath - Path to JSON policy file
+ * @returns Policy decision: allow, deny, or confirm
+ */
+export async function checkPolicy(actionType, policyPath) {
+    const category = getActionCategory(actionType);
+    // Internal actions always allowed
+    if (category === INTERNAL_CATEGORY)
+        return "allow";
+    const config = await loadPolicy(policyPath);
+    // Deny takes highest priority
+    if (config.deny?.includes(category))
+        return "deny";
+    // Confirm takes second priority
+    if (config.confirm?.includes(category))
+        return "confirm";
+    // Explicit allow
+    if (config.allow?.includes(category))
+        return "allow";
+    // Fall through to default
+    return config.default;
+}
+/**
+ * Human-readable description of an action for confirm prompts.
+ */
+export function describeAction(actionType, details) {
+    const descriptions = {
+        navigate: "Navigate to a URL",
+        click: "Click an element",
+        hover: "Hover over an element",
+        drag: "Drag and drop an element",
+        type: "Type text into a field",
+        select: "Select an option",
+        upload: "Upload files",
+        evaluate: "Execute JavaScript code",
+        screenshot: "Take a screenshot",
+        pdf: "Generate a PDF",
+        cookie_get: "Read cookies",
+        cookie_set: "Set cookies",
+        storage_get: "Read browser storage",
+        storage_set: "Write to browser storage",
+        scroll: "Scroll the page",
+        wait: "Wait for element/timeout",
+        press: "Press a key",
+    };
+    let desc = descriptions[actionType] ?? `Execute ${actionType}`;
+    if (details?.url)
+        desc += ` (${details.url})`;
+    if (details?.selector)
+        desc += ` on ${details.selector}`;
+    if (details?.ref)
+        desc += ` on ref ${details.ref}`;
+    return desc;
+}
+/** Clear policy cache (for testing) */
+export function resetPolicyCache() {
+    policyCache.clear();
+}
+//# sourceMappingURL=action-policy.js.map

package/dist/security/action-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-policy.js","sourceRoot":"","sources":["../../src/security/action-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAGlC,kCAAkC;AAElC,MAAM,iBAAiB,GAA2B;IAChD,aAAa;IACb,QAAQ,EAAE,UAAU;IAEpB,iBAAiB;IACjB,KAAK,EAAE,OAAO;IACd,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,OAAO;IAEb,aAAa;IACb,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IAEd,mBAAmB;IACnB,QAAQ,EAAE,MAAM;IAEhB,aAAa;IACb,UAAU,EAAE,UAAU;IACtB,GAAG,EAAE,UAAU;IACf,UAAU,EAAE,OAAO;IACnB,WAAW,EAAE,OAAO;IAEpB,cAAc;IACd,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAE1B,UAAU;IACV,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,UAAU;CAClB,CAAC;AAEF,kCAAkC;AAClC,MAAM,iBAAiB,GAAG,WAAW,CAAC;AAEtC;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,OAAO,iBAAiB,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC;AACpD,CAAC;AAUD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;AACpD,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,UAAkB;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE3C,oCAAoC;IACpC,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,wBAAwB,EAAE,CAAC;QAC/D,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC;QAE3B,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;YACrC,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC;YACtB,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;QAErD,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9D,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,MAAM,aAAa,GAAuB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAC/D,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;QAChF,OAAO,aAAa,CAAC;IACvB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,UAAkB;IAElB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE/C,kCAAkC;IAClC,IAAI,QAAQ,KAAK,iBAAiB;QAAE,OAAO,OAAO,CAAC;IAEnD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAE5C,8BAA8B;IAC9B,IAAI,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,MAAM,CAAC;IAEnD,gCAAgC;IAChC,IAAI,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IAEzD,iBAAiB;IACjB,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAErD,0BAA0B;IAC1B,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB,EAAE,OAAiC;IAClF,MAAM,YAAY,GAA2B;QAC3C,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,kBAAkB;QACzB,KAAK,EAAE,uBAAuB;QAC9B,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,wBAAwB;QAC9B,MAAM,EAAE,kBAAkB;QAC1B,MAAM,EAAE,cAAc;QACtB,QAAQ,EAAE,yBAAyB;QACnC,UAAU,EAAE,mBAAmB;QAC/B,GAAG,EAAE,gBAAgB;QACrB,UAAU,EAAE,cAAc;QAC1B,UAAU,EAAE,aAAa;QACzB,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,0BAA0B;QACvC,MAAM,EAAE,iBAAiB;QACzB,IAAI,EAAE,0BAA0B;QAChC,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,IAAI,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,WAAW,UAAU,EAAE,CAAC;IAC/D,IAAI,OAAO,EAAE,GAAG;QAAE,IAAI,IAAI,KAAK,OAAO,CAAC,GAAG,GAAG,CAAC;IAC9C,IAAI,OAAO,EAAE,QAAQ;QAAE,IAAI,IAAI,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;IACzD,IAAI,OAAO,EAAE,GAAG;QAAE,IAAI,IAAI,WAAW,OAAO,CAAC,GAAG,EAAE,CAAC;IAEnD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,gBAAgB;IAC9B,WAAW,CAAC,KAAK,EAAE,CAAC;AACtB,CAAC"}

