imperium-crawl 1.5.2 → 2.0.0

package/dist/security/domain-filter.js

@@ -0,0 +1,114 @@
+/**
+ * Domain Filter — Security sandbox for browser actions.
+ *
+ * Blocks requests to non-allowed domains via page.route().
+ * Also patches WebSocket/EventSource/sendBeacon to prevent data exfiltration.
+ */
+/**
+ * Check if a hostname matches any of the allowed patterns.
+ * Supports exact match and wildcard (*.example.com).
+ */
+export function isDomainAllowed(hostname, patterns) {
+    const lower = hostname.toLowerCase();
+    for (const pattern of patterns) {
+        const p = pattern.toLowerCase();
+        if (p === lower)
+            return true;
+        if (p.startsWith("*.")) {
+            const suffix = p.slice(2);
+            if (lower === suffix || lower.endsWith(`.${suffix}`))
+                return true;
+        }
+    }
+    return false;
+}
+/**
+ * Install domain filter on a browser context.
+ * Blocks all requests to non-allowed domains + patches WebSocket/EventSource.
+ */
+export async function installDomainFilter(context, allowedDomains) {
+    if (!allowedDomains.length)
+        return;
+    // Block HTTP requests to non-allowed domains
+    await context.route("**/*", (route) => {
+        try {
+            const url = new URL(route.request().url());
+            if (isDomainAllowed(url.hostname, allowedDomains)) {
+                route.continue();
+            }
+            else {
+                route.abort("blockedbyclient");
+            }
+        }
+        catch {
+            // Invalid URL — allow (probably internal)
+            route.continue();
+        }
+    });
+    // Patch WebSocket/EventSource/sendBeacon in page context
+    const initScript = `
+    (function() {
+      const allowedDomains = ${JSON.stringify(allowedDomains)};
+
+      function isDomainAllowed(hostname) {
+        const lower = hostname.toLowerCase();
+        for (const pattern of allowedDomains) {
+          const p = pattern.toLowerCase();
+          if (p === lower) return true;
+          if (p.startsWith('*.')) {
+            const suffix = p.slice(2);
+            if (lower === suffix || lower.endsWith('.' + suffix)) return true;
+          }
+        }
+        return false;
+      }
+
+      function checkUrl(urlStr) {
+        try {
+          const url = new URL(urlStr, window.location.href);
+          return isDomainAllowed(url.hostname);
+        } catch {
+          return false;
+        }
+      }
+
+      // Patch WebSocket
+      const OrigWebSocket = window.WebSocket;
+      window.WebSocket = function(url, protocols) {
+        if (!checkUrl(url)) {
+          console.warn('[imperium-crawl] Blocked WebSocket to:', url);
+          throw new DOMException('Blocked by domain filter', 'SecurityError');
+        }
+        return new OrigWebSocket(url, protocols);
+      };
+      window.WebSocket.prototype = OrigWebSocket.prototype;
+
+      // Patch EventSource
+      const OrigEventSource = window.EventSource;
+      if (OrigEventSource) {
+        window.EventSource = function(url, opts) {
+          if (!checkUrl(url)) {
+            console.warn('[imperium-crawl] Blocked EventSource to:', url);
+            throw new DOMException('Blocked by domain filter', 'SecurityError');
+          }
+          return new OrigEventSource(url, opts);
+        };
+        window.EventSource.prototype = OrigEventSource.prototype;
+      }
+
+      // Patch sendBeacon
+      const origSendBeacon = navigator.sendBeacon?.bind(navigator);
+      if (origSendBeacon) {
+        navigator.sendBeacon = function(url, data) {
+          if (!checkUrl(url)) {
+            console.warn('[imperium-crawl] Blocked sendBeacon to:', url);
+            return false;
+          }
+          return origSendBeacon(url, data);
+        };
+      }
+    })();
+  `;
+    await context.addInitScript(initScript);
+}
+//# sourceMappingURL=domain-filter.js.map

package/dist/security/domain-filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain-filter.js","sourceRoot":"","sources":["../../src/security/domain-filter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,QAAkB;IAClE,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAErC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QAC7B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC;gBAAE,OAAO,IAAI,CAAC;QACpE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAuB,EACvB,cAAwB;IAExB,IAAI,CAAC,cAAc,CAAC,MAAM;QAAE,OAAO;IAEnC,6CAA6C;IAC7C,MAAM,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QACpC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3C,IAAI,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,EAAE,CAAC;gBAClD,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0CAA0C;YAC1C,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,yDAAyD;IACzD,MAAM,UAAU,GAAG;;+BAEU,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4D1D,CAAC;IAEF,MAAM,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;AAC1C,CAAC"}

package/dist/security/types.d.ts

@@ -0,0 +1,19 @@
+/** Action policy decision */
+export type PolicyDecision = "allow" | "deny" | "confirm";
+/** Action policy configuration */
+export interface ActionPolicyConfig {
+    /** Default decision for uncategorized actions */
+    default: "allow" | "deny";
+    /** Allowed categories override default */
+    allow?: string[];
+    /** Denied categories override default and allow */
+    deny?: string[];
+    /** Categories requiring explicit confirmation */
+    confirm?: string[];
+}
+/** Domain filter patterns */
+export interface DomainFilterConfig {
+    /** Allowed domain patterns (exact or wildcard *.example.com) */
+    allowed_domains: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/security/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAE1D,kCAAkC;AAClC,MAAM,WAAW,kBAAkB;IACjC,iDAAiD;IACjD,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC;IAC1B,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iDAAiD;IACjD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,6BAA6B;AAC7B,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B"}

package/dist/security/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/security/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":""}

package/dist/sessions/encryption.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Session Encryption — AES-256-GCM with scrypt key derivation.
+ *
+ * Auto-encrypts session files when SESSION_ENCRYPTION_KEY env var is set.
+ * Uses Node.js crypto module only, zero deps.
+ */
+export interface EncryptedPayload {
+    version: 1;
+    algorithm: "aes-256-gcm";
+    iv: string;
+    authTag: string;
+    ciphertext: string;
+    salt: string;
+}
+/**
+ * Encrypt plaintext with AES-256-GCM.
+ */
+export declare function encryptData(plaintext: string, userKey: string): EncryptedPayload;
+/**
+ * Decrypt an encrypted payload.
+ */
+export declare function decryptData(payload: EncryptedPayload, userKey: string): string;
+/**
+ * Check if an object looks like an encrypted payload.
+ */
+export declare function isEncryptedPayload(obj: unknown): obj is EncryptedPayload;
+/**
+ * Get encryption key from env var or auto-generated key file.
+ * Returns undefined if no key is configured and no key file exists.
+ */
+export declare function ensureEncryptionKey(): Promise<string | undefined>;
+/**
+ * Generate a new encryption key and save to file.
+ * Only call this explicitly (e.g. from setup wizard).
+ */
+export declare function generateEncryptionKey(): Promise<string>;
+//# sourceMappingURL=encryption.d.ts.map

package/dist/sessions/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/sessions/encryption.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAoBH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,CAAC,CAAC;IACX,SAAS,EAAE,aAAa,CAAC;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AASD;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,gBAAgB,CAoBhF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAc9E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,gBAAgB,CAWxE;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAcvE;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,MAAM,CAAC,CAS7D"}