package/dist/security/auth-vault.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Auth Vault — Encrypted credential storage for login automation.
+ *
+ * Stores login profiles (URL, username, password, form selectors)
+ * encrypted on disk. Profiles are decrypted on-demand for login flows.
+ */
+export interface AuthProfile {
+    name: string;
+    url: string;
+    username: string;
+    password: string;
+    selectors: {
+        username: string;
+        password: string;
+        submit: string;
+    };
+    lastLogin?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface AuthProfileMeta {
+    name: string;
+    url: string;
+    username: string;
+    lastLogin?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * Save an auth profile (encrypted on disk).
+ */
+export declare function saveAuthProfile(profile: Omit<AuthProfile, "createdAt" | "updatedAt">): Promise<void>;
+/**
+ * Get a decrypted auth profile by name.
+ */
+export declare function getAuthProfile(name: string): Promise<AuthProfile | null>;
+/**
+ * List all auth profiles (meta only — no passwords).
+ */
+export declare function listAuthProfiles(): Promise<AuthProfileMeta[]>;
+/**
+ * Delete an auth profile.
+ */
+export declare function deleteAuthProfile(name: string): Promise<boolean>;
+/**
+ * Update the lastLogin timestamp for a profile.
+ */
+export declare function updateLastLogin(name: string): Promise<void>;
+//# sourceMappingURL=auth-vault.d.ts.map

package/dist/security/auth-vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-vault.d.ts","sourceRoot":"","sources":["../../src/security/auth-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAaD;;GAEG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B1G;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAgB9E;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAiCnE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOtE;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQjE"}