package/dist/sessions/encryption.js

@@ -0,0 +1,108 @@
+/**
+ * Session Encryption — AES-256-GCM with scrypt key derivation.
+ *
+ * Auto-encrypts session files when SESSION_ENCRYPTION_KEY env var is set.
+ * Uses Node.js crypto module only, zero deps.
+ */
+import { randomBytes, createCipheriv, createDecipheriv, scryptSync, } from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+import os from "node:os";
+import { SKILLS_DIR_NAME } from "../constants.js";
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const IV_LENGTH = 12;
+const SALT_LENGTH = 16;
+const AUTH_TAG_LENGTH = 16;
+const ENCRYPTION_KEY_FILENAME = "encryption.key";
+/**
+ * Derive a 256-bit key from user password using scrypt.
+ */
+function deriveKey(userKey, salt) {
+    return scryptSync(userKey, salt, KEY_LENGTH);
+}
+/**
+ * Encrypt plaintext with AES-256-GCM.
+ */
+export function encryptData(plaintext, userKey) {
+    const salt = randomBytes(SALT_LENGTH);
+    const key = deriveKey(userKey, salt);
+    const iv = randomBytes(IV_LENGTH);
+    const cipher = createCipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+    const encrypted = Buffer.concat([
+        cipher.update(plaintext, "utf-8"),
+        cipher.final(),
+    ]);
+    const authTag = cipher.getAuthTag();
+    return {
+        version: 1,
+        algorithm: ALGORITHM,
+        iv: iv.toString("hex"),
+        authTag: authTag.toString("hex"),
+        ciphertext: encrypted.toString("hex"),
+        salt: salt.toString("hex"),
+    };
+}
+/**
+ * Decrypt an encrypted payload.
+ */
+export function decryptData(payload, userKey) {
+    const salt = Buffer.from(payload.salt, "hex");
+    const key = deriveKey(userKey, salt);
+    const iv = Buffer.from(payload.iv, "hex");
+    const authTag = Buffer.from(payload.authTag, "hex");
+    const ciphertext = Buffer.from(payload.ciphertext, "hex");
+    const decipher = createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+    decipher.setAuthTag(authTag);
+    return Buffer.concat([
+        decipher.update(ciphertext),
+        decipher.final(),
+    ]).toString("utf-8");
+}
+/**
+ * Check if an object looks like an encrypted payload.
+ */
+export function isEncryptedPayload(obj) {
+    if (!obj || typeof obj !== "object")
+        return false;
+    const o = obj;
+    return (o.version === 1 &&
+        o.algorithm === ALGORITHM &&
+        typeof o.iv === "string" &&
+        typeof o.authTag === "string" &&
+        typeof o.ciphertext === "string" &&
+        typeof o.salt === "string");
+}
+/**
+ * Get encryption key from env var or auto-generated key file.
+ * Returns undefined if no key is configured and no key file exists.
+ */
+export async function ensureEncryptionKey() {
+    // Env var takes priority
+    const envKey = process.env.SESSION_ENCRYPTION_KEY?.trim();
+    if (envKey)
+        return envKey;
+    // Check for existing key file
+    const keyPath = path.join(os.homedir(), SKILLS_DIR_NAME, ENCRYPTION_KEY_FILENAME);
+    try {
+        const key = await fs.readFile(keyPath, "utf-8");
+        return key.trim();
+    }
+    catch {
+        // No key file — return undefined (encryption not configured)
+        return undefined;
+    }
+}
+/**
+ * Generate a new encryption key and save to file.
+ * Only call this explicitly (e.g. from setup wizard).
+ */
+export async function generateEncryptionKey() {
+    const key = randomBytes(32).toString("hex");
+    const dir = path.join(os.homedir(), SKILLS_DIR_NAME);
+    const keyPath = path.join(dir, ENCRYPTION_KEY_FILENAME);
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(keyPath, key, { encoding: "utf-8", mode: 0o600 });
+    return key;
+}
+//# sourceMappingURL=encryption.js.map

package/dist/sessions/encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/sessions/encryption.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,UAAU,GACX,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,uBAAuB,GAAG,gBAAgB,CAAC;AAWjD;;GAEG;AACH,SAAS,SAAS,CAAC,OAAe,EAAE,IAAY;IAC9C,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,SAAiB,EAAE,OAAe;IAC5D,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACrC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAElC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;IACtF,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC;QACjC,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,OAAO;QACL,OAAO,EAAE,CAAC;QACV,SAAS,EAAE,SAAS;QACpB,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtB,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;QAChC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;KAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAyB,EAAE,OAAe;IACpE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACrC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;IAC1F,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3B,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAY;IAC7C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,OAAO,CACL,CAAC,CAAC,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,SAAS,KAAK,SAAS;QACzB,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;QACxB,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;QAC7B,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAC3B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,yBAAyB;IACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,IAAI,EAAE,CAAC;IAC1D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,8BAA8B;IAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,eAAe,EAAE,uBAAuB,CAAC,CAAC;IAClF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;IAExD,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAErE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/sessions/index.d.ts

@@ -1,3 +1,4 @@
 export type { StoredSession, StoredCookie } from "./types.js";
 export { SessionManager, getSessionManager, resetSessionManager } from "./manager.js";
+export { encryptData, decryptData, isEncryptedPayload, ensureEncryptionKey, generateEncryptionKey, } from "./encryption.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/sessions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACtF,OAAO,EACL,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,iBAAiB,CAAC"}

package/dist/sessions/index.js

@@ -1,2 +1,3 @@
 export { SessionManager, getSessionManager, resetSessionManager } from "./manager.js";
+export { encryptData, decryptData, isEncryptedPayload, ensureEncryptionKey, generateEncryptionKey, } from "./encryption.js";
 //# sourceMappingURL=index.js.map

package/dist/sessions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACtF,OAAO,EACL,WAAW,EACX,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,iBAAiB,CAAC"}

package/dist/sessions/manager.d.ts

@@ -2,7 +2,10 @@ import type { StoredSession, StoredCookie } from "./types.js";
 export declare class SessionManager {
     private cache;
     private dir;
+    private encryptionKey;
+    private keyLoaded;
     constructor(dir?: string);
+    private getEncryptionKey;
     private sessionPath;
     save(id: string, cookies: StoredCookie[], url: string): Promise<void>;
     load(id: string): Promise<StoredSession | null>;

package/dist/sessions/manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/sessions/manager.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE9D,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAAoC;IACjD,OAAO,CAAC,GAAG,CAAS;gBAER,GAAG,CAAC,EAAE,MAAM;IAIxB,OAAO,CAAC,WAAW;IAMb,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBrE,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAwB/C,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASjC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;CAUhC;AAMD,wBAAgB,iBAAiB,IAAI,cAAc,CAKlD;AAED,oCAAoC;AACpC,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C"}
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/sessions/manager.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG9D,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAAoC;IACjD,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,SAAS,CAAS;gBAEd,GAAG,CAAC,EAAE,MAAM;YAIV,gBAAgB;IAQ9B,OAAO,CAAC,WAAW;IAMb,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BrE,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAqC/C,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASjC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;CAUhC;AAMD,wBAAgB,iBAAiB,IAAI,cAAc,CAKlD;AAED,oCAAoC;AACpC,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C"}

package/dist/sessions/manager.js

@@ -1,12 +1,22 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { getSessionsDir } from "../config.js";
+import { encryptData, decryptData, isEncryptedPayload, ensureEncryptionKey } from "./encryption.js";
 export class SessionManager {
     cache = new Map();
     dir;
+    encryptionKey;
+    keyLoaded = false;
     constructor(dir) {
         this.dir = dir ?? getSessionsDir();
     }
+    async getEncryptionKey() {
+        if (!this.keyLoaded) {
+            this.encryptionKey = await ensureEncryptionKey();
+            this.keyLoaded = true;
+        }
+        return this.encryptionKey;
+    }
     sessionPath(id) {
         // Sanitize id to prevent path traversal
         const safe = id.replace(/[^a-zA-Z0-9_\-]/g, "_");
@@ -26,7 +36,11 @@ export class SessionManager {
         await fs.mkdir(this.dir, { recursive: true });
         const filePath = this.sessionPath(id);
         const tmpPath = filePath + ".tmp";
-        await fs.writeFile(tmpPath, JSON.stringify(session, null, 2), "utf-8");
+        const key = await this.getEncryptionKey();
+        const content = key
+            ? JSON.stringify(encryptData(JSON.stringify(session), key), null, 2)
+            : JSON.stringify(session, null, 2);
+        await fs.writeFile(tmpPath, content, "utf-8");
         await fs.rename(tmpPath, filePath);
     }
     async load(id) {
@@ -34,7 +48,19 @@ export class SessionManager {
             return this.cache.get(id);
         try {
             const data = await fs.readFile(this.sessionPath(id), "utf-8");
-            const session = JSON.parse(data);
+            const parsed = JSON.parse(data);
+            let session;
+            if (isEncryptedPayload(parsed)) {
+                const key = await this.getEncryptionKey();
+                if (!key) {
+                    console.error("[sessions] Encrypted session found but no encryption key configured");
+                    return null;
+                }
+                session = JSON.parse(decryptData(parsed, key));
+            }
+            else {
+                session = parsed;
+            }
             this.cache.set(id, session);
             return session;
         }