package/dist/security/auth-vault.js

@@ -0,0 +1,133 @@
+/**
+ * Auth Vault — Encrypted credential storage for login automation.
+ *
+ * Stores login profiles (URL, username, password, form selectors)
+ * encrypted on disk. Profiles are decrypted on-demand for login flows.
+ */
+import fs from "node:fs/promises";
+import path from "node:path";
+import os from "node:os";
+import { SKILLS_DIR_NAME } from "../constants.js";
+import { encryptData, decryptData, isEncryptedPayload, ensureEncryptionKey } from "../sessions/encryption.js";
+const AUTH_SUBDIR = "auth";
+const PROFILE_NAME_REGEX = /^[a-zA-Z0-9_-]+$/;
+function getAuthDir() {
+    return path.join(os.homedir(), SKILLS_DIR_NAME, AUTH_SUBDIR);
+}
+function profilePath(name) {
+    if (!PROFILE_NAME_REGEX.test(name)) {
+        throw new Error(`Invalid profile name: '${name}'. Use only alphanumeric, underscore, and hyphen.`);
+    }
+    return path.join(getAuthDir(), `${name}.json`);
+}
+/**
+ * Save an auth profile (encrypted on disk).
+ */
+export async function saveAuthProfile(profile) {
+    const key = await ensureEncryptionKey();
+    if (!key) {
+        throw new Error("Encryption key required for auth vault. Set SESSION_ENCRYPTION_KEY env var or run 'imperium-crawl setup'.");
+    }
+    const dir = getAuthDir();
+    await fs.mkdir(dir, { recursive: true });
+    // Load existing for createdAt preservation
+    let createdAt = new Date().toISOString();
+    try {
+        const existing = await getAuthProfile(profile.name);
+        if (existing)
+            createdAt = existing.createdAt;
+    }
+    catch {
+        // New profile
+    }
+    const fullProfile = {
+        ...profile,
+        createdAt,
+        updatedAt: new Date().toISOString(),
+    };
+    const encrypted = encryptData(JSON.stringify(fullProfile), key);
+    const filePath = profilePath(profile.name);
+    const tmpPath = filePath + ".tmp";
+    await fs.writeFile(tmpPath, JSON.stringify(encrypted, null, 2), { encoding: "utf-8", mode: 0o600 });
+    await fs.rename(tmpPath, filePath);
+}
+/**
+ * Get a decrypted auth profile by name.
+ */
+export async function getAuthProfile(name) {
+    const key = await ensureEncryptionKey();
+    if (!key)
+        return null;
+    try {
+        const data = await fs.readFile(profilePath(name), "utf-8");
+        const parsed = JSON.parse(data);
+        if (isEncryptedPayload(parsed)) {
+            return JSON.parse(decryptData(parsed, key));
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * List all auth profiles (meta only — no passwords).
+ */
+export async function listAuthProfiles() {
+    const dir = getAuthDir();
+    const key = await ensureEncryptionKey();
+    try {
+        const files = await fs.readdir(dir);
+        const profiles = [];
+        for (const file of files) {
+            if (!file.endsWith(".json") || file.endsWith(".tmp.json"))
+                continue;
+            const name = file.replace(/\.json$/, "");
+            try {
+                const profile = key ? await getAuthProfile(name) : null;
+                if (profile) {
+                    profiles.push({
+                        name: profile.name,
+                        url: profile.url,
+                        username: profile.username,
+                        lastLogin: profile.lastLogin,
+                        createdAt: profile.createdAt,
+                        updatedAt: profile.updatedAt,
+                    });
+                }
+            }
+            catch {
+                // Skip unreadable profiles
+            }
+        }
+        return profiles;
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Delete an auth profile.
+ */
+export async function deleteAuthProfile(name) {
+    try {
+        await fs.unlink(profilePath(name));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Update the lastLogin timestamp for a profile.
+ */
+export async function updateLastLogin(name) {
+    const profile = await getAuthProfile(name);
+    if (!profile)
+        return;
+    await saveAuthProfile({
+        ...profile,
+        lastLogin: new Date().toISOString(),
+    });
+}
+//# sourceMappingURL=auth-vault.js.map

package/dist/security/auth-vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-vault.js","sourceRoot":"","sources":["../../src/security/auth-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAE9G,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,MAAM,kBAAkB,GAAG,kBAAkB,CAAC;AA0B9C,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,mDAAmD,CAAC,CAAC;IACrG,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAqD;IACzF,MAAM,GAAG,GAAG,MAAM,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,2GAA2G,CAAC,CAAC;IAC/H,CAAC;IAED,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzC,2CAA2C;IAC3C,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,QAAQ;YAAE,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;IAED,MAAM,WAAW,GAAgB;QAC/B,GAAG,OAAO;QACV,SAAS;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;IAElC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpG,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAY;IAC/C,MAAM,GAAG,GAAG,MAAM,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEhC,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAgB,CAAC;QAC7D,CAAC;QAED,OAAO,MAAqB,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAAE,SAAS;YACpE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEzC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBACxD,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;qBAC7B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAY;IAClD,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAY;IAChD,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,MAAM,eAAe,CAAC;QACpB,GAAG,OAAO;QACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC"}

package/dist/security/domain-filter.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Domain Filter — Security sandbox for browser actions.
+ *
+ * Blocks requests to non-allowed domains via page.route().
+ * Also patches WebSocket/EventSource/sendBeacon to prevent data exfiltration.
+ */
+type BrowserContext = import("rebrowser-playwright").BrowserContext;
+/**
+ * Check if a hostname matches any of the allowed patterns.
+ * Supports exact match and wildcard (*.example.com).
+ */
+export declare function isDomainAllowed(hostname: string, patterns: string[]): boolean;
+/**
+ * Install domain filter on a browser context.
+ * Blocks all requests to non-allowed domains + patches WebSocket/EventSource.
+ */
+export declare function installDomainFilter(context: BrowserContext, allowedDomains: string[]): Promise<void>;
+export {};
+//# sourceMappingURL=domain-filter.d.ts.map

package/dist/security/domain-filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain-filter.d.ts","sourceRoot":"","sources":["../../src/security/domain-filter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,KAAK,cAAc,GAAG,OAAO,sBAAsB,EAAE,cAAc,CAAC;AAEpE;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAa7E;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,cAAc,EACvB,cAAc,EAAE,MAAM,EAAE,GACvB,OAAO,CAAC,IAAI,CAAC,CAoFf"}