package/dist/sessions/manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/sessions/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAG9C,MAAM,OAAO,cAAc;IACjB,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAC;IACzC,GAAG,CAAS;IAEpB,YAAY,GAAY;QACtB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,cAAc,EAAE,CAAC;IACrC,CAAC;IAEO,WAAW,CAAC,EAAU;QAC5B,wCAAwC;QACxC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAU,EAAE,OAAuB,EAAE,GAAW;QACzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEpC,MAAM,OAAO,GAAkB;YAC7B,EAAE;YACF,OAAO;YACP,GAAG;YACH,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,GAAG;YACrC,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAE5B,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAClC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAU;QACnB,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;YAClD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC5B,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,QAAQ,GACZ,GAAG;gBACH,OAAO,GAAG,KAAK,QAAQ;gBACvB,MAAM,IAAI,GAAG;gBACZ,GAA6B,CAAC,IAAI,KAAK,QAAQ,CAAC;YACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CACX,oCAAoC,EACpC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzC,OAAO,KAAK;iBACT,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;iBAC9D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAED,kBAAkB;AAElB,IAAI,OAAO,GAA0B,IAAI,CAAC;AAE1C,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,IAAI,cAAc,EAAE,CAAC;IACjC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,oCAAoC;AACpC,MAAM,UAAU,mBAAmB;IACjC,OAAO,GAAG,IAAI,CAAC;AACjB,CAAC"}
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/sessions/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAEpG,MAAM,OAAO,cAAc;IACjB,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAC;IACzC,GAAG,CAAS;IACZ,aAAa,CAAqB;IAClC,SAAS,GAAG,KAAK,CAAC;IAE1B,YAAY,GAAY;QACtB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,cAAc,EAAE,CAAC;IACrC,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,aAAa,GAAG,MAAM,mBAAmB,EAAE,CAAC;YACjD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAEO,WAAW,CAAC,EAAU;QAC5B,wCAAwC;QACxC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAU,EAAE,OAAuB,EAAE,GAAW;QACzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEpC,MAAM,OAAO,GAAkB;YAC7B,EAAE;YACF,OAAO;YACP,GAAG;YACH,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,GAAG;YACrC,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAE5B,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,GAAG;YACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAErC,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAU;QACnB,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;YAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEhC,IAAI,OAAsB,CAAC;YAC3B,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;oBACT,OAAO,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAC;oBACrF,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAkB,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,MAAuB,CAAC;YACpC,CAAC;YAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC5B,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,QAAQ,GACZ,GAAG;gBACH,OAAO,GAAG,KAAK,QAAQ;gBACvB,MAAM,IAAI,GAAG;gBACZ,GAA6B,CAAC,IAAI,KAAK,QAAQ,CAAC;YACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CACX,oCAAoC,EACpC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzC,OAAO,KAAK;iBACT,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;iBAC9D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAED,kBAAkB;AAElB,IAAI,OAAO,GAA0B,IAAI,CAAC;AAE1C,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,IAAI,cAAc,EAAE,CAAC;IACjC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,oCAAoC;AACpC,MAAM,UAAU,mBAAmB;IACjC,OAAO,GAAG,IAAI,CAAC;AACjB,CAAC"}

package/dist/snapshot/annotator.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Annotated Screenshots — Inject visual overlay badges on interactive elements.
+ *
+ * Zero external deps — uses DOM injection via page.evaluate(),
+ * takes screenshot, then cleans up injected elements.
+ *
+ * Color coding:
+ * - Red (#e53e3e)    = button, switch
+ * - Blue (#3182ce)   = link, tab
+ * - Green (#38a169)  = textbox, searchbox, combobox, listbox
+ * - Orange (#dd6b20) = other interactive (checkbox, radio, slider, etc.)
+ */
+import type { RefMap } from "./types.js";
+type Page = import("rebrowser-playwright").Page;
+/**
+ * Inject annotation overlays on interactive elements, take screenshot, cleanup.
+ * Returns PNG buffer.
+ */
+export declare function annotateScreenshot(page: Page, refs: RefMap): Promise<Buffer>;
+export {};
+//# sourceMappingURL=annotator.d.ts.map

package/dist/snapshot/annotator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"annotator.d.ts","sourceRoot":"","sources":["../../src/snapshot/annotator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,KAAK,IAAI,GAAG,OAAO,sBAAsB,EAAE,IAAI,CAAC;AAiBhD;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAoIlF"}

package/dist/snapshot/annotator.js

@@ -0,0 +1,152 @@
+/**
+ * Annotated Screenshots — Inject visual overlay badges on interactive elements.
+ *
+ * Zero external deps — uses DOM injection via page.evaluate(),
+ * takes screenshot, then cleans up injected elements.
+ *
+ * Color coding:
+ * - Red (#e53e3e)    = button, switch
+ * - Blue (#3182ce)   = link, tab
+ * - Green (#38a169)  = textbox, searchbox, combobox, listbox
+ * - Orange (#dd6b20) = other interactive (checkbox, radio, slider, etc.)
+ */
+const ROLE_COLORS = {
+    button: "#e53e3e",
+    switch: "#e53e3e",
+    link: "#3182ce",
+    tab: "#3182ce",
+    textbox: "#38a169",
+    searchbox: "#38a169",
+    combobox: "#38a169",
+    listbox: "#38a169",
+};
+const DEFAULT_COLOR = "#dd6b20";
+const ANNOTATION_ATTR = "data-imperium-annotation";
+/**
+ * Inject annotation overlays on interactive elements, take screenshot, cleanup.
+ * Returns PNG buffer.
+ */
+export async function annotateScreenshot(page, refs) {
+    // Build annotation data for injection
+    const annotations = Object.entries(refs).map(([ref, entry]) => ({
+        ref,
+        role: entry.role,
+        name: entry.name,
+        nth: entry.nth,
+        color: ROLE_COLORS[entry.role] ?? DEFAULT_COLOR,
+    }));
+    // Inject overlays via page.evaluate
+    await page.evaluate((data) => {
+        const ATTR = "data-imperium-annotation";
+        for (const { ref, role, name, nth, color } of data) {
+            // Find the element using ARIA queries
+            let elements;
+            try {
+                // Try aria role query
+                const selector = name
+                    ? `[role="${role}"]`
+                    : `[role="${role}"]`;
+                elements = Array.from(document.querySelectorAll(selector));
+                // Filter by accessible name if provided
+                if (name) {
+                    elements = elements.filter((el) => {
+                        const accName = el.getAttribute("aria-label") ||
+                            el.getAttribute("title") ||
+                            (el.textContent ?? "").trim();
+                        return accName.includes(name) || name.includes(accName.slice(0, 80));
+                    });
+                }
+                // Handle nth
+                if (nth !== undefined && elements[nth]) {
+                    elements = [elements[nth]];
+                }
+                else if (elements.length > 0) {
+                    elements = [elements[0]];
+                }
+                // Fallback: try matching by tag for common roles
+                if (elements.length === 0) {
+                    const tagMap = {
+                        button: "button",
+                        link: "a",
+                        textbox: "input,textarea",
+                        searchbox: "input[type=search]",
+                        checkbox: "input[type=checkbox]",
+                        radio: "input[type=radio]",
+                    };
+                    if (tagMap[role]) {
+                        const tagEls = document.querySelectorAll(tagMap[role]);
+                        for (const el of tagEls) {
+                            const accName = el.getAttribute("aria-label") ||
+                                el.getAttribute("title") ||
+                                (el.textContent ?? "").trim();
+                            if (!name || accName.includes(name) || name.includes(accName.slice(0, 80))) {
+                                elements = [el];
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+            catch {
+                elements = [];
+            }
+            if (elements.length === 0)
+                continue;
+            const el = elements[0];
+            const rect = el.getBoundingClientRect();
+            if (rect.width === 0 || rect.height === 0)
+                continue;
+            // Create border overlay
+            const border = document.createElement("div");
+            border.setAttribute(ATTR, ref);
+            Object.assign(border.style, {
+                position: "absolute",
+                top: `${rect.top + window.scrollY}px`,
+                left: `${rect.left + window.scrollX}px`,
+                width: `${rect.width}px`,
+                height: `${rect.height}px`,
+                border: `2px solid ${color}`,
+                borderRadius: "3px",
+                pointerEvents: "none",
+                zIndex: "2147483647",
+                boxSizing: "border-box",
+            });
+            // Create badge
+            const badge = document.createElement("div");
+            badge.setAttribute(ATTR, `${ref}-badge`);
+            const refNum = ref.replace("e", "");
+            badge.textContent = refNum;
+            Object.assign(badge.style, {
+                position: "absolute",
+                top: `${rect.top + window.scrollY - 10}px`,
+                left: `${rect.left + window.scrollX - 10}px`,
+                width: "20px",
+                height: "20px",
+                borderRadius: "50%",
+                backgroundColor: color,
+                color: "white",
+                fontSize: "11px",
+                fontWeight: "bold",
+                fontFamily: "Arial, sans-serif",
+                display: "flex",
+                alignItems: "center",
+                justifyContent: "center",
+                pointerEvents: "none",
+                zIndex: "2147483647",
+                lineHeight: "1",
+            });
+            document.body.appendChild(border);
+            document.body.appendChild(badge);
+        }
+    }, annotations);
+    // Take screenshot with annotations
+    const screenshot = await page.screenshot({ fullPage: false });
+    // Cleanup injected elements
+    await page.evaluate((attr) => {
+        const els = document.querySelectorAll(`[${attr}]`);
+        for (const el of els)
+            el.remove();
+    }, ANNOTATION_ATTR);
+    return screenshot;
+}
+//# sourceMappingURL=annotator.js.map

package/dist/snapshot/annotator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"annotator.js","sourceRoot":"","sources":["../../src/snapshot/annotator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,MAAM,WAAW,GAA2B;IAC1C,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,SAAS;IACd,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,SAAS;IACpB,QAAQ,EAAE,SAAS;IACnB,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,MAAM,aAAa,GAAG,SAAS,CAAC;AAEhC,MAAM,eAAe,GAAG,0BAA0B,CAAC;AAEnD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAU,EAAE,IAAY;IAC/D,sCAAsC;IACtC,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,GAAG;QACH,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,aAAa;KAChD,CAAC,CAAC,CAAC;IAEJ,oCAAoC;IACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAwB,EAAE,EAAE;QAC/C,MAAM,IAAI,GAAG,0BAA0B,CAAC;QAExC,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;YACnD,sCAAsC;YACtC,IAAI,QAAmB,CAAC;YACxB,IAAI,CAAC;gBACH,sBAAsB;gBACtB,MAAM,QAAQ,GAAG,IAAI;oBACnB,CAAC,CAAC,UAAU,IAAI,IAAI;oBACpB,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC;gBACvB,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAE3D,wCAAwC;gBACxC,IAAI,IAAI,EAAE,CAAC;oBACT,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE;wBAChC,MAAM,OAAO,GACX,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC;4BAC7B,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC;4BACxB,CAAC,EAAE,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;wBAChC,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;oBACvE,CAAC,CAAC,CAAC;gBACL,CAAC;gBAED,aAAa;gBACb,IAAI,GAAG,KAAK,SAAS,IAAI,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvC,QAAQ,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC7B,CAAC;qBAAM,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC/B,QAAQ,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3B,CAAC;gBAED,iDAAiD;gBACjD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1B,MAAM,MAAM,GAA2B;wBACrC,MAAM,EAAE,QAAQ;wBAChB,IAAI,EAAE,GAAG;wBACT,OAAO,EAAE,gBAAgB;wBACzB,SAAS,EAAE,oBAAoB;wBAC/B,QAAQ,EAAE,sBAAsB;wBAChC,KAAK,EAAE,mBAAmB;qBAC3B,CAAC;oBACF,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;wBACjB,MAAM,MAAM,GAAG,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;wBACvD,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;4BACxB,MAAM,OAAO,GACX,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC;gCAC7B,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC;gCACxB,CAAC,EAAE,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;4BAChC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;gCAC3E,QAAQ,GAAG,CAAC,EAAE,CAAC,CAAC;gCAChB,MAAM;4BACR,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,EAAE,CAAC;YAChB,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,EAAE,CAAC,qBAAqB,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEpD,wBAAwB;YACxB,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC7C,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;gBAC1B,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,OAAO,IAAI;gBACrC,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,IAAI;gBACvC,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,IAAI;gBACxB,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,IAAI;gBAC1B,MAAM,EAAE,aAAa,KAAK,EAAE;gBAC5B,YAAY,EAAE,KAAK;gBACnB,aAAa,EAAE,MAAM;gBACrB,MAAM,EAAE,YAAY;gBACpB,SAAS,EAAE,YAAY;aACxB,CAAC,CAAC;YAEH,eAAe;YACf,MAAM,KAAK,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC5C,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,GAAG,QAAQ,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpC,KAAK,CAAC,WAAW,GAAG,MAAM,CAAC;YAC3B,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE;gBACzB,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,OAAO,GAAG,EAAE,IAAI;gBAC1C,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,EAAE,IAAI;gBAC5C,KAAK,EAAE,MAAM;gBACb,MAAM,EAAE,MAAM;gBACd,YAAY,EAAE,KAAK;gBACnB,eAAe,EAAE,KAAK;gBACtB,KAAK,EAAE,OAAO;gBACd,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,MAAM;gBAClB,UAAU,EAAE,mBAAmB;gBAC/B,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,QAAQ;gBACpB,cAAc,EAAE,QAAQ;gBACxB,aAAa,EAAE,MAAM;gBACrB,MAAM,EAAE,YAAY;gBACpB,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YAEH,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC,EAAE,WAAW,CAAC,CAAC;IAEhB,mCAAmC;IACnC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAE9D,4BAA4B;IAC5B,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAY,EAAE,EAAE;QACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,gBAAgB,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC;QACnD,KAAK,MAAM,EAAE,IAAI,GAAG;YAAE,EAAE,CAAC,MAAM,EAAE,CAAC;IACpC,CAAC,EAAE,eAAe,CAAC,CAAC;IAEpB,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/snapshot/boundary.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Content boundaries — unique markers to wrap content sections.
+ * Prevents LLM confusion about where content starts/ends.
+ */
+export declare function generateBoundary(): string;
+export declare function wrapContent(content: string, boundary: string): string;
+//# sourceMappingURL=boundary.d.ts.map

package/dist/snapshot/boundary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary.d.ts","sourceRoot":"","sources":["../../src/snapshot/boundary.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAErE"}

package/dist/snapshot/boundary.js

@@ -0,0 +1,12 @@
+/**
+ * Content boundaries — unique markers to wrap content sections.
+ * Prevents LLM confusion about where content starts/ends.
+ */
+import { randomBytes } from "node:crypto";
+export function generateBoundary() {
+    return randomBytes(8).toString("hex");
+}
+export function wrapContent(content, boundary) {
+    return `<imperium-boundary:${boundary}>\n${content}\n</imperium-boundary:${boundary}>`;
+}
+//# sourceMappingURL=boundary.js.map

package/dist/snapshot/boundary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary.js","sourceRoot":"","sources":["../../src/snapshot/boundary.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,UAAU,gBAAgB;IAC9B,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAAgB;IAC3D,OAAO,sBAAsB,QAAQ,MAAM,OAAO,yBAAyB,QAAQ,GAAG,CAAC;AACzF,CAAC"}